1 From 0b784f8f36fc30f8722e784777fe012062beb0d3 Mon Sep 17 00:00:00 2001 2 From: oracle <solaris@oracle.com> 3 Date: Mon, 3 Aug 2015 14:34:55 -0700 4 Subject: [PATCH 04/30] Reorganise man pages into Illumos numbering, adjust 5 text 6 7 --- 8 Makefile.in | 22 +- 9 moduli.4 | 127 ++++ 10 moduli.5 | 127 ---- 11 sftp-server.1m | 170 +++++ 12 sftp-server.8 | 170 ----- 13 ssh-keysign.1m | 93 +++ 14 ssh-keysign.8 | 93 --- 15 ssh-pkcs11-helper.1m | 43 ++ 16 ssh-pkcs11-helper.8 | 43 -- 17 ssh_config.4 | 1726 +++++++++++++++++++++++++++++++++++++++++++++++++ 18 ssh_config.5 | 1726 ------------------------------------------------- 19 sshd.1m | 971 ++++++++++++++++++++++++++++ 20 sshd.8 | 971 ---------------------------- 21 sshd_config.4 | 1736 ++++++++++++++++++++++++++++++++++++++++++++++++++ 22 sshd_config.5 | 1736 -------------------------------------------------- 23 15 files changed, 4877 insertions(+), 4877 deletions(-) 24 create mode 100644 moduli.4 25 delete mode 100644 moduli.5 26 create mode 100644 sftp-server.1m 27 delete mode 100644 sftp-server.8 28 create mode 100644 ssh-keysign.1m 29 delete mode 100644 ssh-keysign.8 30 create mode 100644 ssh-pkcs11-helper.1m 31 delete mode 100644 ssh-pkcs11-helper.8 32 create mode 100644 ssh_config.4 33 delete mode 100644 ssh_config.5 34 create mode 100644 sshd.1m 35 delete mode 100644 sshd.8 36 create mode 100644 sshd_config.4 37 delete mode 100644 sshd_config.5 38 39 diff --git a/Makefile.in b/Makefile.in 40 index 8e52bca..0dd46b1 100644 41 --- a/Makefile.in 42 +++ b/Makefile.in 43 @@ -112,8 +112,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ 44 sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ 45 sandbox-seccomp-filter.o sandbox-capsicum.o 46 47 -MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out 48 -MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 49 +MANPAGES = moduli.4.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.1m.out sftp-server.1m.out sftp.1.out ssh-keysign.1m.out ssh-pkcs11-helper.1m.out sshd_config.4.out ssh_config.4.out 50 +MANPAGES_IN = moduli.4 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.1m sftp-server.1m sftp.1 ssh-keysign.1m ssh-pkcs11-helper.1m sshd_config.4 ssh_config.4 51 MANTYPE = @MANTYPE@ 52 53 CONFIGFILES=sshd_config.out ssh_config.out moduli.out 54 @@ -307,8 +307,8 @@ install-files: 55 $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) 56 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) 57 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1 58 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 59 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 60 + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)4 61 + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1m 62 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) 63 (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) 64 $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) 65 @@ -328,14 +328,14 @@ install-files: 66 $(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1 67 $(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 68 $(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 69 - $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5 70 - $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 71 - $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 72 - $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 73 + $(INSTALL) -m 644 moduli.4.out $(DESTDIR)$(mandir)/$(mansubdir)4/moduli.4 74 + $(INSTALL) -m 644 sshd_config.4.out $(DESTDIR)$(mandir)/$(mansubdir)4/sshd_config.4 75 + $(INSTALL) -m 644 ssh_config.4.out $(DESTDIR)$(mandir)/$(mansubdir)4/ssh_config.4 76 + $(INSTALL) -m 644 sshd.1m.out $(DESTDIR)$(mandir)/$(mansubdir)1m/sshd.1m 77 $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 78 - $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 79 - $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 80 - $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 81 + $(INSTALL) -m 644 sftp-server.1m.out $(DESTDIR)$(mandir)/$(mansubdir)1m/sftp-server.1m 82 + $(INSTALL) -m 644 ssh-keysign.1m.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-keysign.1m 83 + $(INSTALL) -m 644 ssh-pkcs11-helper.1m.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-pkcs11-helper.1m 84 -rm -f $(DESTDIR)$(bindir)/slogin 85 ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin 86 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 87 diff --git a/moduli.4 b/moduli.4 88 new file mode 100644 89 index 0000000..f87556b 90 --- /dev/null 91 +++ b/moduli.4 92 @@ -0,0 +1,127 @@ 93 +.\" $OpenBSD: moduli.5,v 1.17 2012/09/26 17:34:38 jmc Exp $ 94 +.\" 95 +.\" Copyright (c) 2008 Damien Miller <djm@mindrot.org> 96 +.\" 97 +.\" Permission to use, copy, modify, and distribute this software for any 98 +.\" purpose with or without fee is hereby granted, provided that the above 99 +.\" copyright notice and this permission notice appear in all copies. 100 +.\" 101 +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 102 +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 103 +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 104 +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 105 +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 106 +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 107 +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 108 +.Dd $Mdocdate: September 26 2012 $ 109 +.Dt MODULI 4 110 +.Os 111 +.Sh NAME 112 +.Nm moduli 113 +.Nd Diffie-Hellman moduli 114 +.Sh DESCRIPTION 115 +The 116 +.Pa /etc/moduli 117 +file contains prime numbers and generators for use by 118 +.Xr sshd 1M 119 +in the Diffie-Hellman Group Exchange key exchange method. 120 +.Pp 121 +New moduli may be generated with 122 +.Xr ssh-keygen 1 123 +using a two-step process. 124 +An initial 125 +.Em candidate generation 126 +pass, using 127 +.Ic ssh-keygen -G , 128 +calculates numbers that are likely to be useful. 129 +A second 130 +.Em primality testing 131 +pass, using 132 +.Ic ssh-keygen -T , 133 +provides a high degree of assurance that the numbers are prime and are 134 +safe for use in Diffie-Hellman operations by 135 +.Xr sshd 1M . 136 +This 137 +.Nm 138 +format is used as the output from each pass. 139 +.Pp 140 +The file consists of newline-separated records, one per modulus, 141 +containing seven space-separated fields. 142 +These fields are as follows: 143 +.Bl -tag -width Description -offset indent 144 +.It timestamp 145 +The time that the modulus was last processed as YYYYMMDDHHMMSS. 146 +.It type 147 +Decimal number specifying the internal structure of the prime modulus. 148 +Supported types are: 149 +.Pp 150 +.Bl -tag -width 0x00 -compact 151 +.It 0 152 +Unknown, not tested. 153 +.It 2 154 +"Safe" prime; (p-1)/2 is also prime. 155 +.It 4 156 +Sophie Germain; 2p+1 is also prime. 157 +.El 158 +.Pp 159 +Moduli candidates initially produced by 160 +.Xr ssh-keygen 1 161 +are Sophie Germain primes (type 4). 162 +Further primality testing with 163 +.Xr ssh-keygen 1 164 +produces safe prime moduli (type 2) that are ready for use in 165 +.Xr sshd 1M . 166 +Other types are not used by OpenSSH. 167 +.It tests 168 +Decimal number indicating the type of primality tests that the number 169 +has been subjected to represented as a bitmask of the following values: 170 +.Pp 171 +.Bl -tag -width 0x00 -compact 172 +.It 0x00 173 +Not tested. 174 +.It 0x01 175 +Composite number \(en not prime. 176 +.It 0x02 177 +Sieve of Eratosthenes. 178 +.It 0x04 179 +Probabilistic Miller-Rabin primality tests. 180 +.El 181 +.Pp 182 +The 183 +.Xr ssh-keygen 1 184 +moduli candidate generation uses the Sieve of Eratosthenes (flag 0x02). 185 +Subsequent 186 +.Xr ssh-keygen 1 187 +primality tests are Miller-Rabin tests (flag 0x04). 188 +.It trials 189 +Decimal number indicating the number of primality trials 190 +that have been performed on the modulus. 191 +.It size 192 +Decimal number indicating the size of the prime in bits. 193 +.It generator 194 +The recommended generator for use with this modulus (hexadecimal). 195 +.It modulus 196 +The modulus itself in hexadecimal. 197 +.El 198 +.Pp 199 +When performing Diffie-Hellman Group Exchange, 200 +.Xr sshd 1M 201 +first estimates the size of the modulus required to produce enough 202 +Diffie-Hellman output to sufficiently key the selected symmetric cipher. 203 +.Xr sshd 1M 204 +then randomly selects a modulus from 205 +.Fa /etc/moduli 206 +that best meets the size requirement. 207 +.Sh SEE ALSO 208 +.Xr ssh-keygen 1 , 209 +.Xr sshd 1M 210 +.Sh STANDARDS 211 +.Rs 212 +.%A M. Friedl 213 +.%A N. Provos 214 +.%A W. Simpson 215 +.%D March 2006 216 +.%R RFC 4419 217 +.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol 218 +.%D 2006 219 +.Re 220 diff --git a/moduli.5 b/moduli.5 221 deleted file mode 100644 222 index ef0de08..0000000 223 --- a/moduli.5 224 +++ /dev/null 225 @@ -1,127 +0,0 @@ 226 -.\" $OpenBSD: moduli.5,v 1.17 2012/09/26 17:34:38 jmc Exp $ 227 -.\" 228 -.\" Copyright (c) 2008 Damien Miller <djm@mindrot.org> 229 -.\" 230 -.\" Permission to use, copy, modify, and distribute this software for any 231 -.\" purpose with or without fee is hereby granted, provided that the above 232 -.\" copyright notice and this permission notice appear in all copies. 233 -.\" 234 -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 235 -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 236 -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 237 -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 238 -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 239 -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 240 -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 241 -.Dd $Mdocdate: September 26 2012 $ 242 -.Dt MODULI 5 243 -.Os 244 -.Sh NAME 245 -.Nm moduli 246 -.Nd Diffie-Hellman moduli 247 -.Sh DESCRIPTION 248 -The 249 -.Pa /etc/moduli 250 -file contains prime numbers and generators for use by 251 -.Xr sshd 8 252 -in the Diffie-Hellman Group Exchange key exchange method. 253 -.Pp 254 -New moduli may be generated with 255 -.Xr ssh-keygen 1 256 -using a two-step process. 257 -An initial 258 -.Em candidate generation 259 -pass, using 260 -.Ic ssh-keygen -G , 261 -calculates numbers that are likely to be useful. 262 -A second 263 -.Em primality testing 264 -pass, using 265 -.Ic ssh-keygen -T , 266 -provides a high degree of assurance that the numbers are prime and are 267 -safe for use in Diffie-Hellman operations by 268 -.Xr sshd 8 . 269 -This 270 -.Nm 271 -format is used as the output from each pass. 272 -.Pp 273 -The file consists of newline-separated records, one per modulus, 274 -containing seven space-separated fields. 275 -These fields are as follows: 276 -.Bl -tag -width Description -offset indent 277 -.It timestamp 278 -The time that the modulus was last processed as YYYYMMDDHHMMSS. 279 -.It type 280 -Decimal number specifying the internal structure of the prime modulus. 281 -Supported types are: 282 -.Pp 283 -.Bl -tag -width 0x00 -compact 284 -.It 0 285 -Unknown, not tested. 286 -.It 2 287 -"Safe" prime; (p-1)/2 is also prime. 288 -.It 4 289 -Sophie Germain; 2p+1 is also prime. 290 -.El 291 -.Pp 292 -Moduli candidates initially produced by 293 -.Xr ssh-keygen 1 294 -are Sophie Germain primes (type 4). 295 -Further primality testing with 296 -.Xr ssh-keygen 1 297 -produces safe prime moduli (type 2) that are ready for use in 298 -.Xr sshd 8 . 299 -Other types are not used by OpenSSH. 300 -.It tests 301 -Decimal number indicating the type of primality tests that the number 302 -has been subjected to represented as a bitmask of the following values: 303 -.Pp 304 -.Bl -tag -width 0x00 -compact 305 -.It 0x00 306 -Not tested. 307 -.It 0x01 308 -Composite number \(en not prime. 309 -.It 0x02 310 -Sieve of Eratosthenes. 311 -.It 0x04 312 -Probabilistic Miller-Rabin primality tests. 313 -.El 314 -.Pp 315 -The 316 -.Xr ssh-keygen 1 317 -moduli candidate generation uses the Sieve of Eratosthenes (flag 0x02). 318 -Subsequent 319 -.Xr ssh-keygen 1 320 -primality tests are Miller-Rabin tests (flag 0x04). 321 -.It trials 322 -Decimal number indicating the number of primality trials 323 -that have been performed on the modulus. 324 -.It size 325 -Decimal number indicating the size of the prime in bits. 326 -.It generator 327 -The recommended generator for use with this modulus (hexadecimal). 328 -.It modulus 329 -The modulus itself in hexadecimal. 330 -.El 331 -.Pp 332 -When performing Diffie-Hellman Group Exchange, 333 -.Xr sshd 8 334 -first estimates the size of the modulus required to produce enough 335 -Diffie-Hellman output to sufficiently key the selected symmetric cipher. 336 -.Xr sshd 8 337 -then randomly selects a modulus from 338 -.Fa /etc/moduli 339 -that best meets the size requirement. 340 -.Sh SEE ALSO 341 -.Xr ssh-keygen 1 , 342 -.Xr sshd 8 343 -.Sh STANDARDS 344 -.Rs 345 -.%A M. Friedl 346 -.%A N. Provos 347 -.%A W. Simpson 348 -.%D March 2006 349 -.%R RFC 4419 350 -.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol 351 -.%D 2006 352 -.Re 353 diff --git a/sftp-server.1m b/sftp-server.1m 354 new file mode 100644 355 index 0000000..42354c2 356 --- /dev/null 357 +++ b/sftp-server.1m 358 @@ -0,0 +1,170 @@ 359 +.\" $OpenBSD: sftp-server.8,v 1.27 2014/12/11 04:16:14 djm Exp $ 360 +.\" 361 +.\" Copyright (c) 2000 Markus Friedl. All rights reserved. 362 +.\" 363 +.\" Redistribution and use in source and binary forms, with or without 364 +.\" modification, are permitted provided that the following conditions 365 +.\" are met: 366 +.\" 1. Redistributions of source code must retain the above copyright 367 +.\" notice, this list of conditions and the following disclaimer. 368 +.\" 2. Redistributions in binary form must reproduce the above copyright 369 +.\" notice, this list of conditions and the following disclaimer in the 370 +.\" documentation and/or other materials provided with the distribution. 371 +.\" 372 +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 373 +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 374 +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 375 +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 376 +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 377 +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 378 +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 379 +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 380 +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 381 +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 382 +.\" 383 +.Dd $Mdocdate: December 11 2014 $ 384 +.Dt SFTP-SERVER 1M 385 +.Os 386 +.Sh NAME 387 +.Nm sftp-server 388 +.Nd SFTP server subsystem 389 +.Sh SYNOPSIS 390 +.Nm sftp-server 391 +.Bk -words 392 +.Op Fl ehR 393 +.Op Fl d Ar start_directory 394 +.Op Fl f Ar log_facility 395 +.Op Fl l Ar log_level 396 +.Op Fl P Ar blacklisted_requests 397 +.Op Fl p Ar whitelisted_requests 398 +.Op Fl u Ar umask 399 +.Ek 400 +.Nm 401 +.Fl Q Ar protocol_feature 402 +.Sh DESCRIPTION 403 +.Nm 404 +is a program that speaks the server side of SFTP protocol 405 +to stdout and expects client requests from stdin. 406 +.Nm 407 +is not intended to be called directly, but from 408 +.Xr sshd 1M 409 +using the 410 +.Cm Subsystem 411 +option. 412 +.Pp 413 +Command-line flags to 414 +.Nm 415 +should be specified in the 416 +.Cm Subsystem 417 +declaration. 418 +See 419 +.Xr sshd_config 4 420 +for more information. 421 +.Pp 422 +Valid options are: 423 +.Bl -tag -width Ds 424 +.It Fl d Ar start_directory 425 +specifies an alternate starting directory for users. 426 +The pathname may contain the following tokens that are expanded at runtime: 427 +%% is replaced by a literal '%', 428 +%d is replaced by the home directory of the user being authenticated, 429 +and %u is replaced by the username of that user. 430 +The default is to use the user's home directory. 431 +This option is useful in conjunction with the 432 +.Xr sshd_config 4 433 +.Cm ChrootDirectory 434 +option. 435 +.It Fl e 436 +Causes 437 +.Nm 438 +to print logging information to stderr instead of syslog for debugging. 439 +.It Fl f Ar log_facility 440 +Specifies the facility code that is used when logging messages from 441 +.Nm . 442 +The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 443 +LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 444 +The default is AUTH. 445 +.It Fl h 446 +Displays 447 +.Nm 448 +usage information. 449 +.It Fl l Ar log_level 450 +Specifies which messages will be logged by 451 +.Nm . 452 +The possible values are: 453 +QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 454 +INFO and VERBOSE log transactions that 455 +.Nm 456 +performs on behalf of the client. 457 +DEBUG and DEBUG1 are equivalent. 458 +DEBUG2 and DEBUG3 each specify higher levels of debugging output. 459 +The default is ERROR. 460 +.It Fl P Ar blacklisted_requests 461 +Specify a comma-separated list of SFTP protocol requests that are banned by 462 +the server. 463 +.Nm 464 +will reply to any blacklisted request with a failure. 465 +The 466 +.Fl Q 467 +flag can be used to determine the supported request types. 468 +If both a blacklist and a whitelist are specified, then the blacklist is 469 +applied before the whitelist. 470 +.It Fl p Ar whitelisted_requests 471 +Specify a comma-separated list of SFTP protocol requests that are permitted 472 +by the server. 473 +All request types that are not on the whitelist will be logged and replied 474 +to with a failure message. 475 +.Pp 476 +Care must be taken when using this feature to ensure that requests made 477 +implicitly by SFTP clients are permitted. 478 +.It Fl Q Ar protocol_feature 479 +Query protocol features supported by 480 +.Nm . 481 +At present the only feature that may be queried is 482 +.Dq requests , 483 +which may be used for black or whitelisting (flags 484 +.Fl P 485 +and 486 +.Fl p 487 +respectively). 488 +.It Fl R 489 +Places this instance of 490 +.Nm 491 +into a read-only mode. 492 +Attempts to open files for writing, as well as other operations that change 493 +the state of the filesystem, will be denied. 494 +.It Fl u Ar umask 495 +Sets an explicit 496 +.Xr umask 2 497 +to be applied to newly-created files and directories, instead of the 498 +user's default mask. 499 +.El 500 +.Pp 501 +On some systems, 502 +.Nm 503 +must be able to access 504 +.Pa /dev/log 505 +for logging to work, and use of 506 +.Nm 507 +in a chroot configuration therefore requires that 508 +.Xr syslogd 8 509 +establish a logging socket inside the chroot directory. 510 +.Sh SEE ALSO 511 +.Xr sftp 1 , 512 +.Xr ssh 1 , 513 +.Xr sshd_config 4 , 514 +.Xr sshd 1M 515 +.Rs 516 +.%A T. Ylonen 517 +.%A S. Lehtinen 518 +.%T "SSH File Transfer Protocol" 519 +.%N draft-ietf-secsh-filexfer-02.txt 520 +.%D October 2001 521 +.%O work in progress material 522 +.Re 523 +.Sh HISTORY 524 +.Nm 525 +first appeared in 526 +.Ox 2.8 . 527 +.Sh AUTHORS 528 +.An Markus Friedl Aq Mt markus@openbsd.org 529 diff --git a/sftp-server.8 b/sftp-server.8 530 deleted file mode 100644 531 index c117398..0000000 532 --- a/sftp-server.8 533 +++ /dev/null 534 @@ -1,170 +0,0 @@ 535 -.\" $OpenBSD: sftp-server.8,v 1.27 2014/12/11 04:16:14 djm Exp $ 536 -.\" 537 -.\" Copyright (c) 2000 Markus Friedl. All rights reserved. 538 -.\" 539 -.\" Redistribution and use in source and binary forms, with or without 540 -.\" modification, are permitted provided that the following conditions 541 -.\" are met: 542 -.\" 1. Redistributions of source code must retain the above copyright 543 -.\" notice, this list of conditions and the following disclaimer. 544 -.\" 2. Redistributions in binary form must reproduce the above copyright 545 -.\" notice, this list of conditions and the following disclaimer in the 546 -.\" documentation and/or other materials provided with the distribution. 547 -.\" 548 -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 549 -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 550 -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 551 -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 552 -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 553 -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 554 -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 555 -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 556 -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 557 -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 558 -.\" 559 -.Dd $Mdocdate: December 11 2014 $ 560 -.Dt SFTP-SERVER 8 561 -.Os 562 -.Sh NAME 563 -.Nm sftp-server 564 -.Nd SFTP server subsystem 565 -.Sh SYNOPSIS 566 -.Nm sftp-server 567 -.Bk -words 568 -.Op Fl ehR 569 -.Op Fl d Ar start_directory 570 -.Op Fl f Ar log_facility 571 -.Op Fl l Ar log_level 572 -.Op Fl P Ar blacklisted_requests 573 -.Op Fl p Ar whitelisted_requests 574 -.Op Fl u Ar umask 575 -.Ek 576 -.Nm 577 -.Fl Q Ar protocol_feature 578 -.Sh DESCRIPTION 579 -.Nm 580 -is a program that speaks the server side of SFTP protocol 581 -to stdout and expects client requests from stdin. 582 -.Nm 583 -is not intended to be called directly, but from 584 -.Xr sshd 8 585 -using the 586 -.Cm Subsystem 587 -option. 588 -.Pp 589 -Command-line flags to 590 -.Nm 591 -should be specified in the 592 -.Cm Subsystem 593 -declaration. 594 -See 595 -.Xr sshd_config 5 596 -for more information. 597 -.Pp 598 -Valid options are: 599 -.Bl -tag -width Ds 600 -.It Fl d Ar start_directory 601 -specifies an alternate starting directory for users. 602 -The pathname may contain the following tokens that are expanded at runtime: 603 -%% is replaced by a literal '%', 604 -%d is replaced by the home directory of the user being authenticated, 605 -and %u is replaced by the username of that user. 606 -The default is to use the user's home directory. 607 -This option is useful in conjunction with the 608 -.Xr sshd_config 5 609 -.Cm ChrootDirectory 610 -option. 611 -.It Fl e 612 -Causes 613 -.Nm 614 -to print logging information to stderr instead of syslog for debugging. 615 -.It Fl f Ar log_facility 616 -Specifies the facility code that is used when logging messages from 617 -.Nm . 618 -The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 619 -LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 620 -The default is AUTH. 621 -.It Fl h 622 -Displays 623 -.Nm 624 -usage information. 625 -.It Fl l Ar log_level 626 -Specifies which messages will be logged by 627 -.Nm . 628 -The possible values are: 629 -QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 630 -INFO and VERBOSE log transactions that 631 -.Nm 632 -performs on behalf of the client. 633 -DEBUG and DEBUG1 are equivalent. 634 -DEBUG2 and DEBUG3 each specify higher levels of debugging output. 635 -The default is ERROR. 636 -.It Fl P Ar blacklisted_requests 637 -Specify a comma-separated list of SFTP protocol requests that are banned by 638 -the server. 639 -.Nm 640 -will reply to any blacklisted request with a failure. 641 -The 642 -.Fl Q 643 -flag can be used to determine the supported request types. 644 -If both a blacklist and a whitelist are specified, then the blacklist is 645 -applied before the whitelist. 646 -.It Fl p Ar whitelisted_requests 647 -Specify a comma-separated list of SFTP protocol requests that are permitted 648 -by the server. 649 -All request types that are not on the whitelist will be logged and replied 650 -to with a failure message. 651 -.Pp 652 -Care must be taken when using this feature to ensure that requests made 653 -implicitly by SFTP clients are permitted. 654 -.It Fl Q Ar protocol_feature 655 -Query protocol features supported by 656 -.Nm . 657 -At present the only feature that may be queried is 658 -.Dq requests , 659 -which may be used for black or whitelisting (flags 660 -.Fl P 661 -and 662 -.Fl p 663 -respectively). 664 -.It Fl R 665 -Places this instance of 666 -.Nm 667 -into a read-only mode. 668 -Attempts to open files for writing, as well as other operations that change 669 -the state of the filesystem, will be denied. 670 -.It Fl u Ar umask 671 -Sets an explicit 672 -.Xr umask 2 673 -to be applied to newly-created files and directories, instead of the 674 -user's default mask. 675 -.El 676 -.Pp 677 -On some systems, 678 -.Nm 679 -must be able to access 680 -.Pa /dev/log 681 -for logging to work, and use of 682 -.Nm 683 -in a chroot configuration therefore requires that 684 -.Xr syslogd 8 685 -establish a logging socket inside the chroot directory. 686 -.Sh SEE ALSO 687 -.Xr sftp 1 , 688 -.Xr ssh 1 , 689 -.Xr sshd_config 5 , 690 -.Xr sshd 8 691 -.Rs 692 -.%A T. Ylonen 693 -.%A S. Lehtinen 694 -.%T "SSH File Transfer Protocol" 695 -.%N draft-ietf-secsh-filexfer-02.txt 696 -.%D October 2001 697 -.%O work in progress material 698 -.Re 699 -.Sh HISTORY 700 -.Nm 701 -first appeared in 702 -.Ox 2.8 . 703 -.Sh AUTHORS 704 -.An Markus Friedl Aq Mt markus@openbsd.org 705 diff --git a/ssh-keysign.1m b/ssh-keysign.1m 706 new file mode 100644 707 index 0000000..60c96ad 708 --- /dev/null 709 +++ b/ssh-keysign.1m 710 @@ -0,0 +1,93 @@ 711 +.\" $OpenBSD: ssh-keysign.8,v 1.14 2013/12/07 11:58:46 naddy Exp $ 712 +.\" 713 +.\" Copyright (c) 2002 Markus Friedl. All rights reserved. 714 +.\" 715 +.\" Redistribution and use in source and binary forms, with or without 716 +.\" modification, are permitted provided that the following conditions 717 +.\" are met: 718 +.\" 1. Redistributions of source code must retain the above copyright 719 +.\" notice, this list of conditions and the following disclaimer. 720 +.\" 2. Redistributions in binary form must reproduce the above copyright 721 +.\" notice, this list of conditions and the following disclaimer in the 722 +.\" documentation and/or other materials provided with the distribution. 723 +.\" 724 +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 725 +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 726 +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 727 +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 728 +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 729 +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 730 +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 731 +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 732 +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 733 +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 734 +.\" 735 +.Dd $Mdocdate: December 7 2013 $ 736 +.Dt SSH-KEYSIGN 1M 737 +.Os 738 +.Sh NAME 739 +.Nm ssh-keysign 740 +.Nd ssh helper program for host-based authentication 741 +.Sh SYNOPSIS 742 +.Nm 743 +.Sh DESCRIPTION 744 +.Nm 745 +is used by 746 +.Xr ssh 1 747 +to access the local host keys and generate the digital signature 748 +required during host-based authentication with SSH protocol version 2. 749 +.Pp 750 +.Nm 751 +is disabled by default and can only be enabled in the 752 +global client configuration file 753 +.Pa /etc/ssh/ssh_config 754 +by setting 755 +.Cm EnableSSHKeysign 756 +to 757 +.Dq yes . 758 +.Pp 759 +.Nm 760 +is not intended to be invoked by the user, but from 761 +.Xr ssh 1 . 762 +See 763 +.Xr ssh 1 764 +and 765 +.Xr sshd 1M 766 +for more information about host-based authentication. 767 +.Sh FILES 768 +.Bl -tag -width Ds -compact 769 +.It Pa /etc/ssh/ssh_config 770 +Controls whether 771 +.Nm 772 +is enabled. 773 +.Pp 774 +.It Pa /etc/ssh/ssh_host_dsa_key 775 +.It Pa /etc/ssh/ssh_host_ecdsa_key 776 +.It Pa /etc/ssh/ssh_host_ed25519_key 777 +.It Pa /etc/ssh/ssh_host_rsa_key 778 +These files contain the private parts of the host keys used to 779 +generate the digital signature. 780 +They should be owned by root, readable only by root, and not 781 +accessible to others. 782 +Since they are readable only by root, 783 +.Nm 784 +must be set-uid root if host-based authentication is used. 785 +.Pp 786 +.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub 787 +.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub 788 +.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub 789 +.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub 790 +If these files exist they are assumed to contain public certificate 791 +information corresponding with the private keys above. 792 +.El 793 +.Sh SEE ALSO 794 +.Xr ssh 1 , 795 +.Xr ssh-keygen 1 , 796 +.Xr ssh_config 4 , 797 +.Xr sshd 1M 798 +.Sh HISTORY 799 +.Nm 800 +first appeared in 801 +.Ox 3.2 . 802 +.Sh AUTHORS 803 +.An Markus Friedl Aq Mt markus@openbsd.org 804 diff --git a/ssh-keysign.8 b/ssh-keysign.8 805 deleted file mode 100644 806 index 69d0829..0000000 807 --- a/ssh-keysign.8 808 +++ /dev/null 809 @@ -1,93 +0,0 @@ 810 -.\" $OpenBSD: ssh-keysign.8,v 1.14 2013/12/07 11:58:46 naddy Exp $ 811 -.\" 812 -.\" Copyright (c) 2002 Markus Friedl. All rights reserved. 813 -.\" 814 -.\" Redistribution and use in source and binary forms, with or without 815 -.\" modification, are permitted provided that the following conditions 816 -.\" are met: 817 -.\" 1. Redistributions of source code must retain the above copyright 818 -.\" notice, this list of conditions and the following disclaimer. 819 -.\" 2. Redistributions in binary form must reproduce the above copyright 820 -.\" notice, this list of conditions and the following disclaimer in the 821 -.\" documentation and/or other materials provided with the distribution. 822 -.\" 823 -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 824 -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 825 -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 826 -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 827 -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 828 -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 829 -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 830 -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 831 -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 832 -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 833 -.\" 834 -.Dd $Mdocdate: December 7 2013 $ 835 -.Dt SSH-KEYSIGN 8 836 -.Os 837 -.Sh NAME 838 -.Nm ssh-keysign 839 -.Nd ssh helper program for host-based authentication 840 -.Sh SYNOPSIS 841 -.Nm 842 -.Sh DESCRIPTION 843 -.Nm 844 -is used by 845 -.Xr ssh 1 846 -to access the local host keys and generate the digital signature 847 -required during host-based authentication with SSH protocol version 2. 848 -.Pp 849 -.Nm 850 -is disabled by default and can only be enabled in the 851 -global client configuration file 852 -.Pa /etc/ssh/ssh_config 853 -by setting 854 -.Cm EnableSSHKeysign 855 -to 856 -.Dq yes . 857 -.Pp 858 -.Nm 859 -is not intended to be invoked by the user, but from 860 -.Xr ssh 1 . 861 -See 862 -.Xr ssh 1 863 -and 864 -.Xr sshd 8 865 -for more information about host-based authentication. 866 -.Sh FILES 867 -.Bl -tag -width Ds -compact 868 -.It Pa /etc/ssh/ssh_config 869 -Controls whether 870 -.Nm 871 -is enabled. 872 -.Pp 873 -.It Pa /etc/ssh/ssh_host_dsa_key 874 -.It Pa /etc/ssh/ssh_host_ecdsa_key 875 -.It Pa /etc/ssh/ssh_host_ed25519_key 876 -.It Pa /etc/ssh/ssh_host_rsa_key 877 -These files contain the private parts of the host keys used to 878 -generate the digital signature. 879 -They should be owned by root, readable only by root, and not 880 -accessible to others. 881 -Since they are readable only by root, 882 -.Nm 883 -must be set-uid root if host-based authentication is used. 884 -.Pp 885 -.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub 886 -.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub 887 -.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub 888 -.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub 889 -If these files exist they are assumed to contain public certificate 890 -information corresponding with the private keys above. 891 -.El 892 -.Sh SEE ALSO 893 -.Xr ssh 1 , 894 -.Xr ssh-keygen 1 , 895 -.Xr ssh_config 5 , 896 -.Xr sshd 8 897 -.Sh HISTORY 898 -.Nm 899 -first appeared in 900 -.Ox 3.2 . 901 -.Sh AUTHORS 902 -.An Markus Friedl Aq Mt markus@openbsd.org 903 diff --git a/ssh-pkcs11-helper.1m b/ssh-pkcs11-helper.1m 904 new file mode 100644 905 index 0000000..646b1fa 906 --- /dev/null 907 +++ b/ssh-pkcs11-helper.1m 908 @@ -0,0 +1,43 @@ 909 +.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.4 2013/07/16 00:07:52 schwarze Exp $ 910 +.\" 911 +.\" Copyright (c) 2010 Markus Friedl. All rights reserved. 912 +.\" 913 +.\" Permission to use, copy, modify, and distribute this software for any 914 +.\" purpose with or without fee is hereby granted, provided that the above 915 +.\" copyright notice and this permission notice appear in all copies. 916 +.\" 917 +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 918 +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 919 +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 920 +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 921 +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 922 +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 923 +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 924 +.\" 925 +.Dd $Mdocdate: July 16 2013 $ 926 +.Dt SSH-PKCS11-HELPER 1M 927 +.Os 928 +.Sh NAME 929 +.Nm ssh-pkcs11-helper 930 +.Nd ssh-agent helper program for PKCS#11 support 931 +.Sh SYNOPSIS 932 +.Nm 933 +.Sh DESCRIPTION 934 +.Nm 935 +is used by 936 +.Xr ssh-agent 1 937 +to access keys provided by a PKCS#11 token. 938 +.Pp 939 +.Nm 940 +is not intended to be invoked by the user, but from 941 +.Xr ssh-agent 1 . 942 +.Sh SEE ALSO 943 +.Xr ssh 1 , 944 +.Xr ssh-add 1 , 945 +.Xr ssh-agent 1 946 +.Sh HISTORY 947 +.Nm 948 +first appeared in 949 +.Ox 4.7 . 950 +.Sh AUTHORS 951 +.An Markus Friedl Aq Mt markus@openbsd.org 952 diff --git a/ssh-pkcs11-helper.8 b/ssh-pkcs11-helper.8 953 deleted file mode 100644 954 index 3728c4e..0000000 955 --- a/ssh-pkcs11-helper.8 956 +++ /dev/null 957 @@ -1,43 +0,0 @@ 958 -.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.4 2013/07/16 00:07:52 schwarze Exp $ 959 -.\" 960 -.\" Copyright (c) 2010 Markus Friedl. All rights reserved. 961 -.\" 962 -.\" Permission to use, copy, modify, and distribute this software for any 963 -.\" purpose with or without fee is hereby granted, provided that the above 964 -.\" copyright notice and this permission notice appear in all copies. 965 -.\" 966 -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 967 -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 968 -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 969 -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 970 -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 971 -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 972 -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 973 -.\" 974 -.Dd $Mdocdate: July 16 2013 $ 975 -.Dt SSH-PKCS11-HELPER 8 976 -.Os 977 -.Sh NAME 978 -.Nm ssh-pkcs11-helper 979 -.Nd ssh-agent helper program for PKCS#11 support 980 -.Sh SYNOPSIS 981 -.Nm 982 -.Sh DESCRIPTION 983 -.Nm 984 -is used by 985 -.Xr ssh-agent 1 986 -to access keys provided by a PKCS#11 token. 987 -.Pp 988 -.Nm 989 -is not intended to be invoked by the user, but from 990 -.Xr ssh-agent 1 . 991 -.Sh SEE ALSO 992 -.Xr ssh 1 , 993 -.Xr ssh-add 1 , 994 -.Xr ssh-agent 1 995 -.Sh HISTORY 996 -.Nm 997 -first appeared in 998 -.Ox 4.7 . 999 -.Sh AUTHORS 1000 -.An Markus Friedl Aq Mt markus@openbsd.org 1001 diff --git a/ssh_config.4 b/ssh_config.4 1002 new file mode 100644 1003 index 0000000..8c099eb 1004 --- /dev/null 1005 +++ b/ssh_config.4 1006 @@ -0,0 +1,1726 @@ 1007 +.\" 1008 +.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 1009 +.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 1010 +.\" All rights reserved 1011 +.\" 1012 +.\" As far as I am concerned, the code I have written for this software 1013 +.\" can be used freely for any purpose. Any derived versions of this 1014 +.\" software must be clearly marked as such, and if the derived work is 1015 +.\" incompatible with the protocol description in the RFC file, it must be 1016 +.\" called by a name other than "ssh" or "Secure Shell". 1017 +.\" 1018 +.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 1019 +.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 1020 +.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 1021 +.\" 1022 +.\" Redistribution and use in source and binary forms, with or without 1023 +.\" modification, are permitted provided that the following conditions 1024 +.\" are met: 1025 +.\" 1. Redistributions of source code must retain the above copyright 1026 +.\" notice, this list of conditions and the following disclaimer. 1027 +.\" 2. Redistributions in binary form must reproduce the above copyright 1028 +.\" notice, this list of conditions and the following disclaimer in the 1029 +.\" documentation and/or other materials provided with the distribution. 1030 +.\" 1031 +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1032 +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 1033 +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 1034 +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 1035 +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 1036 +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 1037 +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 1038 +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 1039 +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 1040 +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 1041 +.\" 1042 +.\" $OpenBSD: ssh_config.5,v 1.215 2015/08/14 15:32:41 jmc Exp $ 1043 +.Dd $Mdocdate: August 14 2015 $ 1044 +.Dt SSH_CONFIG 4 1045 +.Os 1046 +.Sh NAME 1047 +.Nm ssh_config 1048 +.Nd OpenSSH SSH client configuration files 1049 +.Sh SYNOPSIS 1050 +.Nm ~/.ssh/config 1051 +.Nm /etc/ssh/ssh_config 1052 +.Sh DESCRIPTION 1053 +.Xr ssh 1 1054 +obtains configuration data from the following sources in 1055 +the following order: 1056 +.Pp 1057 +.Bl -enum -offset indent -compact 1058 +.It 1059 +command-line options 1060 +.It 1061 +user's configuration file 1062 +.Pq Pa ~/.ssh/config 1063 +.It 1064 +system-wide configuration file 1065 +.Pq Pa /etc/ssh/ssh_config 1066 +.El 1067 +.Pp 1068 +For each parameter, the first obtained value 1069 +will be used. 1070 +The configuration files contain sections separated by 1071 +.Dq Host 1072 +specifications, and that section is only applied for hosts that 1073 +match one of the patterns given in the specification. 1074 +The matched host name is usually the one given on the command line 1075 +(see the 1076 +.Cm CanonicalizeHostname 1077 +option for exceptions.) 1078 +.Pp 1079 +Since the first obtained value for each parameter is used, more 1080 +host-specific declarations should be given near the beginning of the 1081 +file, and general defaults at the end. 1082 +.Pp 1083 +The configuration file has the following format: 1084 +.Pp 1085 +Empty lines and lines starting with 1086 +.Ql # 1087 +are comments. 1088 +Otherwise a line is of the format 1089 +.Dq keyword arguments . 1090 +Configuration options may be separated by whitespace or 1091 +optional whitespace and exactly one 1092 +.Ql = ; 1093 +the latter format is useful to avoid the need to quote whitespace 1094 +when specifying configuration options using the 1095 +.Nm ssh , 1096 +.Nm scp , 1097 +and 1098 +.Nm sftp 1099 +.Fl o 1100 +option. 1101 +Arguments may optionally be enclosed in double quotes 1102 +.Pq \&" 1103 +in order to represent arguments containing spaces. 1104 +.Pp 1105 +The possible 1106 +keywords and their meanings are as follows (note that 1107 +keywords are case-insensitive and arguments are case-sensitive): 1108 +.Bl -tag -width Ds 1109 +.It Cm Host 1110 +Restricts the following declarations (up to the next 1111 +.Cm Host 1112 +or 1113 +.Cm Match 1114 +keyword) to be only for those hosts that match one of the patterns 1115 +given after the keyword. 1116 +If more than one pattern is provided, they should be separated by whitespace. 1117 +A single 1118 +.Ql * 1119 +as a pattern can be used to provide global 1120 +defaults for all hosts. 1121 +The host is usually the 1122 +.Ar hostname 1123 +argument given on the command line 1124 +(see the 1125 +.Cm CanonicalizeHostname 1126 +option for exceptions.) 1127 +.Pp 1128 +A pattern entry may be negated by prefixing it with an exclamation mark 1129 +.Pq Sq !\& . 1130 +If a negated entry is matched, then the 1131 +.Cm Host 1132 +entry is ignored, regardless of whether any other patterns on the line 1133 +match. 1134 +Negated matches are therefore useful to provide exceptions for wildcard 1135 +matches. 1136 +.Pp 1137 +See 1138 +.Sx PATTERNS 1139 +for more information on patterns. 1140 +.It Cm Match 1141 +Restricts the following declarations (up to the next 1142 +.Cm Host 1143 +or 1144 +.Cm Match 1145 +keyword) to be used only when the conditions following the 1146 +.Cm Match 1147 +keyword are satisfied. 1148 +Match conditions are specified using one or more critera 1149 +or the single token 1150 +.Cm all 1151 +which always matches. 1152 +The available criteria keywords are: 1153 +.Cm canonical , 1154 +.Cm exec , 1155 +.Cm host , 1156 +.Cm originalhost , 1157 +.Cm user , 1158 +and 1159 +.Cm localuser . 1160 +The 1161 +.Cm all 1162 +criteria must appear alone or immediately after 1163 +.Cm canonical . 1164 +Other criteria may be combined arbitrarily. 1165 +All criteria but 1166 +.Cm all 1167 +and 1168 +.Cm canonical 1169 +require an argument. 1170 +Criteria may be negated by prepending an exclamation mark 1171 +.Pq Sq !\& . 1172 +.Pp 1173 +The 1174 +.Cm canonical 1175 +keyword matches only when the configuration file is being re-parsed 1176 +after hostname canonicalization (see the 1177 +.Cm CanonicalizeHostname 1178 +option.) 1179 +This may be useful to specify conditions that work with canonical host 1180 +names only. 1181 +The 1182 +.Cm exec 1183 +keyword executes the specified command under the user's shell. 1184 +If the command returns a zero exit status then the condition is considered true. 1185 +Commands containing whitespace characters must be quoted. 1186 +The following character sequences in the command will be expanded prior to 1187 +execution: 1188 +.Ql %L 1189 +will be substituted by the first component of the local host name, 1190 +.Ql %l 1191 +will be substituted by the local host name (including any domain name), 1192 +.Ql %h 1193 +will be substituted by the target host name, 1194 +.Ql %n 1195 +will be substituted by the original target host name 1196 +specified on the command-line, 1197 +.Ql %p 1198 +the destination port, 1199 +.Ql %r 1200 +by the remote login username, and 1201 +.Ql %u 1202 +by the username of the user running 1203 +.Xr ssh 1 . 1204 +.Pp 1205 +The other keywords' criteria must be single entries or comma-separated 1206 +lists and may use the wildcard and negation operators described in the 1207 +.Sx PATTERNS 1208 +section. 1209 +The criteria for the 1210 +.Cm host 1211 +keyword are matched against the target hostname, after any substitution 1212 +by the 1213 +.Cm Hostname 1214 +or 1215 +.Cm CanonicalizeHostname 1216 +options. 1217 +The 1218 +.Cm originalhost 1219 +keyword matches against the hostname as it was specified on the command-line. 1220 +The 1221 +.Cm user 1222 +keyword matches against the target username on the remote host. 1223 +The 1224 +.Cm localuser 1225 +keyword matches against the name of the local user running 1226 +.Xr ssh 1 1227 +(this keyword may be useful in system-wide 1228 +.Nm 1229 +files). 1230 +.It Cm AddressFamily 1231 +Specifies which address family to use when connecting. 1232 +Valid arguments are 1233 +.Dq any , 1234 +.Dq inet 1235 +(use IPv4 only), or 1236 +.Dq inet6 1237 +(use IPv6 only). 1238 +.It Cm BatchMode 1239 +If set to 1240 +.Dq yes , 1241 +passphrase/password querying will be disabled. 1242 +This option is useful in scripts and other batch jobs where no user 1243 +is present to supply the password. 1244 +The argument must be 1245 +.Dq yes 1246 +or 1247 +.Dq no . 1248 +The default is 1249 +.Dq no . 1250 +.It Cm BindAddress 1251 +Use the specified address on the local machine as the source address of 1252 +the connection. 1253 +Only useful on systems with more than one address. 1254 +Note that this option does not work if 1255 +.Cm UsePrivilegedPort 1256 +is set to 1257 +.Dq yes . 1258 +.It Cm CanonicalDomains 1259 +When 1260 +.Cm CanonicalizeHostname 1261 +is enabled, this option specifies the list of domain suffixes in which to 1262 +search for the specified destination host. 1263 +.It Cm CanonicalizeFallbackLocal 1264 +Specifies whether to fail with an error when hostname canonicalization fails. 1265 +The default, 1266 +.Dq yes , 1267 +will attempt to look up the unqualified hostname using the system resolver's 1268 +search rules. 1269 +A value of 1270 +.Dq no 1271 +will cause 1272 +.Xr ssh 1 1273 +to fail instantly if 1274 +.Cm CanonicalizeHostname 1275 +is enabled and the target hostname cannot be found in any of the domains 1276 +specified by 1277 +.Cm CanonicalDomains . 1278 +.It Cm CanonicalizeHostname 1279 +Controls whether explicit hostname canonicalization is performed. 1280 +The default, 1281 +.Dq no , 1282 +is not to perform any name rewriting and let the system resolver handle all 1283 +hostname lookups. 1284 +If set to 1285 +.Dq yes 1286 +then, for connections that do not use a 1287 +.Cm ProxyCommand , 1288 +.Xr ssh 1 1289 +will attempt to canonicalize the hostname specified on the command line 1290 +using the 1291 +.Cm CanonicalDomains 1292 +suffixes and 1293 +.Cm CanonicalizePermittedCNAMEs 1294 +rules. 1295 +If 1296 +.Cm CanonicalizeHostname 1297 +is set to 1298 +.Dq always , 1299 +then canonicalization is applied to proxied connections too. 1300 +.Pp 1301 +If this option is enabled, then the configuration files are processed 1302 +again using the new target name to pick up any new configuration in matching 1303 +.Cm Host 1304 +and 1305 +.Cm Match 1306 +stanzas. 1307 +.It Cm CanonicalizeMaxDots 1308 +Specifies the maximum number of dot characters in a hostname before 1309 +canonicalization is disabled. 1310 +The default, 1311 +.Dq 1 , 1312 +allows a single dot (i.e. hostname.subdomain). 1313 +.It Cm CanonicalizePermittedCNAMEs 1314 +Specifies rules to determine whether CNAMEs should be followed when 1315 +canonicalizing hostnames. 1316 +The rules consist of one or more arguments of 1317 +.Ar source_domain_list : Ns Ar target_domain_list , 1318 +where 1319 +.Ar source_domain_list 1320 +is a pattern-list of domains that may follow CNAMEs in canonicalization, 1321 +and 1322 +.Ar target_domain_list 1323 +is a pattern-list of domains that they may resolve to. 1324 +.Pp 1325 +For example, 1326 +.Dq *.a.example.com:*.b.example.com,*.c.example.com 1327 +will allow hostnames matching 1328 +.Dq *.a.example.com 1329 +to be canonicalized to names in the 1330 +.Dq *.b.example.com 1331 +or 1332 +.Dq *.c.example.com 1333 +domains. 1334 +.It Cm ChallengeResponseAuthentication 1335 +Specifies whether to use challenge-response authentication. 1336 +The argument to this keyword must be 1337 +.Dq yes 1338 +or 1339 +.Dq no . 1340 +The default is 1341 +.Dq yes . 1342 +.It Cm CheckHostIP 1343 +If this flag is set to 1344 +.Dq yes , 1345 +.Xr ssh 1 1346 +will additionally check the host IP address in the 1347 +.Pa known_hosts 1348 +file. 1349 +This allows ssh to detect if a host key changed due to DNS spoofing 1350 +and will add addresses of destination hosts to 1351 +.Pa ~/.ssh/known_hosts 1352 +in the process, regardless of the setting of 1353 +.Cm StrictHostKeyChecking . 1354 +If the option is set to 1355 +.Dq no , 1356 +the check will not be executed. 1357 +The default is 1358 +.Dq yes . 1359 +.It Cm Cipher 1360 +Specifies the cipher to use for encrypting the session 1361 +in protocol version 1. 1362 +Currently, 1363 +.Dq blowfish , 1364 +.Dq 3des , 1365 +and 1366 +.Dq des 1367 +are supported. 1368 +.Ar des 1369 +is only supported in the 1370 +.Xr ssh 1 1371 +client for interoperability with legacy protocol 1 implementations 1372 +that do not support the 1373 +.Ar 3des 1374 +cipher. 1375 +Its use is strongly discouraged due to cryptographic weaknesses. 1376 +The default is 1377 +.Dq 3des . 1378 +.It Cm Ciphers 1379 +Specifies the ciphers allowed for protocol version 2 1380 +in order of preference. 1381 +Multiple ciphers must be comma-separated. 1382 +If the specified value begins with a 1383 +.Sq + 1384 +character, then the specified ciphers will be appended to the default set 1385 +instead of replacing them. 1386 +.Pp 1387 +The supported ciphers are: 1388 +.Pp 1389 +.Bl -item -compact -offset indent 1390 +.It 1391 +3des-cbc 1392 +.It 1393 +aes128-cbc 1394 +.It 1395 +aes192-cbc 1396 +.It 1397 +aes256-cbc 1398 +.It 1399 +aes128-ctr 1400 +.It 1401 +aes192-ctr 1402 +.It 1403 +aes256-ctr 1404 +.It 1405 +aes128-gcm@openssh.com 1406 +.It 1407 +aes256-gcm@openssh.com 1408 +.It 1409 +arcfour 1410 +.It 1411 +arcfour128 1412 +.It 1413 +arcfour256 1414 +.It 1415 +blowfish-cbc 1416 +.It 1417 +cast128-cbc 1418 +.It 1419 +chacha20-poly1305@openssh.com 1420 +.El 1421 +.Pp 1422 +The default is: 1423 +.Bd -literal -offset indent 1424 +chacha20-poly1305@openssh.com, 1425 +aes128-ctr,aes192-ctr,aes256-ctr, 1426 +aes128-gcm@openssh.com,aes256-gcm@openssh.com, 1427 +arcfour256,arcfour128, 1428 +aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, 1429 +aes192-cbc,aes256-cbc,arcfour 1430 +.Ed 1431 +.Pp 1432 +The list of available ciphers may also be obtained using the 1433 +.Fl Q 1434 +option of 1435 +.Xr ssh 1 1436 +with an argument of 1437 +.Dq cipher . 1438 +.It Cm ClearAllForwardings 1439 +Specifies that all local, remote, and dynamic port forwardings 1440 +specified in the configuration files or on the command line be 1441 +cleared. 1442 +This option is primarily useful when used from the 1443 +.Xr ssh 1 1444 +command line to clear port forwardings set in 1445 +configuration files, and is automatically set by 1446 +.Xr scp 1 1447 +and 1448 +.Xr sftp 1 . 1449 +The argument must be 1450 +.Dq yes 1451 +or 1452 +.Dq no . 1453 +The default is 1454 +.Dq no . 1455 +.It Cm Compression 1456 +Specifies whether to use compression. 1457 +The argument must be 1458 +.Dq yes 1459 +or 1460 +.Dq no . 1461 +The default is 1462 +.Dq no . 1463 +.It Cm CompressionLevel 1464 +Specifies the compression level to use if compression is enabled. 1465 +The argument must be an integer from 1 (fast) to 9 (slow, best). 1466 +The default level is 6, which is good for most applications. 1467 +The meaning of the values is the same as in 1468 +.Xr gzip 1 . 1469 +Note that this option applies to protocol version 1 only. 1470 +.It Cm ConnectionAttempts 1471 +Specifies the number of tries (one per second) to make before exiting. 1472 +The argument must be an integer. 1473 +This may be useful in scripts if the connection sometimes fails. 1474 +The default is 1. 1475 +.It Cm ConnectTimeout 1476 +Specifies the timeout (in seconds) used when connecting to the 1477 +SSH server, instead of using the default system TCP timeout. 1478 +This value is used only when the target is down or really unreachable, 1479 +not when it refuses the connection. 1480 +.It Cm ControlMaster 1481 +Enables the sharing of multiple sessions over a single network connection. 1482 +When set to 1483 +.Dq yes , 1484 +.Xr ssh 1 1485 +will listen for connections on a control socket specified using the 1486 +.Cm ControlPath 1487 +argument. 1488 +Additional sessions can connect to this socket using the same 1489 +.Cm ControlPath 1490 +with 1491 +.Cm ControlMaster 1492 +set to 1493 +.Dq no 1494 +(the default). 1495 +These sessions will try to reuse the master instance's network connection 1496 +rather than initiating new ones, but will fall back to connecting normally 1497 +if the control socket does not exist, or is not listening. 1498 +.Pp 1499 +Setting this to 1500 +.Dq ask 1501 +will cause ssh 1502 +to listen for control connections, but require confirmation using 1503 +.Xr ssh-askpass 1 . 1504 +If the 1505 +.Cm ControlPath 1506 +cannot be opened, 1507 +ssh will continue without connecting to a master instance. 1508 +.Pp 1509 +X11 and 1510 +.Xr ssh-agent 1 1511 +forwarding is supported over these multiplexed connections, however the 1512 +display and agent forwarded will be the one belonging to the master 1513 +connection i.e. it is not possible to forward multiple displays or agents. 1514 +.Pp 1515 +Two additional options allow for opportunistic multiplexing: try to use a 1516 +master connection but fall back to creating a new one if one does not already 1517 +exist. 1518 +These options are: 1519 +.Dq auto 1520 +and 1521 +.Dq autoask . 1522 +The latter requires confirmation like the 1523 +.Dq ask 1524 +option. 1525 +.It Cm ControlPath 1526 +Specify the path to the control socket used for connection sharing as described 1527 +in the 1528 +.Cm ControlMaster 1529 +section above or the string 1530 +.Dq none 1531 +to disable connection sharing. 1532 +In the path, 1533 +.Ql %L 1534 +will be substituted by the first component of the local host name, 1535 +.Ql %l 1536 +will be substituted by the local host name (including any domain name), 1537 +.Ql %h 1538 +will be substituted by the target host name, 1539 +.Ql %n 1540 +will be substituted by the original target host name 1541 +specified on the command line, 1542 +.Ql %p 1543 +the destination port, 1544 +.Ql %r 1545 +by the remote login username, 1546 +.Ql %u 1547 +by the username of the user running 1548 +.Xr ssh 1 , and 1549 +.Ql \&%C 1550 +by a hash of the concatenation: %l%h%p%r. 1551 +It is recommended that any 1552 +.Cm ControlPath 1553 +used for opportunistic connection sharing include 1554 +at least %h, %p, and %r (or alternatively %C) and be placed in a directory 1555 +that is not writable by other users. 1556 +This ensures that shared connections are uniquely identified. 1557 +.It Cm ControlPersist 1558 +When used in conjunction with 1559 +.Cm ControlMaster , 1560 +specifies that the master connection should remain open 1561 +in the background (waiting for future client connections) 1562 +after the initial client connection has been closed. 1563 +If set to 1564 +.Dq no , 1565 +then the master connection will not be placed into the background, 1566 +and will close as soon as the initial client connection is closed. 1567 +If set to 1568 +.Dq yes 1569 +or 1570 +.Dq 0 , 1571 +then the master connection will remain in the background indefinitely 1572 +(until killed or closed via a mechanism such as the 1573 +.Xr ssh 1 1574 +.Dq Fl O No exit 1575 +option). 1576 +If set to a time in seconds, or a time in any of the formats documented in 1577 +.Xr sshd_config 4 , 1578 +then the backgrounded master connection will automatically terminate 1579 +after it has remained idle (with no client connections) for the 1580 +specified time. 1581 +.It Cm DynamicForward 1582 +Specifies that a TCP port on the local machine be forwarded 1583 +over the secure channel, and the application 1584 +protocol is then used to determine where to connect to from the 1585 +remote machine. 1586 +.Pp 1587 +The argument must be 1588 +.Sm off 1589 +.Oo Ar bind_address : Oc Ar port . 1590 +.Sm on 1591 +IPv6 addresses can be specified by enclosing addresses in square brackets. 1592 +By default, the local port is bound in accordance with the 1593 +.Cm GatewayPorts 1594 +setting. 1595 +However, an explicit 1596 +.Ar bind_address 1597 +may be used to bind the connection to a specific address. 1598 +The 1599 +.Ar bind_address 1600 +of 1601 +.Dq localhost 1602 +indicates that the listening port be bound for local use only, while an 1603 +empty address or 1604 +.Sq * 1605 +indicates that the port should be available from all interfaces. 1606 +.Pp 1607 +Currently the SOCKS4 and SOCKS5 protocols are supported, and 1608 +.Xr ssh 1 1609 +will act as a SOCKS server. 1610 +Multiple forwardings may be specified, and 1611 +additional forwardings can be given on the command line. 1612 +Only the superuser can forward privileged ports. 1613 +.It Cm EnableSSHKeysign 1614 +Setting this option to 1615 +.Dq yes 1616 +in the global client configuration file 1617 +.Pa /etc/ssh/ssh_config 1618 +enables the use of the helper program 1619 +.Xr ssh-keysign 8 1620 +during 1621 +.Cm HostbasedAuthentication . 1622 +The argument must be 1623 +.Dq yes 1624 +or 1625 +.Dq no . 1626 +The default is 1627 +.Dq no . 1628 +This option should be placed in the non-hostspecific section. 1629 +See 1630 +.Xr ssh-keysign 8 1631 +for more information. 1632 +.It Cm EscapeChar 1633 +Sets the escape character (default: 1634 +.Ql ~ ) . 1635 +The escape character can also 1636 +be set on the command line. 1637 +The argument should be a single character, 1638 +.Ql ^ 1639 +followed by a letter, or 1640 +.Dq none 1641 +to disable the escape 1642 +character entirely (making the connection transparent for binary 1643 +data). 1644 +.It Cm ExitOnForwardFailure 1645 +Specifies whether 1646 +.Xr ssh 1 1647 +should terminate the connection if it cannot set up all requested 1648 +dynamic, tunnel, local, and remote port forwardings. 1649 +The argument must be 1650 +.Dq yes 1651 +or 1652 +.Dq no . 1653 +The default is 1654 +.Dq no . 1655 +.It Cm FingerprintHash 1656 +Specifies the hash algorithm used when displaying key fingerprints. 1657 +Valid options are: 1658 +.Dq md5 1659 +and 1660 +.Dq sha256 . 1661 +The default is 1662 +.Dq sha256 . 1663 +.It Cm ForwardAgent 1664 +Specifies whether the connection to the authentication agent (if any) 1665 +will be forwarded to the remote machine. 1666 +The argument must be 1667 +.Dq yes 1668 +or 1669 +.Dq no . 1670 +The default is 1671 +.Dq no . 1672 +.Pp 1673 +Agent forwarding should be enabled with caution. 1674 +Users with the ability to bypass file permissions on the remote host 1675 +(for the agent's Unix-domain socket) 1676 +can access the local agent through the forwarded connection. 1677 +An attacker cannot obtain key material from the agent, 1678 +however they can perform operations on the keys that enable them to 1679 +authenticate using the identities loaded into the agent. 1680 +.It Cm ForwardX11 1681 +Specifies whether X11 connections will be automatically redirected 1682 +over the secure channel and 1683 +.Ev DISPLAY 1684 +set. 1685 +The argument must be 1686 +.Dq yes 1687 +or 1688 +.Dq no . 1689 +The default is 1690 +.Dq no . 1691 +.Pp 1692 +X11 forwarding should be enabled with caution. 1693 +Users with the ability to bypass file permissions on the remote host 1694 +(for the user's X11 authorization database) 1695 +can access the local X11 display through the forwarded connection. 1696 +An attacker may then be able to perform activities such as keystroke monitoring 1697 +if the 1698 +.Cm ForwardX11Trusted 1699 +option is also enabled. 1700 +.It Cm ForwardX11Timeout 1701 +Specify a timeout for untrusted X11 forwarding 1702 +using the format described in the 1703 +TIME FORMATS section of 1704 +.Xr sshd_config 4 . 1705 +X11 connections received by 1706 +.Xr ssh 1 1707 +after this time will be refused. 1708 +The default is to disable untrusted X11 forwarding after twenty minutes has 1709 +elapsed. 1710 +.It Cm ForwardX11Trusted 1711 +If this option is set to 1712 +.Dq yes , 1713 +remote X11 clients will have full access to the original X11 display. 1714 +.Pp 1715 +If this option is set to 1716 +.Dq no , 1717 +remote X11 clients will be considered untrusted and prevented 1718 +from stealing or tampering with data belonging to trusted X11 1719 +clients. 1720 +Furthermore, the 1721 +.Xr xauth 1 1722 +token used for the session will be set to expire after 20 minutes. 1723 +Remote clients will be refused access after this time. 1724 +.Pp 1725 +The default is 1726 +.Dq no . 1727 +.Pp 1728 +See the X11 SECURITY extension specification for full details on 1729 +the restrictions imposed on untrusted clients. 1730 +.It Cm GatewayPorts 1731 +Specifies whether remote hosts are allowed to connect to local 1732 +forwarded ports. 1733 +By default, 1734 +.Xr ssh 1 1735 +binds local port forwardings to the loopback address. 1736 +This prevents other remote hosts from connecting to forwarded ports. 1737 +.Cm GatewayPorts 1738 +can be used to specify that ssh 1739 +should bind local port forwardings to the wildcard address, 1740 +thus allowing remote hosts to connect to forwarded ports. 1741 +The argument must be 1742 +.Dq yes 1743 +or 1744 +.Dq no . 1745 +The default is 1746 +.Dq no . 1747 +.It Cm GlobalKnownHostsFile 1748 +Specifies one or more files to use for the global 1749 +host key database, separated by whitespace. 1750 +The default is 1751 +.Pa /etc/ssh/ssh_known_hosts , 1752 +.Pa /etc/ssh/ssh_known_hosts2 . 1753 +.It Cm GSSAPIAuthentication 1754 +Specifies whether user authentication based on GSSAPI is allowed. 1755 +The default is 1756 +.Dq no . 1757 +Note that this option applies to protocol version 2 only. 1758 +.It Cm GSSAPIDelegateCredentials 1759 +Forward (delegate) credentials to the server. 1760 +The default is 1761 +.Dq no . 1762 +Note that this option applies to protocol version 2 only. 1763 +.It Cm HashKnownHosts 1764 +Indicates that 1765 +.Xr ssh 1 1766 +should hash host names and addresses when they are added to 1767 +.Pa ~/.ssh/known_hosts . 1768 +These hashed names may be used normally by 1769 +.Xr ssh 1 1770 +and 1771 +.Xr sshd 1M , 1772 +but they do not reveal identifying information should the file's contents 1773 +be disclosed. 1774 +The default is 1775 +.Dq no . 1776 +Note that existing names and addresses in known hosts files 1777 +will not be converted automatically, 1778 +but may be manually hashed using 1779 +.Xr ssh-keygen 1 . 1780 +.It Cm HostbasedAuthentication 1781 +Specifies whether to try rhosts based authentication with public key 1782 +authentication. 1783 +The argument must be 1784 +.Dq yes 1785 +or 1786 +.Dq no . 1787 +The default is 1788 +.Dq no . 1789 +This option applies to protocol version 2 only and 1790 +is similar to 1791 +.Cm RhostsRSAAuthentication . 1792 +.It Cm HostbasedKeyTypes 1793 +Specifies the key types that will be used for hostbased authentication 1794 +as a comma-separated pattern list. 1795 +Alternately if the specified value begins with a 1796 +.Sq + 1797 +character, then the specified key types will be appended to the default set 1798 +instead of replacing them. 1799 +The default for this option is: 1800 +.Bd -literal -offset 3n 1801 +ecdsa-sha2-nistp256-cert-v01@openssh.com, 1802 +ecdsa-sha2-nistp384-cert-v01@openssh.com, 1803 +ecdsa-sha2-nistp521-cert-v01@openssh.com, 1804 +ssh-ed25519-cert-v01@openssh.com, 1805 +ssh-rsa-cert-v01@openssh.com, 1806 +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 1807 +ssh-ed25519,ssh-rsa 1808 +.Ed 1809 +.Pp 1810 +The 1811 +.Fl Q 1812 +option of 1813 +.Xr ssh 1 1814 +may be used to list supported key types. 1815 +.It Cm HostKeyAlgorithms 1816 +Specifies the protocol version 2 host key algorithms 1817 +that the client wants to use in order of preference. 1818 +Alternately if the specified value begins with a 1819 +.Sq + 1820 +character, then the specified key types will be appended to the default set 1821 +instead of replacing them. 1822 +The default for this option is: 1823 +.Bd -literal -offset 3n 1824 +ecdsa-sha2-nistp256-cert-v01@openssh.com, 1825 +ecdsa-sha2-nistp384-cert-v01@openssh.com, 1826 +ecdsa-sha2-nistp521-cert-v01@openssh.com, 1827 +ssh-ed25519-cert-v01@openssh.com, 1828 +ssh-rsa-cert-v01@openssh.com, 1829 +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 1830 +ssh-ed25519,ssh-rsa 1831 +.Ed 1832 +.Pp 1833 +If hostkeys are known for the destination host then this default is modified 1834 +to prefer their algorithms. 1835 +.Pp 1836 +The list of available key types may also be obtained using the 1837 +.Fl Q 1838 +option of 1839 +.Xr ssh 1 1840 +with an argument of 1841 +.Dq key . 1842 +.It Cm HostKeyAlias 1843 +Specifies an alias that should be used instead of the 1844 +real host name when looking up or saving the host key 1845 +in the host key database files. 1846 +This option is useful for tunneling SSH connections 1847 +or for multiple servers running on a single host. 1848 +.It Cm HostName 1849 +Specifies the real host name to log into. 1850 +This can be used to specify nicknames or abbreviations for hosts. 1851 +If the hostname contains the character sequence 1852 +.Ql %h , 1853 +then this will be replaced with the host name specified on the command line 1854 +(this is useful for manipulating unqualified names). 1855 +The character sequence 1856 +.Ql %% 1857 +will be replaced by a single 1858 +.Ql % 1859 +character, which may be used when specifying IPv6 link-local addresses. 1860 +.Pp 1861 +The default is the name given on the command line. 1862 +Numeric IP addresses are also permitted (both on the command line and in 1863 +.Cm HostName 1864 +specifications). 1865 +.It Cm IdentitiesOnly 1866 +Specifies that 1867 +.Xr ssh 1 1868 +should only use the authentication identity files configured in the 1869 +.Nm 1870 +files, 1871 +even if 1872 +.Xr ssh-agent 1 1873 +or a 1874 +.Cm PKCS11Provider 1875 +offers more identities. 1876 +The argument to this keyword must be 1877 +.Dq yes 1878 +or 1879 +.Dq no . 1880 +This option is intended for situations where ssh-agent 1881 +offers many different identities. 1882 +The default is 1883 +.Dq no . 1884 +.It Cm IdentityFile 1885 +Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication 1886 +identity is read. 1887 +The default is 1888 +.Pa ~/.ssh/identity 1889 +for protocol version 1, and 1890 +.Pa ~/.ssh/id_dsa , 1891 +.Pa ~/.ssh/id_ecdsa , 1892 +.Pa ~/.ssh/id_ed25519 1893 +and 1894 +.Pa ~/.ssh/id_rsa 1895 +for protocol version 2. 1896 +Additionally, any identities represented by the authentication agent 1897 +will be used for authentication unless 1898 +.Cm IdentitiesOnly 1899 +is set. 1900 +.Xr ssh 1 1901 +will try to load certificate information from the filename obtained by 1902 +appending 1903 +.Pa -cert.pub 1904 +to the path of a specified 1905 +.Cm IdentityFile . 1906 +.Pp 1907 +The file name may use the tilde 1908 +syntax to refer to a user's home directory or one of the following 1909 +escape characters: 1910 +.Ql %d 1911 +(local user's home directory), 1912 +.Ql %u 1913 +(local user name), 1914 +.Ql %l 1915 +(local host name), 1916 +.Ql %h 1917 +(remote host name) or 1918 +.Ql %r 1919 +(remote user name). 1920 +.Pp 1921 +It is possible to have 1922 +multiple identity files specified in configuration files; all these 1923 +identities will be tried in sequence. 1924 +Multiple 1925 +.Cm IdentityFile 1926 +directives will add to the list of identities tried (this behaviour 1927 +differs from that of other configuration directives). 1928 +.Pp 1929 +.Cm IdentityFile 1930 +may be used in conjunction with 1931 +.Cm IdentitiesOnly 1932 +to select which identities in an agent are offered during authentication. 1933 +.It Cm IgnoreUnknown 1934 +Specifies a pattern-list of unknown options to be ignored if they are 1935 +encountered in configuration parsing. 1936 +This may be used to suppress errors if 1937 +.Nm 1938 +contains options that are unrecognised by 1939 +.Xr ssh 1 . 1940 +It is recommended that 1941 +.Cm IgnoreUnknown 1942 +be listed early in the configuration file as it will not be applied 1943 +to unknown options that appear before it. 1944 +.It Cm IPQoS 1945 +Specifies the IPv4 type-of-service or DSCP class for connections. 1946 +Accepted values are 1947 +.Dq af11 , 1948 +.Dq af12 , 1949 +.Dq af13 , 1950 +.Dq af21 , 1951 +.Dq af22 , 1952 +.Dq af23 , 1953 +.Dq af31 , 1954 +.Dq af32 , 1955 +.Dq af33 , 1956 +.Dq af41 , 1957 +.Dq af42 , 1958 +.Dq af43 , 1959 +.Dq cs0 , 1960 +.Dq cs1 , 1961 +.Dq cs2 , 1962 +.Dq cs3 , 1963 +.Dq cs4 , 1964 +.Dq cs5 , 1965 +.Dq cs6 , 1966 +.Dq cs7 , 1967 +.Dq ef , 1968 +.Dq lowdelay , 1969 +.Dq throughput , 1970 +.Dq reliability , 1971 +or a numeric value. 1972 +This option may take one or two arguments, separated by whitespace. 1973 +If one argument is specified, it is used as the packet class unconditionally. 1974 +If two values are specified, the first is automatically selected for 1975 +interactive sessions and the second for non-interactive sessions. 1976 +The default is 1977 +.Dq lowdelay 1978 +for interactive sessions and 1979 +.Dq throughput 1980 +for non-interactive sessions. 1981 +.It Cm KbdInteractiveAuthentication 1982 +Specifies whether to use keyboard-interactive authentication. 1983 +The argument to this keyword must be 1984 +.Dq yes 1985 +or 1986 +.Dq no . 1987 +The default is 1988 +.Dq yes . 1989 +.It Cm KbdInteractiveDevices 1990 +Specifies the list of methods to use in keyboard-interactive authentication. 1991 +Multiple method names must be comma-separated. 1992 +The default is to use the server specified list. 1993 +The methods available vary depending on what the server supports. 1994 +For an OpenSSH server, 1995 +it may be zero or more of: 1996 +.Dq bsdauth , 1997 +.Dq pam , 1998 +and 1999 +.Dq skey . 2000 +.It Cm KexAlgorithms 2001 +Specifies the available KEX (Key Exchange) algorithms. 2002 +Multiple algorithms must be comma-separated. 2003 +Alternately if the specified value begins with a 2004 +.Sq + 2005 +character, then the specified methods will be appended to the default set 2006 +instead of replacing them. 2007 +The default is: 2008 +.Bd -literal -offset indent 2009 +curve25519-sha256@libssh.org, 2010 +ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 2011 +diffie-hellman-group-exchange-sha256, 2012 +diffie-hellman-group-exchange-sha1, 2013 +diffie-hellman-group14-sha1 2014 +.Ed 2015 +.Pp 2016 +The list of available key exchange algorithms may also be obtained using the 2017 +.Fl Q 2018 +option of 2019 +.Xr ssh 1 2020 +with an argument of 2021 +.Dq kex . 2022 +.It Cm LocalCommand 2023 +Specifies a command to execute on the local machine after successfully 2024 +connecting to the server. 2025 +The command string extends to the end of the line, and is executed with 2026 +the user's shell. 2027 +The following escape character substitutions will be performed: 2028 +.Ql %d 2029 +(local user's home directory), 2030 +.Ql %h 2031 +(remote host name), 2032 +.Ql %l 2033 +(local host name), 2034 +.Ql %n 2035 +(host name as provided on the command line), 2036 +.Ql %p 2037 +(remote port), 2038 +.Ql %r 2039 +(remote user name) or 2040 +.Ql %u 2041 +(local user name) or 2042 +.Ql \&%C 2043 +by a hash of the concatenation: %l%h%p%r. 2044 +.Pp 2045 +The command is run synchronously and does not have access to the 2046 +session of the 2047 +.Xr ssh 1 2048 +that spawned it. 2049 +It should not be used for interactive commands. 2050 +.Pp 2051 +This directive is ignored unless 2052 +.Cm PermitLocalCommand 2053 +has been enabled. 2054 +.It Cm LocalForward 2055 +Specifies that a TCP port on the local machine be forwarded over 2056 +the secure channel to the specified host and port from the remote machine. 2057 +The first argument must be 2058 +.Sm off 2059 +.Oo Ar bind_address : Oc Ar port 2060 +.Sm on 2061 +and the second argument must be 2062 +.Ar host : Ns Ar hostport . 2063 +IPv6 addresses can be specified by enclosing addresses in square brackets. 2064 +Multiple forwardings may be specified, and additional forwardings can be 2065 +given on the command line. 2066 +Only the superuser can forward privileged ports. 2067 +By default, the local port is bound in accordance with the 2068 +.Cm GatewayPorts 2069 +setting. 2070 +However, an explicit 2071 +.Ar bind_address 2072 +may be used to bind the connection to a specific address. 2073 +The 2074 +.Ar bind_address 2075 +of 2076 +.Dq localhost 2077 +indicates that the listening port be bound for local use only, while an 2078 +empty address or 2079 +.Sq * 2080 +indicates that the port should be available from all interfaces. 2081 +.It Cm LogLevel 2082 +Gives the verbosity level that is used when logging messages from 2083 +.Xr ssh 1 . 2084 +The possible values are: 2085 +QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 2086 +The default is INFO. 2087 +DEBUG and DEBUG1 are equivalent. 2088 +DEBUG2 and DEBUG3 each specify higher levels of verbose output. 2089 +.It Cm MACs 2090 +Specifies the MAC (message authentication code) algorithms 2091 +in order of preference. 2092 +The MAC algorithm is used in protocol version 2 2093 +for data integrity protection. 2094 +Multiple algorithms must be comma-separated. 2095 +If the specified value begins with a 2096 +.Sq + 2097 +character, then the specified algorithms will be appended to the default set 2098 +instead of replacing them. 2099 +.Pp 2100 +The algorithms that contain 2101 +.Dq -etm 2102 +calculate the MAC after encryption (encrypt-then-mac). 2103 +These are considered safer and their use recommended. 2104 +.Pp 2105 +The default is: 2106 +.Bd -literal -offset indent 2107 +umac-64-etm@openssh.com,umac-128-etm@openssh.com, 2108 +hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 2109 +umac-64@openssh.com,umac-128@openssh.com, 2110 +hmac-sha2-256,hmac-sha2-512, 2111 +hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com, 2112 +hmac-ripemd160-etm@openssh.com, 2113 +hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com, 2114 +hmac-md5,hmac-sha1,hmac-ripemd160, 2115 +hmac-sha1-96,hmac-md5-96 2116 +.Ed 2117 +.Pp 2118 +The list of available MAC algorithms may also be obtained using the 2119 +.Fl Q 2120 +option of 2121 +.Xr ssh 1 2122 +with an argument of 2123 +.Dq mac . 2124 +.It Cm NoHostAuthenticationForLocalhost 2125 +This option can be used if the home directory is shared across machines. 2126 +In this case localhost will refer to a different machine on each of 2127 +the machines and the user will get many warnings about changed host keys. 2128 +However, this option disables host authentication for localhost. 2129 +The argument to this keyword must be 2130 +.Dq yes 2131 +or 2132 +.Dq no . 2133 +The default is to check the host key for localhost. 2134 +.It Cm NumberOfPasswordPrompts 2135 +Specifies the number of password prompts before giving up. 2136 +The argument to this keyword must be an integer. 2137 +The default is 3. 2138 +.It Cm PasswordAuthentication 2139 +Specifies whether to use password authentication. 2140 +The argument to this keyword must be 2141 +.Dq yes 2142 +or 2143 +.Dq no . 2144 +The default is 2145 +.Dq yes . 2146 +.It Cm PermitLocalCommand 2147 +Allow local command execution via the 2148 +.Ic LocalCommand 2149 +option or using the 2150 +.Ic !\& Ns Ar command 2151 +escape sequence in 2152 +.Xr ssh 1 . 2153 +The argument must be 2154 +.Dq yes 2155 +or 2156 +.Dq no . 2157 +The default is 2158 +.Dq no . 2159 +.It Cm PKCS11Provider 2160 +Specifies which PKCS#11 provider to use. 2161 +The argument to this keyword is the PKCS#11 shared library 2162 +.Xr ssh 1 2163 +should use to communicate with a PKCS#11 token providing the user's 2164 +private RSA key. 2165 +.It Cm Port 2166 +Specifies the port number to connect on the remote host. 2167 +The default is 22. 2168 +.It Cm PreferredAuthentications 2169 +Specifies the order in which the client should try protocol 2 2170 +authentication methods. 2171 +This allows a client to prefer one method (e.g.\& 2172 +.Cm keyboard-interactive ) 2173 +over another method (e.g.\& 2174 +.Cm password ) . 2175 +The default is: 2176 +.Bd -literal -offset indent 2177 +gssapi-with-mic,hostbased,publickey, 2178 +keyboard-interactive,password 2179 +.Ed 2180 +.It Cm Protocol 2181 +Specifies the protocol versions 2182 +.Xr ssh 1 2183 +should support in order of preference. 2184 +The possible values are 2185 +.Sq 1 2186 +and 2187 +.Sq 2 . 2188 +Multiple versions must be comma-separated. 2189 +When this option is set to 2190 +.Dq 2,1 2191 +.Nm ssh 2192 +will try version 2 and fall back to version 1 2193 +if version 2 is not available. 2194 +The default is 2195 +.Sq 2 . 2196 +.It Cm ProxyCommand 2197 +Specifies the command to use to connect to the server. 2198 +The command 2199 +string extends to the end of the line, and is executed 2200 +using the user's shell 2201 +.Ql exec 2202 +directive to avoid a lingering shell process. 2203 +.Pp 2204 +In the command string, any occurrence of 2205 +.Ql %h 2206 +will be substituted by the host name to 2207 +connect, 2208 +.Ql %p 2209 +by the port, and 2210 +.Ql %r 2211 +by the remote user name. 2212 +The command can be basically anything, 2213 +and should read from its standard input and write to its standard output. 2214 +It should eventually connect an 2215 +.Xr sshd 8 2216 +server running on some machine, or execute 2217 +.Ic sshd -i 2218 +somewhere. 2219 +Host key management will be done using the 2220 +HostName of the host being connected (defaulting to the name typed by 2221 +the user). 2222 +Setting the command to 2223 +.Dq none 2224 +disables this option entirely. 2225 +Note that 2226 +.Cm CheckHostIP 2227 +is not available for connects with a proxy command. 2228 +.Pp 2229 +This directive is useful in conjunction with 2230 +.Xr nc 1 2231 +and its proxy support. 2232 +For example, the following directive would connect via an HTTP proxy at 2233 +192.0.2.0: 2234 +.Bd -literal -offset 3n 2235 +ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p 2236 +.Ed 2237 +.It Cm ProxyUseFdpass 2238 +Specifies that 2239 +.Cm ProxyCommand 2240 +will pass a connected file descriptor back to 2241 +.Xr ssh 1 2242 +instead of continuing to execute and pass data. 2243 +The default is 2244 +.Dq no . 2245 +.It Cm PubkeyAcceptedKeyTypes 2246 +Specifies the key types that will be used for public key authentication 2247 +as a comma-separated pattern list. 2248 +Alternately if the specified value begins with a 2249 +.Sq + 2250 +character, then the key types after it will be appended to the default 2251 +instead of replacing it. 2252 +The default for this option is: 2253 +.Bd -literal -offset 3n 2254 +ecdsa-sha2-nistp256-cert-v01@openssh.com, 2255 +ecdsa-sha2-nistp384-cert-v01@openssh.com, 2256 +ecdsa-sha2-nistp521-cert-v01@openssh.com, 2257 +ssh-ed25519-cert-v01@openssh.com, 2258 +ssh-rsa-cert-v01@openssh.com, 2259 +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 2260 +ssh-ed25519,ssh-rsa 2261 +.Ed 2262 +.Pp 2263 +The 2264 +.Fl Q 2265 +option of 2266 +.Xr ssh 1 2267 +may be used to list supported key types. 2268 +.It Cm PubkeyAuthentication 2269 +Specifies whether to try public key authentication. 2270 +The argument to this keyword must be 2271 +.Dq yes 2272 +or 2273 +.Dq no . 2274 +The default is 2275 +.Dq yes . 2276 +This option applies to protocol version 2 only. 2277 +.It Cm RekeyLimit 2278 +Specifies the maximum amount of data that may be transmitted before the 2279 +session key is renegotiated, optionally followed a maximum amount of 2280 +time that may pass before the session key is renegotiated. 2281 +The first argument is specified in bytes and may have a suffix of 2282 +.Sq K , 2283 +.Sq M , 2284 +or 2285 +.Sq G 2286 +to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 2287 +The default is between 2288 +.Sq 1G 2289 +and 2290 +.Sq 4G , 2291 +depending on the cipher. 2292 +The optional second value is specified in seconds and may use any of the 2293 +units documented in the 2294 +TIME FORMATS section of 2295 +.Xr sshd_config 4 . 2296 +The default value for 2297 +.Cm RekeyLimit 2298 +is 2299 +.Dq default none , 2300 +which means that rekeying is performed after the cipher's default amount 2301 +of data has been sent or received and no time based rekeying is done. 2302 +This option applies to protocol version 2 only. 2303 +.It Cm RemoteForward 2304 +Specifies that a TCP port on the remote machine be forwarded over 2305 +the secure channel to the specified host and port from the local machine. 2306 +The first argument must be 2307 +.Sm off 2308 +.Oo Ar bind_address : Oc Ar port 2309 +.Sm on 2310 +and the second argument must be 2311 +.Ar host : Ns Ar hostport . 2312 +IPv6 addresses can be specified by enclosing addresses in square brackets. 2313 +Multiple forwardings may be specified, and additional 2314 +forwardings can be given on the command line. 2315 +Privileged ports can be forwarded only when 2316 +logging in as root on the remote machine. 2317 +.Pp 2318 +If the 2319 +.Ar port 2320 +argument is 2321 +.Ql 0 , 2322 +the listen port will be dynamically allocated on the server and reported 2323 +to the client at run time. 2324 +.Pp 2325 +If the 2326 +.Ar bind_address 2327 +is not specified, the default is to only bind to loopback addresses. 2328 +If the 2329 +.Ar bind_address 2330 +is 2331 +.Ql * 2332 +or an empty string, then the forwarding is requested to listen on all 2333 +interfaces. 2334 +Specifying a remote 2335 +.Ar bind_address 2336 +will only succeed if the server's 2337 +.Cm GatewayPorts 2338 +option is enabled (see 2339 +.Xr sshd_config 4 ) . 2340 +.It Cm RequestTTY 2341 +Specifies whether to request a pseudo-tty for the session. 2342 +The argument may be one of: 2343 +.Dq no 2344 +(never request a TTY), 2345 +.Dq yes 2346 +(always request a TTY when standard input is a TTY), 2347 +.Dq force 2348 +(always request a TTY) or 2349 +.Dq auto 2350 +(request a TTY when opening a login session). 2351 +This option mirrors the 2352 +.Fl t 2353 +and 2354 +.Fl T 2355 +flags for 2356 +.Xr ssh 1 . 2357 +.It Cm RevokedHostKeys 2358 +Specifies revoked host public keys. 2359 +Keys listed in this file will be refused for host authentication. 2360 +Note that if this file does not exist or is not readable, 2361 +then host authentication will be refused for all hosts. 2362 +Keys may be specified as a text file, listing one public key per line, or as 2363 +an OpenSSH Key Revocation List (KRL) as generated by 2364 +.Xr ssh-keygen 1 . 2365 +For more information on KRLs, see the KEY REVOCATION LISTS section in 2366 +.Xr ssh-keygen 1 . 2367 +.It Cm RhostsRSAAuthentication 2368 +Specifies whether to try rhosts based authentication with RSA host 2369 +authentication. 2370 +The argument must be 2371 +.Dq yes 2372 +or 2373 +.Dq no . 2374 +The default is 2375 +.Dq no . 2376 +This option applies to protocol version 1 only and requires 2377 +.Xr ssh 1 2378 +to be setuid root. 2379 +.It Cm RSAAuthentication 2380 +Specifies whether to try RSA authentication. 2381 +The argument to this keyword must be 2382 +.Dq yes 2383 +or 2384 +.Dq no . 2385 +RSA authentication will only be 2386 +attempted if the identity file exists, or an authentication agent is 2387 +running. 2388 +The default is 2389 +.Dq yes . 2390 +Note that this option applies to protocol version 1 only. 2391 +.It Cm SendEnv 2392 +Specifies what variables from the local 2393 +.Xr environ 7 2394 +should be sent to the server. 2395 +Note that environment passing is only supported for protocol 2. 2396 +The server must also support it, and the server must be configured to 2397 +accept these environment variables. 2398 +Note that the 2399 +.Ev TERM 2400 +environment variable is always sent whenever a 2401 +pseudo-terminal is requested as it is required by the protocol. 2402 +Refer to 2403 +.Cm AcceptEnv 2404 +in 2405 +.Xr sshd_config 4 2406 +for how to configure the server. 2407 +Variables are specified by name, which may contain wildcard characters. 2408 +Multiple environment variables may be separated by whitespace or spread 2409 +across multiple 2410 +.Cm SendEnv 2411 +directives. 2412 +The default is not to send any environment variables. 2413 +.Pp 2414 +See 2415 +.Sx PATTERNS 2416 +for more information on patterns. 2417 +.It Cm ServerAliveCountMax 2418 +Sets the number of server alive messages (see below) which may be 2419 +sent without 2420 +.Xr ssh 1 2421 +receiving any messages back from the server. 2422 +If this threshold is reached while server alive messages are being sent, 2423 +ssh will disconnect from the server, terminating the session. 2424 +It is important to note that the use of server alive messages is very 2425 +different from 2426 +.Cm TCPKeepAlive 2427 +(below). 2428 +The server alive messages are sent through the encrypted channel 2429 +and therefore will not be spoofable. 2430 +The TCP keepalive option enabled by 2431 +.Cm TCPKeepAlive 2432 +is spoofable. 2433 +The server alive mechanism is valuable when the client or 2434 +server depend on knowing when a connection has become inactive. 2435 +.Pp 2436 +The default value is 3. 2437 +If, for example, 2438 +.Cm ServerAliveInterval 2439 +(see below) is set to 15 and 2440 +.Cm ServerAliveCountMax 2441 +is left at the default, if the server becomes unresponsive, 2442 +ssh will disconnect after approximately 45 seconds. 2443 +This option applies to protocol version 2 only. 2444 +.It Cm ServerAliveInterval 2445 +Sets a timeout interval in seconds after which if no data has been received 2446 +from the server, 2447 +.Xr ssh 1 2448 +will send a message through the encrypted 2449 +channel to request a response from the server. 2450 +The default 2451 +is 0, indicating that these messages will not be sent to the server. 2452 +This option applies to protocol version 2 only. 2453 +.It Cm StreamLocalBindMask 2454 +Sets the octal file creation mode mask 2455 +.Pq umask 2456 +used when creating a Unix-domain socket file for local or remote 2457 +port forwarding. 2458 +This option is only used for port forwarding to a Unix-domain socket file. 2459 +.Pp 2460 +The default value is 0177, which creates a Unix-domain socket file that is 2461 +readable and writable only by the owner. 2462 +Note that not all operating systems honor the file mode on Unix-domain 2463 +socket files. 2464 +.It Cm StreamLocalBindUnlink 2465 +Specifies whether to remove an existing Unix-domain socket file for local 2466 +or remote port forwarding before creating a new one. 2467 +If the socket file already exists and 2468 +.Cm StreamLocalBindUnlink 2469 +is not enabled, 2470 +.Nm ssh 2471 +will be unable to forward the port to the Unix-domain socket file. 2472 +This option is only used for port forwarding to a Unix-domain socket file. 2473 +.Pp 2474 +The argument must be 2475 +.Dq yes 2476 +or 2477 +.Dq no . 2478 +The default is 2479 +.Dq no . 2480 +.It Cm StrictHostKeyChecking 2481 +If this flag is set to 2482 +.Dq yes , 2483 +.Xr ssh 1 2484 +will never automatically add host keys to the 2485 +.Pa ~/.ssh/known_hosts 2486 +file, and refuses to connect to hosts whose host key has changed. 2487 +This provides maximum protection against trojan horse attacks, 2488 +though it can be annoying when the 2489 +.Pa /etc/ssh/ssh_known_hosts 2490 +file is poorly maintained or when connections to new hosts are 2491 +frequently made. 2492 +This option forces the user to manually 2493 +add all new hosts. 2494 +If this flag is set to 2495 +.Dq no , 2496 +ssh will automatically add new host keys to the 2497 +user known hosts files. 2498 +If this flag is set to 2499 +.Dq ask , 2500 +new host keys 2501 +will be added to the user known host files only after the user 2502 +has confirmed that is what they really want to do, and 2503 +ssh will refuse to connect to hosts whose host key has changed. 2504 +The host keys of 2505 +known hosts will be verified automatically in all cases. 2506 +The argument must be 2507 +.Dq yes , 2508 +.Dq no , 2509 +or 2510 +.Dq ask . 2511 +The default is 2512 +.Dq ask . 2513 +.It Cm TCPKeepAlive 2514 +Specifies whether the system should send TCP keepalive messages to the 2515 +other side. 2516 +If they are sent, death of the connection or crash of one 2517 +of the machines will be properly noticed. 2518 +However, this means that 2519 +connections will die if the route is down temporarily, and some people 2520 +find it annoying. 2521 +.Pp 2522 +The default is 2523 +.Dq yes 2524 +(to send TCP keepalive messages), and the client will notice 2525 +if the network goes down or the remote host dies. 2526 +This is important in scripts, and many users want it too. 2527 +.Pp 2528 +To disable TCP keepalive messages, the value should be set to 2529 +.Dq no . 2530 +.It Cm Tunnel 2531 +Request 2532 +.Xr tun 4 2533 +device forwarding between the client and the server. 2534 +The argument must be 2535 +.Dq yes , 2536 +.Dq point-to-point 2537 +(layer 3), 2538 +.Dq ethernet 2539 +(layer 2), 2540 +or 2541 +.Dq no . 2542 +Specifying 2543 +.Dq yes 2544 +requests the default tunnel mode, which is 2545 +.Dq point-to-point . 2546 +The default is 2547 +.Dq no . 2548 +.It Cm TunnelDevice 2549 +Specifies the 2550 +.Xr tun 4 2551 +devices to open on the client 2552 +.Pq Ar local_tun 2553 +and the server 2554 +.Pq Ar remote_tun . 2555 +.Pp 2556 +The argument must be 2557 +.Sm off 2558 +.Ar local_tun Op : Ar remote_tun . 2559 +.Sm on 2560 +The devices may be specified by numerical ID or the keyword 2561 +.Dq any , 2562 +which uses the next available tunnel device. 2563 +If 2564 +.Ar remote_tun 2565 +is not specified, it defaults to 2566 +.Dq any . 2567 +The default is 2568 +.Dq any:any . 2569 +.It Cm UpdateHostKeys 2570 +Specifies whether 2571 +.Xr ssh 1 2572 +should accept notifications of additional hostkeys from the server sent 2573 +after authentication has completed and add them to 2574 +.Cm UserKnownHostsFile . 2575 +The argument must be 2576 +.Dq yes , 2577 +.Dq no 2578 +(the default) or 2579 +.Dq ask . 2580 +Enabling this option allows learning alternate hostkeys for a server 2581 +and supports graceful key rotation by allowing a server to send replacement 2582 +public keys before old ones are removed. 2583 +Additional hostkeys are only accepted if the key used to authenticate the 2584 +host was already trusted or explicity accepted by the user. 2585 +If 2586 +.Cm UpdateHostKeys 2587 +is set to 2588 +.Dq ask , 2589 +then the user is asked to confirm the modifications to the known_hosts file. 2590 +Confirmation is currently incompatible with 2591 +.Cm ControlPersist , 2592 +and will be disabled if it is enabled. 2593 +.Pp 2594 +Presently, only 2595 +.Xr sshd 8 2596 +from OpenSSH 6.8 and greater support the 2597 +.Dq hostkeys@openssh.com 2598 +protocol extension used to inform the client of all the server's hostkeys. 2599 +.It Cm UsePrivilegedPort 2600 +Specifies whether to use a privileged port for outgoing connections. 2601 +The argument must be 2602 +.Dq yes 2603 +or 2604 +.Dq no . 2605 +The default is 2606 +.Dq no . 2607 +If set to 2608 +.Dq yes , 2609 +.Xr ssh 1 2610 +must be setuid root. 2611 +Note that this option must be set to 2612 +.Dq yes 2613 +for 2614 +.Cm RhostsRSAAuthentication 2615 +with older servers. 2616 +.It Cm User 2617 +Specifies the user to log in as. 2618 +This can be useful when a different user name is used on different machines. 2619 +This saves the trouble of 2620 +having to remember to give the user name on the command line. 2621 +.It Cm UserKnownHostsFile 2622 +Specifies one or more files to use for the user 2623 +host key database, separated by whitespace. 2624 +The default is 2625 +.Pa ~/.ssh/known_hosts , 2626 +.Pa ~/.ssh/known_hosts2 . 2627 +.It Cm VerifyHostKeyDNS 2628 +Specifies whether to verify the remote key using DNS and SSHFP resource 2629 +records. 2630 +If this option is set to 2631 +.Dq yes , 2632 +the client will implicitly trust keys that match a secure fingerprint 2633 +from DNS. 2634 +Insecure fingerprints will be handled as if this option was set to 2635 +.Dq ask . 2636 +If this option is set to 2637 +.Dq ask , 2638 +information on fingerprint match will be displayed, but the user will still 2639 +need to confirm new host keys according to the 2640 +.Cm StrictHostKeyChecking 2641 +option. 2642 +The argument must be 2643 +.Dq yes , 2644 +.Dq no , 2645 +or 2646 +.Dq ask . 2647 +The default is 2648 +.Dq no . 2649 +Note that this option applies to protocol version 2 only. 2650 +.Pp 2651 +See also VERIFYING HOST KEYS in 2652 +.Xr ssh 1 . 2653 +.It Cm VisualHostKey 2654 +If this flag is set to 2655 +.Dq yes , 2656 +an ASCII art representation of the remote host key fingerprint is 2657 +printed in addition to the fingerprint string at login and 2658 +for unknown host keys. 2659 +If this flag is set to 2660 +.Dq no , 2661 +no fingerprint strings are printed at login and 2662 +only the fingerprint string will be printed for unknown host keys. 2663 +The default is 2664 +.Dq no . 2665 +.It Cm XAuthLocation 2666 +Specifies the full pathname of the 2667 +.Xr xauth 1 2668 +program. 2669 +The default is 2670 +.Pa /usr/X11R6/bin/xauth . 2671 +.El 2672 +.Sh PATTERNS 2673 +A 2674 +.Em pattern 2675 +consists of zero or more non-whitespace characters, 2676 +.Sq * 2677 +(a wildcard that matches zero or more characters), 2678 +or 2679 +.Sq ?\& 2680 +(a wildcard that matches exactly one character). 2681 +For example, to specify a set of declarations for any host in the 2682 +.Dq .co.uk 2683 +set of domains, 2684 +the following pattern could be used: 2685 +.Pp 2686 +.Dl Host *.co.uk 2687 +.Pp 2688 +The following pattern 2689 +would match any host in the 192.168.0.[0-9] network range: 2690 +.Pp 2691 +.Dl Host 192.168.0.? 2692 +.Pp 2693 +A 2694 +.Em pattern-list 2695 +is a comma-separated list of patterns. 2696 +Patterns within pattern-lists may be negated 2697 +by preceding them with an exclamation mark 2698 +.Pq Sq !\& . 2699 +For example, 2700 +to allow a key to be used from anywhere within an organization 2701 +except from the 2702 +.Dq dialup 2703 +pool, 2704 +the following entry (in authorized_keys) could be used: 2705 +.Pp 2706 +.Dl from=\&"!*.dialup.example.com,*.example.com\&" 2707 +.Sh FILES 2708 +.Bl -tag -width Ds 2709 +.It Pa ~/.ssh/config 2710 +This is the per-user configuration file. 2711 +The format of this file is described above. 2712 +This file is used by the SSH client. 2713 +Because of the potential for abuse, this file must have strict permissions: 2714 +read/write for the user, and not accessible by others. 2715 +.It Pa /etc/ssh/ssh_config 2716 +Systemwide configuration file. 2717 +This file provides defaults for those 2718 +values that are not specified in the user's configuration file, and 2719 +for those users who do not have a configuration file. 2720 +This file must be world-readable. 2721 +.El 2722 +.Sh SEE ALSO 2723 +.Xr ssh 1 2724 +.Sh AUTHORS 2725 +OpenSSH is a derivative of the original and free 2726 +ssh 1.2.12 release by Tatu Ylonen. 2727 +Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 2728 +Theo de Raadt and Dug Song 2729 +removed many bugs, re-added newer features and 2730 +created OpenSSH. 2731 +Markus Friedl contributed the support for SSH 2732 +protocol versions 1.5 and 2.0. 2733 diff --git a/ssh_config.5 b/ssh_config.5 2734 deleted file mode 100644 2735 index a47f3ca..0000000 2736 --- a/ssh_config.5 2737 +++ /dev/null 2738 @@ -1,1726 +0,0 @@ 2739 -.\" 2740 -.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 2741 -.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 2742 -.\" All rights reserved 2743 -.\" 2744 -.\" As far as I am concerned, the code I have written for this software 2745 -.\" can be used freely for any purpose. Any derived versions of this 2746 -.\" software must be clearly marked as such, and if the derived work is 2747 -.\" incompatible with the protocol description in the RFC file, it must be 2748 -.\" called by a name other than "ssh" or "Secure Shell". 2749 -.\" 2750 -.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 2751 -.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 2752 -.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 2753 -.\" 2754 -.\" Redistribution and use in source and binary forms, with or without 2755 -.\" modification, are permitted provided that the following conditions 2756 -.\" are met: 2757 -.\" 1. Redistributions of source code must retain the above copyright 2758 -.\" notice, this list of conditions and the following disclaimer. 2759 -.\" 2. Redistributions in binary form must reproduce the above copyright 2760 -.\" notice, this list of conditions and the following disclaimer in the 2761 -.\" documentation and/or other materials provided with the distribution. 2762 -.\" 2763 -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 2764 -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 2765 -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 2766 -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 2767 -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 2768 -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 2769 -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2770 -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2771 -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2772 -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2773 -.\" 2774 -.\" $OpenBSD: ssh_config.5,v 1.215 2015/08/14 15:32:41 jmc Exp $ 2775 -.Dd $Mdocdate: August 14 2015 $ 2776 -.Dt SSH_CONFIG 5 2777 -.Os 2778 -.Sh NAME 2779 -.Nm ssh_config 2780 -.Nd OpenSSH SSH client configuration files 2781 -.Sh SYNOPSIS 2782 -.Nm ~/.ssh/config 2783 -.Nm /etc/ssh/ssh_config 2784 -.Sh DESCRIPTION 2785 -.Xr ssh 1 2786 -obtains configuration data from the following sources in 2787 -the following order: 2788 -.Pp 2789 -.Bl -enum -offset indent -compact 2790 -.It 2791 -command-line options 2792 -.It 2793 -user's configuration file 2794 -.Pq Pa ~/.ssh/config 2795 -.It 2796 -system-wide configuration file 2797 -.Pq Pa /etc/ssh/ssh_config 2798 -.El 2799 -.Pp 2800 -For each parameter, the first obtained value 2801 -will be used. 2802 -The configuration files contain sections separated by 2803 -.Dq Host 2804 -specifications, and that section is only applied for hosts that 2805 -match one of the patterns given in the specification. 2806 -The matched host name is usually the one given on the command line 2807 -(see the 2808 -.Cm CanonicalizeHostname 2809 -option for exceptions.) 2810 -.Pp 2811 -Since the first obtained value for each parameter is used, more 2812 -host-specific declarations should be given near the beginning of the 2813 -file, and general defaults at the end. 2814 -.Pp 2815 -The configuration file has the following format: 2816 -.Pp 2817 -Empty lines and lines starting with 2818 -.Ql # 2819 -are comments. 2820 -Otherwise a line is of the format 2821 -.Dq keyword arguments . 2822 -Configuration options may be separated by whitespace or 2823 -optional whitespace and exactly one 2824 -.Ql = ; 2825 -the latter format is useful to avoid the need to quote whitespace 2826 -when specifying configuration options using the 2827 -.Nm ssh , 2828 -.Nm scp , 2829 -and 2830 -.Nm sftp 2831 -.Fl o 2832 -option. 2833 -Arguments may optionally be enclosed in double quotes 2834 -.Pq \&" 2835 -in order to represent arguments containing spaces. 2836 -.Pp 2837 -The possible 2838 -keywords and their meanings are as follows (note that 2839 -keywords are case-insensitive and arguments are case-sensitive): 2840 -.Bl -tag -width Ds 2841 -.It Cm Host 2842 -Restricts the following declarations (up to the next 2843 -.Cm Host 2844 -or 2845 -.Cm Match 2846 -keyword) to be only for those hosts that match one of the patterns 2847 -given after the keyword. 2848 -If more than one pattern is provided, they should be separated by whitespace. 2849 -A single 2850 -.Ql * 2851 -as a pattern can be used to provide global 2852 -defaults for all hosts. 2853 -The host is usually the 2854 -.Ar hostname 2855 -argument given on the command line 2856 -(see the 2857 -.Cm CanonicalizeHostname 2858 -option for exceptions.) 2859 -.Pp 2860 -A pattern entry may be negated by prefixing it with an exclamation mark 2861 -.Pq Sq !\& . 2862 -If a negated entry is matched, then the 2863 -.Cm Host 2864 -entry is ignored, regardless of whether any other patterns on the line 2865 -match. 2866 -Negated matches are therefore useful to provide exceptions for wildcard 2867 -matches. 2868 -.Pp 2869 -See 2870 -.Sx PATTERNS 2871 -for more information on patterns. 2872 -.It Cm Match 2873 -Restricts the following declarations (up to the next 2874 -.Cm Host 2875 -or 2876 -.Cm Match 2877 -keyword) to be used only when the conditions following the 2878 -.Cm Match 2879 -keyword are satisfied. 2880 -Match conditions are specified using one or more critera 2881 -or the single token 2882 -.Cm all 2883 -which always matches. 2884 -The available criteria keywords are: 2885 -.Cm canonical , 2886 -.Cm exec , 2887 -.Cm host , 2888 -.Cm originalhost , 2889 -.Cm user , 2890 -and 2891 -.Cm localuser . 2892 -The 2893 -.Cm all 2894 -criteria must appear alone or immediately after 2895 -.Cm canonical . 2896 -Other criteria may be combined arbitrarily. 2897 -All criteria but 2898 -.Cm all 2899 -and 2900 -.Cm canonical 2901 -require an argument. 2902 -Criteria may be negated by prepending an exclamation mark 2903 -.Pq Sq !\& . 2904 -.Pp 2905 -The 2906 -.Cm canonical 2907 -keyword matches only when the configuration file is being re-parsed 2908 -after hostname canonicalization (see the 2909 -.Cm CanonicalizeHostname 2910 -option.) 2911 -This may be useful to specify conditions that work with canonical host 2912 -names only. 2913 -The 2914 -.Cm exec 2915 -keyword executes the specified command under the user's shell. 2916 -If the command returns a zero exit status then the condition is considered true. 2917 -Commands containing whitespace characters must be quoted. 2918 -The following character sequences in the command will be expanded prior to 2919 -execution: 2920 -.Ql %L 2921 -will be substituted by the first component of the local host name, 2922 -.Ql %l 2923 -will be substituted by the local host name (including any domain name), 2924 -.Ql %h 2925 -will be substituted by the target host name, 2926 -.Ql %n 2927 -will be substituted by the original target host name 2928 -specified on the command-line, 2929 -.Ql %p 2930 -the destination port, 2931 -.Ql %r 2932 -by the remote login username, and 2933 -.Ql %u 2934 -by the username of the user running 2935 -.Xr ssh 1 . 2936 -.Pp 2937 -The other keywords' criteria must be single entries or comma-separated 2938 -lists and may use the wildcard and negation operators described in the 2939 -.Sx PATTERNS 2940 -section. 2941 -The criteria for the 2942 -.Cm host 2943 -keyword are matched against the target hostname, after any substitution 2944 -by the 2945 -.Cm Hostname 2946 -or 2947 -.Cm CanonicalizeHostname 2948 -options. 2949 -The 2950 -.Cm originalhost 2951 -keyword matches against the hostname as it was specified on the command-line. 2952 -The 2953 -.Cm user 2954 -keyword matches against the target username on the remote host. 2955 -The 2956 -.Cm localuser 2957 -keyword matches against the name of the local user running 2958 -.Xr ssh 1 2959 -(this keyword may be useful in system-wide 2960 -.Nm 2961 -files). 2962 -.It Cm AddressFamily 2963 -Specifies which address family to use when connecting. 2964 -Valid arguments are 2965 -.Dq any , 2966 -.Dq inet 2967 -(use IPv4 only), or 2968 -.Dq inet6 2969 -(use IPv6 only). 2970 -.It Cm BatchMode 2971 -If set to 2972 -.Dq yes , 2973 -passphrase/password querying will be disabled. 2974 -This option is useful in scripts and other batch jobs where no user 2975 -is present to supply the password. 2976 -The argument must be 2977 -.Dq yes 2978 -or 2979 -.Dq no . 2980 -The default is 2981 -.Dq no . 2982 -.It Cm BindAddress 2983 -Use the specified address on the local machine as the source address of 2984 -the connection. 2985 -Only useful on systems with more than one address. 2986 -Note that this option does not work if 2987 -.Cm UsePrivilegedPort 2988 -is set to 2989 -.Dq yes . 2990 -.It Cm CanonicalDomains 2991 -When 2992 -.Cm CanonicalizeHostname 2993 -is enabled, this option specifies the list of domain suffixes in which to 2994 -search for the specified destination host. 2995 -.It Cm CanonicalizeFallbackLocal 2996 -Specifies whether to fail with an error when hostname canonicalization fails. 2997 -The default, 2998 -.Dq yes , 2999 -will attempt to look up the unqualified hostname using the system resolver's 3000 -search rules. 3001 -A value of 3002 -.Dq no 3003 -will cause 3004 -.Xr ssh 1 3005 -to fail instantly if 3006 -.Cm CanonicalizeHostname 3007 -is enabled and the target hostname cannot be found in any of the domains 3008 -specified by 3009 -.Cm CanonicalDomains . 3010 -.It Cm CanonicalizeHostname 3011 -Controls whether explicit hostname canonicalization is performed. 3012 -The default, 3013 -.Dq no , 3014 -is not to perform any name rewriting and let the system resolver handle all 3015 -hostname lookups. 3016 -If set to 3017 -.Dq yes 3018 -then, for connections that do not use a 3019 -.Cm ProxyCommand , 3020 -.Xr ssh 1 3021 -will attempt to canonicalize the hostname specified on the command line 3022 -using the 3023 -.Cm CanonicalDomains 3024 -suffixes and 3025 -.Cm CanonicalizePermittedCNAMEs 3026 -rules. 3027 -If 3028 -.Cm CanonicalizeHostname 3029 -is set to 3030 -.Dq always , 3031 -then canonicalization is applied to proxied connections too. 3032 -.Pp 3033 -If this option is enabled, then the configuration files are processed 3034 -again using the new target name to pick up any new configuration in matching 3035 -.Cm Host 3036 -and 3037 -.Cm Match 3038 -stanzas. 3039 -.It Cm CanonicalizeMaxDots 3040 -Specifies the maximum number of dot characters in a hostname before 3041 -canonicalization is disabled. 3042 -The default, 3043 -.Dq 1 , 3044 -allows a single dot (i.e. hostname.subdomain). 3045 -.It Cm CanonicalizePermittedCNAMEs 3046 -Specifies rules to determine whether CNAMEs should be followed when 3047 -canonicalizing hostnames. 3048 -The rules consist of one or more arguments of 3049 -.Ar source_domain_list : Ns Ar target_domain_list , 3050 -where 3051 -.Ar source_domain_list 3052 -is a pattern-list of domains that may follow CNAMEs in canonicalization, 3053 -and 3054 -.Ar target_domain_list 3055 -is a pattern-list of domains that they may resolve to. 3056 -.Pp 3057 -For example, 3058 -.Dq *.a.example.com:*.b.example.com,*.c.example.com 3059 -will allow hostnames matching 3060 -.Dq *.a.example.com 3061 -to be canonicalized to names in the 3062 -.Dq *.b.example.com 3063 -or 3064 -.Dq *.c.example.com 3065 -domains. 3066 -.It Cm ChallengeResponseAuthentication 3067 -Specifies whether to use challenge-response authentication. 3068 -The argument to this keyword must be 3069 -.Dq yes 3070 -or 3071 -.Dq no . 3072 -The default is 3073 -.Dq yes . 3074 -.It Cm CheckHostIP 3075 -If this flag is set to 3076 -.Dq yes , 3077 -.Xr ssh 1 3078 -will additionally check the host IP address in the 3079 -.Pa known_hosts 3080 -file. 3081 -This allows ssh to detect if a host key changed due to DNS spoofing 3082 -and will add addresses of destination hosts to 3083 -.Pa ~/.ssh/known_hosts 3084 -in the process, regardless of the setting of 3085 -.Cm StrictHostKeyChecking . 3086 -If the option is set to 3087 -.Dq no , 3088 -the check will not be executed. 3089 -The default is 3090 -.Dq yes . 3091 -.It Cm Cipher 3092 -Specifies the cipher to use for encrypting the session 3093 -in protocol version 1. 3094 -Currently, 3095 -.Dq blowfish , 3096 -.Dq 3des , 3097 -and 3098 -.Dq des 3099 -are supported. 3100 -.Ar des 3101 -is only supported in the 3102 -.Xr ssh 1 3103 -client for interoperability with legacy protocol 1 implementations 3104 -that do not support the 3105 -.Ar 3des 3106 -cipher. 3107 -Its use is strongly discouraged due to cryptographic weaknesses. 3108 -The default is 3109 -.Dq 3des . 3110 -.It Cm Ciphers 3111 -Specifies the ciphers allowed for protocol version 2 3112 -in order of preference. 3113 -Multiple ciphers must be comma-separated. 3114 -If the specified value begins with a 3115 -.Sq + 3116 -character, then the specified ciphers will be appended to the default set 3117 -instead of replacing them. 3118 -.Pp 3119 -The supported ciphers are: 3120 -.Pp 3121 -.Bl -item -compact -offset indent 3122 -.It 3123 -3des-cbc 3124 -.It 3125 -aes128-cbc 3126 -.It 3127 -aes192-cbc 3128 -.It 3129 -aes256-cbc 3130 -.It 3131 -aes128-ctr 3132 -.It 3133 -aes192-ctr 3134 -.It 3135 -aes256-ctr 3136 -.It 3137 -aes128-gcm@openssh.com 3138 -.It 3139 -aes256-gcm@openssh.com 3140 -.It 3141 -arcfour 3142 -.It 3143 -arcfour128 3144 -.It 3145 -arcfour256 3146 -.It 3147 -blowfish-cbc 3148 -.It 3149 -cast128-cbc 3150 -.It 3151 -chacha20-poly1305@openssh.com 3152 -.El 3153 -.Pp 3154 -The default is: 3155 -.Bd -literal -offset indent 3156 -chacha20-poly1305@openssh.com, 3157 -aes128-ctr,aes192-ctr,aes256-ctr, 3158 -aes128-gcm@openssh.com,aes256-gcm@openssh.com, 3159 -arcfour256,arcfour128, 3160 -aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, 3161 -aes192-cbc,aes256-cbc,arcfour 3162 -.Ed 3163 -.Pp 3164 -The list of available ciphers may also be obtained using the 3165 -.Fl Q 3166 -option of 3167 -.Xr ssh 1 3168 -with an argument of 3169 -.Dq cipher . 3170 -.It Cm ClearAllForwardings 3171 -Specifies that all local, remote, and dynamic port forwardings 3172 -specified in the configuration files or on the command line be 3173 -cleared. 3174 -This option is primarily useful when used from the 3175 -.Xr ssh 1 3176 -command line to clear port forwardings set in 3177 -configuration files, and is automatically set by 3178 -.Xr scp 1 3179 -and 3180 -.Xr sftp 1 . 3181 -The argument must be 3182 -.Dq yes 3183 -or 3184 -.Dq no . 3185 -The default is 3186 -.Dq no . 3187 -.It Cm Compression 3188 -Specifies whether to use compression. 3189 -The argument must be 3190 -.Dq yes 3191 -or 3192 -.Dq no . 3193 -The default is 3194 -.Dq no . 3195 -.It Cm CompressionLevel 3196 -Specifies the compression level to use if compression is enabled. 3197 -The argument must be an integer from 1 (fast) to 9 (slow, best). 3198 -The default level is 6, which is good for most applications. 3199 -The meaning of the values is the same as in 3200 -.Xr gzip 1 . 3201 -Note that this option applies to protocol version 1 only. 3202 -.It Cm ConnectionAttempts 3203 -Specifies the number of tries (one per second) to make before exiting. 3204 -The argument must be an integer. 3205 -This may be useful in scripts if the connection sometimes fails. 3206 -The default is 1. 3207 -.It Cm ConnectTimeout 3208 -Specifies the timeout (in seconds) used when connecting to the 3209 -SSH server, instead of using the default system TCP timeout. 3210 -This value is used only when the target is down or really unreachable, 3211 -not when it refuses the connection. 3212 -.It Cm ControlMaster 3213 -Enables the sharing of multiple sessions over a single network connection. 3214 -When set to 3215 -.Dq yes , 3216 -.Xr ssh 1 3217 -will listen for connections on a control socket specified using the 3218 -.Cm ControlPath 3219 -argument. 3220 -Additional sessions can connect to this socket using the same 3221 -.Cm ControlPath 3222 -with 3223 -.Cm ControlMaster 3224 -set to 3225 -.Dq no 3226 -(the default). 3227 -These sessions will try to reuse the master instance's network connection 3228 -rather than initiating new ones, but will fall back to connecting normally 3229 -if the control socket does not exist, or is not listening. 3230 -.Pp 3231 -Setting this to 3232 -.Dq ask 3233 -will cause ssh 3234 -to listen for control connections, but require confirmation using 3235 -.Xr ssh-askpass 1 . 3236 -If the 3237 -.Cm ControlPath 3238 -cannot be opened, 3239 -ssh will continue without connecting to a master instance. 3240 -.Pp 3241 -X11 and 3242 -.Xr ssh-agent 1 3243 -forwarding is supported over these multiplexed connections, however the 3244 -display and agent forwarded will be the one belonging to the master 3245 -connection i.e. it is not possible to forward multiple displays or agents. 3246 -.Pp 3247 -Two additional options allow for opportunistic multiplexing: try to use a 3248 -master connection but fall back to creating a new one if one does not already 3249 -exist. 3250 -These options are: 3251 -.Dq auto 3252 -and 3253 -.Dq autoask . 3254 -The latter requires confirmation like the 3255 -.Dq ask 3256 -option. 3257 -.It Cm ControlPath 3258 -Specify the path to the control socket used for connection sharing as described 3259 -in the 3260 -.Cm ControlMaster 3261 -section above or the string 3262 -.Dq none 3263 -to disable connection sharing. 3264 -In the path, 3265 -.Ql %L 3266 -will be substituted by the first component of the local host name, 3267 -.Ql %l 3268 -will be substituted by the local host name (including any domain name), 3269 -.Ql %h 3270 -will be substituted by the target host name, 3271 -.Ql %n 3272 -will be substituted by the original target host name 3273 -specified on the command line, 3274 -.Ql %p 3275 -the destination port, 3276 -.Ql %r 3277 -by the remote login username, 3278 -.Ql %u 3279 -by the username of the user running 3280 -.Xr ssh 1 , and 3281 -.Ql \&%C 3282 -by a hash of the concatenation: %l%h%p%r. 3283 -It is recommended that any 3284 -.Cm ControlPath 3285 -used for opportunistic connection sharing include 3286 -at least %h, %p, and %r (or alternatively %C) and be placed in a directory 3287 -that is not writable by other users. 3288 -This ensures that shared connections are uniquely identified. 3289 -.It Cm ControlPersist 3290 -When used in conjunction with 3291 -.Cm ControlMaster , 3292 -specifies that the master connection should remain open 3293 -in the background (waiting for future client connections) 3294 -after the initial client connection has been closed. 3295 -If set to 3296 -.Dq no , 3297 -then the master connection will not be placed into the background, 3298 -and will close as soon as the initial client connection is closed. 3299 -If set to 3300 -.Dq yes 3301 -or 3302 -.Dq 0 , 3303 -then the master connection will remain in the background indefinitely 3304 -(until killed or closed via a mechanism such as the 3305 -.Xr ssh 1 3306 -.Dq Fl O No exit 3307 -option). 3308 -If set to a time in seconds, or a time in any of the formats documented in 3309 -.Xr sshd_config 5 , 3310 -then the backgrounded master connection will automatically terminate 3311 -after it has remained idle (with no client connections) for the 3312 -specified time. 3313 -.It Cm DynamicForward 3314 -Specifies that a TCP port on the local machine be forwarded 3315 -over the secure channel, and the application 3316 -protocol is then used to determine where to connect to from the 3317 -remote machine. 3318 -.Pp 3319 -The argument must be 3320 -.Sm off 3321 -.Oo Ar bind_address : Oc Ar port . 3322 -.Sm on 3323 -IPv6 addresses can be specified by enclosing addresses in square brackets. 3324 -By default, the local port is bound in accordance with the 3325 -.Cm GatewayPorts 3326 -setting. 3327 -However, an explicit 3328 -.Ar bind_address 3329 -may be used to bind the connection to a specific address. 3330 -The 3331 -.Ar bind_address 3332 -of 3333 -.Dq localhost 3334 -indicates that the listening port be bound for local use only, while an 3335 -empty address or 3336 -.Sq * 3337 -indicates that the port should be available from all interfaces. 3338 -.Pp 3339 -Currently the SOCKS4 and SOCKS5 protocols are supported, and 3340 -.Xr ssh 1 3341 -will act as a SOCKS server. 3342 -Multiple forwardings may be specified, and 3343 -additional forwardings can be given on the command line. 3344 -Only the superuser can forward privileged ports. 3345 -.It Cm EnableSSHKeysign 3346 -Setting this option to 3347 -.Dq yes 3348 -in the global client configuration file 3349 -.Pa /etc/ssh/ssh_config 3350 -enables the use of the helper program 3351 -.Xr ssh-keysign 8 3352 -during 3353 -.Cm HostbasedAuthentication . 3354 -The argument must be 3355 -.Dq yes 3356 -or 3357 -.Dq no . 3358 -The default is 3359 -.Dq no . 3360 -This option should be placed in the non-hostspecific section. 3361 -See 3362 -.Xr ssh-keysign 8 3363 -for more information. 3364 -.It Cm EscapeChar 3365 -Sets the escape character (default: 3366 -.Ql ~ ) . 3367 -The escape character can also 3368 -be set on the command line. 3369 -The argument should be a single character, 3370 -.Ql ^ 3371 -followed by a letter, or 3372 -.Dq none 3373 -to disable the escape 3374 -character entirely (making the connection transparent for binary 3375 -data). 3376 -.It Cm ExitOnForwardFailure 3377 -Specifies whether 3378 -.Xr ssh 1 3379 -should terminate the connection if it cannot set up all requested 3380 -dynamic, tunnel, local, and remote port forwardings. 3381 -The argument must be 3382 -.Dq yes 3383 -or 3384 -.Dq no . 3385 -The default is 3386 -.Dq no . 3387 -.It Cm FingerprintHash 3388 -Specifies the hash algorithm used when displaying key fingerprints. 3389 -Valid options are: 3390 -.Dq md5 3391 -and 3392 -.Dq sha256 . 3393 -The default is 3394 -.Dq sha256 . 3395 -.It Cm ForwardAgent 3396 -Specifies whether the connection to the authentication agent (if any) 3397 -will be forwarded to the remote machine. 3398 -The argument must be 3399 -.Dq yes 3400 -or 3401 -.Dq no . 3402 -The default is 3403 -.Dq no . 3404 -.Pp 3405 -Agent forwarding should be enabled with caution. 3406 -Users with the ability to bypass file permissions on the remote host 3407 -(for the agent's Unix-domain socket) 3408 -can access the local agent through the forwarded connection. 3409 -An attacker cannot obtain key material from the agent, 3410 -however they can perform operations on the keys that enable them to 3411 -authenticate using the identities loaded into the agent. 3412 -.It Cm ForwardX11 3413 -Specifies whether X11 connections will be automatically redirected 3414 -over the secure channel and 3415 -.Ev DISPLAY 3416 -set. 3417 -The argument must be 3418 -.Dq yes 3419 -or 3420 -.Dq no . 3421 -The default is 3422 -.Dq no . 3423 -.Pp 3424 -X11 forwarding should be enabled with caution. 3425 -Users with the ability to bypass file permissions on the remote host 3426 -(for the user's X11 authorization database) 3427 -can access the local X11 display through the forwarded connection. 3428 -An attacker may then be able to perform activities such as keystroke monitoring 3429 -if the 3430 -.Cm ForwardX11Trusted 3431 -option is also enabled. 3432 -.It Cm ForwardX11Timeout 3433 -Specify a timeout for untrusted X11 forwarding 3434 -using the format described in the 3435 -TIME FORMATS section of 3436 -.Xr sshd_config 5 . 3437 -X11 connections received by 3438 -.Xr ssh 1 3439 -after this time will be refused. 3440 -The default is to disable untrusted X11 forwarding after twenty minutes has 3441 -elapsed. 3442 -.It Cm ForwardX11Trusted 3443 -If this option is set to 3444 -.Dq yes , 3445 -remote X11 clients will have full access to the original X11 display. 3446 -.Pp 3447 -If this option is set to 3448 -.Dq no , 3449 -remote X11 clients will be considered untrusted and prevented 3450 -from stealing or tampering with data belonging to trusted X11 3451 -clients. 3452 -Furthermore, the 3453 -.Xr xauth 1 3454 -token used for the session will be set to expire after 20 minutes. 3455 -Remote clients will be refused access after this time. 3456 -.Pp 3457 -The default is 3458 -.Dq no . 3459 -.Pp 3460 -See the X11 SECURITY extension specification for full details on 3461 -the restrictions imposed on untrusted clients. 3462 -.It Cm GatewayPorts 3463 -Specifies whether remote hosts are allowed to connect to local 3464 -forwarded ports. 3465 -By default, 3466 -.Xr ssh 1 3467 -binds local port forwardings to the loopback address. 3468 -This prevents other remote hosts from connecting to forwarded ports. 3469 -.Cm GatewayPorts 3470 -can be used to specify that ssh 3471 -should bind local port forwardings to the wildcard address, 3472 -thus allowing remote hosts to connect to forwarded ports. 3473 -The argument must be 3474 -.Dq yes 3475 -or 3476 -.Dq no . 3477 -The default is 3478 -.Dq no . 3479 -.It Cm GlobalKnownHostsFile 3480 -Specifies one or more files to use for the global 3481 -host key database, separated by whitespace. 3482 -The default is 3483 -.Pa /etc/ssh/ssh_known_hosts , 3484 -.Pa /etc/ssh/ssh_known_hosts2 . 3485 -.It Cm GSSAPIAuthentication 3486 -Specifies whether user authentication based on GSSAPI is allowed. 3487 -The default is 3488 -.Dq no . 3489 -Note that this option applies to protocol version 2 only. 3490 -.It Cm GSSAPIDelegateCredentials 3491 -Forward (delegate) credentials to the server. 3492 -The default is 3493 -.Dq no . 3494 -Note that this option applies to protocol version 2 only. 3495 -.It Cm HashKnownHosts 3496 -Indicates that 3497 -.Xr ssh 1 3498 -should hash host names and addresses when they are added to 3499 -.Pa ~/.ssh/known_hosts . 3500 -These hashed names may be used normally by 3501 -.Xr ssh 1 3502 -and 3503 -.Xr sshd 8 , 3504 -but they do not reveal identifying information should the file's contents 3505 -be disclosed. 3506 -The default is 3507 -.Dq no . 3508 -Note that existing names and addresses in known hosts files 3509 -will not be converted automatically, 3510 -but may be manually hashed using 3511 -.Xr ssh-keygen 1 . 3512 -.It Cm HostbasedAuthentication 3513 -Specifies whether to try rhosts based authentication with public key 3514 -authentication. 3515 -The argument must be 3516 -.Dq yes 3517 -or 3518 -.Dq no . 3519 -The default is 3520 -.Dq no . 3521 -This option applies to protocol version 2 only and 3522 -is similar to 3523 -.Cm RhostsRSAAuthentication . 3524 -.It Cm HostbasedKeyTypes 3525 -Specifies the key types that will be used for hostbased authentication 3526 -as a comma-separated pattern list. 3527 -Alternately if the specified value begins with a 3528 -.Sq + 3529 -character, then the specified key types will be appended to the default set 3530 -instead of replacing them. 3531 -The default for this option is: 3532 -.Bd -literal -offset 3n 3533 -ecdsa-sha2-nistp256-cert-v01@openssh.com, 3534 -ecdsa-sha2-nistp384-cert-v01@openssh.com, 3535 -ecdsa-sha2-nistp521-cert-v01@openssh.com, 3536 -ssh-ed25519-cert-v01@openssh.com, 3537 -ssh-rsa-cert-v01@openssh.com, 3538 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 3539 -ssh-ed25519,ssh-rsa 3540 -.Ed 3541 -.Pp 3542 -The 3543 -.Fl Q 3544 -option of 3545 -.Xr ssh 1 3546 -may be used to list supported key types. 3547 -.It Cm HostKeyAlgorithms 3548 -Specifies the protocol version 2 host key algorithms 3549 -that the client wants to use in order of preference. 3550 -Alternately if the specified value begins with a 3551 -.Sq + 3552 -character, then the specified key types will be appended to the default set 3553 -instead of replacing them. 3554 -The default for this option is: 3555 -.Bd -literal -offset 3n 3556 -ecdsa-sha2-nistp256-cert-v01@openssh.com, 3557 -ecdsa-sha2-nistp384-cert-v01@openssh.com, 3558 -ecdsa-sha2-nistp521-cert-v01@openssh.com, 3559 -ssh-ed25519-cert-v01@openssh.com, 3560 -ssh-rsa-cert-v01@openssh.com, 3561 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 3562 -ssh-ed25519,ssh-rsa 3563 -.Ed 3564 -.Pp 3565 -If hostkeys are known for the destination host then this default is modified 3566 -to prefer their algorithms. 3567 -.Pp 3568 -The list of available key types may also be obtained using the 3569 -.Fl Q 3570 -option of 3571 -.Xr ssh 1 3572 -with an argument of 3573 -.Dq key . 3574 -.It Cm HostKeyAlias 3575 -Specifies an alias that should be used instead of the 3576 -real host name when looking up or saving the host key 3577 -in the host key database files. 3578 -This option is useful for tunneling SSH connections 3579 -or for multiple servers running on a single host. 3580 -.It Cm HostName 3581 -Specifies the real host name to log into. 3582 -This can be used to specify nicknames or abbreviations for hosts. 3583 -If the hostname contains the character sequence 3584 -.Ql %h , 3585 -then this will be replaced with the host name specified on the command line 3586 -(this is useful for manipulating unqualified names). 3587 -The character sequence 3588 -.Ql %% 3589 -will be replaced by a single 3590 -.Ql % 3591 -character, which may be used when specifying IPv6 link-local addresses. 3592 -.Pp 3593 -The default is the name given on the command line. 3594 -Numeric IP addresses are also permitted (both on the command line and in 3595 -.Cm HostName 3596 -specifications). 3597 -.It Cm IdentitiesOnly 3598 -Specifies that 3599 -.Xr ssh 1 3600 -should only use the authentication identity files configured in the 3601 -.Nm 3602 -files, 3603 -even if 3604 -.Xr ssh-agent 1 3605 -or a 3606 -.Cm PKCS11Provider 3607 -offers more identities. 3608 -The argument to this keyword must be 3609 -.Dq yes 3610 -or 3611 -.Dq no . 3612 -This option is intended for situations where ssh-agent 3613 -offers many different identities. 3614 -The default is 3615 -.Dq no . 3616 -.It Cm IdentityFile 3617 -Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication 3618 -identity is read. 3619 -The default is 3620 -.Pa ~/.ssh/identity 3621 -for protocol version 1, and 3622 -.Pa ~/.ssh/id_dsa , 3623 -.Pa ~/.ssh/id_ecdsa , 3624 -.Pa ~/.ssh/id_ed25519 3625 -and 3626 -.Pa ~/.ssh/id_rsa 3627 -for protocol version 2. 3628 -Additionally, any identities represented by the authentication agent 3629 -will be used for authentication unless 3630 -.Cm IdentitiesOnly 3631 -is set. 3632 -.Xr ssh 1 3633 -will try to load certificate information from the filename obtained by 3634 -appending 3635 -.Pa -cert.pub 3636 -to the path of a specified 3637 -.Cm IdentityFile . 3638 -.Pp 3639 -The file name may use the tilde 3640 -syntax to refer to a user's home directory or one of the following 3641 -escape characters: 3642 -.Ql %d 3643 -(local user's home directory), 3644 -.Ql %u 3645 -(local user name), 3646 -.Ql %l 3647 -(local host name), 3648 -.Ql %h 3649 -(remote host name) or 3650 -.Ql %r 3651 -(remote user name). 3652 -.Pp 3653 -It is possible to have 3654 -multiple identity files specified in configuration files; all these 3655 -identities will be tried in sequence. 3656 -Multiple 3657 -.Cm IdentityFile 3658 -directives will add to the list of identities tried (this behaviour 3659 -differs from that of other configuration directives). 3660 -.Pp 3661 -.Cm IdentityFile 3662 -may be used in conjunction with 3663 -.Cm IdentitiesOnly 3664 -to select which identities in an agent are offered during authentication. 3665 -.It Cm IgnoreUnknown 3666 -Specifies a pattern-list of unknown options to be ignored if they are 3667 -encountered in configuration parsing. 3668 -This may be used to suppress errors if 3669 -.Nm 3670 -contains options that are unrecognised by 3671 -.Xr ssh 1 . 3672 -It is recommended that 3673 -.Cm IgnoreUnknown 3674 -be listed early in the configuration file as it will not be applied 3675 -to unknown options that appear before it. 3676 -.It Cm IPQoS 3677 -Specifies the IPv4 type-of-service or DSCP class for connections. 3678 -Accepted values are 3679 -.Dq af11 , 3680 -.Dq af12 , 3681 -.Dq af13 , 3682 -.Dq af21 , 3683 -.Dq af22 , 3684 -.Dq af23 , 3685 -.Dq af31 , 3686 -.Dq af32 , 3687 -.Dq af33 , 3688 -.Dq af41 , 3689 -.Dq af42 , 3690 -.Dq af43 , 3691 -.Dq cs0 , 3692 -.Dq cs1 , 3693 -.Dq cs2 , 3694 -.Dq cs3 , 3695 -.Dq cs4 , 3696 -.Dq cs5 , 3697 -.Dq cs6 , 3698 -.Dq cs7 , 3699 -.Dq ef , 3700 -.Dq lowdelay , 3701 -.Dq throughput , 3702 -.Dq reliability , 3703 -or a numeric value. 3704 -This option may take one or two arguments, separated by whitespace. 3705 -If one argument is specified, it is used as the packet class unconditionally. 3706 -If two values are specified, the first is automatically selected for 3707 -interactive sessions and the second for non-interactive sessions. 3708 -The default is 3709 -.Dq lowdelay 3710 -for interactive sessions and 3711 -.Dq throughput 3712 -for non-interactive sessions. 3713 -.It Cm KbdInteractiveAuthentication 3714 -Specifies whether to use keyboard-interactive authentication. 3715 -The argument to this keyword must be 3716 -.Dq yes 3717 -or 3718 -.Dq no . 3719 -The default is 3720 -.Dq yes . 3721 -.It Cm KbdInteractiveDevices 3722 -Specifies the list of methods to use in keyboard-interactive authentication. 3723 -Multiple method names must be comma-separated. 3724 -The default is to use the server specified list. 3725 -The methods available vary depending on what the server supports. 3726 -For an OpenSSH server, 3727 -it may be zero or more of: 3728 -.Dq bsdauth , 3729 -.Dq pam , 3730 -and 3731 -.Dq skey . 3732 -.It Cm KexAlgorithms 3733 -Specifies the available KEX (Key Exchange) algorithms. 3734 -Multiple algorithms must be comma-separated. 3735 -Alternately if the specified value begins with a 3736 -.Sq + 3737 -character, then the specified methods will be appended to the default set 3738 -instead of replacing them. 3739 -The default is: 3740 -.Bd -literal -offset indent 3741 -curve25519-sha256@libssh.org, 3742 -ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 3743 -diffie-hellman-group-exchange-sha256, 3744 -diffie-hellman-group-exchange-sha1, 3745 -diffie-hellman-group14-sha1 3746 -.Ed 3747 -.Pp 3748 -The list of available key exchange algorithms may also be obtained using the 3749 -.Fl Q 3750 -option of 3751 -.Xr ssh 1 3752 -with an argument of 3753 -.Dq kex . 3754 -.It Cm LocalCommand 3755 -Specifies a command to execute on the local machine after successfully 3756 -connecting to the server. 3757 -The command string extends to the end of the line, and is executed with 3758 -the user's shell. 3759 -The following escape character substitutions will be performed: 3760 -.Ql %d 3761 -(local user's home directory), 3762 -.Ql %h 3763 -(remote host name), 3764 -.Ql %l 3765 -(local host name), 3766 -.Ql %n 3767 -(host name as provided on the command line), 3768 -.Ql %p 3769 -(remote port), 3770 -.Ql %r 3771 -(remote user name) or 3772 -.Ql %u 3773 -(local user name) or 3774 -.Ql \&%C 3775 -by a hash of the concatenation: %l%h%p%r. 3776 -.Pp 3777 -The command is run synchronously and does not have access to the 3778 -session of the 3779 -.Xr ssh 1 3780 -that spawned it. 3781 -It should not be used for interactive commands. 3782 -.Pp 3783 -This directive is ignored unless 3784 -.Cm PermitLocalCommand 3785 -has been enabled. 3786 -.It Cm LocalForward 3787 -Specifies that a TCP port on the local machine be forwarded over 3788 -the secure channel to the specified host and port from the remote machine. 3789 -The first argument must be 3790 -.Sm off 3791 -.Oo Ar bind_address : Oc Ar port 3792 -.Sm on 3793 -and the second argument must be 3794 -.Ar host : Ns Ar hostport . 3795 -IPv6 addresses can be specified by enclosing addresses in square brackets. 3796 -Multiple forwardings may be specified, and additional forwardings can be 3797 -given on the command line. 3798 -Only the superuser can forward privileged ports. 3799 -By default, the local port is bound in accordance with the 3800 -.Cm GatewayPorts 3801 -setting. 3802 -However, an explicit 3803 -.Ar bind_address 3804 -may be used to bind the connection to a specific address. 3805 -The 3806 -.Ar bind_address 3807 -of 3808 -.Dq localhost 3809 -indicates that the listening port be bound for local use only, while an 3810 -empty address or 3811 -.Sq * 3812 -indicates that the port should be available from all interfaces. 3813 -.It Cm LogLevel 3814 -Gives the verbosity level that is used when logging messages from 3815 -.Xr ssh 1 . 3816 -The possible values are: 3817 -QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 3818 -The default is INFO. 3819 -DEBUG and DEBUG1 are equivalent. 3820 -DEBUG2 and DEBUG3 each specify higher levels of verbose output. 3821 -.It Cm MACs 3822 -Specifies the MAC (message authentication code) algorithms 3823 -in order of preference. 3824 -The MAC algorithm is used in protocol version 2 3825 -for data integrity protection. 3826 -Multiple algorithms must be comma-separated. 3827 -If the specified value begins with a 3828 -.Sq + 3829 -character, then the specified algorithms will be appended to the default set 3830 -instead of replacing them. 3831 -.Pp 3832 -The algorithms that contain 3833 -.Dq -etm 3834 -calculate the MAC after encryption (encrypt-then-mac). 3835 -These are considered safer and their use recommended. 3836 -.Pp 3837 -The default is: 3838 -.Bd -literal -offset indent 3839 -umac-64-etm@openssh.com,umac-128-etm@openssh.com, 3840 -hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 3841 -umac-64@openssh.com,umac-128@openssh.com, 3842 -hmac-sha2-256,hmac-sha2-512, 3843 -hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com, 3844 -hmac-ripemd160-etm@openssh.com, 3845 -hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com, 3846 -hmac-md5,hmac-sha1,hmac-ripemd160, 3847 -hmac-sha1-96,hmac-md5-96 3848 -.Ed 3849 -.Pp 3850 -The list of available MAC algorithms may also be obtained using the 3851 -.Fl Q 3852 -option of 3853 -.Xr ssh 1 3854 -with an argument of 3855 -.Dq mac . 3856 -.It Cm NoHostAuthenticationForLocalhost 3857 -This option can be used if the home directory is shared across machines. 3858 -In this case localhost will refer to a different machine on each of 3859 -the machines and the user will get many warnings about changed host keys. 3860 -However, this option disables host authentication for localhost. 3861 -The argument to this keyword must be 3862 -.Dq yes 3863 -or 3864 -.Dq no . 3865 -The default is to check the host key for localhost. 3866 -.It Cm NumberOfPasswordPrompts 3867 -Specifies the number of password prompts before giving up. 3868 -The argument to this keyword must be an integer. 3869 -The default is 3. 3870 -.It Cm PasswordAuthentication 3871 -Specifies whether to use password authentication. 3872 -The argument to this keyword must be 3873 -.Dq yes 3874 -or 3875 -.Dq no . 3876 -The default is 3877 -.Dq yes . 3878 -.It Cm PermitLocalCommand 3879 -Allow local command execution via the 3880 -.Ic LocalCommand 3881 -option or using the 3882 -.Ic !\& Ns Ar command 3883 -escape sequence in 3884 -.Xr ssh 1 . 3885 -The argument must be 3886 -.Dq yes 3887 -or 3888 -.Dq no . 3889 -The default is 3890 -.Dq no . 3891 -.It Cm PKCS11Provider 3892 -Specifies which PKCS#11 provider to use. 3893 -The argument to this keyword is the PKCS#11 shared library 3894 -.Xr ssh 1 3895 -should use to communicate with a PKCS#11 token providing the user's 3896 -private RSA key. 3897 -.It Cm Port 3898 -Specifies the port number to connect on the remote host. 3899 -The default is 22. 3900 -.It Cm PreferredAuthentications 3901 -Specifies the order in which the client should try protocol 2 3902 -authentication methods. 3903 -This allows a client to prefer one method (e.g.\& 3904 -.Cm keyboard-interactive ) 3905 -over another method (e.g.\& 3906 -.Cm password ) . 3907 -The default is: 3908 -.Bd -literal -offset indent 3909 -gssapi-with-mic,hostbased,publickey, 3910 -keyboard-interactive,password 3911 -.Ed 3912 -.It Cm Protocol 3913 -Specifies the protocol versions 3914 -.Xr ssh 1 3915 -should support in order of preference. 3916 -The possible values are 3917 -.Sq 1 3918 -and 3919 -.Sq 2 . 3920 -Multiple versions must be comma-separated. 3921 -When this option is set to 3922 -.Dq 2,1 3923 -.Nm ssh 3924 -will try version 2 and fall back to version 1 3925 -if version 2 is not available. 3926 -The default is 3927 -.Sq 2 . 3928 -.It Cm ProxyCommand 3929 -Specifies the command to use to connect to the server. 3930 -The command 3931 -string extends to the end of the line, and is executed 3932 -using the user's shell 3933 -.Ql exec 3934 -directive to avoid a lingering shell process. 3935 -.Pp 3936 -In the command string, any occurrence of 3937 -.Ql %h 3938 -will be substituted by the host name to 3939 -connect, 3940 -.Ql %p 3941 -by the port, and 3942 -.Ql %r 3943 -by the remote user name. 3944 -The command can be basically anything, 3945 -and should read from its standard input and write to its standard output. 3946 -It should eventually connect an 3947 -.Xr sshd 8 3948 -server running on some machine, or execute 3949 -.Ic sshd -i 3950 -somewhere. 3951 -Host key management will be done using the 3952 -HostName of the host being connected (defaulting to the name typed by 3953 -the user). 3954 -Setting the command to 3955 -.Dq none 3956 -disables this option entirely. 3957 -Note that 3958 -.Cm CheckHostIP 3959 -is not available for connects with a proxy command. 3960 -.Pp 3961 -This directive is useful in conjunction with 3962 -.Xr nc 1 3963 -and its proxy support. 3964 -For example, the following directive would connect via an HTTP proxy at 3965 -192.0.2.0: 3966 -.Bd -literal -offset 3n 3967 -ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p 3968 -.Ed 3969 -.It Cm ProxyUseFdpass 3970 -Specifies that 3971 -.Cm ProxyCommand 3972 -will pass a connected file descriptor back to 3973 -.Xr ssh 1 3974 -instead of continuing to execute and pass data. 3975 -The default is 3976 -.Dq no . 3977 -.It Cm PubkeyAcceptedKeyTypes 3978 -Specifies the key types that will be used for public key authentication 3979 -as a comma-separated pattern list. 3980 -Alternately if the specified value begins with a 3981 -.Sq + 3982 -character, then the key types after it will be appended to the default 3983 -instead of replacing it. 3984 -The default for this option is: 3985 -.Bd -literal -offset 3n 3986 -ecdsa-sha2-nistp256-cert-v01@openssh.com, 3987 -ecdsa-sha2-nistp384-cert-v01@openssh.com, 3988 -ecdsa-sha2-nistp521-cert-v01@openssh.com, 3989 -ssh-ed25519-cert-v01@openssh.com, 3990 -ssh-rsa-cert-v01@openssh.com, 3991 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 3992 -ssh-ed25519,ssh-rsa 3993 -.Ed 3994 -.Pp 3995 -The 3996 -.Fl Q 3997 -option of 3998 -.Xr ssh 1 3999 -may be used to list supported key types. 4000 -.It Cm PubkeyAuthentication 4001 -Specifies whether to try public key authentication. 4002 -The argument to this keyword must be 4003 -.Dq yes 4004 -or 4005 -.Dq no . 4006 -The default is 4007 -.Dq yes . 4008 -This option applies to protocol version 2 only. 4009 -.It Cm RekeyLimit 4010 -Specifies the maximum amount of data that may be transmitted before the 4011 -session key is renegotiated, optionally followed a maximum amount of 4012 -time that may pass before the session key is renegotiated. 4013 -The first argument is specified in bytes and may have a suffix of 4014 -.Sq K , 4015 -.Sq M , 4016 -or 4017 -.Sq G 4018 -to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 4019 -The default is between 4020 -.Sq 1G 4021 -and 4022 -.Sq 4G , 4023 -depending on the cipher. 4024 -The optional second value is specified in seconds and may use any of the 4025 -units documented in the 4026 -TIME FORMATS section of 4027 -.Xr sshd_config 5 . 4028 -The default value for 4029 -.Cm RekeyLimit 4030 -is 4031 -.Dq default none , 4032 -which means that rekeying is performed after the cipher's default amount 4033 -of data has been sent or received and no time based rekeying is done. 4034 -This option applies to protocol version 2 only. 4035 -.It Cm RemoteForward 4036 -Specifies that a TCP port on the remote machine be forwarded over 4037 -the secure channel to the specified host and port from the local machine. 4038 -The first argument must be 4039 -.Sm off 4040 -.Oo Ar bind_address : Oc Ar port 4041 -.Sm on 4042 -and the second argument must be 4043 -.Ar host : Ns Ar hostport . 4044 -IPv6 addresses can be specified by enclosing addresses in square brackets. 4045 -Multiple forwardings may be specified, and additional 4046 -forwardings can be given on the command line. 4047 -Privileged ports can be forwarded only when 4048 -logging in as root on the remote machine. 4049 -.Pp 4050 -If the 4051 -.Ar port 4052 -argument is 4053 -.Ql 0 , 4054 -the listen port will be dynamically allocated on the server and reported 4055 -to the client at run time. 4056 -.Pp 4057 -If the 4058 -.Ar bind_address 4059 -is not specified, the default is to only bind to loopback addresses. 4060 -If the 4061 -.Ar bind_address 4062 -is 4063 -.Ql * 4064 -or an empty string, then the forwarding is requested to listen on all 4065 -interfaces. 4066 -Specifying a remote 4067 -.Ar bind_address 4068 -will only succeed if the server's 4069 -.Cm GatewayPorts 4070 -option is enabled (see 4071 -.Xr sshd_config 5 ) . 4072 -.It Cm RequestTTY 4073 -Specifies whether to request a pseudo-tty for the session. 4074 -The argument may be one of: 4075 -.Dq no 4076 -(never request a TTY), 4077 -.Dq yes 4078 -(always request a TTY when standard input is a TTY), 4079 -.Dq force 4080 -(always request a TTY) or 4081 -.Dq auto 4082 -(request a TTY when opening a login session). 4083 -This option mirrors the 4084 -.Fl t 4085 -and 4086 -.Fl T 4087 -flags for 4088 -.Xr ssh 1 . 4089 -.It Cm RevokedHostKeys 4090 -Specifies revoked host public keys. 4091 -Keys listed in this file will be refused for host authentication. 4092 -Note that if this file does not exist or is not readable, 4093 -then host authentication will be refused for all hosts. 4094 -Keys may be specified as a text file, listing one public key per line, or as 4095 -an OpenSSH Key Revocation List (KRL) as generated by 4096 -.Xr ssh-keygen 1 . 4097 -For more information on KRLs, see the KEY REVOCATION LISTS section in 4098 -.Xr ssh-keygen 1 . 4099 -.It Cm RhostsRSAAuthentication 4100 -Specifies whether to try rhosts based authentication with RSA host 4101 -authentication. 4102 -The argument must be 4103 -.Dq yes 4104 -or 4105 -.Dq no . 4106 -The default is 4107 -.Dq no . 4108 -This option applies to protocol version 1 only and requires 4109 -.Xr ssh 1 4110 -to be setuid root. 4111 -.It Cm RSAAuthentication 4112 -Specifies whether to try RSA authentication. 4113 -The argument to this keyword must be 4114 -.Dq yes 4115 -or 4116 -.Dq no . 4117 -RSA authentication will only be 4118 -attempted if the identity file exists, or an authentication agent is 4119 -running. 4120 -The default is 4121 -.Dq yes . 4122 -Note that this option applies to protocol version 1 only. 4123 -.It Cm SendEnv 4124 -Specifies what variables from the local 4125 -.Xr environ 7 4126 -should be sent to the server. 4127 -Note that environment passing is only supported for protocol 2. 4128 -The server must also support it, and the server must be configured to 4129 -accept these environment variables. 4130 -Note that the 4131 -.Ev TERM 4132 -environment variable is always sent whenever a 4133 -pseudo-terminal is requested as it is required by the protocol. 4134 -Refer to 4135 -.Cm AcceptEnv 4136 -in 4137 -.Xr sshd_config 5 4138 -for how to configure the server. 4139 -Variables are specified by name, which may contain wildcard characters. 4140 -Multiple environment variables may be separated by whitespace or spread 4141 -across multiple 4142 -.Cm SendEnv 4143 -directives. 4144 -The default is not to send any environment variables. 4145 -.Pp 4146 -See 4147 -.Sx PATTERNS 4148 -for more information on patterns. 4149 -.It Cm ServerAliveCountMax 4150 -Sets the number of server alive messages (see below) which may be 4151 -sent without 4152 -.Xr ssh 1 4153 -receiving any messages back from the server. 4154 -If this threshold is reached while server alive messages are being sent, 4155 -ssh will disconnect from the server, terminating the session. 4156 -It is important to note that the use of server alive messages is very 4157 -different from 4158 -.Cm TCPKeepAlive 4159 -(below). 4160 -The server alive messages are sent through the encrypted channel 4161 -and therefore will not be spoofable. 4162 -The TCP keepalive option enabled by 4163 -.Cm TCPKeepAlive 4164 -is spoofable. 4165 -The server alive mechanism is valuable when the client or 4166 -server depend on knowing when a connection has become inactive. 4167 -.Pp 4168 -The default value is 3. 4169 -If, for example, 4170 -.Cm ServerAliveInterval 4171 -(see below) is set to 15 and 4172 -.Cm ServerAliveCountMax 4173 -is left at the default, if the server becomes unresponsive, 4174 -ssh will disconnect after approximately 45 seconds. 4175 -This option applies to protocol version 2 only. 4176 -.It Cm ServerAliveInterval 4177 -Sets a timeout interval in seconds after which if no data has been received 4178 -from the server, 4179 -.Xr ssh 1 4180 -will send a message through the encrypted 4181 -channel to request a response from the server. 4182 -The default 4183 -is 0, indicating that these messages will not be sent to the server. 4184 -This option applies to protocol version 2 only. 4185 -.It Cm StreamLocalBindMask 4186 -Sets the octal file creation mode mask 4187 -.Pq umask 4188 -used when creating a Unix-domain socket file for local or remote 4189 -port forwarding. 4190 -This option is only used for port forwarding to a Unix-domain socket file. 4191 -.Pp 4192 -The default value is 0177, which creates a Unix-domain socket file that is 4193 -readable and writable only by the owner. 4194 -Note that not all operating systems honor the file mode on Unix-domain 4195 -socket files. 4196 -.It Cm StreamLocalBindUnlink 4197 -Specifies whether to remove an existing Unix-domain socket file for local 4198 -or remote port forwarding before creating a new one. 4199 -If the socket file already exists and 4200 -.Cm StreamLocalBindUnlink 4201 -is not enabled, 4202 -.Nm ssh 4203 -will be unable to forward the port to the Unix-domain socket file. 4204 -This option is only used for port forwarding to a Unix-domain socket file. 4205 -.Pp 4206 -The argument must be 4207 -.Dq yes 4208 -or 4209 -.Dq no . 4210 -The default is 4211 -.Dq no . 4212 -.It Cm StrictHostKeyChecking 4213 -If this flag is set to 4214 -.Dq yes , 4215 -.Xr ssh 1 4216 -will never automatically add host keys to the 4217 -.Pa ~/.ssh/known_hosts 4218 -file, and refuses to connect to hosts whose host key has changed. 4219 -This provides maximum protection against trojan horse attacks, 4220 -though it can be annoying when the 4221 -.Pa /etc/ssh/ssh_known_hosts 4222 -file is poorly maintained or when connections to new hosts are 4223 -frequently made. 4224 -This option forces the user to manually 4225 -add all new hosts. 4226 -If this flag is set to 4227 -.Dq no , 4228 -ssh will automatically add new host keys to the 4229 -user known hosts files. 4230 -If this flag is set to 4231 -.Dq ask , 4232 -new host keys 4233 -will be added to the user known host files only after the user 4234 -has confirmed that is what they really want to do, and 4235 -ssh will refuse to connect to hosts whose host key has changed. 4236 -The host keys of 4237 -known hosts will be verified automatically in all cases. 4238 -The argument must be 4239 -.Dq yes , 4240 -.Dq no , 4241 -or 4242 -.Dq ask . 4243 -The default is 4244 -.Dq ask . 4245 -.It Cm TCPKeepAlive 4246 -Specifies whether the system should send TCP keepalive messages to the 4247 -other side. 4248 -If they are sent, death of the connection or crash of one 4249 -of the machines will be properly noticed. 4250 -However, this means that 4251 -connections will die if the route is down temporarily, and some people 4252 -find it annoying. 4253 -.Pp 4254 -The default is 4255 -.Dq yes 4256 -(to send TCP keepalive messages), and the client will notice 4257 -if the network goes down or the remote host dies. 4258 -This is important in scripts, and many users want it too. 4259 -.Pp 4260 -To disable TCP keepalive messages, the value should be set to 4261 -.Dq no . 4262 -.It Cm Tunnel 4263 -Request 4264 -.Xr tun 4 4265 -device forwarding between the client and the server. 4266 -The argument must be 4267 -.Dq yes , 4268 -.Dq point-to-point 4269 -(layer 3), 4270 -.Dq ethernet 4271 -(layer 2), 4272 -or 4273 -.Dq no . 4274 -Specifying 4275 -.Dq yes 4276 -requests the default tunnel mode, which is 4277 -.Dq point-to-point . 4278 -The default is 4279 -.Dq no . 4280 -.It Cm TunnelDevice 4281 -Specifies the 4282 -.Xr tun 4 4283 -devices to open on the client 4284 -.Pq Ar local_tun 4285 -and the server 4286 -.Pq Ar remote_tun . 4287 -.Pp 4288 -The argument must be 4289 -.Sm off 4290 -.Ar local_tun Op : Ar remote_tun . 4291 -.Sm on 4292 -The devices may be specified by numerical ID or the keyword 4293 -.Dq any , 4294 -which uses the next available tunnel device. 4295 -If 4296 -.Ar remote_tun 4297 -is not specified, it defaults to 4298 -.Dq any . 4299 -The default is 4300 -.Dq any:any . 4301 -.It Cm UpdateHostKeys 4302 -Specifies whether 4303 -.Xr ssh 1 4304 -should accept notifications of additional hostkeys from the server sent 4305 -after authentication has completed and add them to 4306 -.Cm UserKnownHostsFile . 4307 -The argument must be 4308 -.Dq yes , 4309 -.Dq no 4310 -(the default) or 4311 -.Dq ask . 4312 -Enabling this option allows learning alternate hostkeys for a server 4313 -and supports graceful key rotation by allowing a server to send replacement 4314 -public keys before old ones are removed. 4315 -Additional hostkeys are only accepted if the key used to authenticate the 4316 -host was already trusted or explicity accepted by the user. 4317 -If 4318 -.Cm UpdateHostKeys 4319 -is set to 4320 -.Dq ask , 4321 -then the user is asked to confirm the modifications to the known_hosts file. 4322 -Confirmation is currently incompatible with 4323 -.Cm ControlPersist , 4324 -and will be disabled if it is enabled. 4325 -.Pp 4326 -Presently, only 4327 -.Xr sshd 8 4328 -from OpenSSH 6.8 and greater support the 4329 -.Dq hostkeys@openssh.com 4330 -protocol extension used to inform the client of all the server's hostkeys. 4331 -.It Cm UsePrivilegedPort 4332 -Specifies whether to use a privileged port for outgoing connections. 4333 -The argument must be 4334 -.Dq yes 4335 -or 4336 -.Dq no . 4337 -The default is 4338 -.Dq no . 4339 -If set to 4340 -.Dq yes , 4341 -.Xr ssh 1 4342 -must be setuid root. 4343 -Note that this option must be set to 4344 -.Dq yes 4345 -for 4346 -.Cm RhostsRSAAuthentication 4347 -with older servers. 4348 -.It Cm User 4349 -Specifies the user to log in as. 4350 -This can be useful when a different user name is used on different machines. 4351 -This saves the trouble of 4352 -having to remember to give the user name on the command line. 4353 -.It Cm UserKnownHostsFile 4354 -Specifies one or more files to use for the user 4355 -host key database, separated by whitespace. 4356 -The default is 4357 -.Pa ~/.ssh/known_hosts , 4358 -.Pa ~/.ssh/known_hosts2 . 4359 -.It Cm VerifyHostKeyDNS 4360 -Specifies whether to verify the remote key using DNS and SSHFP resource 4361 -records. 4362 -If this option is set to 4363 -.Dq yes , 4364 -the client will implicitly trust keys that match a secure fingerprint 4365 -from DNS. 4366 -Insecure fingerprints will be handled as if this option was set to 4367 -.Dq ask . 4368 -If this option is set to 4369 -.Dq ask , 4370 -information on fingerprint match will be displayed, but the user will still 4371 -need to confirm new host keys according to the 4372 -.Cm StrictHostKeyChecking 4373 -option. 4374 -The argument must be 4375 -.Dq yes , 4376 -.Dq no , 4377 -or 4378 -.Dq ask . 4379 -The default is 4380 -.Dq no . 4381 -Note that this option applies to protocol version 2 only. 4382 -.Pp 4383 -See also VERIFYING HOST KEYS in 4384 -.Xr ssh 1 . 4385 -.It Cm VisualHostKey 4386 -If this flag is set to 4387 -.Dq yes , 4388 -an ASCII art representation of the remote host key fingerprint is 4389 -printed in addition to the fingerprint string at login and 4390 -for unknown host keys. 4391 -If this flag is set to 4392 -.Dq no , 4393 -no fingerprint strings are printed at login and 4394 -only the fingerprint string will be printed for unknown host keys. 4395 -The default is 4396 -.Dq no . 4397 -.It Cm XAuthLocation 4398 -Specifies the full pathname of the 4399 -.Xr xauth 1 4400 -program. 4401 -The default is 4402 -.Pa /usr/X11R6/bin/xauth . 4403 -.El 4404 -.Sh PATTERNS 4405 -A 4406 -.Em pattern 4407 -consists of zero or more non-whitespace characters, 4408 -.Sq * 4409 -(a wildcard that matches zero or more characters), 4410 -or 4411 -.Sq ?\& 4412 -(a wildcard that matches exactly one character). 4413 -For example, to specify a set of declarations for any host in the 4414 -.Dq .co.uk 4415 -set of domains, 4416 -the following pattern could be used: 4417 -.Pp 4418 -.Dl Host *.co.uk 4419 -.Pp 4420 -The following pattern 4421 -would match any host in the 192.168.0.[0-9] network range: 4422 -.Pp 4423 -.Dl Host 192.168.0.? 4424 -.Pp 4425 -A 4426 -.Em pattern-list 4427 -is a comma-separated list of patterns. 4428 -Patterns within pattern-lists may be negated 4429 -by preceding them with an exclamation mark 4430 -.Pq Sq !\& . 4431 -For example, 4432 -to allow a key to be used from anywhere within an organization 4433 -except from the 4434 -.Dq dialup 4435 -pool, 4436 -the following entry (in authorized_keys) could be used: 4437 -.Pp 4438 -.Dl from=\&"!*.dialup.example.com,*.example.com\&" 4439 -.Sh FILES 4440 -.Bl -tag -width Ds 4441 -.It Pa ~/.ssh/config 4442 -This is the per-user configuration file. 4443 -The format of this file is described above. 4444 -This file is used by the SSH client. 4445 -Because of the potential for abuse, this file must have strict permissions: 4446 -read/write for the user, and not accessible by others. 4447 -.It Pa /etc/ssh/ssh_config 4448 -Systemwide configuration file. 4449 -This file provides defaults for those 4450 -values that are not specified in the user's configuration file, and 4451 -for those users who do not have a configuration file. 4452 -This file must be world-readable. 4453 -.El 4454 -.Sh SEE ALSO 4455 -.Xr ssh 1 4456 -.Sh AUTHORS 4457 -OpenSSH is a derivative of the original and free 4458 -ssh 1.2.12 release by Tatu Ylonen. 4459 -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 4460 -Theo de Raadt and Dug Song 4461 -removed many bugs, re-added newer features and 4462 -created OpenSSH. 4463 -Markus Friedl contributed the support for SSH 4464 -protocol versions 1.5 and 2.0. 4465 diff --git a/sshd.1m b/sshd.1m 4466 new file mode 100644 4467 index 0000000..967a753 4468 --- /dev/null 4469 +++ b/sshd.1m 4470 @@ -0,0 +1,971 @@ 4471 +.\" 4472 +.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 4473 +.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4474 +.\" All rights reserved 4475 +.\" 4476 +.\" As far as I am concerned, the code I have written for this software 4477 +.\" can be used freely for any purpose. Any derived versions of this 4478 +.\" software must be clearly marked as such, and if the derived work is 4479 +.\" incompatible with the protocol description in the RFC file, it must be 4480 +.\" called by a name other than "ssh" or "Secure Shell". 4481 +.\" 4482 +.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 4483 +.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 4484 +.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 4485 +.\" 4486 +.\" Redistribution and use in source and binary forms, with or without 4487 +.\" modification, are permitted provided that the following conditions 4488 +.\" are met: 4489 +.\" 1. Redistributions of source code must retain the above copyright 4490 +.\" notice, this list of conditions and the following disclaimer. 4491 +.\" 2. Redistributions in binary form must reproduce the above copyright 4492 +.\" notice, this list of conditions and the following disclaimer in the 4493 +.\" documentation and/or other materials provided with the distribution. 4494 +.\" 4495 +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 4496 +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 4497 +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 4498 +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 4499 +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4500 +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 4501 +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 4502 +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 4503 +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 4504 +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 4505 +.\" 4506 +.\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $ 4507 +.Dd $Mdocdate: July 3 2015 $ 4508 +.Dt SSHD 1M 4509 +.Os 4510 +.Sh NAME 4511 +.Nm sshd 4512 +.Nd OpenSSH SSH daemon 4513 +.Sh SYNOPSIS 4514 +.Nm sshd 4515 +.Bk -words 4516 +.Op Fl 46DdeiqTt 4517 +.Op Fl b Ar bits 4518 +.Op Fl C Ar connection_spec 4519 +.Op Fl c Ar host_certificate_file 4520 +.Op Fl E Ar log_file 4521 +.Op Fl f Ar config_file 4522 +.Op Fl g Ar login_grace_time 4523 +.Op Fl h Ar host_key_file 4524 +.Op Fl k Ar key_gen_time 4525 +.Op Fl o Ar option 4526 +.Op Fl p Ar port 4527 +.Op Fl u Ar len 4528 +.Ek 4529 +.Sh DESCRIPTION 4530 +.Nm 4531 +(OpenSSH Daemon) is the daemon program for 4532 +.Xr ssh 1 . 4533 +Together these programs replace rlogin and rsh, 4534 +and provide secure encrypted communications between two untrusted hosts 4535 +over an insecure network. 4536 +.Pp 4537 +.Nm 4538 +listens for connections from clients. 4539 +It is normally started at boot from 4540 +.Pa /etc/rc . 4541 +It forks a new 4542 +daemon for each incoming connection. 4543 +The forked daemons handle 4544 +key exchange, encryption, authentication, command execution, 4545 +and data exchange. 4546 +.Pp 4547 +.Nm 4548 +can be configured using command-line options or a configuration file 4549 +(by default 4550 +.Xr sshd_config 4 ) ; 4551 +command-line options override values specified in the 4552 +configuration file. 4553 +.Nm 4554 +rereads its configuration file when it receives a hangup signal, 4555 +.Dv SIGHUP , 4556 +by executing itself with the name and options it was started with, e.g.\& 4557 +.Pa /usr/sbin/sshd . 4558 +.Pp 4559 +The options are as follows: 4560 +.Bl -tag -width Ds 4561 +.It Fl 4 4562 +Forces 4563 +.Nm 4564 +to use IPv4 addresses only. 4565 +.It Fl 6 4566 +Forces 4567 +.Nm 4568 +to use IPv6 addresses only. 4569 +.It Fl b Ar bits 4570 +Specifies the number of bits in the ephemeral protocol version 1 4571 +server key (default 1024). 4572 +.It Fl C Ar connection_spec 4573 +Specify the connection parameters to use for the 4574 +.Fl T 4575 +extended test mode. 4576 +If provided, any 4577 +.Cm Match 4578 +directives in the configuration file 4579 +that would apply to the specified user, host, and address will be set before 4580 +the configuration is written to standard output. 4581 +The connection parameters are supplied as keyword=value pairs. 4582 +The keywords are 4583 +.Dq user , 4584 +.Dq host , 4585 +.Dq laddr , 4586 +.Dq lport , 4587 +and 4588 +.Dq addr . 4589 +All are required and may be supplied in any order, either with multiple 4590 +.Fl C 4591 +options or as a comma-separated list. 4592 +.It Fl c Ar host_certificate_file 4593 +Specifies a path to a certificate file to identify 4594 +.Nm 4595 +during key exchange. 4596 +The certificate file must match a host key file specified using the 4597 +.Fl h 4598 +option or the 4599 +.Cm HostKey 4600 +configuration directive. 4601 +.It Fl D 4602 +When this option is specified, 4603 +.Nm 4604 +will not detach and does not become a daemon. 4605 +This allows easy monitoring of 4606 +.Nm sshd . 4607 +.It Fl d 4608 +Debug mode. 4609 +The server sends verbose debug output to standard error, 4610 +and does not put itself in the background. 4611 +The server also will not fork and will only process one connection. 4612 +This option is only intended for debugging for the server. 4613 +Multiple 4614 +.Fl d 4615 +options increase the debugging level. 4616 +Maximum is 3. 4617 +.It Fl E Ar log_file 4618 +Append debug logs to 4619 +.Ar log_file 4620 +instead of the system log. 4621 +.It Fl e 4622 +Write debug logs to standard error instead of the system log. 4623 +.It Fl f Ar config_file 4624 +Specifies the name of the configuration file. 4625 +The default is 4626 +.Pa /etc/ssh/sshd_config . 4627 +.Nm 4628 +refuses to start if there is no configuration file. 4629 +.It Fl g Ar login_grace_time 4630 +Gives the grace time for clients to authenticate themselves (default 4631 +120 seconds). 4632 +If the client fails to authenticate the user within 4633 +this many seconds, the server disconnects and exits. 4634 +A value of zero indicates no limit. 4635 +.It Fl h Ar host_key_file 4636 +Specifies a file from which a host key is read. 4637 +This option must be given if 4638 +.Nm 4639 +is not run as root (as the normal 4640 +host key files are normally not readable by anyone but root). 4641 +The default is 4642 +.Pa /etc/ssh/ssh_host_key 4643 +for protocol version 1, and 4644 +.Pa /etc/ssh/ssh_host_dsa_key , 4645 +.Pa /etc/ssh/ssh_host_ecdsa_key . 4646 +.Pa /etc/ssh/ssh_host_ed25519_key 4647 +and 4648 +.Pa /etc/ssh/ssh_host_rsa_key 4649 +for protocol version 2. 4650 +It is possible to have multiple host key files for 4651 +the different protocol versions and host key algorithms. 4652 +.It Fl i 4653 +Specifies that 4654 +.Nm 4655 +is being run from 4656 +.Xr inetd 8 . 4657 +If SSH protocol 1 is enabled, 4658 +.Nm 4659 +should not normally be run 4660 +from inetd because it needs to generate the server key before it can 4661 +respond to the client, and this may take some time. 4662 +Clients may have to wait too long if the key was regenerated every time. 4663 +.It Fl k Ar key_gen_time 4664 +Specifies how often the ephemeral protocol version 1 server key is 4665 +regenerated (default 3600 seconds, or one hour). 4666 +The motivation for regenerating the key fairly 4667 +often is that the key is not stored anywhere, and after about an hour 4668 +it becomes impossible to recover the key for decrypting intercepted 4669 +communications even if the machine is cracked into or physically 4670 +seized. 4671 +A value of zero indicates that the key will never be regenerated. 4672 +.It Fl o Ar option 4673 +Can be used to give options in the format used in the configuration file. 4674 +This is useful for specifying options for which there is no separate 4675 +command-line flag. 4676 +For full details of the options, and their values, see 4677 +.Xr sshd_config 4 . 4678 +.It Fl p Ar port 4679 +Specifies the port on which the server listens for connections 4680 +(default 22). 4681 +Multiple port options are permitted. 4682 +Ports specified in the configuration file with the 4683 +.Cm Port 4684 +option are ignored when a command-line port is specified. 4685 +Ports specified using the 4686 +.Cm ListenAddress 4687 +option override command-line ports. 4688 +.It Fl q 4689 +Quiet mode. 4690 +Nothing is sent to the system log. 4691 +Normally the beginning, 4692 +authentication, and termination of each connection is logged. 4693 +.It Fl T 4694 +Extended test mode. 4695 +Check the validity of the configuration file, output the effective configuration 4696 +to stdout and then exit. 4697 +Optionally, 4698 +.Cm Match 4699 +rules may be applied by specifying the connection parameters using one or more 4700 +.Fl C 4701 +options. 4702 +.It Fl t 4703 +Test mode. 4704 +Only check the validity of the configuration file and sanity of the keys. 4705 +This is useful for updating 4706 +.Nm 4707 +reliably as configuration options may change. 4708 +.It Fl u Ar len 4709 +This option is used to specify the size of the field 4710 +in the 4711 +.Li utmp 4712 +structure that holds the remote host name. 4713 +If the resolved host name is longer than 4714 +.Ar len , 4715 +the dotted decimal value will be used instead. 4716 +This allows hosts with very long host names that 4717 +overflow this field to still be uniquely identified. 4718 +Specifying 4719 +.Fl u0 4720 +indicates that only dotted decimal addresses 4721 +should be put into the 4722 +.Pa utmp 4723 +file. 4724 +.Fl u0 4725 +may also be used to prevent 4726 +.Nm 4727 +from making DNS requests unless the authentication 4728 +mechanism or configuration requires it. 4729 +Authentication mechanisms that may require DNS include 4730 +.Cm RhostsRSAAuthentication , 4731 +.Cm HostbasedAuthentication , 4732 +and using a 4733 +.Cm from="pattern-list" 4734 +option in a key file. 4735 +Configuration options that require DNS include using a 4736 +USER@HOST pattern in 4737 +.Cm AllowUsers 4738 +or 4739 +.Cm DenyUsers . 4740 +.El 4741 +.Sh AUTHENTICATION 4742 +The OpenSSH SSH daemon supports SSH protocols 1 and 2. 4743 +The default is to use protocol 2 only, 4744 +though this can be changed via the 4745 +.Cm Protocol 4746 +option in 4747 +.Xr sshd_config 4 . 4748 +Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys; 4749 +protocol 1 only supports RSA keys. 4750 +For both protocols, 4751 +each host has a host-specific key, 4752 +normally 2048 bits, 4753 +used to identify the host. 4754 +.Pp 4755 +Forward security for protocol 1 is provided through 4756 +an additional server key, 4757 +normally 1024 bits, 4758 +generated when the server starts. 4759 +This key is normally regenerated every hour if it has been used, and 4760 +is never stored on disk. 4761 +Whenever a client connects, the daemon responds with its public 4762 +host and server keys. 4763 +The client compares the 4764 +RSA host key against its own database to verify that it has not changed. 4765 +The client then generates a 256-bit random number. 4766 +It encrypts this 4767 +random number using both the host key and the server key, and sends 4768 +the encrypted number to the server. 4769 +Both sides then use this 4770 +random number as a session key which is used to encrypt all further 4771 +communications in the session. 4772 +The rest of the session is encrypted 4773 +using a conventional cipher, currently Blowfish or 3DES, with 3DES 4774 +being used by default. 4775 +The client selects the encryption algorithm 4776 +to use from those offered by the server. 4777 +.Pp 4778 +For protocol 2, 4779 +forward security is provided through a Diffie-Hellman key agreement. 4780 +This key agreement results in a shared session key. 4781 +The rest of the session is encrypted using a symmetric cipher, currently 4782 +128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. 4783 +The client selects the encryption algorithm 4784 +to use from those offered by the server. 4785 +Additionally, session integrity is provided 4786 +through a cryptographic message authentication code 4787 +(hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160, 4788 +hmac-sha2-256 or hmac-sha2-512). 4789 +.Pp 4790 +Finally, the server and the client enter an authentication dialog. 4791 +The client tries to authenticate itself using 4792 +host-based authentication, 4793 +public key authentication, 4794 +challenge-response authentication, 4795 +or password authentication. 4796 +.Pp 4797 +Regardless of the authentication type, the account is checked to 4798 +ensure that it is accessible. An account is not accessible if it is 4799 +locked, listed in 4800 +.Cm DenyUsers 4801 +or its group is listed in 4802 +.Cm DenyGroups 4803 +\&. The definition of a locked account is system dependant. Some platforms 4804 +have their own account database (eg AIX) and some modify the passwd field ( 4805 +.Ql \&*LK\&* 4806 +on Solaris and UnixWare, 4807 +.Ql \&* 4808 +on HP-UX, containing 4809 +.Ql Nologin 4810 +on Tru64, 4811 +a leading 4812 +.Ql \&*LOCKED\&* 4813 +on FreeBSD and a leading 4814 +.Ql \&! 4815 +on most Linuxes). 4816 +If there is a requirement to disable password authentication 4817 +for the account while allowing still public-key, then the passwd field 4818 +should be set to something other than these values (eg 4819 +.Ql NP 4820 +or 4821 +.Ql \&*NP\&* 4822 +). 4823 +.Pp 4824 +If the client successfully authenticates itself, a dialog for 4825 +preparing the session is entered. 4826 +At this time the client may request 4827 +things like allocating a pseudo-tty, forwarding X11 connections, 4828 +forwarding TCP connections, or forwarding the authentication agent 4829 +connection over the secure channel. 4830 +.Pp 4831 +After this, the client either requests a shell or execution of a command. 4832 +The sides then enter session mode. 4833 +In this mode, either side may send 4834 +data at any time, and such data is forwarded to/from the shell or 4835 +command on the server side, and the user terminal in the client side. 4836 +.Pp 4837 +When the user program terminates and all forwarded X11 and other 4838 +connections have been closed, the server sends command exit status to 4839 +the client, and both sides exit. 4840 +.Sh LOGIN PROCESS 4841 +When a user successfully logs in, 4842 +.Nm 4843 +does the following: 4844 +.Bl -enum -offset indent 4845 +.It 4846 +If the login is on a tty, and no command has been specified, 4847 +prints last login time and 4848 +.Pa /etc/motd 4849 +(unless prevented in the configuration file or by 4850 +.Pa ~/.hushlogin ; 4851 +see the 4852 +.Sx FILES 4853 +section). 4854 +.It 4855 +If the login is on a tty, records login time. 4856 +.It 4857 +Checks 4858 +.Pa /etc/nologin ; 4859 +if it exists, prints contents and quits 4860 +(unless root). 4861 +.It 4862 +Changes to run with normal user privileges. 4863 +.It 4864 +Sets up basic environment. 4865 +.It 4866 +Reads the file 4867 +.Pa ~/.ssh/environment , 4868 +if it exists, and users are allowed to change their environment. 4869 +See the 4870 +.Cm PermitUserEnvironment 4871 +option in 4872 +.Xr sshd_config 4 . 4873 +.It 4874 +Changes to user's home directory. 4875 +.It 4876 +If 4877 +.Pa ~/.ssh/rc 4878 +exists and the 4879 +.Xr sshd_config 5 4880 +.Cm PermitUserRC 4881 +option is set, runs it; else if 4882 +.Pa /etc/ssh/sshrc 4883 +exists, runs 4884 +it; otherwise runs xauth. 4885 +The 4886 +.Dq rc 4887 +files are given the X11 4888 +authentication protocol and cookie in standard input. 4889 +See 4890 +.Sx SSHRC , 4891 +below. 4892 +.It 4893 +Runs user's shell or command. 4894 +All commands are run under the user's login shell as specified in the 4895 +system password database. 4896 +.El 4897 +.Sh SSHRC 4898 +If the file 4899 +.Pa ~/.ssh/rc 4900 +exists, 4901 +.Xr sh 1 4902 +runs it after reading the 4903 +environment files but before starting the user's shell or command. 4904 +It must not produce any output on stdout; stderr must be used 4905 +instead. 4906 +If X11 forwarding is in use, it will receive the "proto cookie" pair in 4907 +its standard input (and 4908 +.Ev DISPLAY 4909 +in its environment). 4910 +The script must call 4911 +.Xr xauth 1 4912 +because 4913 +.Nm 4914 +will not run xauth automatically to add X11 cookies. 4915 +.Pp 4916 +The primary purpose of this file is to run any initialization routines 4917 +which may be needed before the user's home directory becomes 4918 +accessible; AFS is a particular example of such an environment. 4919 +.Pp 4920 +This file will probably contain some initialization code followed by 4921 +something similar to: 4922 +.Bd -literal -offset 3n 4923 +if read proto cookie && [ -n "$DISPLAY" ]; then 4924 + if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then 4925 + # X11UseLocalhost=yes 4926 + echo add unix:`echo $DISPLAY | 4927 + cut -c11-` $proto $cookie 4928 + else 4929 + # X11UseLocalhost=no 4930 + echo add $DISPLAY $proto $cookie 4931 + fi | xauth -q - 4932 +fi 4933 +.Ed 4934 +.Pp 4935 +If this file does not exist, 4936 +.Pa /etc/ssh/sshrc 4937 +is run, and if that 4938 +does not exist either, xauth is used to add the cookie. 4939 +.Sh AUTHORIZED_KEYS FILE FORMAT 4940 +.Cm AuthorizedKeysFile 4941 +specifies the files containing public keys for 4942 +public key authentication; 4943 +if none is specified, the default is 4944 +.Pa ~/.ssh/authorized_keys 4945 +and 4946 +.Pa ~/.ssh/authorized_keys2 . 4947 +Each line of the file contains one 4948 +key (empty lines and lines starting with a 4949 +.Ql # 4950 +are ignored as 4951 +comments). 4952 +Protocol 1 public keys consist of the following space-separated fields: 4953 +options, bits, exponent, modulus, comment. 4954 +Protocol 2 public key consist of: 4955 +options, keytype, base64-encoded key, comment. 4956 +The options field is optional; 4957 +its presence is determined by whether the line starts 4958 +with a number or not (the options field never starts with a number). 4959 +The bits, exponent, modulus, and comment fields give the RSA key for 4960 +protocol version 1; the 4961 +comment field is not used for anything (but may be convenient for the 4962 +user to identify the key). 4963 +For protocol version 2 the keytype is 4964 +.Dq ecdsa-sha2-nistp256 , 4965 +.Dq ecdsa-sha2-nistp384 , 4966 +.Dq ecdsa-sha2-nistp521 , 4967 +.Dq ssh-ed25519 , 4968 +.Dq ssh-dss 4969 +or 4970 +.Dq ssh-rsa . 4971 +.Pp 4972 +Note that lines in this file are usually several hundred bytes long 4973 +(because of the size of the public key encoding) up to a limit of 4974 +8 kilobytes, which permits DSA keys up to 8 kilobits and RSA 4975 +keys up to 16 kilobits. 4976 +You don't want to type them in; instead, copy the 4977 +.Pa identity.pub , 4978 +.Pa id_dsa.pub , 4979 +.Pa id_ecdsa.pub , 4980 +.Pa id_ed25519.pub , 4981 +or the 4982 +.Pa id_rsa.pub 4983 +file and edit it. 4984 +.Pp 4985 +.Nm 4986 +enforces a minimum RSA key modulus size for protocol 1 4987 +and protocol 2 keys of 768 bits. 4988 +.Pp 4989 +The options (if present) consist of comma-separated option 4990 +specifications. 4991 +No spaces are permitted, except within double quotes. 4992 +The following option specifications are supported (note 4993 +that option keywords are case-insensitive): 4994 +.Bl -tag -width Ds 4995 +.It Cm cert-authority 4996 +Specifies that the listed key is a certification authority (CA) that is 4997 +trusted to validate signed certificates for user authentication. 4998 +.Pp 4999 +Certificates may encode access restrictions similar to these key options. 5000 +If both certificate restrictions and key options are present, the most 5001 +restrictive union of the two is applied. 5002 +.It Cm command="command" 5003 +Specifies that the command is executed whenever this key is used for 5004 +authentication. 5005 +The command supplied by the user (if any) is ignored. 5006 +The command is run on a pty if the client requests a pty; 5007 +otherwise it is run without a tty. 5008 +If an 8-bit clean channel is required, 5009 +one must not request a pty or should specify 5010 +.Cm no-pty . 5011 +A quote may be included in the command by quoting it with a backslash. 5012 +This option might be useful 5013 +to restrict certain public keys to perform just a specific operation. 5014 +An example might be a key that permits remote backups but nothing else. 5015 +Note that the client may specify TCP and/or X11 5016 +forwarding unless they are explicitly prohibited. 5017 +The command originally supplied by the client is available in the 5018 +.Ev SSH_ORIGINAL_COMMAND 5019 +environment variable. 5020 +Note that this option applies to shell, command or subsystem execution. 5021 +Also note that this command may be superseded by either a 5022 +.Xr sshd_config 4 5023 +.Cm ForceCommand 5024 +directive or a command embedded in a certificate. 5025 +.It Cm environment="NAME=value" 5026 +Specifies that the string is to be added to the environment when 5027 +logging in using this key. 5028 +Environment variables set this way 5029 +override other default environment values. 5030 +Multiple options of this type are permitted. 5031 +Environment processing is disabled by default and is 5032 +controlled via the 5033 +.Cm PermitUserEnvironment 5034 +option. 5035 +This option is automatically disabled if 5036 +.Cm UseLogin 5037 +is enabled. 5038 +.It Cm from="pattern-list" 5039 +Specifies that in addition to public key authentication, either the canonical 5040 +name of the remote host or its IP address must be present in the 5041 +comma-separated list of patterns. 5042 +See PATTERNS in 5043 +.Xr ssh_config 4 5044 +for more information on patterns. 5045 +.Pp 5046 +In addition to the wildcard matching that may be applied to hostnames or 5047 +addresses, a 5048 +.Cm from 5049 +stanza may match IP addresses using CIDR address/masklen notation. 5050 +.Pp 5051 +The purpose of this option is to optionally increase security: public key 5052 +authentication by itself does not trust the network or name servers or 5053 +anything (but the key); however, if somebody somehow steals the key, the key 5054 +permits an intruder to log in from anywhere in the world. 5055 +This additional option makes using a stolen key more difficult (name 5056 +servers and/or routers would have to be compromised in addition to 5057 +just the key). 5058 +.It Cm no-agent-forwarding 5059 +Forbids authentication agent forwarding when this key is used for 5060 +authentication. 5061 +.It Cm no-port-forwarding 5062 +Forbids TCP forwarding when this key is used for authentication. 5063 +Any port forward requests by the client will return an error. 5064 +This might be used, e.g. in connection with the 5065 +.Cm command 5066 +option. 5067 +.It Cm no-pty 5068 +Prevents tty allocation (a request to allocate a pty will fail). 5069 +.It Cm no-user-rc 5070 +Disables execution of 5071 +.Pa ~/.ssh/rc . 5072 +.It Cm no-X11-forwarding 5073 +Forbids X11 forwarding when this key is used for authentication. 5074 +Any X11 forward requests by the client will return an error. 5075 +.It Cm permitopen="host:port" 5076 +Limit local port forwarding with 5077 +.Xr ssh 1 5078 +.Fl L 5079 +such that it may only connect to the specified host and port. 5080 +IPv6 addresses can be specified by enclosing the address in square brackets. 5081 +Multiple 5082 +.Cm permitopen 5083 +options may be applied separated by commas. 5084 +No pattern matching is performed on the specified hostnames, 5085 +they must be literal domains or addresses. 5086 +A port specification of 5087 +.Cm * 5088 +matches any port. 5089 +.It Cm principals="principals" 5090 +On a 5091 +.Cm cert-authority 5092 +line, specifies allowed principals for certificate authentication as a 5093 +comma-separated list. 5094 +At least one name from the list must appear in the certificate's 5095 +list of principals for the certificate to be accepted. 5096 +This option is ignored for keys that are not marked as trusted certificate 5097 +signers using the 5098 +.Cm cert-authority 5099 +option. 5100 +.It Cm tunnel="n" 5101 +Force a 5102 +.Xr tun 4 5103 +device on the server. 5104 +Without this option, the next available device will be used if 5105 +the client requests a tunnel. 5106 +.El 5107 +.Pp 5108 +An example authorized_keys file: 5109 +.Bd -literal -offset 3n 5110 +# Comments allowed at start of line 5111 +ssh-rsa AAAAB3Nza...LiPk== user@example.net 5112 +from="*.sales.example.net,!pc.sales.example.net" ssh-rsa 5113 +AAAAB2...19Q== john@example.net 5114 +command="dump /home",no-pty,no-port-forwarding ssh-dss 5115 +AAAAC3...51R== example.net 5116 +permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss 5117 +AAAAB5...21S== 5118 +tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== 5119 +jane@example.net 5120 +.Ed 5121 +.Sh SSH_KNOWN_HOSTS FILE FORMAT 5122 +The 5123 +.Pa /etc/ssh/ssh_known_hosts 5124 +and 5125 +.Pa ~/.ssh/known_hosts 5126 +files contain host public keys for all known hosts. 5127 +The global file should 5128 +be prepared by the administrator (optional), and the per-user file is 5129 +maintained automatically: whenever the user connects from an unknown host, 5130 +its key is added to the per-user file. 5131 +.Pp 5132 +Each line in these files contains the following fields: markers (optional), 5133 +hostnames, bits, exponent, modulus, comment. 5134 +The fields are separated by spaces. 5135 +.Pp 5136 +The marker is optional, but if it is present then it must be one of 5137 +.Dq @cert-authority , 5138 +to indicate that the line contains a certification authority (CA) key, 5139 +or 5140 +.Dq @revoked , 5141 +to indicate that the key contained on the line is revoked and must not ever 5142 +be accepted. 5143 +Only one marker should be used on a key line. 5144 +.Pp 5145 +Hostnames is a comma-separated list of patterns 5146 +.Pf ( Ql * 5147 +and 5148 +.Ql \&? 5149 +act as 5150 +wildcards); each pattern in turn is matched against the canonical host 5151 +name (when authenticating a client) or against the user-supplied 5152 +name (when authenticating a server). 5153 +A pattern may also be preceded by 5154 +.Ql \&! 5155 +to indicate negation: if the host name matches a negated 5156 +pattern, it is not accepted (by that line) even if it matched another 5157 +pattern on the line. 5158 +A hostname or address may optionally be enclosed within 5159 +.Ql \&[ 5160 +and 5161 +.Ql \&] 5162 +brackets then followed by 5163 +.Ql \&: 5164 +and a non-standard port number. 5165 +.Pp 5166 +Alternately, hostnames may be stored in a hashed form which hides host names 5167 +and addresses should the file's contents be disclosed. 5168 +Hashed hostnames start with a 5169 +.Ql | 5170 +character. 5171 +Only one hashed hostname may appear on a single line and none of the above 5172 +negation or wildcard operators may be applied. 5173 +.Pp 5174 +Bits, exponent, and modulus are taken directly from the RSA host key; they 5175 +can be obtained, for example, from 5176 +.Pa /etc/ssh/ssh_host_key.pub . 5177 +The optional comment field continues to the end of the line, and is not used. 5178 +.Pp 5179 +Lines starting with 5180 +.Ql # 5181 +and empty lines are ignored as comments. 5182 +.Pp 5183 +When performing host authentication, authentication is accepted if any 5184 +matching line has the proper key; either one that matches exactly or, 5185 +if the server has presented a certificate for authentication, the key 5186 +of the certification authority that signed the certificate. 5187 +For a key to be trusted as a certification authority, it must use the 5188 +.Dq @cert-authority 5189 +marker described above. 5190 +.Pp 5191 +The known hosts file also provides a facility to mark keys as revoked, 5192 +for example when it is known that the associated private key has been 5193 +stolen. 5194 +Revoked keys are specified by including the 5195 +.Dq @revoked 5196 +marker at the beginning of the key line, and are never accepted for 5197 +authentication or as certification authorities, but instead will 5198 +produce a warning from 5199 +.Xr ssh 1 5200 +when they are encountered. 5201 +.Pp 5202 +It is permissible (but not 5203 +recommended) to have several lines or different host keys for the same 5204 +names. 5205 +This will inevitably happen when short forms of host names 5206 +from different domains are put in the file. 5207 +It is possible 5208 +that the files contain conflicting information; authentication is 5209 +accepted if valid information can be found from either file. 5210 +.Pp 5211 +Note that the lines in these files are typically hundreds of characters 5212 +long, and you definitely don't want to type in the host keys by hand. 5213 +Rather, generate them by a script, 5214 +.Xr ssh-keyscan 1 5215 +or by taking 5216 +.Pa /etc/ssh/ssh_host_key.pub 5217 +and adding the host names at the front. 5218 +.Xr ssh-keygen 1 5219 +also offers some basic automated editing for 5220 +.Pa ~/.ssh/known_hosts 5221 +including removing hosts matching a host name and converting all host 5222 +names to their hashed representations. 5223 +.Pp 5224 +An example ssh_known_hosts file: 5225 +.Bd -literal -offset 3n 5226 +# Comments allowed at start of line 5227 +closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net 5228 +cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= 5229 +# A hashed hostname 5230 +|1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa 5231 +AAAA1234.....= 5232 +# A revoked key 5233 +@revoked * ssh-rsa AAAAB5W... 5234 +# A CA key, accepted for any host in *.mydomain.com or *.mydomain.org 5235 +@cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... 5236 +.Ed 5237 +.Sh FILES 5238 +.Bl -tag -width Ds -compact 5239 +.It Pa ~/.hushlogin 5240 +This file is used to suppress printing the last login time and 5241 +.Pa /etc/motd , 5242 +if 5243 +.Cm PrintLastLog 5244 +and 5245 +.Cm PrintMotd , 5246 +respectively, 5247 +are enabled. 5248 +It does not suppress printing of the banner specified by 5249 +.Cm Banner . 5250 +.Pp 5251 +.It Pa ~/.rhosts 5252 +This file is used for host-based authentication (see 5253 +.Xr ssh 1 5254 +for more information). 5255 +On some machines this file may need to be 5256 +world-readable if the user's home directory is on an NFS partition, 5257 +because 5258 +.Nm 5259 +reads it as root. 5260 +Additionally, this file must be owned by the user, 5261 +and must not have write permissions for anyone else. 5262 +The recommended 5263 +permission for most machines is read/write for the user, and not 5264 +accessible by others. 5265 +.Pp 5266 +.It Pa ~/.shosts 5267 +This file is used in exactly the same way as 5268 +.Pa .rhosts , 5269 +but allows host-based authentication without permitting login with 5270 +rlogin/rsh. 5271 +.Pp 5272 +.It Pa ~/.ssh/ 5273 +This directory is the default location for all user-specific configuration 5274 +and authentication information. 5275 +There is no general requirement to keep the entire contents of this directory 5276 +secret, but the recommended permissions are read/write/execute for the user, 5277 +and not accessible by others. 5278 +.Pp 5279 +.It Pa ~/.ssh/authorized_keys 5280 +Lists the public keys (DSA, ECDSA, Ed25519, RSA) 5281 +that can be used for logging in as this user. 5282 +The format of this file is described above. 5283 +The content of the file is not highly sensitive, but the recommended 5284 +permissions are read/write for the user, and not accessible by others. 5285 +.Pp 5286 +If this file, the 5287 +.Pa ~/.ssh 5288 +directory, or the user's home directory are writable 5289 +by other users, then the file could be modified or replaced by unauthorized 5290 +users. 5291 +In this case, 5292 +.Nm 5293 +will not allow it to be used unless the 5294 +.Cm StrictModes 5295 +option has been set to 5296 +.Dq no . 5297 +.Pp 5298 +.It Pa ~/.ssh/environment 5299 +This file is read into the environment at login (if it exists). 5300 +It can only contain empty lines, comment lines (that start with 5301 +.Ql # ) , 5302 +and assignment lines of the form name=value. 5303 +The file should be writable 5304 +only by the user; it need not be readable by anyone else. 5305 +Environment processing is disabled by default and is 5306 +controlled via the 5307 +.Cm PermitUserEnvironment 5308 +option. 5309 +.Pp 5310 +.It Pa ~/.ssh/known_hosts 5311 +Contains a list of host keys for all hosts the user has logged into 5312 +that are not already in the systemwide list of known host keys. 5313 +The format of this file is described above. 5314 +This file should be writable only by root/the owner and 5315 +can, but need not be, world-readable. 5316 +.Pp 5317 +.It Pa ~/.ssh/rc 5318 +Contains initialization routines to be run before 5319 +the user's home directory becomes accessible. 5320 +This file should be writable only by the user, and need not be 5321 +readable by anyone else. 5322 +.Pp 5323 +.It Pa /etc/hosts.equiv 5324 +This file is for host-based authentication (see 5325 +.Xr ssh 1 ) . 5326 +It should only be writable by root. 5327 +.Pp 5328 +.It Pa /etc/moduli 5329 +Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". 5330 +The file format is described in 5331 +.Xr moduli 4 . 5332 +.Pp 5333 +.It Pa /etc/motd 5334 +See 5335 +.Xr motd 5 . 5336 +.Pp 5337 +.It Pa /etc/nologin 5338 +If this file exists, 5339 +.Nm 5340 +refuses to let anyone except root log in. 5341 +The contents of the file 5342 +are displayed to anyone trying to log in, and non-root connections are 5343 +refused. 5344 +The file should be world-readable. 5345 +.Pp 5346 +.It Pa /etc/shosts.equiv 5347 +This file is used in exactly the same way as 5348 +.Pa hosts.equiv , 5349 +but allows host-based authentication without permitting login with 5350 +rlogin/rsh. 5351 +.Pp 5352 +.It Pa /etc/ssh/ssh_host_key 5353 +.It Pa /etc/ssh/ssh_host_dsa_key 5354 +.It Pa /etc/ssh/ssh_host_ecdsa_key 5355 +.It Pa /etc/ssh/ssh_host_ed25519_key 5356 +.It Pa /etc/ssh/ssh_host_rsa_key 5357 +These files contain the private parts of the host keys. 5358 +These files should only be owned by root, readable only by root, and not 5359 +accessible to others. 5360 +Note that 5361 +.Nm 5362 +does not start if these files are group/world-accessible. 5363 +.Pp 5364 +.It Pa /etc/ssh/ssh_host_key.pub 5365 +.It Pa /etc/ssh/ssh_host_dsa_key.pub 5366 +.It Pa /etc/ssh/ssh_host_ecdsa_key.pub 5367 +.It Pa /etc/ssh/ssh_host_ed25519_key.pub 5368 +.It Pa /etc/ssh/ssh_host_rsa_key.pub 5369 +These files contain the public parts of the host keys. 5370 +These files should be world-readable but writable only by 5371 +root. 5372 +Their contents should match the respective private parts. 5373 +These files are not 5374 +really used for anything; they are provided for the convenience of 5375 +the user so their contents can be copied to known hosts files. 5376 +These files are created using 5377 +.Xr ssh-keygen 1 . 5378 +.Pp 5379 +.It Pa /etc/ssh/ssh_known_hosts 5380 +Systemwide list of known host keys. 5381 +This file should be prepared by the 5382 +system administrator to contain the public host keys of all machines in the 5383 +organization. 5384 +The format of this file is described above. 5385 +This file should be writable only by root/the owner and 5386 +should be world-readable. 5387 +.Pp 5388 +.It Pa /etc/ssh/sshd_config 5389 +Contains configuration data for 5390 +.Nm sshd . 5391 +The file format and configuration options are described in 5392 +.Xr sshd_config 4 . 5393 +.Pp 5394 +.It Pa /etc/ssh/sshrc 5395 +Similar to 5396 +.Pa ~/.ssh/rc , 5397 +it can be used to specify 5398 +machine-specific login-time initializations globally. 5399 +This file should be writable only by root, and should be world-readable. 5400 +.Pp 5401 +.It Pa /var/empty 5402 +.Xr chroot 2 5403 +directory used by 5404 +.Nm 5405 +during privilege separation in the pre-authentication phase. 5406 +The directory should not contain any files and must be owned by root 5407 +and not group or world-writable. 5408 +.Pp 5409 +.It Pa /var/run/sshd.pid 5410 +Contains the process ID of the 5411 +.Nm 5412 +listening for connections (if there are several daemons running 5413 +concurrently for different ports, this contains the process ID of the one 5414 +started last). 5415 +The content of this file is not sensitive; it can be world-readable. 5416 +.El 5417 +.Sh SEE ALSO 5418 +.Xr scp 1 , 5419 +.Xr sftp 1 , 5420 +.Xr ssh 1 , 5421 +.Xr ssh-add 1 , 5422 +.Xr ssh-agent 1 , 5423 +.Xr ssh-keygen 1 , 5424 +.Xr ssh-keyscan 1 , 5425 +.Xr chroot 2 , 5426 +.Xr login.conf 5 , 5427 +.Xr moduli 4 , 5428 +.Xr sshd_config 4 , 5429 +.Xr inetd 1M , 5430 +.Xr sftp-server 1M 5431 +.Sh AUTHORS 5432 +OpenSSH is a derivative of the original and free 5433 +ssh 1.2.12 release by Tatu Ylonen. 5434 +Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 5435 +Theo de Raadt and Dug Song 5436 +removed many bugs, re-added newer features and 5437 +created OpenSSH. 5438 +Markus Friedl contributed the support for SSH 5439 +protocol versions 1.5 and 2.0. 5440 +Niels Provos and Markus Friedl contributed support 5441 +for privilege separation. 5442 diff --git a/sshd.8 b/sshd.8 5443 deleted file mode 100644 5444 index 213b5fc..0000000 5445 --- a/sshd.8 5446 +++ /dev/null 5447 @@ -1,971 +0,0 @@ 5448 -.\" 5449 -.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 5450 -.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5451 -.\" All rights reserved 5452 -.\" 5453 -.\" As far as I am concerned, the code I have written for this software 5454 -.\" can be used freely for any purpose. Any derived versions of this 5455 -.\" software must be clearly marked as such, and if the derived work is 5456 -.\" incompatible with the protocol description in the RFC file, it must be 5457 -.\" called by a name other than "ssh" or "Secure Shell". 5458 -.\" 5459 -.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 5460 -.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 5461 -.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 5462 -.\" 5463 -.\" Redistribution and use in source and binary forms, with or without 5464 -.\" modification, are permitted provided that the following conditions 5465 -.\" are met: 5466 -.\" 1. Redistributions of source code must retain the above copyright 5467 -.\" notice, this list of conditions and the following disclaimer. 5468 -.\" 2. Redistributions in binary form must reproduce the above copyright 5469 -.\" notice, this list of conditions and the following disclaimer in the 5470 -.\" documentation and/or other materials provided with the distribution. 5471 -.\" 5472 -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 5473 -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 5474 -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 5475 -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 5476 -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 5477 -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 5478 -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 5479 -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 5480 -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 5481 -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 5482 -.\" 5483 -.\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $ 5484 -.Dd $Mdocdate: July 3 2015 $ 5485 -.Dt SSHD 8 5486 -.Os 5487 -.Sh NAME 5488 -.Nm sshd 5489 -.Nd OpenSSH SSH daemon 5490 -.Sh SYNOPSIS 5491 -.Nm sshd 5492 -.Bk -words 5493 -.Op Fl 46DdeiqTt 5494 -.Op Fl b Ar bits 5495 -.Op Fl C Ar connection_spec 5496 -.Op Fl c Ar host_certificate_file 5497 -.Op Fl E Ar log_file 5498 -.Op Fl f Ar config_file 5499 -.Op Fl g Ar login_grace_time 5500 -.Op Fl h Ar host_key_file 5501 -.Op Fl k Ar key_gen_time 5502 -.Op Fl o Ar option 5503 -.Op Fl p Ar port 5504 -.Op Fl u Ar len 5505 -.Ek 5506 -.Sh DESCRIPTION 5507 -.Nm 5508 -(OpenSSH Daemon) is the daemon program for 5509 -.Xr ssh 1 . 5510 -Together these programs replace rlogin and rsh, 5511 -and provide secure encrypted communications between two untrusted hosts 5512 -over an insecure network. 5513 -.Pp 5514 -.Nm 5515 -listens for connections from clients. 5516 -It is normally started at boot from 5517 -.Pa /etc/rc . 5518 -It forks a new 5519 -daemon for each incoming connection. 5520 -The forked daemons handle 5521 -key exchange, encryption, authentication, command execution, 5522 -and data exchange. 5523 -.Pp 5524 -.Nm 5525 -can be configured using command-line options or a configuration file 5526 -(by default 5527 -.Xr sshd_config 5 ) ; 5528 -command-line options override values specified in the 5529 -configuration file. 5530 -.Nm 5531 -rereads its configuration file when it receives a hangup signal, 5532 -.Dv SIGHUP , 5533 -by executing itself with the name and options it was started with, e.g.\& 5534 -.Pa /usr/sbin/sshd . 5535 -.Pp 5536 -The options are as follows: 5537 -.Bl -tag -width Ds 5538 -.It Fl 4 5539 -Forces 5540 -.Nm 5541 -to use IPv4 addresses only. 5542 -.It Fl 6 5543 -Forces 5544 -.Nm 5545 -to use IPv6 addresses only. 5546 -.It Fl b Ar bits 5547 -Specifies the number of bits in the ephemeral protocol version 1 5548 -server key (default 1024). 5549 -.It Fl C Ar connection_spec 5550 -Specify the connection parameters to use for the 5551 -.Fl T 5552 -extended test mode. 5553 -If provided, any 5554 -.Cm Match 5555 -directives in the configuration file 5556 -that would apply to the specified user, host, and address will be set before 5557 -the configuration is written to standard output. 5558 -The connection parameters are supplied as keyword=value pairs. 5559 -The keywords are 5560 -.Dq user , 5561 -.Dq host , 5562 -.Dq laddr , 5563 -.Dq lport , 5564 -and 5565 -.Dq addr . 5566 -All are required and may be supplied in any order, either with multiple 5567 -.Fl C 5568 -options or as a comma-separated list. 5569 -.It Fl c Ar host_certificate_file 5570 -Specifies a path to a certificate file to identify 5571 -.Nm 5572 -during key exchange. 5573 -The certificate file must match a host key file specified using the 5574 -.Fl h 5575 -option or the 5576 -.Cm HostKey 5577 -configuration directive. 5578 -.It Fl D 5579 -When this option is specified, 5580 -.Nm 5581 -will not detach and does not become a daemon. 5582 -This allows easy monitoring of 5583 -.Nm sshd . 5584 -.It Fl d 5585 -Debug mode. 5586 -The server sends verbose debug output to standard error, 5587 -and does not put itself in the background. 5588 -The server also will not fork and will only process one connection. 5589 -This option is only intended for debugging for the server. 5590 -Multiple 5591 -.Fl d 5592 -options increase the debugging level. 5593 -Maximum is 3. 5594 -.It Fl E Ar log_file 5595 -Append debug logs to 5596 -.Ar log_file 5597 -instead of the system log. 5598 -.It Fl e 5599 -Write debug logs to standard error instead of the system log. 5600 -.It Fl f Ar config_file 5601 -Specifies the name of the configuration file. 5602 -The default is 5603 -.Pa /etc/ssh/sshd_config . 5604 -.Nm 5605 -refuses to start if there is no configuration file. 5606 -.It Fl g Ar login_grace_time 5607 -Gives the grace time for clients to authenticate themselves (default 5608 -120 seconds). 5609 -If the client fails to authenticate the user within 5610 -this many seconds, the server disconnects and exits. 5611 -A value of zero indicates no limit. 5612 -.It Fl h Ar host_key_file 5613 -Specifies a file from which a host key is read. 5614 -This option must be given if 5615 -.Nm 5616 -is not run as root (as the normal 5617 -host key files are normally not readable by anyone but root). 5618 -The default is 5619 -.Pa /etc/ssh/ssh_host_key 5620 -for protocol version 1, and 5621 -.Pa /etc/ssh/ssh_host_dsa_key , 5622 -.Pa /etc/ssh/ssh_host_ecdsa_key . 5623 -.Pa /etc/ssh/ssh_host_ed25519_key 5624 -and 5625 -.Pa /etc/ssh/ssh_host_rsa_key 5626 -for protocol version 2. 5627 -It is possible to have multiple host key files for 5628 -the different protocol versions and host key algorithms. 5629 -.It Fl i 5630 -Specifies that 5631 -.Nm 5632 -is being run from 5633 -.Xr inetd 8 . 5634 -If SSH protocol 1 is enabled, 5635 -.Nm 5636 -should not normally be run 5637 -from inetd because it needs to generate the server key before it can 5638 -respond to the client, and this may take some time. 5639 -Clients may have to wait too long if the key was regenerated every time. 5640 -.It Fl k Ar key_gen_time 5641 -Specifies how often the ephemeral protocol version 1 server key is 5642 -regenerated (default 3600 seconds, or one hour). 5643 -The motivation for regenerating the key fairly 5644 -often is that the key is not stored anywhere, and after about an hour 5645 -it becomes impossible to recover the key for decrypting intercepted 5646 -communications even if the machine is cracked into or physically 5647 -seized. 5648 -A value of zero indicates that the key will never be regenerated. 5649 -.It Fl o Ar option 5650 -Can be used to give options in the format used in the configuration file. 5651 -This is useful for specifying options for which there is no separate 5652 -command-line flag. 5653 -For full details of the options, and their values, see 5654 -.Xr sshd_config 5 . 5655 -.It Fl p Ar port 5656 -Specifies the port on which the server listens for connections 5657 -(default 22). 5658 -Multiple port options are permitted. 5659 -Ports specified in the configuration file with the 5660 -.Cm Port 5661 -option are ignored when a command-line port is specified. 5662 -Ports specified using the 5663 -.Cm ListenAddress 5664 -option override command-line ports. 5665 -.It Fl q 5666 -Quiet mode. 5667 -Nothing is sent to the system log. 5668 -Normally the beginning, 5669 -authentication, and termination of each connection is logged. 5670 -.It Fl T 5671 -Extended test mode. 5672 -Check the validity of the configuration file, output the effective configuration 5673 -to stdout and then exit. 5674 -Optionally, 5675 -.Cm Match 5676 -rules may be applied by specifying the connection parameters using one or more 5677 -.Fl C 5678 -options. 5679 -.It Fl t 5680 -Test mode. 5681 -Only check the validity of the configuration file and sanity of the keys. 5682 -This is useful for updating 5683 -.Nm 5684 -reliably as configuration options may change. 5685 -.It Fl u Ar len 5686 -This option is used to specify the size of the field 5687 -in the 5688 -.Li utmp 5689 -structure that holds the remote host name. 5690 -If the resolved host name is longer than 5691 -.Ar len , 5692 -the dotted decimal value will be used instead. 5693 -This allows hosts with very long host names that 5694 -overflow this field to still be uniquely identified. 5695 -Specifying 5696 -.Fl u0 5697 -indicates that only dotted decimal addresses 5698 -should be put into the 5699 -.Pa utmp 5700 -file. 5701 -.Fl u0 5702 -may also be used to prevent 5703 -.Nm 5704 -from making DNS requests unless the authentication 5705 -mechanism or configuration requires it. 5706 -Authentication mechanisms that may require DNS include 5707 -.Cm RhostsRSAAuthentication , 5708 -.Cm HostbasedAuthentication , 5709 -and using a 5710 -.Cm from="pattern-list" 5711 -option in a key file. 5712 -Configuration options that require DNS include using a 5713 -USER@HOST pattern in 5714 -.Cm AllowUsers 5715 -or 5716 -.Cm DenyUsers . 5717 -.El 5718 -.Sh AUTHENTICATION 5719 -The OpenSSH SSH daemon supports SSH protocols 1 and 2. 5720 -The default is to use protocol 2 only, 5721 -though this can be changed via the 5722 -.Cm Protocol 5723 -option in 5724 -.Xr sshd_config 5 . 5725 -Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys; 5726 -protocol 1 only supports RSA keys. 5727 -For both protocols, 5728 -each host has a host-specific key, 5729 -normally 2048 bits, 5730 -used to identify the host. 5731 -.Pp 5732 -Forward security for protocol 1 is provided through 5733 -an additional server key, 5734 -normally 1024 bits, 5735 -generated when the server starts. 5736 -This key is normally regenerated every hour if it has been used, and 5737 -is never stored on disk. 5738 -Whenever a client connects, the daemon responds with its public 5739 -host and server keys. 5740 -The client compares the 5741 -RSA host key against its own database to verify that it has not changed. 5742 -The client then generates a 256-bit random number. 5743 -It encrypts this 5744 -random number using both the host key and the server key, and sends 5745 -the encrypted number to the server. 5746 -Both sides then use this 5747 -random number as a session key which is used to encrypt all further 5748 -communications in the session. 5749 -The rest of the session is encrypted 5750 -using a conventional cipher, currently Blowfish or 3DES, with 3DES 5751 -being used by default. 5752 -The client selects the encryption algorithm 5753 -to use from those offered by the server. 5754 -.Pp 5755 -For protocol 2, 5756 -forward security is provided through a Diffie-Hellman key agreement. 5757 -This key agreement results in a shared session key. 5758 -The rest of the session is encrypted using a symmetric cipher, currently 5759 -128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. 5760 -The client selects the encryption algorithm 5761 -to use from those offered by the server. 5762 -Additionally, session integrity is provided 5763 -through a cryptographic message authentication code 5764 -(hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160, 5765 -hmac-sha2-256 or hmac-sha2-512). 5766 -.Pp 5767 -Finally, the server and the client enter an authentication dialog. 5768 -The client tries to authenticate itself using 5769 -host-based authentication, 5770 -public key authentication, 5771 -challenge-response authentication, 5772 -or password authentication. 5773 -.Pp 5774 -Regardless of the authentication type, the account is checked to 5775 -ensure that it is accessible. An account is not accessible if it is 5776 -locked, listed in 5777 -.Cm DenyUsers 5778 -or its group is listed in 5779 -.Cm DenyGroups 5780 -\&. The definition of a locked account is system dependant. Some platforms 5781 -have their own account database (eg AIX) and some modify the passwd field ( 5782 -.Ql \&*LK\&* 5783 -on Solaris and UnixWare, 5784 -.Ql \&* 5785 -on HP-UX, containing 5786 -.Ql Nologin 5787 -on Tru64, 5788 -a leading 5789 -.Ql \&*LOCKED\&* 5790 -on FreeBSD and a leading 5791 -.Ql \&! 5792 -on most Linuxes). 5793 -If there is a requirement to disable password authentication 5794 -for the account while allowing still public-key, then the passwd field 5795 -should be set to something other than these values (eg 5796 -.Ql NP 5797 -or 5798 -.Ql \&*NP\&* 5799 -). 5800 -.Pp 5801 -If the client successfully authenticates itself, a dialog for 5802 -preparing the session is entered. 5803 -At this time the client may request 5804 -things like allocating a pseudo-tty, forwarding X11 connections, 5805 -forwarding TCP connections, or forwarding the authentication agent 5806 -connection over the secure channel. 5807 -.Pp 5808 -After this, the client either requests a shell or execution of a command. 5809 -The sides then enter session mode. 5810 -In this mode, either side may send 5811 -data at any time, and such data is forwarded to/from the shell or 5812 -command on the server side, and the user terminal in the client side. 5813 -.Pp 5814 -When the user program terminates and all forwarded X11 and other 5815 -connections have been closed, the server sends command exit status to 5816 -the client, and both sides exit. 5817 -.Sh LOGIN PROCESS 5818 -When a user successfully logs in, 5819 -.Nm 5820 -does the following: 5821 -.Bl -enum -offset indent 5822 -.It 5823 -If the login is on a tty, and no command has been specified, 5824 -prints last login time and 5825 -.Pa /etc/motd 5826 -(unless prevented in the configuration file or by 5827 -.Pa ~/.hushlogin ; 5828 -see the 5829 -.Sx FILES 5830 -section). 5831 -.It 5832 -If the login is on a tty, records login time. 5833 -.It 5834 -Checks 5835 -.Pa /etc/nologin ; 5836 -if it exists, prints contents and quits 5837 -(unless root). 5838 -.It 5839 -Changes to run with normal user privileges. 5840 -.It 5841 -Sets up basic environment. 5842 -.It 5843 -Reads the file 5844 -.Pa ~/.ssh/environment , 5845 -if it exists, and users are allowed to change their environment. 5846 -See the 5847 -.Cm PermitUserEnvironment 5848 -option in 5849 -.Xr sshd_config 5 . 5850 -.It 5851 -Changes to user's home directory. 5852 -.It 5853 -If 5854 -.Pa ~/.ssh/rc 5855 -exists and the 5856 -.Xr sshd_config 5 5857 -.Cm PermitUserRC 5858 -option is set, runs it; else if 5859 -.Pa /etc/ssh/sshrc 5860 -exists, runs 5861 -it; otherwise runs xauth. 5862 -The 5863 -.Dq rc 5864 -files are given the X11 5865 -authentication protocol and cookie in standard input. 5866 -See 5867 -.Sx SSHRC , 5868 -below. 5869 -.It 5870 -Runs user's shell or command. 5871 -All commands are run under the user's login shell as specified in the 5872 -system password database. 5873 -.El 5874 -.Sh SSHRC 5875 -If the file 5876 -.Pa ~/.ssh/rc 5877 -exists, 5878 -.Xr sh 1 5879 -runs it after reading the 5880 -environment files but before starting the user's shell or command. 5881 -It must not produce any output on stdout; stderr must be used 5882 -instead. 5883 -If X11 forwarding is in use, it will receive the "proto cookie" pair in 5884 -its standard input (and 5885 -.Ev DISPLAY 5886 -in its environment). 5887 -The script must call 5888 -.Xr xauth 1 5889 -because 5890 -.Nm 5891 -will not run xauth automatically to add X11 cookies. 5892 -.Pp 5893 -The primary purpose of this file is to run any initialization routines 5894 -which may be needed before the user's home directory becomes 5895 -accessible; AFS is a particular example of such an environment. 5896 -.Pp 5897 -This file will probably contain some initialization code followed by 5898 -something similar to: 5899 -.Bd -literal -offset 3n 5900 -if read proto cookie && [ -n "$DISPLAY" ]; then 5901 - if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then 5902 - # X11UseLocalhost=yes 5903 - echo add unix:`echo $DISPLAY | 5904 - cut -c11-` $proto $cookie 5905 - else 5906 - # X11UseLocalhost=no 5907 - echo add $DISPLAY $proto $cookie 5908 - fi | xauth -q - 5909 -fi 5910 -.Ed 5911 -.Pp 5912 -If this file does not exist, 5913 -.Pa /etc/ssh/sshrc 5914 -is run, and if that 5915 -does not exist either, xauth is used to add the cookie. 5916 -.Sh AUTHORIZED_KEYS FILE FORMAT 5917 -.Cm AuthorizedKeysFile 5918 -specifies the files containing public keys for 5919 -public key authentication; 5920 -if none is specified, the default is 5921 -.Pa ~/.ssh/authorized_keys 5922 -and 5923 -.Pa ~/.ssh/authorized_keys2 . 5924 -Each line of the file contains one 5925 -key (empty lines and lines starting with a 5926 -.Ql # 5927 -are ignored as 5928 -comments). 5929 -Protocol 1 public keys consist of the following space-separated fields: 5930 -options, bits, exponent, modulus, comment. 5931 -Protocol 2 public key consist of: 5932 -options, keytype, base64-encoded key, comment. 5933 -The options field is optional; 5934 -its presence is determined by whether the line starts 5935 -with a number or not (the options field never starts with a number). 5936 -The bits, exponent, modulus, and comment fields give the RSA key for 5937 -protocol version 1; the 5938 -comment field is not used for anything (but may be convenient for the 5939 -user to identify the key). 5940 -For protocol version 2 the keytype is 5941 -.Dq ecdsa-sha2-nistp256 , 5942 -.Dq ecdsa-sha2-nistp384 , 5943 -.Dq ecdsa-sha2-nistp521 , 5944 -.Dq ssh-ed25519 , 5945 -.Dq ssh-dss 5946 -or 5947 -.Dq ssh-rsa . 5948 -.Pp 5949 -Note that lines in this file are usually several hundred bytes long 5950 -(because of the size of the public key encoding) up to a limit of 5951 -8 kilobytes, which permits DSA keys up to 8 kilobits and RSA 5952 -keys up to 16 kilobits. 5953 -You don't want to type them in; instead, copy the 5954 -.Pa identity.pub , 5955 -.Pa id_dsa.pub , 5956 -.Pa id_ecdsa.pub , 5957 -.Pa id_ed25519.pub , 5958 -or the 5959 -.Pa id_rsa.pub 5960 -file and edit it. 5961 -.Pp 5962 -.Nm 5963 -enforces a minimum RSA key modulus size for protocol 1 5964 -and protocol 2 keys of 768 bits. 5965 -.Pp 5966 -The options (if present) consist of comma-separated option 5967 -specifications. 5968 -No spaces are permitted, except within double quotes. 5969 -The following option specifications are supported (note 5970 -that option keywords are case-insensitive): 5971 -.Bl -tag -width Ds 5972 -.It Cm cert-authority 5973 -Specifies that the listed key is a certification authority (CA) that is 5974 -trusted to validate signed certificates for user authentication. 5975 -.Pp 5976 -Certificates may encode access restrictions similar to these key options. 5977 -If both certificate restrictions and key options are present, the most 5978 -restrictive union of the two is applied. 5979 -.It Cm command="command" 5980 -Specifies that the command is executed whenever this key is used for 5981 -authentication. 5982 -The command supplied by the user (if any) is ignored. 5983 -The command is run on a pty if the client requests a pty; 5984 -otherwise it is run without a tty. 5985 -If an 8-bit clean channel is required, 5986 -one must not request a pty or should specify 5987 -.Cm no-pty . 5988 -A quote may be included in the command by quoting it with a backslash. 5989 -This option might be useful 5990 -to restrict certain public keys to perform just a specific operation. 5991 -An example might be a key that permits remote backups but nothing else. 5992 -Note that the client may specify TCP and/or X11 5993 -forwarding unless they are explicitly prohibited. 5994 -The command originally supplied by the client is available in the 5995 -.Ev SSH_ORIGINAL_COMMAND 5996 -environment variable. 5997 -Note that this option applies to shell, command or subsystem execution. 5998 -Also note that this command may be superseded by either a 5999 -.Xr sshd_config 5 6000 -.Cm ForceCommand 6001 -directive or a command embedded in a certificate. 6002 -.It Cm environment="NAME=value" 6003 -Specifies that the string is to be added to the environment when 6004 -logging in using this key. 6005 -Environment variables set this way 6006 -override other default environment values. 6007 -Multiple options of this type are permitted. 6008 -Environment processing is disabled by default and is 6009 -controlled via the 6010 -.Cm PermitUserEnvironment 6011 -option. 6012 -This option is automatically disabled if 6013 -.Cm UseLogin 6014 -is enabled. 6015 -.It Cm from="pattern-list" 6016 -Specifies that in addition to public key authentication, either the canonical 6017 -name of the remote host or its IP address must be present in the 6018 -comma-separated list of patterns. 6019 -See PATTERNS in 6020 -.Xr ssh_config 5 6021 -for more information on patterns. 6022 -.Pp 6023 -In addition to the wildcard matching that may be applied to hostnames or 6024 -addresses, a 6025 -.Cm from 6026 -stanza may match IP addresses using CIDR address/masklen notation. 6027 -.Pp 6028 -The purpose of this option is to optionally increase security: public key 6029 -authentication by itself does not trust the network or name servers or 6030 -anything (but the key); however, if somebody somehow steals the key, the key 6031 -permits an intruder to log in from anywhere in the world. 6032 -This additional option makes using a stolen key more difficult (name 6033 -servers and/or routers would have to be compromised in addition to 6034 -just the key). 6035 -.It Cm no-agent-forwarding 6036 -Forbids authentication agent forwarding when this key is used for 6037 -authentication. 6038 -.It Cm no-port-forwarding 6039 -Forbids TCP forwarding when this key is used for authentication. 6040 -Any port forward requests by the client will return an error. 6041 -This might be used, e.g. in connection with the 6042 -.Cm command 6043 -option. 6044 -.It Cm no-pty 6045 -Prevents tty allocation (a request to allocate a pty will fail). 6046 -.It Cm no-user-rc 6047 -Disables execution of 6048 -.Pa ~/.ssh/rc . 6049 -.It Cm no-X11-forwarding 6050 -Forbids X11 forwarding when this key is used for authentication. 6051 -Any X11 forward requests by the client will return an error. 6052 -.It Cm permitopen="host:port" 6053 -Limit local port forwarding with 6054 -.Xr ssh 1 6055 -.Fl L 6056 -such that it may only connect to the specified host and port. 6057 -IPv6 addresses can be specified by enclosing the address in square brackets. 6058 -Multiple 6059 -.Cm permitopen 6060 -options may be applied separated by commas. 6061 -No pattern matching is performed on the specified hostnames, 6062 -they must be literal domains or addresses. 6063 -A port specification of 6064 -.Cm * 6065 -matches any port. 6066 -.It Cm principals="principals" 6067 -On a 6068 -.Cm cert-authority 6069 -line, specifies allowed principals for certificate authentication as a 6070 -comma-separated list. 6071 -At least one name from the list must appear in the certificate's 6072 -list of principals for the certificate to be accepted. 6073 -This option is ignored for keys that are not marked as trusted certificate 6074 -signers using the 6075 -.Cm cert-authority 6076 -option. 6077 -.It Cm tunnel="n" 6078 -Force a 6079 -.Xr tun 4 6080 -device on the server. 6081 -Without this option, the next available device will be used if 6082 -the client requests a tunnel. 6083 -.El 6084 -.Pp 6085 -An example authorized_keys file: 6086 -.Bd -literal -offset 3n 6087 -# Comments allowed at start of line 6088 -ssh-rsa AAAAB3Nza...LiPk== user@example.net 6089 -from="*.sales.example.net,!pc.sales.example.net" ssh-rsa 6090 -AAAAB2...19Q== john@example.net 6091 -command="dump /home",no-pty,no-port-forwarding ssh-dss 6092 -AAAAC3...51R== example.net 6093 -permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss 6094 -AAAAB5...21S== 6095 -tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== 6096 -jane@example.net 6097 -.Ed 6098 -.Sh SSH_KNOWN_HOSTS FILE FORMAT 6099 -The 6100 -.Pa /etc/ssh/ssh_known_hosts 6101 -and 6102 -.Pa ~/.ssh/known_hosts 6103 -files contain host public keys for all known hosts. 6104 -The global file should 6105 -be prepared by the administrator (optional), and the per-user file is 6106 -maintained automatically: whenever the user connects from an unknown host, 6107 -its key is added to the per-user file. 6108 -.Pp 6109 -Each line in these files contains the following fields: markers (optional), 6110 -hostnames, bits, exponent, modulus, comment. 6111 -The fields are separated by spaces. 6112 -.Pp 6113 -The marker is optional, but if it is present then it must be one of 6114 -.Dq @cert-authority , 6115 -to indicate that the line contains a certification authority (CA) key, 6116 -or 6117 -.Dq @revoked , 6118 -to indicate that the key contained on the line is revoked and must not ever 6119 -be accepted. 6120 -Only one marker should be used on a key line. 6121 -.Pp 6122 -Hostnames is a comma-separated list of patterns 6123 -.Pf ( Ql * 6124 -and 6125 -.Ql \&? 6126 -act as 6127 -wildcards); each pattern in turn is matched against the canonical host 6128 -name (when authenticating a client) or against the user-supplied 6129 -name (when authenticating a server). 6130 -A pattern may also be preceded by 6131 -.Ql \&! 6132 -to indicate negation: if the host name matches a negated 6133 -pattern, it is not accepted (by that line) even if it matched another 6134 -pattern on the line. 6135 -A hostname or address may optionally be enclosed within 6136 -.Ql \&[ 6137 -and 6138 -.Ql \&] 6139 -brackets then followed by 6140 -.Ql \&: 6141 -and a non-standard port number. 6142 -.Pp 6143 -Alternately, hostnames may be stored in a hashed form which hides host names 6144 -and addresses should the file's contents be disclosed. 6145 -Hashed hostnames start with a 6146 -.Ql | 6147 -character. 6148 -Only one hashed hostname may appear on a single line and none of the above 6149 -negation or wildcard operators may be applied. 6150 -.Pp 6151 -Bits, exponent, and modulus are taken directly from the RSA host key; they 6152 -can be obtained, for example, from 6153 -.Pa /etc/ssh/ssh_host_key.pub . 6154 -The optional comment field continues to the end of the line, and is not used. 6155 -.Pp 6156 -Lines starting with 6157 -.Ql # 6158 -and empty lines are ignored as comments. 6159 -.Pp 6160 -When performing host authentication, authentication is accepted if any 6161 -matching line has the proper key; either one that matches exactly or, 6162 -if the server has presented a certificate for authentication, the key 6163 -of the certification authority that signed the certificate. 6164 -For a key to be trusted as a certification authority, it must use the 6165 -.Dq @cert-authority 6166 -marker described above. 6167 -.Pp 6168 -The known hosts file also provides a facility to mark keys as revoked, 6169 -for example when it is known that the associated private key has been 6170 -stolen. 6171 -Revoked keys are specified by including the 6172 -.Dq @revoked 6173 -marker at the beginning of the key line, and are never accepted for 6174 -authentication or as certification authorities, but instead will 6175 -produce a warning from 6176 -.Xr ssh 1 6177 -when they are encountered. 6178 -.Pp 6179 -It is permissible (but not 6180 -recommended) to have several lines or different host keys for the same 6181 -names. 6182 -This will inevitably happen when short forms of host names 6183 -from different domains are put in the file. 6184 -It is possible 6185 -that the files contain conflicting information; authentication is 6186 -accepted if valid information can be found from either file. 6187 -.Pp 6188 -Note that the lines in these files are typically hundreds of characters 6189 -long, and you definitely don't want to type in the host keys by hand. 6190 -Rather, generate them by a script, 6191 -.Xr ssh-keyscan 1 6192 -or by taking 6193 -.Pa /etc/ssh/ssh_host_key.pub 6194 -and adding the host names at the front. 6195 -.Xr ssh-keygen 1 6196 -also offers some basic automated editing for 6197 -.Pa ~/.ssh/known_hosts 6198 -including removing hosts matching a host name and converting all host 6199 -names to their hashed representations. 6200 -.Pp 6201 -An example ssh_known_hosts file: 6202 -.Bd -literal -offset 3n 6203 -# Comments allowed at start of line 6204 -closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net 6205 -cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= 6206 -# A hashed hostname 6207 -|1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa 6208 -AAAA1234.....= 6209 -# A revoked key 6210 -@revoked * ssh-rsa AAAAB5W... 6211 -# A CA key, accepted for any host in *.mydomain.com or *.mydomain.org 6212 -@cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... 6213 -.Ed 6214 -.Sh FILES 6215 -.Bl -tag -width Ds -compact 6216 -.It Pa ~/.hushlogin 6217 -This file is used to suppress printing the last login time and 6218 -.Pa /etc/motd , 6219 -if 6220 -.Cm PrintLastLog 6221 -and 6222 -.Cm PrintMotd , 6223 -respectively, 6224 -are enabled. 6225 -It does not suppress printing of the banner specified by 6226 -.Cm Banner . 6227 -.Pp 6228 -.It Pa ~/.rhosts 6229 -This file is used for host-based authentication (see 6230 -.Xr ssh 1 6231 -for more information). 6232 -On some machines this file may need to be 6233 -world-readable if the user's home directory is on an NFS partition, 6234 -because 6235 -.Nm 6236 -reads it as root. 6237 -Additionally, this file must be owned by the user, 6238 -and must not have write permissions for anyone else. 6239 -The recommended 6240 -permission for most machines is read/write for the user, and not 6241 -accessible by others. 6242 -.Pp 6243 -.It Pa ~/.shosts 6244 -This file is used in exactly the same way as 6245 -.Pa .rhosts , 6246 -but allows host-based authentication without permitting login with 6247 -rlogin/rsh. 6248 -.Pp 6249 -.It Pa ~/.ssh/ 6250 -This directory is the default location for all user-specific configuration 6251 -and authentication information. 6252 -There is no general requirement to keep the entire contents of this directory 6253 -secret, but the recommended permissions are read/write/execute for the user, 6254 -and not accessible by others. 6255 -.Pp 6256 -.It Pa ~/.ssh/authorized_keys 6257 -Lists the public keys (DSA, ECDSA, Ed25519, RSA) 6258 -that can be used for logging in as this user. 6259 -The format of this file is described above. 6260 -The content of the file is not highly sensitive, but the recommended 6261 -permissions are read/write for the user, and not accessible by others. 6262 -.Pp 6263 -If this file, the 6264 -.Pa ~/.ssh 6265 -directory, or the user's home directory are writable 6266 -by other users, then the file could be modified or replaced by unauthorized 6267 -users. 6268 -In this case, 6269 -.Nm 6270 -will not allow it to be used unless the 6271 -.Cm StrictModes 6272 -option has been set to 6273 -.Dq no . 6274 -.Pp 6275 -.It Pa ~/.ssh/environment 6276 -This file is read into the environment at login (if it exists). 6277 -It can only contain empty lines, comment lines (that start with 6278 -.Ql # ) , 6279 -and assignment lines of the form name=value. 6280 -The file should be writable 6281 -only by the user; it need not be readable by anyone else. 6282 -Environment processing is disabled by default and is 6283 -controlled via the 6284 -.Cm PermitUserEnvironment 6285 -option. 6286 -.Pp 6287 -.It Pa ~/.ssh/known_hosts 6288 -Contains a list of host keys for all hosts the user has logged into 6289 -that are not already in the systemwide list of known host keys. 6290 -The format of this file is described above. 6291 -This file should be writable only by root/the owner and 6292 -can, but need not be, world-readable. 6293 -.Pp 6294 -.It Pa ~/.ssh/rc 6295 -Contains initialization routines to be run before 6296 -the user's home directory becomes accessible. 6297 -This file should be writable only by the user, and need not be 6298 -readable by anyone else. 6299 -.Pp 6300 -.It Pa /etc/hosts.equiv 6301 -This file is for host-based authentication (see 6302 -.Xr ssh 1 ) . 6303 -It should only be writable by root. 6304 -.Pp 6305 -.It Pa /etc/moduli 6306 -Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". 6307 -The file format is described in 6308 -.Xr moduli 5 . 6309 -.Pp 6310 -.It Pa /etc/motd 6311 -See 6312 -.Xr motd 5 . 6313 -.Pp 6314 -.It Pa /etc/nologin 6315 -If this file exists, 6316 -.Nm 6317 -refuses to let anyone except root log in. 6318 -The contents of the file 6319 -are displayed to anyone trying to log in, and non-root connections are 6320 -refused. 6321 -The file should be world-readable. 6322 -.Pp 6323 -.It Pa /etc/shosts.equiv 6324 -This file is used in exactly the same way as 6325 -.Pa hosts.equiv , 6326 -but allows host-based authentication without permitting login with 6327 -rlogin/rsh. 6328 -.Pp 6329 -.It Pa /etc/ssh/ssh_host_key 6330 -.It Pa /etc/ssh/ssh_host_dsa_key 6331 -.It Pa /etc/ssh/ssh_host_ecdsa_key 6332 -.It Pa /etc/ssh/ssh_host_ed25519_key 6333 -.It Pa /etc/ssh/ssh_host_rsa_key 6334 -These files contain the private parts of the host keys. 6335 -These files should only be owned by root, readable only by root, and not 6336 -accessible to others. 6337 -Note that 6338 -.Nm 6339 -does not start if these files are group/world-accessible. 6340 -.Pp 6341 -.It Pa /etc/ssh/ssh_host_key.pub 6342 -.It Pa /etc/ssh/ssh_host_dsa_key.pub 6343 -.It Pa /etc/ssh/ssh_host_ecdsa_key.pub 6344 -.It Pa /etc/ssh/ssh_host_ed25519_key.pub 6345 -.It Pa /etc/ssh/ssh_host_rsa_key.pub 6346 -These files contain the public parts of the host keys. 6347 -These files should be world-readable but writable only by 6348 -root. 6349 -Their contents should match the respective private parts. 6350 -These files are not 6351 -really used for anything; they are provided for the convenience of 6352 -the user so their contents can be copied to known hosts files. 6353 -These files are created using 6354 -.Xr ssh-keygen 1 . 6355 -.Pp 6356 -.It Pa /etc/ssh/ssh_known_hosts 6357 -Systemwide list of known host keys. 6358 -This file should be prepared by the 6359 -system administrator to contain the public host keys of all machines in the 6360 -organization. 6361 -The format of this file is described above. 6362 -This file should be writable only by root/the owner and 6363 -should be world-readable. 6364 -.Pp 6365 -.It Pa /etc/ssh/sshd_config 6366 -Contains configuration data for 6367 -.Nm sshd . 6368 -The file format and configuration options are described in 6369 -.Xr sshd_config 5 . 6370 -.Pp 6371 -.It Pa /etc/ssh/sshrc 6372 -Similar to 6373 -.Pa ~/.ssh/rc , 6374 -it can be used to specify 6375 -machine-specific login-time initializations globally. 6376 -This file should be writable only by root, and should be world-readable. 6377 -.Pp 6378 -.It Pa /var/empty 6379 -.Xr chroot 2 6380 -directory used by 6381 -.Nm 6382 -during privilege separation in the pre-authentication phase. 6383 -The directory should not contain any files and must be owned by root 6384 -and not group or world-writable. 6385 -.Pp 6386 -.It Pa /var/run/sshd.pid 6387 -Contains the process ID of the 6388 -.Nm 6389 -listening for connections (if there are several daemons running 6390 -concurrently for different ports, this contains the process ID of the one 6391 -started last). 6392 -The content of this file is not sensitive; it can be world-readable. 6393 -.El 6394 -.Sh SEE ALSO 6395 -.Xr scp 1 , 6396 -.Xr sftp 1 , 6397 -.Xr ssh 1 , 6398 -.Xr ssh-add 1 , 6399 -.Xr ssh-agent 1 , 6400 -.Xr ssh-keygen 1 , 6401 -.Xr ssh-keyscan 1 , 6402 -.Xr chroot 2 , 6403 -.Xr login.conf 5 , 6404 -.Xr moduli 5 , 6405 -.Xr sshd_config 5 , 6406 -.Xr inetd 8 , 6407 -.Xr sftp-server 8 6408 -.Sh AUTHORS 6409 -OpenSSH is a derivative of the original and free 6410 -ssh 1.2.12 release by Tatu Ylonen. 6411 -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 6412 -Theo de Raadt and Dug Song 6413 -removed many bugs, re-added newer features and 6414 -created OpenSSH. 6415 -Markus Friedl contributed the support for SSH 6416 -protocol versions 1.5 and 2.0. 6417 -Niels Provos and Markus Friedl contributed support 6418 -for privilege separation. 6419 diff --git a/sshd_config.4 b/sshd_config.4 6420 new file mode 100644 6421 index 0000000..ba4d79a 6422 --- /dev/null 6423 +++ b/sshd_config.4 6424 @@ -0,0 +1,1736 @@ 6425 +.\" 6426 +.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 6427 +.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 6428 +.\" All rights reserved 6429 +.\" 6430 +.\" As far as I am concerned, the code I have written for this software 6431 +.\" can be used freely for any purpose. Any derived versions of this 6432 +.\" software must be clearly marked as such, and if the derived work is 6433 +.\" incompatible with the protocol description in the RFC file, it must be 6434 +.\" called by a name other than "ssh" or "Secure Shell". 6435 +.\" 6436 +.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 6437 +.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 6438 +.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 6439 +.\" 6440 +.\" Redistribution and use in source and binary forms, with or without 6441 +.\" modification, are permitted provided that the following conditions 6442 +.\" are met: 6443 +.\" 1. Redistributions of source code must retain the above copyright 6444 +.\" notice, this list of conditions and the following disclaimer. 6445 +.\" 2. Redistributions in binary form must reproduce the above copyright 6446 +.\" notice, this list of conditions and the following disclaimer in the 6447 +.\" documentation and/or other materials provided with the distribution. 6448 +.\" 6449 +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 6450 +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 6451 +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 6452 +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 6453 +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 6454 +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 6455 +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 6456 +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 6457 +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 6458 +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 6459 +.\" 6460 +.\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $ 6461 +.Dd $Mdocdate: August 14 2015 $ 6462 +.Dt SSHD_CONFIG 4 6463 +.Os 6464 +.Sh NAME 6465 +.Nm sshd_config 6466 +.Nd OpenSSH SSH daemon configuration file 6467 +.Sh SYNOPSIS 6468 +.Nm /etc/ssh/sshd_config 6469 +.Sh DESCRIPTION 6470 +.Xr sshd 1M 6471 +reads configuration data from 6472 +.Pa /etc/ssh/sshd_config 6473 +(or the file specified with 6474 +.Fl f 6475 +on the command line). 6476 +The file contains keyword-argument pairs, one per line. 6477 +Lines starting with 6478 +.Ql # 6479 +and empty lines are interpreted as comments. 6480 +Arguments may optionally be enclosed in double quotes 6481 +.Pq \&" 6482 +in order to represent arguments containing spaces. 6483 +.Pp 6484 +The possible 6485 +keywords and their meanings are as follows (note that 6486 +keywords are case-insensitive and arguments are case-sensitive): 6487 +.Bl -tag -width Ds 6488 +.It Cm AcceptEnv 6489 +Specifies what environment variables sent by the client will be copied into 6490 +the session's 6491 +.Xr environ 7 . 6492 +See 6493 +.Cm SendEnv 6494 +in 6495 +.Xr ssh_config 4 6496 +for how to configure the client. 6497 +Note that environment passing is only supported for protocol 2, and 6498 +that the 6499 +.Ev TERM 6500 +environment variable is always sent whenever the client 6501 +requests a pseudo-terminal as it is required by the protocol. 6502 +Variables are specified by name, which may contain the wildcard characters 6503 +.Ql * 6504 +and 6505 +.Ql \&? . 6506 +Multiple environment variables may be separated by whitespace or spread 6507 +across multiple 6508 +.Cm AcceptEnv 6509 +directives. 6510 +Be warned that some environment variables could be used to bypass restricted 6511 +user environments. 6512 +For this reason, care should be taken in the use of this directive. 6513 +The default is not to accept any environment variables. 6514 +.It Cm AddressFamily 6515 +Specifies which address family should be used by 6516 +.Xr sshd 1M . 6517 +Valid arguments are 6518 +.Dq any , 6519 +.Dq inet 6520 +(use IPv4 only), or 6521 +.Dq inet6 6522 +(use IPv6 only). 6523 +The default is 6524 +.Dq any . 6525 +.It Cm AllowAgentForwarding 6526 +Specifies whether 6527 +.Xr ssh-agent 1 6528 +forwarding is permitted. 6529 +The default is 6530 +.Dq yes . 6531 +Note that disabling agent forwarding does not improve security 6532 +unless users are also denied shell access, as they can always install 6533 +their own forwarders. 6534 +.It Cm AllowGroups 6535 +This keyword can be followed by a list of group name patterns, separated 6536 +by spaces. 6537 +If specified, login is allowed only for users whose primary 6538 +group or supplementary group list matches one of the patterns. 6539 +Only group names are valid; a numerical group ID is not recognized. 6540 +By default, login is allowed for all groups. 6541 +The allow/deny directives are processed in the following order: 6542 +.Cm DenyUsers , 6543 +.Cm AllowUsers , 6544 +.Cm DenyGroups , 6545 +and finally 6546 +.Cm AllowGroups . 6547 +.Pp 6548 +See PATTERNS in 6549 +.Xr ssh_config 4 6550 +for more information on patterns. 6551 +.It Cm AllowTcpForwarding 6552 +Specifies whether TCP forwarding is permitted. 6553 +The available options are 6554 +.Dq yes 6555 +or 6556 +.Dq all 6557 +to allow TCP forwarding, 6558 +.Dq no 6559 +to prevent all TCP forwarding, 6560 +.Dq local 6561 +to allow local (from the perspective of 6562 +.Xr ssh 1 ) 6563 +forwarding only or 6564 +.Dq remote 6565 +to allow remote forwarding only. 6566 +The default is 6567 +.Dq yes . 6568 +Note that disabling TCP forwarding does not improve security unless 6569 +users are also denied shell access, as they can always install their 6570 +own forwarders. 6571 +.It Cm AllowStreamLocalForwarding 6572 +Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. 6573 +The available options are 6574 +.Dq yes 6575 +or 6576 +.Dq all 6577 +to allow StreamLocal forwarding, 6578 +.Dq no 6579 +to prevent all StreamLocal forwarding, 6580 +.Dq local 6581 +to allow local (from the perspective of 6582 +.Xr ssh 1 ) 6583 +forwarding only or 6584 +.Dq remote 6585 +to allow remote forwarding only. 6586 +The default is 6587 +.Dq yes . 6588 +Note that disabling StreamLocal forwarding does not improve security unless 6589 +users are also denied shell access, as they can always install their 6590 +own forwarders. 6591 +.It Cm AllowUsers 6592 +This keyword can be followed by a list of user name patterns, separated 6593 +by spaces. 6594 +If specified, login is allowed only for user names that 6595 +match one of the patterns. 6596 +Only user names are valid; a numerical user ID is not recognized. 6597 +By default, login is allowed for all users. 6598 +If the pattern takes the form USER@HOST then USER and HOST 6599 +are separately checked, restricting logins to particular 6600 +users from particular hosts. 6601 +The allow/deny directives are processed in the following order: 6602 +.Cm DenyUsers , 6603 +.Cm AllowUsers , 6604 +.Cm DenyGroups , 6605 +and finally 6606 +.Cm AllowGroups . 6607 +.Pp 6608 +See PATTERNS in 6609 +.Xr ssh_config 4 6610 +for more information on patterns. 6611 +.It Cm AuthenticationMethods 6612 +Specifies the authentication methods that must be successfully completed 6613 +for a user to be granted access. 6614 +This option must be followed by one or more comma-separated lists of 6615 +authentication method names. 6616 +Successful authentication requires completion of every method in at least 6617 +one of these lists. 6618 +.Pp 6619 +For example, an argument of 6620 +.Dq publickey,password publickey,keyboard-interactive 6621 +would require the user to complete public key authentication, followed by 6622 +either password or keyboard interactive authentication. 6623 +Only methods that are next in one or more lists are offered at each stage, 6624 +so for this example, it would not be possible to attempt password or 6625 +keyboard-interactive authentication before public key. 6626 +.Pp 6627 +For keyboard interactive authentication it is also possible to 6628 +restrict authentication to a specific device by appending a 6629 +colon followed by the device identifier 6630 +.Dq bsdauth , 6631 +.Dq pam , 6632 +or 6633 +.Dq skey , 6634 +depending on the server configuration. 6635 +For example, 6636 +.Dq keyboard-interactive:bsdauth 6637 +would restrict keyboard interactive authentication to the 6638 +.Dq bsdauth 6639 +device. 6640 +.Pp 6641 +If the 6642 +.Dq publickey 6643 +method is listed more than once, 6644 +.Xr sshd 8 6645 +verifies that keys that have been used successfully are not reused for 6646 +subsequent authentications. 6647 +For example, an 6648 +.Cm AuthenticationMethods 6649 +of 6650 +.Dq publickey,publickey 6651 +will require successful authentication using two different public keys. 6652 +.Pp 6653 +This option is only available for SSH protocol 2 and will yield a fatal 6654 +error if enabled if protocol 1 is also enabled. 6655 +Note that each authentication method listed should also be explicitly enabled 6656 +in the configuration. 6657 +The default is not to require multiple authentication; successful completion 6658 +of a single authentication method is sufficient. 6659 +.It Cm AuthorizedKeysCommand 6660 +Specifies a program to be used to look up the user's public keys. 6661 +The program must be owned by root, not writable by group or others and 6662 +specified by an absolute path. 6663 +.Pp 6664 +Arguments to 6665 +.Cm AuthorizedKeysCommand 6666 +may be provided using the following tokens, which will be expanded 6667 +at runtime: %% is replaced by a literal '%', %u is replaced by the 6668 +username being authenticated, %h is replaced by the home directory 6669 +of the user being authenticated, %t is replaced with the key type 6670 +offered for authentication, %f is replaced with the fingerprint of 6671 +the key, and %k is replaced with the key being offered for authentication. 6672 +If no arguments are specified then the username of the target user 6673 +will be supplied. 6674 +.Pp 6675 +The program should produce on standard output zero or 6676 +more lines of authorized_keys output (see AUTHORIZED_KEYS in 6677 +.Xr sshd 1M ) . 6678 +If a key supplied by AuthorizedKeysCommand does not successfully authenticate 6679 +and authorize the user then public key authentication continues using the usual 6680 +.Cm AuthorizedKeysFile 6681 +files. 6682 +By default, no AuthorizedKeysCommand is run. 6683 +.It Cm AuthorizedKeysCommandUser 6684 +Specifies the user under whose account the AuthorizedKeysCommand is run. 6685 +It is recommended to use a dedicated user that has no other role on the host 6686 +than running authorized keys commands. 6687 +If 6688 +.Cm AuthorizedKeysCommand 6689 +is specified but 6690 +.Cm AuthorizedKeysCommandUser 6691 +is not, then 6692 +.Xr sshd 8 6693 +will refuse to start. 6694 +.It Cm AuthorizedKeysFile 6695 +Specifies the file that contains the public keys that can be used 6696 +for user authentication. 6697 +The format is described in the 6698 +AUTHORIZED_KEYS FILE FORMAT 6699 +section of 6700 +.Xr sshd 1M . 6701 +.Cm AuthorizedKeysFile 6702 +may contain tokens of the form %T which are substituted during connection 6703 +setup. 6704 +The following tokens are defined: %% is replaced by a literal '%', 6705 +%h is replaced by the home directory of the user being authenticated, and 6706 +%u is replaced by the username of that user. 6707 +After expansion, 6708 +.Cm AuthorizedKeysFile 6709 +is taken to be an absolute path or one relative to the user's home 6710 +directory. 6711 +Multiple files may be listed, separated by whitespace. 6712 +The default is 6713 +.Dq .ssh/authorized_keys .ssh/authorized_keys2 . 6714 +.It Cm AuthorizedPrincipalsCommand 6715 +Specifies a program to be used to generate the list of allowed 6716 +certificate principals as per 6717 +.Cm AuthorizedPrincipalsFile . 6718 +The program must be owned by root, not writable by group or others and 6719 +specified by an absolute path. 6720 +.Pp 6721 +Arguments to 6722 +.Cm AuthorizedPrincipalsCommand 6723 +may be provided using the following tokens, which will be expanded 6724 +at runtime: %% is replaced by a literal '%', %u is replaced by the 6725 +username being authenticated and %h is replaced by the home directory 6726 +of the user being authenticated. 6727 +.Pp 6728 +The program should produce on standard output zero or 6729 +more lines of 6730 +.Cm AuthorizedPrincipalsFile 6731 +output. 6732 +If either 6733 +.Cm AuthorizedPrincipalsCommand 6734 +or 6735 +.Cm AuthorizedPrincipalsFile 6736 +is specified, then certificates offered by the client for authentication 6737 +must contain a principal that is listed. 6738 +By default, no AuthorizedPrincipalsCommand is run. 6739 +.It Cm AuthorizedPrincipalsCommandUser 6740 +Specifies the user under whose account the AuthorizedPrincipalsCommand is run. 6741 +It is recommended to use a dedicated user that has no other role on the host 6742 +than running authorized principals commands. 6743 +If 6744 +.Cm AuthorizedPrincipalsCommand 6745 +is specified but 6746 +.Cm AuthorizedPrincipalsCommandUser 6747 +is not, then 6748 +.Xr sshd 8 6749 +will refuse to start. 6750 +.It Cm AuthorizedPrincipalsFile 6751 +Specifies a file that lists principal names that are accepted for 6752 +certificate authentication. 6753 +When using certificates signed by a key listed in 6754 +.Cm TrustedUserCAKeys , 6755 +this file lists names, one of which must appear in the certificate for it 6756 +to be accepted for authentication. 6757 +Names are listed one per line preceded by key options (as described 6758 +in AUTHORIZED_KEYS FILE FORMAT in 6759 +.Xr sshd 1M ) . 6760 +Empty lines and comments starting with 6761 +.Ql # 6762 +are ignored. 6763 +.Pp 6764 +.Cm AuthorizedPrincipalsFile 6765 +may contain tokens of the form %T which are substituted during connection 6766 +setup. 6767 +The following tokens are defined: %% is replaced by a literal '%', 6768 +%h is replaced by the home directory of the user being authenticated, and 6769 +%u is replaced by the username of that user. 6770 +After expansion, 6771 +.Cm AuthorizedPrincipalsFile 6772 +is taken to be an absolute path or one relative to the user's home 6773 +directory. 6774 +.Pp 6775 +The default is 6776 +.Dq none , 6777 +i.e. not to use a principals file \(en in this case, the username 6778 +of the user must appear in a certificate's principals list for it to be 6779 +accepted. 6780 +Note that 6781 +.Cm AuthorizedPrincipalsFile 6782 +is only used when authentication proceeds using a CA listed in 6783 +.Cm TrustedUserCAKeys 6784 +and is not consulted for certification authorities trusted via 6785 +.Pa ~/.ssh/authorized_keys , 6786 +though the 6787 +.Cm principals= 6788 +key option offers a similar facility (see 6789 +.Xr sshd 1M 6790 +for details). 6791 +.It Cm Banner 6792 +The contents of the specified file are sent to the remote user before 6793 +authentication is allowed. 6794 +If the argument is 6795 +.Dq none 6796 +then no banner is displayed. 6797 +This option is only available for protocol version 2. 6798 +By default, no banner is displayed. 6799 +.It Cm ChallengeResponseAuthentication 6800 +Specifies whether challenge-response authentication is allowed (e.g. via 6801 +PAM or through authentication styles supported in 6802 +.Xr login.conf 5 ) 6803 +The default is 6804 +.Dq yes . 6805 +.It Cm ChrootDirectory 6806 +Specifies the pathname of a directory to 6807 +.Xr chroot 2 6808 +to after authentication. 6809 +At session startup 6810 +.Xr sshd 8 6811 +checks that all components of the pathname are root-owned directories 6812 +which are not writable by any other user or group. 6813 +After the chroot, 6814 +.Xr sshd 1M 6815 +changes the working directory to the user's home directory. 6816 +.Pp 6817 +The pathname may contain the following tokens that are expanded at runtime once 6818 +the connecting user has been authenticated: %% is replaced by a literal '%', 6819 +%h is replaced by the home directory of the user being authenticated, and 6820 +%u is replaced by the username of that user. 6821 +.Pp 6822 +The 6823 +.Cm ChrootDirectory 6824 +must contain the necessary files and directories to support the 6825 +user's session. 6826 +For an interactive session this requires at least a shell, typically 6827 +.Xr sh 1 , 6828 +and basic 6829 +.Pa /dev 6830 +nodes such as 6831 +.Xr null 4 , 6832 +.Xr zero 4 , 6833 +.Xr stdin 4 , 6834 +.Xr stdout 4 , 6835 +.Xr stderr 4 , 6836 +and 6837 +.Xr tty 4 6838 +devices. 6839 +For file transfer sessions using 6840 +.Dq sftp , 6841 +no additional configuration of the environment is necessary if the 6842 +in-process sftp server is used, 6843 +though sessions which use logging may require 6844 +.Pa /dev/log 6845 +inside the chroot directory on some operating systems (see 6846 +.Xr sftp-server 8 6847 +for details). 6848 +.Pp 6849 +For safety, it is very important that the directory hierarchy be 6850 +prevented from modification by other processes on the system (especially 6851 +those outside the jail). 6852 +Misconfiguration can lead to unsafe environments which 6853 +.Xr sshd 8 6854 +cannot detect. 6855 +.Pp 6856 +The default is not to 6857 +.Xr chroot 2 . 6858 +.It Cm Ciphers 6859 +Specifies the ciphers allowed for protocol version 2. 6860 +Multiple ciphers must be comma-separated. 6861 +If the specified value begins with a 6862 +.Sq + 6863 +character, then the specified ciphers will be appended to the default set 6864 +instead of replacing them. 6865 +.Pp 6866 +The supported ciphers are: 6867 +.Pp 6868 +.Bl -item -compact -offset indent 6869 +.It 6870 +3des-cbc 6871 +.It 6872 +aes128-cbc 6873 +.It 6874 +aes192-cbc 6875 +.It 6876 +aes256-cbc 6877 +.It 6878 +aes128-ctr 6879 +.It 6880 +aes192-ctr 6881 +.It 6882 +aes256-ctr 6883 +.It 6884 +aes128-gcm@openssh.com 6885 +.It 6886 +aes256-gcm@openssh.com 6887 +.It 6888 +arcfour 6889 +.It 6890 +arcfour128 6891 +.It 6892 +arcfour256 6893 +.It 6894 +blowfish-cbc 6895 +.It 6896 +cast128-cbc 6897 +.It 6898 +chacha20-poly1305@openssh.com 6899 +.El 6900 +.Pp 6901 +The default is: 6902 +.Bd -literal -offset indent 6903 +chacha20-poly1305@openssh.com, 6904 +aes128-ctr,aes192-ctr,aes256-ctr, 6905 +aes128-gcm@openssh.com,aes256-gcm@openssh.com 6906 +.Ed 6907 +.Pp 6908 +The list of available ciphers may also be obtained using the 6909 +.Fl Q 6910 +option of 6911 +.Xr ssh 1 6912 +with an argument of 6913 +.Dq cipher . 6914 +.It Cm ClientAliveCountMax 6915 +Sets the number of client alive messages (see below) which may be 6916 +sent without 6917 +.Xr sshd 1M 6918 +receiving any messages back from the client. 6919 +If this threshold is reached while client alive messages are being sent, 6920 +sshd will disconnect the client, terminating the session. 6921 +It is important to note that the use of client alive messages is very 6922 +different from 6923 +.Cm TCPKeepAlive 6924 +(below). 6925 +The client alive messages are sent through the encrypted channel 6926 +and therefore will not be spoofable. 6927 +The TCP keepalive option enabled by 6928 +.Cm TCPKeepAlive 6929 +is spoofable. 6930 +The client alive mechanism is valuable when the client or 6931 +server depend on knowing when a connection has become inactive. 6932 +.Pp 6933 +The default value is 3. 6934 +If 6935 +.Cm ClientAliveInterval 6936 +(see below) is set to 15, and 6937 +.Cm ClientAliveCountMax 6938 +is left at the default, unresponsive SSH clients 6939 +will be disconnected after approximately 45 seconds. 6940 +This option applies to protocol version 2 only. 6941 +.It Cm ClientAliveInterval 6942 +Sets a timeout interval in seconds after which if no data has been received 6943 +from the client, 6944 +.Xr sshd 1M 6945 +will send a message through the encrypted 6946 +channel to request a response from the client. 6947 +The default 6948 +is 0, indicating that these messages will not be sent to the client. 6949 +This option applies to protocol version 2 only. 6950 +.It Cm Compression 6951 +Specifies whether compression is allowed, or delayed until 6952 +the user has authenticated successfully. 6953 +The argument must be 6954 +.Dq yes , 6955 +.Dq delayed , 6956 +or 6957 +.Dq no . 6958 +The default is 6959 +.Dq delayed . 6960 +.It Cm DenyGroups 6961 +This keyword can be followed by a list of group name patterns, separated 6962 +by spaces. 6963 +Login is disallowed for users whose primary group or supplementary 6964 +group list matches one of the patterns. 6965 +Only group names are valid; a numerical group ID is not recognized. 6966 +By default, login is allowed for all groups. 6967 +The allow/deny directives are processed in the following order: 6968 +.Cm DenyUsers , 6969 +.Cm AllowUsers , 6970 +.Cm DenyGroups , 6971 +and finally 6972 +.Cm AllowGroups . 6973 +.Pp 6974 +See PATTERNS in 6975 +.Xr ssh_config 4 6976 +for more information on patterns. 6977 +.It Cm DenyUsers 6978 +This keyword can be followed by a list of user name patterns, separated 6979 +by spaces. 6980 +Login is disallowed for user names that match one of the patterns. 6981 +Only user names are valid; a numerical user ID is not recognized. 6982 +By default, login is allowed for all users. 6983 +If the pattern takes the form USER@HOST then USER and HOST 6984 +are separately checked, restricting logins to particular 6985 +users from particular hosts. 6986 +The allow/deny directives are processed in the following order: 6987 +.Cm DenyUsers , 6988 +.Cm AllowUsers , 6989 +.Cm DenyGroups , 6990 +and finally 6991 +.Cm AllowGroups . 6992 +.Pp 6993 +See PATTERNS in 6994 +.Xr ssh_config 4 6995 +for more information on patterns. 6996 +.It Cm FingerprintHash 6997 +Specifies the hash algorithm used when logging key fingerprints. 6998 +Valid options are: 6999 +.Dq md5 7000 +and 7001 +.Dq sha256 . 7002 +The default is 7003 +.Dq sha256 . 7004 +.It Cm ForceCommand 7005 +Forces the execution of the command specified by 7006 +.Cm ForceCommand , 7007 +ignoring any command supplied by the client and 7008 +.Pa ~/.ssh/rc 7009 +if present. 7010 +The command is invoked by using the user's login shell with the -c option. 7011 +This applies to shell, command, or subsystem execution. 7012 +It is most useful inside a 7013 +.Cm Match 7014 +block. 7015 +The command originally supplied by the client is available in the 7016 +.Ev SSH_ORIGINAL_COMMAND 7017 +environment variable. 7018 +Specifying a command of 7019 +.Dq internal-sftp 7020 +will force the use of an in-process sftp server that requires no support 7021 +files when used with 7022 +.Cm ChrootDirectory . 7023 +.It Cm GatewayPorts 7024 +Specifies whether remote hosts are allowed to connect to ports 7025 +forwarded for the client. 7026 +By default, 7027 +.Xr sshd 1M 7028 +binds remote port forwardings to the loopback address. 7029 +This prevents other remote hosts from connecting to forwarded ports. 7030 +.Cm GatewayPorts 7031 +can be used to specify that sshd 7032 +should allow remote port forwardings to bind to non-loopback addresses, thus 7033 +allowing other hosts to connect. 7034 +The argument may be 7035 +.Dq no 7036 +to force remote port forwardings to be available to the local host only, 7037 +.Dq yes 7038 +to force remote port forwardings to bind to the wildcard address, or 7039 +.Dq clientspecified 7040 +to allow the client to select the address to which the forwarding is bound. 7041 +The default is 7042 +.Dq no . 7043 +.It Cm GSSAPIAuthentication 7044 +Specifies whether user authentication based on GSSAPI is allowed. 7045 +The default is 7046 +.Dq no . 7047 +Note that this option applies to protocol version 2 only. 7048 +.It Cm GSSAPICleanupCredentials 7049 +Specifies whether to automatically destroy the user's credentials cache 7050 +on logout. 7051 +The default is 7052 +.Dq yes . 7053 +Note that this option applies to protocol version 2 only. 7054 +.It Cm GSSAPIStrictAcceptorCheck 7055 +Determines whether to be strict about the identity of the GSSAPI acceptor 7056 +a client authenticates against. 7057 +If set to 7058 +.Dq yes 7059 +then the client must authenticate against the 7060 +.Pa host 7061 +service on the current hostname. 7062 +If set to 7063 +.Dq no 7064 +then the client may authenticate against any service key stored in the 7065 +machine's default store. 7066 +This facility is provided to assist with operation on multi homed machines. 7067 +The default is 7068 +.Dq yes . 7069 +.It Cm HostbasedAcceptedKeyTypes 7070 +Specifies the key types that will be accepted for hostbased authentication 7071 +as a comma-separated pattern list. 7072 +Alternately if the specified value begins with a 7073 +.Sq + 7074 +character, then the specified key types will be appended to the default set 7075 +instead of replacing them. 7076 +The default for this option is: 7077 +.Bd -literal -offset 3n 7078 +ecdsa-sha2-nistp256-cert-v01@openssh.com, 7079 +ecdsa-sha2-nistp384-cert-v01@openssh.com, 7080 +ecdsa-sha2-nistp521-cert-v01@openssh.com, 7081 +ssh-ed25519-cert-v01@openssh.com, 7082 +ssh-rsa-cert-v01@openssh.com, 7083 +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 7084 +ssh-ed25519,ssh-rsa 7085 +.Ed 7086 +.Pp 7087 +The 7088 +.Fl Q 7089 +option of 7090 +.Xr ssh 1 7091 +may be used to list supported key types. 7092 +.It Cm HostbasedAuthentication 7093 +Specifies whether rhosts or /etc/hosts.equiv authentication together 7094 +with successful public key client host authentication is allowed 7095 +(host-based authentication). 7096 +This option is similar to 7097 +.Cm RhostsRSAAuthentication 7098 +and applies to protocol version 2 only. 7099 +The default is 7100 +.Dq no . 7101 +.It Cm HostbasedUsesNameFromPacketOnly 7102 +Specifies whether or not the server will attempt to perform a reverse 7103 +name lookup when matching the name in the 7104 +.Pa ~/.shosts , 7105 +.Pa ~/.rhosts , 7106 +and 7107 +.Pa /etc/hosts.equiv 7108 +files during 7109 +.Cm HostbasedAuthentication . 7110 +A setting of 7111 +.Dq yes 7112 +means that 7113 +.Xr sshd 1M 7114 +uses the name supplied by the client rather than 7115 +attempting to resolve the name from the TCP connection itself. 7116 +The default is 7117 +.Dq no . 7118 +.It Cm HostCertificate 7119 +Specifies a file containing a public host certificate. 7120 +The certificate's public key must match a private host key already specified 7121 +by 7122 +.Cm HostKey . 7123 +The default behaviour of 7124 +.Xr sshd 1M 7125 +is not to load any certificates. 7126 +.It Cm HostKey 7127 +Specifies a file containing a private host key 7128 +used by SSH. 7129 +The default is 7130 +.Pa /etc/ssh/ssh_host_key 7131 +for protocol version 1, and 7132 +.Pa /etc/ssh/ssh_host_dsa_key , 7133 +.Pa /etc/ssh/ssh_host_ecdsa_key , 7134 +.Pa /etc/ssh/ssh_host_ed25519_key 7135 +and 7136 +.Pa /etc/ssh/ssh_host_rsa_key 7137 +for protocol version 2. 7138 +.Pp 7139 +Note that 7140 +.Xr sshd 1M 7141 +will refuse to use a file if it is group/world-accessible 7142 +and that the 7143 +.Cm HostKeyAlgorithms 7144 +option restricts which of the keys are actually used by 7145 +.Xr sshd 1M . 7146 +.Pp 7147 +It is possible to have multiple host key files. 7148 +.Dq rsa1 7149 +keys are used for version 1 and 7150 +.Dq dsa , 7151 +.Dq ecdsa , 7152 +.Dq ed25519 7153 +or 7154 +.Dq rsa 7155 +are used for version 2 of the SSH protocol. 7156 +It is also possible to specify public host key files instead. 7157 +In this case operations on the private key will be delegated 7158 +to an 7159 +.Xr ssh-agent 1 . 7160 +.It Cm HostKeyAgent 7161 +Identifies the UNIX-domain socket used to communicate 7162 +with an agent that has access to the private host keys. 7163 +If 7164 +.Dq SSH_AUTH_SOCK 7165 +is specified, the location of the socket will be read from the 7166 +.Ev SSH_AUTH_SOCK 7167 +environment variable. 7168 +.It Cm HostKeyAlgorithms 7169 +Specifies the protocol version 2 host key algorithms 7170 +that the server offers. 7171 +The default for this option is: 7172 +.Bd -literal -offset 3n 7173 +ecdsa-sha2-nistp256-cert-v01@openssh.com, 7174 +ecdsa-sha2-nistp384-cert-v01@openssh.com, 7175 +ecdsa-sha2-nistp521-cert-v01@openssh.com, 7176 +ssh-ed25519-cert-v01@openssh.com, 7177 +ssh-rsa-cert-v01@openssh.com, 7178 +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 7179 +ssh-ed25519,ssh-rsa 7180 +.Ed 7181 +.Pp 7182 +The list of available key types may also be obtained using the 7183 +.Fl Q 7184 +option of 7185 +.Xr ssh 1 7186 +with an argument of 7187 +.Dq key . 7188 +.It Cm IgnoreRhosts 7189 +Specifies that 7190 +.Pa .rhosts 7191 +and 7192 +.Pa .shosts 7193 +files will not be used in 7194 +.Cm RhostsRSAAuthentication 7195 +or 7196 +.Cm HostbasedAuthentication . 7197 +.Pp 7198 +.Pa /etc/hosts.equiv 7199 +and 7200 +.Pa /etc/shosts.equiv 7201 +are still used. 7202 +The default is 7203 +.Dq yes . 7204 +.It Cm IgnoreUserKnownHosts 7205 +Specifies whether 7206 +.Xr sshd 1M 7207 +should ignore the user's 7208 +.Pa ~/.ssh/known_hosts 7209 +during 7210 +.Cm RhostsRSAAuthentication 7211 +or 7212 +.Cm HostbasedAuthentication . 7213 +The default is 7214 +.Dq no . 7215 +.It Cm IPQoS 7216 +Specifies the IPv4 type-of-service or DSCP class for the connection. 7217 +Accepted values are 7218 +.Dq af11 , 7219 +.Dq af12 , 7220 +.Dq af13 , 7221 +.Dq af21 , 7222 +.Dq af22 , 7223 +.Dq af23 , 7224 +.Dq af31 , 7225 +.Dq af32 , 7226 +.Dq af33 , 7227 +.Dq af41 , 7228 +.Dq af42 , 7229 +.Dq af43 , 7230 +.Dq cs0 , 7231 +.Dq cs1 , 7232 +.Dq cs2 , 7233 +.Dq cs3 , 7234 +.Dq cs4 , 7235 +.Dq cs5 , 7236 +.Dq cs6 , 7237 +.Dq cs7 , 7238 +.Dq ef , 7239 +.Dq lowdelay , 7240 +.Dq throughput , 7241 +.Dq reliability , 7242 +or a numeric value. 7243 +This option may take one or two arguments, separated by whitespace. 7244 +If one argument is specified, it is used as the packet class unconditionally. 7245 +If two values are specified, the first is automatically selected for 7246 +interactive sessions and the second for non-interactive sessions. 7247 +The default is 7248 +.Dq lowdelay 7249 +for interactive sessions and 7250 +.Dq throughput 7251 +for non-interactive sessions. 7252 +.It Cm KbdInteractiveAuthentication 7253 +Specifies whether to allow keyboard-interactive authentication. 7254 +The argument to this keyword must be 7255 +.Dq yes 7256 +or 7257 +.Dq no . 7258 +The default is to use whatever value 7259 +.Cm ChallengeResponseAuthentication 7260 +is set to 7261 +(by default 7262 +.Dq yes ) . 7263 +.It Cm KerberosAuthentication 7264 +Specifies whether the password provided by the user for 7265 +.Cm PasswordAuthentication 7266 +will be validated through the Kerberos KDC. 7267 +To use this option, the server needs a 7268 +Kerberos servtab which allows the verification of the KDC's identity. 7269 +The default is 7270 +.Dq no . 7271 +.It Cm KerberosGetAFSToken 7272 +If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire 7273 +an AFS token before accessing the user's home directory. 7274 +The default is 7275 +.Dq no . 7276 +.It Cm KerberosOrLocalPasswd 7277 +If password authentication through Kerberos fails then 7278 +the password will be validated via any additional local mechanism 7279 +such as 7280 +.Pa /etc/passwd . 7281 +The default is 7282 +.Dq yes . 7283 +.It Cm KerberosTicketCleanup 7284 +Specifies whether to automatically destroy the user's ticket cache 7285 +file on logout. 7286 +The default is 7287 +.Dq yes . 7288 +.It Cm KexAlgorithms 7289 +Specifies the available KEX (Key Exchange) algorithms. 7290 +Multiple algorithms must be comma-separated. 7291 +Alternately if the specified value begins with a 7292 +.Sq + 7293 +character, then the specified methods will be appended to the default set 7294 +instead of replacing them. 7295 +The supported algorithms are: 7296 +.Pp 7297 +.Bl -item -compact -offset indent 7298 +.It 7299 +curve25519-sha256@libssh.org 7300 +.It 7301 +diffie-hellman-group1-sha1 7302 +.It 7303 +diffie-hellman-group14-sha1 7304 +.It 7305 +diffie-hellman-group-exchange-sha1 7306 +.It 7307 +diffie-hellman-group-exchange-sha256 7308 +.It 7309 +ecdh-sha2-nistp256 7310 +.It 7311 +ecdh-sha2-nistp384 7312 +.It 7313 +ecdh-sha2-nistp521 7314 +.El 7315 +.Pp 7316 +The default is: 7317 +.Bd -literal -offset indent 7318 +curve25519-sha256@libssh.org, 7319 +ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 7320 +diffie-hellman-group-exchange-sha256, 7321 +diffie-hellman-group14-sha1 7322 +.Ed 7323 +.Pp 7324 +The list of available key exchange algorithms may also be obtained using the 7325 +.Fl Q 7326 +option of 7327 +.Xr ssh 1 7328 +with an argument of 7329 +.Dq kex . 7330 +.It Cm KeyRegenerationInterval 7331 +In protocol version 1, the ephemeral server key is automatically regenerated 7332 +after this many seconds (if it has been used). 7333 +The purpose of regeneration is to prevent 7334 +decrypting captured sessions by later breaking into the machine and 7335 +stealing the keys. 7336 +The key is never stored anywhere. 7337 +If the value is 0, the key is never regenerated. 7338 +The default is 3600 (seconds). 7339 +.It Cm ListenAddress 7340 +Specifies the local addresses 7341 +.Xr sshd 1M 7342 +should listen on. 7343 +The following forms may be used: 7344 +.Pp 7345 +.Bl -item -offset indent -compact 7346 +.It 7347 +.Cm ListenAddress 7348 +.Sm off 7349 +.Ar host | Ar IPv4_addr | Ar IPv6_addr 7350 +.Sm on 7351 +.It 7352 +.Cm ListenAddress 7353 +.Sm off 7354 +.Ar host | Ar IPv4_addr : Ar port 7355 +.Sm on 7356 +.It 7357 +.Cm ListenAddress 7358 +.Sm off 7359 +.Oo 7360 +.Ar host | Ar IPv6_addr Oc : Ar port 7361 +.Sm on 7362 +.El 7363 +.Pp 7364 +If 7365 +.Ar port 7366 +is not specified, 7367 +sshd will listen on the address and all 7368 +.Cm Port 7369 +options specified. 7370 +The default is to listen on all local addresses. 7371 +Multiple 7372 +.Cm ListenAddress 7373 +options are permitted. 7374 +.It Cm LoginGraceTime 7375 +The server disconnects after this time if the user has not 7376 +successfully logged in. 7377 +If the value is 0, there is no time limit. 7378 +The default is 120 seconds. 7379 +.It Cm LogLevel 7380 +Gives the verbosity level that is used when logging messages from 7381 +.Xr sshd 1M . 7382 +The possible values are: 7383 +QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 7384 +The default is INFO. 7385 +DEBUG and DEBUG1 are equivalent. 7386 +DEBUG2 and DEBUG3 each specify higher levels of debugging output. 7387 +Logging with a DEBUG level violates the privacy of users and is not recommended. 7388 +.It Cm MACs 7389 +Specifies the available MAC (message authentication code) algorithms. 7390 +The MAC algorithm is used in protocol version 2 7391 +for data integrity protection. 7392 +Multiple algorithms must be comma-separated. 7393 +If the specified value begins with a 7394 +.Sq + 7395 +character, then the specified algorithms will be appended to the default set 7396 +instead of replacing them. 7397 +.Pp 7398 +The algorithms that contain 7399 +.Dq -etm 7400 +calculate the MAC after encryption (encrypt-then-mac). 7401 +These are considered safer and their use recommended. 7402 +The supported MACs are: 7403 +.Pp 7404 +.Bl -item -compact -offset indent 7405 +.It 7406 +hmac-md5 7407 +.It 7408 +hmac-md5-96 7409 +.It 7410 +hmac-ripemd160 7411 +.It 7412 +hmac-sha1 7413 +.It 7414 +hmac-sha1-96 7415 +.It 7416 +hmac-sha2-256 7417 +.It 7418 +hmac-sha2-512 7419 +.It 7420 +umac-64@openssh.com 7421 +.It 7422 +umac-128@openssh.com 7423 +.It 7424 +hmac-md5-etm@openssh.com 7425 +.It 7426 +hmac-md5-96-etm@openssh.com 7427 +.It 7428 +hmac-ripemd160-etm@openssh.com 7429 +.It 7430 +hmac-sha1-etm@openssh.com 7431 +.It 7432 +hmac-sha1-96-etm@openssh.com 7433 +.It 7434 +hmac-sha2-256-etm@openssh.com 7435 +.It 7436 +hmac-sha2-512-etm@openssh.com 7437 +.It 7438 +umac-64-etm@openssh.com 7439 +.It 7440 +umac-128-etm@openssh.com 7441 +.El 7442 +.Pp 7443 +The default is: 7444 +.Bd -literal -offset indent 7445 +umac-64-etm@openssh.com,umac-128-etm@openssh.com, 7446 +hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 7447 +umac-64@openssh.com,umac-128@openssh.com, 7448 +hmac-sha2-256,hmac-sha2-512 7449 +.Ed 7450 +.Pp 7451 +The list of available MAC algorithms may also be obtained using the 7452 +.Fl Q 7453 +option of 7454 +.Xr ssh 1 7455 +with an argument of 7456 +.Dq mac . 7457 +.It Cm Match 7458 +Introduces a conditional block. 7459 +If all of the criteria on the 7460 +.Cm Match 7461 +line are satisfied, the keywords on the following lines override those 7462 +set in the global section of the config file, until either another 7463 +.Cm Match 7464 +line or the end of the file. 7465 +If a keyword appears in multiple 7466 +.Cm Match 7467 +blocks that are satisfied, only the first instance of the keyword is 7468 +applied. 7469 +.Pp 7470 +The arguments to 7471 +.Cm Match 7472 +are one or more criteria-pattern pairs or the single token 7473 +.Cm All 7474 +which matches all criteria. 7475 +The available criteria are 7476 +.Cm User , 7477 +.Cm Group , 7478 +.Cm Host , 7479 +.Cm LocalAddress , 7480 +.Cm LocalPort , 7481 +and 7482 +.Cm Address . 7483 +The match patterns may consist of single entries or comma-separated 7484 +lists and may use the wildcard and negation operators described in the 7485 +PATTERNS section of 7486 +.Xr ssh_config 4 . 7487 +.Pp 7488 +The patterns in an 7489 +.Cm Address 7490 +criteria may additionally contain addresses to match in CIDR 7491 +address/masklen format, e.g.\& 7492 +.Dq 192.0.2.0/24 7493 +or 7494 +.Dq 3ffe:ffff::/32 . 7495 +Note that the mask length provided must be consistent with the address - 7496 +it is an error to specify a mask length that is too long for the address 7497 +or one with bits set in this host portion of the address. 7498 +For example, 7499 +.Dq 192.0.2.0/33 7500 +and 7501 +.Dq 192.0.2.0/8 7502 +respectively. 7503 +.Pp 7504 +Only a subset of keywords may be used on the lines following a 7505 +.Cm Match 7506 +keyword. 7507 +Available keywords are 7508 +.Cm AcceptEnv , 7509 +.Cm AllowAgentForwarding , 7510 +.Cm AllowGroups , 7511 +.Cm AllowStreamLocalForwarding , 7512 +.Cm AllowTcpForwarding , 7513 +.Cm AllowUsers , 7514 +.Cm AuthenticationMethods , 7515 +.Cm AuthorizedKeysCommand , 7516 +.Cm AuthorizedKeysCommandUser , 7517 +.Cm AuthorizedKeysFile , 7518 +.Cm AuthorizedPrincipalsFile , 7519 +.Cm Banner , 7520 +.Cm ChrootDirectory , 7521 +.Cm DenyGroups , 7522 +.Cm DenyUsers , 7523 +.Cm ForceCommand , 7524 +.Cm GatewayPorts , 7525 +.Cm GSSAPIAuthentication , 7526 +.Cm HostbasedAcceptedKeyTypes , 7527 +.Cm HostbasedAuthentication , 7528 +.Cm HostbasedUsesNameFromPacketOnly , 7529 +.Cm IPQoS , 7530 +.Cm KbdInteractiveAuthentication , 7531 +.Cm KerberosAuthentication , 7532 +.Cm MaxAuthTries , 7533 +.Cm MaxSessions , 7534 +.Cm PasswordAuthentication , 7535 +.Cm PermitEmptyPasswords , 7536 +.Cm PermitOpen , 7537 +.Cm PermitRootLogin , 7538 +.Cm PermitTTY , 7539 +.Cm PermitTunnel , 7540 +.Cm PermitUserRC , 7541 +.Cm PubkeyAcceptedKeyTypes , 7542 +.Cm PubkeyAuthentication , 7543 +.Cm RekeyLimit , 7544 +.Cm RevokedKeys , 7545 +.Cm RhostsRSAAuthentication , 7546 +.Cm RSAAuthentication , 7547 +.Cm StreamLocalBindMask , 7548 +.Cm StreamLocalBindUnlink , 7549 +.Cm TrustedUserCAKeys , 7550 +.Cm X11DisplayOffset , 7551 +.Cm X11Forwarding 7552 +and 7553 +.Cm X11UseLocalHost . 7554 +.It Cm MaxAuthTries 7555 +Specifies the maximum number of authentication attempts permitted per 7556 +connection. 7557 +Once the number of failures reaches half this value, 7558 +additional failures are logged. 7559 +The default is 6. 7560 +.It Cm MaxSessions 7561 +Specifies the maximum number of open sessions permitted per network connection. 7562 +The default is 10. 7563 +.It Cm MaxStartups 7564 +Specifies the maximum number of concurrent unauthenticated connections to the 7565 +SSH daemon. 7566 +Additional connections will be dropped until authentication succeeds or the 7567 +.Cm LoginGraceTime 7568 +expires for a connection. 7569 +The default is 10:30:100. 7570 +.Pp 7571 +Alternatively, random early drop can be enabled by specifying 7572 +the three colon separated values 7573 +.Dq start:rate:full 7574 +(e.g. "10:30:60"). 7575 +.Xr sshd 1M 7576 +will refuse connection attempts with a probability of 7577 +.Dq rate/100 7578 +(30%) 7579 +if there are currently 7580 +.Dq start 7581 +(10) 7582 +unauthenticated connections. 7583 +The probability increases linearly and all connection attempts 7584 +are refused if the number of unauthenticated connections reaches 7585 +.Dq full 7586 +(60). 7587 +.It Cm PasswordAuthentication 7588 +Specifies whether password authentication is allowed. 7589 +The default is 7590 +.Dq yes . 7591 +.It Cm PermitEmptyPasswords 7592 +When password authentication is allowed, it specifies whether the 7593 +server allows login to accounts with empty password strings. 7594 +The default is 7595 +.Dq no . 7596 +.It Cm PermitOpen 7597 +Specifies the destinations to which TCP port forwarding is permitted. 7598 +The forwarding specification must be one of the following forms: 7599 +.Pp 7600 +.Bl -item -offset indent -compact 7601 +.It 7602 +.Cm PermitOpen 7603 +.Sm off 7604 +.Ar host : port 7605 +.Sm on 7606 +.It 7607 +.Cm PermitOpen 7608 +.Sm off 7609 +.Ar IPv4_addr : port 7610 +.Sm on 7611 +.It 7612 +.Cm PermitOpen 7613 +.Sm off 7614 +.Ar \&[ IPv6_addr \&] : port 7615 +.Sm on 7616 +.El 7617 +.Pp 7618 +Multiple forwards may be specified by separating them with whitespace. 7619 +An argument of 7620 +.Dq any 7621 +can be used to remove all restrictions and permit any forwarding requests. 7622 +An argument of 7623 +.Dq none 7624 +can be used to prohibit all forwarding requests. 7625 +By default all port forwarding requests are permitted. 7626 +.It Cm PermitRootLogin 7627 +Specifies whether root can log in using 7628 +.Xr ssh 1 . 7629 +The argument must be 7630 +.Dq yes , 7631 +.Dq prohibit-password , 7632 +.Dq without-password , 7633 +.Dq forced-commands-only , 7634 +or 7635 +.Dq no . 7636 +The default is 7637 +.Dq prohibit-password . 7638 +.Pp 7639 +If this option is set to 7640 +.Dq prohibit-password 7641 +or 7642 +.Dq without-password , 7643 +password and keyboard-interactive authentication are disabled for root. 7644 +.Pp 7645 +If this option is set to 7646 +.Dq forced-commands-only , 7647 +root login with public key authentication will be allowed, 7648 +but only if the 7649 +.Ar command 7650 +option has been specified 7651 +(which may be useful for taking remote backups even if root login is 7652 +normally not allowed). 7653 +All other authentication methods are disabled for root. 7654 +.Pp 7655 +If this option is set to 7656 +.Dq no , 7657 +root is not allowed to log in. 7658 +.It Cm PermitTunnel 7659 +Specifies whether 7660 +.Xr tun 4 7661 +device forwarding is allowed. 7662 +The argument must be 7663 +.Dq yes , 7664 +.Dq point-to-point 7665 +(layer 3), 7666 +.Dq ethernet 7667 +(layer 2), or 7668 +.Dq no . 7669 +Specifying 7670 +.Dq yes 7671 +permits both 7672 +.Dq point-to-point 7673 +and 7674 +.Dq ethernet . 7675 +The default is 7676 +.Dq no . 7677 +.Pp 7678 +Independent of this setting, the permissions of the selected 7679 +.Xr tun 4 7680 +device must allow access to the user. 7681 +.It Cm PermitTTY 7682 +Specifies whether 7683 +.Xr pty 4 7684 +allocation is permitted. 7685 +The default is 7686 +.Dq yes . 7687 +.It Cm PermitUserEnvironment 7688 +Specifies whether 7689 +.Pa ~/.ssh/environment 7690 +and 7691 +.Cm environment= 7692 +options in 7693 +.Pa ~/.ssh/authorized_keys 7694 +are processed by 7695 +.Xr sshd 1M . 7696 +The default is 7697 +.Dq no . 7698 +Enabling environment processing may enable users to bypass access 7699 +restrictions in some configurations using mechanisms such as 7700 +.Ev LD_PRELOAD . 7701 +.It Cm PermitUserRC 7702 +Specifies whether any 7703 +.Pa ~/.ssh/rc 7704 +file is executed. 7705 +The default is 7706 +.Dq yes . 7707 +.It Cm PidFile 7708 +Specifies the file that contains the process ID of the 7709 +SSH daemon, or 7710 +.Dq none 7711 +to not write one. 7712 +The default is 7713 +.Pa /var/run/sshd.pid . 7714 +.It Cm Port 7715 +Specifies the port number that 7716 +.Xr sshd 1M 7717 +listens on. 7718 +The default is 22. 7719 +Multiple options of this type are permitted. 7720 +See also 7721 +.Cm ListenAddress . 7722 +.It Cm PrintLastLog 7723 +Specifies whether 7724 +.Xr sshd 1M 7725 +should print the date and time of the last user login when a user logs 7726 +in interactively. 7727 +On Solaris this option is always ignored since pam_unix_session(5) 7728 +reports the last login time. 7729 +.It Cm PrintMotd 7730 +Specifies whether 7731 +.Xr sshd 1M 7732 +should print 7733 +.Pa /etc/motd 7734 +when a user logs in interactively. 7735 +(On some systems it is also printed by the shell, 7736 +.Pa /etc/profile , 7737 +or equivalent.) 7738 +The default is 7739 +.Dq yes . 7740 +.It Cm Protocol 7741 +Specifies the protocol versions 7742 +.Xr sshd 1M 7743 +supports. 7744 +The possible values are 7745 +.Sq 1 7746 +and 7747 +.Sq 2 . 7748 +Multiple versions must be comma-separated. 7749 +The default is 7750 +.Sq 2 . 7751 +Note that the order of the protocol list does not indicate preference, 7752 +because the client selects among multiple protocol versions offered 7753 +by the server. 7754 +Specifying 7755 +.Dq 2,1 7756 +is identical to 7757 +.Dq 1,2 . 7758 +.It Cm PubkeyAcceptedKeyTypes 7759 +Specifies the key types that will be accepted for public key authentication 7760 +as a comma-separated pattern list. 7761 +Alternately if the specified value begins with a 7762 +.Sq + 7763 +character, then the specified key types will be appended to the default set 7764 +instead of replacing them. 7765 +The default for this option is: 7766 +.Bd -literal -offset 3n 7767 +ecdsa-sha2-nistp256-cert-v01@openssh.com, 7768 +ecdsa-sha2-nistp384-cert-v01@openssh.com, 7769 +ecdsa-sha2-nistp521-cert-v01@openssh.com, 7770 +ssh-ed25519-cert-v01@openssh.com, 7771 +ssh-rsa-cert-v01@openssh.com, 7772 +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 7773 +ssh-ed25519,ssh-rsa 7774 +.Ed 7775 +.Pp 7776 +The 7777 +.Fl Q 7778 +option of 7779 +.Xr ssh 1 7780 +may be used to list supported key types. 7781 +.It Cm PubkeyAuthentication 7782 +Specifies whether public key authentication is allowed. 7783 +The default is 7784 +.Dq yes . 7785 +Note that this option applies to protocol version 2 only. 7786 +.It Cm RekeyLimit 7787 +Specifies the maximum amount of data that may be transmitted before the 7788 +session key is renegotiated, optionally followed a maximum amount of 7789 +time that may pass before the session key is renegotiated. 7790 +The first argument is specified in bytes and may have a suffix of 7791 +.Sq K , 7792 +.Sq M , 7793 +or 7794 +.Sq G 7795 +to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 7796 +The default is between 7797 +.Sq 1G 7798 +and 7799 +.Sq 4G , 7800 +depending on the cipher. 7801 +The optional second value is specified in seconds and may use any of the 7802 +units documented in the 7803 +.Sx TIME FORMATS 7804 +section. 7805 +The default value for 7806 +.Cm RekeyLimit 7807 +is 7808 +.Dq default none , 7809 +which means that rekeying is performed after the cipher's default amount 7810 +of data has been sent or received and no time based rekeying is done. 7811 +This option applies to protocol version 2 only. 7812 +.It Cm RevokedKeys 7813 +Specifies revoked public keys file, or 7814 +.Dq none 7815 +to not use one. 7816 +Keys listed in this file will be refused for public key authentication. 7817 +Note that if this file is not readable, then public key authentication will 7818 +be refused for all users. 7819 +Keys may be specified as a text file, listing one public key per line, or as 7820 +an OpenSSH Key Revocation List (KRL) as generated by 7821 +.Xr ssh-keygen 1 . 7822 +For more information on KRLs, see the KEY REVOCATION LISTS section in 7823 +.Xr ssh-keygen 1 . 7824 +.It Cm RhostsRSAAuthentication 7825 +Specifies whether rhosts or /etc/hosts.equiv authentication together 7826 +with successful RSA host authentication is allowed. 7827 +The default is 7828 +.Dq no . 7829 +This option applies to protocol version 1 only. 7830 +.It Cm RSAAuthentication 7831 +Specifies whether pure RSA authentication is allowed. 7832 +The default is 7833 +.Dq yes . 7834 +This option applies to protocol version 1 only. 7835 +.It Cm ServerKeyBits 7836 +Defines the number of bits in the ephemeral protocol version 1 server key. 7837 +The default and minimum value is 1024. 7838 +.It Cm StreamLocalBindMask 7839 +Sets the octal file creation mode mask 7840 +.Pq umask 7841 +used when creating a Unix-domain socket file for local or remote 7842 +port forwarding. 7843 +This option is only used for port forwarding to a Unix-domain socket file. 7844 +.Pp 7845 +The default value is 0177, which creates a Unix-domain socket file that is 7846 +readable and writable only by the owner. 7847 +Note that not all operating systems honor the file mode on Unix-domain 7848 +socket files. 7849 +.It Cm StreamLocalBindUnlink 7850 +Specifies whether to remove an existing Unix-domain socket file for local 7851 +or remote port forwarding before creating a new one. 7852 +If the socket file already exists and 7853 +.Cm StreamLocalBindUnlink 7854 +is not enabled, 7855 +.Nm sshd 7856 +will be unable to forward the port to the Unix-domain socket file. 7857 +This option is only used for port forwarding to a Unix-domain socket file. 7858 +.Pp 7859 +The argument must be 7860 +.Dq yes 7861 +or 7862 +.Dq no . 7863 +The default is 7864 +.Dq no . 7865 +.It Cm StrictModes 7866 +Specifies whether 7867 +.Xr sshd 1M 7868 +should check file modes and ownership of the 7869 +user's files and home directory before accepting login. 7870 +This is normally desirable because novices sometimes accidentally leave their 7871 +directory or files world-writable. 7872 +The default is 7873 +.Dq yes . 7874 +Note that this does not apply to 7875 +.Cm ChrootDirectory , 7876 +whose permissions and ownership are checked unconditionally. 7877 +.It Cm Subsystem 7878 +Configures an external subsystem (e.g. file transfer daemon). 7879 +Arguments should be a subsystem name and a command (with optional arguments) 7880 +to execute upon subsystem request. 7881 +.Pp 7882 +The command 7883 +.Xr sftp-server 8 7884 +implements the 7885 +.Dq sftp 7886 +file transfer subsystem. 7887 +.Pp 7888 +Alternately the name 7889 +.Dq internal-sftp 7890 +implements an in-process 7891 +.Dq sftp 7892 +server. 7893 +This may simplify configurations using 7894 +.Cm ChrootDirectory 7895 +to force a different filesystem root on clients. 7896 +.Pp 7897 +By default no subsystems are defined. 7898 +Note that this option applies to protocol version 2 only. 7899 +.It Cm SyslogFacility 7900 +Gives the facility code that is used when logging messages from 7901 +.Xr sshd 1M . 7902 +The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 7903 +LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 7904 +The default is AUTH. 7905 +.It Cm TCPKeepAlive 7906 +Specifies whether the system should send TCP keepalive messages to the 7907 +other side. 7908 +If they are sent, death of the connection or crash of one 7909 +of the machines will be properly noticed. 7910 +However, this means that 7911 +connections will die if the route is down temporarily, and some people 7912 +find it annoying. 7913 +On the other hand, if TCP keepalives are not sent, 7914 +sessions may hang indefinitely on the server, leaving 7915 +.Dq ghost 7916 +users and consuming server resources. 7917 +.Pp 7918 +The default is 7919 +.Dq yes 7920 +(to send TCP keepalive messages), and the server will notice 7921 +if the network goes down or the client host crashes. 7922 +This avoids infinitely hanging sessions. 7923 +.Pp 7924 +To disable TCP keepalive messages, the value should be set to 7925 +.Dq no . 7926 +.It Cm TrustedUserCAKeys 7927 +Specifies a file containing public keys of certificate authorities that are 7928 +trusted to sign user certificates for authentication, or 7929 +.Dq none 7930 +to not use one. 7931 +Keys are listed one per line; empty lines and comments starting with 7932 +.Ql # 7933 +are allowed. 7934 +If a certificate is presented for authentication and has its signing CA key 7935 +listed in this file, then it may be used for authentication for any user 7936 +listed in the certificate's principals list. 7937 +Note that certificates that lack a list of principals will not be permitted 7938 +for authentication using 7939 +.Cm TrustedUserCAKeys . 7940 +For more details on certificates, see the CERTIFICATES section in 7941 +.Xr ssh-keygen 1 . 7942 +.It Cm UseDNS 7943 +Specifies whether 7944 +.Xr sshd 1M 7945 +should look up the remote host name, and to check that 7946 +the resolved host name for the remote IP address maps back to the 7947 +very same IP address. 7948 +.Pp 7949 +If this option is set to 7950 +.Dq no 7951 +(the default) then only addresses and not host names may be used in 7952 +.Pa ~/.ssh/known_hosts 7953 +.Cm from 7954 +and 7955 +.Nm 7956 +.Cm Match 7957 +.Cm Host 7958 +directives. 7959 +.It Cm UseLogin 7960 +Specifies whether 7961 +.Xr login 1 7962 +is used for interactive login sessions. 7963 +The default is 7964 +.Dq no . 7965 +Note that 7966 +.Xr login 1 7967 +is never used for remote command execution. 7968 +Note also, that if this is enabled, 7969 +.Cm X11Forwarding 7970 +will be disabled because 7971 +.Xr login 1 7972 +does not know how to handle 7973 +.Xr xauth 1 7974 +cookies. 7975 +If 7976 +.Cm UsePrivilegeSeparation 7977 +is specified, it will be disabled after authentication. 7978 +.It Cm UsePAM 7979 +Enables the Pluggable Authentication Module interface. 7980 +If set to 7981 +.Dq yes 7982 +this will enable PAM authentication using 7983 +.Cm ChallengeResponseAuthentication 7984 +and 7985 +.Cm PasswordAuthentication 7986 +in addition to PAM account and session module processing for all 7987 +authentication types. 7988 +.Pp 7989 +Because PAM challenge-response authentication usually serves an equivalent 7990 +role to password authentication, you should disable either 7991 +.Cm PasswordAuthentication 7992 +or 7993 +.Cm ChallengeResponseAuthentication. 7994 +.Pp 7995 +If 7996 +.Cm UsePAM 7997 +is enabled, you will not be able to run 7998 +.Xr sshd 1M 7999 +as a non-root user. 8000 +The default is 8001 +.Dq no . 8002 +.It Cm UsePrivilegeSeparation 8003 +Specifies whether 8004 +.Xr sshd 1M 8005 +separates privileges by creating an unprivileged child process 8006 +to deal with incoming network traffic. 8007 +After successful authentication, another process will be created that has 8008 +the privilege of the authenticated user. 8009 +The goal of privilege separation is to prevent privilege 8010 +escalation by containing any corruption within the unprivileged processes. 8011 +The default is 8012 +.Dq yes . 8013 +If 8014 +.Cm UsePrivilegeSeparation 8015 +is set to 8016 +.Dq sandbox 8017 +then the pre-authentication unprivileged process is subject to additional 8018 +restrictions. 8019 +.It Cm VersionAddendum 8020 +Optionally specifies additional text to append to the SSH protocol banner 8021 +sent by the server upon connection. 8022 +The default is 8023 +.Dq none . 8024 +.It Cm X11DisplayOffset 8025 +Specifies the first display number available for 8026 +.Xr sshd 1M Ns 's 8027 +X11 forwarding. 8028 +This prevents sshd from interfering with real X11 servers. 8029 +The default is 10. 8030 +.It Cm X11Forwarding 8031 +Specifies whether X11 forwarding is permitted. 8032 +The argument must be 8033 +.Dq yes 8034 +or 8035 +.Dq no . 8036 +The default is 8037 +.Dq no . 8038 +.Pp 8039 +When X11 forwarding is enabled, there may be additional exposure to 8040 +the server and to client displays if the 8041 +.Xr sshd 1M 8042 +proxy display is configured to listen on the wildcard address (see 8043 +.Cm X11UseLocalhost 8044 +below), though this is not the default. 8045 +Additionally, the authentication spoofing and authentication data 8046 +verification and substitution occur on the client side. 8047 +The security risk of using X11 forwarding is that the client's X11 8048 +display server may be exposed to attack when the SSH client requests 8049 +forwarding (see the warnings for 8050 +.Cm ForwardX11 8051 +in 8052 +.Xr ssh_config 4 ) . 8053 +A system administrator may have a stance in which they want to 8054 +protect clients that may expose themselves to attack by unwittingly 8055 +requesting X11 forwarding, which can warrant a 8056 +.Dq no 8057 +setting. 8058 +.Pp 8059 +Note that disabling X11 forwarding does not prevent users from 8060 +forwarding X11 traffic, as users can always install their own forwarders. 8061 +X11 forwarding is automatically disabled if 8062 +.Cm UseLogin 8063 +is enabled. 8064 +.It Cm X11UseLocalhost 8065 +Specifies whether 8066 +.Xr sshd 1M 8067 +should bind the X11 forwarding server to the loopback address or to 8068 +the wildcard address. 8069 +By default, 8070 +sshd binds the forwarding server to the loopback address and sets the 8071 +hostname part of the 8072 +.Ev DISPLAY 8073 +environment variable to 8074 +.Dq localhost . 8075 +This prevents remote hosts from connecting to the proxy display. 8076 +However, some older X11 clients may not function with this 8077 +configuration. 8078 +.Cm X11UseLocalhost 8079 +may be set to 8080 +.Dq no 8081 +to specify that the forwarding server should be bound to the wildcard 8082 +address. 8083 +The argument must be 8084 +.Dq yes 8085 +or 8086 +.Dq no . 8087 +The default is 8088 +.Dq yes . 8089 +.It Cm XAuthLocation 8090 +Specifies the full pathname of the 8091 +.Xr xauth 1 8092 +program, or 8093 +.Dq none 8094 +to not use one. 8095 +The default is 8096 +.Pa /usr/X11R6/bin/xauth . 8097 +.El 8098 +.Sh TIME FORMATS 8099 +.Xr sshd 1M 8100 +command-line arguments and configuration file options that specify time 8101 +may be expressed using a sequence of the form: 8102 +.Sm off 8103 +.Ar time Op Ar qualifier , 8104 +.Sm on 8105 +where 8106 +.Ar time 8107 +is a positive integer value and 8108 +.Ar qualifier 8109 +is one of the following: 8110 +.Pp 8111 +.Bl -tag -width Ds -compact -offset indent 8112 +.It Aq Cm none 8113 +seconds 8114 +.It Cm s | Cm S 8115 +seconds 8116 +.It Cm m | Cm M 8117 +minutes 8118 +.It Cm h | Cm H 8119 +hours 8120 +.It Cm d | Cm D 8121 +days 8122 +.It Cm w | Cm W 8123 +weeks 8124 +.El 8125 +.Pp 8126 +Each member of the sequence is added together to calculate 8127 +the total time value. 8128 +.Pp 8129 +Time format examples: 8130 +.Pp 8131 +.Bl -tag -width Ds -compact -offset indent 8132 +.It 600 8133 +600 seconds (10 minutes) 8134 +.It 10m 8135 +10 minutes 8136 +.It 1h30m 8137 +1 hour 30 minutes (90 minutes) 8138 +.El 8139 +.Sh FILES 8140 +.Bl -tag -width Ds 8141 +.It Pa /etc/ssh/sshd_config 8142 +Contains configuration data for 8143 +.Xr sshd 1M . 8144 +This file should be writable by root only, but it is recommended 8145 +(though not necessary) that it be world-readable. 8146 +.El 8147 +.Sh SEE ALSO 8148 +.Xr sshd 1M , 8149 +.Xr pam_unix_session 5 8150 +.Sh AUTHORS 8151 +OpenSSH is a derivative of the original and free 8152 +ssh 1.2.12 release by Tatu Ylonen. 8153 +Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 8154 +Theo de Raadt and Dug Song 8155 +removed many bugs, re-added newer features and 8156 +created OpenSSH. 8157 +Markus Friedl contributed the support for SSH 8158 +protocol versions 1.5 and 2.0. 8159 +Niels Provos and Markus Friedl contributed support 8160 +for privilege separation. 8161 diff --git a/sshd_config.5 b/sshd_config.5 8162 deleted file mode 100644 8163 index 476f71c..0000000 8164 --- a/sshd_config.5 8165 +++ /dev/null 8166 @@ -1,1736 +0,0 @@ 8167 -.\" 8168 -.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 8169 -.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 8170 -.\" All rights reserved 8171 -.\" 8172 -.\" As far as I am concerned, the code I have written for this software 8173 -.\" can be used freely for any purpose. Any derived versions of this 8174 -.\" software must be clearly marked as such, and if the derived work is 8175 -.\" incompatible with the protocol description in the RFC file, it must be 8176 -.\" called by a name other than "ssh" or "Secure Shell". 8177 -.\" 8178 -.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 8179 -.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 8180 -.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 8181 -.\" 8182 -.\" Redistribution and use in source and binary forms, with or without 8183 -.\" modification, are permitted provided that the following conditions 8184 -.\" are met: 8185 -.\" 1. Redistributions of source code must retain the above copyright 8186 -.\" notice, this list of conditions and the following disclaimer. 8187 -.\" 2. Redistributions in binary form must reproduce the above copyright 8188 -.\" notice, this list of conditions and the following disclaimer in the 8189 -.\" documentation and/or other materials provided with the distribution. 8190 -.\" 8191 -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 8192 -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 8193 -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 8194 -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 8195 -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 8196 -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 8197 -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 8198 -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 8199 -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 8200 -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 8201 -.\" 8202 -.\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $ 8203 -.Dd $Mdocdate: August 14 2015 $ 8204 -.Dt SSHD_CONFIG 5 8205 -.Os 8206 -.Sh NAME 8207 -.Nm sshd_config 8208 -.Nd OpenSSH SSH daemon configuration file 8209 -.Sh SYNOPSIS 8210 -.Nm /etc/ssh/sshd_config 8211 -.Sh DESCRIPTION 8212 -.Xr sshd 8 8213 -reads configuration data from 8214 -.Pa /etc/ssh/sshd_config 8215 -(or the file specified with 8216 -.Fl f 8217 -on the command line). 8218 -The file contains keyword-argument pairs, one per line. 8219 -Lines starting with 8220 -.Ql # 8221 -and empty lines are interpreted as comments. 8222 -Arguments may optionally be enclosed in double quotes 8223 -.Pq \&" 8224 -in order to represent arguments containing spaces. 8225 -.Pp 8226 -The possible 8227 -keywords and their meanings are as follows (note that 8228 -keywords are case-insensitive and arguments are case-sensitive): 8229 -.Bl -tag -width Ds 8230 -.It Cm AcceptEnv 8231 -Specifies what environment variables sent by the client will be copied into 8232 -the session's 8233 -.Xr environ 7 . 8234 -See 8235 -.Cm SendEnv 8236 -in 8237 -.Xr ssh_config 5 8238 -for how to configure the client. 8239 -Note that environment passing is only supported for protocol 2, and 8240 -that the 8241 -.Ev TERM 8242 -environment variable is always sent whenever the client 8243 -requests a pseudo-terminal as it is required by the protocol. 8244 -Variables are specified by name, which may contain the wildcard characters 8245 -.Ql * 8246 -and 8247 -.Ql \&? . 8248 -Multiple environment variables may be separated by whitespace or spread 8249 -across multiple 8250 -.Cm AcceptEnv 8251 -directives. 8252 -Be warned that some environment variables could be used to bypass restricted 8253 -user environments. 8254 -For this reason, care should be taken in the use of this directive. 8255 -The default is not to accept any environment variables. 8256 -.It Cm AddressFamily 8257 -Specifies which address family should be used by 8258 -.Xr sshd 8 . 8259 -Valid arguments are 8260 -.Dq any , 8261 -.Dq inet 8262 -(use IPv4 only), or 8263 -.Dq inet6 8264 -(use IPv6 only). 8265 -The default is 8266 -.Dq any . 8267 -.It Cm AllowAgentForwarding 8268 -Specifies whether 8269 -.Xr ssh-agent 1 8270 -forwarding is permitted. 8271 -The default is 8272 -.Dq yes . 8273 -Note that disabling agent forwarding does not improve security 8274 -unless users are also denied shell access, as they can always install 8275 -their own forwarders. 8276 -.It Cm AllowGroups 8277 -This keyword can be followed by a list of group name patterns, separated 8278 -by spaces. 8279 -If specified, login is allowed only for users whose primary 8280 -group or supplementary group list matches one of the patterns. 8281 -Only group names are valid; a numerical group ID is not recognized. 8282 -By default, login is allowed for all groups. 8283 -The allow/deny directives are processed in the following order: 8284 -.Cm DenyUsers , 8285 -.Cm AllowUsers , 8286 -.Cm DenyGroups , 8287 -and finally 8288 -.Cm AllowGroups . 8289 -.Pp 8290 -See PATTERNS in 8291 -.Xr ssh_config 5 8292 -for more information on patterns. 8293 -.It Cm AllowTcpForwarding 8294 -Specifies whether TCP forwarding is permitted. 8295 -The available options are 8296 -.Dq yes 8297 -or 8298 -.Dq all 8299 -to allow TCP forwarding, 8300 -.Dq no 8301 -to prevent all TCP forwarding, 8302 -.Dq local 8303 -to allow local (from the perspective of 8304 -.Xr ssh 1 ) 8305 -forwarding only or 8306 -.Dq remote 8307 -to allow remote forwarding only. 8308 -The default is 8309 -.Dq yes . 8310 -Note that disabling TCP forwarding does not improve security unless 8311 -users are also denied shell access, as they can always install their 8312 -own forwarders. 8313 -.It Cm AllowStreamLocalForwarding 8314 -Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. 8315 -The available options are 8316 -.Dq yes 8317 -or 8318 -.Dq all 8319 -to allow StreamLocal forwarding, 8320 -.Dq no 8321 -to prevent all StreamLocal forwarding, 8322 -.Dq local 8323 -to allow local (from the perspective of 8324 -.Xr ssh 1 ) 8325 -forwarding only or 8326 -.Dq remote 8327 -to allow remote forwarding only. 8328 -The default is 8329 -.Dq yes . 8330 -Note that disabling StreamLocal forwarding does not improve security unless 8331 -users are also denied shell access, as they can always install their 8332 -own forwarders. 8333 -.It Cm AllowUsers 8334 -This keyword can be followed by a list of user name patterns, separated 8335 -by spaces. 8336 -If specified, login is allowed only for user names that 8337 -match one of the patterns. 8338 -Only user names are valid; a numerical user ID is not recognized. 8339 -By default, login is allowed for all users. 8340 -If the pattern takes the form USER@HOST then USER and HOST 8341 -are separately checked, restricting logins to particular 8342 -users from particular hosts. 8343 -The allow/deny directives are processed in the following order: 8344 -.Cm DenyUsers , 8345 -.Cm AllowUsers , 8346 -.Cm DenyGroups , 8347 -and finally 8348 -.Cm AllowGroups . 8349 -.Pp 8350 -See PATTERNS in 8351 -.Xr ssh_config 5 8352 -for more information on patterns. 8353 -.It Cm AuthenticationMethods 8354 -Specifies the authentication methods that must be successfully completed 8355 -for a user to be granted access. 8356 -This option must be followed by one or more comma-separated lists of 8357 -authentication method names. 8358 -Successful authentication requires completion of every method in at least 8359 -one of these lists. 8360 -.Pp 8361 -For example, an argument of 8362 -.Dq publickey,password publickey,keyboard-interactive 8363 -would require the user to complete public key authentication, followed by 8364 -either password or keyboard interactive authentication. 8365 -Only methods that are next in one or more lists are offered at each stage, 8366 -so for this example, it would not be possible to attempt password or 8367 -keyboard-interactive authentication before public key. 8368 -.Pp 8369 -For keyboard interactive authentication it is also possible to 8370 -restrict authentication to a specific device by appending a 8371 -colon followed by the device identifier 8372 -.Dq bsdauth , 8373 -.Dq pam , 8374 -or 8375 -.Dq skey , 8376 -depending on the server configuration. 8377 -For example, 8378 -.Dq keyboard-interactive:bsdauth 8379 -would restrict keyboard interactive authentication to the 8380 -.Dq bsdauth 8381 -device. 8382 -.Pp 8383 -If the 8384 -.Dq publickey 8385 -method is listed more than once, 8386 -.Xr sshd 8 8387 -verifies that keys that have been used successfully are not reused for 8388 -subsequent authentications. 8389 -For example, an 8390 -.Cm AuthenticationMethods 8391 -of 8392 -.Dq publickey,publickey 8393 -will require successful authentication using two different public keys. 8394 -.Pp 8395 -This option is only available for SSH protocol 2 and will yield a fatal 8396 -error if enabled if protocol 1 is also enabled. 8397 -Note that each authentication method listed should also be explicitly enabled 8398 -in the configuration. 8399 -The default is not to require multiple authentication; successful completion 8400 -of a single authentication method is sufficient. 8401 -.It Cm AuthorizedKeysCommand 8402 -Specifies a program to be used to look up the user's public keys. 8403 -The program must be owned by root, not writable by group or others and 8404 -specified by an absolute path. 8405 -.Pp 8406 -Arguments to 8407 -.Cm AuthorizedKeysCommand 8408 -may be provided using the following tokens, which will be expanded 8409 -at runtime: %% is replaced by a literal '%', %u is replaced by the 8410 -username being authenticated, %h is replaced by the home directory 8411 -of the user being authenticated, %t is replaced with the key type 8412 -offered for authentication, %f is replaced with the fingerprint of 8413 -the key, and %k is replaced with the key being offered for authentication. 8414 -If no arguments are specified then the username of the target user 8415 -will be supplied. 8416 -.Pp 8417 -The program should produce on standard output zero or 8418 -more lines of authorized_keys output (see AUTHORIZED_KEYS in 8419 -.Xr sshd 8 ) . 8420 -If a key supplied by AuthorizedKeysCommand does not successfully authenticate 8421 -and authorize the user then public key authentication continues using the usual 8422 -.Cm AuthorizedKeysFile 8423 -files. 8424 -By default, no AuthorizedKeysCommand is run. 8425 -.It Cm AuthorizedKeysCommandUser 8426 -Specifies the user under whose account the AuthorizedKeysCommand is run. 8427 -It is recommended to use a dedicated user that has no other role on the host 8428 -than running authorized keys commands. 8429 -If 8430 -.Cm AuthorizedKeysCommand 8431 -is specified but 8432 -.Cm AuthorizedKeysCommandUser 8433 -is not, then 8434 -.Xr sshd 8 8435 -will refuse to start. 8436 -.It Cm AuthorizedKeysFile 8437 -Specifies the file that contains the public keys that can be used 8438 -for user authentication. 8439 -The format is described in the 8440 -AUTHORIZED_KEYS FILE FORMAT 8441 -section of 8442 -.Xr sshd 8 . 8443 -.Cm AuthorizedKeysFile 8444 -may contain tokens of the form %T which are substituted during connection 8445 -setup. 8446 -The following tokens are defined: %% is replaced by a literal '%', 8447 -%h is replaced by the home directory of the user being authenticated, and 8448 -%u is replaced by the username of that user. 8449 -After expansion, 8450 -.Cm AuthorizedKeysFile 8451 -is taken to be an absolute path or one relative to the user's home 8452 -directory. 8453 -Multiple files may be listed, separated by whitespace. 8454 -The default is 8455 -.Dq .ssh/authorized_keys .ssh/authorized_keys2 . 8456 -.It Cm AuthorizedPrincipalsCommand 8457 -Specifies a program to be used to generate the list of allowed 8458 -certificate principals as per 8459 -.Cm AuthorizedPrincipalsFile . 8460 -The program must be owned by root, not writable by group or others and 8461 -specified by an absolute path. 8462 -.Pp 8463 -Arguments to 8464 -.Cm AuthorizedPrincipalsCommand 8465 -may be provided using the following tokens, which will be expanded 8466 -at runtime: %% is replaced by a literal '%', %u is replaced by the 8467 -username being authenticated and %h is replaced by the home directory 8468 -of the user being authenticated. 8469 -.Pp 8470 -The program should produce on standard output zero or 8471 -more lines of 8472 -.Cm AuthorizedPrincipalsFile 8473 -output. 8474 -If either 8475 -.Cm AuthorizedPrincipalsCommand 8476 -or 8477 -.Cm AuthorizedPrincipalsFile 8478 -is specified, then certificates offered by the client for authentication 8479 -must contain a principal that is listed. 8480 -By default, no AuthorizedPrincipalsCommand is run. 8481 -.It Cm AuthorizedPrincipalsCommandUser 8482 -Specifies the user under whose account the AuthorizedPrincipalsCommand is run. 8483 -It is recommended to use a dedicated user that has no other role on the host 8484 -than running authorized principals commands. 8485 -If 8486 -.Cm AuthorizedPrincipalsCommand 8487 -is specified but 8488 -.Cm AuthorizedPrincipalsCommandUser 8489 -is not, then 8490 -.Xr sshd 8 8491 -will refuse to start. 8492 -.It Cm AuthorizedPrincipalsFile 8493 -Specifies a file that lists principal names that are accepted for 8494 -certificate authentication. 8495 -When using certificates signed by a key listed in 8496 -.Cm TrustedUserCAKeys , 8497 -this file lists names, one of which must appear in the certificate for it 8498 -to be accepted for authentication. 8499 -Names are listed one per line preceded by key options (as described 8500 -in AUTHORIZED_KEYS FILE FORMAT in 8501 -.Xr sshd 8 ) . 8502 -Empty lines and comments starting with 8503 -.Ql # 8504 -are ignored. 8505 -.Pp 8506 -.Cm AuthorizedPrincipalsFile 8507 -may contain tokens of the form %T which are substituted during connection 8508 -setup. 8509 -The following tokens are defined: %% is replaced by a literal '%', 8510 -%h is replaced by the home directory of the user being authenticated, and 8511 -%u is replaced by the username of that user. 8512 -After expansion, 8513 -.Cm AuthorizedPrincipalsFile 8514 -is taken to be an absolute path or one relative to the user's home 8515 -directory. 8516 -.Pp 8517 -The default is 8518 -.Dq none , 8519 -i.e. not to use a principals file \(en in this case, the username 8520 -of the user must appear in a certificate's principals list for it to be 8521 -accepted. 8522 -Note that 8523 -.Cm AuthorizedPrincipalsFile 8524 -is only used when authentication proceeds using a CA listed in 8525 -.Cm TrustedUserCAKeys 8526 -and is not consulted for certification authorities trusted via 8527 -.Pa ~/.ssh/authorized_keys , 8528 -though the 8529 -.Cm principals= 8530 -key option offers a similar facility (see 8531 -.Xr sshd 8 8532 -for details). 8533 -.It Cm Banner 8534 -The contents of the specified file are sent to the remote user before 8535 -authentication is allowed. 8536 -If the argument is 8537 -.Dq none 8538 -then no banner is displayed. 8539 -This option is only available for protocol version 2. 8540 -By default, no banner is displayed. 8541 -.It Cm ChallengeResponseAuthentication 8542 -Specifies whether challenge-response authentication is allowed (e.g. via 8543 -PAM or through authentication styles supported in 8544 -.Xr login.conf 5 ) 8545 -The default is 8546 -.Dq yes . 8547 -.It Cm ChrootDirectory 8548 -Specifies the pathname of a directory to 8549 -.Xr chroot 2 8550 -to after authentication. 8551 -At session startup 8552 -.Xr sshd 8 8553 -checks that all components of the pathname are root-owned directories 8554 -which are not writable by any other user or group. 8555 -After the chroot, 8556 -.Xr sshd 8 8557 -changes the working directory to the user's home directory. 8558 -.Pp 8559 -The pathname may contain the following tokens that are expanded at runtime once 8560 -the connecting user has been authenticated: %% is replaced by a literal '%', 8561 -%h is replaced by the home directory of the user being authenticated, and 8562 -%u is replaced by the username of that user. 8563 -.Pp 8564 -The 8565 -.Cm ChrootDirectory 8566 -must contain the necessary files and directories to support the 8567 -user's session. 8568 -For an interactive session this requires at least a shell, typically 8569 -.Xr sh 1 , 8570 -and basic 8571 -.Pa /dev 8572 -nodes such as 8573 -.Xr null 4 , 8574 -.Xr zero 4 , 8575 -.Xr stdin 4 , 8576 -.Xr stdout 4 , 8577 -.Xr stderr 4 , 8578 -and 8579 -.Xr tty 4 8580 -devices. 8581 -For file transfer sessions using 8582 -.Dq sftp , 8583 -no additional configuration of the environment is necessary if the 8584 -in-process sftp server is used, 8585 -though sessions which use logging may require 8586 -.Pa /dev/log 8587 -inside the chroot directory on some operating systems (see 8588 -.Xr sftp-server 8 8589 -for details). 8590 -.Pp 8591 -For safety, it is very important that the directory hierarchy be 8592 -prevented from modification by other processes on the system (especially 8593 -those outside the jail). 8594 -Misconfiguration can lead to unsafe environments which 8595 -.Xr sshd 8 8596 -cannot detect. 8597 -.Pp 8598 -The default is not to 8599 -.Xr chroot 2 . 8600 -.It Cm Ciphers 8601 -Specifies the ciphers allowed for protocol version 2. 8602 -Multiple ciphers must be comma-separated. 8603 -If the specified value begins with a 8604 -.Sq + 8605 -character, then the specified ciphers will be appended to the default set 8606 -instead of replacing them. 8607 -.Pp 8608 -The supported ciphers are: 8609 -.Pp 8610 -.Bl -item -compact -offset indent 8611 -.It 8612 -3des-cbc 8613 -.It 8614 -aes128-cbc 8615 -.It 8616 -aes192-cbc 8617 -.It 8618 -aes256-cbc 8619 -.It 8620 -aes128-ctr 8621 -.It 8622 -aes192-ctr 8623 -.It 8624 -aes256-ctr 8625 -.It 8626 -aes128-gcm@openssh.com 8627 -.It 8628 -aes256-gcm@openssh.com 8629 -.It 8630 -arcfour 8631 -.It 8632 -arcfour128 8633 -.It 8634 -arcfour256 8635 -.It 8636 -blowfish-cbc 8637 -.It 8638 -cast128-cbc 8639 -.It 8640 -chacha20-poly1305@openssh.com 8641 -.El 8642 -.Pp 8643 -The default is: 8644 -.Bd -literal -offset indent 8645 -chacha20-poly1305@openssh.com, 8646 -aes128-ctr,aes192-ctr,aes256-ctr, 8647 -aes128-gcm@openssh.com,aes256-gcm@openssh.com 8648 -.Ed 8649 -.Pp 8650 -The list of available ciphers may also be obtained using the 8651 -.Fl Q 8652 -option of 8653 -.Xr ssh 1 8654 -with an argument of 8655 -.Dq cipher . 8656 -.It Cm ClientAliveCountMax 8657 -Sets the number of client alive messages (see below) which may be 8658 -sent without 8659 -.Xr sshd 8 8660 -receiving any messages back from the client. 8661 -If this threshold is reached while client alive messages are being sent, 8662 -sshd will disconnect the client, terminating the session. 8663 -It is important to note that the use of client alive messages is very 8664 -different from 8665 -.Cm TCPKeepAlive 8666 -(below). 8667 -The client alive messages are sent through the encrypted channel 8668 -and therefore will not be spoofable. 8669 -The TCP keepalive option enabled by 8670 -.Cm TCPKeepAlive 8671 -is spoofable. 8672 -The client alive mechanism is valuable when the client or 8673 -server depend on knowing when a connection has become inactive. 8674 -.Pp 8675 -The default value is 3. 8676 -If 8677 -.Cm ClientAliveInterval 8678 -(see below) is set to 15, and 8679 -.Cm ClientAliveCountMax 8680 -is left at the default, unresponsive SSH clients 8681 -will be disconnected after approximately 45 seconds. 8682 -This option applies to protocol version 2 only. 8683 -.It Cm ClientAliveInterval 8684 -Sets a timeout interval in seconds after which if no data has been received 8685 -from the client, 8686 -.Xr sshd 8 8687 -will send a message through the encrypted 8688 -channel to request a response from the client. 8689 -The default 8690 -is 0, indicating that these messages will not be sent to the client. 8691 -This option applies to protocol version 2 only. 8692 -.It Cm Compression 8693 -Specifies whether compression is allowed, or delayed until 8694 -the user has authenticated successfully. 8695 -The argument must be 8696 -.Dq yes , 8697 -.Dq delayed , 8698 -or 8699 -.Dq no . 8700 -The default is 8701 -.Dq delayed . 8702 -.It Cm DenyGroups 8703 -This keyword can be followed by a list of group name patterns, separated 8704 -by spaces. 8705 -Login is disallowed for users whose primary group or supplementary 8706 -group list matches one of the patterns. 8707 -Only group names are valid; a numerical group ID is not recognized. 8708 -By default, login is allowed for all groups. 8709 -The allow/deny directives are processed in the following order: 8710 -.Cm DenyUsers , 8711 -.Cm AllowUsers , 8712 -.Cm DenyGroups , 8713 -and finally 8714 -.Cm AllowGroups . 8715 -.Pp 8716 -See PATTERNS in 8717 -.Xr ssh_config 5 8718 -for more information on patterns. 8719 -.It Cm DenyUsers 8720 -This keyword can be followed by a list of user name patterns, separated 8721 -by spaces. 8722 -Login is disallowed for user names that match one of the patterns. 8723 -Only user names are valid; a numerical user ID is not recognized. 8724 -By default, login is allowed for all users. 8725 -If the pattern takes the form USER@HOST then USER and HOST 8726 -are separately checked, restricting logins to particular 8727 -users from particular hosts. 8728 -The allow/deny directives are processed in the following order: 8729 -.Cm DenyUsers , 8730 -.Cm AllowUsers , 8731 -.Cm DenyGroups , 8732 -and finally 8733 -.Cm AllowGroups . 8734 -.Pp 8735 -See PATTERNS in 8736 -.Xr ssh_config 5 8737 -for more information on patterns. 8738 -.It Cm FingerprintHash 8739 -Specifies the hash algorithm used when logging key fingerprints. 8740 -Valid options are: 8741 -.Dq md5 8742 -and 8743 -.Dq sha256 . 8744 -The default is 8745 -.Dq sha256 . 8746 -.It Cm ForceCommand 8747 -Forces the execution of the command specified by 8748 -.Cm ForceCommand , 8749 -ignoring any command supplied by the client and 8750 -.Pa ~/.ssh/rc 8751 -if present. 8752 -The command is invoked by using the user's login shell with the -c option. 8753 -This applies to shell, command, or subsystem execution. 8754 -It is most useful inside a 8755 -.Cm Match 8756 -block. 8757 -The command originally supplied by the client is available in the 8758 -.Ev SSH_ORIGINAL_COMMAND 8759 -environment variable. 8760 -Specifying a command of 8761 -.Dq internal-sftp 8762 -will force the use of an in-process sftp server that requires no support 8763 -files when used with 8764 -.Cm ChrootDirectory . 8765 -.It Cm GatewayPorts 8766 -Specifies whether remote hosts are allowed to connect to ports 8767 -forwarded for the client. 8768 -By default, 8769 -.Xr sshd 8 8770 -binds remote port forwardings to the loopback address. 8771 -This prevents other remote hosts from connecting to forwarded ports. 8772 -.Cm GatewayPorts 8773 -can be used to specify that sshd 8774 -should allow remote port forwardings to bind to non-loopback addresses, thus 8775 -allowing other hosts to connect. 8776 -The argument may be 8777 -.Dq no 8778 -to force remote port forwardings to be available to the local host only, 8779 -.Dq yes 8780 -to force remote port forwardings to bind to the wildcard address, or 8781 -.Dq clientspecified 8782 -to allow the client to select the address to which the forwarding is bound. 8783 -The default is 8784 -.Dq no . 8785 -.It Cm GSSAPIAuthentication 8786 -Specifies whether user authentication based on GSSAPI is allowed. 8787 -The default is 8788 -.Dq no . 8789 -Note that this option applies to protocol version 2 only. 8790 -.It Cm GSSAPICleanupCredentials 8791 -Specifies whether to automatically destroy the user's credentials cache 8792 -on logout. 8793 -The default is 8794 -.Dq yes . 8795 -Note that this option applies to protocol version 2 only. 8796 -.It Cm GSSAPIStrictAcceptorCheck 8797 -Determines whether to be strict about the identity of the GSSAPI acceptor 8798 -a client authenticates against. 8799 -If set to 8800 -.Dq yes 8801 -then the client must authenticate against the 8802 -.Pa host 8803 -service on the current hostname. 8804 -If set to 8805 -.Dq no 8806 -then the client may authenticate against any service key stored in the 8807 -machine's default store. 8808 -This facility is provided to assist with operation on multi homed machines. 8809 -The default is 8810 -.Dq yes . 8811 -.It Cm HostbasedAcceptedKeyTypes 8812 -Specifies the key types that will be accepted for hostbased authentication 8813 -as a comma-separated pattern list. 8814 -Alternately if the specified value begins with a 8815 -.Sq + 8816 -character, then the specified key types will be appended to the default set 8817 -instead of replacing them. 8818 -The default for this option is: 8819 -.Bd -literal -offset 3n 8820 -ecdsa-sha2-nistp256-cert-v01@openssh.com, 8821 -ecdsa-sha2-nistp384-cert-v01@openssh.com, 8822 -ecdsa-sha2-nistp521-cert-v01@openssh.com, 8823 -ssh-ed25519-cert-v01@openssh.com, 8824 -ssh-rsa-cert-v01@openssh.com, 8825 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 8826 -ssh-ed25519,ssh-rsa 8827 -.Ed 8828 -.Pp 8829 -The 8830 -.Fl Q 8831 -option of 8832 -.Xr ssh 1 8833 -may be used to list supported key types. 8834 -.It Cm HostbasedAuthentication 8835 -Specifies whether rhosts or /etc/hosts.equiv authentication together 8836 -with successful public key client host authentication is allowed 8837 -(host-based authentication). 8838 -This option is similar to 8839 -.Cm RhostsRSAAuthentication 8840 -and applies to protocol version 2 only. 8841 -The default is 8842 -.Dq no . 8843 -.It Cm HostbasedUsesNameFromPacketOnly 8844 -Specifies whether or not the server will attempt to perform a reverse 8845 -name lookup when matching the name in the 8846 -.Pa ~/.shosts , 8847 -.Pa ~/.rhosts , 8848 -and 8849 -.Pa /etc/hosts.equiv 8850 -files during 8851 -.Cm HostbasedAuthentication . 8852 -A setting of 8853 -.Dq yes 8854 -means that 8855 -.Xr sshd 8 8856 -uses the name supplied by the client rather than 8857 -attempting to resolve the name from the TCP connection itself. 8858 -The default is 8859 -.Dq no . 8860 -.It Cm HostCertificate 8861 -Specifies a file containing a public host certificate. 8862 -The certificate's public key must match a private host key already specified 8863 -by 8864 -.Cm HostKey . 8865 -The default behaviour of 8866 -.Xr sshd 8 8867 -is not to load any certificates. 8868 -.It Cm HostKey 8869 -Specifies a file containing a private host key 8870 -used by SSH. 8871 -The default is 8872 -.Pa /etc/ssh/ssh_host_key 8873 -for protocol version 1, and 8874 -.Pa /etc/ssh/ssh_host_dsa_key , 8875 -.Pa /etc/ssh/ssh_host_ecdsa_key , 8876 -.Pa /etc/ssh/ssh_host_ed25519_key 8877 -and 8878 -.Pa /etc/ssh/ssh_host_rsa_key 8879 -for protocol version 2. 8880 -.Pp 8881 -Note that 8882 -.Xr sshd 8 8883 -will refuse to use a file if it is group/world-accessible 8884 -and that the 8885 -.Cm HostKeyAlgorithms 8886 -option restricts which of the keys are actually used by 8887 -.Xr sshd 8 . 8888 -.Pp 8889 -It is possible to have multiple host key files. 8890 -.Dq rsa1 8891 -keys are used for version 1 and 8892 -.Dq dsa , 8893 -.Dq ecdsa , 8894 -.Dq ed25519 8895 -or 8896 -.Dq rsa 8897 -are used for version 2 of the SSH protocol. 8898 -It is also possible to specify public host key files instead. 8899 -In this case operations on the private key will be delegated 8900 -to an 8901 -.Xr ssh-agent 1 . 8902 -.It Cm HostKeyAgent 8903 -Identifies the UNIX-domain socket used to communicate 8904 -with an agent that has access to the private host keys. 8905 -If 8906 -.Dq SSH_AUTH_SOCK 8907 -is specified, the location of the socket will be read from the 8908 -.Ev SSH_AUTH_SOCK 8909 -environment variable. 8910 -.It Cm HostKeyAlgorithms 8911 -Specifies the protocol version 2 host key algorithms 8912 -that the server offers. 8913 -The default for this option is: 8914 -.Bd -literal -offset 3n 8915 -ecdsa-sha2-nistp256-cert-v01@openssh.com, 8916 -ecdsa-sha2-nistp384-cert-v01@openssh.com, 8917 -ecdsa-sha2-nistp521-cert-v01@openssh.com, 8918 -ssh-ed25519-cert-v01@openssh.com, 8919 -ssh-rsa-cert-v01@openssh.com, 8920 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 8921 -ssh-ed25519,ssh-rsa 8922 -.Ed 8923 -.Pp 8924 -The list of available key types may also be obtained using the 8925 -.Fl Q 8926 -option of 8927 -.Xr ssh 1 8928 -with an argument of 8929 -.Dq key . 8930 -.It Cm IgnoreRhosts 8931 -Specifies that 8932 -.Pa .rhosts 8933 -and 8934 -.Pa .shosts 8935 -files will not be used in 8936 -.Cm RhostsRSAAuthentication 8937 -or 8938 -.Cm HostbasedAuthentication . 8939 -.Pp 8940 -.Pa /etc/hosts.equiv 8941 -and 8942 -.Pa /etc/shosts.equiv 8943 -are still used. 8944 -The default is 8945 -.Dq yes . 8946 -.It Cm IgnoreUserKnownHosts 8947 -Specifies whether 8948 -.Xr sshd 8 8949 -should ignore the user's 8950 -.Pa ~/.ssh/known_hosts 8951 -during 8952 -.Cm RhostsRSAAuthentication 8953 -or 8954 -.Cm HostbasedAuthentication . 8955 -The default is 8956 -.Dq no . 8957 -.It Cm IPQoS 8958 -Specifies the IPv4 type-of-service or DSCP class for the connection. 8959 -Accepted values are 8960 -.Dq af11 , 8961 -.Dq af12 , 8962 -.Dq af13 , 8963 -.Dq af21 , 8964 -.Dq af22 , 8965 -.Dq af23 , 8966 -.Dq af31 , 8967 -.Dq af32 , 8968 -.Dq af33 , 8969 -.Dq af41 , 8970 -.Dq af42 , 8971 -.Dq af43 , 8972 -.Dq cs0 , 8973 -.Dq cs1 , 8974 -.Dq cs2 , 8975 -.Dq cs3 , 8976 -.Dq cs4 , 8977 -.Dq cs5 , 8978 -.Dq cs6 , 8979 -.Dq cs7 , 8980 -.Dq ef , 8981 -.Dq lowdelay , 8982 -.Dq throughput , 8983 -.Dq reliability , 8984 -or a numeric value. 8985 -This option may take one or two arguments, separated by whitespace. 8986 -If one argument is specified, it is used as the packet class unconditionally. 8987 -If two values are specified, the first is automatically selected for 8988 -interactive sessions and the second for non-interactive sessions. 8989 -The default is 8990 -.Dq lowdelay 8991 -for interactive sessions and 8992 -.Dq throughput 8993 -for non-interactive sessions. 8994 -.It Cm KbdInteractiveAuthentication 8995 -Specifies whether to allow keyboard-interactive authentication. 8996 -The argument to this keyword must be 8997 -.Dq yes 8998 -or 8999 -.Dq no . 9000 -The default is to use whatever value 9001 -.Cm ChallengeResponseAuthentication 9002 -is set to 9003 -(by default 9004 -.Dq yes ) . 9005 -.It Cm KerberosAuthentication 9006 -Specifies whether the password provided by the user for 9007 -.Cm PasswordAuthentication 9008 -will be validated through the Kerberos KDC. 9009 -To use this option, the server needs a 9010 -Kerberos servtab which allows the verification of the KDC's identity. 9011 -The default is 9012 -.Dq no . 9013 -.It Cm KerberosGetAFSToken 9014 -If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire 9015 -an AFS token before accessing the user's home directory. 9016 -The default is 9017 -.Dq no . 9018 -.It Cm KerberosOrLocalPasswd 9019 -If password authentication through Kerberos fails then 9020 -the password will be validated via any additional local mechanism 9021 -such as 9022 -.Pa /etc/passwd . 9023 -The default is 9024 -.Dq yes . 9025 -.It Cm KerberosTicketCleanup 9026 -Specifies whether to automatically destroy the user's ticket cache 9027 -file on logout. 9028 -The default is 9029 -.Dq yes . 9030 -.It Cm KexAlgorithms 9031 -Specifies the available KEX (Key Exchange) algorithms. 9032 -Multiple algorithms must be comma-separated. 9033 -Alternately if the specified value begins with a 9034 -.Sq + 9035 -character, then the specified methods will be appended to the default set 9036 -instead of replacing them. 9037 -The supported algorithms are: 9038 -.Pp 9039 -.Bl -item -compact -offset indent 9040 -.It 9041 -curve25519-sha256@libssh.org 9042 -.It 9043 -diffie-hellman-group1-sha1 9044 -.It 9045 -diffie-hellman-group14-sha1 9046 -.It 9047 -diffie-hellman-group-exchange-sha1 9048 -.It 9049 -diffie-hellman-group-exchange-sha256 9050 -.It 9051 -ecdh-sha2-nistp256 9052 -.It 9053 -ecdh-sha2-nistp384 9054 -.It 9055 -ecdh-sha2-nistp521 9056 -.El 9057 -.Pp 9058 -The default is: 9059 -.Bd -literal -offset indent 9060 -curve25519-sha256@libssh.org, 9061 -ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 9062 -diffie-hellman-group-exchange-sha256, 9063 -diffie-hellman-group14-sha1 9064 -.Ed 9065 -.Pp 9066 -The list of available key exchange algorithms may also be obtained using the 9067 -.Fl Q 9068 -option of 9069 -.Xr ssh 1 9070 -with an argument of 9071 -.Dq kex . 9072 -.It Cm KeyRegenerationInterval 9073 -In protocol version 1, the ephemeral server key is automatically regenerated 9074 -after this many seconds (if it has been used). 9075 -The purpose of regeneration is to prevent 9076 -decrypting captured sessions by later breaking into the machine and 9077 -stealing the keys. 9078 -The key is never stored anywhere. 9079 -If the value is 0, the key is never regenerated. 9080 -The default is 3600 (seconds). 9081 -.It Cm ListenAddress 9082 -Specifies the local addresses 9083 -.Xr sshd 8 9084 -should listen on. 9085 -The following forms may be used: 9086 -.Pp 9087 -.Bl -item -offset indent -compact 9088 -.It 9089 -.Cm ListenAddress 9090 -.Sm off 9091 -.Ar host | Ar IPv4_addr | Ar IPv6_addr 9092 -.Sm on 9093 -.It 9094 -.Cm ListenAddress 9095 -.Sm off 9096 -.Ar host | Ar IPv4_addr : Ar port 9097 -.Sm on 9098 -.It 9099 -.Cm ListenAddress 9100 -.Sm off 9101 -.Oo 9102 -.Ar host | Ar IPv6_addr Oc : Ar port 9103 -.Sm on 9104 -.El 9105 -.Pp 9106 -If 9107 -.Ar port 9108 -is not specified, 9109 -sshd will listen on the address and all 9110 -.Cm Port 9111 -options specified. 9112 -The default is to listen on all local addresses. 9113 -Multiple 9114 -.Cm ListenAddress 9115 -options are permitted. 9116 -.It Cm LoginGraceTime 9117 -The server disconnects after this time if the user has not 9118 -successfully logged in. 9119 -If the value is 0, there is no time limit. 9120 -The default is 120 seconds. 9121 -.It Cm LogLevel 9122 -Gives the verbosity level that is used when logging messages from 9123 -.Xr sshd 8 . 9124 -The possible values are: 9125 -QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 9126 -The default is INFO. 9127 -DEBUG and DEBUG1 are equivalent. 9128 -DEBUG2 and DEBUG3 each specify higher levels of debugging output. 9129 -Logging with a DEBUG level violates the privacy of users and is not recommended. 9130 -.It Cm MACs 9131 -Specifies the available MAC (message authentication code) algorithms. 9132 -The MAC algorithm is used in protocol version 2 9133 -for data integrity protection. 9134 -Multiple algorithms must be comma-separated. 9135 -If the specified value begins with a 9136 -.Sq + 9137 -character, then the specified algorithms will be appended to the default set 9138 -instead of replacing them. 9139 -.Pp 9140 -The algorithms that contain 9141 -.Dq -etm 9142 -calculate the MAC after encryption (encrypt-then-mac). 9143 -These are considered safer and their use recommended. 9144 -The supported MACs are: 9145 -.Pp 9146 -.Bl -item -compact -offset indent 9147 -.It 9148 -hmac-md5 9149 -.It 9150 -hmac-md5-96 9151 -.It 9152 -hmac-ripemd160 9153 -.It 9154 -hmac-sha1 9155 -.It 9156 -hmac-sha1-96 9157 -.It 9158 -hmac-sha2-256 9159 -.It 9160 -hmac-sha2-512 9161 -.It 9162 -umac-64@openssh.com 9163 -.It 9164 -umac-128@openssh.com 9165 -.It 9166 -hmac-md5-etm@openssh.com 9167 -.It 9168 -hmac-md5-96-etm@openssh.com 9169 -.It 9170 -hmac-ripemd160-etm@openssh.com 9171 -.It 9172 -hmac-sha1-etm@openssh.com 9173 -.It 9174 -hmac-sha1-96-etm@openssh.com 9175 -.It 9176 -hmac-sha2-256-etm@openssh.com 9177 -.It 9178 -hmac-sha2-512-etm@openssh.com 9179 -.It 9180 -umac-64-etm@openssh.com 9181 -.It 9182 -umac-128-etm@openssh.com 9183 -.El 9184 -.Pp 9185 -The default is: 9186 -.Bd -literal -offset indent 9187 -umac-64-etm@openssh.com,umac-128-etm@openssh.com, 9188 -hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 9189 -umac-64@openssh.com,umac-128@openssh.com, 9190 -hmac-sha2-256,hmac-sha2-512 9191 -.Ed 9192 -.Pp 9193 -The list of available MAC algorithms may also be obtained using the 9194 -.Fl Q 9195 -option of 9196 -.Xr ssh 1 9197 -with an argument of 9198 -.Dq mac . 9199 -.It Cm Match 9200 -Introduces a conditional block. 9201 -If all of the criteria on the 9202 -.Cm Match 9203 -line are satisfied, the keywords on the following lines override those 9204 -set in the global section of the config file, until either another 9205 -.Cm Match 9206 -line or the end of the file. 9207 -If a keyword appears in multiple 9208 -.Cm Match 9209 -blocks that are satisfied, only the first instance of the keyword is 9210 -applied. 9211 -.Pp 9212 -The arguments to 9213 -.Cm Match 9214 -are one or more criteria-pattern pairs or the single token 9215 -.Cm All 9216 -which matches all criteria. 9217 -The available criteria are 9218 -.Cm User , 9219 -.Cm Group , 9220 -.Cm Host , 9221 -.Cm LocalAddress , 9222 -.Cm LocalPort , 9223 -and 9224 -.Cm Address . 9225 -The match patterns may consist of single entries or comma-separated 9226 -lists and may use the wildcard and negation operators described in the 9227 -PATTERNS section of 9228 -.Xr ssh_config 5 . 9229 -.Pp 9230 -The patterns in an 9231 -.Cm Address 9232 -criteria may additionally contain addresses to match in CIDR 9233 -address/masklen format, e.g.\& 9234 -.Dq 192.0.2.0/24 9235 -or 9236 -.Dq 3ffe:ffff::/32 . 9237 -Note that the mask length provided must be consistent with the address - 9238 -it is an error to specify a mask length that is too long for the address 9239 -or one with bits set in this host portion of the address. 9240 -For example, 9241 -.Dq 192.0.2.0/33 9242 -and 9243 -.Dq 192.0.2.0/8 9244 -respectively. 9245 -.Pp 9246 -Only a subset of keywords may be used on the lines following a 9247 -.Cm Match 9248 -keyword. 9249 -Available keywords are 9250 -.Cm AcceptEnv , 9251 -.Cm AllowAgentForwarding , 9252 -.Cm AllowGroups , 9253 -.Cm AllowStreamLocalForwarding , 9254 -.Cm AllowTcpForwarding , 9255 -.Cm AllowUsers , 9256 -.Cm AuthenticationMethods , 9257 -.Cm AuthorizedKeysCommand , 9258 -.Cm AuthorizedKeysCommandUser , 9259 -.Cm AuthorizedKeysFile , 9260 -.Cm AuthorizedPrincipalsFile , 9261 -.Cm Banner , 9262 -.Cm ChrootDirectory , 9263 -.Cm DenyGroups , 9264 -.Cm DenyUsers , 9265 -.Cm ForceCommand , 9266 -.Cm GatewayPorts , 9267 -.Cm GSSAPIAuthentication , 9268 -.Cm HostbasedAcceptedKeyTypes , 9269 -.Cm HostbasedAuthentication , 9270 -.Cm HostbasedUsesNameFromPacketOnly , 9271 -.Cm IPQoS , 9272 -.Cm KbdInteractiveAuthentication , 9273 -.Cm KerberosAuthentication , 9274 -.Cm MaxAuthTries , 9275 -.Cm MaxSessions , 9276 -.Cm PasswordAuthentication , 9277 -.Cm PermitEmptyPasswords , 9278 -.Cm PermitOpen , 9279 -.Cm PermitRootLogin , 9280 -.Cm PermitTTY , 9281 -.Cm PermitTunnel , 9282 -.Cm PermitUserRC , 9283 -.Cm PubkeyAcceptedKeyTypes , 9284 -.Cm PubkeyAuthentication , 9285 -.Cm RekeyLimit , 9286 -.Cm RevokedKeys , 9287 -.Cm RhostsRSAAuthentication , 9288 -.Cm RSAAuthentication , 9289 -.Cm StreamLocalBindMask , 9290 -.Cm StreamLocalBindUnlink , 9291 -.Cm TrustedUserCAKeys , 9292 -.Cm X11DisplayOffset , 9293 -.Cm X11Forwarding 9294 -and 9295 -.Cm X11UseLocalHost . 9296 -.It Cm MaxAuthTries 9297 -Specifies the maximum number of authentication attempts permitted per 9298 -connection. 9299 -Once the number of failures reaches half this value, 9300 -additional failures are logged. 9301 -The default is 6. 9302 -.It Cm MaxSessions 9303 -Specifies the maximum number of open sessions permitted per network connection. 9304 -The default is 10. 9305 -.It Cm MaxStartups 9306 -Specifies the maximum number of concurrent unauthenticated connections to the 9307 -SSH daemon. 9308 -Additional connections will be dropped until authentication succeeds or the 9309 -.Cm LoginGraceTime 9310 -expires for a connection. 9311 -The default is 10:30:100. 9312 -.Pp 9313 -Alternatively, random early drop can be enabled by specifying 9314 -the three colon separated values 9315 -.Dq start:rate:full 9316 -(e.g. "10:30:60"). 9317 -.Xr sshd 8 9318 -will refuse connection attempts with a probability of 9319 -.Dq rate/100 9320 -(30%) 9321 -if there are currently 9322 -.Dq start 9323 -(10) 9324 -unauthenticated connections. 9325 -The probability increases linearly and all connection attempts 9326 -are refused if the number of unauthenticated connections reaches 9327 -.Dq full 9328 -(60). 9329 -.It Cm PasswordAuthentication 9330 -Specifies whether password authentication is allowed. 9331 -The default is 9332 -.Dq yes . 9333 -.It Cm PermitEmptyPasswords 9334 -When password authentication is allowed, it specifies whether the 9335 -server allows login to accounts with empty password strings. 9336 -The default is 9337 -.Dq no . 9338 -.It Cm PermitOpen 9339 -Specifies the destinations to which TCP port forwarding is permitted. 9340 -The forwarding specification must be one of the following forms: 9341 -.Pp 9342 -.Bl -item -offset indent -compact 9343 -.It 9344 -.Cm PermitOpen 9345 -.Sm off 9346 -.Ar host : port 9347 -.Sm on 9348 -.It 9349 -.Cm PermitOpen 9350 -.Sm off 9351 -.Ar IPv4_addr : port 9352 -.Sm on 9353 -.It 9354 -.Cm PermitOpen 9355 -.Sm off 9356 -.Ar \&[ IPv6_addr \&] : port 9357 -.Sm on 9358 -.El 9359 -.Pp 9360 -Multiple forwards may be specified by separating them with whitespace. 9361 -An argument of 9362 -.Dq any 9363 -can be used to remove all restrictions and permit any forwarding requests. 9364 -An argument of 9365 -.Dq none 9366 -can be used to prohibit all forwarding requests. 9367 -By default all port forwarding requests are permitted. 9368 -.It Cm PermitRootLogin 9369 -Specifies whether root can log in using 9370 -.Xr ssh 1 . 9371 -The argument must be 9372 -.Dq yes , 9373 -.Dq prohibit-password , 9374 -.Dq without-password , 9375 -.Dq forced-commands-only , 9376 -or 9377 -.Dq no . 9378 -The default is 9379 -.Dq prohibit-password . 9380 -.Pp 9381 -If this option is set to 9382 -.Dq prohibit-password 9383 -or 9384 -.Dq without-password , 9385 -password and keyboard-interactive authentication are disabled for root. 9386 -.Pp 9387 -If this option is set to 9388 -.Dq forced-commands-only , 9389 -root login with public key authentication will be allowed, 9390 -but only if the 9391 -.Ar command 9392 -option has been specified 9393 -(which may be useful for taking remote backups even if root login is 9394 -normally not allowed). 9395 -All other authentication methods are disabled for root. 9396 -.Pp 9397 -If this option is set to 9398 -.Dq no , 9399 -root is not allowed to log in. 9400 -.It Cm PermitTunnel 9401 -Specifies whether 9402 -.Xr tun 4 9403 -device forwarding is allowed. 9404 -The argument must be 9405 -.Dq yes , 9406 -.Dq point-to-point 9407 -(layer 3), 9408 -.Dq ethernet 9409 -(layer 2), or 9410 -.Dq no . 9411 -Specifying 9412 -.Dq yes 9413 -permits both 9414 -.Dq point-to-point 9415 -and 9416 -.Dq ethernet . 9417 -The default is 9418 -.Dq no . 9419 -.Pp 9420 -Independent of this setting, the permissions of the selected 9421 -.Xr tun 4 9422 -device must allow access to the user. 9423 -.It Cm PermitTTY 9424 -Specifies whether 9425 -.Xr pty 4 9426 -allocation is permitted. 9427 -The default is 9428 -.Dq yes . 9429 -.It Cm PermitUserEnvironment 9430 -Specifies whether 9431 -.Pa ~/.ssh/environment 9432 -and 9433 -.Cm environment= 9434 -options in 9435 -.Pa ~/.ssh/authorized_keys 9436 -are processed by 9437 -.Xr sshd 8 . 9438 -The default is 9439 -.Dq no . 9440 -Enabling environment processing may enable users to bypass access 9441 -restrictions in some configurations using mechanisms such as 9442 -.Ev LD_PRELOAD . 9443 -.It Cm PermitUserRC 9444 -Specifies whether any 9445 -.Pa ~/.ssh/rc 9446 -file is executed. 9447 -The default is 9448 -.Dq yes . 9449 -.It Cm PidFile 9450 -Specifies the file that contains the process ID of the 9451 -SSH daemon, or 9452 -.Dq none 9453 -to not write one. 9454 -The default is 9455 -.Pa /var/run/sshd.pid . 9456 -.It Cm Port 9457 -Specifies the port number that 9458 -.Xr sshd 8 9459 -listens on. 9460 -The default is 22. 9461 -Multiple options of this type are permitted. 9462 -See also 9463 -.Cm ListenAddress . 9464 -.It Cm PrintLastLog 9465 -Specifies whether 9466 -.Xr sshd 8 9467 -should print the date and time of the last user login when a user logs 9468 -in interactively. 9469 -On Solaris this option is always ignored since pam_unix_session(5) 9470 -reports the last login time. 9471 -.It Cm PrintMotd 9472 -Specifies whether 9473 -.Xr sshd 8 9474 -should print 9475 -.Pa /etc/motd 9476 -when a user logs in interactively. 9477 -(On some systems it is also printed by the shell, 9478 -.Pa /etc/profile , 9479 -or equivalent.) 9480 -The default is 9481 -.Dq yes . 9482 -.It Cm Protocol 9483 -Specifies the protocol versions 9484 -.Xr sshd 8 9485 -supports. 9486 -The possible values are 9487 -.Sq 1 9488 -and 9489 -.Sq 2 . 9490 -Multiple versions must be comma-separated. 9491 -The default is 9492 -.Sq 2 . 9493 -Note that the order of the protocol list does not indicate preference, 9494 -because the client selects among multiple protocol versions offered 9495 -by the server. 9496 -Specifying 9497 -.Dq 2,1 9498 -is identical to 9499 -.Dq 1,2 . 9500 -.It Cm PubkeyAcceptedKeyTypes 9501 -Specifies the key types that will be accepted for public key authentication 9502 -as a comma-separated pattern list. 9503 -Alternately if the specified value begins with a 9504 -.Sq + 9505 -character, then the specified key types will be appended to the default set 9506 -instead of replacing them. 9507 -The default for this option is: 9508 -.Bd -literal -offset 3n 9509 -ecdsa-sha2-nistp256-cert-v01@openssh.com, 9510 -ecdsa-sha2-nistp384-cert-v01@openssh.com, 9511 -ecdsa-sha2-nistp521-cert-v01@openssh.com, 9512 -ssh-ed25519-cert-v01@openssh.com, 9513 -ssh-rsa-cert-v01@openssh.com, 9514 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 9515 -ssh-ed25519,ssh-rsa 9516 -.Ed 9517 -.Pp 9518 -The 9519 -.Fl Q 9520 -option of 9521 -.Xr ssh 1 9522 -may be used to list supported key types. 9523 -.It Cm PubkeyAuthentication 9524 -Specifies whether public key authentication is allowed. 9525 -The default is 9526 -.Dq yes . 9527 -Note that this option applies to protocol version 2 only. 9528 -.It Cm RekeyLimit 9529 -Specifies the maximum amount of data that may be transmitted before the 9530 -session key is renegotiated, optionally followed a maximum amount of 9531 -time that may pass before the session key is renegotiated. 9532 -The first argument is specified in bytes and may have a suffix of 9533 -.Sq K , 9534 -.Sq M , 9535 -or 9536 -.Sq G 9537 -to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 9538 -The default is between 9539 -.Sq 1G 9540 -and 9541 -.Sq 4G , 9542 -depending on the cipher. 9543 -The optional second value is specified in seconds and may use any of the 9544 -units documented in the 9545 -.Sx TIME FORMATS 9546 -section. 9547 -The default value for 9548 -.Cm RekeyLimit 9549 -is 9550 -.Dq default none , 9551 -which means that rekeying is performed after the cipher's default amount 9552 -of data has been sent or received and no time based rekeying is done. 9553 -This option applies to protocol version 2 only. 9554 -.It Cm RevokedKeys 9555 -Specifies revoked public keys file, or 9556 -.Dq none 9557 -to not use one. 9558 -Keys listed in this file will be refused for public key authentication. 9559 -Note that if this file is not readable, then public key authentication will 9560 -be refused for all users. 9561 -Keys may be specified as a text file, listing one public key per line, or as 9562 -an OpenSSH Key Revocation List (KRL) as generated by 9563 -.Xr ssh-keygen 1 . 9564 -For more information on KRLs, see the KEY REVOCATION LISTS section in 9565 -.Xr ssh-keygen 1 . 9566 -.It Cm RhostsRSAAuthentication 9567 -Specifies whether rhosts or /etc/hosts.equiv authentication together 9568 -with successful RSA host authentication is allowed. 9569 -The default is 9570 -.Dq no . 9571 -This option applies to protocol version 1 only. 9572 -.It Cm RSAAuthentication 9573 -Specifies whether pure RSA authentication is allowed. 9574 -The default is 9575 -.Dq yes . 9576 -This option applies to protocol version 1 only. 9577 -.It Cm ServerKeyBits 9578 -Defines the number of bits in the ephemeral protocol version 1 server key. 9579 -The default and minimum value is 1024. 9580 -.It Cm StreamLocalBindMask 9581 -Sets the octal file creation mode mask 9582 -.Pq umask 9583 -used when creating a Unix-domain socket file for local or remote 9584 -port forwarding. 9585 -This option is only used for port forwarding to a Unix-domain socket file. 9586 -.Pp 9587 -The default value is 0177, which creates a Unix-domain socket file that is 9588 -readable and writable only by the owner. 9589 -Note that not all operating systems honor the file mode on Unix-domain 9590 -socket files. 9591 -.It Cm StreamLocalBindUnlink 9592 -Specifies whether to remove an existing Unix-domain socket file for local 9593 -or remote port forwarding before creating a new one. 9594 -If the socket file already exists and 9595 -.Cm StreamLocalBindUnlink 9596 -is not enabled, 9597 -.Nm sshd 9598 -will be unable to forward the port to the Unix-domain socket file. 9599 -This option is only used for port forwarding to a Unix-domain socket file. 9600 -.Pp 9601 -The argument must be 9602 -.Dq yes 9603 -or 9604 -.Dq no . 9605 -The default is 9606 -.Dq no . 9607 -.It Cm StrictModes 9608 -Specifies whether 9609 -.Xr sshd 8 9610 -should check file modes and ownership of the 9611 -user's files and home directory before accepting login. 9612 -This is normally desirable because novices sometimes accidentally leave their 9613 -directory or files world-writable. 9614 -The default is 9615 -.Dq yes . 9616 -Note that this does not apply to 9617 -.Cm ChrootDirectory , 9618 -whose permissions and ownership are checked unconditionally. 9619 -.It Cm Subsystem 9620 -Configures an external subsystem (e.g. file transfer daemon). 9621 -Arguments should be a subsystem name and a command (with optional arguments) 9622 -to execute upon subsystem request. 9623 -.Pp 9624 -The command 9625 -.Xr sftp-server 8 9626 -implements the 9627 -.Dq sftp 9628 -file transfer subsystem. 9629 -.Pp 9630 -Alternately the name 9631 -.Dq internal-sftp 9632 -implements an in-process 9633 -.Dq sftp 9634 -server. 9635 -This may simplify configurations using 9636 -.Cm ChrootDirectory 9637 -to force a different filesystem root on clients. 9638 -.Pp 9639 -By default no subsystems are defined. 9640 -Note that this option applies to protocol version 2 only. 9641 -.It Cm SyslogFacility 9642 -Gives the facility code that is used when logging messages from 9643 -.Xr sshd 8 . 9644 -The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 9645 -LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 9646 -The default is AUTH. 9647 -.It Cm TCPKeepAlive 9648 -Specifies whether the system should send TCP keepalive messages to the 9649 -other side. 9650 -If they are sent, death of the connection or crash of one 9651 -of the machines will be properly noticed. 9652 -However, this means that 9653 -connections will die if the route is down temporarily, and some people 9654 -find it annoying. 9655 -On the other hand, if TCP keepalives are not sent, 9656 -sessions may hang indefinitely on the server, leaving 9657 -.Dq ghost 9658 -users and consuming server resources. 9659 -.Pp 9660 -The default is 9661 -.Dq yes 9662 -(to send TCP keepalive messages), and the server will notice 9663 -if the network goes down or the client host crashes. 9664 -This avoids infinitely hanging sessions. 9665 -.Pp 9666 -To disable TCP keepalive messages, the value should be set to 9667 -.Dq no . 9668 -.It Cm TrustedUserCAKeys 9669 -Specifies a file containing public keys of certificate authorities that are 9670 -trusted to sign user certificates for authentication, or 9671 -.Dq none 9672 -to not use one. 9673 -Keys are listed one per line; empty lines and comments starting with 9674 -.Ql # 9675 -are allowed. 9676 -If a certificate is presented for authentication and has its signing CA key 9677 -listed in this file, then it may be used for authentication for any user 9678 -listed in the certificate's principals list. 9679 -Note that certificates that lack a list of principals will not be permitted 9680 -for authentication using 9681 -.Cm TrustedUserCAKeys . 9682 -For more details on certificates, see the CERTIFICATES section in 9683 -.Xr ssh-keygen 1 . 9684 -.It Cm UseDNS 9685 -Specifies whether 9686 -.Xr sshd 8 9687 -should look up the remote host name, and to check that 9688 -the resolved host name for the remote IP address maps back to the 9689 -very same IP address. 9690 -.Pp 9691 -If this option is set to 9692 -.Dq no 9693 -(the default) then only addresses and not host names may be used in 9694 -.Pa ~/.ssh/known_hosts 9695 -.Cm from 9696 -and 9697 -.Nm 9698 -.Cm Match 9699 -.Cm Host 9700 -directives. 9701 -.It Cm UseLogin 9702 -Specifies whether 9703 -.Xr login 1 9704 -is used for interactive login sessions. 9705 -The default is 9706 -.Dq no . 9707 -Note that 9708 -.Xr login 1 9709 -is never used for remote command execution. 9710 -Note also, that if this is enabled, 9711 -.Cm X11Forwarding 9712 -will be disabled because 9713 -.Xr login 1 9714 -does not know how to handle 9715 -.Xr xauth 1 9716 -cookies. 9717 -If 9718 -.Cm UsePrivilegeSeparation 9719 -is specified, it will be disabled after authentication. 9720 -.It Cm UsePAM 9721 -Enables the Pluggable Authentication Module interface. 9722 -If set to 9723 -.Dq yes 9724 -this will enable PAM authentication using 9725 -.Cm ChallengeResponseAuthentication 9726 -and 9727 -.Cm PasswordAuthentication 9728 -in addition to PAM account and session module processing for all 9729 -authentication types. 9730 -.Pp 9731 -Because PAM challenge-response authentication usually serves an equivalent 9732 -role to password authentication, you should disable either 9733 -.Cm PasswordAuthentication 9734 -or 9735 -.Cm ChallengeResponseAuthentication. 9736 -.Pp 9737 -If 9738 -.Cm UsePAM 9739 -is enabled, you will not be able to run 9740 -.Xr sshd 8 9741 -as a non-root user. 9742 -The default is 9743 -.Dq no . 9744 -.It Cm UsePrivilegeSeparation 9745 -Specifies whether 9746 -.Xr sshd 8 9747 -separates privileges by creating an unprivileged child process 9748 -to deal with incoming network traffic. 9749 -After successful authentication, another process will be created that has 9750 -the privilege of the authenticated user. 9751 -The goal of privilege separation is to prevent privilege 9752 -escalation by containing any corruption within the unprivileged processes. 9753 -The default is 9754 -.Dq yes . 9755 -If 9756 -.Cm UsePrivilegeSeparation 9757 -is set to 9758 -.Dq sandbox 9759 -then the pre-authentication unprivileged process is subject to additional 9760 -restrictions. 9761 -.It Cm VersionAddendum 9762 -Optionally specifies additional text to append to the SSH protocol banner 9763 -sent by the server upon connection. 9764 -The default is 9765 -.Dq none . 9766 -.It Cm X11DisplayOffset 9767 -Specifies the first display number available for 9768 -.Xr sshd 8 Ns 's 9769 -X11 forwarding. 9770 -This prevents sshd from interfering with real X11 servers. 9771 -The default is 10. 9772 -.It Cm X11Forwarding 9773 -Specifies whether X11 forwarding is permitted. 9774 -The argument must be 9775 -.Dq yes 9776 -or 9777 -.Dq no . 9778 -The default is 9779 -.Dq no . 9780 -.Pp 9781 -When X11 forwarding is enabled, there may be additional exposure to 9782 -the server and to client displays if the 9783 -.Xr sshd 8 9784 -proxy display is configured to listen on the wildcard address (see 9785 -.Cm X11UseLocalhost 9786 -below), though this is not the default. 9787 -Additionally, the authentication spoofing and authentication data 9788 -verification and substitution occur on the client side. 9789 -The security risk of using X11 forwarding is that the client's X11 9790 -display server may be exposed to attack when the SSH client requests 9791 -forwarding (see the warnings for 9792 -.Cm ForwardX11 9793 -in 9794 -.Xr ssh_config 5 ) . 9795 -A system administrator may have a stance in which they want to 9796 -protect clients that may expose themselves to attack by unwittingly 9797 -requesting X11 forwarding, which can warrant a 9798 -.Dq no 9799 -setting. 9800 -.Pp 9801 -Note that disabling X11 forwarding does not prevent users from 9802 -forwarding X11 traffic, as users can always install their own forwarders. 9803 -X11 forwarding is automatically disabled if 9804 -.Cm UseLogin 9805 -is enabled. 9806 -.It Cm X11UseLocalhost 9807 -Specifies whether 9808 -.Xr sshd 8 9809 -should bind the X11 forwarding server to the loopback address or to 9810 -the wildcard address. 9811 -By default, 9812 -sshd binds the forwarding server to the loopback address and sets the 9813 -hostname part of the 9814 -.Ev DISPLAY 9815 -environment variable to 9816 -.Dq localhost . 9817 -This prevents remote hosts from connecting to the proxy display. 9818 -However, some older X11 clients may not function with this 9819 -configuration. 9820 -.Cm X11UseLocalhost 9821 -may be set to 9822 -.Dq no 9823 -to specify that the forwarding server should be bound to the wildcard 9824 -address. 9825 -The argument must be 9826 -.Dq yes 9827 -or 9828 -.Dq no . 9829 -The default is 9830 -.Dq yes . 9831 -.It Cm XAuthLocation 9832 -Specifies the full pathname of the 9833 -.Xr xauth 1 9834 -program, or 9835 -.Dq none 9836 -to not use one. 9837 -The default is 9838 -.Pa /usr/X11R6/bin/xauth . 9839 -.El 9840 -.Sh TIME FORMATS 9841 -.Xr sshd 8 9842 -command-line arguments and configuration file options that specify time 9843 -may be expressed using a sequence of the form: 9844 -.Sm off 9845 -.Ar time Op Ar qualifier , 9846 -.Sm on 9847 -where 9848 -.Ar time 9849 -is a positive integer value and 9850 -.Ar qualifier 9851 -is one of the following: 9852 -.Pp 9853 -.Bl -tag -width Ds -compact -offset indent 9854 -.It Aq Cm none 9855 -seconds 9856 -.It Cm s | Cm S 9857 -seconds 9858 -.It Cm m | Cm M 9859 -minutes 9860 -.It Cm h | Cm H 9861 -hours 9862 -.It Cm d | Cm D 9863 -days 9864 -.It Cm w | Cm W 9865 -weeks 9866 -.El 9867 -.Pp 9868 -Each member of the sequence is added together to calculate 9869 -the total time value. 9870 -.Pp 9871 -Time format examples: 9872 -.Pp 9873 -.Bl -tag -width Ds -compact -offset indent 9874 -.It 600 9875 -600 seconds (10 minutes) 9876 -.It 10m 9877 -10 minutes 9878 -.It 1h30m 9879 -1 hour 30 minutes (90 minutes) 9880 -.El 9881 -.Sh FILES 9882 -.Bl -tag -width Ds 9883 -.It Pa /etc/ssh/sshd_config 9884 -Contains configuration data for 9885 -.Xr sshd 8 . 9886 -This file should be writable by root only, but it is recommended 9887 -(though not necessary) that it be world-readable. 9888 -.El 9889 -.Sh SEE ALSO 9890 -.Xr sshd 8 , 9891 -.Xr pam_unix_session 5 9892 -.Sh AUTHORS 9893 -OpenSSH is a derivative of the original and free 9894 -ssh 1.2.12 release by Tatu Ylonen. 9895 -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 9896 -Theo de Raadt and Dug Song 9897 -removed many bugs, re-added newer features and 9898 -created OpenSSH. 9899 -Markus Friedl contributed the support for SSH 9900 -protocol versions 1.5 and 2.0. 9901 -Niels Provos and Markus Friedl contributed support 9902 -for privilege separation. 9903 -- 9904 2.3.2 (Apple Git-55) 9905