| .\" |
| .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
| .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| .\" All rights reserved |
| .\" |
| .\" As far as I am concerned, the code I have written for this software |
| .\" can be used freely for any purpose. Any derived versions of this |
| .\" software must be clearly marked as such, and if the derived work is |
| .\" incompatible with the protocol description in the RFC file, it must be |
| .\" called by a name other than "ssh" or "Secure Shell". |
| .\" |
| .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. |
| .\" Copyright (c) 1999 Aaron Campbell. All rights reserved. |
| .\" Copyright (c) 1999 Theo de Raadt. All rights reserved. |
| .\" |
| .\" Redistribution and use in source and binary forms, with or without |
| .\" modification, are permitted provided that the following conditions |
| .\" are met: |
| .\" 1. Redistributions of source code must retain the above copyright |
| .\" notice, this list of conditions and the following disclaimer. |
| .\" 2. Redistributions in binary form must reproduce the above copyright |
| .\" notice, this list of conditions and the following disclaimer in the |
| .\" documentation and/or other materials provided with the distribution. |
| .\" |
| .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| .\" |
| .\" $OpenBSD: sshd_config.5,v 1.167 2013/11/21 00:45:44 djm Exp $ |
| .Dd $Mdocdate: November 21 2013 $ |
| .Dt SSHD_CONFIG 5 |
| .Os |
| .Sh NAME |
| .Nm sshd_config |
| .Nd OpenSSH SSH daemon configuration file |
| .Sh SYNOPSIS |
| .Nm /etc/ssh/sshd_config |
| .Sh DESCRIPTION |
| .Xr sshd 8 |
| reads configuration data from |
| .Pa /etc/ssh/sshd_config |
| (or the file specified with |
| .Fl f |
| on the command line). |
| The file contains keyword-argument pairs, one per line. |
| Lines starting with |
| .Ql # |
| and empty lines are interpreted as comments. |
| Arguments may optionally be enclosed in double quotes |
| .Pq \&" |
| in order to represent arguments containing spaces. |
| .Pp |
| The possible |
| keywords and their meanings are as follows (note that |
| keywords are case-insensitive and arguments are case-sensitive): |
| .Bl -tag -width Ds |
| .It Cm AcceptEnv |
| Specifies what environment variables sent by the client will be copied into |
| the session's |
| .Xr environ 7 . |
| See |
| .Cm SendEnv |
| in |
| .Xr ssh_config 5 |
| for how to configure the client. |
| Note that environment passing is only supported for protocol 2. |
| Variables are specified by name, which may contain the wildcard characters |
| .Ql * |
| and |
| .Ql \&? . |
| Multiple environment variables may be separated by whitespace or spread |
| across multiple |
| .Cm AcceptEnv |
| directives. |
| Be warned that some environment variables could be used to bypass restricted |
| user environments. |
| For this reason, care should be taken in the use of this directive. |
| The default is not to accept any environment variables. |
| .It Cm AddressFamily |
| Specifies which address family should be used by |
| .Xr sshd 8 . |
| Valid arguments are |
| .Dq any , |
| .Dq inet |
| (use IPv4 only), or |
| .Dq inet6 |
| (use IPv6 only). |
| The default is |
| .Dq any . |
| .It Cm AllowAgentForwarding |
| Specifies whether |
| .Xr ssh-agent 1 |
| forwarding is permitted. |
| The default is |
| .Dq yes . |
| Note that disabling agent forwarding does not improve security |
| unless users are also denied shell access, as they can always install |
| their own forwarders. |
| .It Cm AllowGroups |
| This keyword can be followed by a list of group name patterns, separated |
| by spaces. |
| If specified, login is allowed only for users whose primary |
| group or supplementary group list matches one of the patterns. |
| Only group names are valid; a numerical group ID is not recognized. |
| By default, login is allowed for all groups. |
| The allow/deny directives are processed in the following order: |
| .Cm DenyUsers , |
| .Cm AllowUsers , |
| .Cm DenyGroups , |
| and finally |
| .Cm AllowGroups . |
| .Pp |
| See PATTERNS in |
| .Xr ssh_config 5 |
| for more information on patterns. |
| .It Cm AllowTcpForwarding |
| Specifies whether TCP forwarding is permitted. |
| The available options are |
| .Dq yes |
| or |
| .Dq all |
| to allow TCP forwarding, |
| .Dq no |
| to prevent all TCP forwarding, |
| .Dq local |
| to allow local (from the perspective of |
| .Xr ssh 1 ) |
| forwarding only or |
| .Dq remote |
| to allow remote forwarding only. |
| The default is |
| .Dq yes . |
| Note that disabling TCP forwarding does not improve security unless |
| users are also denied shell access, as they can always install their |
| own forwarders. |
| .It Cm AllowUsers |
| This keyword can be followed by a list of user name patterns, separated |
| by spaces. |
| If specified, login is allowed only for user names that |
| match one of the patterns. |
| Only user names are valid; a numerical user ID is not recognized. |
| By default, login is allowed for all users. |
| If the pattern takes the form USER@HOST then USER and HOST |
| are separately checked, restricting logins to particular |
| users from particular hosts. |
| The allow/deny directives are processed in the following order: |
| .Cm DenyUsers , |
| .Cm AllowUsers , |
| .Cm DenyGroups , |
| and finally |
| .Cm AllowGroups . |
| .Pp |
| See PATTERNS in |
| .Xr ssh_config 5 |
| for more information on patterns. |
| .It Cm AuthenticationMethods |
| Specifies the authentication methods that must be successfully completed |
| for a user to be granted access. |
| This option must be followed by one or more comma-separated lists of |
| authentication method names. |
| Successful authentication requires completion of every method in at least |
| one of these lists. |
| .Pp |
| For example, an argument of |
| .Dq publickey,password publickey,keyboard-interactive |
| would require the user to complete public key authentication, followed by |
| either password or keyboard interactive authentication. |
| Only methods that are next in one or more lists are offered at each stage, |
| so for this example, it would not be possible to attempt password or |
| keyboard-interactive authentication before public key. |
| .Pp |
| For keyboard interactive authentication it is also possible to |
| restrict authentication to a specific device by appending a |
| colon followed by the device identifier |
| .Dq bsdauth , |
| .Dq pam , |
| or |
| .Dq skey , |
| depending on the server configuration. |
| For example, |
| .Dq keyboard-interactive:bsdauth |
| would restrict keyboard interactive authentication to the |
| .Dq bsdauth |
| device. |
| .Pp |
| This option is only available for SSH protocol 2 and will yield a fatal |
| error if enabled if protocol 1 is also enabled. |
| Note that each authentication method listed should also be explicitly enabled |
| in the configuration. |
| The default is not to require multiple authentication; successful completion |
| of a single authentication method is sufficient. |
| .It Cm AuthorizedKeysCommand |
| Specifies a program to be used to look up the user's public keys. |
| The program must be owned by root and not writable by group or others. |
| It will be invoked with a single argument of the username |
| being authenticated, and should produce on standard output zero or |
| more lines of authorized_keys output (see AUTHORIZED_KEYS in |
| .Xr sshd 8 ) . |
| If a key supplied by AuthorizedKeysCommand does not successfully authenticate |
| and authorize the user then public key authentication continues using the usual |
| .Cm AuthorizedKeysFile |
| files. |
| By default, no AuthorizedKeysCommand is run. |
| .It Cm AuthorizedKeysCommandUser |
| Specifies the user under whose account the AuthorizedKeysCommand is run. |
| It is recommended to use a dedicated user that has no other role on the host |
| than running authorized keys commands. |
| .It Cm AuthorizedKeysFile |
| Specifies the file that contains the public keys that can be used |
| for user authentication. |
| The format is described in the |
| AUTHORIZED_KEYS FILE FORMAT |
| section of |
| .Xr sshd 8 . |
| .Cm AuthorizedKeysFile |
| may contain tokens of the form %T which are substituted during connection |
| setup. |
| The following tokens are defined: %% is replaced by a literal '%', |
| %h is replaced by the home directory of the user being authenticated, and |
| %u is replaced by the username of that user. |
| After expansion, |
| .Cm AuthorizedKeysFile |
| is taken to be an absolute path or one relative to the user's home |
| directory. |
| Multiple files may be listed, separated by whitespace. |
| The default is |
| .Dq .ssh/authorized_keys .ssh/authorized_keys2 . |
| .It Cm AuthorizedPrincipalsFile |
| Specifies a file that lists principal names that are accepted for |
| certificate authentication. |
| When using certificates signed by a key listed in |
| .Cm TrustedUserCAKeys , |
| this file lists names, one of which must appear in the certificate for it |
| to be accepted for authentication. |
| Names are listed one per line preceded by key options (as described |
| in AUTHORIZED_KEYS FILE FORMAT in |
| .Xr sshd 8 ) . |
| Empty lines and comments starting with |
| .Ql # |
| are ignored. |
| .Pp |
| .Cm AuthorizedPrincipalsFile |
| may contain tokens of the form %T which are substituted during connection |
| setup. |
| The following tokens are defined: %% is replaced by a literal '%', |
| %h is replaced by the home directory of the user being authenticated, and |
| %u is replaced by the username of that user. |
| After expansion, |
| .Cm AuthorizedPrincipalsFile |
| is taken to be an absolute path or one relative to the user's home |
| directory. |
| .Pp |
| The default is |
| .Dq none , |
| i.e. not to use a principals file \(en in this case, the username |
| of the user must appear in a certificate's principals list for it to be |
| accepted. |
| Note that |
| .Cm AuthorizedPrincipalsFile |
| is only used when authentication proceeds using a CA listed in |
| .Cm TrustedUserCAKeys |
| and is not consulted for certification authorities trusted via |
| .Pa ~/.ssh/authorized_keys , |
| though the |
| .Cm principals= |
| key option offers a similar facility (see |
| .Xr sshd 8 |
| for details). |
| .It Cm Banner |
| The contents of the specified file are sent to the remote user before |
| authentication is allowed. |
| If the argument is |
| .Dq none |
| then no banner is displayed. |
| This option is only available for protocol version 2. |
| By default, no banner is displayed. |
| .It Cm ChallengeResponseAuthentication |
| Specifies whether challenge-response authentication is allowed (e.g. via |
| PAM or though authentication styles supported in |
| .Xr login.conf 5 ) |
| The default is |
| .Dq yes . |
| .It Cm ChrootDirectory |
| Specifies the pathname of a directory to |
| .Xr chroot 2 |
| to after authentication. |
| All components of the pathname must be root-owned directories that are |
| not writable by any other user or group. |
| After the chroot, |
| .Xr sshd 8 |
| changes the working directory to the user's home directory. |
| .Pp |
| The pathname may contain the following tokens that are expanded at runtime once |
| the connecting user has been authenticated: %% is replaced by a literal '%', |
| %h is replaced by the home directory of the user being authenticated, and |
| %u is replaced by the username of that user. |
| .Pp |
| The |
| .Cm ChrootDirectory |
| must contain the necessary files and directories to support the |
| user's session. |
| For an interactive session this requires at least a shell, typically |
| .Xr sh 1 , |
| and basic |
| .Pa /dev |
| nodes such as |
| .Xr null 4 , |
| .Xr zero 4 , |
| .Xr stdin 4 , |
| .Xr stdout 4 , |
| .Xr stderr 4 , |
| .Xr arandom 4 |
| and |
| .Xr tty 4 |
| devices. |
| For file transfer sessions using |
| .Dq sftp , |
| no additional configuration of the environment is necessary if the |
| in-process sftp server is used, |
| though sessions which use logging do require |
| .Pa /dev/log |
| inside the chroot directory (see |
| .Xr sftp-server 8 |
| for details). |
| .Pp |
| The default is not to |
| .Xr chroot 2 . |
| .It Cm Ciphers |
| Specifies the ciphers allowed for protocol version 2. |
| Multiple ciphers must be comma-separated. |
| The supported ciphers are: |
| .Pp |
| .Dq 3des-cbc , |
| .Dq aes128-cbc , |
| .Dq aes192-cbc , |
| .Dq aes256-cbc , |
| .Dq aes128-ctr , |
| .Dq aes192-ctr , |
| .Dq aes256-ctr , |
| .Dq aes128-gcm@openssh.com , |
| .Dq aes256-gcm@openssh.com , |
| .Dq arcfour128 , |
| .Dq arcfour256 , |
| .Dq arcfour , |
| .Dq blowfish-cbc , |
| .Dq cast128-cbc , |
| and |
| .Dq chacha20-poly1305@openssh.com . |
| .Pp |
| The default is: |
| .Pp |
| .Bd -literal -offset 3n |
| aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, |
| aes128-gcm@openssh.com,aes256-gcm@openssh.com, |
| chacha20-poly1305@openssh.com, |
| aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, |
| aes256-cbc,arcfour |
| .Ed |
| .Pp |
| The list of available ciphers may also be obtained using the |
| .Fl Q |
| option of |
| .Xr ssh 1 . |
| .It Cm ClientAliveCountMax |
| Sets the number of client alive messages (see below) which may be |
| sent without |
| .Xr sshd 8 |
| receiving any messages back from the client. |
| If this threshold is reached while client alive messages are being sent, |
| sshd will disconnect the client, terminating the session. |
| It is important to note that the use of client alive messages is very |
| different from |
| .Cm TCPKeepAlive |
| (below). |
| The client alive messages are sent through the encrypted channel |
| and therefore will not be spoofable. |
| The TCP keepalive option enabled by |
| .Cm TCPKeepAlive |
| is spoofable. |
| The client alive mechanism is valuable when the client or |
| server depend on knowing when a connection has become inactive. |
| .Pp |
| The default value is 3. |
| If |
| .Cm ClientAliveInterval |
| (see below) is set to 15, and |
| .Cm ClientAliveCountMax |
| is left at the default, unresponsive SSH clients |
| will be disconnected after approximately 45 seconds. |
| This option applies to protocol version 2 only. |
| .It Cm ClientAliveInterval |
| Sets a timeout interval in seconds after which if no data has been received |
| from the client, |
| .Xr sshd 8 |
| will send a message through the encrypted |
| channel to request a response from the client. |
| The default |
| is 0, indicating that these messages will not be sent to the client. |
| This option applies to protocol version 2 only. |
| .It Cm Compression |
| Specifies whether compression is allowed, or delayed until |
| the user has authenticated successfully. |
| The argument must be |
| .Dq yes , |
| .Dq delayed , |
| or |
| .Dq no . |
| The default is |
| .Dq delayed . |
| .It Cm DenyGroups |
| This keyword can be followed by a list of group name patterns, separated |
| by spaces. |
| Login is disallowed for users whose primary group or supplementary |
| group list matches one of the patterns. |
| Only group names are valid; a numerical group ID is not recognized. |
| By default, login is allowed for all groups. |
| The allow/deny directives are processed in the following order: |
| .Cm DenyUsers , |
| .Cm AllowUsers , |
| .Cm DenyGroups , |
| and finally |
| .Cm AllowGroups . |
| .Pp |
| See PATTERNS in |
| .Xr ssh_config 5 |
| for more information on patterns. |
| .It Cm DenyUsers |
| This keyword can be followed by a list of user name patterns, separated |
| by spaces. |
| Login is disallowed for user names that match one of the patterns. |
| Only user names are valid; a numerical user ID is not recognized. |
| By default, login is allowed for all users. |
| If the pattern takes the form USER@HOST then USER and HOST |
| are separately checked, restricting logins to particular |
| users from particular hosts. |
| The allow/deny directives are processed in the following order: |
| .Cm DenyUsers , |
| .Cm AllowUsers , |
| .Cm DenyGroups , |
| and finally |
| .Cm AllowGroups . |
| .Pp |
| See PATTERNS in |
| .Xr ssh_config 5 |
| for more information on patterns. |
| .It Cm ForceCommand |
| Forces the execution of the command specified by |
| .Cm ForceCommand , |
| ignoring any command supplied by the client and |
| .Pa ~/.ssh/rc |
| if present. |
| The command is invoked by using the user's login shell with the -c option. |
| This applies to shell, command, or subsystem execution. |
| It is most useful inside a |
| .Cm Match |
| block. |
| The command originally supplied by the client is available in the |
| .Ev SSH_ORIGINAL_COMMAND |
| environment variable. |
| Specifying a command of |
| .Dq internal-sftp |
| will force the use of an in-process sftp server that requires no support |
| files when used with |
| .Cm ChrootDirectory . |
| .It Cm GatewayPorts |
| Specifies whether remote hosts are allowed to connect to ports |
| forwarded for the client. |
| By default, |
| .Xr sshd 8 |
| binds remote port forwardings to the loopback address. |
| This prevents other remote hosts from connecting to forwarded ports. |
| .Cm GatewayPorts |
| can be used to specify that sshd |
| should allow remote port forwardings to bind to non-loopback addresses, thus |
| allowing other hosts to connect. |
| The argument may be |
| .Dq no |
| to force remote port forwardings to be available to the local host only, |
| .Dq yes |
| to force remote port forwardings to bind to the wildcard address, or |
| .Dq clientspecified |
| to allow the client to select the address to which the forwarding is bound. |
| The default is |
| .Dq no . |
| .It Cm GSSAPIAuthentication |
| Specifies whether user authentication based on GSSAPI is allowed. |
| The default is |
| .Dq no . |
| Note that this option applies to protocol version 2 only. |
| .It Cm GSSAPICleanupCredentials |
| Specifies whether to automatically destroy the user's credentials cache |
| on logout. |
| The default is |
| .Dq yes . |
| Note that this option applies to protocol version 2 only. |
| .It Cm HostbasedAuthentication |
| Specifies whether rhosts or /etc/hosts.equiv authentication together |
| with successful public key client host authentication is allowed |
| (host-based authentication). |
| This option is similar to |
| .Cm RhostsRSAAuthentication |
| and applies to protocol version 2 only. |
| The default is |
| .Dq no . |
| .It Cm HostbasedUsesNameFromPacketOnly |
| Specifies whether or not the server will attempt to perform a reverse |
| name lookup when matching the name in the |
| .Pa ~/.shosts , |
| .Pa ~/.rhosts , |
| and |
| .Pa /etc/hosts.equiv |
| files during |
| .Cm HostbasedAuthentication . |
| A setting of |
| .Dq yes |
| means that |
| .Xr sshd 8 |
| uses the name supplied by the client rather than |
| attempting to resolve the name from the TCP connection itself. |
| The default is |
| .Dq no . |
| .It Cm HostCertificate |
| Specifies a file containing a public host certificate. |
| The certificate's public key must match a private host key already specified |
| by |
| .Cm HostKey . |
| The default behaviour of |
| .Xr sshd 8 |
| is not to load any certificates. |
| .It Cm HostKey |
| Specifies a file containing a private host key |
| used by SSH. |
| The default is |
| .Pa /etc/ssh/ssh_host_key |
| for protocol version 1, and |
| .Pa /etc/ssh/ssh_host_dsa_key , |
| .Pa /etc/ssh/ssh_host_ecdsa_key |
| and |
| .Pa /etc/ssh/ssh_host_rsa_key |
| for protocol version 2. |
| Note that |
| .Xr sshd 8 |
| will refuse to use a file if it is group/world-accessible. |
| It is possible to have multiple host key files. |
| .Dq rsa1 |
| keys are used for version 1 and |
| .Dq dsa , |
| .Dq ecdsa |
| or |
| .Dq rsa |
| are used for version 2 of the SSH protocol. |
| It is also possible to specify public host key files instead. |
| In this case operations on the private key will be delegated |
| to an |
| .Xr ssh-agent 1 . |
| .It Cm HostKeyAgent |
| Identifies the UNIX-domain socket used to communicate |
| with an agent that has access to the private host keys. |
| If |
| .Dq SSH_AUTH_SOCK |
| is specified, the location of the socket will be read from the |
| .Ev SSH_AUTH_SOCK |
| environment variable. |
| .It Cm IgnoreRhosts |
| Specifies that |
| .Pa .rhosts |
| and |
| .Pa .shosts |
| files will not be used in |
| .Cm RhostsRSAAuthentication |
| or |
| .Cm HostbasedAuthentication . |
| .Pp |
| .Pa /etc/hosts.equiv |
| and |
| .Pa /etc/shosts.equiv |
| are still used. |
| The default is |
| .Dq yes . |
| .It Cm IgnoreUserKnownHosts |
| Specifies whether |
| .Xr sshd 8 |
| should ignore the user's |
| .Pa ~/.ssh/known_hosts |
| during |
| .Cm RhostsRSAAuthentication |
| or |
| .Cm HostbasedAuthentication . |
| The default is |
| .Dq no . |
| .It Cm IPQoS |
| Specifies the IPv4 type-of-service or DSCP class for the connection. |
| Accepted values are |
| .Dq af11 , |
| .Dq af12 , |
| .Dq af13 , |
| .Dq af21 , |
| .Dq af22 , |
| .Dq af23 , |
| .Dq af31 , |
| .Dq af32 , |
| .Dq af33 , |
| .Dq af41 , |
| .Dq af42 , |
| .Dq af43 , |
| .Dq cs0 , |
| .Dq cs1 , |
| .Dq cs2 , |
| .Dq cs3 , |
| .Dq cs4 , |
| .Dq cs5 , |
| .Dq cs6 , |
| .Dq cs7 , |
| .Dq ef , |
| .Dq lowdelay , |
| .Dq throughput , |
| .Dq reliability , |
| or a numeric value. |
| This option may take one or two arguments, separated by whitespace. |
| If one argument is specified, it is used as the packet class unconditionally. |
| If two values are specified, the first is automatically selected for |
| interactive sessions and the second for non-interactive sessions. |
| The default is |
| .Dq lowdelay |
| for interactive sessions and |
| .Dq throughput |
| for non-interactive sessions. |
| .It Cm KerberosAuthentication |
| Specifies whether the password provided by the user for |
| .Cm PasswordAuthentication |
| will be validated through the Kerberos KDC. |
| To use this option, the server needs a |
| Kerberos servtab which allows the verification of the KDC's identity. |
| The default is |
| .Dq no . |
| .It Cm KerberosGetAFSToken |
| If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire |
| an AFS token before accessing the user's home directory. |
| The default is |
| .Dq no . |
| .It Cm KerberosOrLocalPasswd |
| If password authentication through Kerberos fails then |
| the password will be validated via any additional local mechanism |
| such as |
| .Pa /etc/passwd . |
| The default is |
| .Dq yes . |
| .It Cm KerberosTicketCleanup |
| Specifies whether to automatically destroy the user's ticket cache |
| file on logout. |
| The default is |
| .Dq yes . |
| .It Cm KexAlgorithms |
| Specifies the available KEX (Key Exchange) algorithms. |
| Multiple algorithms must be comma-separated. |
| The default is |
| .Dq curve25519-sha256@libssh.org , |
| .Dq ecdh-sha2-nistp256 , |
| .Dq ecdh-sha2-nistp384 , |
| .Dq ecdh-sha2-nistp521 , |
| .Dq diffie-hellman-group-exchange-sha256 , |
| .Dq diffie-hellman-group-exchange-sha1 , |
| .Dq diffie-hellman-group14-sha1 , |
| .Dq diffie-hellman-group1-sha1 . |
| .It Cm KeyRegenerationInterval |
| In protocol version 1, the ephemeral server key is automatically regenerated |
| after this many seconds (if it has been used). |
| The purpose of regeneration is to prevent |
| decrypting captured sessions by later breaking into the machine and |
| stealing the keys. |
| The key is never stored anywhere. |
| If the value is 0, the key is never regenerated. |
| The default is 3600 (seconds). |
| .It Cm ListenAddress |
| Specifies the local addresses |
| .Xr sshd 8 |
| should listen on. |
| The following forms may be used: |
| .Pp |
| .Bl -item -offset indent -compact |
| .It |
| .Cm ListenAddress |
| .Sm off |
| .Ar host No | Ar IPv4_addr No | Ar IPv6_addr |
| .Sm on |
| .It |
| .Cm ListenAddress |
| .Sm off |
| .Ar host No | Ar IPv4_addr No : Ar port |
| .Sm on |
| .It |
| .Cm ListenAddress |
| .Sm off |
| .Oo |
| .Ar host No | Ar IPv6_addr Oc : Ar port |
| .Sm on |
| .El |
| .Pp |
| If |
| .Ar port |
| is not specified, |
| sshd will listen on the address and all prior |
| .Cm Port |
| options specified. |
| The default is to listen on all local addresses. |
| Multiple |
| .Cm ListenAddress |
| options are permitted. |
| Additionally, any |
| .Cm Port |
| options must precede this option for non-port qualified addresses. |
| .It Cm LoginGraceTime |
| The server disconnects after this time if the user has not |
| successfully logged in. |
| If the value is 0, there is no time limit. |
| The default is 120 seconds. |
| .It Cm LogLevel |
| Gives the verbosity level that is used when logging messages from |
| .Xr sshd 8 . |
| The possible values are: |
| QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. |
| The default is INFO. |
| DEBUG and DEBUG1 are equivalent. |
| DEBUG2 and DEBUG3 each specify higher levels of debugging output. |
| Logging with a DEBUG level violates the privacy of users and is not recommended. |
| .It Cm MACs |
| Specifies the available MAC (message authentication code) algorithms. |
| The MAC algorithm is used in protocol version 2 |
| for data integrity protection. |
| Multiple algorithms must be comma-separated. |
| The algorithms that contain |
| .Dq -etm |
| calculate the MAC after encryption (encrypt-then-mac). |
| These are considered safer and their use recommended. |
| The default is: |
| .Bd -literal -offset indent |
| hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com, |
| umac-64-etm@openssh.com,umac-128-etm@openssh.com, |
| hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, |
| hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com, |
| hmac-md5-96-etm@openssh.com, |
| hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com, |
| hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, |
| hmac-sha1-96,hmac-md5-96 |
| .Ed |
| .It Cm Match |
| Introduces a conditional block. |
| If all of the criteria on the |
| .Cm Match |
| line are satisfied, the keywords on the following lines override those |
| set in the global section of the config file, until either another |
| .Cm Match |
| line or the end of the file. |
| .Pp |
| The arguments to |
| .Cm Match |
| are one or more criteria-pattern pairs or the single token |
| .Cm All |
| which matches all criteria. |
| The available criteria are |
| .Cm User , |
| .Cm Group , |
| .Cm Host , |
| .Cm LocalAddress , |
| .Cm LocalPort , |
| and |
| .Cm Address . |
| The match patterns may consist of single entries or comma-separated |
| lists and may use the wildcard and negation operators described in the |
| PATTERNS section of |
| .Xr ssh_config 5 . |
| .Pp |
| The patterns in an |
| .Cm Address |
| criteria may additionally contain addresses to match in CIDR |
| address/masklen format, e.g.\& |
| .Dq 192.0.2.0/24 |
| or |
| .Dq 3ffe:ffff::/32 . |
| Note that the mask length provided must be consistent with the address - |
| it is an error to specify a mask length that is too long for the address |
| or one with bits set in this host portion of the address. |
| For example, |
| .Dq 192.0.2.0/33 |
| and |
| .Dq 192.0.2.0/8 |
| respectively. |
| .Pp |
| Only a subset of keywords may be used on the lines following a |
| .Cm Match |
| keyword. |
| Available keywords are |
| .Cm AcceptEnv , |
| .Cm AllowAgentForwarding , |
| .Cm AllowGroups , |
| .Cm AllowTcpForwarding , |
| .Cm AllowUsers , |
| .Cm AuthenticationMethods , |
| .Cm AuthorizedKeysCommand , |
| .Cm AuthorizedKeysCommandUser , |
| .Cm AuthorizedKeysFile , |
| .Cm AuthorizedPrincipalsFile , |
| .Cm Banner , |
| .Cm ChrootDirectory , |
| .Cm DenyGroups , |
| .Cm DenyUsers , |
| .Cm ForceCommand , |
| .Cm GatewayPorts , |
| .Cm GSSAPIAuthentication , |
| .Cm HostbasedAuthentication , |
| .Cm HostbasedUsesNameFromPacketOnly , |
| .Cm KbdInteractiveAuthentication , |
| .Cm KerberosAuthentication , |
| .Cm MaxAuthTries , |
| .Cm MaxSessions , |
| .Cm PasswordAuthentication , |
| .Cm PermitEmptyPasswords , |
| .Cm PermitOpen , |
| .Cm PermitRootLogin , |
| .Cm PermitTTY , |
| .Cm PermitTunnel , |
| .Cm PubkeyAuthentication , |
| .Cm RekeyLimit , |
| .Cm RhostsRSAAuthentication , |
| .Cm RSAAuthentication , |
| .Cm X11DisplayOffset , |
| .Cm X11Forwarding |
| and |
| .Cm X11UseLocalHost . |
| .It Cm MaxAuthTries |
| Specifies the maximum number of authentication attempts permitted per |
| connection. |
| Once the number of failures reaches half this value, |
| additional failures are logged. |
| The default is 6. |
| .It Cm MaxSessions |
| Specifies the maximum number of open sessions permitted per network connection. |
| The default is 10. |
| .It Cm MaxStartups |
| Specifies the maximum number of concurrent unauthenticated connections to the |
| SSH daemon. |
| Additional connections will be dropped until authentication succeeds or the |
| .Cm LoginGraceTime |
| expires for a connection. |
| The default is 10:30:100. |
| .Pp |
| Alternatively, random early drop can be enabled by specifying |
| the three colon separated values |
| .Dq start:rate:full |
| (e.g. "10:30:60"). |
| .Xr sshd 8 |
| will refuse connection attempts with a probability of |
| .Dq rate/100 |
| (30%) |
| if there are currently |
| .Dq start |
| (10) |
| unauthenticated connections. |
| The probability increases linearly and all connection attempts |
| are refused if the number of unauthenticated connections reaches |
| .Dq full |
| (60). |
| .It Cm PasswordAuthentication |
| Specifies whether password authentication is allowed. |
| The default is |
| .Dq yes . |
| .It Cm PermitEmptyPasswords |
| When password authentication is allowed, it specifies whether the |
| server allows login to accounts with empty password strings. |
| The default is |
| .Dq no . |
| .It Cm PermitOpen |
| Specifies the destinations to which TCP port forwarding is permitted. |
| The forwarding specification must be one of the following forms: |
| .Pp |
| .Bl -item -offset indent -compact |
| .It |
| .Cm PermitOpen |
| .Sm off |
| .Ar host : port |
| .Sm on |
| .It |
| .Cm PermitOpen |
| .Sm off |
| .Ar IPv4_addr : port |
| .Sm on |
| .It |
| .Cm PermitOpen |
| .Sm off |
| .Ar \&[ IPv6_addr \&] : port |
| .Sm on |
| .El |
| .Pp |
| Multiple forwards may be specified by separating them with whitespace. |
| An argument of |
| .Dq any |
| can be used to remove all restrictions and permit any forwarding requests. |
| An argument of |
| .Dq none |
| can be used to prohibit all forwarding requests. |
| By default all port forwarding requests are permitted. |
| .It Cm PermitRootLogin |
| Specifies whether root can log in using |
| .Xr ssh 1 . |
| The argument must be |
| .Dq yes , |
| .Dq without-password , |
| .Dq forced-commands-only , |
| or |
| .Dq no . |
| The default is |
| .Dq yes . |
| .Pp |
| If this option is set to |
| .Dq without-password , |
| password authentication is disabled for root. |
| .Pp |
| If this option is set to |
| .Dq forced-commands-only , |
| root login with public key authentication will be allowed, |
| but only if the |
| .Ar command |
| option has been specified |
| (which may be useful for taking remote backups even if root login is |
| normally not allowed). |
| All other authentication methods are disabled for root. |
| .Pp |
| If this option is set to |
| .Dq no , |
| root is not allowed to log in. |
| .It Cm PermitTunnel |
| Specifies whether |
| .Xr tun 4 |
| device forwarding is allowed. |
| The argument must be |
| .Dq yes , |
| .Dq point-to-point |
| (layer 3), |
| .Dq ethernet |
| (layer 2), or |
| .Dq no . |
| Specifying |
| .Dq yes |
| permits both |
| .Dq point-to-point |
| and |
| .Dq ethernet . |
| The default is |
| .Dq no . |
| .It Cm PermitTTY |
| Specifies whether |
| .Xr pty 4 |
| allocation is permitted. |
| The default is |
| .Dq yes . |
| .It Cm PermitUserEnvironment |
| Specifies whether |
| .Pa ~/.ssh/environment |
| and |
| .Cm environment= |
| options in |
| .Pa ~/.ssh/authorized_keys |
| are processed by |
| .Xr sshd 8 . |
| The default is |
| .Dq no . |
| Enabling environment processing may enable users to bypass access |
| restrictions in some configurations using mechanisms such as |
| .Ev LD_PRELOAD . |
| .It Cm PidFile |
| Specifies the file that contains the process ID of the |
| SSH daemon. |
| The default is |
| .Pa /var/run/sshd.pid . |
| .It Cm Port |
| Specifies the port number that |
| .Xr sshd 8 |
| listens on. |
| The default is 22. |
| Multiple options of this type are permitted. |
| See also |
| .Cm ListenAddress . |
| .It Cm PrintLastLog |
| Specifies whether |
| .Xr sshd 8 |
| should print the date and time of the last user login when a user logs |
| in interactively. |
| The default is |
| .Dq yes . |
| .It Cm PrintMotd |
| Specifies whether |
| .Xr sshd 8 |
| should print |
| .Pa /etc/motd |
| when a user logs in interactively. |
| (On some systems it is also printed by the shell, |
| .Pa /etc/profile , |
| or equivalent.) |
| The default is |
| .Dq yes . |
| .It Cm Protocol |
| Specifies the protocol versions |
| .Xr sshd 8 |
| supports. |
| The possible values are |
| .Sq 1 |
| and |
| .Sq 2 . |
| Multiple versions must be comma-separated. |
| The default is |
| .Sq 2 . |
| Note that the order of the protocol list does not indicate preference, |
| because the client selects among multiple protocol versions offered |
| by the server. |
| Specifying |
| .Dq 2,1 |
| is identical to |
| .Dq 1,2 . |
| .It Cm PubkeyAuthentication |
| Specifies whether public key authentication is allowed. |
| The default is |
| .Dq yes . |
| Note that this option applies to protocol version 2 only. |
| .It Cm RekeyLimit |
| Specifies the maximum amount of data that may be transmitted before the |
| session key is renegotiated, optionally followed a maximum amount of |
| time that may pass before the session key is renegotiated. |
| The first argument is specified in bytes and may have a suffix of |
| .Sq K , |
| .Sq M , |
| or |
| .Sq G |
| to indicate Kilobytes, Megabytes, or Gigabytes, respectively. |
| The default is between |
| .Sq 1G |
| and |
| .Sq 4G , |
| depending on the cipher. |
| The optional second value is specified in seconds and may use any of the |
| units documented in the |
| .Sx TIME FORMATS |
| section. |
| The default value for |
| .Cm RekeyLimit |
| is |
| .Dq default none , |
| which means that rekeying is performed after the cipher's default amount |
| of data has been sent or received and no time based rekeying is done. |
| This option applies to protocol version 2 only. |
| .It Cm RevokedKeys |
| Specifies revoked public keys. |
| Keys listed in this file will be refused for public key authentication. |
| Note that if this file is not readable, then public key authentication will |
| be refused for all users. |
| Keys may be specified as a text file, listing one public key per line, or as |
| an OpenSSH Key Revocation List (KRL) as generated by |
| .Xr ssh-keygen 1 . |
| For more information on KRLs, see the KEY REVOCATION LISTS section in |
| .Xr ssh-keygen 1 . |
| .It Cm RhostsRSAAuthentication |
| Specifies whether rhosts or /etc/hosts.equiv authentication together |
| with successful RSA host authentication is allowed. |
| The default is |
| .Dq no . |
| This option applies to protocol version 1 only. |
| .It Cm RSAAuthentication |
| Specifies whether pure RSA authentication is allowed. |
| The default is |
| .Dq yes . |
| This option applies to protocol version 1 only. |
| .It Cm ServerKeyBits |
| Defines the number of bits in the ephemeral protocol version 1 server key. |
| The minimum value is 512, and the default is 1024. |
| .It Cm StrictModes |
| Specifies whether |
| .Xr sshd 8 |
| should check file modes and ownership of the |
| user's files and home directory before accepting login. |
| This is normally desirable because novices sometimes accidentally leave their |
| directory or files world-writable. |
| The default is |
| .Dq yes . |
| Note that this does not apply to |
| .Cm ChrootDirectory , |
| whose permissions and ownership are checked unconditionally. |
| .It Cm Subsystem |
| Configures an external subsystem (e.g. file transfer daemon). |
| Arguments should be a subsystem name and a command (with optional arguments) |
| to execute upon subsystem request. |
| .Pp |
| The command |
| .Xr sftp-server 8 |
| implements the |
| .Dq sftp |
| file transfer subsystem. |
| .Pp |
| Alternately the name |
| .Dq internal-sftp |
| implements an in-process |
| .Dq sftp |
| server. |
| This may simplify configurations using |
| .Cm ChrootDirectory |
| to force a different filesystem root on clients. |
| .Pp |
| By default no subsystems are defined. |
| Note that this option applies to protocol version 2 only. |
| .It Cm SyslogFacility |
| Gives the facility code that is used when logging messages from |
| .Xr sshd 8 . |
| The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, |
| LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. |
| The default is AUTH. |
| .It Cm TCPKeepAlive |
| Specifies whether the system should send TCP keepalive messages to the |
| other side. |
| If they are sent, death of the connection or crash of one |
| of the machines will be properly noticed. |
| However, this means that |
| connections will die if the route is down temporarily, and some people |
| find it annoying. |
| On the other hand, if TCP keepalives are not sent, |
| sessions may hang indefinitely on the server, leaving |
| .Dq ghost |
| users and consuming server resources. |
| .Pp |
| The default is |
| .Dq yes |
| (to send TCP keepalive messages), and the server will notice |
| if the network goes down or the client host crashes. |
| This avoids infinitely hanging sessions. |
| .Pp |
| To disable TCP keepalive messages, the value should be set to |
| .Dq no . |
| .It Cm TrustedUserCAKeys |
| Specifies a file containing public keys of certificate authorities that are |
| trusted to sign user certificates for authentication. |
| Keys are listed one per line; empty lines and comments starting with |
| .Ql # |
| are allowed. |
| If a certificate is presented for authentication and has its signing CA key |
| listed in this file, then it may be used for authentication for any user |
| listed in the certificate's principals list. |
| Note that certificates that lack a list of principals will not be permitted |
| for authentication using |
| .Cm TrustedUserCAKeys . |
| For more details on certificates, see the CERTIFICATES section in |
| .Xr ssh-keygen 1 . |
| .It Cm UseDNS |
| Specifies whether |
| .Xr sshd 8 |
| should look up the remote host name and check that |
| the resolved host name for the remote IP address maps back to the |
| very same IP address. |
| The default is |
| .Dq yes . |
| .It Cm UseLogin |
| Specifies whether |
| .Xr login 1 |
| is used for interactive login sessions. |
| The default is |
| .Dq no . |
| Note that |
| .Xr login 1 |
| is never used for remote command execution. |
| Note also, that if this is enabled, |
| .Cm X11Forwarding |
| will be disabled because |
| .Xr login 1 |
| does not know how to handle |
| .Xr xauth 1 |
| cookies. |
| If |
| .Cm UsePrivilegeSeparation |
| is specified, it will be disabled after authentication. |
| .It Cm UsePAM |
| Enables the Pluggable Authentication Module interface. |
| If set to |
| .Dq yes |
| this will enable PAM authentication using |
| .Cm ChallengeResponseAuthentication |
| and |
| .Cm PasswordAuthentication |
| in addition to PAM account and session module processing for all |
| authentication types. |
| .Pp |
| Because PAM challenge-response authentication usually serves an equivalent |
| role to password authentication, you should disable either |
| .Cm PasswordAuthentication |
| or |
| .Cm ChallengeResponseAuthentication. |
| .Pp |
| If |
| .Cm UsePAM |
| is enabled, you will not be able to run |
| .Xr sshd 8 |
| as a non-root user. |
| The default is |
| .Dq no . |
| .It Cm UsePrivilegeSeparation |
| Specifies whether |
| .Xr sshd 8 |
| separates privileges by creating an unprivileged child process |
| to deal with incoming network traffic. |
| After successful authentication, another process will be created that has |
| the privilege of the authenticated user. |
| The goal of privilege separation is to prevent privilege |
| escalation by containing any corruption within the unprivileged processes. |
| The default is |
| .Dq yes . |
| If |
| .Cm UsePrivilegeSeparation |
| is set to |
| .Dq sandbox |
| then the pre-authentication unprivileged process is subject to additional |
| restrictions. |
| .It Cm VersionAddendum |
| Optionally specifies additional text to append to the SSH protocol banner |
| sent by the server upon connection. |
| The default is |
| .Dq none . |
| .It Cm X11DisplayOffset |
| Specifies the first display number available for |
| .Xr sshd 8 Ns 's |
| X11 forwarding. |
| This prevents sshd from interfering with real X11 servers. |
| The default is 10. |
| .It Cm X11Forwarding |
| Specifies whether X11 forwarding is permitted. |
| The argument must be |
| .Dq yes |
| or |
| .Dq no . |
| The default is |
| .Dq no . |
| .Pp |
| When X11 forwarding is enabled, there may be additional exposure to |
| the server and to client displays if the |
| .Xr sshd 8 |
| proxy display is configured to listen on the wildcard address (see |
| .Cm X11UseLocalhost |
| below), though this is not the default. |
| Additionally, the authentication spoofing and authentication data |
| verification and substitution occur on the client side. |
| The security risk of using X11 forwarding is that the client's X11 |
| display server may be exposed to attack when the SSH client requests |
| forwarding (see the warnings for |
| .Cm ForwardX11 |
| in |
| .Xr ssh_config 5 ) . |
| A system administrator may have a stance in which they want to |
| protect clients that may expose themselves to attack by unwittingly |
| requesting X11 forwarding, which can warrant a |
| .Dq no |
| setting. |
| .Pp |
| Note that disabling X11 forwarding does not prevent users from |
| forwarding X11 traffic, as users can always install their own forwarders. |
| X11 forwarding is automatically disabled if |
| .Cm UseLogin |
| is enabled. |
| .It Cm X11UseLocalhost |
| Specifies whether |
| .Xr sshd 8 |
| should bind the X11 forwarding server to the loopback address or to |
| the wildcard address. |
| By default, |
| sshd binds the forwarding server to the loopback address and sets the |
| hostname part of the |
| .Ev DISPLAY |
| environment variable to |
| .Dq localhost . |
| This prevents remote hosts from connecting to the proxy display. |
| However, some older X11 clients may not function with this |
| configuration. |
| .Cm X11UseLocalhost |
| may be set to |
| .Dq no |
| to specify that the forwarding server should be bound to the wildcard |
| address. |
| The argument must be |
| .Dq yes |
| or |
| .Dq no . |
| The default is |
| .Dq yes . |
| .It Cm XAuthLocation |
| Specifies the full pathname of the |
| .Xr xauth 1 |
| program. |
| The default is |
| .Pa /usr/X11R6/bin/xauth . |
| .El |
| .Sh TIME FORMATS |
| .Xr sshd 8 |
| command-line arguments and configuration file options that specify time |
| may be expressed using a sequence of the form: |
| .Sm off |
| .Ar time Op Ar qualifier , |
| .Sm on |
| where |
| .Ar time |
| is a positive integer value and |
| .Ar qualifier |
| is one of the following: |
| .Pp |
| .Bl -tag -width Ds -compact -offset indent |
| .It Aq Cm none |
| seconds |
| .It Cm s | Cm S |
| seconds |
| .It Cm m | Cm M |
| minutes |
| .It Cm h | Cm H |
| hours |
| .It Cm d | Cm D |
| days |
| .It Cm w | Cm W |
| weeks |
| .El |
| .Pp |
| Each member of the sequence is added together to calculate |
| the total time value. |
| .Pp |
| Time format examples: |
| .Pp |
| .Bl -tag -width Ds -compact -offset indent |
| .It 600 |
| 600 seconds (10 minutes) |
| .It 10m |
| 10 minutes |
| .It 1h30m |
| 1 hour 30 minutes (90 minutes) |
| .El |
| .Sh FILES |
| .Bl -tag -width Ds |
| .It Pa /etc/ssh/sshd_config |
| Contains configuration data for |
| .Xr sshd 8 . |
| This file should be writable by root only, but it is recommended |
| (though not necessary) that it be world-readable. |
| .El |
| .Sh SEE ALSO |
| .Xr sshd 8 |
| .Sh AUTHORS |
| OpenSSH is a derivative of the original and free |
| ssh 1.2.12 release by Tatu Ylonen. |
| Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, |
| Theo de Raadt and Dug Song |
| removed many bugs, re-added newer features and |
| created OpenSSH. |
| Markus Friedl contributed the support for SSH |
| protocol versions 1.5 and 2.0. |
| Niels Provos and Markus Friedl contributed support |
| for privilege separation. |