1 From 310f67442b9faf22eb3a30a614202cdd04f99119 Mon Sep 17 00:00:00 2001 2 From: oracle <solaris@oracle.com> 3 Date: Mon, 3 Aug 2015 14:34:55 -0700 4 Subject: [PATCH 06/36] Reorganise man pages into Illumos numbering, adjust 5 text 6 7 --- 8 Makefile.in | 22 +- 9 moduli.4 | 127 ++++ 10 moduli.5 | 127 ---- 11 sftp-server.1m | 170 +++++ 12 sftp-server.8 | 170 ----- 13 ssh-keygen.1 | 6 +- 14 ssh-keysign.1m | 93 +++ 15 ssh-keysign.8 | 93 --- 16 ssh-pkcs11-helper.1m | 43 ++ 17 ssh-pkcs11-helper.8 | 43 -- 18 ssh_config.4 | 1726 +++++++++++++++++++++++++++++++++++++++++++++++++ 19 ssh_config.5 | 1726 ------------------------------------------------- 20 sshd.1m | 971 ++++++++++++++++++++++++++++ 21 sshd.8 | 971 ---------------------------- 22 sshd_config.4 | 1736 ++++++++++++++++++++++++++++++++++++++++++++++++++ 23 sshd_config.5 | 1736 -------------------------------------------------- 24 16 files changed, 4879 insertions(+), 4881 deletions(-) 25 create mode 100644 moduli.4 26 delete mode 100644 moduli.5 27 create mode 100644 sftp-server.1m 28 delete mode 100644 sftp-server.8 29 create mode 100644 ssh-keysign.1m 30 delete mode 100644 ssh-keysign.8 31 create mode 100644 ssh-pkcs11-helper.1m 32 delete mode 100644 ssh-pkcs11-helper.8 33 create mode 100644 ssh_config.4 34 delete mode 100644 ssh_config.5 35 create mode 100644 sshd.1m 36 delete mode 100644 sshd.8 37 create mode 100644 sshd_config.4 38 delete mode 100644 sshd_config.5 39 40 diff --git a/Makefile.in b/Makefile.in 41 index bc4660f..9f953e1 100644 42 --- a/Makefile.in 43 +++ b/Makefile.in 44 @@ -113,8 +113,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ 45 sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ 46 sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-solaris.o 47 48 -MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out 49 -MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 50 +MANPAGES = moduli.4.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.1m.out sftp-server.1m.out sftp.1.out ssh-keysign.1m.out ssh-pkcs11-helper.1m.out sshd_config.4.out ssh_config.4.out 51 +MANPAGES_IN = moduli.4 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.1m sftp-server.1m sftp.1 ssh-keysign.1m ssh-pkcs11-helper.1m sshd_config.4 ssh_config.4 52 MANTYPE = @MANTYPE@ 53 54 CONFIGFILES=sshd_config.out ssh_config.out moduli.out 55 @@ -308,8 +308,8 @@ install-files: 56 $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) 57 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) 58 $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1 59 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 60 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 61 + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)4 62 + $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1m 63 $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) 64 (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) 65 $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) 66 @@ -329,14 +329,14 @@ install-files: 67 $(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1 68 $(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 69 $(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 70 - $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5 71 - $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 72 - $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 73 - $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 74 + $(INSTALL) -m 644 moduli.4.out $(DESTDIR)$(mandir)/$(mansubdir)4/moduli.4 75 + $(INSTALL) -m 644 sshd_config.4.out $(DESTDIR)$(mandir)/$(mansubdir)4/sshd_config.4 76 + $(INSTALL) -m 644 ssh_config.4.out $(DESTDIR)$(mandir)/$(mansubdir)4/ssh_config.4 77 + $(INSTALL) -m 644 sshd.1m.out $(DESTDIR)$(mandir)/$(mansubdir)1m/sshd.1m 78 $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 79 - $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 80 - $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 81 - $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 82 + $(INSTALL) -m 644 sftp-server.1m.out $(DESTDIR)$(mandir)/$(mansubdir)1m/sftp-server.1m 83 + $(INSTALL) -m 644 ssh-keysign.1m.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-keysign.1m 84 + $(INSTALL) -m 644 ssh-pkcs11-helper.1m.out $(DESTDIR)$(mandir)/$(mansubdir)1m/ssh-pkcs11-helper.1m 85 -rm -f $(DESTDIR)$(bindir)/slogin 86 ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin 87 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 88 diff --git a/moduli.4 b/moduli.4 89 new file mode 100644 90 index 0000000..f87556b 91 --- /dev/null 92 +++ b/moduli.4 93 @@ -0,0 +1,127 @@ 94 +.\" $OpenBSD: moduli.5,v 1.17 2012/09/26 17:34:38 jmc Exp $ 95 +.\" 96 +.\" Copyright (c) 2008 Damien Miller <djm@mindrot.org> 97 +.\" 98 +.\" Permission to use, copy, modify, and distribute this software for any 99 +.\" purpose with or without fee is hereby granted, provided that the above 100 +.\" copyright notice and this permission notice appear in all copies. 101 +.\" 102 +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 103 +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 104 +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 105 +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 106 +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 107 +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 108 +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 109 +.Dd $Mdocdate: September 26 2012 $ 110 +.Dt MODULI 4 111 +.Os 112 +.Sh NAME 113 +.Nm moduli 114 +.Nd Diffie-Hellman moduli 115 +.Sh DESCRIPTION 116 +The 117 +.Pa /etc/moduli 118 +file contains prime numbers and generators for use by 119 +.Xr sshd 1M 120 +in the Diffie-Hellman Group Exchange key exchange method. 121 +.Pp 122 +New moduli may be generated with 123 +.Xr ssh-keygen 1 124 +using a two-step process. 125 +An initial 126 +.Em candidate generation 127 +pass, using 128 +.Ic ssh-keygen -G , 129 +calculates numbers that are likely to be useful. 130 +A second 131 +.Em primality testing 132 +pass, using 133 +.Ic ssh-keygen -T , 134 +provides a high degree of assurance that the numbers are prime and are 135 +safe for use in Diffie-Hellman operations by 136 +.Xr sshd 1M . 137 +This 138 +.Nm 139 +format is used as the output from each pass. 140 +.Pp 141 +The file consists of newline-separated records, one per modulus, 142 +containing seven space-separated fields. 143 +These fields are as follows: 144 +.Bl -tag -width Description -offset indent 145 +.It timestamp 146 +The time that the modulus was last processed as YYYYMMDDHHMMSS. 147 +.It type 148 +Decimal number specifying the internal structure of the prime modulus. 149 +Supported types are: 150 +.Pp 151 +.Bl -tag -width 0x00 -compact 152 +.It 0 153 +Unknown, not tested. 154 +.It 2 155 +"Safe" prime; (p-1)/2 is also prime. 156 +.It 4 157 +Sophie Germain; 2p+1 is also prime. 158 +.El 159 +.Pp 160 +Moduli candidates initially produced by 161 +.Xr ssh-keygen 1 162 +are Sophie Germain primes (type 4). 163 +Further primality testing with 164 +.Xr ssh-keygen 1 165 +produces safe prime moduli (type 2) that are ready for use in 166 +.Xr sshd 1M . 167 +Other types are not used by OpenSSH. 168 +.It tests 169 +Decimal number indicating the type of primality tests that the number 170 +has been subjected to represented as a bitmask of the following values: 171 +.Pp 172 +.Bl -tag -width 0x00 -compact 173 +.It 0x00 174 +Not tested. 175 +.It 0x01 176 +Composite number \(en not prime. 177 +.It 0x02 178 +Sieve of Eratosthenes. 179 +.It 0x04 180 +Probabilistic Miller-Rabin primality tests. 181 +.El 182 +.Pp 183 +The 184 +.Xr ssh-keygen 1 185 +moduli candidate generation uses the Sieve of Eratosthenes (flag 0x02). 186 +Subsequent 187 +.Xr ssh-keygen 1 188 +primality tests are Miller-Rabin tests (flag 0x04). 189 +.It trials 190 +Decimal number indicating the number of primality trials 191 +that have been performed on the modulus. 192 +.It size 193 +Decimal number indicating the size of the prime in bits. 194 +.It generator 195 +The recommended generator for use with this modulus (hexadecimal). 196 +.It modulus 197 +The modulus itself in hexadecimal. 198 +.El 199 +.Pp 200 +When performing Diffie-Hellman Group Exchange, 201 +.Xr sshd 1M 202 +first estimates the size of the modulus required to produce enough 203 +Diffie-Hellman output to sufficiently key the selected symmetric cipher. 204 +.Xr sshd 1M 205 +then randomly selects a modulus from 206 +.Fa /etc/moduli 207 +that best meets the size requirement. 208 +.Sh SEE ALSO 209 +.Xr ssh-keygen 1 , 210 +.Xr sshd 1M 211 +.Sh STANDARDS 212 +.Rs 213 +.%A M. Friedl 214 +.%A N. Provos 215 +.%A W. Simpson 216 +.%D March 2006 217 +.%R RFC 4419 218 +.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol 219 +.%D 2006 220 +.Re 221 diff --git a/moduli.5 b/moduli.5 222 deleted file mode 100644 223 index ef0de08..0000000 224 --- a/moduli.5 225 +++ /dev/null 226 @@ -1,127 +0,0 @@ 227 -.\" $OpenBSD: moduli.5,v 1.17 2012/09/26 17:34:38 jmc Exp $ 228 -.\" 229 -.\" Copyright (c) 2008 Damien Miller <djm@mindrot.org> 230 -.\" 231 -.\" Permission to use, copy, modify, and distribute this software for any 232 -.\" purpose with or without fee is hereby granted, provided that the above 233 -.\" copyright notice and this permission notice appear in all copies. 234 -.\" 235 -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 236 -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 237 -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 238 -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 239 -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 240 -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 241 -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 242 -.Dd $Mdocdate: September 26 2012 $ 243 -.Dt MODULI 5 244 -.Os 245 -.Sh NAME 246 -.Nm moduli 247 -.Nd Diffie-Hellman moduli 248 -.Sh DESCRIPTION 249 -The 250 -.Pa /etc/moduli 251 -file contains prime numbers and generators for use by 252 -.Xr sshd 8 253 -in the Diffie-Hellman Group Exchange key exchange method. 254 -.Pp 255 -New moduli may be generated with 256 -.Xr ssh-keygen 1 257 -using a two-step process. 258 -An initial 259 -.Em candidate generation 260 -pass, using 261 -.Ic ssh-keygen -G , 262 -calculates numbers that are likely to be useful. 263 -A second 264 -.Em primality testing 265 -pass, using 266 -.Ic ssh-keygen -T , 267 -provides a high degree of assurance that the numbers are prime and are 268 -safe for use in Diffie-Hellman operations by 269 -.Xr sshd 8 . 270 -This 271 -.Nm 272 -format is used as the output from each pass. 273 -.Pp 274 -The file consists of newline-separated records, one per modulus, 275 -containing seven space-separated fields. 276 -These fields are as follows: 277 -.Bl -tag -width Description -offset indent 278 -.It timestamp 279 -The time that the modulus was last processed as YYYYMMDDHHMMSS. 280 -.It type 281 -Decimal number specifying the internal structure of the prime modulus. 282 -Supported types are: 283 -.Pp 284 -.Bl -tag -width 0x00 -compact 285 -.It 0 286 -Unknown, not tested. 287 -.It 2 288 -"Safe" prime; (p-1)/2 is also prime. 289 -.It 4 290 -Sophie Germain; 2p+1 is also prime. 291 -.El 292 -.Pp 293 -Moduli candidates initially produced by 294 -.Xr ssh-keygen 1 295 -are Sophie Germain primes (type 4). 296 -Further primality testing with 297 -.Xr ssh-keygen 1 298 -produces safe prime moduli (type 2) that are ready for use in 299 -.Xr sshd 8 . 300 -Other types are not used by OpenSSH. 301 -.It tests 302 -Decimal number indicating the type of primality tests that the number 303 -has been subjected to represented as a bitmask of the following values: 304 -.Pp 305 -.Bl -tag -width 0x00 -compact 306 -.It 0x00 307 -Not tested. 308 -.It 0x01 309 -Composite number \(en not prime. 310 -.It 0x02 311 -Sieve of Eratosthenes. 312 -.It 0x04 313 -Probabilistic Miller-Rabin primality tests. 314 -.El 315 -.Pp 316 -The 317 -.Xr ssh-keygen 1 318 -moduli candidate generation uses the Sieve of Eratosthenes (flag 0x02). 319 -Subsequent 320 -.Xr ssh-keygen 1 321 -primality tests are Miller-Rabin tests (flag 0x04). 322 -.It trials 323 -Decimal number indicating the number of primality trials 324 -that have been performed on the modulus. 325 -.It size 326 -Decimal number indicating the size of the prime in bits. 327 -.It generator 328 -The recommended generator for use with this modulus (hexadecimal). 329 -.It modulus 330 -The modulus itself in hexadecimal. 331 -.El 332 -.Pp 333 -When performing Diffie-Hellman Group Exchange, 334 -.Xr sshd 8 335 -first estimates the size of the modulus required to produce enough 336 -Diffie-Hellman output to sufficiently key the selected symmetric cipher. 337 -.Xr sshd 8 338 -then randomly selects a modulus from 339 -.Fa /etc/moduli 340 -that best meets the size requirement. 341 -.Sh SEE ALSO 342 -.Xr ssh-keygen 1 , 343 -.Xr sshd 8 344 -.Sh STANDARDS 345 -.Rs 346 -.%A M. Friedl 347 -.%A N. Provos 348 -.%A W. Simpson 349 -.%D March 2006 350 -.%R RFC 4419 351 -.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol 352 -.%D 2006 353 -.Re 354 diff --git a/sftp-server.1m b/sftp-server.1m 355 new file mode 100644 356 index 0000000..42354c2 357 --- /dev/null 358 +++ b/sftp-server.1m 359 @@ -0,0 +1,170 @@ 360 +.\" $OpenBSD: sftp-server.8,v 1.27 2014/12/11 04:16:14 djm Exp $ 361 +.\" 362 +.\" Copyright (c) 2000 Markus Friedl. All rights reserved. 363 +.\" 364 +.\" Redistribution and use in source and binary forms, with or without 365 +.\" modification, are permitted provided that the following conditions 366 +.\" are met: 367 +.\" 1. Redistributions of source code must retain the above copyright 368 +.\" notice, this list of conditions and the following disclaimer. 369 +.\" 2. Redistributions in binary form must reproduce the above copyright 370 +.\" notice, this list of conditions and the following disclaimer in the 371 +.\" documentation and/or other materials provided with the distribution. 372 +.\" 373 +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 374 +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 375 +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 376 +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 377 +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 378 +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 379 +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 380 +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 381 +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 382 +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 383 +.\" 384 +.Dd $Mdocdate: December 11 2014 $ 385 +.Dt SFTP-SERVER 1M 386 +.Os 387 +.Sh NAME 388 +.Nm sftp-server 389 +.Nd SFTP server subsystem 390 +.Sh SYNOPSIS 391 +.Nm sftp-server 392 +.Bk -words 393 +.Op Fl ehR 394 +.Op Fl d Ar start_directory 395 +.Op Fl f Ar log_facility 396 +.Op Fl l Ar log_level 397 +.Op Fl P Ar blacklisted_requests 398 +.Op Fl p Ar whitelisted_requests 399 +.Op Fl u Ar umask 400 +.Ek 401 +.Nm 402 +.Fl Q Ar protocol_feature 403 +.Sh DESCRIPTION 404 +.Nm 405 +is a program that speaks the server side of SFTP protocol 406 +to stdout and expects client requests from stdin. 407 +.Nm 408 +is not intended to be called directly, but from 409 +.Xr sshd 1M 410 +using the 411 +.Cm Subsystem 412 +option. 413 +.Pp 414 +Command-line flags to 415 +.Nm 416 +should be specified in the 417 +.Cm Subsystem 418 +declaration. 419 +See 420 +.Xr sshd_config 4 421 +for more information. 422 +.Pp 423 +Valid options are: 424 +.Bl -tag -width Ds 425 +.It Fl d Ar start_directory 426 +specifies an alternate starting directory for users. 427 +The pathname may contain the following tokens that are expanded at runtime: 428 +%% is replaced by a literal '%', 429 +%d is replaced by the home directory of the user being authenticated, 430 +and %u is replaced by the username of that user. 431 +The default is to use the user's home directory. 432 +This option is useful in conjunction with the 433 +.Xr sshd_config 4 434 +.Cm ChrootDirectory 435 +option. 436 +.It Fl e 437 +Causes 438 +.Nm 439 +to print logging information to stderr instead of syslog for debugging. 440 +.It Fl f Ar log_facility 441 +Specifies the facility code that is used when logging messages from 442 +.Nm . 443 +The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 444 +LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 445 +The default is AUTH. 446 +.It Fl h 447 +Displays 448 +.Nm 449 +usage information. 450 +.It Fl l Ar log_level 451 +Specifies which messages will be logged by 452 +.Nm . 453 +The possible values are: 454 +QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 455 +INFO and VERBOSE log transactions that 456 +.Nm 457 +performs on behalf of the client. 458 +DEBUG and DEBUG1 are equivalent. 459 +DEBUG2 and DEBUG3 each specify higher levels of debugging output. 460 +The default is ERROR. 461 +.It Fl P Ar blacklisted_requests 462 +Specify a comma-separated list of SFTP protocol requests that are banned by 463 +the server. 464 +.Nm 465 +will reply to any blacklisted request with a failure. 466 +The 467 +.Fl Q 468 +flag can be used to determine the supported request types. 469 +If both a blacklist and a whitelist are specified, then the blacklist is 470 +applied before the whitelist. 471 +.It Fl p Ar whitelisted_requests 472 +Specify a comma-separated list of SFTP protocol requests that are permitted 473 +by the server. 474 +All request types that are not on the whitelist will be logged and replied 475 +to with a failure message. 476 +.Pp 477 +Care must be taken when using this feature to ensure that requests made 478 +implicitly by SFTP clients are permitted. 479 +.It Fl Q Ar protocol_feature 480 +Query protocol features supported by 481 +.Nm . 482 +At present the only feature that may be queried is 483 +.Dq requests , 484 +which may be used for black or whitelisting (flags 485 +.Fl P 486 +and 487 +.Fl p 488 +respectively). 489 +.It Fl R 490 +Places this instance of 491 +.Nm 492 +into a read-only mode. 493 +Attempts to open files for writing, as well as other operations that change 494 +the state of the filesystem, will be denied. 495 +.It Fl u Ar umask 496 +Sets an explicit 497 +.Xr umask 2 498 +to be applied to newly-created files and directories, instead of the 499 +user's default mask. 500 +.El 501 +.Pp 502 +On some systems, 503 +.Nm 504 +must be able to access 505 +.Pa /dev/log 506 +for logging to work, and use of 507 +.Nm 508 +in a chroot configuration therefore requires that 509 +.Xr syslogd 8 510 +establish a logging socket inside the chroot directory. 511 +.Sh SEE ALSO 512 +.Xr sftp 1 , 513 +.Xr ssh 1 , 514 +.Xr sshd_config 4 , 515 +.Xr sshd 1M 516 +.Rs 517 +.%A T. Ylonen 518 +.%A S. Lehtinen 519 +.%T "SSH File Transfer Protocol" 520 +.%N draft-ietf-secsh-filexfer-02.txt 521 +.%D October 2001 522 +.%O work in progress material 523 +.Re 524 +.Sh HISTORY 525 +.Nm 526 +first appeared in 527 +.Ox 2.8 . 528 +.Sh AUTHORS 529 +.An Markus Friedl Aq Mt markus@openbsd.org 530 diff --git a/sftp-server.8 b/sftp-server.8 531 deleted file mode 100644 532 index c117398..0000000 533 --- a/sftp-server.8 534 +++ /dev/null 535 @@ -1,170 +0,0 @@ 536 -.\" $OpenBSD: sftp-server.8,v 1.27 2014/12/11 04:16:14 djm Exp $ 537 -.\" 538 -.\" Copyright (c) 2000 Markus Friedl. All rights reserved. 539 -.\" 540 -.\" Redistribution and use in source and binary forms, with or without 541 -.\" modification, are permitted provided that the following conditions 542 -.\" are met: 543 -.\" 1. Redistributions of source code must retain the above copyright 544 -.\" notice, this list of conditions and the following disclaimer. 545 -.\" 2. Redistributions in binary form must reproduce the above copyright 546 -.\" notice, this list of conditions and the following disclaimer in the 547 -.\" documentation and/or other materials provided with the distribution. 548 -.\" 549 -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 550 -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 551 -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 552 -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 553 -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 554 -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 555 -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 556 -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 557 -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 558 -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 559 -.\" 560 -.Dd $Mdocdate: December 11 2014 $ 561 -.Dt SFTP-SERVER 8 562 -.Os 563 -.Sh NAME 564 -.Nm sftp-server 565 -.Nd SFTP server subsystem 566 -.Sh SYNOPSIS 567 -.Nm sftp-server 568 -.Bk -words 569 -.Op Fl ehR 570 -.Op Fl d Ar start_directory 571 -.Op Fl f Ar log_facility 572 -.Op Fl l Ar log_level 573 -.Op Fl P Ar blacklisted_requests 574 -.Op Fl p Ar whitelisted_requests 575 -.Op Fl u Ar umask 576 -.Ek 577 -.Nm 578 -.Fl Q Ar protocol_feature 579 -.Sh DESCRIPTION 580 -.Nm 581 -is a program that speaks the server side of SFTP protocol 582 -to stdout and expects client requests from stdin. 583 -.Nm 584 -is not intended to be called directly, but from 585 -.Xr sshd 8 586 -using the 587 -.Cm Subsystem 588 -option. 589 -.Pp 590 -Command-line flags to 591 -.Nm 592 -should be specified in the 593 -.Cm Subsystem 594 -declaration. 595 -See 596 -.Xr sshd_config 5 597 -for more information. 598 -.Pp 599 -Valid options are: 600 -.Bl -tag -width Ds 601 -.It Fl d Ar start_directory 602 -specifies an alternate starting directory for users. 603 -The pathname may contain the following tokens that are expanded at runtime: 604 -%% is replaced by a literal '%', 605 -%d is replaced by the home directory of the user being authenticated, 606 -and %u is replaced by the username of that user. 607 -The default is to use the user's home directory. 608 -This option is useful in conjunction with the 609 -.Xr sshd_config 5 610 -.Cm ChrootDirectory 611 -option. 612 -.It Fl e 613 -Causes 614 -.Nm 615 -to print logging information to stderr instead of syslog for debugging. 616 -.It Fl f Ar log_facility 617 -Specifies the facility code that is used when logging messages from 618 -.Nm . 619 -The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 620 -LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 621 -The default is AUTH. 622 -.It Fl h 623 -Displays 624 -.Nm 625 -usage information. 626 -.It Fl l Ar log_level 627 -Specifies which messages will be logged by 628 -.Nm . 629 -The possible values are: 630 -QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 631 -INFO and VERBOSE log transactions that 632 -.Nm 633 -performs on behalf of the client. 634 -DEBUG and DEBUG1 are equivalent. 635 -DEBUG2 and DEBUG3 each specify higher levels of debugging output. 636 -The default is ERROR. 637 -.It Fl P Ar blacklisted_requests 638 -Specify a comma-separated list of SFTP protocol requests that are banned by 639 -the server. 640 -.Nm 641 -will reply to any blacklisted request with a failure. 642 -The 643 -.Fl Q 644 -flag can be used to determine the supported request types. 645 -If both a blacklist and a whitelist are specified, then the blacklist is 646 -applied before the whitelist. 647 -.It Fl p Ar whitelisted_requests 648 -Specify a comma-separated list of SFTP protocol requests that are permitted 649 -by the server. 650 -All request types that are not on the whitelist will be logged and replied 651 -to with a failure message. 652 -.Pp 653 -Care must be taken when using this feature to ensure that requests made 654 -implicitly by SFTP clients are permitted. 655 -.It Fl Q Ar protocol_feature 656 -Query protocol features supported by 657 -.Nm . 658 -At present the only feature that may be queried is 659 -.Dq requests , 660 -which may be used for black or whitelisting (flags 661 -.Fl P 662 -and 663 -.Fl p 664 -respectively). 665 -.It Fl R 666 -Places this instance of 667 -.Nm 668 -into a read-only mode. 669 -Attempts to open files for writing, as well as other operations that change 670 -the state of the filesystem, will be denied. 671 -.It Fl u Ar umask 672 -Sets an explicit 673 -.Xr umask 2 674 -to be applied to newly-created files and directories, instead of the 675 -user's default mask. 676 -.El 677 -.Pp 678 -On some systems, 679 -.Nm 680 -must be able to access 681 -.Pa /dev/log 682 -for logging to work, and use of 683 -.Nm 684 -in a chroot configuration therefore requires that 685 -.Xr syslogd 8 686 -establish a logging socket inside the chroot directory. 687 -.Sh SEE ALSO 688 -.Xr sftp 1 , 689 -.Xr ssh 1 , 690 -.Xr sshd_config 5 , 691 -.Xr sshd 8 692 -.Rs 693 -.%A T. Ylonen 694 -.%A S. Lehtinen 695 -.%T "SSH File Transfer Protocol" 696 -.%N draft-ietf-secsh-filexfer-02.txt 697 -.%D October 2001 698 -.%O work in progress material 699 -.Re 700 -.Sh HISTORY 701 -.Nm 702 -first appeared in 703 -.Ox 2.8 . 704 -.Sh AUTHORS 705 -.An Markus Friedl Aq Mt markus@openbsd.org 706 diff --git a/ssh-keygen.1 b/ssh-keygen.1 707 index ed17a08..9616030 100644 708 --- a/ssh-keygen.1 709 +++ b/ssh-keygen.1 710 @@ -174,9 +174,7 @@ key in 711 .Pa ~/.ssh/id_ed25519 712 or 713 .Pa ~/.ssh/id_rsa . 714 -Additionally, the system administrator may use this to generate host keys, 715 -as seen in 716 -.Pa /etc/rc . 717 +Additionally, the system administrator may use this to generate host keys. 718 .Pp 719 Normally this program generates the key and asks for a file in which 720 to store the private key. 721 @@ -224,7 +222,7 @@ for which host keys 722 do not exist, generate the host keys with the default key file path, 723 an empty passphrase, default bits for the key type, and default comment. 724 This is used by 725 -.Pa /etc/rc 726 +.Pa /lib/svc/method/sshd 727 to generate new host keys. 728 .It Fl a Ar rounds 729 When saving a new-format private key (i.e. an ed25519 key or any SSH protocol 730 diff --git a/ssh-keysign.1m b/ssh-keysign.1m 731 new file mode 100644 732 index 0000000..60c96ad 733 --- /dev/null 734 +++ b/ssh-keysign.1m 735 @@ -0,0 +1,93 @@ 736 +.\" $OpenBSD: ssh-keysign.8,v 1.14 2013/12/07 11:58:46 naddy Exp $ 737 +.\" 738 +.\" Copyright (c) 2002 Markus Friedl. All rights reserved. 739 +.\" 740 +.\" Redistribution and use in source and binary forms, with or without 741 +.\" modification, are permitted provided that the following conditions 742 +.\" are met: 743 +.\" 1. Redistributions of source code must retain the above copyright 744 +.\" notice, this list of conditions and the following disclaimer. 745 +.\" 2. Redistributions in binary form must reproduce the above copyright 746 +.\" notice, this list of conditions and the following disclaimer in the 747 +.\" documentation and/or other materials provided with the distribution. 748 +.\" 749 +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 750 +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 751 +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 752 +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 753 +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 754 +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 755 +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 756 +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 757 +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 758 +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 759 +.\" 760 +.Dd $Mdocdate: December 7 2013 $ 761 +.Dt SSH-KEYSIGN 1M 762 +.Os 763 +.Sh NAME 764 +.Nm ssh-keysign 765 +.Nd ssh helper program for host-based authentication 766 +.Sh SYNOPSIS 767 +.Nm 768 +.Sh DESCRIPTION 769 +.Nm 770 +is used by 771 +.Xr ssh 1 772 +to access the local host keys and generate the digital signature 773 +required during host-based authentication with SSH protocol version 2. 774 +.Pp 775 +.Nm 776 +is disabled by default and can only be enabled in the 777 +global client configuration file 778 +.Pa /etc/ssh/ssh_config 779 +by setting 780 +.Cm EnableSSHKeysign 781 +to 782 +.Dq yes . 783 +.Pp 784 +.Nm 785 +is not intended to be invoked by the user, but from 786 +.Xr ssh 1 . 787 +See 788 +.Xr ssh 1 789 +and 790 +.Xr sshd 1M 791 +for more information about host-based authentication. 792 +.Sh FILES 793 +.Bl -tag -width Ds -compact 794 +.It Pa /etc/ssh/ssh_config 795 +Controls whether 796 +.Nm 797 +is enabled. 798 +.Pp 799 +.It Pa /etc/ssh/ssh_host_dsa_key 800 +.It Pa /etc/ssh/ssh_host_ecdsa_key 801 +.It Pa /etc/ssh/ssh_host_ed25519_key 802 +.It Pa /etc/ssh/ssh_host_rsa_key 803 +These files contain the private parts of the host keys used to 804 +generate the digital signature. 805 +They should be owned by root, readable only by root, and not 806 +accessible to others. 807 +Since they are readable only by root, 808 +.Nm 809 +must be set-uid root if host-based authentication is used. 810 +.Pp 811 +.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub 812 +.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub 813 +.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub 814 +.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub 815 +If these files exist they are assumed to contain public certificate 816 +information corresponding with the private keys above. 817 +.El 818 +.Sh SEE ALSO 819 +.Xr ssh 1 , 820 +.Xr ssh-keygen 1 , 821 +.Xr ssh_config 4 , 822 +.Xr sshd 1M 823 +.Sh HISTORY 824 +.Nm 825 +first appeared in 826 +.Ox 3.2 . 827 +.Sh AUTHORS 828 +.An Markus Friedl Aq Mt markus@openbsd.org 829 diff --git a/ssh-keysign.8 b/ssh-keysign.8 830 deleted file mode 100644 831 index 69d0829..0000000 832 --- a/ssh-keysign.8 833 +++ /dev/null 834 @@ -1,93 +0,0 @@ 835 -.\" $OpenBSD: ssh-keysign.8,v 1.14 2013/12/07 11:58:46 naddy Exp $ 836 -.\" 837 -.\" Copyright (c) 2002 Markus Friedl. All rights reserved. 838 -.\" 839 -.\" Redistribution and use in source and binary forms, with or without 840 -.\" modification, are permitted provided that the following conditions 841 -.\" are met: 842 -.\" 1. Redistributions of source code must retain the above copyright 843 -.\" notice, this list of conditions and the following disclaimer. 844 -.\" 2. Redistributions in binary form must reproduce the above copyright 845 -.\" notice, this list of conditions and the following disclaimer in the 846 -.\" documentation and/or other materials provided with the distribution. 847 -.\" 848 -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 849 -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 850 -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 851 -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 852 -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 853 -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 854 -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 855 -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 856 -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 857 -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 858 -.\" 859 -.Dd $Mdocdate: December 7 2013 $ 860 -.Dt SSH-KEYSIGN 8 861 -.Os 862 -.Sh NAME 863 -.Nm ssh-keysign 864 -.Nd ssh helper program for host-based authentication 865 -.Sh SYNOPSIS 866 -.Nm 867 -.Sh DESCRIPTION 868 -.Nm 869 -is used by 870 -.Xr ssh 1 871 -to access the local host keys and generate the digital signature 872 -required during host-based authentication with SSH protocol version 2. 873 -.Pp 874 -.Nm 875 -is disabled by default and can only be enabled in the 876 -global client configuration file 877 -.Pa /etc/ssh/ssh_config 878 -by setting 879 -.Cm EnableSSHKeysign 880 -to 881 -.Dq yes . 882 -.Pp 883 -.Nm 884 -is not intended to be invoked by the user, but from 885 -.Xr ssh 1 . 886 -See 887 -.Xr ssh 1 888 -and 889 -.Xr sshd 8 890 -for more information about host-based authentication. 891 -.Sh FILES 892 -.Bl -tag -width Ds -compact 893 -.It Pa /etc/ssh/ssh_config 894 -Controls whether 895 -.Nm 896 -is enabled. 897 -.Pp 898 -.It Pa /etc/ssh/ssh_host_dsa_key 899 -.It Pa /etc/ssh/ssh_host_ecdsa_key 900 -.It Pa /etc/ssh/ssh_host_ed25519_key 901 -.It Pa /etc/ssh/ssh_host_rsa_key 902 -These files contain the private parts of the host keys used to 903 -generate the digital signature. 904 -They should be owned by root, readable only by root, and not 905 -accessible to others. 906 -Since they are readable only by root, 907 -.Nm 908 -must be set-uid root if host-based authentication is used. 909 -.Pp 910 -.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub 911 -.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub 912 -.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub 913 -.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub 914 -If these files exist they are assumed to contain public certificate 915 -information corresponding with the private keys above. 916 -.El 917 -.Sh SEE ALSO 918 -.Xr ssh 1 , 919 -.Xr ssh-keygen 1 , 920 -.Xr ssh_config 5 , 921 -.Xr sshd 8 922 -.Sh HISTORY 923 -.Nm 924 -first appeared in 925 -.Ox 3.2 . 926 -.Sh AUTHORS 927 -.An Markus Friedl Aq Mt markus@openbsd.org 928 diff --git a/ssh-pkcs11-helper.1m b/ssh-pkcs11-helper.1m 929 new file mode 100644 930 index 0000000..646b1fa 931 --- /dev/null 932 +++ b/ssh-pkcs11-helper.1m 933 @@ -0,0 +1,43 @@ 934 +.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.4 2013/07/16 00:07:52 schwarze Exp $ 935 +.\" 936 +.\" Copyright (c) 2010 Markus Friedl. All rights reserved. 937 +.\" 938 +.\" Permission to use, copy, modify, and distribute this software for any 939 +.\" purpose with or without fee is hereby granted, provided that the above 940 +.\" copyright notice and this permission notice appear in all copies. 941 +.\" 942 +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 943 +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 944 +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 945 +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 946 +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 947 +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 948 +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 949 +.\" 950 +.Dd $Mdocdate: July 16 2013 $ 951 +.Dt SSH-PKCS11-HELPER 1M 952 +.Os 953 +.Sh NAME 954 +.Nm ssh-pkcs11-helper 955 +.Nd ssh-agent helper program for PKCS#11 support 956 +.Sh SYNOPSIS 957 +.Nm 958 +.Sh DESCRIPTION 959 +.Nm 960 +is used by 961 +.Xr ssh-agent 1 962 +to access keys provided by a PKCS#11 token. 963 +.Pp 964 +.Nm 965 +is not intended to be invoked by the user, but from 966 +.Xr ssh-agent 1 . 967 +.Sh SEE ALSO 968 +.Xr ssh 1 , 969 +.Xr ssh-add 1 , 970 +.Xr ssh-agent 1 971 +.Sh HISTORY 972 +.Nm 973 +first appeared in 974 +.Ox 4.7 . 975 +.Sh AUTHORS 976 +.An Markus Friedl Aq Mt markus@openbsd.org 977 diff --git a/ssh-pkcs11-helper.8 b/ssh-pkcs11-helper.8 978 deleted file mode 100644 979 index 3728c4e..0000000 980 --- a/ssh-pkcs11-helper.8 981 +++ /dev/null 982 @@ -1,43 +0,0 @@ 983 -.\" $OpenBSD: ssh-pkcs11-helper.8,v 1.4 2013/07/16 00:07:52 schwarze Exp $ 984 -.\" 985 -.\" Copyright (c) 2010 Markus Friedl. All rights reserved. 986 -.\" 987 -.\" Permission to use, copy, modify, and distribute this software for any 988 -.\" purpose with or without fee is hereby granted, provided that the above 989 -.\" copyright notice and this permission notice appear in all copies. 990 -.\" 991 -.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 992 -.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 993 -.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 994 -.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 995 -.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 996 -.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 997 -.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 998 -.\" 999 -.Dd $Mdocdate: July 16 2013 $ 1000 -.Dt SSH-PKCS11-HELPER 8 1001 -.Os 1002 -.Sh NAME 1003 -.Nm ssh-pkcs11-helper 1004 -.Nd ssh-agent helper program for PKCS#11 support 1005 -.Sh SYNOPSIS 1006 -.Nm 1007 -.Sh DESCRIPTION 1008 -.Nm 1009 -is used by 1010 -.Xr ssh-agent 1 1011 -to access keys provided by a PKCS#11 token. 1012 -.Pp 1013 -.Nm 1014 -is not intended to be invoked by the user, but from 1015 -.Xr ssh-agent 1 . 1016 -.Sh SEE ALSO 1017 -.Xr ssh 1 , 1018 -.Xr ssh-add 1 , 1019 -.Xr ssh-agent 1 1020 -.Sh HISTORY 1021 -.Nm 1022 -first appeared in 1023 -.Ox 4.7 . 1024 -.Sh AUTHORS 1025 -.An Markus Friedl Aq Mt markus@openbsd.org 1026 diff --git a/ssh_config.4 b/ssh_config.4 1027 new file mode 100644 1028 index 0000000..8c099eb 1029 --- /dev/null 1030 +++ b/ssh_config.4 1031 @@ -0,0 +1,1726 @@ 1032 +.\" 1033 +.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 1034 +.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 1035 +.\" All rights reserved 1036 +.\" 1037 +.\" As far as I am concerned, the code I have written for this software 1038 +.\" can be used freely for any purpose. Any derived versions of this 1039 +.\" software must be clearly marked as such, and if the derived work is 1040 +.\" incompatible with the protocol description in the RFC file, it must be 1041 +.\" called by a name other than "ssh" or "Secure Shell". 1042 +.\" 1043 +.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 1044 +.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 1045 +.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 1046 +.\" 1047 +.\" Redistribution and use in source and binary forms, with or without 1048 +.\" modification, are permitted provided that the following conditions 1049 +.\" are met: 1050 +.\" 1. Redistributions of source code must retain the above copyright 1051 +.\" notice, this list of conditions and the following disclaimer. 1052 +.\" 2. Redistributions in binary form must reproduce the above copyright 1053 +.\" notice, this list of conditions and the following disclaimer in the 1054 +.\" documentation and/or other materials provided with the distribution. 1055 +.\" 1056 +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 1057 +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 1058 +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 1059 +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 1060 +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 1061 +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 1062 +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 1063 +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 1064 +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 1065 +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 1066 +.\" 1067 +.\" $OpenBSD: ssh_config.5,v 1.215 2015/08/14 15:32:41 jmc Exp $ 1068 +.Dd $Mdocdate: August 14 2015 $ 1069 +.Dt SSH_CONFIG 4 1070 +.Os 1071 +.Sh NAME 1072 +.Nm ssh_config 1073 +.Nd OpenSSH SSH client configuration files 1074 +.Sh SYNOPSIS 1075 +.Nm ~/.ssh/config 1076 +.Nm /etc/ssh/ssh_config 1077 +.Sh DESCRIPTION 1078 +.Xr ssh 1 1079 +obtains configuration data from the following sources in 1080 +the following order: 1081 +.Pp 1082 +.Bl -enum -offset indent -compact 1083 +.It 1084 +command-line options 1085 +.It 1086 +user's configuration file 1087 +.Pq Pa ~/.ssh/config 1088 +.It 1089 +system-wide configuration file 1090 +.Pq Pa /etc/ssh/ssh_config 1091 +.El 1092 +.Pp 1093 +For each parameter, the first obtained value 1094 +will be used. 1095 +The configuration files contain sections separated by 1096 +.Dq Host 1097 +specifications, and that section is only applied for hosts that 1098 +match one of the patterns given in the specification. 1099 +The matched host name is usually the one given on the command line 1100 +(see the 1101 +.Cm CanonicalizeHostname 1102 +option for exceptions.) 1103 +.Pp 1104 +Since the first obtained value for each parameter is used, more 1105 +host-specific declarations should be given near the beginning of the 1106 +file, and general defaults at the end. 1107 +.Pp 1108 +The configuration file has the following format: 1109 +.Pp 1110 +Empty lines and lines starting with 1111 +.Ql # 1112 +are comments. 1113 +Otherwise a line is of the format 1114 +.Dq keyword arguments . 1115 +Configuration options may be separated by whitespace or 1116 +optional whitespace and exactly one 1117 +.Ql = ; 1118 +the latter format is useful to avoid the need to quote whitespace 1119 +when specifying configuration options using the 1120 +.Nm ssh , 1121 +.Nm scp , 1122 +and 1123 +.Nm sftp 1124 +.Fl o 1125 +option. 1126 +Arguments may optionally be enclosed in double quotes 1127 +.Pq \&" 1128 +in order to represent arguments containing spaces. 1129 +.Pp 1130 +The possible 1131 +keywords and their meanings are as follows (note that 1132 +keywords are case-insensitive and arguments are case-sensitive): 1133 +.Bl -tag -width Ds 1134 +.It Cm Host 1135 +Restricts the following declarations (up to the next 1136 +.Cm Host 1137 +or 1138 +.Cm Match 1139 +keyword) to be only for those hosts that match one of the patterns 1140 +given after the keyword. 1141 +If more than one pattern is provided, they should be separated by whitespace. 1142 +A single 1143 +.Ql * 1144 +as a pattern can be used to provide global 1145 +defaults for all hosts. 1146 +The host is usually the 1147 +.Ar hostname 1148 +argument given on the command line 1149 +(see the 1150 +.Cm CanonicalizeHostname 1151 +option for exceptions.) 1152 +.Pp 1153 +A pattern entry may be negated by prefixing it with an exclamation mark 1154 +.Pq Sq !\& . 1155 +If a negated entry is matched, then the 1156 +.Cm Host 1157 +entry is ignored, regardless of whether any other patterns on the line 1158 +match. 1159 +Negated matches are therefore useful to provide exceptions for wildcard 1160 +matches. 1161 +.Pp 1162 +See 1163 +.Sx PATTERNS 1164 +for more information on patterns. 1165 +.It Cm Match 1166 +Restricts the following declarations (up to the next 1167 +.Cm Host 1168 +or 1169 +.Cm Match 1170 +keyword) to be used only when the conditions following the 1171 +.Cm Match 1172 +keyword are satisfied. 1173 +Match conditions are specified using one or more critera 1174 +or the single token 1175 +.Cm all 1176 +which always matches. 1177 +The available criteria keywords are: 1178 +.Cm canonical , 1179 +.Cm exec , 1180 +.Cm host , 1181 +.Cm originalhost , 1182 +.Cm user , 1183 +and 1184 +.Cm localuser . 1185 +The 1186 +.Cm all 1187 +criteria must appear alone or immediately after 1188 +.Cm canonical . 1189 +Other criteria may be combined arbitrarily. 1190 +All criteria but 1191 +.Cm all 1192 +and 1193 +.Cm canonical 1194 +require an argument. 1195 +Criteria may be negated by prepending an exclamation mark 1196 +.Pq Sq !\& . 1197 +.Pp 1198 +The 1199 +.Cm canonical 1200 +keyword matches only when the configuration file is being re-parsed 1201 +after hostname canonicalization (see the 1202 +.Cm CanonicalizeHostname 1203 +option.) 1204 +This may be useful to specify conditions that work with canonical host 1205 +names only. 1206 +The 1207 +.Cm exec 1208 +keyword executes the specified command under the user's shell. 1209 +If the command returns a zero exit status then the condition is considered true. 1210 +Commands containing whitespace characters must be quoted. 1211 +The following character sequences in the command will be expanded prior to 1212 +execution: 1213 +.Ql %L 1214 +will be substituted by the first component of the local host name, 1215 +.Ql %l 1216 +will be substituted by the local host name (including any domain name), 1217 +.Ql %h 1218 +will be substituted by the target host name, 1219 +.Ql %n 1220 +will be substituted by the original target host name 1221 +specified on the command-line, 1222 +.Ql %p 1223 +the destination port, 1224 +.Ql %r 1225 +by the remote login username, and 1226 +.Ql %u 1227 +by the username of the user running 1228 +.Xr ssh 1 . 1229 +.Pp 1230 +The other keywords' criteria must be single entries or comma-separated 1231 +lists and may use the wildcard and negation operators described in the 1232 +.Sx PATTERNS 1233 +section. 1234 +The criteria for the 1235 +.Cm host 1236 +keyword are matched against the target hostname, after any substitution 1237 +by the 1238 +.Cm Hostname 1239 +or 1240 +.Cm CanonicalizeHostname 1241 +options. 1242 +The 1243 +.Cm originalhost 1244 +keyword matches against the hostname as it was specified on the command-line. 1245 +The 1246 +.Cm user 1247 +keyword matches against the target username on the remote host. 1248 +The 1249 +.Cm localuser 1250 +keyword matches against the name of the local user running 1251 +.Xr ssh 1 1252 +(this keyword may be useful in system-wide 1253 +.Nm 1254 +files). 1255 +.It Cm AddressFamily 1256 +Specifies which address family to use when connecting. 1257 +Valid arguments are 1258 +.Dq any , 1259 +.Dq inet 1260 +(use IPv4 only), or 1261 +.Dq inet6 1262 +(use IPv6 only). 1263 +.It Cm BatchMode 1264 +If set to 1265 +.Dq yes , 1266 +passphrase/password querying will be disabled. 1267 +This option is useful in scripts and other batch jobs where no user 1268 +is present to supply the password. 1269 +The argument must be 1270 +.Dq yes 1271 +or 1272 +.Dq no . 1273 +The default is 1274 +.Dq no . 1275 +.It Cm BindAddress 1276 +Use the specified address on the local machine as the source address of 1277 +the connection. 1278 +Only useful on systems with more than one address. 1279 +Note that this option does not work if 1280 +.Cm UsePrivilegedPort 1281 +is set to 1282 +.Dq yes . 1283 +.It Cm CanonicalDomains 1284 +When 1285 +.Cm CanonicalizeHostname 1286 +is enabled, this option specifies the list of domain suffixes in which to 1287 +search for the specified destination host. 1288 +.It Cm CanonicalizeFallbackLocal 1289 +Specifies whether to fail with an error when hostname canonicalization fails. 1290 +The default, 1291 +.Dq yes , 1292 +will attempt to look up the unqualified hostname using the system resolver's 1293 +search rules. 1294 +A value of 1295 +.Dq no 1296 +will cause 1297 +.Xr ssh 1 1298 +to fail instantly if 1299 +.Cm CanonicalizeHostname 1300 +is enabled and the target hostname cannot be found in any of the domains 1301 +specified by 1302 +.Cm CanonicalDomains . 1303 +.It Cm CanonicalizeHostname 1304 +Controls whether explicit hostname canonicalization is performed. 1305 +The default, 1306 +.Dq no , 1307 +is not to perform any name rewriting and let the system resolver handle all 1308 +hostname lookups. 1309 +If set to 1310 +.Dq yes 1311 +then, for connections that do not use a 1312 +.Cm ProxyCommand , 1313 +.Xr ssh 1 1314 +will attempt to canonicalize the hostname specified on the command line 1315 +using the 1316 +.Cm CanonicalDomains 1317 +suffixes and 1318 +.Cm CanonicalizePermittedCNAMEs 1319 +rules. 1320 +If 1321 +.Cm CanonicalizeHostname 1322 +is set to 1323 +.Dq always , 1324 +then canonicalization is applied to proxied connections too. 1325 +.Pp 1326 +If this option is enabled, then the configuration files are processed 1327 +again using the new target name to pick up any new configuration in matching 1328 +.Cm Host 1329 +and 1330 +.Cm Match 1331 +stanzas. 1332 +.It Cm CanonicalizeMaxDots 1333 +Specifies the maximum number of dot characters in a hostname before 1334 +canonicalization is disabled. 1335 +The default, 1336 +.Dq 1 , 1337 +allows a single dot (i.e. hostname.subdomain). 1338 +.It Cm CanonicalizePermittedCNAMEs 1339 +Specifies rules to determine whether CNAMEs should be followed when 1340 +canonicalizing hostnames. 1341 +The rules consist of one or more arguments of 1342 +.Ar source_domain_list : Ns Ar target_domain_list , 1343 +where 1344 +.Ar source_domain_list 1345 +is a pattern-list of domains that may follow CNAMEs in canonicalization, 1346 +and 1347 +.Ar target_domain_list 1348 +is a pattern-list of domains that they may resolve to. 1349 +.Pp 1350 +For example, 1351 +.Dq *.a.example.com:*.b.example.com,*.c.example.com 1352 +will allow hostnames matching 1353 +.Dq *.a.example.com 1354 +to be canonicalized to names in the 1355 +.Dq *.b.example.com 1356 +or 1357 +.Dq *.c.example.com 1358 +domains. 1359 +.It Cm ChallengeResponseAuthentication 1360 +Specifies whether to use challenge-response authentication. 1361 +The argument to this keyword must be 1362 +.Dq yes 1363 +or 1364 +.Dq no . 1365 +The default is 1366 +.Dq yes . 1367 +.It Cm CheckHostIP 1368 +If this flag is set to 1369 +.Dq yes , 1370 +.Xr ssh 1 1371 +will additionally check the host IP address in the 1372 +.Pa known_hosts 1373 +file. 1374 +This allows ssh to detect if a host key changed due to DNS spoofing 1375 +and will add addresses of destination hosts to 1376 +.Pa ~/.ssh/known_hosts 1377 +in the process, regardless of the setting of 1378 +.Cm StrictHostKeyChecking . 1379 +If the option is set to 1380 +.Dq no , 1381 +the check will not be executed. 1382 +The default is 1383 +.Dq yes . 1384 +.It Cm Cipher 1385 +Specifies the cipher to use for encrypting the session 1386 +in protocol version 1. 1387 +Currently, 1388 +.Dq blowfish , 1389 +.Dq 3des , 1390 +and 1391 +.Dq des 1392 +are supported. 1393 +.Ar des 1394 +is only supported in the 1395 +.Xr ssh 1 1396 +client for interoperability with legacy protocol 1 implementations 1397 +that do not support the 1398 +.Ar 3des 1399 +cipher. 1400 +Its use is strongly discouraged due to cryptographic weaknesses. 1401 +The default is 1402 +.Dq 3des . 1403 +.It Cm Ciphers 1404 +Specifies the ciphers allowed for protocol version 2 1405 +in order of preference. 1406 +Multiple ciphers must be comma-separated. 1407 +If the specified value begins with a 1408 +.Sq + 1409 +character, then the specified ciphers will be appended to the default set 1410 +instead of replacing them. 1411 +.Pp 1412 +The supported ciphers are: 1413 +.Pp 1414 +.Bl -item -compact -offset indent 1415 +.It 1416 +3des-cbc 1417 +.It 1418 +aes128-cbc 1419 +.It 1420 +aes192-cbc 1421 +.It 1422 +aes256-cbc 1423 +.It 1424 +aes128-ctr 1425 +.It 1426 +aes192-ctr 1427 +.It 1428 +aes256-ctr 1429 +.It 1430 +aes128-gcm@openssh.com 1431 +.It 1432 +aes256-gcm@openssh.com 1433 +.It 1434 +arcfour 1435 +.It 1436 +arcfour128 1437 +.It 1438 +arcfour256 1439 +.It 1440 +blowfish-cbc 1441 +.It 1442 +cast128-cbc 1443 +.It 1444 +chacha20-poly1305@openssh.com 1445 +.El 1446 +.Pp 1447 +The default is: 1448 +.Bd -literal -offset indent 1449 +chacha20-poly1305@openssh.com, 1450 +aes128-ctr,aes192-ctr,aes256-ctr, 1451 +aes128-gcm@openssh.com,aes256-gcm@openssh.com, 1452 +arcfour256,arcfour128, 1453 +aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, 1454 +aes192-cbc,aes256-cbc,arcfour 1455 +.Ed 1456 +.Pp 1457 +The list of available ciphers may also be obtained using the 1458 +.Fl Q 1459 +option of 1460 +.Xr ssh 1 1461 +with an argument of 1462 +.Dq cipher . 1463 +.It Cm ClearAllForwardings 1464 +Specifies that all local, remote, and dynamic port forwardings 1465 +specified in the configuration files or on the command line be 1466 +cleared. 1467 +This option is primarily useful when used from the 1468 +.Xr ssh 1 1469 +command line to clear port forwardings set in 1470 +configuration files, and is automatically set by 1471 +.Xr scp 1 1472 +and 1473 +.Xr sftp 1 . 1474 +The argument must be 1475 +.Dq yes 1476 +or 1477 +.Dq no . 1478 +The default is 1479 +.Dq no . 1480 +.It Cm Compression 1481 +Specifies whether to use compression. 1482 +The argument must be 1483 +.Dq yes 1484 +or 1485 +.Dq no . 1486 +The default is 1487 +.Dq no . 1488 +.It Cm CompressionLevel 1489 +Specifies the compression level to use if compression is enabled. 1490 +The argument must be an integer from 1 (fast) to 9 (slow, best). 1491 +The default level is 6, which is good for most applications. 1492 +The meaning of the values is the same as in 1493 +.Xr gzip 1 . 1494 +Note that this option applies to protocol version 1 only. 1495 +.It Cm ConnectionAttempts 1496 +Specifies the number of tries (one per second) to make before exiting. 1497 +The argument must be an integer. 1498 +This may be useful in scripts if the connection sometimes fails. 1499 +The default is 1. 1500 +.It Cm ConnectTimeout 1501 +Specifies the timeout (in seconds) used when connecting to the 1502 +SSH server, instead of using the default system TCP timeout. 1503 +This value is used only when the target is down or really unreachable, 1504 +not when it refuses the connection. 1505 +.It Cm ControlMaster 1506 +Enables the sharing of multiple sessions over a single network connection. 1507 +When set to 1508 +.Dq yes , 1509 +.Xr ssh 1 1510 +will listen for connections on a control socket specified using the 1511 +.Cm ControlPath 1512 +argument. 1513 +Additional sessions can connect to this socket using the same 1514 +.Cm ControlPath 1515 +with 1516 +.Cm ControlMaster 1517 +set to 1518 +.Dq no 1519 +(the default). 1520 +These sessions will try to reuse the master instance's network connection 1521 +rather than initiating new ones, but will fall back to connecting normally 1522 +if the control socket does not exist, or is not listening. 1523 +.Pp 1524 +Setting this to 1525 +.Dq ask 1526 +will cause ssh 1527 +to listen for control connections, but require confirmation using 1528 +.Xr ssh-askpass 1 . 1529 +If the 1530 +.Cm ControlPath 1531 +cannot be opened, 1532 +ssh will continue without connecting to a master instance. 1533 +.Pp 1534 +X11 and 1535 +.Xr ssh-agent 1 1536 +forwarding is supported over these multiplexed connections, however the 1537 +display and agent forwarded will be the one belonging to the master 1538 +connection i.e. it is not possible to forward multiple displays or agents. 1539 +.Pp 1540 +Two additional options allow for opportunistic multiplexing: try to use a 1541 +master connection but fall back to creating a new one if one does not already 1542 +exist. 1543 +These options are: 1544 +.Dq auto 1545 +and 1546 +.Dq autoask . 1547 +The latter requires confirmation like the 1548 +.Dq ask 1549 +option. 1550 +.It Cm ControlPath 1551 +Specify the path to the control socket used for connection sharing as described 1552 +in the 1553 +.Cm ControlMaster 1554 +section above or the string 1555 +.Dq none 1556 +to disable connection sharing. 1557 +In the path, 1558 +.Ql %L 1559 +will be substituted by the first component of the local host name, 1560 +.Ql %l 1561 +will be substituted by the local host name (including any domain name), 1562 +.Ql %h 1563 +will be substituted by the target host name, 1564 +.Ql %n 1565 +will be substituted by the original target host name 1566 +specified on the command line, 1567 +.Ql %p 1568 +the destination port, 1569 +.Ql %r 1570 +by the remote login username, 1571 +.Ql %u 1572 +by the username of the user running 1573 +.Xr ssh 1 , and 1574 +.Ql \&%C 1575 +by a hash of the concatenation: %l%h%p%r. 1576 +It is recommended that any 1577 +.Cm ControlPath 1578 +used for opportunistic connection sharing include 1579 +at least %h, %p, and %r (or alternatively %C) and be placed in a directory 1580 +that is not writable by other users. 1581 +This ensures that shared connections are uniquely identified. 1582 +.It Cm ControlPersist 1583 +When used in conjunction with 1584 +.Cm ControlMaster , 1585 +specifies that the master connection should remain open 1586 +in the background (waiting for future client connections) 1587 +after the initial client connection has been closed. 1588 +If set to 1589 +.Dq no , 1590 +then the master connection will not be placed into the background, 1591 +and will close as soon as the initial client connection is closed. 1592 +If set to 1593 +.Dq yes 1594 +or 1595 +.Dq 0 , 1596 +then the master connection will remain in the background indefinitely 1597 +(until killed or closed via a mechanism such as the 1598 +.Xr ssh 1 1599 +.Dq Fl O No exit 1600 +option). 1601 +If set to a time in seconds, or a time in any of the formats documented in 1602 +.Xr sshd_config 4 , 1603 +then the backgrounded master connection will automatically terminate 1604 +after it has remained idle (with no client connections) for the 1605 +specified time. 1606 +.It Cm DynamicForward 1607 +Specifies that a TCP port on the local machine be forwarded 1608 +over the secure channel, and the application 1609 +protocol is then used to determine where to connect to from the 1610 +remote machine. 1611 +.Pp 1612 +The argument must be 1613 +.Sm off 1614 +.Oo Ar bind_address : Oc Ar port . 1615 +.Sm on 1616 +IPv6 addresses can be specified by enclosing addresses in square brackets. 1617 +By default, the local port is bound in accordance with the 1618 +.Cm GatewayPorts 1619 +setting. 1620 +However, an explicit 1621 +.Ar bind_address 1622 +may be used to bind the connection to a specific address. 1623 +The 1624 +.Ar bind_address 1625 +of 1626 +.Dq localhost 1627 +indicates that the listening port be bound for local use only, while an 1628 +empty address or 1629 +.Sq * 1630 +indicates that the port should be available from all interfaces. 1631 +.Pp 1632 +Currently the SOCKS4 and SOCKS5 protocols are supported, and 1633 +.Xr ssh 1 1634 +will act as a SOCKS server. 1635 +Multiple forwardings may be specified, and 1636 +additional forwardings can be given on the command line. 1637 +Only the superuser can forward privileged ports. 1638 +.It Cm EnableSSHKeysign 1639 +Setting this option to 1640 +.Dq yes 1641 +in the global client configuration file 1642 +.Pa /etc/ssh/ssh_config 1643 +enables the use of the helper program 1644 +.Xr ssh-keysign 8 1645 +during 1646 +.Cm HostbasedAuthentication . 1647 +The argument must be 1648 +.Dq yes 1649 +or 1650 +.Dq no . 1651 +The default is 1652 +.Dq no . 1653 +This option should be placed in the non-hostspecific section. 1654 +See 1655 +.Xr ssh-keysign 8 1656 +for more information. 1657 +.It Cm EscapeChar 1658 +Sets the escape character (default: 1659 +.Ql ~ ) . 1660 +The escape character can also 1661 +be set on the command line. 1662 +The argument should be a single character, 1663 +.Ql ^ 1664 +followed by a letter, or 1665 +.Dq none 1666 +to disable the escape 1667 +character entirely (making the connection transparent for binary 1668 +data). 1669 +.It Cm ExitOnForwardFailure 1670 +Specifies whether 1671 +.Xr ssh 1 1672 +should terminate the connection if it cannot set up all requested 1673 +dynamic, tunnel, local, and remote port forwardings. 1674 +The argument must be 1675 +.Dq yes 1676 +or 1677 +.Dq no . 1678 +The default is 1679 +.Dq no . 1680 +.It Cm FingerprintHash 1681 +Specifies the hash algorithm used when displaying key fingerprints. 1682 +Valid options are: 1683 +.Dq md5 1684 +and 1685 +.Dq sha256 . 1686 +The default is 1687 +.Dq sha256 . 1688 +.It Cm ForwardAgent 1689 +Specifies whether the connection to the authentication agent (if any) 1690 +will be forwarded to the remote machine. 1691 +The argument must be 1692 +.Dq yes 1693 +or 1694 +.Dq no . 1695 +The default is 1696 +.Dq no . 1697 +.Pp 1698 +Agent forwarding should be enabled with caution. 1699 +Users with the ability to bypass file permissions on the remote host 1700 +(for the agent's Unix-domain socket) 1701 +can access the local agent through the forwarded connection. 1702 +An attacker cannot obtain key material from the agent, 1703 +however they can perform operations on the keys that enable them to 1704 +authenticate using the identities loaded into the agent. 1705 +.It Cm ForwardX11 1706 +Specifies whether X11 connections will be automatically redirected 1707 +over the secure channel and 1708 +.Ev DISPLAY 1709 +set. 1710 +The argument must be 1711 +.Dq yes 1712 +or 1713 +.Dq no . 1714 +The default is 1715 +.Dq no . 1716 +.Pp 1717 +X11 forwarding should be enabled with caution. 1718 +Users with the ability to bypass file permissions on the remote host 1719 +(for the user's X11 authorization database) 1720 +can access the local X11 display through the forwarded connection. 1721 +An attacker may then be able to perform activities such as keystroke monitoring 1722 +if the 1723 +.Cm ForwardX11Trusted 1724 +option is also enabled. 1725 +.It Cm ForwardX11Timeout 1726 +Specify a timeout for untrusted X11 forwarding 1727 +using the format described in the 1728 +TIME FORMATS section of 1729 +.Xr sshd_config 4 . 1730 +X11 connections received by 1731 +.Xr ssh 1 1732 +after this time will be refused. 1733 +The default is to disable untrusted X11 forwarding after twenty minutes has 1734 +elapsed. 1735 +.It Cm ForwardX11Trusted 1736 +If this option is set to 1737 +.Dq yes , 1738 +remote X11 clients will have full access to the original X11 display. 1739 +.Pp 1740 +If this option is set to 1741 +.Dq no , 1742 +remote X11 clients will be considered untrusted and prevented 1743 +from stealing or tampering with data belonging to trusted X11 1744 +clients. 1745 +Furthermore, the 1746 +.Xr xauth 1 1747 +token used for the session will be set to expire after 20 minutes. 1748 +Remote clients will be refused access after this time. 1749 +.Pp 1750 +The default is 1751 +.Dq no . 1752 +.Pp 1753 +See the X11 SECURITY extension specification for full details on 1754 +the restrictions imposed on untrusted clients. 1755 +.It Cm GatewayPorts 1756 +Specifies whether remote hosts are allowed to connect to local 1757 +forwarded ports. 1758 +By default, 1759 +.Xr ssh 1 1760 +binds local port forwardings to the loopback address. 1761 +This prevents other remote hosts from connecting to forwarded ports. 1762 +.Cm GatewayPorts 1763 +can be used to specify that ssh 1764 +should bind local port forwardings to the wildcard address, 1765 +thus allowing remote hosts to connect to forwarded ports. 1766 +The argument must be 1767 +.Dq yes 1768 +or 1769 +.Dq no . 1770 +The default is 1771 +.Dq no . 1772 +.It Cm GlobalKnownHostsFile 1773 +Specifies one or more files to use for the global 1774 +host key database, separated by whitespace. 1775 +The default is 1776 +.Pa /etc/ssh/ssh_known_hosts , 1777 +.Pa /etc/ssh/ssh_known_hosts2 . 1778 +.It Cm GSSAPIAuthentication 1779 +Specifies whether user authentication based on GSSAPI is allowed. 1780 +The default is 1781 +.Dq no . 1782 +Note that this option applies to protocol version 2 only. 1783 +.It Cm GSSAPIDelegateCredentials 1784 +Forward (delegate) credentials to the server. 1785 +The default is 1786 +.Dq no . 1787 +Note that this option applies to protocol version 2 only. 1788 +.It Cm HashKnownHosts 1789 +Indicates that 1790 +.Xr ssh 1 1791 +should hash host names and addresses when they are added to 1792 +.Pa ~/.ssh/known_hosts . 1793 +These hashed names may be used normally by 1794 +.Xr ssh 1 1795 +and 1796 +.Xr sshd 1M , 1797 +but they do not reveal identifying information should the file's contents 1798 +be disclosed. 1799 +The default is 1800 +.Dq no . 1801 +Note that existing names and addresses in known hosts files 1802 +will not be converted automatically, 1803 +but may be manually hashed using 1804 +.Xr ssh-keygen 1 . 1805 +.It Cm HostbasedAuthentication 1806 +Specifies whether to try rhosts based authentication with public key 1807 +authentication. 1808 +The argument must be 1809 +.Dq yes 1810 +or 1811 +.Dq no . 1812 +The default is 1813 +.Dq no . 1814 +This option applies to protocol version 2 only and 1815 +is similar to 1816 +.Cm RhostsRSAAuthentication . 1817 +.It Cm HostbasedKeyTypes 1818 +Specifies the key types that will be used for hostbased authentication 1819 +as a comma-separated pattern list. 1820 +Alternately if the specified value begins with a 1821 +.Sq + 1822 +character, then the specified key types will be appended to the default set 1823 +instead of replacing them. 1824 +The default for this option is: 1825 +.Bd -literal -offset 3n 1826 +ecdsa-sha2-nistp256-cert-v01@openssh.com, 1827 +ecdsa-sha2-nistp384-cert-v01@openssh.com, 1828 +ecdsa-sha2-nistp521-cert-v01@openssh.com, 1829 +ssh-ed25519-cert-v01@openssh.com, 1830 +ssh-rsa-cert-v01@openssh.com, 1831 +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 1832 +ssh-ed25519,ssh-rsa 1833 +.Ed 1834 +.Pp 1835 +The 1836 +.Fl Q 1837 +option of 1838 +.Xr ssh 1 1839 +may be used to list supported key types. 1840 +.It Cm HostKeyAlgorithms 1841 +Specifies the protocol version 2 host key algorithms 1842 +that the client wants to use in order of preference. 1843 +Alternately if the specified value begins with a 1844 +.Sq + 1845 +character, then the specified key types will be appended to the default set 1846 +instead of replacing them. 1847 +The default for this option is: 1848 +.Bd -literal -offset 3n 1849 +ecdsa-sha2-nistp256-cert-v01@openssh.com, 1850 +ecdsa-sha2-nistp384-cert-v01@openssh.com, 1851 +ecdsa-sha2-nistp521-cert-v01@openssh.com, 1852 +ssh-ed25519-cert-v01@openssh.com, 1853 +ssh-rsa-cert-v01@openssh.com, 1854 +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 1855 +ssh-ed25519,ssh-rsa 1856 +.Ed 1857 +.Pp 1858 +If hostkeys are known for the destination host then this default is modified 1859 +to prefer their algorithms. 1860 +.Pp 1861 +The list of available key types may also be obtained using the 1862 +.Fl Q 1863 +option of 1864 +.Xr ssh 1 1865 +with an argument of 1866 +.Dq key . 1867 +.It Cm HostKeyAlias 1868 +Specifies an alias that should be used instead of the 1869 +real host name when looking up or saving the host key 1870 +in the host key database files. 1871 +This option is useful for tunneling SSH connections 1872 +or for multiple servers running on a single host. 1873 +.It Cm HostName 1874 +Specifies the real host name to log into. 1875 +This can be used to specify nicknames or abbreviations for hosts. 1876 +If the hostname contains the character sequence 1877 +.Ql %h , 1878 +then this will be replaced with the host name specified on the command line 1879 +(this is useful for manipulating unqualified names). 1880 +The character sequence 1881 +.Ql %% 1882 +will be replaced by a single 1883 +.Ql % 1884 +character, which may be used when specifying IPv6 link-local addresses. 1885 +.Pp 1886 +The default is the name given on the command line. 1887 +Numeric IP addresses are also permitted (both on the command line and in 1888 +.Cm HostName 1889 +specifications). 1890 +.It Cm IdentitiesOnly 1891 +Specifies that 1892 +.Xr ssh 1 1893 +should only use the authentication identity files configured in the 1894 +.Nm 1895 +files, 1896 +even if 1897 +.Xr ssh-agent 1 1898 +or a 1899 +.Cm PKCS11Provider 1900 +offers more identities. 1901 +The argument to this keyword must be 1902 +.Dq yes 1903 +or 1904 +.Dq no . 1905 +This option is intended for situations where ssh-agent 1906 +offers many different identities. 1907 +The default is 1908 +.Dq no . 1909 +.It Cm IdentityFile 1910 +Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication 1911 +identity is read. 1912 +The default is 1913 +.Pa ~/.ssh/identity 1914 +for protocol version 1, and 1915 +.Pa ~/.ssh/id_dsa , 1916 +.Pa ~/.ssh/id_ecdsa , 1917 +.Pa ~/.ssh/id_ed25519 1918 +and 1919 +.Pa ~/.ssh/id_rsa 1920 +for protocol version 2. 1921 +Additionally, any identities represented by the authentication agent 1922 +will be used for authentication unless 1923 +.Cm IdentitiesOnly 1924 +is set. 1925 +.Xr ssh 1 1926 +will try to load certificate information from the filename obtained by 1927 +appending 1928 +.Pa -cert.pub 1929 +to the path of a specified 1930 +.Cm IdentityFile . 1931 +.Pp 1932 +The file name may use the tilde 1933 +syntax to refer to a user's home directory or one of the following 1934 +escape characters: 1935 +.Ql %d 1936 +(local user's home directory), 1937 +.Ql %u 1938 +(local user name), 1939 +.Ql %l 1940 +(local host name), 1941 +.Ql %h 1942 +(remote host name) or 1943 +.Ql %r 1944 +(remote user name). 1945 +.Pp 1946 +It is possible to have 1947 +multiple identity files specified in configuration files; all these 1948 +identities will be tried in sequence. 1949 +Multiple 1950 +.Cm IdentityFile 1951 +directives will add to the list of identities tried (this behaviour 1952 +differs from that of other configuration directives). 1953 +.Pp 1954 +.Cm IdentityFile 1955 +may be used in conjunction with 1956 +.Cm IdentitiesOnly 1957 +to select which identities in an agent are offered during authentication. 1958 +.It Cm IgnoreUnknown 1959 +Specifies a pattern-list of unknown options to be ignored if they are 1960 +encountered in configuration parsing. 1961 +This may be used to suppress errors if 1962 +.Nm 1963 +contains options that are unrecognised by 1964 +.Xr ssh 1 . 1965 +It is recommended that 1966 +.Cm IgnoreUnknown 1967 +be listed early in the configuration file as it will not be applied 1968 +to unknown options that appear before it. 1969 +.It Cm IPQoS 1970 +Specifies the IPv4 type-of-service or DSCP class for connections. 1971 +Accepted values are 1972 +.Dq af11 , 1973 +.Dq af12 , 1974 +.Dq af13 , 1975 +.Dq af21 , 1976 +.Dq af22 , 1977 +.Dq af23 , 1978 +.Dq af31 , 1979 +.Dq af32 , 1980 +.Dq af33 , 1981 +.Dq af41 , 1982 +.Dq af42 , 1983 +.Dq af43 , 1984 +.Dq cs0 , 1985 +.Dq cs1 , 1986 +.Dq cs2 , 1987 +.Dq cs3 , 1988 +.Dq cs4 , 1989 +.Dq cs5 , 1990 +.Dq cs6 , 1991 +.Dq cs7 , 1992 +.Dq ef , 1993 +.Dq lowdelay , 1994 +.Dq throughput , 1995 +.Dq reliability , 1996 +or a numeric value. 1997 +This option may take one or two arguments, separated by whitespace. 1998 +If one argument is specified, it is used as the packet class unconditionally. 1999 +If two values are specified, the first is automatically selected for 2000 +interactive sessions and the second for non-interactive sessions. 2001 +The default is 2002 +.Dq lowdelay 2003 +for interactive sessions and 2004 +.Dq throughput 2005 +for non-interactive sessions. 2006 +.It Cm KbdInteractiveAuthentication 2007 +Specifies whether to use keyboard-interactive authentication. 2008 +The argument to this keyword must be 2009 +.Dq yes 2010 +or 2011 +.Dq no . 2012 +The default is 2013 +.Dq yes . 2014 +.It Cm KbdInteractiveDevices 2015 +Specifies the list of methods to use in keyboard-interactive authentication. 2016 +Multiple method names must be comma-separated. 2017 +The default is to use the server specified list. 2018 +The methods available vary depending on what the server supports. 2019 +For an OpenSSH server, 2020 +it may be zero or more of: 2021 +.Dq bsdauth , 2022 +.Dq pam , 2023 +and 2024 +.Dq skey . 2025 +.It Cm KexAlgorithms 2026 +Specifies the available KEX (Key Exchange) algorithms. 2027 +Multiple algorithms must be comma-separated. 2028 +Alternately if the specified value begins with a 2029 +.Sq + 2030 +character, then the specified methods will be appended to the default set 2031 +instead of replacing them. 2032 +The default is: 2033 +.Bd -literal -offset indent 2034 +curve25519-sha256@libssh.org, 2035 +ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 2036 +diffie-hellman-group-exchange-sha256, 2037 +diffie-hellman-group-exchange-sha1, 2038 +diffie-hellman-group14-sha1 2039 +.Ed 2040 +.Pp 2041 +The list of available key exchange algorithms may also be obtained using the 2042 +.Fl Q 2043 +option of 2044 +.Xr ssh 1 2045 +with an argument of 2046 +.Dq kex . 2047 +.It Cm LocalCommand 2048 +Specifies a command to execute on the local machine after successfully 2049 +connecting to the server. 2050 +The command string extends to the end of the line, and is executed with 2051 +the user's shell. 2052 +The following escape character substitutions will be performed: 2053 +.Ql %d 2054 +(local user's home directory), 2055 +.Ql %h 2056 +(remote host name), 2057 +.Ql %l 2058 +(local host name), 2059 +.Ql %n 2060 +(host name as provided on the command line), 2061 +.Ql %p 2062 +(remote port), 2063 +.Ql %r 2064 +(remote user name) or 2065 +.Ql %u 2066 +(local user name) or 2067 +.Ql \&%C 2068 +by a hash of the concatenation: %l%h%p%r. 2069 +.Pp 2070 +The command is run synchronously and does not have access to the 2071 +session of the 2072 +.Xr ssh 1 2073 +that spawned it. 2074 +It should not be used for interactive commands. 2075 +.Pp 2076 +This directive is ignored unless 2077 +.Cm PermitLocalCommand 2078 +has been enabled. 2079 +.It Cm LocalForward 2080 +Specifies that a TCP port on the local machine be forwarded over 2081 +the secure channel to the specified host and port from the remote machine. 2082 +The first argument must be 2083 +.Sm off 2084 +.Oo Ar bind_address : Oc Ar port 2085 +.Sm on 2086 +and the second argument must be 2087 +.Ar host : Ns Ar hostport . 2088 +IPv6 addresses can be specified by enclosing addresses in square brackets. 2089 +Multiple forwardings may be specified, and additional forwardings can be 2090 +given on the command line. 2091 +Only the superuser can forward privileged ports. 2092 +By default, the local port is bound in accordance with the 2093 +.Cm GatewayPorts 2094 +setting. 2095 +However, an explicit 2096 +.Ar bind_address 2097 +may be used to bind the connection to a specific address. 2098 +The 2099 +.Ar bind_address 2100 +of 2101 +.Dq localhost 2102 +indicates that the listening port be bound for local use only, while an 2103 +empty address or 2104 +.Sq * 2105 +indicates that the port should be available from all interfaces. 2106 +.It Cm LogLevel 2107 +Gives the verbosity level that is used when logging messages from 2108 +.Xr ssh 1 . 2109 +The possible values are: 2110 +QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 2111 +The default is INFO. 2112 +DEBUG and DEBUG1 are equivalent. 2113 +DEBUG2 and DEBUG3 each specify higher levels of verbose output. 2114 +.It Cm MACs 2115 +Specifies the MAC (message authentication code) algorithms 2116 +in order of preference. 2117 +The MAC algorithm is used in protocol version 2 2118 +for data integrity protection. 2119 +Multiple algorithms must be comma-separated. 2120 +If the specified value begins with a 2121 +.Sq + 2122 +character, then the specified algorithms will be appended to the default set 2123 +instead of replacing them. 2124 +.Pp 2125 +The algorithms that contain 2126 +.Dq -etm 2127 +calculate the MAC after encryption (encrypt-then-mac). 2128 +These are considered safer and their use recommended. 2129 +.Pp 2130 +The default is: 2131 +.Bd -literal -offset indent 2132 +umac-64-etm@openssh.com,umac-128-etm@openssh.com, 2133 +hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 2134 +umac-64@openssh.com,umac-128@openssh.com, 2135 +hmac-sha2-256,hmac-sha2-512, 2136 +hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com, 2137 +hmac-ripemd160-etm@openssh.com, 2138 +hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com, 2139 +hmac-md5,hmac-sha1,hmac-ripemd160, 2140 +hmac-sha1-96,hmac-md5-96 2141 +.Ed 2142 +.Pp 2143 +The list of available MAC algorithms may also be obtained using the 2144 +.Fl Q 2145 +option of 2146 +.Xr ssh 1 2147 +with an argument of 2148 +.Dq mac . 2149 +.It Cm NoHostAuthenticationForLocalhost 2150 +This option can be used if the home directory is shared across machines. 2151 +In this case localhost will refer to a different machine on each of 2152 +the machines and the user will get many warnings about changed host keys. 2153 +However, this option disables host authentication for localhost. 2154 +The argument to this keyword must be 2155 +.Dq yes 2156 +or 2157 +.Dq no . 2158 +The default is to check the host key for localhost. 2159 +.It Cm NumberOfPasswordPrompts 2160 +Specifies the number of password prompts before giving up. 2161 +The argument to this keyword must be an integer. 2162 +The default is 3. 2163 +.It Cm PasswordAuthentication 2164 +Specifies whether to use password authentication. 2165 +The argument to this keyword must be 2166 +.Dq yes 2167 +or 2168 +.Dq no . 2169 +The default is 2170 +.Dq yes . 2171 +.It Cm PermitLocalCommand 2172 +Allow local command execution via the 2173 +.Ic LocalCommand 2174 +option or using the 2175 +.Ic !\& Ns Ar command 2176 +escape sequence in 2177 +.Xr ssh 1 . 2178 +The argument must be 2179 +.Dq yes 2180 +or 2181 +.Dq no . 2182 +The default is 2183 +.Dq no . 2184 +.It Cm PKCS11Provider 2185 +Specifies which PKCS#11 provider to use. 2186 +The argument to this keyword is the PKCS#11 shared library 2187 +.Xr ssh 1 2188 +should use to communicate with a PKCS#11 token providing the user's 2189 +private RSA key. 2190 +.It Cm Port 2191 +Specifies the port number to connect on the remote host. 2192 +The default is 22. 2193 +.It Cm PreferredAuthentications 2194 +Specifies the order in which the client should try protocol 2 2195 +authentication methods. 2196 +This allows a client to prefer one method (e.g.\& 2197 +.Cm keyboard-interactive ) 2198 +over another method (e.g.\& 2199 +.Cm password ) . 2200 +The default is: 2201 +.Bd -literal -offset indent 2202 +gssapi-with-mic,hostbased,publickey, 2203 +keyboard-interactive,password 2204 +.Ed 2205 +.It Cm Protocol 2206 +Specifies the protocol versions 2207 +.Xr ssh 1 2208 +should support in order of preference. 2209 +The possible values are 2210 +.Sq 1 2211 +and 2212 +.Sq 2 . 2213 +Multiple versions must be comma-separated. 2214 +When this option is set to 2215 +.Dq 2,1 2216 +.Nm ssh 2217 +will try version 2 and fall back to version 1 2218 +if version 2 is not available. 2219 +The default is 2220 +.Sq 2 . 2221 +.It Cm ProxyCommand 2222 +Specifies the command to use to connect to the server. 2223 +The command 2224 +string extends to the end of the line, and is executed 2225 +using the user's shell 2226 +.Ql exec 2227 +directive to avoid a lingering shell process. 2228 +.Pp 2229 +In the command string, any occurrence of 2230 +.Ql %h 2231 +will be substituted by the host name to 2232 +connect, 2233 +.Ql %p 2234 +by the port, and 2235 +.Ql %r 2236 +by the remote user name. 2237 +The command can be basically anything, 2238 +and should read from its standard input and write to its standard output. 2239 +It should eventually connect an 2240 +.Xr sshd 8 2241 +server running on some machine, or execute 2242 +.Ic sshd -i 2243 +somewhere. 2244 +Host key management will be done using the 2245 +HostName of the host being connected (defaulting to the name typed by 2246 +the user). 2247 +Setting the command to 2248 +.Dq none 2249 +disables this option entirely. 2250 +Note that 2251 +.Cm CheckHostIP 2252 +is not available for connects with a proxy command. 2253 +.Pp 2254 +This directive is useful in conjunction with 2255 +.Xr nc 1 2256 +and its proxy support. 2257 +For example, the following directive would connect via an HTTP proxy at 2258 +192.0.2.0: 2259 +.Bd -literal -offset 3n 2260 +ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p 2261 +.Ed 2262 +.It Cm ProxyUseFdpass 2263 +Specifies that 2264 +.Cm ProxyCommand 2265 +will pass a connected file descriptor back to 2266 +.Xr ssh 1 2267 +instead of continuing to execute and pass data. 2268 +The default is 2269 +.Dq no . 2270 +.It Cm PubkeyAcceptedKeyTypes 2271 +Specifies the key types that will be used for public key authentication 2272 +as a comma-separated pattern list. 2273 +Alternately if the specified value begins with a 2274 +.Sq + 2275 +character, then the key types after it will be appended to the default 2276 +instead of replacing it. 2277 +The default for this option is: 2278 +.Bd -literal -offset 3n 2279 +ecdsa-sha2-nistp256-cert-v01@openssh.com, 2280 +ecdsa-sha2-nistp384-cert-v01@openssh.com, 2281 +ecdsa-sha2-nistp521-cert-v01@openssh.com, 2282 +ssh-ed25519-cert-v01@openssh.com, 2283 +ssh-rsa-cert-v01@openssh.com, 2284 +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 2285 +ssh-ed25519,ssh-rsa 2286 +.Ed 2287 +.Pp 2288 +The 2289 +.Fl Q 2290 +option of 2291 +.Xr ssh 1 2292 +may be used to list supported key types. 2293 +.It Cm PubkeyAuthentication 2294 +Specifies whether to try public key authentication. 2295 +The argument to this keyword must be 2296 +.Dq yes 2297 +or 2298 +.Dq no . 2299 +The default is 2300 +.Dq yes . 2301 +This option applies to protocol version 2 only. 2302 +.It Cm RekeyLimit 2303 +Specifies the maximum amount of data that may be transmitted before the 2304 +session key is renegotiated, optionally followed a maximum amount of 2305 +time that may pass before the session key is renegotiated. 2306 +The first argument is specified in bytes and may have a suffix of 2307 +.Sq K , 2308 +.Sq M , 2309 +or 2310 +.Sq G 2311 +to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 2312 +The default is between 2313 +.Sq 1G 2314 +and 2315 +.Sq 4G , 2316 +depending on the cipher. 2317 +The optional second value is specified in seconds and may use any of the 2318 +units documented in the 2319 +TIME FORMATS section of 2320 +.Xr sshd_config 4 . 2321 +The default value for 2322 +.Cm RekeyLimit 2323 +is 2324 +.Dq default none , 2325 +which means that rekeying is performed after the cipher's default amount 2326 +of data has been sent or received and no time based rekeying is done. 2327 +This option applies to protocol version 2 only. 2328 +.It Cm RemoteForward 2329 +Specifies that a TCP port on the remote machine be forwarded over 2330 +the secure channel to the specified host and port from the local machine. 2331 +The first argument must be 2332 +.Sm off 2333 +.Oo Ar bind_address : Oc Ar port 2334 +.Sm on 2335 +and the second argument must be 2336 +.Ar host : Ns Ar hostport . 2337 +IPv6 addresses can be specified by enclosing addresses in square brackets. 2338 +Multiple forwardings may be specified, and additional 2339 +forwardings can be given on the command line. 2340 +Privileged ports can be forwarded only when 2341 +logging in as root on the remote machine. 2342 +.Pp 2343 +If the 2344 +.Ar port 2345 +argument is 2346 +.Ql 0 , 2347 +the listen port will be dynamically allocated on the server and reported 2348 +to the client at run time. 2349 +.Pp 2350 +If the 2351 +.Ar bind_address 2352 +is not specified, the default is to only bind to loopback addresses. 2353 +If the 2354 +.Ar bind_address 2355 +is 2356 +.Ql * 2357 +or an empty string, then the forwarding is requested to listen on all 2358 +interfaces. 2359 +Specifying a remote 2360 +.Ar bind_address 2361 +will only succeed if the server's 2362 +.Cm GatewayPorts 2363 +option is enabled (see 2364 +.Xr sshd_config 4 ) . 2365 +.It Cm RequestTTY 2366 +Specifies whether to request a pseudo-tty for the session. 2367 +The argument may be one of: 2368 +.Dq no 2369 +(never request a TTY), 2370 +.Dq yes 2371 +(always request a TTY when standard input is a TTY), 2372 +.Dq force 2373 +(always request a TTY) or 2374 +.Dq auto 2375 +(request a TTY when opening a login session). 2376 +This option mirrors the 2377 +.Fl t 2378 +and 2379 +.Fl T 2380 +flags for 2381 +.Xr ssh 1 . 2382 +.It Cm RevokedHostKeys 2383 +Specifies revoked host public keys. 2384 +Keys listed in this file will be refused for host authentication. 2385 +Note that if this file does not exist or is not readable, 2386 +then host authentication will be refused for all hosts. 2387 +Keys may be specified as a text file, listing one public key per line, or as 2388 +an OpenSSH Key Revocation List (KRL) as generated by 2389 +.Xr ssh-keygen 1 . 2390 +For more information on KRLs, see the KEY REVOCATION LISTS section in 2391 +.Xr ssh-keygen 1 . 2392 +.It Cm RhostsRSAAuthentication 2393 +Specifies whether to try rhosts based authentication with RSA host 2394 +authentication. 2395 +The argument must be 2396 +.Dq yes 2397 +or 2398 +.Dq no . 2399 +The default is 2400 +.Dq no . 2401 +This option applies to protocol version 1 only and requires 2402 +.Xr ssh 1 2403 +to be setuid root. 2404 +.It Cm RSAAuthentication 2405 +Specifies whether to try RSA authentication. 2406 +The argument to this keyword must be 2407 +.Dq yes 2408 +or 2409 +.Dq no . 2410 +RSA authentication will only be 2411 +attempted if the identity file exists, or an authentication agent is 2412 +running. 2413 +The default is 2414 +.Dq yes . 2415 +Note that this option applies to protocol version 1 only. 2416 +.It Cm SendEnv 2417 +Specifies what variables from the local 2418 +.Xr environ 7 2419 +should be sent to the server. 2420 +Note that environment passing is only supported for protocol 2. 2421 +The server must also support it, and the server must be configured to 2422 +accept these environment variables. 2423 +Note that the 2424 +.Ev TERM 2425 +environment variable is always sent whenever a 2426 +pseudo-terminal is requested as it is required by the protocol. 2427 +Refer to 2428 +.Cm AcceptEnv 2429 +in 2430 +.Xr sshd_config 4 2431 +for how to configure the server. 2432 +Variables are specified by name, which may contain wildcard characters. 2433 +Multiple environment variables may be separated by whitespace or spread 2434 +across multiple 2435 +.Cm SendEnv 2436 +directives. 2437 +The default is not to send any environment variables. 2438 +.Pp 2439 +See 2440 +.Sx PATTERNS 2441 +for more information on patterns. 2442 +.It Cm ServerAliveCountMax 2443 +Sets the number of server alive messages (see below) which may be 2444 +sent without 2445 +.Xr ssh 1 2446 +receiving any messages back from the server. 2447 +If this threshold is reached while server alive messages are being sent, 2448 +ssh will disconnect from the server, terminating the session. 2449 +It is important to note that the use of server alive messages is very 2450 +different from 2451 +.Cm TCPKeepAlive 2452 +(below). 2453 +The server alive messages are sent through the encrypted channel 2454 +and therefore will not be spoofable. 2455 +The TCP keepalive option enabled by 2456 +.Cm TCPKeepAlive 2457 +is spoofable. 2458 +The server alive mechanism is valuable when the client or 2459 +server depend on knowing when a connection has become inactive. 2460 +.Pp 2461 +The default value is 3. 2462 +If, for example, 2463 +.Cm ServerAliveInterval 2464 +(see below) is set to 15 and 2465 +.Cm ServerAliveCountMax 2466 +is left at the default, if the server becomes unresponsive, 2467 +ssh will disconnect after approximately 45 seconds. 2468 +This option applies to protocol version 2 only. 2469 +.It Cm ServerAliveInterval 2470 +Sets a timeout interval in seconds after which if no data has been received 2471 +from the server, 2472 +.Xr ssh 1 2473 +will send a message through the encrypted 2474 +channel to request a response from the server. 2475 +The default 2476 +is 0, indicating that these messages will not be sent to the server. 2477 +This option applies to protocol version 2 only. 2478 +.It Cm StreamLocalBindMask 2479 +Sets the octal file creation mode mask 2480 +.Pq umask 2481 +used when creating a Unix-domain socket file for local or remote 2482 +port forwarding. 2483 +This option is only used for port forwarding to a Unix-domain socket file. 2484 +.Pp 2485 +The default value is 0177, which creates a Unix-domain socket file that is 2486 +readable and writable only by the owner. 2487 +Note that not all operating systems honor the file mode on Unix-domain 2488 +socket files. 2489 +.It Cm StreamLocalBindUnlink 2490 +Specifies whether to remove an existing Unix-domain socket file for local 2491 +or remote port forwarding before creating a new one. 2492 +If the socket file already exists and 2493 +.Cm StreamLocalBindUnlink 2494 +is not enabled, 2495 +.Nm ssh 2496 +will be unable to forward the port to the Unix-domain socket file. 2497 +This option is only used for port forwarding to a Unix-domain socket file. 2498 +.Pp 2499 +The argument must be 2500 +.Dq yes 2501 +or 2502 +.Dq no . 2503 +The default is 2504 +.Dq no . 2505 +.It Cm StrictHostKeyChecking 2506 +If this flag is set to 2507 +.Dq yes , 2508 +.Xr ssh 1 2509 +will never automatically add host keys to the 2510 +.Pa ~/.ssh/known_hosts 2511 +file, and refuses to connect to hosts whose host key has changed. 2512 +This provides maximum protection against trojan horse attacks, 2513 +though it can be annoying when the 2514 +.Pa /etc/ssh/ssh_known_hosts 2515 +file is poorly maintained or when connections to new hosts are 2516 +frequently made. 2517 +This option forces the user to manually 2518 +add all new hosts. 2519 +If this flag is set to 2520 +.Dq no , 2521 +ssh will automatically add new host keys to the 2522 +user known hosts files. 2523 +If this flag is set to 2524 +.Dq ask , 2525 +new host keys 2526 +will be added to the user known host files only after the user 2527 +has confirmed that is what they really want to do, and 2528 +ssh will refuse to connect to hosts whose host key has changed. 2529 +The host keys of 2530 +known hosts will be verified automatically in all cases. 2531 +The argument must be 2532 +.Dq yes , 2533 +.Dq no , 2534 +or 2535 +.Dq ask . 2536 +The default is 2537 +.Dq ask . 2538 +.It Cm TCPKeepAlive 2539 +Specifies whether the system should send TCP keepalive messages to the 2540 +other side. 2541 +If they are sent, death of the connection or crash of one 2542 +of the machines will be properly noticed. 2543 +However, this means that 2544 +connections will die if the route is down temporarily, and some people 2545 +find it annoying. 2546 +.Pp 2547 +The default is 2548 +.Dq yes 2549 +(to send TCP keepalive messages), and the client will notice 2550 +if the network goes down or the remote host dies. 2551 +This is important in scripts, and many users want it too. 2552 +.Pp 2553 +To disable TCP keepalive messages, the value should be set to 2554 +.Dq no . 2555 +.It Cm Tunnel 2556 +Request 2557 +.Xr tun 4 2558 +device forwarding between the client and the server. 2559 +The argument must be 2560 +.Dq yes , 2561 +.Dq point-to-point 2562 +(layer 3), 2563 +.Dq ethernet 2564 +(layer 2), 2565 +or 2566 +.Dq no . 2567 +Specifying 2568 +.Dq yes 2569 +requests the default tunnel mode, which is 2570 +.Dq point-to-point . 2571 +The default is 2572 +.Dq no . 2573 +.It Cm TunnelDevice 2574 +Specifies the 2575 +.Xr tun 4 2576 +devices to open on the client 2577 +.Pq Ar local_tun 2578 +and the server 2579 +.Pq Ar remote_tun . 2580 +.Pp 2581 +The argument must be 2582 +.Sm off 2583 +.Ar local_tun Op : Ar remote_tun . 2584 +.Sm on 2585 +The devices may be specified by numerical ID or the keyword 2586 +.Dq any , 2587 +which uses the next available tunnel device. 2588 +If 2589 +.Ar remote_tun 2590 +is not specified, it defaults to 2591 +.Dq any . 2592 +The default is 2593 +.Dq any:any . 2594 +.It Cm UpdateHostKeys 2595 +Specifies whether 2596 +.Xr ssh 1 2597 +should accept notifications of additional hostkeys from the server sent 2598 +after authentication has completed and add them to 2599 +.Cm UserKnownHostsFile . 2600 +The argument must be 2601 +.Dq yes , 2602 +.Dq no 2603 +(the default) or 2604 +.Dq ask . 2605 +Enabling this option allows learning alternate hostkeys for a server 2606 +and supports graceful key rotation by allowing a server to send replacement 2607 +public keys before old ones are removed. 2608 +Additional hostkeys are only accepted if the key used to authenticate the 2609 +host was already trusted or explicity accepted by the user. 2610 +If 2611 +.Cm UpdateHostKeys 2612 +is set to 2613 +.Dq ask , 2614 +then the user is asked to confirm the modifications to the known_hosts file. 2615 +Confirmation is currently incompatible with 2616 +.Cm ControlPersist , 2617 +and will be disabled if it is enabled. 2618 +.Pp 2619 +Presently, only 2620 +.Xr sshd 8 2621 +from OpenSSH 6.8 and greater support the 2622 +.Dq hostkeys@openssh.com 2623 +protocol extension used to inform the client of all the server's hostkeys. 2624 +.It Cm UsePrivilegedPort 2625 +Specifies whether to use a privileged port for outgoing connections. 2626 +The argument must be 2627 +.Dq yes 2628 +or 2629 +.Dq no . 2630 +The default is 2631 +.Dq no . 2632 +If set to 2633 +.Dq yes , 2634 +.Xr ssh 1 2635 +must be setuid root. 2636 +Note that this option must be set to 2637 +.Dq yes 2638 +for 2639 +.Cm RhostsRSAAuthentication 2640 +with older servers. 2641 +.It Cm User 2642 +Specifies the user to log in as. 2643 +This can be useful when a different user name is used on different machines. 2644 +This saves the trouble of 2645 +having to remember to give the user name on the command line. 2646 +.It Cm UserKnownHostsFile 2647 +Specifies one or more files to use for the user 2648 +host key database, separated by whitespace. 2649 +The default is 2650 +.Pa ~/.ssh/known_hosts , 2651 +.Pa ~/.ssh/known_hosts2 . 2652 +.It Cm VerifyHostKeyDNS 2653 +Specifies whether to verify the remote key using DNS and SSHFP resource 2654 +records. 2655 +If this option is set to 2656 +.Dq yes , 2657 +the client will implicitly trust keys that match a secure fingerprint 2658 +from DNS. 2659 +Insecure fingerprints will be handled as if this option was set to 2660 +.Dq ask . 2661 +If this option is set to 2662 +.Dq ask , 2663 +information on fingerprint match will be displayed, but the user will still 2664 +need to confirm new host keys according to the 2665 +.Cm StrictHostKeyChecking 2666 +option. 2667 +The argument must be 2668 +.Dq yes , 2669 +.Dq no , 2670 +or 2671 +.Dq ask . 2672 +The default is 2673 +.Dq no . 2674 +Note that this option applies to protocol version 2 only. 2675 +.Pp 2676 +See also VERIFYING HOST KEYS in 2677 +.Xr ssh 1 . 2678 +.It Cm VisualHostKey 2679 +If this flag is set to 2680 +.Dq yes , 2681 +an ASCII art representation of the remote host key fingerprint is 2682 +printed in addition to the fingerprint string at login and 2683 +for unknown host keys. 2684 +If this flag is set to 2685 +.Dq no , 2686 +no fingerprint strings are printed at login and 2687 +only the fingerprint string will be printed for unknown host keys. 2688 +The default is 2689 +.Dq no . 2690 +.It Cm XAuthLocation 2691 +Specifies the full pathname of the 2692 +.Xr xauth 1 2693 +program. 2694 +The default is 2695 +.Pa /usr/X11R6/bin/xauth . 2696 +.El 2697 +.Sh PATTERNS 2698 +A 2699 +.Em pattern 2700 +consists of zero or more non-whitespace characters, 2701 +.Sq * 2702 +(a wildcard that matches zero or more characters), 2703 +or 2704 +.Sq ?\& 2705 +(a wildcard that matches exactly one character). 2706 +For example, to specify a set of declarations for any host in the 2707 +.Dq .co.uk 2708 +set of domains, 2709 +the following pattern could be used: 2710 +.Pp 2711 +.Dl Host *.co.uk 2712 +.Pp 2713 +The following pattern 2714 +would match any host in the 192.168.0.[0-9] network range: 2715 +.Pp 2716 +.Dl Host 192.168.0.? 2717 +.Pp 2718 +A 2719 +.Em pattern-list 2720 +is a comma-separated list of patterns. 2721 +Patterns within pattern-lists may be negated 2722 +by preceding them with an exclamation mark 2723 +.Pq Sq !\& . 2724 +For example, 2725 +to allow a key to be used from anywhere within an organization 2726 +except from the 2727 +.Dq dialup 2728 +pool, 2729 +the following entry (in authorized_keys) could be used: 2730 +.Pp 2731 +.Dl from=\&"!*.dialup.example.com,*.example.com\&" 2732 +.Sh FILES 2733 +.Bl -tag -width Ds 2734 +.It Pa ~/.ssh/config 2735 +This is the per-user configuration file. 2736 +The format of this file is described above. 2737 +This file is used by the SSH client. 2738 +Because of the potential for abuse, this file must have strict permissions: 2739 +read/write for the user, and not accessible by others. 2740 +.It Pa /etc/ssh/ssh_config 2741 +Systemwide configuration file. 2742 +This file provides defaults for those 2743 +values that are not specified in the user's configuration file, and 2744 +for those users who do not have a configuration file. 2745 +This file must be world-readable. 2746 +.El 2747 +.Sh SEE ALSO 2748 +.Xr ssh 1 2749 +.Sh AUTHORS 2750 +OpenSSH is a derivative of the original and free 2751 +ssh 1.2.12 release by Tatu Ylonen. 2752 +Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 2753 +Theo de Raadt and Dug Song 2754 +removed many bugs, re-added newer features and 2755 +created OpenSSH. 2756 +Markus Friedl contributed the support for SSH 2757 +protocol versions 1.5 and 2.0. 2758 diff --git a/ssh_config.5 b/ssh_config.5 2759 deleted file mode 100644 2760 index a47f3ca..0000000 2761 --- a/ssh_config.5 2762 +++ /dev/null 2763 @@ -1,1726 +0,0 @@ 2764 -.\" 2765 -.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 2766 -.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 2767 -.\" All rights reserved 2768 -.\" 2769 -.\" As far as I am concerned, the code I have written for this software 2770 -.\" can be used freely for any purpose. Any derived versions of this 2771 -.\" software must be clearly marked as such, and if the derived work is 2772 -.\" incompatible with the protocol description in the RFC file, it must be 2773 -.\" called by a name other than "ssh" or "Secure Shell". 2774 -.\" 2775 -.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 2776 -.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 2777 -.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 2778 -.\" 2779 -.\" Redistribution and use in source and binary forms, with or without 2780 -.\" modification, are permitted provided that the following conditions 2781 -.\" are met: 2782 -.\" 1. Redistributions of source code must retain the above copyright 2783 -.\" notice, this list of conditions and the following disclaimer. 2784 -.\" 2. Redistributions in binary form must reproduce the above copyright 2785 -.\" notice, this list of conditions and the following disclaimer in the 2786 -.\" documentation and/or other materials provided with the distribution. 2787 -.\" 2788 -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 2789 -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 2790 -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 2791 -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 2792 -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 2793 -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 2794 -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 2795 -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 2796 -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 2797 -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 2798 -.\" 2799 -.\" $OpenBSD: ssh_config.5,v 1.215 2015/08/14 15:32:41 jmc Exp $ 2800 -.Dd $Mdocdate: August 14 2015 $ 2801 -.Dt SSH_CONFIG 5 2802 -.Os 2803 -.Sh NAME 2804 -.Nm ssh_config 2805 -.Nd OpenSSH SSH client configuration files 2806 -.Sh SYNOPSIS 2807 -.Nm ~/.ssh/config 2808 -.Nm /etc/ssh/ssh_config 2809 -.Sh DESCRIPTION 2810 -.Xr ssh 1 2811 -obtains configuration data from the following sources in 2812 -the following order: 2813 -.Pp 2814 -.Bl -enum -offset indent -compact 2815 -.It 2816 -command-line options 2817 -.It 2818 -user's configuration file 2819 -.Pq Pa ~/.ssh/config 2820 -.It 2821 -system-wide configuration file 2822 -.Pq Pa /etc/ssh/ssh_config 2823 -.El 2824 -.Pp 2825 -For each parameter, the first obtained value 2826 -will be used. 2827 -The configuration files contain sections separated by 2828 -.Dq Host 2829 -specifications, and that section is only applied for hosts that 2830 -match one of the patterns given in the specification. 2831 -The matched host name is usually the one given on the command line 2832 -(see the 2833 -.Cm CanonicalizeHostname 2834 -option for exceptions.) 2835 -.Pp 2836 -Since the first obtained value for each parameter is used, more 2837 -host-specific declarations should be given near the beginning of the 2838 -file, and general defaults at the end. 2839 -.Pp 2840 -The configuration file has the following format: 2841 -.Pp 2842 -Empty lines and lines starting with 2843 -.Ql # 2844 -are comments. 2845 -Otherwise a line is of the format 2846 -.Dq keyword arguments . 2847 -Configuration options may be separated by whitespace or 2848 -optional whitespace and exactly one 2849 -.Ql = ; 2850 -the latter format is useful to avoid the need to quote whitespace 2851 -when specifying configuration options using the 2852 -.Nm ssh , 2853 -.Nm scp , 2854 -and 2855 -.Nm sftp 2856 -.Fl o 2857 -option. 2858 -Arguments may optionally be enclosed in double quotes 2859 -.Pq \&" 2860 -in order to represent arguments containing spaces. 2861 -.Pp 2862 -The possible 2863 -keywords and their meanings are as follows (note that 2864 -keywords are case-insensitive and arguments are case-sensitive): 2865 -.Bl -tag -width Ds 2866 -.It Cm Host 2867 -Restricts the following declarations (up to the next 2868 -.Cm Host 2869 -or 2870 -.Cm Match 2871 -keyword) to be only for those hosts that match one of the patterns 2872 -given after the keyword. 2873 -If more than one pattern is provided, they should be separated by whitespace. 2874 -A single 2875 -.Ql * 2876 -as a pattern can be used to provide global 2877 -defaults for all hosts. 2878 -The host is usually the 2879 -.Ar hostname 2880 -argument given on the command line 2881 -(see the 2882 -.Cm CanonicalizeHostname 2883 -option for exceptions.) 2884 -.Pp 2885 -A pattern entry may be negated by prefixing it with an exclamation mark 2886 -.Pq Sq !\& . 2887 -If a negated entry is matched, then the 2888 -.Cm Host 2889 -entry is ignored, regardless of whether any other patterns on the line 2890 -match. 2891 -Negated matches are therefore useful to provide exceptions for wildcard 2892 -matches. 2893 -.Pp 2894 -See 2895 -.Sx PATTERNS 2896 -for more information on patterns. 2897 -.It Cm Match 2898 -Restricts the following declarations (up to the next 2899 -.Cm Host 2900 -or 2901 -.Cm Match 2902 -keyword) to be used only when the conditions following the 2903 -.Cm Match 2904 -keyword are satisfied. 2905 -Match conditions are specified using one or more critera 2906 -or the single token 2907 -.Cm all 2908 -which always matches. 2909 -The available criteria keywords are: 2910 -.Cm canonical , 2911 -.Cm exec , 2912 -.Cm host , 2913 -.Cm originalhost , 2914 -.Cm user , 2915 -and 2916 -.Cm localuser . 2917 -The 2918 -.Cm all 2919 -criteria must appear alone or immediately after 2920 -.Cm canonical . 2921 -Other criteria may be combined arbitrarily. 2922 -All criteria but 2923 -.Cm all 2924 -and 2925 -.Cm canonical 2926 -require an argument. 2927 -Criteria may be negated by prepending an exclamation mark 2928 -.Pq Sq !\& . 2929 -.Pp 2930 -The 2931 -.Cm canonical 2932 -keyword matches only when the configuration file is being re-parsed 2933 -after hostname canonicalization (see the 2934 -.Cm CanonicalizeHostname 2935 -option.) 2936 -This may be useful to specify conditions that work with canonical host 2937 -names only. 2938 -The 2939 -.Cm exec 2940 -keyword executes the specified command under the user's shell. 2941 -If the command returns a zero exit status then the condition is considered true. 2942 -Commands containing whitespace characters must be quoted. 2943 -The following character sequences in the command will be expanded prior to 2944 -execution: 2945 -.Ql %L 2946 -will be substituted by the first component of the local host name, 2947 -.Ql %l 2948 -will be substituted by the local host name (including any domain name), 2949 -.Ql %h 2950 -will be substituted by the target host name, 2951 -.Ql %n 2952 -will be substituted by the original target host name 2953 -specified on the command-line, 2954 -.Ql %p 2955 -the destination port, 2956 -.Ql %r 2957 -by the remote login username, and 2958 -.Ql %u 2959 -by the username of the user running 2960 -.Xr ssh 1 . 2961 -.Pp 2962 -The other keywords' criteria must be single entries or comma-separated 2963 -lists and may use the wildcard and negation operators described in the 2964 -.Sx PATTERNS 2965 -section. 2966 -The criteria for the 2967 -.Cm host 2968 -keyword are matched against the target hostname, after any substitution 2969 -by the 2970 -.Cm Hostname 2971 -or 2972 -.Cm CanonicalizeHostname 2973 -options. 2974 -The 2975 -.Cm originalhost 2976 -keyword matches against the hostname as it was specified on the command-line. 2977 -The 2978 -.Cm user 2979 -keyword matches against the target username on the remote host. 2980 -The 2981 -.Cm localuser 2982 -keyword matches against the name of the local user running 2983 -.Xr ssh 1 2984 -(this keyword may be useful in system-wide 2985 -.Nm 2986 -files). 2987 -.It Cm AddressFamily 2988 -Specifies which address family to use when connecting. 2989 -Valid arguments are 2990 -.Dq any , 2991 -.Dq inet 2992 -(use IPv4 only), or 2993 -.Dq inet6 2994 -(use IPv6 only). 2995 -.It Cm BatchMode 2996 -If set to 2997 -.Dq yes , 2998 -passphrase/password querying will be disabled. 2999 -This option is useful in scripts and other batch jobs where no user 3000 -is present to supply the password. 3001 -The argument must be 3002 -.Dq yes 3003 -or 3004 -.Dq no . 3005 -The default is 3006 -.Dq no . 3007 -.It Cm BindAddress 3008 -Use the specified address on the local machine as the source address of 3009 -the connection. 3010 -Only useful on systems with more than one address. 3011 -Note that this option does not work if 3012 -.Cm UsePrivilegedPort 3013 -is set to 3014 -.Dq yes . 3015 -.It Cm CanonicalDomains 3016 -When 3017 -.Cm CanonicalizeHostname 3018 -is enabled, this option specifies the list of domain suffixes in which to 3019 -search for the specified destination host. 3020 -.It Cm CanonicalizeFallbackLocal 3021 -Specifies whether to fail with an error when hostname canonicalization fails. 3022 -The default, 3023 -.Dq yes , 3024 -will attempt to look up the unqualified hostname using the system resolver's 3025 -search rules. 3026 -A value of 3027 -.Dq no 3028 -will cause 3029 -.Xr ssh 1 3030 -to fail instantly if 3031 -.Cm CanonicalizeHostname 3032 -is enabled and the target hostname cannot be found in any of the domains 3033 -specified by 3034 -.Cm CanonicalDomains . 3035 -.It Cm CanonicalizeHostname 3036 -Controls whether explicit hostname canonicalization is performed. 3037 -The default, 3038 -.Dq no , 3039 -is not to perform any name rewriting and let the system resolver handle all 3040 -hostname lookups. 3041 -If set to 3042 -.Dq yes 3043 -then, for connections that do not use a 3044 -.Cm ProxyCommand , 3045 -.Xr ssh 1 3046 -will attempt to canonicalize the hostname specified on the command line 3047 -using the 3048 -.Cm CanonicalDomains 3049 -suffixes and 3050 -.Cm CanonicalizePermittedCNAMEs 3051 -rules. 3052 -If 3053 -.Cm CanonicalizeHostname 3054 -is set to 3055 -.Dq always , 3056 -then canonicalization is applied to proxied connections too. 3057 -.Pp 3058 -If this option is enabled, then the configuration files are processed 3059 -again using the new target name to pick up any new configuration in matching 3060 -.Cm Host 3061 -and 3062 -.Cm Match 3063 -stanzas. 3064 -.It Cm CanonicalizeMaxDots 3065 -Specifies the maximum number of dot characters in a hostname before 3066 -canonicalization is disabled. 3067 -The default, 3068 -.Dq 1 , 3069 -allows a single dot (i.e. hostname.subdomain). 3070 -.It Cm CanonicalizePermittedCNAMEs 3071 -Specifies rules to determine whether CNAMEs should be followed when 3072 -canonicalizing hostnames. 3073 -The rules consist of one or more arguments of 3074 -.Ar source_domain_list : Ns Ar target_domain_list , 3075 -where 3076 -.Ar source_domain_list 3077 -is a pattern-list of domains that may follow CNAMEs in canonicalization, 3078 -and 3079 -.Ar target_domain_list 3080 -is a pattern-list of domains that they may resolve to. 3081 -.Pp 3082 -For example, 3083 -.Dq *.a.example.com:*.b.example.com,*.c.example.com 3084 -will allow hostnames matching 3085 -.Dq *.a.example.com 3086 -to be canonicalized to names in the 3087 -.Dq *.b.example.com 3088 -or 3089 -.Dq *.c.example.com 3090 -domains. 3091 -.It Cm ChallengeResponseAuthentication 3092 -Specifies whether to use challenge-response authentication. 3093 -The argument to this keyword must be 3094 -.Dq yes 3095 -or 3096 -.Dq no . 3097 -The default is 3098 -.Dq yes . 3099 -.It Cm CheckHostIP 3100 -If this flag is set to 3101 -.Dq yes , 3102 -.Xr ssh 1 3103 -will additionally check the host IP address in the 3104 -.Pa known_hosts 3105 -file. 3106 -This allows ssh to detect if a host key changed due to DNS spoofing 3107 -and will add addresses of destination hosts to 3108 -.Pa ~/.ssh/known_hosts 3109 -in the process, regardless of the setting of 3110 -.Cm StrictHostKeyChecking . 3111 -If the option is set to 3112 -.Dq no , 3113 -the check will not be executed. 3114 -The default is 3115 -.Dq yes . 3116 -.It Cm Cipher 3117 -Specifies the cipher to use for encrypting the session 3118 -in protocol version 1. 3119 -Currently, 3120 -.Dq blowfish , 3121 -.Dq 3des , 3122 -and 3123 -.Dq des 3124 -are supported. 3125 -.Ar des 3126 -is only supported in the 3127 -.Xr ssh 1 3128 -client for interoperability with legacy protocol 1 implementations 3129 -that do not support the 3130 -.Ar 3des 3131 -cipher. 3132 -Its use is strongly discouraged due to cryptographic weaknesses. 3133 -The default is 3134 -.Dq 3des . 3135 -.It Cm Ciphers 3136 -Specifies the ciphers allowed for protocol version 2 3137 -in order of preference. 3138 -Multiple ciphers must be comma-separated. 3139 -If the specified value begins with a 3140 -.Sq + 3141 -character, then the specified ciphers will be appended to the default set 3142 -instead of replacing them. 3143 -.Pp 3144 -The supported ciphers are: 3145 -.Pp 3146 -.Bl -item -compact -offset indent 3147 -.It 3148 -3des-cbc 3149 -.It 3150 -aes128-cbc 3151 -.It 3152 -aes192-cbc 3153 -.It 3154 -aes256-cbc 3155 -.It 3156 -aes128-ctr 3157 -.It 3158 -aes192-ctr 3159 -.It 3160 -aes256-ctr 3161 -.It 3162 -aes128-gcm@openssh.com 3163 -.It 3164 -aes256-gcm@openssh.com 3165 -.It 3166 -arcfour 3167 -.It 3168 -arcfour128 3169 -.It 3170 -arcfour256 3171 -.It 3172 -blowfish-cbc 3173 -.It 3174 -cast128-cbc 3175 -.It 3176 -chacha20-poly1305@openssh.com 3177 -.El 3178 -.Pp 3179 -The default is: 3180 -.Bd -literal -offset indent 3181 -chacha20-poly1305@openssh.com, 3182 -aes128-ctr,aes192-ctr,aes256-ctr, 3183 -aes128-gcm@openssh.com,aes256-gcm@openssh.com, 3184 -arcfour256,arcfour128, 3185 -aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc, 3186 -aes192-cbc,aes256-cbc,arcfour 3187 -.Ed 3188 -.Pp 3189 -The list of available ciphers may also be obtained using the 3190 -.Fl Q 3191 -option of 3192 -.Xr ssh 1 3193 -with an argument of 3194 -.Dq cipher . 3195 -.It Cm ClearAllForwardings 3196 -Specifies that all local, remote, and dynamic port forwardings 3197 -specified in the configuration files or on the command line be 3198 -cleared. 3199 -This option is primarily useful when used from the 3200 -.Xr ssh 1 3201 -command line to clear port forwardings set in 3202 -configuration files, and is automatically set by 3203 -.Xr scp 1 3204 -and 3205 -.Xr sftp 1 . 3206 -The argument must be 3207 -.Dq yes 3208 -or 3209 -.Dq no . 3210 -The default is 3211 -.Dq no . 3212 -.It Cm Compression 3213 -Specifies whether to use compression. 3214 -The argument must be 3215 -.Dq yes 3216 -or 3217 -.Dq no . 3218 -The default is 3219 -.Dq no . 3220 -.It Cm CompressionLevel 3221 -Specifies the compression level to use if compression is enabled. 3222 -The argument must be an integer from 1 (fast) to 9 (slow, best). 3223 -The default level is 6, which is good for most applications. 3224 -The meaning of the values is the same as in 3225 -.Xr gzip 1 . 3226 -Note that this option applies to protocol version 1 only. 3227 -.It Cm ConnectionAttempts 3228 -Specifies the number of tries (one per second) to make before exiting. 3229 -The argument must be an integer. 3230 -This may be useful in scripts if the connection sometimes fails. 3231 -The default is 1. 3232 -.It Cm ConnectTimeout 3233 -Specifies the timeout (in seconds) used when connecting to the 3234 -SSH server, instead of using the default system TCP timeout. 3235 -This value is used only when the target is down or really unreachable, 3236 -not when it refuses the connection. 3237 -.It Cm ControlMaster 3238 -Enables the sharing of multiple sessions over a single network connection. 3239 -When set to 3240 -.Dq yes , 3241 -.Xr ssh 1 3242 -will listen for connections on a control socket specified using the 3243 -.Cm ControlPath 3244 -argument. 3245 -Additional sessions can connect to this socket using the same 3246 -.Cm ControlPath 3247 -with 3248 -.Cm ControlMaster 3249 -set to 3250 -.Dq no 3251 -(the default). 3252 -These sessions will try to reuse the master instance's network connection 3253 -rather than initiating new ones, but will fall back to connecting normally 3254 -if the control socket does not exist, or is not listening. 3255 -.Pp 3256 -Setting this to 3257 -.Dq ask 3258 -will cause ssh 3259 -to listen for control connections, but require confirmation using 3260 -.Xr ssh-askpass 1 . 3261 -If the 3262 -.Cm ControlPath 3263 -cannot be opened, 3264 -ssh will continue without connecting to a master instance. 3265 -.Pp 3266 -X11 and 3267 -.Xr ssh-agent 1 3268 -forwarding is supported over these multiplexed connections, however the 3269 -display and agent forwarded will be the one belonging to the master 3270 -connection i.e. it is not possible to forward multiple displays or agents. 3271 -.Pp 3272 -Two additional options allow for opportunistic multiplexing: try to use a 3273 -master connection but fall back to creating a new one if one does not already 3274 -exist. 3275 -These options are: 3276 -.Dq auto 3277 -and 3278 -.Dq autoask . 3279 -The latter requires confirmation like the 3280 -.Dq ask 3281 -option. 3282 -.It Cm ControlPath 3283 -Specify the path to the control socket used for connection sharing as described 3284 -in the 3285 -.Cm ControlMaster 3286 -section above or the string 3287 -.Dq none 3288 -to disable connection sharing. 3289 -In the path, 3290 -.Ql %L 3291 -will be substituted by the first component of the local host name, 3292 -.Ql %l 3293 -will be substituted by the local host name (including any domain name), 3294 -.Ql %h 3295 -will be substituted by the target host name, 3296 -.Ql %n 3297 -will be substituted by the original target host name 3298 -specified on the command line, 3299 -.Ql %p 3300 -the destination port, 3301 -.Ql %r 3302 -by the remote login username, 3303 -.Ql %u 3304 -by the username of the user running 3305 -.Xr ssh 1 , and 3306 -.Ql \&%C 3307 -by a hash of the concatenation: %l%h%p%r. 3308 -It is recommended that any 3309 -.Cm ControlPath 3310 -used for opportunistic connection sharing include 3311 -at least %h, %p, and %r (or alternatively %C) and be placed in a directory 3312 -that is not writable by other users. 3313 -This ensures that shared connections are uniquely identified. 3314 -.It Cm ControlPersist 3315 -When used in conjunction with 3316 -.Cm ControlMaster , 3317 -specifies that the master connection should remain open 3318 -in the background (waiting for future client connections) 3319 -after the initial client connection has been closed. 3320 -If set to 3321 -.Dq no , 3322 -then the master connection will not be placed into the background, 3323 -and will close as soon as the initial client connection is closed. 3324 -If set to 3325 -.Dq yes 3326 -or 3327 -.Dq 0 , 3328 -then the master connection will remain in the background indefinitely 3329 -(until killed or closed via a mechanism such as the 3330 -.Xr ssh 1 3331 -.Dq Fl O No exit 3332 -option). 3333 -If set to a time in seconds, or a time in any of the formats documented in 3334 -.Xr sshd_config 5 , 3335 -then the backgrounded master connection will automatically terminate 3336 -after it has remained idle (with no client connections) for the 3337 -specified time. 3338 -.It Cm DynamicForward 3339 -Specifies that a TCP port on the local machine be forwarded 3340 -over the secure channel, and the application 3341 -protocol is then used to determine where to connect to from the 3342 -remote machine. 3343 -.Pp 3344 -The argument must be 3345 -.Sm off 3346 -.Oo Ar bind_address : Oc Ar port . 3347 -.Sm on 3348 -IPv6 addresses can be specified by enclosing addresses in square brackets. 3349 -By default, the local port is bound in accordance with the 3350 -.Cm GatewayPorts 3351 -setting. 3352 -However, an explicit 3353 -.Ar bind_address 3354 -may be used to bind the connection to a specific address. 3355 -The 3356 -.Ar bind_address 3357 -of 3358 -.Dq localhost 3359 -indicates that the listening port be bound for local use only, while an 3360 -empty address or 3361 -.Sq * 3362 -indicates that the port should be available from all interfaces. 3363 -.Pp 3364 -Currently the SOCKS4 and SOCKS5 protocols are supported, and 3365 -.Xr ssh 1 3366 -will act as a SOCKS server. 3367 -Multiple forwardings may be specified, and 3368 -additional forwardings can be given on the command line. 3369 -Only the superuser can forward privileged ports. 3370 -.It Cm EnableSSHKeysign 3371 -Setting this option to 3372 -.Dq yes 3373 -in the global client configuration file 3374 -.Pa /etc/ssh/ssh_config 3375 -enables the use of the helper program 3376 -.Xr ssh-keysign 8 3377 -during 3378 -.Cm HostbasedAuthentication . 3379 -The argument must be 3380 -.Dq yes 3381 -or 3382 -.Dq no . 3383 -The default is 3384 -.Dq no . 3385 -This option should be placed in the non-hostspecific section. 3386 -See 3387 -.Xr ssh-keysign 8 3388 -for more information. 3389 -.It Cm EscapeChar 3390 -Sets the escape character (default: 3391 -.Ql ~ ) . 3392 -The escape character can also 3393 -be set on the command line. 3394 -The argument should be a single character, 3395 -.Ql ^ 3396 -followed by a letter, or 3397 -.Dq none 3398 -to disable the escape 3399 -character entirely (making the connection transparent for binary 3400 -data). 3401 -.It Cm ExitOnForwardFailure 3402 -Specifies whether 3403 -.Xr ssh 1 3404 -should terminate the connection if it cannot set up all requested 3405 -dynamic, tunnel, local, and remote port forwardings. 3406 -The argument must be 3407 -.Dq yes 3408 -or 3409 -.Dq no . 3410 -The default is 3411 -.Dq no . 3412 -.It Cm FingerprintHash 3413 -Specifies the hash algorithm used when displaying key fingerprints. 3414 -Valid options are: 3415 -.Dq md5 3416 -and 3417 -.Dq sha256 . 3418 -The default is 3419 -.Dq sha256 . 3420 -.It Cm ForwardAgent 3421 -Specifies whether the connection to the authentication agent (if any) 3422 -will be forwarded to the remote machine. 3423 -The argument must be 3424 -.Dq yes 3425 -or 3426 -.Dq no . 3427 -The default is 3428 -.Dq no . 3429 -.Pp 3430 -Agent forwarding should be enabled with caution. 3431 -Users with the ability to bypass file permissions on the remote host 3432 -(for the agent's Unix-domain socket) 3433 -can access the local agent through the forwarded connection. 3434 -An attacker cannot obtain key material from the agent, 3435 -however they can perform operations on the keys that enable them to 3436 -authenticate using the identities loaded into the agent. 3437 -.It Cm ForwardX11 3438 -Specifies whether X11 connections will be automatically redirected 3439 -over the secure channel and 3440 -.Ev DISPLAY 3441 -set. 3442 -The argument must be 3443 -.Dq yes 3444 -or 3445 -.Dq no . 3446 -The default is 3447 -.Dq no . 3448 -.Pp 3449 -X11 forwarding should be enabled with caution. 3450 -Users with the ability to bypass file permissions on the remote host 3451 -(for the user's X11 authorization database) 3452 -can access the local X11 display through the forwarded connection. 3453 -An attacker may then be able to perform activities such as keystroke monitoring 3454 -if the 3455 -.Cm ForwardX11Trusted 3456 -option is also enabled. 3457 -.It Cm ForwardX11Timeout 3458 -Specify a timeout for untrusted X11 forwarding 3459 -using the format described in the 3460 -TIME FORMATS section of 3461 -.Xr sshd_config 5 . 3462 -X11 connections received by 3463 -.Xr ssh 1 3464 -after this time will be refused. 3465 -The default is to disable untrusted X11 forwarding after twenty minutes has 3466 -elapsed. 3467 -.It Cm ForwardX11Trusted 3468 -If this option is set to 3469 -.Dq yes , 3470 -remote X11 clients will have full access to the original X11 display. 3471 -.Pp 3472 -If this option is set to 3473 -.Dq no , 3474 -remote X11 clients will be considered untrusted and prevented 3475 -from stealing or tampering with data belonging to trusted X11 3476 -clients. 3477 -Furthermore, the 3478 -.Xr xauth 1 3479 -token used for the session will be set to expire after 20 minutes. 3480 -Remote clients will be refused access after this time. 3481 -.Pp 3482 -The default is 3483 -.Dq no . 3484 -.Pp 3485 -See the X11 SECURITY extension specification for full details on 3486 -the restrictions imposed on untrusted clients. 3487 -.It Cm GatewayPorts 3488 -Specifies whether remote hosts are allowed to connect to local 3489 -forwarded ports. 3490 -By default, 3491 -.Xr ssh 1 3492 -binds local port forwardings to the loopback address. 3493 -This prevents other remote hosts from connecting to forwarded ports. 3494 -.Cm GatewayPorts 3495 -can be used to specify that ssh 3496 -should bind local port forwardings to the wildcard address, 3497 -thus allowing remote hosts to connect to forwarded ports. 3498 -The argument must be 3499 -.Dq yes 3500 -or 3501 -.Dq no . 3502 -The default is 3503 -.Dq no . 3504 -.It Cm GlobalKnownHostsFile 3505 -Specifies one or more files to use for the global 3506 -host key database, separated by whitespace. 3507 -The default is 3508 -.Pa /etc/ssh/ssh_known_hosts , 3509 -.Pa /etc/ssh/ssh_known_hosts2 . 3510 -.It Cm GSSAPIAuthentication 3511 -Specifies whether user authentication based on GSSAPI is allowed. 3512 -The default is 3513 -.Dq no . 3514 -Note that this option applies to protocol version 2 only. 3515 -.It Cm GSSAPIDelegateCredentials 3516 -Forward (delegate) credentials to the server. 3517 -The default is 3518 -.Dq no . 3519 -Note that this option applies to protocol version 2 only. 3520 -.It Cm HashKnownHosts 3521 -Indicates that 3522 -.Xr ssh 1 3523 -should hash host names and addresses when they are added to 3524 -.Pa ~/.ssh/known_hosts . 3525 -These hashed names may be used normally by 3526 -.Xr ssh 1 3527 -and 3528 -.Xr sshd 8 , 3529 -but they do not reveal identifying information should the file's contents 3530 -be disclosed. 3531 -The default is 3532 -.Dq no . 3533 -Note that existing names and addresses in known hosts files 3534 -will not be converted automatically, 3535 -but may be manually hashed using 3536 -.Xr ssh-keygen 1 . 3537 -.It Cm HostbasedAuthentication 3538 -Specifies whether to try rhosts based authentication with public key 3539 -authentication. 3540 -The argument must be 3541 -.Dq yes 3542 -or 3543 -.Dq no . 3544 -The default is 3545 -.Dq no . 3546 -This option applies to protocol version 2 only and 3547 -is similar to 3548 -.Cm RhostsRSAAuthentication . 3549 -.It Cm HostbasedKeyTypes 3550 -Specifies the key types that will be used for hostbased authentication 3551 -as a comma-separated pattern list. 3552 -Alternately if the specified value begins with a 3553 -.Sq + 3554 -character, then the specified key types will be appended to the default set 3555 -instead of replacing them. 3556 -The default for this option is: 3557 -.Bd -literal -offset 3n 3558 -ecdsa-sha2-nistp256-cert-v01@openssh.com, 3559 -ecdsa-sha2-nistp384-cert-v01@openssh.com, 3560 -ecdsa-sha2-nistp521-cert-v01@openssh.com, 3561 -ssh-ed25519-cert-v01@openssh.com, 3562 -ssh-rsa-cert-v01@openssh.com, 3563 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 3564 -ssh-ed25519,ssh-rsa 3565 -.Ed 3566 -.Pp 3567 -The 3568 -.Fl Q 3569 -option of 3570 -.Xr ssh 1 3571 -may be used to list supported key types. 3572 -.It Cm HostKeyAlgorithms 3573 -Specifies the protocol version 2 host key algorithms 3574 -that the client wants to use in order of preference. 3575 -Alternately if the specified value begins with a 3576 -.Sq + 3577 -character, then the specified key types will be appended to the default set 3578 -instead of replacing them. 3579 -The default for this option is: 3580 -.Bd -literal -offset 3n 3581 -ecdsa-sha2-nistp256-cert-v01@openssh.com, 3582 -ecdsa-sha2-nistp384-cert-v01@openssh.com, 3583 -ecdsa-sha2-nistp521-cert-v01@openssh.com, 3584 -ssh-ed25519-cert-v01@openssh.com, 3585 -ssh-rsa-cert-v01@openssh.com, 3586 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 3587 -ssh-ed25519,ssh-rsa 3588 -.Ed 3589 -.Pp 3590 -If hostkeys are known for the destination host then this default is modified 3591 -to prefer their algorithms. 3592 -.Pp 3593 -The list of available key types may also be obtained using the 3594 -.Fl Q 3595 -option of 3596 -.Xr ssh 1 3597 -with an argument of 3598 -.Dq key . 3599 -.It Cm HostKeyAlias 3600 -Specifies an alias that should be used instead of the 3601 -real host name when looking up or saving the host key 3602 -in the host key database files. 3603 -This option is useful for tunneling SSH connections 3604 -or for multiple servers running on a single host. 3605 -.It Cm HostName 3606 -Specifies the real host name to log into. 3607 -This can be used to specify nicknames or abbreviations for hosts. 3608 -If the hostname contains the character sequence 3609 -.Ql %h , 3610 -then this will be replaced with the host name specified on the command line 3611 -(this is useful for manipulating unqualified names). 3612 -The character sequence 3613 -.Ql %% 3614 -will be replaced by a single 3615 -.Ql % 3616 -character, which may be used when specifying IPv6 link-local addresses. 3617 -.Pp 3618 -The default is the name given on the command line. 3619 -Numeric IP addresses are also permitted (both on the command line and in 3620 -.Cm HostName 3621 -specifications). 3622 -.It Cm IdentitiesOnly 3623 -Specifies that 3624 -.Xr ssh 1 3625 -should only use the authentication identity files configured in the 3626 -.Nm 3627 -files, 3628 -even if 3629 -.Xr ssh-agent 1 3630 -or a 3631 -.Cm PKCS11Provider 3632 -offers more identities. 3633 -The argument to this keyword must be 3634 -.Dq yes 3635 -or 3636 -.Dq no . 3637 -This option is intended for situations where ssh-agent 3638 -offers many different identities. 3639 -The default is 3640 -.Dq no . 3641 -.It Cm IdentityFile 3642 -Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication 3643 -identity is read. 3644 -The default is 3645 -.Pa ~/.ssh/identity 3646 -for protocol version 1, and 3647 -.Pa ~/.ssh/id_dsa , 3648 -.Pa ~/.ssh/id_ecdsa , 3649 -.Pa ~/.ssh/id_ed25519 3650 -and 3651 -.Pa ~/.ssh/id_rsa 3652 -for protocol version 2. 3653 -Additionally, any identities represented by the authentication agent 3654 -will be used for authentication unless 3655 -.Cm IdentitiesOnly 3656 -is set. 3657 -.Xr ssh 1 3658 -will try to load certificate information from the filename obtained by 3659 -appending 3660 -.Pa -cert.pub 3661 -to the path of a specified 3662 -.Cm IdentityFile . 3663 -.Pp 3664 -The file name may use the tilde 3665 -syntax to refer to a user's home directory or one of the following 3666 -escape characters: 3667 -.Ql %d 3668 -(local user's home directory), 3669 -.Ql %u 3670 -(local user name), 3671 -.Ql %l 3672 -(local host name), 3673 -.Ql %h 3674 -(remote host name) or 3675 -.Ql %r 3676 -(remote user name). 3677 -.Pp 3678 -It is possible to have 3679 -multiple identity files specified in configuration files; all these 3680 -identities will be tried in sequence. 3681 -Multiple 3682 -.Cm IdentityFile 3683 -directives will add to the list of identities tried (this behaviour 3684 -differs from that of other configuration directives). 3685 -.Pp 3686 -.Cm IdentityFile 3687 -may be used in conjunction with 3688 -.Cm IdentitiesOnly 3689 -to select which identities in an agent are offered during authentication. 3690 -.It Cm IgnoreUnknown 3691 -Specifies a pattern-list of unknown options to be ignored if they are 3692 -encountered in configuration parsing. 3693 -This may be used to suppress errors if 3694 -.Nm 3695 -contains options that are unrecognised by 3696 -.Xr ssh 1 . 3697 -It is recommended that 3698 -.Cm IgnoreUnknown 3699 -be listed early in the configuration file as it will not be applied 3700 -to unknown options that appear before it. 3701 -.It Cm IPQoS 3702 -Specifies the IPv4 type-of-service or DSCP class for connections. 3703 -Accepted values are 3704 -.Dq af11 , 3705 -.Dq af12 , 3706 -.Dq af13 , 3707 -.Dq af21 , 3708 -.Dq af22 , 3709 -.Dq af23 , 3710 -.Dq af31 , 3711 -.Dq af32 , 3712 -.Dq af33 , 3713 -.Dq af41 , 3714 -.Dq af42 , 3715 -.Dq af43 , 3716 -.Dq cs0 , 3717 -.Dq cs1 , 3718 -.Dq cs2 , 3719 -.Dq cs3 , 3720 -.Dq cs4 , 3721 -.Dq cs5 , 3722 -.Dq cs6 , 3723 -.Dq cs7 , 3724 -.Dq ef , 3725 -.Dq lowdelay , 3726 -.Dq throughput , 3727 -.Dq reliability , 3728 -or a numeric value. 3729 -This option may take one or two arguments, separated by whitespace. 3730 -If one argument is specified, it is used as the packet class unconditionally. 3731 -If two values are specified, the first is automatically selected for 3732 -interactive sessions and the second for non-interactive sessions. 3733 -The default is 3734 -.Dq lowdelay 3735 -for interactive sessions and 3736 -.Dq throughput 3737 -for non-interactive sessions. 3738 -.It Cm KbdInteractiveAuthentication 3739 -Specifies whether to use keyboard-interactive authentication. 3740 -The argument to this keyword must be 3741 -.Dq yes 3742 -or 3743 -.Dq no . 3744 -The default is 3745 -.Dq yes . 3746 -.It Cm KbdInteractiveDevices 3747 -Specifies the list of methods to use in keyboard-interactive authentication. 3748 -Multiple method names must be comma-separated. 3749 -The default is to use the server specified list. 3750 -The methods available vary depending on what the server supports. 3751 -For an OpenSSH server, 3752 -it may be zero or more of: 3753 -.Dq bsdauth , 3754 -.Dq pam , 3755 -and 3756 -.Dq skey . 3757 -.It Cm KexAlgorithms 3758 -Specifies the available KEX (Key Exchange) algorithms. 3759 -Multiple algorithms must be comma-separated. 3760 -Alternately if the specified value begins with a 3761 -.Sq + 3762 -character, then the specified methods will be appended to the default set 3763 -instead of replacing them. 3764 -The default is: 3765 -.Bd -literal -offset indent 3766 -curve25519-sha256@libssh.org, 3767 -ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 3768 -diffie-hellman-group-exchange-sha256, 3769 -diffie-hellman-group-exchange-sha1, 3770 -diffie-hellman-group14-sha1 3771 -.Ed 3772 -.Pp 3773 -The list of available key exchange algorithms may also be obtained using the 3774 -.Fl Q 3775 -option of 3776 -.Xr ssh 1 3777 -with an argument of 3778 -.Dq kex . 3779 -.It Cm LocalCommand 3780 -Specifies a command to execute on the local machine after successfully 3781 -connecting to the server. 3782 -The command string extends to the end of the line, and is executed with 3783 -the user's shell. 3784 -The following escape character substitutions will be performed: 3785 -.Ql %d 3786 -(local user's home directory), 3787 -.Ql %h 3788 -(remote host name), 3789 -.Ql %l 3790 -(local host name), 3791 -.Ql %n 3792 -(host name as provided on the command line), 3793 -.Ql %p 3794 -(remote port), 3795 -.Ql %r 3796 -(remote user name) or 3797 -.Ql %u 3798 -(local user name) or 3799 -.Ql \&%C 3800 -by a hash of the concatenation: %l%h%p%r. 3801 -.Pp 3802 -The command is run synchronously and does not have access to the 3803 -session of the 3804 -.Xr ssh 1 3805 -that spawned it. 3806 -It should not be used for interactive commands. 3807 -.Pp 3808 -This directive is ignored unless 3809 -.Cm PermitLocalCommand 3810 -has been enabled. 3811 -.It Cm LocalForward 3812 -Specifies that a TCP port on the local machine be forwarded over 3813 -the secure channel to the specified host and port from the remote machine. 3814 -The first argument must be 3815 -.Sm off 3816 -.Oo Ar bind_address : Oc Ar port 3817 -.Sm on 3818 -and the second argument must be 3819 -.Ar host : Ns Ar hostport . 3820 -IPv6 addresses can be specified by enclosing addresses in square brackets. 3821 -Multiple forwardings may be specified, and additional forwardings can be 3822 -given on the command line. 3823 -Only the superuser can forward privileged ports. 3824 -By default, the local port is bound in accordance with the 3825 -.Cm GatewayPorts 3826 -setting. 3827 -However, an explicit 3828 -.Ar bind_address 3829 -may be used to bind the connection to a specific address. 3830 -The 3831 -.Ar bind_address 3832 -of 3833 -.Dq localhost 3834 -indicates that the listening port be bound for local use only, while an 3835 -empty address or 3836 -.Sq * 3837 -indicates that the port should be available from all interfaces. 3838 -.It Cm LogLevel 3839 -Gives the verbosity level that is used when logging messages from 3840 -.Xr ssh 1 . 3841 -The possible values are: 3842 -QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 3843 -The default is INFO. 3844 -DEBUG and DEBUG1 are equivalent. 3845 -DEBUG2 and DEBUG3 each specify higher levels of verbose output. 3846 -.It Cm MACs 3847 -Specifies the MAC (message authentication code) algorithms 3848 -in order of preference. 3849 -The MAC algorithm is used in protocol version 2 3850 -for data integrity protection. 3851 -Multiple algorithms must be comma-separated. 3852 -If the specified value begins with a 3853 -.Sq + 3854 -character, then the specified algorithms will be appended to the default set 3855 -instead of replacing them. 3856 -.Pp 3857 -The algorithms that contain 3858 -.Dq -etm 3859 -calculate the MAC after encryption (encrypt-then-mac). 3860 -These are considered safer and their use recommended. 3861 -.Pp 3862 -The default is: 3863 -.Bd -literal -offset indent 3864 -umac-64-etm@openssh.com,umac-128-etm@openssh.com, 3865 -hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 3866 -umac-64@openssh.com,umac-128@openssh.com, 3867 -hmac-sha2-256,hmac-sha2-512, 3868 -hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com, 3869 -hmac-ripemd160-etm@openssh.com, 3870 -hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com, 3871 -hmac-md5,hmac-sha1,hmac-ripemd160, 3872 -hmac-sha1-96,hmac-md5-96 3873 -.Ed 3874 -.Pp 3875 -The list of available MAC algorithms may also be obtained using the 3876 -.Fl Q 3877 -option of 3878 -.Xr ssh 1 3879 -with an argument of 3880 -.Dq mac . 3881 -.It Cm NoHostAuthenticationForLocalhost 3882 -This option can be used if the home directory is shared across machines. 3883 -In this case localhost will refer to a different machine on each of 3884 -the machines and the user will get many warnings about changed host keys. 3885 -However, this option disables host authentication for localhost. 3886 -The argument to this keyword must be 3887 -.Dq yes 3888 -or 3889 -.Dq no . 3890 -The default is to check the host key for localhost. 3891 -.It Cm NumberOfPasswordPrompts 3892 -Specifies the number of password prompts before giving up. 3893 -The argument to this keyword must be an integer. 3894 -The default is 3. 3895 -.It Cm PasswordAuthentication 3896 -Specifies whether to use password authentication. 3897 -The argument to this keyword must be 3898 -.Dq yes 3899 -or 3900 -.Dq no . 3901 -The default is 3902 -.Dq yes . 3903 -.It Cm PermitLocalCommand 3904 -Allow local command execution via the 3905 -.Ic LocalCommand 3906 -option or using the 3907 -.Ic !\& Ns Ar command 3908 -escape sequence in 3909 -.Xr ssh 1 . 3910 -The argument must be 3911 -.Dq yes 3912 -or 3913 -.Dq no . 3914 -The default is 3915 -.Dq no . 3916 -.It Cm PKCS11Provider 3917 -Specifies which PKCS#11 provider to use. 3918 -The argument to this keyword is the PKCS#11 shared library 3919 -.Xr ssh 1 3920 -should use to communicate with a PKCS#11 token providing the user's 3921 -private RSA key. 3922 -.It Cm Port 3923 -Specifies the port number to connect on the remote host. 3924 -The default is 22. 3925 -.It Cm PreferredAuthentications 3926 -Specifies the order in which the client should try protocol 2 3927 -authentication methods. 3928 -This allows a client to prefer one method (e.g.\& 3929 -.Cm keyboard-interactive ) 3930 -over another method (e.g.\& 3931 -.Cm password ) . 3932 -The default is: 3933 -.Bd -literal -offset indent 3934 -gssapi-with-mic,hostbased,publickey, 3935 -keyboard-interactive,password 3936 -.Ed 3937 -.It Cm Protocol 3938 -Specifies the protocol versions 3939 -.Xr ssh 1 3940 -should support in order of preference. 3941 -The possible values are 3942 -.Sq 1 3943 -and 3944 -.Sq 2 . 3945 -Multiple versions must be comma-separated. 3946 -When this option is set to 3947 -.Dq 2,1 3948 -.Nm ssh 3949 -will try version 2 and fall back to version 1 3950 -if version 2 is not available. 3951 -The default is 3952 -.Sq 2 . 3953 -.It Cm ProxyCommand 3954 -Specifies the command to use to connect to the server. 3955 -The command 3956 -string extends to the end of the line, and is executed 3957 -using the user's shell 3958 -.Ql exec 3959 -directive to avoid a lingering shell process. 3960 -.Pp 3961 -In the command string, any occurrence of 3962 -.Ql %h 3963 -will be substituted by the host name to 3964 -connect, 3965 -.Ql %p 3966 -by the port, and 3967 -.Ql %r 3968 -by the remote user name. 3969 -The command can be basically anything, 3970 -and should read from its standard input and write to its standard output. 3971 -It should eventually connect an 3972 -.Xr sshd 8 3973 -server running on some machine, or execute 3974 -.Ic sshd -i 3975 -somewhere. 3976 -Host key management will be done using the 3977 -HostName of the host being connected (defaulting to the name typed by 3978 -the user). 3979 -Setting the command to 3980 -.Dq none 3981 -disables this option entirely. 3982 -Note that 3983 -.Cm CheckHostIP 3984 -is not available for connects with a proxy command. 3985 -.Pp 3986 -This directive is useful in conjunction with 3987 -.Xr nc 1 3988 -and its proxy support. 3989 -For example, the following directive would connect via an HTTP proxy at 3990 -192.0.2.0: 3991 -.Bd -literal -offset 3n 3992 -ProxyCommand /usr/bin/nc -X connect -x 192.0.2.0:8080 %h %p 3993 -.Ed 3994 -.It Cm ProxyUseFdpass 3995 -Specifies that 3996 -.Cm ProxyCommand 3997 -will pass a connected file descriptor back to 3998 -.Xr ssh 1 3999 -instead of continuing to execute and pass data. 4000 -The default is 4001 -.Dq no . 4002 -.It Cm PubkeyAcceptedKeyTypes 4003 -Specifies the key types that will be used for public key authentication 4004 -as a comma-separated pattern list. 4005 -Alternately if the specified value begins with a 4006 -.Sq + 4007 -character, then the key types after it will be appended to the default 4008 -instead of replacing it. 4009 -The default for this option is: 4010 -.Bd -literal -offset 3n 4011 -ecdsa-sha2-nistp256-cert-v01@openssh.com, 4012 -ecdsa-sha2-nistp384-cert-v01@openssh.com, 4013 -ecdsa-sha2-nistp521-cert-v01@openssh.com, 4014 -ssh-ed25519-cert-v01@openssh.com, 4015 -ssh-rsa-cert-v01@openssh.com, 4016 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 4017 -ssh-ed25519,ssh-rsa 4018 -.Ed 4019 -.Pp 4020 -The 4021 -.Fl Q 4022 -option of 4023 -.Xr ssh 1 4024 -may be used to list supported key types. 4025 -.It Cm PubkeyAuthentication 4026 -Specifies whether to try public key authentication. 4027 -The argument to this keyword must be 4028 -.Dq yes 4029 -or 4030 -.Dq no . 4031 -The default is 4032 -.Dq yes . 4033 -This option applies to protocol version 2 only. 4034 -.It Cm RekeyLimit 4035 -Specifies the maximum amount of data that may be transmitted before the 4036 -session key is renegotiated, optionally followed a maximum amount of 4037 -time that may pass before the session key is renegotiated. 4038 -The first argument is specified in bytes and may have a suffix of 4039 -.Sq K , 4040 -.Sq M , 4041 -or 4042 -.Sq G 4043 -to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 4044 -The default is between 4045 -.Sq 1G 4046 -and 4047 -.Sq 4G , 4048 -depending on the cipher. 4049 -The optional second value is specified in seconds and may use any of the 4050 -units documented in the 4051 -TIME FORMATS section of 4052 -.Xr sshd_config 5 . 4053 -The default value for 4054 -.Cm RekeyLimit 4055 -is 4056 -.Dq default none , 4057 -which means that rekeying is performed after the cipher's default amount 4058 -of data has been sent or received and no time based rekeying is done. 4059 -This option applies to protocol version 2 only. 4060 -.It Cm RemoteForward 4061 -Specifies that a TCP port on the remote machine be forwarded over 4062 -the secure channel to the specified host and port from the local machine. 4063 -The first argument must be 4064 -.Sm off 4065 -.Oo Ar bind_address : Oc Ar port 4066 -.Sm on 4067 -and the second argument must be 4068 -.Ar host : Ns Ar hostport . 4069 -IPv6 addresses can be specified by enclosing addresses in square brackets. 4070 -Multiple forwardings may be specified, and additional 4071 -forwardings can be given on the command line. 4072 -Privileged ports can be forwarded only when 4073 -logging in as root on the remote machine. 4074 -.Pp 4075 -If the 4076 -.Ar port 4077 -argument is 4078 -.Ql 0 , 4079 -the listen port will be dynamically allocated on the server and reported 4080 -to the client at run time. 4081 -.Pp 4082 -If the 4083 -.Ar bind_address 4084 -is not specified, the default is to only bind to loopback addresses. 4085 -If the 4086 -.Ar bind_address 4087 -is 4088 -.Ql * 4089 -or an empty string, then the forwarding is requested to listen on all 4090 -interfaces. 4091 -Specifying a remote 4092 -.Ar bind_address 4093 -will only succeed if the server's 4094 -.Cm GatewayPorts 4095 -option is enabled (see 4096 -.Xr sshd_config 5 ) . 4097 -.It Cm RequestTTY 4098 -Specifies whether to request a pseudo-tty for the session. 4099 -The argument may be one of: 4100 -.Dq no 4101 -(never request a TTY), 4102 -.Dq yes 4103 -(always request a TTY when standard input is a TTY), 4104 -.Dq force 4105 -(always request a TTY) or 4106 -.Dq auto 4107 -(request a TTY when opening a login session). 4108 -This option mirrors the 4109 -.Fl t 4110 -and 4111 -.Fl T 4112 -flags for 4113 -.Xr ssh 1 . 4114 -.It Cm RevokedHostKeys 4115 -Specifies revoked host public keys. 4116 -Keys listed in this file will be refused for host authentication. 4117 -Note that if this file does not exist or is not readable, 4118 -then host authentication will be refused for all hosts. 4119 -Keys may be specified as a text file, listing one public key per line, or as 4120 -an OpenSSH Key Revocation List (KRL) as generated by 4121 -.Xr ssh-keygen 1 . 4122 -For more information on KRLs, see the KEY REVOCATION LISTS section in 4123 -.Xr ssh-keygen 1 . 4124 -.It Cm RhostsRSAAuthentication 4125 -Specifies whether to try rhosts based authentication with RSA host 4126 -authentication. 4127 -The argument must be 4128 -.Dq yes 4129 -or 4130 -.Dq no . 4131 -The default is 4132 -.Dq no . 4133 -This option applies to protocol version 1 only and requires 4134 -.Xr ssh 1 4135 -to be setuid root. 4136 -.It Cm RSAAuthentication 4137 -Specifies whether to try RSA authentication. 4138 -The argument to this keyword must be 4139 -.Dq yes 4140 -or 4141 -.Dq no . 4142 -RSA authentication will only be 4143 -attempted if the identity file exists, or an authentication agent is 4144 -running. 4145 -The default is 4146 -.Dq yes . 4147 -Note that this option applies to protocol version 1 only. 4148 -.It Cm SendEnv 4149 -Specifies what variables from the local 4150 -.Xr environ 7 4151 -should be sent to the server. 4152 -Note that environment passing is only supported for protocol 2. 4153 -The server must also support it, and the server must be configured to 4154 -accept these environment variables. 4155 -Note that the 4156 -.Ev TERM 4157 -environment variable is always sent whenever a 4158 -pseudo-terminal is requested as it is required by the protocol. 4159 -Refer to 4160 -.Cm AcceptEnv 4161 -in 4162 -.Xr sshd_config 5 4163 -for how to configure the server. 4164 -Variables are specified by name, which may contain wildcard characters. 4165 -Multiple environment variables may be separated by whitespace or spread 4166 -across multiple 4167 -.Cm SendEnv 4168 -directives. 4169 -The default is not to send any environment variables. 4170 -.Pp 4171 -See 4172 -.Sx PATTERNS 4173 -for more information on patterns. 4174 -.It Cm ServerAliveCountMax 4175 -Sets the number of server alive messages (see below) which may be 4176 -sent without 4177 -.Xr ssh 1 4178 -receiving any messages back from the server. 4179 -If this threshold is reached while server alive messages are being sent, 4180 -ssh will disconnect from the server, terminating the session. 4181 -It is important to note that the use of server alive messages is very 4182 -different from 4183 -.Cm TCPKeepAlive 4184 -(below). 4185 -The server alive messages are sent through the encrypted channel 4186 -and therefore will not be spoofable. 4187 -The TCP keepalive option enabled by 4188 -.Cm TCPKeepAlive 4189 -is spoofable. 4190 -The server alive mechanism is valuable when the client or 4191 -server depend on knowing when a connection has become inactive. 4192 -.Pp 4193 -The default value is 3. 4194 -If, for example, 4195 -.Cm ServerAliveInterval 4196 -(see below) is set to 15 and 4197 -.Cm ServerAliveCountMax 4198 -is left at the default, if the server becomes unresponsive, 4199 -ssh will disconnect after approximately 45 seconds. 4200 -This option applies to protocol version 2 only. 4201 -.It Cm ServerAliveInterval 4202 -Sets a timeout interval in seconds after which if no data has been received 4203 -from the server, 4204 -.Xr ssh 1 4205 -will send a message through the encrypted 4206 -channel to request a response from the server. 4207 -The default 4208 -is 0, indicating that these messages will not be sent to the server. 4209 -This option applies to protocol version 2 only. 4210 -.It Cm StreamLocalBindMask 4211 -Sets the octal file creation mode mask 4212 -.Pq umask 4213 -used when creating a Unix-domain socket file for local or remote 4214 -port forwarding. 4215 -This option is only used for port forwarding to a Unix-domain socket file. 4216 -.Pp 4217 -The default value is 0177, which creates a Unix-domain socket file that is 4218 -readable and writable only by the owner. 4219 -Note that not all operating systems honor the file mode on Unix-domain 4220 -socket files. 4221 -.It Cm StreamLocalBindUnlink 4222 -Specifies whether to remove an existing Unix-domain socket file for local 4223 -or remote port forwarding before creating a new one. 4224 -If the socket file already exists and 4225 -.Cm StreamLocalBindUnlink 4226 -is not enabled, 4227 -.Nm ssh 4228 -will be unable to forward the port to the Unix-domain socket file. 4229 -This option is only used for port forwarding to a Unix-domain socket file. 4230 -.Pp 4231 -The argument must be 4232 -.Dq yes 4233 -or 4234 -.Dq no . 4235 -The default is 4236 -.Dq no . 4237 -.It Cm StrictHostKeyChecking 4238 -If this flag is set to 4239 -.Dq yes , 4240 -.Xr ssh 1 4241 -will never automatically add host keys to the 4242 -.Pa ~/.ssh/known_hosts 4243 -file, and refuses to connect to hosts whose host key has changed. 4244 -This provides maximum protection against trojan horse attacks, 4245 -though it can be annoying when the 4246 -.Pa /etc/ssh/ssh_known_hosts 4247 -file is poorly maintained or when connections to new hosts are 4248 -frequently made. 4249 -This option forces the user to manually 4250 -add all new hosts. 4251 -If this flag is set to 4252 -.Dq no , 4253 -ssh will automatically add new host keys to the 4254 -user known hosts files. 4255 -If this flag is set to 4256 -.Dq ask , 4257 -new host keys 4258 -will be added to the user known host files only after the user 4259 -has confirmed that is what they really want to do, and 4260 -ssh will refuse to connect to hosts whose host key has changed. 4261 -The host keys of 4262 -known hosts will be verified automatically in all cases. 4263 -The argument must be 4264 -.Dq yes , 4265 -.Dq no , 4266 -or 4267 -.Dq ask . 4268 -The default is 4269 -.Dq ask . 4270 -.It Cm TCPKeepAlive 4271 -Specifies whether the system should send TCP keepalive messages to the 4272 -other side. 4273 -If they are sent, death of the connection or crash of one 4274 -of the machines will be properly noticed. 4275 -However, this means that 4276 -connections will die if the route is down temporarily, and some people 4277 -find it annoying. 4278 -.Pp 4279 -The default is 4280 -.Dq yes 4281 -(to send TCP keepalive messages), and the client will notice 4282 -if the network goes down or the remote host dies. 4283 -This is important in scripts, and many users want it too. 4284 -.Pp 4285 -To disable TCP keepalive messages, the value should be set to 4286 -.Dq no . 4287 -.It Cm Tunnel 4288 -Request 4289 -.Xr tun 4 4290 -device forwarding between the client and the server. 4291 -The argument must be 4292 -.Dq yes , 4293 -.Dq point-to-point 4294 -(layer 3), 4295 -.Dq ethernet 4296 -(layer 2), 4297 -or 4298 -.Dq no . 4299 -Specifying 4300 -.Dq yes 4301 -requests the default tunnel mode, which is 4302 -.Dq point-to-point . 4303 -The default is 4304 -.Dq no . 4305 -.It Cm TunnelDevice 4306 -Specifies the 4307 -.Xr tun 4 4308 -devices to open on the client 4309 -.Pq Ar local_tun 4310 -and the server 4311 -.Pq Ar remote_tun . 4312 -.Pp 4313 -The argument must be 4314 -.Sm off 4315 -.Ar local_tun Op : Ar remote_tun . 4316 -.Sm on 4317 -The devices may be specified by numerical ID or the keyword 4318 -.Dq any , 4319 -which uses the next available tunnel device. 4320 -If 4321 -.Ar remote_tun 4322 -is not specified, it defaults to 4323 -.Dq any . 4324 -The default is 4325 -.Dq any:any . 4326 -.It Cm UpdateHostKeys 4327 -Specifies whether 4328 -.Xr ssh 1 4329 -should accept notifications of additional hostkeys from the server sent 4330 -after authentication has completed and add them to 4331 -.Cm UserKnownHostsFile . 4332 -The argument must be 4333 -.Dq yes , 4334 -.Dq no 4335 -(the default) or 4336 -.Dq ask . 4337 -Enabling this option allows learning alternate hostkeys for a server 4338 -and supports graceful key rotation by allowing a server to send replacement 4339 -public keys before old ones are removed. 4340 -Additional hostkeys are only accepted if the key used to authenticate the 4341 -host was already trusted or explicity accepted by the user. 4342 -If 4343 -.Cm UpdateHostKeys 4344 -is set to 4345 -.Dq ask , 4346 -then the user is asked to confirm the modifications to the known_hosts file. 4347 -Confirmation is currently incompatible with 4348 -.Cm ControlPersist , 4349 -and will be disabled if it is enabled. 4350 -.Pp 4351 -Presently, only 4352 -.Xr sshd 8 4353 -from OpenSSH 6.8 and greater support the 4354 -.Dq hostkeys@openssh.com 4355 -protocol extension used to inform the client of all the server's hostkeys. 4356 -.It Cm UsePrivilegedPort 4357 -Specifies whether to use a privileged port for outgoing connections. 4358 -The argument must be 4359 -.Dq yes 4360 -or 4361 -.Dq no . 4362 -The default is 4363 -.Dq no . 4364 -If set to 4365 -.Dq yes , 4366 -.Xr ssh 1 4367 -must be setuid root. 4368 -Note that this option must be set to 4369 -.Dq yes 4370 -for 4371 -.Cm RhostsRSAAuthentication 4372 -with older servers. 4373 -.It Cm User 4374 -Specifies the user to log in as. 4375 -This can be useful when a different user name is used on different machines. 4376 -This saves the trouble of 4377 -having to remember to give the user name on the command line. 4378 -.It Cm UserKnownHostsFile 4379 -Specifies one or more files to use for the user 4380 -host key database, separated by whitespace. 4381 -The default is 4382 -.Pa ~/.ssh/known_hosts , 4383 -.Pa ~/.ssh/known_hosts2 . 4384 -.It Cm VerifyHostKeyDNS 4385 -Specifies whether to verify the remote key using DNS and SSHFP resource 4386 -records. 4387 -If this option is set to 4388 -.Dq yes , 4389 -the client will implicitly trust keys that match a secure fingerprint 4390 -from DNS. 4391 -Insecure fingerprints will be handled as if this option was set to 4392 -.Dq ask . 4393 -If this option is set to 4394 -.Dq ask , 4395 -information on fingerprint match will be displayed, but the user will still 4396 -need to confirm new host keys according to the 4397 -.Cm StrictHostKeyChecking 4398 -option. 4399 -The argument must be 4400 -.Dq yes , 4401 -.Dq no , 4402 -or 4403 -.Dq ask . 4404 -The default is 4405 -.Dq no . 4406 -Note that this option applies to protocol version 2 only. 4407 -.Pp 4408 -See also VERIFYING HOST KEYS in 4409 -.Xr ssh 1 . 4410 -.It Cm VisualHostKey 4411 -If this flag is set to 4412 -.Dq yes , 4413 -an ASCII art representation of the remote host key fingerprint is 4414 -printed in addition to the fingerprint string at login and 4415 -for unknown host keys. 4416 -If this flag is set to 4417 -.Dq no , 4418 -no fingerprint strings are printed at login and 4419 -only the fingerprint string will be printed for unknown host keys. 4420 -The default is 4421 -.Dq no . 4422 -.It Cm XAuthLocation 4423 -Specifies the full pathname of the 4424 -.Xr xauth 1 4425 -program. 4426 -The default is 4427 -.Pa /usr/X11R6/bin/xauth . 4428 -.El 4429 -.Sh PATTERNS 4430 -A 4431 -.Em pattern 4432 -consists of zero or more non-whitespace characters, 4433 -.Sq * 4434 -(a wildcard that matches zero or more characters), 4435 -or 4436 -.Sq ?\& 4437 -(a wildcard that matches exactly one character). 4438 -For example, to specify a set of declarations for any host in the 4439 -.Dq .co.uk 4440 -set of domains, 4441 -the following pattern could be used: 4442 -.Pp 4443 -.Dl Host *.co.uk 4444 -.Pp 4445 -The following pattern 4446 -would match any host in the 192.168.0.[0-9] network range: 4447 -.Pp 4448 -.Dl Host 192.168.0.? 4449 -.Pp 4450 -A 4451 -.Em pattern-list 4452 -is a comma-separated list of patterns. 4453 -Patterns within pattern-lists may be negated 4454 -by preceding them with an exclamation mark 4455 -.Pq Sq !\& . 4456 -For example, 4457 -to allow a key to be used from anywhere within an organization 4458 -except from the 4459 -.Dq dialup 4460 -pool, 4461 -the following entry (in authorized_keys) could be used: 4462 -.Pp 4463 -.Dl from=\&"!*.dialup.example.com,*.example.com\&" 4464 -.Sh FILES 4465 -.Bl -tag -width Ds 4466 -.It Pa ~/.ssh/config 4467 -This is the per-user configuration file. 4468 -The format of this file is described above. 4469 -This file is used by the SSH client. 4470 -Because of the potential for abuse, this file must have strict permissions: 4471 -read/write for the user, and not accessible by others. 4472 -.It Pa /etc/ssh/ssh_config 4473 -Systemwide configuration file. 4474 -This file provides defaults for those 4475 -values that are not specified in the user's configuration file, and 4476 -for those users who do not have a configuration file. 4477 -This file must be world-readable. 4478 -.El 4479 -.Sh SEE ALSO 4480 -.Xr ssh 1 4481 -.Sh AUTHORS 4482 -OpenSSH is a derivative of the original and free 4483 -ssh 1.2.12 release by Tatu Ylonen. 4484 -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 4485 -Theo de Raadt and Dug Song 4486 -removed many bugs, re-added newer features and 4487 -created OpenSSH. 4488 -Markus Friedl contributed the support for SSH 4489 -protocol versions 1.5 and 2.0. 4490 diff --git a/sshd.1m b/sshd.1m 4491 new file mode 100644 4492 index 0000000..ada4f25 4493 --- /dev/null 4494 +++ b/sshd.1m 4495 @@ -0,0 +1,971 @@ 4496 +.\" 4497 +.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 4498 +.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4499 +.\" All rights reserved 4500 +.\" 4501 +.\" As far as I am concerned, the code I have written for this software 4502 +.\" can be used freely for any purpose. Any derived versions of this 4503 +.\" software must be clearly marked as such, and if the derived work is 4504 +.\" incompatible with the protocol description in the RFC file, it must be 4505 +.\" called by a name other than "ssh" or "Secure Shell". 4506 +.\" 4507 +.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 4508 +.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 4509 +.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 4510 +.\" 4511 +.\" Redistribution and use in source and binary forms, with or without 4512 +.\" modification, are permitted provided that the following conditions 4513 +.\" are met: 4514 +.\" 1. Redistributions of source code must retain the above copyright 4515 +.\" notice, this list of conditions and the following disclaimer. 4516 +.\" 2. Redistributions in binary form must reproduce the above copyright 4517 +.\" notice, this list of conditions and the following disclaimer in the 4518 +.\" documentation and/or other materials provided with the distribution. 4519 +.\" 4520 +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 4521 +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 4522 +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 4523 +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 4524 +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4525 +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 4526 +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 4527 +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 4528 +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 4529 +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 4530 +.\" 4531 +.\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $ 4532 +.Dd $Mdocdate: July 3 2015 $ 4533 +.Dt SSHD 1M 4534 +.Os 4535 +.Sh NAME 4536 +.Nm sshd 4537 +.Nd OpenSSH SSH daemon 4538 +.Sh SYNOPSIS 4539 +.Nm sshd 4540 +.Bk -words 4541 +.Op Fl 46DdeiqTt 4542 +.Op Fl b Ar bits 4543 +.Op Fl C Ar connection_spec 4544 +.Op Fl c Ar host_certificate_file 4545 +.Op Fl E Ar log_file 4546 +.Op Fl f Ar config_file 4547 +.Op Fl g Ar login_grace_time 4548 +.Op Fl h Ar host_key_file 4549 +.Op Fl k Ar key_gen_time 4550 +.Op Fl o Ar option 4551 +.Op Fl p Ar port 4552 +.Op Fl u Ar len 4553 +.Ek 4554 +.Sh DESCRIPTION 4555 +.Nm 4556 +(OpenSSH Daemon) is the daemon program for 4557 +.Xr ssh 1 . 4558 +Together these programs replace rlogin and rsh, 4559 +and provide secure encrypted communications between two untrusted hosts 4560 +over an insecure network. 4561 +.Pp 4562 +.Nm 4563 +listens for connections from clients. 4564 +It is normally started at boot by 4565 +.Xr smf 5 . 4566 +It forks a new 4567 +daemon for each incoming connection. 4568 +The forked daemons handle 4569 +key exchange, encryption, authentication, command execution, 4570 +and data exchange. 4571 +.Pp 4572 +.Nm 4573 +can be configured using command-line options or a configuration file 4574 +(by default 4575 +.Xr sshd_config 4 ) ; 4576 +command-line options override values specified in the 4577 +configuration file. 4578 +.Nm 4579 +rereads its configuration file when it receives a hangup signal, 4580 +.Dv SIGHUP , 4581 +by executing itself with the name and options it was started with, e.g.\& 4582 +.Pa /usr/sbin/sshd . 4583 +.Pp 4584 +The options are as follows: 4585 +.Bl -tag -width Ds 4586 +.It Fl 4 4587 +Forces 4588 +.Nm 4589 +to use IPv4 addresses only. 4590 +.It Fl 6 4591 +Forces 4592 +.Nm 4593 +to use IPv6 addresses only. 4594 +.It Fl b Ar bits 4595 +Specifies the number of bits in the ephemeral protocol version 1 4596 +server key (default 1024). 4597 +.It Fl C Ar connection_spec 4598 +Specify the connection parameters to use for the 4599 +.Fl T 4600 +extended test mode. 4601 +If provided, any 4602 +.Cm Match 4603 +directives in the configuration file 4604 +that would apply to the specified user, host, and address will be set before 4605 +the configuration is written to standard output. 4606 +The connection parameters are supplied as keyword=value pairs. 4607 +The keywords are 4608 +.Dq user , 4609 +.Dq host , 4610 +.Dq laddr , 4611 +.Dq lport , 4612 +and 4613 +.Dq addr . 4614 +All are required and may be supplied in any order, either with multiple 4615 +.Fl C 4616 +options or as a comma-separated list. 4617 +.It Fl c Ar host_certificate_file 4618 +Specifies a path to a certificate file to identify 4619 +.Nm 4620 +during key exchange. 4621 +The certificate file must match a host key file specified using the 4622 +.Fl h 4623 +option or the 4624 +.Cm HostKey 4625 +configuration directive. 4626 +.It Fl D 4627 +When this option is specified, 4628 +.Nm 4629 +will not detach and does not become a daemon. 4630 +This allows easy monitoring of 4631 +.Nm sshd . 4632 +.It Fl d 4633 +Debug mode. 4634 +The server sends verbose debug output to standard error, 4635 +and does not put itself in the background. 4636 +The server also will not fork and will only process one connection. 4637 +This option is only intended for debugging for the server. 4638 +Multiple 4639 +.Fl d 4640 +options increase the debugging level. 4641 +Maximum is 3. 4642 +.It Fl E Ar log_file 4643 +Append debug logs to 4644 +.Ar log_file 4645 +instead of the system log. 4646 +.It Fl e 4647 +Write debug logs to standard error instead of the system log. 4648 +.It Fl f Ar config_file 4649 +Specifies the name of the configuration file. 4650 +The default is 4651 +.Pa /etc/ssh/sshd_config . 4652 +.Nm 4653 +refuses to start if there is no configuration file. 4654 +.It Fl g Ar login_grace_time 4655 +Gives the grace time for clients to authenticate themselves (default 4656 +120 seconds). 4657 +If the client fails to authenticate the user within 4658 +this many seconds, the server disconnects and exits. 4659 +A value of zero indicates no limit. 4660 +.It Fl h Ar host_key_file 4661 +Specifies a file from which a host key is read. 4662 +This option must be given if 4663 +.Nm 4664 +is not run as root (as the normal 4665 +host key files are normally not readable by anyone but root). 4666 +The default is 4667 +.Pa /etc/ssh/ssh_host_key 4668 +for protocol version 1, and 4669 +.Pa /etc/ssh/ssh_host_dsa_key , 4670 +.Pa /etc/ssh/ssh_host_ecdsa_key . 4671 +.Pa /etc/ssh/ssh_host_ed25519_key 4672 +and 4673 +.Pa /etc/ssh/ssh_host_rsa_key 4674 +for protocol version 2. 4675 +It is possible to have multiple host key files for 4676 +the different protocol versions and host key algorithms. 4677 +.It Fl i 4678 +Specifies that 4679 +.Nm 4680 +is being run from 4681 +.Xr inetd 8 . 4682 +If SSH protocol 1 is enabled, 4683 +.Nm 4684 +should not normally be run 4685 +from inetd because it needs to generate the server key before it can 4686 +respond to the client, and this may take some time. 4687 +Clients may have to wait too long if the key was regenerated every time. 4688 +.It Fl k Ar key_gen_time 4689 +Specifies how often the ephemeral protocol version 1 server key is 4690 +regenerated (default 3600 seconds, or one hour). 4691 +The motivation for regenerating the key fairly 4692 +often is that the key is not stored anywhere, and after about an hour 4693 +it becomes impossible to recover the key for decrypting intercepted 4694 +communications even if the machine is cracked into or physically 4695 +seized. 4696 +A value of zero indicates that the key will never be regenerated. 4697 +.It Fl o Ar option 4698 +Can be used to give options in the format used in the configuration file. 4699 +This is useful for specifying options for which there is no separate 4700 +command-line flag. 4701 +For full details of the options, and their values, see 4702 +.Xr sshd_config 4 . 4703 +.It Fl p Ar port 4704 +Specifies the port on which the server listens for connections 4705 +(default 22). 4706 +Multiple port options are permitted. 4707 +Ports specified in the configuration file with the 4708 +.Cm Port 4709 +option are ignored when a command-line port is specified. 4710 +Ports specified using the 4711 +.Cm ListenAddress 4712 +option override command-line ports. 4713 +.It Fl q 4714 +Quiet mode. 4715 +Nothing is sent to the system log. 4716 +Normally the beginning, 4717 +authentication, and termination of each connection is logged. 4718 +.It Fl T 4719 +Extended test mode. 4720 +Check the validity of the configuration file, output the effective configuration 4721 +to stdout and then exit. 4722 +Optionally, 4723 +.Cm Match 4724 +rules may be applied by specifying the connection parameters using one or more 4725 +.Fl C 4726 +options. 4727 +.It Fl t 4728 +Test mode. 4729 +Only check the validity of the configuration file and sanity of the keys. 4730 +This is useful for updating 4731 +.Nm 4732 +reliably as configuration options may change. 4733 +.It Fl u Ar len 4734 +This option is used to specify the size of the field 4735 +in the 4736 +.Li utmp 4737 +structure that holds the remote host name. 4738 +If the resolved host name is longer than 4739 +.Ar len , 4740 +the dotted decimal value will be used instead. 4741 +This allows hosts with very long host names that 4742 +overflow this field to still be uniquely identified. 4743 +Specifying 4744 +.Fl u0 4745 +indicates that only dotted decimal addresses 4746 +should be put into the 4747 +.Pa utmp 4748 +file. 4749 +.Fl u0 4750 +may also be used to prevent 4751 +.Nm 4752 +from making DNS requests unless the authentication 4753 +mechanism or configuration requires it. 4754 +Authentication mechanisms that may require DNS include 4755 +.Cm RhostsRSAAuthentication , 4756 +.Cm HostbasedAuthentication , 4757 +and using a 4758 +.Cm from="pattern-list" 4759 +option in a key file. 4760 +Configuration options that require DNS include using a 4761 +USER@HOST pattern in 4762 +.Cm AllowUsers 4763 +or 4764 +.Cm DenyUsers . 4765 +.El 4766 +.Sh AUTHENTICATION 4767 +The OpenSSH SSH daemon supports SSH protocols 1 and 2. 4768 +The default is to use protocol 2 only, 4769 +though this can be changed via the 4770 +.Cm Protocol 4771 +option in 4772 +.Xr sshd_config 4 . 4773 +Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys; 4774 +protocol 1 only supports RSA keys. 4775 +For both protocols, 4776 +each host has a host-specific key, 4777 +normally 2048 bits, 4778 +used to identify the host. 4779 +.Pp 4780 +Forward security for protocol 1 is provided through 4781 +an additional server key, 4782 +normally 1024 bits, 4783 +generated when the server starts. 4784 +This key is normally regenerated every hour if it has been used, and 4785 +is never stored on disk. 4786 +Whenever a client connects, the daemon responds with its public 4787 +host and server keys. 4788 +The client compares the 4789 +RSA host key against its own database to verify that it has not changed. 4790 +The client then generates a 256-bit random number. 4791 +It encrypts this 4792 +random number using both the host key and the server key, and sends 4793 +the encrypted number to the server. 4794 +Both sides then use this 4795 +random number as a session key which is used to encrypt all further 4796 +communications in the session. 4797 +The rest of the session is encrypted 4798 +using a conventional cipher, currently Blowfish or 3DES, with 3DES 4799 +being used by default. 4800 +The client selects the encryption algorithm 4801 +to use from those offered by the server. 4802 +.Pp 4803 +For protocol 2, 4804 +forward security is provided through a Diffie-Hellman key agreement. 4805 +This key agreement results in a shared session key. 4806 +The rest of the session is encrypted using a symmetric cipher, currently 4807 +128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. 4808 +The client selects the encryption algorithm 4809 +to use from those offered by the server. 4810 +Additionally, session integrity is provided 4811 +through a cryptographic message authentication code 4812 +(hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160, 4813 +hmac-sha2-256 or hmac-sha2-512). 4814 +.Pp 4815 +Finally, the server and the client enter an authentication dialog. 4816 +The client tries to authenticate itself using 4817 +host-based authentication, 4818 +public key authentication, 4819 +challenge-response authentication, 4820 +or password authentication. 4821 +.Pp 4822 +Regardless of the authentication type, the account is checked to 4823 +ensure that it is accessible. An account is not accessible if it is 4824 +locked, listed in 4825 +.Cm DenyUsers 4826 +or its group is listed in 4827 +.Cm DenyGroups 4828 +\&. The definition of a locked account is system dependant. Some platforms 4829 +have their own account database (eg AIX) and some modify the passwd field ( 4830 +.Ql \&*LK\&* 4831 +on Solaris and UnixWare, 4832 +.Ql \&* 4833 +on HP-UX, containing 4834 +.Ql Nologin 4835 +on Tru64, 4836 +a leading 4837 +.Ql \&*LOCKED\&* 4838 +on FreeBSD and a leading 4839 +.Ql \&! 4840 +on most Linuxes). 4841 +If there is a requirement to disable password authentication 4842 +for the account while allowing still public-key, then the passwd field 4843 +should be set to something other than these values (eg 4844 +.Ql NP 4845 +or 4846 +.Ql \&*NP\&* 4847 +). 4848 +.Pp 4849 +If the client successfully authenticates itself, a dialog for 4850 +preparing the session is entered. 4851 +At this time the client may request 4852 +things like allocating a pseudo-tty, forwarding X11 connections, 4853 +forwarding TCP connections, or forwarding the authentication agent 4854 +connection over the secure channel. 4855 +.Pp 4856 +After this, the client either requests a shell or execution of a command. 4857 +The sides then enter session mode. 4858 +In this mode, either side may send 4859 +data at any time, and such data is forwarded to/from the shell or 4860 +command on the server side, and the user terminal in the client side. 4861 +.Pp 4862 +When the user program terminates and all forwarded X11 and other 4863 +connections have been closed, the server sends command exit status to 4864 +the client, and both sides exit. 4865 +.Sh LOGIN PROCESS 4866 +When a user successfully logs in, 4867 +.Nm 4868 +does the following: 4869 +.Bl -enum -offset indent 4870 +.It 4871 +If the login is on a tty, and no command has been specified, 4872 +prints last login time and 4873 +.Pa /etc/motd 4874 +(unless prevented in the configuration file or by 4875 +.Pa ~/.hushlogin ; 4876 +see the 4877 +.Sx FILES 4878 +section). 4879 +.It 4880 +If the login is on a tty, records login time. 4881 +.It 4882 +Checks 4883 +.Pa /etc/nologin ; 4884 +if it exists, prints contents and quits 4885 +(unless root). 4886 +.It 4887 +Changes to run with normal user privileges. 4888 +.It 4889 +Sets up basic environment. 4890 +.It 4891 +Reads the file 4892 +.Pa ~/.ssh/environment , 4893 +if it exists, and users are allowed to change their environment. 4894 +See the 4895 +.Cm PermitUserEnvironment 4896 +option in 4897 +.Xr sshd_config 4 . 4898 +.It 4899 +Changes to user's home directory. 4900 +.It 4901 +If 4902 +.Pa ~/.ssh/rc 4903 +exists and the 4904 +.Xr sshd_config 5 4905 +.Cm PermitUserRC 4906 +option is set, runs it; else if 4907 +.Pa /etc/ssh/sshrc 4908 +exists, runs 4909 +it; otherwise runs xauth. 4910 +The 4911 +.Dq rc 4912 +files are given the X11 4913 +authentication protocol and cookie in standard input. 4914 +See 4915 +.Sx SSHRC , 4916 +below. 4917 +.It 4918 +Runs user's shell or command. 4919 +All commands are run under the user's login shell as specified in the 4920 +system password database. 4921 +.El 4922 +.Sh SSHRC 4923 +If the file 4924 +.Pa ~/.ssh/rc 4925 +exists, 4926 +.Xr sh 1 4927 +runs it after reading the 4928 +environment files but before starting the user's shell or command. 4929 +It must not produce any output on stdout; stderr must be used 4930 +instead. 4931 +If X11 forwarding is in use, it will receive the "proto cookie" pair in 4932 +its standard input (and 4933 +.Ev DISPLAY 4934 +in its environment). 4935 +The script must call 4936 +.Xr xauth 1 4937 +because 4938 +.Nm 4939 +will not run xauth automatically to add X11 cookies. 4940 +.Pp 4941 +The primary purpose of this file is to run any initialization routines 4942 +which may be needed before the user's home directory becomes 4943 +accessible; AFS is a particular example of such an environment. 4944 +.Pp 4945 +This file will probably contain some initialization code followed by 4946 +something similar to: 4947 +.Bd -literal -offset 3n 4948 +if read proto cookie && [ -n "$DISPLAY" ]; then 4949 + if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then 4950 + # X11UseLocalhost=yes 4951 + echo add unix:`echo $DISPLAY | 4952 + cut -c11-` $proto $cookie 4953 + else 4954 + # X11UseLocalhost=no 4955 + echo add $DISPLAY $proto $cookie 4956 + fi | xauth -q - 4957 +fi 4958 +.Ed 4959 +.Pp 4960 +If this file does not exist, 4961 +.Pa /etc/ssh/sshrc 4962 +is run, and if that 4963 +does not exist either, xauth is used to add the cookie. 4964 +.Sh AUTHORIZED_KEYS FILE FORMAT 4965 +.Cm AuthorizedKeysFile 4966 +specifies the files containing public keys for 4967 +public key authentication; 4968 +if none is specified, the default is 4969 +.Pa ~/.ssh/authorized_keys 4970 +and 4971 +.Pa ~/.ssh/authorized_keys2 . 4972 +Each line of the file contains one 4973 +key (empty lines and lines starting with a 4974 +.Ql # 4975 +are ignored as 4976 +comments). 4977 +Protocol 1 public keys consist of the following space-separated fields: 4978 +options, bits, exponent, modulus, comment. 4979 +Protocol 2 public key consist of: 4980 +options, keytype, base64-encoded key, comment. 4981 +The options field is optional; 4982 +its presence is determined by whether the line starts 4983 +with a number or not (the options field never starts with a number). 4984 +The bits, exponent, modulus, and comment fields give the RSA key for 4985 +protocol version 1; the 4986 +comment field is not used for anything (but may be convenient for the 4987 +user to identify the key). 4988 +For protocol version 2 the keytype is 4989 +.Dq ecdsa-sha2-nistp256 , 4990 +.Dq ecdsa-sha2-nistp384 , 4991 +.Dq ecdsa-sha2-nistp521 , 4992 +.Dq ssh-ed25519 , 4993 +.Dq ssh-dss 4994 +or 4995 +.Dq ssh-rsa . 4996 +.Pp 4997 +Note that lines in this file are usually several hundred bytes long 4998 +(because of the size of the public key encoding) up to a limit of 4999 +8 kilobytes, which permits DSA keys up to 8 kilobits and RSA 5000 +keys up to 16 kilobits. 5001 +You don't want to type them in; instead, copy the 5002 +.Pa identity.pub , 5003 +.Pa id_dsa.pub , 5004 +.Pa id_ecdsa.pub , 5005 +.Pa id_ed25519.pub , 5006 +or the 5007 +.Pa id_rsa.pub 5008 +file and edit it. 5009 +.Pp 5010 +.Nm 5011 +enforces a minimum RSA key modulus size for protocol 1 5012 +and protocol 2 keys of 768 bits. 5013 +.Pp 5014 +The options (if present) consist of comma-separated option 5015 +specifications. 5016 +No spaces are permitted, except within double quotes. 5017 +The following option specifications are supported (note 5018 +that option keywords are case-insensitive): 5019 +.Bl -tag -width Ds 5020 +.It Cm cert-authority 5021 +Specifies that the listed key is a certification authority (CA) that is 5022 +trusted to validate signed certificates for user authentication. 5023 +.Pp 5024 +Certificates may encode access restrictions similar to these key options. 5025 +If both certificate restrictions and key options are present, the most 5026 +restrictive union of the two is applied. 5027 +.It Cm command="command" 5028 +Specifies that the command is executed whenever this key is used for 5029 +authentication. 5030 +The command supplied by the user (if any) is ignored. 5031 +The command is run on a pty if the client requests a pty; 5032 +otherwise it is run without a tty. 5033 +If an 8-bit clean channel is required, 5034 +one must not request a pty or should specify 5035 +.Cm no-pty . 5036 +A quote may be included in the command by quoting it with a backslash. 5037 +This option might be useful 5038 +to restrict certain public keys to perform just a specific operation. 5039 +An example might be a key that permits remote backups but nothing else. 5040 +Note that the client may specify TCP and/or X11 5041 +forwarding unless they are explicitly prohibited. 5042 +The command originally supplied by the client is available in the 5043 +.Ev SSH_ORIGINAL_COMMAND 5044 +environment variable. 5045 +Note that this option applies to shell, command or subsystem execution. 5046 +Also note that this command may be superseded by either a 5047 +.Xr sshd_config 4 5048 +.Cm ForceCommand 5049 +directive or a command embedded in a certificate. 5050 +.It Cm environment="NAME=value" 5051 +Specifies that the string is to be added to the environment when 5052 +logging in using this key. 5053 +Environment variables set this way 5054 +override other default environment values. 5055 +Multiple options of this type are permitted. 5056 +Environment processing is disabled by default and is 5057 +controlled via the 5058 +.Cm PermitUserEnvironment 5059 +option. 5060 +This option is automatically disabled if 5061 +.Cm UseLogin 5062 +is enabled. 5063 +.It Cm from="pattern-list" 5064 +Specifies that in addition to public key authentication, either the canonical 5065 +name of the remote host or its IP address must be present in the 5066 +comma-separated list of patterns. 5067 +See PATTERNS in 5068 +.Xr ssh_config 4 5069 +for more information on patterns. 5070 +.Pp 5071 +In addition to the wildcard matching that may be applied to hostnames or 5072 +addresses, a 5073 +.Cm from 5074 +stanza may match IP addresses using CIDR address/masklen notation. 5075 +.Pp 5076 +The purpose of this option is to optionally increase security: public key 5077 +authentication by itself does not trust the network or name servers or 5078 +anything (but the key); however, if somebody somehow steals the key, the key 5079 +permits an intruder to log in from anywhere in the world. 5080 +This additional option makes using a stolen key more difficult (name 5081 +servers and/or routers would have to be compromised in addition to 5082 +just the key). 5083 +.It Cm no-agent-forwarding 5084 +Forbids authentication agent forwarding when this key is used for 5085 +authentication. 5086 +.It Cm no-port-forwarding 5087 +Forbids TCP forwarding when this key is used for authentication. 5088 +Any port forward requests by the client will return an error. 5089 +This might be used, e.g. in connection with the 5090 +.Cm command 5091 +option. 5092 +.It Cm no-pty 5093 +Prevents tty allocation (a request to allocate a pty will fail). 5094 +.It Cm no-user-rc 5095 +Disables execution of 5096 +.Pa ~/.ssh/rc . 5097 +.It Cm no-X11-forwarding 5098 +Forbids X11 forwarding when this key is used for authentication. 5099 +Any X11 forward requests by the client will return an error. 5100 +.It Cm permitopen="host:port" 5101 +Limit local port forwarding with 5102 +.Xr ssh 1 5103 +.Fl L 5104 +such that it may only connect to the specified host and port. 5105 +IPv6 addresses can be specified by enclosing the address in square brackets. 5106 +Multiple 5107 +.Cm permitopen 5108 +options may be applied separated by commas. 5109 +No pattern matching is performed on the specified hostnames, 5110 +they must be literal domains or addresses. 5111 +A port specification of 5112 +.Cm * 5113 +matches any port. 5114 +.It Cm principals="principals" 5115 +On a 5116 +.Cm cert-authority 5117 +line, specifies allowed principals for certificate authentication as a 5118 +comma-separated list. 5119 +At least one name from the list must appear in the certificate's 5120 +list of principals for the certificate to be accepted. 5121 +This option is ignored for keys that are not marked as trusted certificate 5122 +signers using the 5123 +.Cm cert-authority 5124 +option. 5125 +.It Cm tunnel="n" 5126 +Force a 5127 +.Xr tun 4 5128 +device on the server. 5129 +Without this option, the next available device will be used if 5130 +the client requests a tunnel. 5131 +.El 5132 +.Pp 5133 +An example authorized_keys file: 5134 +.Bd -literal -offset 3n 5135 +# Comments allowed at start of line 5136 +ssh-rsa AAAAB3Nza...LiPk== user@example.net 5137 +from="*.sales.example.net,!pc.sales.example.net" ssh-rsa 5138 +AAAAB2...19Q== john@example.net 5139 +command="dump /home",no-pty,no-port-forwarding ssh-dss 5140 +AAAAC3...51R== example.net 5141 +permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss 5142 +AAAAB5...21S== 5143 +tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== 5144 +jane@example.net 5145 +.Ed 5146 +.Sh SSH_KNOWN_HOSTS FILE FORMAT 5147 +The 5148 +.Pa /etc/ssh/ssh_known_hosts 5149 +and 5150 +.Pa ~/.ssh/known_hosts 5151 +files contain host public keys for all known hosts. 5152 +The global file should 5153 +be prepared by the administrator (optional), and the per-user file is 5154 +maintained automatically: whenever the user connects from an unknown host, 5155 +its key is added to the per-user file. 5156 +.Pp 5157 +Each line in these files contains the following fields: markers (optional), 5158 +hostnames, bits, exponent, modulus, comment. 5159 +The fields are separated by spaces. 5160 +.Pp 5161 +The marker is optional, but if it is present then it must be one of 5162 +.Dq @cert-authority , 5163 +to indicate that the line contains a certification authority (CA) key, 5164 +or 5165 +.Dq @revoked , 5166 +to indicate that the key contained on the line is revoked and must not ever 5167 +be accepted. 5168 +Only one marker should be used on a key line. 5169 +.Pp 5170 +Hostnames is a comma-separated list of patterns 5171 +.Pf ( Ql * 5172 +and 5173 +.Ql \&? 5174 +act as 5175 +wildcards); each pattern in turn is matched against the canonical host 5176 +name (when authenticating a client) or against the user-supplied 5177 +name (when authenticating a server). 5178 +A pattern may also be preceded by 5179 +.Ql \&! 5180 +to indicate negation: if the host name matches a negated 5181 +pattern, it is not accepted (by that line) even if it matched another 5182 +pattern on the line. 5183 +A hostname or address may optionally be enclosed within 5184 +.Ql \&[ 5185 +and 5186 +.Ql \&] 5187 +brackets then followed by 5188 +.Ql \&: 5189 +and a non-standard port number. 5190 +.Pp 5191 +Alternately, hostnames may be stored in a hashed form which hides host names 5192 +and addresses should the file's contents be disclosed. 5193 +Hashed hostnames start with a 5194 +.Ql | 5195 +character. 5196 +Only one hashed hostname may appear on a single line and none of the above 5197 +negation or wildcard operators may be applied. 5198 +.Pp 5199 +Bits, exponent, and modulus are taken directly from the RSA host key; they 5200 +can be obtained, for example, from 5201 +.Pa /etc/ssh/ssh_host_key.pub . 5202 +The optional comment field continues to the end of the line, and is not used. 5203 +.Pp 5204 +Lines starting with 5205 +.Ql # 5206 +and empty lines are ignored as comments. 5207 +.Pp 5208 +When performing host authentication, authentication is accepted if any 5209 +matching line has the proper key; either one that matches exactly or, 5210 +if the server has presented a certificate for authentication, the key 5211 +of the certification authority that signed the certificate. 5212 +For a key to be trusted as a certification authority, it must use the 5213 +.Dq @cert-authority 5214 +marker described above. 5215 +.Pp 5216 +The known hosts file also provides a facility to mark keys as revoked, 5217 +for example when it is known that the associated private key has been 5218 +stolen. 5219 +Revoked keys are specified by including the 5220 +.Dq @revoked 5221 +marker at the beginning of the key line, and are never accepted for 5222 +authentication or as certification authorities, but instead will 5223 +produce a warning from 5224 +.Xr ssh 1 5225 +when they are encountered. 5226 +.Pp 5227 +It is permissible (but not 5228 +recommended) to have several lines or different host keys for the same 5229 +names. 5230 +This will inevitably happen when short forms of host names 5231 +from different domains are put in the file. 5232 +It is possible 5233 +that the files contain conflicting information; authentication is 5234 +accepted if valid information can be found from either file. 5235 +.Pp 5236 +Note that the lines in these files are typically hundreds of characters 5237 +long, and you definitely don't want to type in the host keys by hand. 5238 +Rather, generate them by a script, 5239 +.Xr ssh-keyscan 1 5240 +or by taking 5241 +.Pa /etc/ssh/ssh_host_key.pub 5242 +and adding the host names at the front. 5243 +.Xr ssh-keygen 1 5244 +also offers some basic automated editing for 5245 +.Pa ~/.ssh/known_hosts 5246 +including removing hosts matching a host name and converting all host 5247 +names to their hashed representations. 5248 +.Pp 5249 +An example ssh_known_hosts file: 5250 +.Bd -literal -offset 3n 5251 +# Comments allowed at start of line 5252 +closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net 5253 +cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= 5254 +# A hashed hostname 5255 +|1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa 5256 +AAAA1234.....= 5257 +# A revoked key 5258 +@revoked * ssh-rsa AAAAB5W... 5259 +# A CA key, accepted for any host in *.mydomain.com or *.mydomain.org 5260 +@cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... 5261 +.Ed 5262 +.Sh FILES 5263 +.Bl -tag -width Ds -compact 5264 +.It Pa ~/.hushlogin 5265 +This file is used to suppress printing the last login time and 5266 +.Pa /etc/motd , 5267 +if 5268 +.Cm PrintLastLog 5269 +and 5270 +.Cm PrintMotd , 5271 +respectively, 5272 +are enabled. 5273 +It does not suppress printing of the banner specified by 5274 +.Cm Banner . 5275 +.Pp 5276 +.It Pa ~/.rhosts 5277 +This file is used for host-based authentication (see 5278 +.Xr ssh 1 5279 +for more information). 5280 +On some machines this file may need to be 5281 +world-readable if the user's home directory is on an NFS partition, 5282 +because 5283 +.Nm 5284 +reads it as root. 5285 +Additionally, this file must be owned by the user, 5286 +and must not have write permissions for anyone else. 5287 +The recommended 5288 +permission for most machines is read/write for the user, and not 5289 +accessible by others. 5290 +.Pp 5291 +.It Pa ~/.shosts 5292 +This file is used in exactly the same way as 5293 +.Pa .rhosts , 5294 +but allows host-based authentication without permitting login with 5295 +rlogin/rsh. 5296 +.Pp 5297 +.It Pa ~/.ssh/ 5298 +This directory is the default location for all user-specific configuration 5299 +and authentication information. 5300 +There is no general requirement to keep the entire contents of this directory 5301 +secret, but the recommended permissions are read/write/execute for the user, 5302 +and not accessible by others. 5303 +.Pp 5304 +.It Pa ~/.ssh/authorized_keys 5305 +Lists the public keys (DSA, ECDSA, Ed25519, RSA) 5306 +that can be used for logging in as this user. 5307 +The format of this file is described above. 5308 +The content of the file is not highly sensitive, but the recommended 5309 +permissions are read/write for the user, and not accessible by others. 5310 +.Pp 5311 +If this file, the 5312 +.Pa ~/.ssh 5313 +directory, or the user's home directory are writable 5314 +by other users, then the file could be modified or replaced by unauthorized 5315 +users. 5316 +In this case, 5317 +.Nm 5318 +will not allow it to be used unless the 5319 +.Cm StrictModes 5320 +option has been set to 5321 +.Dq no . 5322 +.Pp 5323 +.It Pa ~/.ssh/environment 5324 +This file is read into the environment at login (if it exists). 5325 +It can only contain empty lines, comment lines (that start with 5326 +.Ql # ) , 5327 +and assignment lines of the form name=value. 5328 +The file should be writable 5329 +only by the user; it need not be readable by anyone else. 5330 +Environment processing is disabled by default and is 5331 +controlled via the 5332 +.Cm PermitUserEnvironment 5333 +option. 5334 +.Pp 5335 +.It Pa ~/.ssh/known_hosts 5336 +Contains a list of host keys for all hosts the user has logged into 5337 +that are not already in the systemwide list of known host keys. 5338 +The format of this file is described above. 5339 +This file should be writable only by root/the owner and 5340 +can, but need not be, world-readable. 5341 +.Pp 5342 +.It Pa ~/.ssh/rc 5343 +Contains initialization routines to be run before 5344 +the user's home directory becomes accessible. 5345 +This file should be writable only by the user, and need not be 5346 +readable by anyone else. 5347 +.Pp 5348 +.It Pa /etc/hosts.equiv 5349 +This file is for host-based authentication (see 5350 +.Xr ssh 1 ) . 5351 +It should only be writable by root. 5352 +.Pp 5353 +.It Pa /etc/moduli 5354 +Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". 5355 +The file format is described in 5356 +.Xr moduli 4 . 5357 +.Pp 5358 +.It Pa /etc/motd 5359 +See 5360 +.Xr motd 5 . 5361 +.Pp 5362 +.It Pa /etc/nologin 5363 +If this file exists, 5364 +.Nm 5365 +refuses to let anyone except root log in. 5366 +The contents of the file 5367 +are displayed to anyone trying to log in, and non-root connections are 5368 +refused. 5369 +The file should be world-readable. 5370 +.Pp 5371 +.It Pa /etc/shosts.equiv 5372 +This file is used in exactly the same way as 5373 +.Pa hosts.equiv , 5374 +but allows host-based authentication without permitting login with 5375 +rlogin/rsh. 5376 +.Pp 5377 +.It Pa /etc/ssh/ssh_host_key 5378 +.It Pa /etc/ssh/ssh_host_dsa_key 5379 +.It Pa /etc/ssh/ssh_host_ecdsa_key 5380 +.It Pa /etc/ssh/ssh_host_ed25519_key 5381 +.It Pa /etc/ssh/ssh_host_rsa_key 5382 +These files contain the private parts of the host keys. 5383 +These files should only be owned by root, readable only by root, and not 5384 +accessible to others. 5385 +Note that 5386 +.Nm 5387 +does not start if these files are group/world-accessible. 5388 +.Pp 5389 +.It Pa /etc/ssh/ssh_host_key.pub 5390 +.It Pa /etc/ssh/ssh_host_dsa_key.pub 5391 +.It Pa /etc/ssh/ssh_host_ecdsa_key.pub 5392 +.It Pa /etc/ssh/ssh_host_ed25519_key.pub 5393 +.It Pa /etc/ssh/ssh_host_rsa_key.pub 5394 +These files contain the public parts of the host keys. 5395 +These files should be world-readable but writable only by 5396 +root. 5397 +Their contents should match the respective private parts. 5398 +These files are not 5399 +really used for anything; they are provided for the convenience of 5400 +the user so their contents can be copied to known hosts files. 5401 +These files are created using 5402 +.Xr ssh-keygen 1 . 5403 +.Pp 5404 +.It Pa /etc/ssh/ssh_known_hosts 5405 +Systemwide list of known host keys. 5406 +This file should be prepared by the 5407 +system administrator to contain the public host keys of all machines in the 5408 +organization. 5409 +The format of this file is described above. 5410 +This file should be writable only by root/the owner and 5411 +should be world-readable. 5412 +.Pp 5413 +.It Pa /etc/ssh/sshd_config 5414 +Contains configuration data for 5415 +.Nm sshd . 5416 +The file format and configuration options are described in 5417 +.Xr sshd_config 4 . 5418 +.Pp 5419 +.It Pa /etc/ssh/sshrc 5420 +Similar to 5421 +.Pa ~/.ssh/rc , 5422 +it can be used to specify 5423 +machine-specific login-time initializations globally. 5424 +This file should be writable only by root, and should be world-readable. 5425 +.Pp 5426 +.It Pa /var/empty 5427 +.Xr chroot 2 5428 +directory used by 5429 +.Nm 5430 +during privilege separation in the pre-authentication phase. 5431 +The directory should not contain any files and must be owned by root 5432 +and not group or world-writable. 5433 +.Pp 5434 +.It Pa /var/run/sshd.pid 5435 +Contains the process ID of the 5436 +.Nm 5437 +listening for connections (if there are several daemons running 5438 +concurrently for different ports, this contains the process ID of the one 5439 +started last). 5440 +The content of this file is not sensitive; it can be world-readable. 5441 +.El 5442 +.Sh SEE ALSO 5443 +.Xr scp 1 , 5444 +.Xr sftp 1 , 5445 +.Xr ssh 1 , 5446 +.Xr ssh-add 1 , 5447 +.Xr ssh-agent 1 , 5448 +.Xr ssh-keygen 1 , 5449 +.Xr ssh-keyscan 1 , 5450 +.Xr chroot 2 , 5451 +.Xr login.conf 5 , 5452 +.Xr moduli 4 , 5453 +.Xr sshd_config 4 , 5454 +.Xr inetd 1M , 5455 +.Xr sftp-server 1M 5456 +.Sh AUTHORS 5457 +OpenSSH is a derivative of the original and free 5458 +ssh 1.2.12 release by Tatu Ylonen. 5459 +Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 5460 +Theo de Raadt and Dug Song 5461 +removed many bugs, re-added newer features and 5462 +created OpenSSH. 5463 +Markus Friedl contributed the support for SSH 5464 +protocol versions 1.5 and 2.0. 5465 +Niels Provos and Markus Friedl contributed support 5466 +for privilege separation. 5467 diff --git a/sshd.8 b/sshd.8 5468 deleted file mode 100644 5469 index 213b5fc..0000000 5470 --- a/sshd.8 5471 +++ /dev/null 5472 @@ -1,971 +0,0 @@ 5473 -.\" 5474 -.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 5475 -.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5476 -.\" All rights reserved 5477 -.\" 5478 -.\" As far as I am concerned, the code I have written for this software 5479 -.\" can be used freely for any purpose. Any derived versions of this 5480 -.\" software must be clearly marked as such, and if the derived work is 5481 -.\" incompatible with the protocol description in the RFC file, it must be 5482 -.\" called by a name other than "ssh" or "Secure Shell". 5483 -.\" 5484 -.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 5485 -.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 5486 -.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 5487 -.\" 5488 -.\" Redistribution and use in source and binary forms, with or without 5489 -.\" modification, are permitted provided that the following conditions 5490 -.\" are met: 5491 -.\" 1. Redistributions of source code must retain the above copyright 5492 -.\" notice, this list of conditions and the following disclaimer. 5493 -.\" 2. Redistributions in binary form must reproduce the above copyright 5494 -.\" notice, this list of conditions and the following disclaimer in the 5495 -.\" documentation and/or other materials provided with the distribution. 5496 -.\" 5497 -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 5498 -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 5499 -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 5500 -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 5501 -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 5502 -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 5503 -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 5504 -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 5505 -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 5506 -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 5507 -.\" 5508 -.\" $OpenBSD: sshd.8,v 1.280 2015/07/03 03:49:45 djm Exp $ 5509 -.Dd $Mdocdate: July 3 2015 $ 5510 -.Dt SSHD 8 5511 -.Os 5512 -.Sh NAME 5513 -.Nm sshd 5514 -.Nd OpenSSH SSH daemon 5515 -.Sh SYNOPSIS 5516 -.Nm sshd 5517 -.Bk -words 5518 -.Op Fl 46DdeiqTt 5519 -.Op Fl b Ar bits 5520 -.Op Fl C Ar connection_spec 5521 -.Op Fl c Ar host_certificate_file 5522 -.Op Fl E Ar log_file 5523 -.Op Fl f Ar config_file 5524 -.Op Fl g Ar login_grace_time 5525 -.Op Fl h Ar host_key_file 5526 -.Op Fl k Ar key_gen_time 5527 -.Op Fl o Ar option 5528 -.Op Fl p Ar port 5529 -.Op Fl u Ar len 5530 -.Ek 5531 -.Sh DESCRIPTION 5532 -.Nm 5533 -(OpenSSH Daemon) is the daemon program for 5534 -.Xr ssh 1 . 5535 -Together these programs replace rlogin and rsh, 5536 -and provide secure encrypted communications between two untrusted hosts 5537 -over an insecure network. 5538 -.Pp 5539 -.Nm 5540 -listens for connections from clients. 5541 -It is normally started at boot from 5542 -.Pa /etc/rc . 5543 -It forks a new 5544 -daemon for each incoming connection. 5545 -The forked daemons handle 5546 -key exchange, encryption, authentication, command execution, 5547 -and data exchange. 5548 -.Pp 5549 -.Nm 5550 -can be configured using command-line options or a configuration file 5551 -(by default 5552 -.Xr sshd_config 5 ) ; 5553 -command-line options override values specified in the 5554 -configuration file. 5555 -.Nm 5556 -rereads its configuration file when it receives a hangup signal, 5557 -.Dv SIGHUP , 5558 -by executing itself with the name and options it was started with, e.g.\& 5559 -.Pa /usr/sbin/sshd . 5560 -.Pp 5561 -The options are as follows: 5562 -.Bl -tag -width Ds 5563 -.It Fl 4 5564 -Forces 5565 -.Nm 5566 -to use IPv4 addresses only. 5567 -.It Fl 6 5568 -Forces 5569 -.Nm 5570 -to use IPv6 addresses only. 5571 -.It Fl b Ar bits 5572 -Specifies the number of bits in the ephemeral protocol version 1 5573 -server key (default 1024). 5574 -.It Fl C Ar connection_spec 5575 -Specify the connection parameters to use for the 5576 -.Fl T 5577 -extended test mode. 5578 -If provided, any 5579 -.Cm Match 5580 -directives in the configuration file 5581 -that would apply to the specified user, host, and address will be set before 5582 -the configuration is written to standard output. 5583 -The connection parameters are supplied as keyword=value pairs. 5584 -The keywords are 5585 -.Dq user , 5586 -.Dq host , 5587 -.Dq laddr , 5588 -.Dq lport , 5589 -and 5590 -.Dq addr . 5591 -All are required and may be supplied in any order, either with multiple 5592 -.Fl C 5593 -options or as a comma-separated list. 5594 -.It Fl c Ar host_certificate_file 5595 -Specifies a path to a certificate file to identify 5596 -.Nm 5597 -during key exchange. 5598 -The certificate file must match a host key file specified using the 5599 -.Fl h 5600 -option or the 5601 -.Cm HostKey 5602 -configuration directive. 5603 -.It Fl D 5604 -When this option is specified, 5605 -.Nm 5606 -will not detach and does not become a daemon. 5607 -This allows easy monitoring of 5608 -.Nm sshd . 5609 -.It Fl d 5610 -Debug mode. 5611 -The server sends verbose debug output to standard error, 5612 -and does not put itself in the background. 5613 -The server also will not fork and will only process one connection. 5614 -This option is only intended for debugging for the server. 5615 -Multiple 5616 -.Fl d 5617 -options increase the debugging level. 5618 -Maximum is 3. 5619 -.It Fl E Ar log_file 5620 -Append debug logs to 5621 -.Ar log_file 5622 -instead of the system log. 5623 -.It Fl e 5624 -Write debug logs to standard error instead of the system log. 5625 -.It Fl f Ar config_file 5626 -Specifies the name of the configuration file. 5627 -The default is 5628 -.Pa /etc/ssh/sshd_config . 5629 -.Nm 5630 -refuses to start if there is no configuration file. 5631 -.It Fl g Ar login_grace_time 5632 -Gives the grace time for clients to authenticate themselves (default 5633 -120 seconds). 5634 -If the client fails to authenticate the user within 5635 -this many seconds, the server disconnects and exits. 5636 -A value of zero indicates no limit. 5637 -.It Fl h Ar host_key_file 5638 -Specifies a file from which a host key is read. 5639 -This option must be given if 5640 -.Nm 5641 -is not run as root (as the normal 5642 -host key files are normally not readable by anyone but root). 5643 -The default is 5644 -.Pa /etc/ssh/ssh_host_key 5645 -for protocol version 1, and 5646 -.Pa /etc/ssh/ssh_host_dsa_key , 5647 -.Pa /etc/ssh/ssh_host_ecdsa_key . 5648 -.Pa /etc/ssh/ssh_host_ed25519_key 5649 -and 5650 -.Pa /etc/ssh/ssh_host_rsa_key 5651 -for protocol version 2. 5652 -It is possible to have multiple host key files for 5653 -the different protocol versions and host key algorithms. 5654 -.It Fl i 5655 -Specifies that 5656 -.Nm 5657 -is being run from 5658 -.Xr inetd 8 . 5659 -If SSH protocol 1 is enabled, 5660 -.Nm 5661 -should not normally be run 5662 -from inetd because it needs to generate the server key before it can 5663 -respond to the client, and this may take some time. 5664 -Clients may have to wait too long if the key was regenerated every time. 5665 -.It Fl k Ar key_gen_time 5666 -Specifies how often the ephemeral protocol version 1 server key is 5667 -regenerated (default 3600 seconds, or one hour). 5668 -The motivation for regenerating the key fairly 5669 -often is that the key is not stored anywhere, and after about an hour 5670 -it becomes impossible to recover the key for decrypting intercepted 5671 -communications even if the machine is cracked into or physically 5672 -seized. 5673 -A value of zero indicates that the key will never be regenerated. 5674 -.It Fl o Ar option 5675 -Can be used to give options in the format used in the configuration file. 5676 -This is useful for specifying options for which there is no separate 5677 -command-line flag. 5678 -For full details of the options, and their values, see 5679 -.Xr sshd_config 5 . 5680 -.It Fl p Ar port 5681 -Specifies the port on which the server listens for connections 5682 -(default 22). 5683 -Multiple port options are permitted. 5684 -Ports specified in the configuration file with the 5685 -.Cm Port 5686 -option are ignored when a command-line port is specified. 5687 -Ports specified using the 5688 -.Cm ListenAddress 5689 -option override command-line ports. 5690 -.It Fl q 5691 -Quiet mode. 5692 -Nothing is sent to the system log. 5693 -Normally the beginning, 5694 -authentication, and termination of each connection is logged. 5695 -.It Fl T 5696 -Extended test mode. 5697 -Check the validity of the configuration file, output the effective configuration 5698 -to stdout and then exit. 5699 -Optionally, 5700 -.Cm Match 5701 -rules may be applied by specifying the connection parameters using one or more 5702 -.Fl C 5703 -options. 5704 -.It Fl t 5705 -Test mode. 5706 -Only check the validity of the configuration file and sanity of the keys. 5707 -This is useful for updating 5708 -.Nm 5709 -reliably as configuration options may change. 5710 -.It Fl u Ar len 5711 -This option is used to specify the size of the field 5712 -in the 5713 -.Li utmp 5714 -structure that holds the remote host name. 5715 -If the resolved host name is longer than 5716 -.Ar len , 5717 -the dotted decimal value will be used instead. 5718 -This allows hosts with very long host names that 5719 -overflow this field to still be uniquely identified. 5720 -Specifying 5721 -.Fl u0 5722 -indicates that only dotted decimal addresses 5723 -should be put into the 5724 -.Pa utmp 5725 -file. 5726 -.Fl u0 5727 -may also be used to prevent 5728 -.Nm 5729 -from making DNS requests unless the authentication 5730 -mechanism or configuration requires it. 5731 -Authentication mechanisms that may require DNS include 5732 -.Cm RhostsRSAAuthentication , 5733 -.Cm HostbasedAuthentication , 5734 -and using a 5735 -.Cm from="pattern-list" 5736 -option in a key file. 5737 -Configuration options that require DNS include using a 5738 -USER@HOST pattern in 5739 -.Cm AllowUsers 5740 -or 5741 -.Cm DenyUsers . 5742 -.El 5743 -.Sh AUTHENTICATION 5744 -The OpenSSH SSH daemon supports SSH protocols 1 and 2. 5745 -The default is to use protocol 2 only, 5746 -though this can be changed via the 5747 -.Cm Protocol 5748 -option in 5749 -.Xr sshd_config 5 . 5750 -Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys; 5751 -protocol 1 only supports RSA keys. 5752 -For both protocols, 5753 -each host has a host-specific key, 5754 -normally 2048 bits, 5755 -used to identify the host. 5756 -.Pp 5757 -Forward security for protocol 1 is provided through 5758 -an additional server key, 5759 -normally 1024 bits, 5760 -generated when the server starts. 5761 -This key is normally regenerated every hour if it has been used, and 5762 -is never stored on disk. 5763 -Whenever a client connects, the daemon responds with its public 5764 -host and server keys. 5765 -The client compares the 5766 -RSA host key against its own database to verify that it has not changed. 5767 -The client then generates a 256-bit random number. 5768 -It encrypts this 5769 -random number using both the host key and the server key, and sends 5770 -the encrypted number to the server. 5771 -Both sides then use this 5772 -random number as a session key which is used to encrypt all further 5773 -communications in the session. 5774 -The rest of the session is encrypted 5775 -using a conventional cipher, currently Blowfish or 3DES, with 3DES 5776 -being used by default. 5777 -The client selects the encryption algorithm 5778 -to use from those offered by the server. 5779 -.Pp 5780 -For protocol 2, 5781 -forward security is provided through a Diffie-Hellman key agreement. 5782 -This key agreement results in a shared session key. 5783 -The rest of the session is encrypted using a symmetric cipher, currently 5784 -128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. 5785 -The client selects the encryption algorithm 5786 -to use from those offered by the server. 5787 -Additionally, session integrity is provided 5788 -through a cryptographic message authentication code 5789 -(hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160, 5790 -hmac-sha2-256 or hmac-sha2-512). 5791 -.Pp 5792 -Finally, the server and the client enter an authentication dialog. 5793 -The client tries to authenticate itself using 5794 -host-based authentication, 5795 -public key authentication, 5796 -challenge-response authentication, 5797 -or password authentication. 5798 -.Pp 5799 -Regardless of the authentication type, the account is checked to 5800 -ensure that it is accessible. An account is not accessible if it is 5801 -locked, listed in 5802 -.Cm DenyUsers 5803 -or its group is listed in 5804 -.Cm DenyGroups 5805 -\&. The definition of a locked account is system dependant. Some platforms 5806 -have their own account database (eg AIX) and some modify the passwd field ( 5807 -.Ql \&*LK\&* 5808 -on Solaris and UnixWare, 5809 -.Ql \&* 5810 -on HP-UX, containing 5811 -.Ql Nologin 5812 -on Tru64, 5813 -a leading 5814 -.Ql \&*LOCKED\&* 5815 -on FreeBSD and a leading 5816 -.Ql \&! 5817 -on most Linuxes). 5818 -If there is a requirement to disable password authentication 5819 -for the account while allowing still public-key, then the passwd field 5820 -should be set to something other than these values (eg 5821 -.Ql NP 5822 -or 5823 -.Ql \&*NP\&* 5824 -). 5825 -.Pp 5826 -If the client successfully authenticates itself, a dialog for 5827 -preparing the session is entered. 5828 -At this time the client may request 5829 -things like allocating a pseudo-tty, forwarding X11 connections, 5830 -forwarding TCP connections, or forwarding the authentication agent 5831 -connection over the secure channel. 5832 -.Pp 5833 -After this, the client either requests a shell or execution of a command. 5834 -The sides then enter session mode. 5835 -In this mode, either side may send 5836 -data at any time, and such data is forwarded to/from the shell or 5837 -command on the server side, and the user terminal in the client side. 5838 -.Pp 5839 -When the user program terminates and all forwarded X11 and other 5840 -connections have been closed, the server sends command exit status to 5841 -the client, and both sides exit. 5842 -.Sh LOGIN PROCESS 5843 -When a user successfully logs in, 5844 -.Nm 5845 -does the following: 5846 -.Bl -enum -offset indent 5847 -.It 5848 -If the login is on a tty, and no command has been specified, 5849 -prints last login time and 5850 -.Pa /etc/motd 5851 -(unless prevented in the configuration file or by 5852 -.Pa ~/.hushlogin ; 5853 -see the 5854 -.Sx FILES 5855 -section). 5856 -.It 5857 -If the login is on a tty, records login time. 5858 -.It 5859 -Checks 5860 -.Pa /etc/nologin ; 5861 -if it exists, prints contents and quits 5862 -(unless root). 5863 -.It 5864 -Changes to run with normal user privileges. 5865 -.It 5866 -Sets up basic environment. 5867 -.It 5868 -Reads the file 5869 -.Pa ~/.ssh/environment , 5870 -if it exists, and users are allowed to change their environment. 5871 -See the 5872 -.Cm PermitUserEnvironment 5873 -option in 5874 -.Xr sshd_config 5 . 5875 -.It 5876 -Changes to user's home directory. 5877 -.It 5878 -If 5879 -.Pa ~/.ssh/rc 5880 -exists and the 5881 -.Xr sshd_config 5 5882 -.Cm PermitUserRC 5883 -option is set, runs it; else if 5884 -.Pa /etc/ssh/sshrc 5885 -exists, runs 5886 -it; otherwise runs xauth. 5887 -The 5888 -.Dq rc 5889 -files are given the X11 5890 -authentication protocol and cookie in standard input. 5891 -See 5892 -.Sx SSHRC , 5893 -below. 5894 -.It 5895 -Runs user's shell or command. 5896 -All commands are run under the user's login shell as specified in the 5897 -system password database. 5898 -.El 5899 -.Sh SSHRC 5900 -If the file 5901 -.Pa ~/.ssh/rc 5902 -exists, 5903 -.Xr sh 1 5904 -runs it after reading the 5905 -environment files but before starting the user's shell or command. 5906 -It must not produce any output on stdout; stderr must be used 5907 -instead. 5908 -If X11 forwarding is in use, it will receive the "proto cookie" pair in 5909 -its standard input (and 5910 -.Ev DISPLAY 5911 -in its environment). 5912 -The script must call 5913 -.Xr xauth 1 5914 -because 5915 -.Nm 5916 -will not run xauth automatically to add X11 cookies. 5917 -.Pp 5918 -The primary purpose of this file is to run any initialization routines 5919 -which may be needed before the user's home directory becomes 5920 -accessible; AFS is a particular example of such an environment. 5921 -.Pp 5922 -This file will probably contain some initialization code followed by 5923 -something similar to: 5924 -.Bd -literal -offset 3n 5925 -if read proto cookie && [ -n "$DISPLAY" ]; then 5926 - if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then 5927 - # X11UseLocalhost=yes 5928 - echo add unix:`echo $DISPLAY | 5929 - cut -c11-` $proto $cookie 5930 - else 5931 - # X11UseLocalhost=no 5932 - echo add $DISPLAY $proto $cookie 5933 - fi | xauth -q - 5934 -fi 5935 -.Ed 5936 -.Pp 5937 -If this file does not exist, 5938 -.Pa /etc/ssh/sshrc 5939 -is run, and if that 5940 -does not exist either, xauth is used to add the cookie. 5941 -.Sh AUTHORIZED_KEYS FILE FORMAT 5942 -.Cm AuthorizedKeysFile 5943 -specifies the files containing public keys for 5944 -public key authentication; 5945 -if none is specified, the default is 5946 -.Pa ~/.ssh/authorized_keys 5947 -and 5948 -.Pa ~/.ssh/authorized_keys2 . 5949 -Each line of the file contains one 5950 -key (empty lines and lines starting with a 5951 -.Ql # 5952 -are ignored as 5953 -comments). 5954 -Protocol 1 public keys consist of the following space-separated fields: 5955 -options, bits, exponent, modulus, comment. 5956 -Protocol 2 public key consist of: 5957 -options, keytype, base64-encoded key, comment. 5958 -The options field is optional; 5959 -its presence is determined by whether the line starts 5960 -with a number or not (the options field never starts with a number). 5961 -The bits, exponent, modulus, and comment fields give the RSA key for 5962 -protocol version 1; the 5963 -comment field is not used for anything (but may be convenient for the 5964 -user to identify the key). 5965 -For protocol version 2 the keytype is 5966 -.Dq ecdsa-sha2-nistp256 , 5967 -.Dq ecdsa-sha2-nistp384 , 5968 -.Dq ecdsa-sha2-nistp521 , 5969 -.Dq ssh-ed25519 , 5970 -.Dq ssh-dss 5971 -or 5972 -.Dq ssh-rsa . 5973 -.Pp 5974 -Note that lines in this file are usually several hundred bytes long 5975 -(because of the size of the public key encoding) up to a limit of 5976 -8 kilobytes, which permits DSA keys up to 8 kilobits and RSA 5977 -keys up to 16 kilobits. 5978 -You don't want to type them in; instead, copy the 5979 -.Pa identity.pub , 5980 -.Pa id_dsa.pub , 5981 -.Pa id_ecdsa.pub , 5982 -.Pa id_ed25519.pub , 5983 -or the 5984 -.Pa id_rsa.pub 5985 -file and edit it. 5986 -.Pp 5987 -.Nm 5988 -enforces a minimum RSA key modulus size for protocol 1 5989 -and protocol 2 keys of 768 bits. 5990 -.Pp 5991 -The options (if present) consist of comma-separated option 5992 -specifications. 5993 -No spaces are permitted, except within double quotes. 5994 -The following option specifications are supported (note 5995 -that option keywords are case-insensitive): 5996 -.Bl -tag -width Ds 5997 -.It Cm cert-authority 5998 -Specifies that the listed key is a certification authority (CA) that is 5999 -trusted to validate signed certificates for user authentication. 6000 -.Pp 6001 -Certificates may encode access restrictions similar to these key options. 6002 -If both certificate restrictions and key options are present, the most 6003 -restrictive union of the two is applied. 6004 -.It Cm command="command" 6005 -Specifies that the command is executed whenever this key is used for 6006 -authentication. 6007 -The command supplied by the user (if any) is ignored. 6008 -The command is run on a pty if the client requests a pty; 6009 -otherwise it is run without a tty. 6010 -If an 8-bit clean channel is required, 6011 -one must not request a pty or should specify 6012 -.Cm no-pty . 6013 -A quote may be included in the command by quoting it with a backslash. 6014 -This option might be useful 6015 -to restrict certain public keys to perform just a specific operation. 6016 -An example might be a key that permits remote backups but nothing else. 6017 -Note that the client may specify TCP and/or X11 6018 -forwarding unless they are explicitly prohibited. 6019 -The command originally supplied by the client is available in the 6020 -.Ev SSH_ORIGINAL_COMMAND 6021 -environment variable. 6022 -Note that this option applies to shell, command or subsystem execution. 6023 -Also note that this command may be superseded by either a 6024 -.Xr sshd_config 5 6025 -.Cm ForceCommand 6026 -directive or a command embedded in a certificate. 6027 -.It Cm environment="NAME=value" 6028 -Specifies that the string is to be added to the environment when 6029 -logging in using this key. 6030 -Environment variables set this way 6031 -override other default environment values. 6032 -Multiple options of this type are permitted. 6033 -Environment processing is disabled by default and is 6034 -controlled via the 6035 -.Cm PermitUserEnvironment 6036 -option. 6037 -This option is automatically disabled if 6038 -.Cm UseLogin 6039 -is enabled. 6040 -.It Cm from="pattern-list" 6041 -Specifies that in addition to public key authentication, either the canonical 6042 -name of the remote host or its IP address must be present in the 6043 -comma-separated list of patterns. 6044 -See PATTERNS in 6045 -.Xr ssh_config 5 6046 -for more information on patterns. 6047 -.Pp 6048 -In addition to the wildcard matching that may be applied to hostnames or 6049 -addresses, a 6050 -.Cm from 6051 -stanza may match IP addresses using CIDR address/masklen notation. 6052 -.Pp 6053 -The purpose of this option is to optionally increase security: public key 6054 -authentication by itself does not trust the network or name servers or 6055 -anything (but the key); however, if somebody somehow steals the key, the key 6056 -permits an intruder to log in from anywhere in the world. 6057 -This additional option makes using a stolen key more difficult (name 6058 -servers and/or routers would have to be compromised in addition to 6059 -just the key). 6060 -.It Cm no-agent-forwarding 6061 -Forbids authentication agent forwarding when this key is used for 6062 -authentication. 6063 -.It Cm no-port-forwarding 6064 -Forbids TCP forwarding when this key is used for authentication. 6065 -Any port forward requests by the client will return an error. 6066 -This might be used, e.g. in connection with the 6067 -.Cm command 6068 -option. 6069 -.It Cm no-pty 6070 -Prevents tty allocation (a request to allocate a pty will fail). 6071 -.It Cm no-user-rc 6072 -Disables execution of 6073 -.Pa ~/.ssh/rc . 6074 -.It Cm no-X11-forwarding 6075 -Forbids X11 forwarding when this key is used for authentication. 6076 -Any X11 forward requests by the client will return an error. 6077 -.It Cm permitopen="host:port" 6078 -Limit local port forwarding with 6079 -.Xr ssh 1 6080 -.Fl L 6081 -such that it may only connect to the specified host and port. 6082 -IPv6 addresses can be specified by enclosing the address in square brackets. 6083 -Multiple 6084 -.Cm permitopen 6085 -options may be applied separated by commas. 6086 -No pattern matching is performed on the specified hostnames, 6087 -they must be literal domains or addresses. 6088 -A port specification of 6089 -.Cm * 6090 -matches any port. 6091 -.It Cm principals="principals" 6092 -On a 6093 -.Cm cert-authority 6094 -line, specifies allowed principals for certificate authentication as a 6095 -comma-separated list. 6096 -At least one name from the list must appear in the certificate's 6097 -list of principals for the certificate to be accepted. 6098 -This option is ignored for keys that are not marked as trusted certificate 6099 -signers using the 6100 -.Cm cert-authority 6101 -option. 6102 -.It Cm tunnel="n" 6103 -Force a 6104 -.Xr tun 4 6105 -device on the server. 6106 -Without this option, the next available device will be used if 6107 -the client requests a tunnel. 6108 -.El 6109 -.Pp 6110 -An example authorized_keys file: 6111 -.Bd -literal -offset 3n 6112 -# Comments allowed at start of line 6113 -ssh-rsa AAAAB3Nza...LiPk== user@example.net 6114 -from="*.sales.example.net,!pc.sales.example.net" ssh-rsa 6115 -AAAAB2...19Q== john@example.net 6116 -command="dump /home",no-pty,no-port-forwarding ssh-dss 6117 -AAAAC3...51R== example.net 6118 -permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss 6119 -AAAAB5...21S== 6120 -tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== 6121 -jane@example.net 6122 -.Ed 6123 -.Sh SSH_KNOWN_HOSTS FILE FORMAT 6124 -The 6125 -.Pa /etc/ssh/ssh_known_hosts 6126 -and 6127 -.Pa ~/.ssh/known_hosts 6128 -files contain host public keys for all known hosts. 6129 -The global file should 6130 -be prepared by the administrator (optional), and the per-user file is 6131 -maintained automatically: whenever the user connects from an unknown host, 6132 -its key is added to the per-user file. 6133 -.Pp 6134 -Each line in these files contains the following fields: markers (optional), 6135 -hostnames, bits, exponent, modulus, comment. 6136 -The fields are separated by spaces. 6137 -.Pp 6138 -The marker is optional, but if it is present then it must be one of 6139 -.Dq @cert-authority , 6140 -to indicate that the line contains a certification authority (CA) key, 6141 -or 6142 -.Dq @revoked , 6143 -to indicate that the key contained on the line is revoked and must not ever 6144 -be accepted. 6145 -Only one marker should be used on a key line. 6146 -.Pp 6147 -Hostnames is a comma-separated list of patterns 6148 -.Pf ( Ql * 6149 -and 6150 -.Ql \&? 6151 -act as 6152 -wildcards); each pattern in turn is matched against the canonical host 6153 -name (when authenticating a client) or against the user-supplied 6154 -name (when authenticating a server). 6155 -A pattern may also be preceded by 6156 -.Ql \&! 6157 -to indicate negation: if the host name matches a negated 6158 -pattern, it is not accepted (by that line) even if it matched another 6159 -pattern on the line. 6160 -A hostname or address may optionally be enclosed within 6161 -.Ql \&[ 6162 -and 6163 -.Ql \&] 6164 -brackets then followed by 6165 -.Ql \&: 6166 -and a non-standard port number. 6167 -.Pp 6168 -Alternately, hostnames may be stored in a hashed form which hides host names 6169 -and addresses should the file's contents be disclosed. 6170 -Hashed hostnames start with a 6171 -.Ql | 6172 -character. 6173 -Only one hashed hostname may appear on a single line and none of the above 6174 -negation or wildcard operators may be applied. 6175 -.Pp 6176 -Bits, exponent, and modulus are taken directly from the RSA host key; they 6177 -can be obtained, for example, from 6178 -.Pa /etc/ssh/ssh_host_key.pub . 6179 -The optional comment field continues to the end of the line, and is not used. 6180 -.Pp 6181 -Lines starting with 6182 -.Ql # 6183 -and empty lines are ignored as comments. 6184 -.Pp 6185 -When performing host authentication, authentication is accepted if any 6186 -matching line has the proper key; either one that matches exactly or, 6187 -if the server has presented a certificate for authentication, the key 6188 -of the certification authority that signed the certificate. 6189 -For a key to be trusted as a certification authority, it must use the 6190 -.Dq @cert-authority 6191 -marker described above. 6192 -.Pp 6193 -The known hosts file also provides a facility to mark keys as revoked, 6194 -for example when it is known that the associated private key has been 6195 -stolen. 6196 -Revoked keys are specified by including the 6197 -.Dq @revoked 6198 -marker at the beginning of the key line, and are never accepted for 6199 -authentication or as certification authorities, but instead will 6200 -produce a warning from 6201 -.Xr ssh 1 6202 -when they are encountered. 6203 -.Pp 6204 -It is permissible (but not 6205 -recommended) to have several lines or different host keys for the same 6206 -names. 6207 -This will inevitably happen when short forms of host names 6208 -from different domains are put in the file. 6209 -It is possible 6210 -that the files contain conflicting information; authentication is 6211 -accepted if valid information can be found from either file. 6212 -.Pp 6213 -Note that the lines in these files are typically hundreds of characters 6214 -long, and you definitely don't want to type in the host keys by hand. 6215 -Rather, generate them by a script, 6216 -.Xr ssh-keyscan 1 6217 -or by taking 6218 -.Pa /etc/ssh/ssh_host_key.pub 6219 -and adding the host names at the front. 6220 -.Xr ssh-keygen 1 6221 -also offers some basic automated editing for 6222 -.Pa ~/.ssh/known_hosts 6223 -including removing hosts matching a host name and converting all host 6224 -names to their hashed representations. 6225 -.Pp 6226 -An example ssh_known_hosts file: 6227 -.Bd -literal -offset 3n 6228 -# Comments allowed at start of line 6229 -closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net 6230 -cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= 6231 -# A hashed hostname 6232 -|1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa 6233 -AAAA1234.....= 6234 -# A revoked key 6235 -@revoked * ssh-rsa AAAAB5W... 6236 -# A CA key, accepted for any host in *.mydomain.com or *.mydomain.org 6237 -@cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... 6238 -.Ed 6239 -.Sh FILES 6240 -.Bl -tag -width Ds -compact 6241 -.It Pa ~/.hushlogin 6242 -This file is used to suppress printing the last login time and 6243 -.Pa /etc/motd , 6244 -if 6245 -.Cm PrintLastLog 6246 -and 6247 -.Cm PrintMotd , 6248 -respectively, 6249 -are enabled. 6250 -It does not suppress printing of the banner specified by 6251 -.Cm Banner . 6252 -.Pp 6253 -.It Pa ~/.rhosts 6254 -This file is used for host-based authentication (see 6255 -.Xr ssh 1 6256 -for more information). 6257 -On some machines this file may need to be 6258 -world-readable if the user's home directory is on an NFS partition, 6259 -because 6260 -.Nm 6261 -reads it as root. 6262 -Additionally, this file must be owned by the user, 6263 -and must not have write permissions for anyone else. 6264 -The recommended 6265 -permission for most machines is read/write for the user, and not 6266 -accessible by others. 6267 -.Pp 6268 -.It Pa ~/.shosts 6269 -This file is used in exactly the same way as 6270 -.Pa .rhosts , 6271 -but allows host-based authentication without permitting login with 6272 -rlogin/rsh. 6273 -.Pp 6274 -.It Pa ~/.ssh/ 6275 -This directory is the default location for all user-specific configuration 6276 -and authentication information. 6277 -There is no general requirement to keep the entire contents of this directory 6278 -secret, but the recommended permissions are read/write/execute for the user, 6279 -and not accessible by others. 6280 -.Pp 6281 -.It Pa ~/.ssh/authorized_keys 6282 -Lists the public keys (DSA, ECDSA, Ed25519, RSA) 6283 -that can be used for logging in as this user. 6284 -The format of this file is described above. 6285 -The content of the file is not highly sensitive, but the recommended 6286 -permissions are read/write for the user, and not accessible by others. 6287 -.Pp 6288 -If this file, the 6289 -.Pa ~/.ssh 6290 -directory, or the user's home directory are writable 6291 -by other users, then the file could be modified or replaced by unauthorized 6292 -users. 6293 -In this case, 6294 -.Nm 6295 -will not allow it to be used unless the 6296 -.Cm StrictModes 6297 -option has been set to 6298 -.Dq no . 6299 -.Pp 6300 -.It Pa ~/.ssh/environment 6301 -This file is read into the environment at login (if it exists). 6302 -It can only contain empty lines, comment lines (that start with 6303 -.Ql # ) , 6304 -and assignment lines of the form name=value. 6305 -The file should be writable 6306 -only by the user; it need not be readable by anyone else. 6307 -Environment processing is disabled by default and is 6308 -controlled via the 6309 -.Cm PermitUserEnvironment 6310 -option. 6311 -.Pp 6312 -.It Pa ~/.ssh/known_hosts 6313 -Contains a list of host keys for all hosts the user has logged into 6314 -that are not already in the systemwide list of known host keys. 6315 -The format of this file is described above. 6316 -This file should be writable only by root/the owner and 6317 -can, but need not be, world-readable. 6318 -.Pp 6319 -.It Pa ~/.ssh/rc 6320 -Contains initialization routines to be run before 6321 -the user's home directory becomes accessible. 6322 -This file should be writable only by the user, and need not be 6323 -readable by anyone else. 6324 -.Pp 6325 -.It Pa /etc/hosts.equiv 6326 -This file is for host-based authentication (see 6327 -.Xr ssh 1 ) . 6328 -It should only be writable by root. 6329 -.Pp 6330 -.It Pa /etc/moduli 6331 -Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". 6332 -The file format is described in 6333 -.Xr moduli 5 . 6334 -.Pp 6335 -.It Pa /etc/motd 6336 -See 6337 -.Xr motd 5 . 6338 -.Pp 6339 -.It Pa /etc/nologin 6340 -If this file exists, 6341 -.Nm 6342 -refuses to let anyone except root log in. 6343 -The contents of the file 6344 -are displayed to anyone trying to log in, and non-root connections are 6345 -refused. 6346 -The file should be world-readable. 6347 -.Pp 6348 -.It Pa /etc/shosts.equiv 6349 -This file is used in exactly the same way as 6350 -.Pa hosts.equiv , 6351 -but allows host-based authentication without permitting login with 6352 -rlogin/rsh. 6353 -.Pp 6354 -.It Pa /etc/ssh/ssh_host_key 6355 -.It Pa /etc/ssh/ssh_host_dsa_key 6356 -.It Pa /etc/ssh/ssh_host_ecdsa_key 6357 -.It Pa /etc/ssh/ssh_host_ed25519_key 6358 -.It Pa /etc/ssh/ssh_host_rsa_key 6359 -These files contain the private parts of the host keys. 6360 -These files should only be owned by root, readable only by root, and not 6361 -accessible to others. 6362 -Note that 6363 -.Nm 6364 -does not start if these files are group/world-accessible. 6365 -.Pp 6366 -.It Pa /etc/ssh/ssh_host_key.pub 6367 -.It Pa /etc/ssh/ssh_host_dsa_key.pub 6368 -.It Pa /etc/ssh/ssh_host_ecdsa_key.pub 6369 -.It Pa /etc/ssh/ssh_host_ed25519_key.pub 6370 -.It Pa /etc/ssh/ssh_host_rsa_key.pub 6371 -These files contain the public parts of the host keys. 6372 -These files should be world-readable but writable only by 6373 -root. 6374 -Their contents should match the respective private parts. 6375 -These files are not 6376 -really used for anything; they are provided for the convenience of 6377 -the user so their contents can be copied to known hosts files. 6378 -These files are created using 6379 -.Xr ssh-keygen 1 . 6380 -.Pp 6381 -.It Pa /etc/ssh/ssh_known_hosts 6382 -Systemwide list of known host keys. 6383 -This file should be prepared by the 6384 -system administrator to contain the public host keys of all machines in the 6385 -organization. 6386 -The format of this file is described above. 6387 -This file should be writable only by root/the owner and 6388 -should be world-readable. 6389 -.Pp 6390 -.It Pa /etc/ssh/sshd_config 6391 -Contains configuration data for 6392 -.Nm sshd . 6393 -The file format and configuration options are described in 6394 -.Xr sshd_config 5 . 6395 -.Pp 6396 -.It Pa /etc/ssh/sshrc 6397 -Similar to 6398 -.Pa ~/.ssh/rc , 6399 -it can be used to specify 6400 -machine-specific login-time initializations globally. 6401 -This file should be writable only by root, and should be world-readable. 6402 -.Pp 6403 -.It Pa /var/empty 6404 -.Xr chroot 2 6405 -directory used by 6406 -.Nm 6407 -during privilege separation in the pre-authentication phase. 6408 -The directory should not contain any files and must be owned by root 6409 -and not group or world-writable. 6410 -.Pp 6411 -.It Pa /var/run/sshd.pid 6412 -Contains the process ID of the 6413 -.Nm 6414 -listening for connections (if there are several daemons running 6415 -concurrently for different ports, this contains the process ID of the one 6416 -started last). 6417 -The content of this file is not sensitive; it can be world-readable. 6418 -.El 6419 -.Sh SEE ALSO 6420 -.Xr scp 1 , 6421 -.Xr sftp 1 , 6422 -.Xr ssh 1 , 6423 -.Xr ssh-add 1 , 6424 -.Xr ssh-agent 1 , 6425 -.Xr ssh-keygen 1 , 6426 -.Xr ssh-keyscan 1 , 6427 -.Xr chroot 2 , 6428 -.Xr login.conf 5 , 6429 -.Xr moduli 5 , 6430 -.Xr sshd_config 5 , 6431 -.Xr inetd 8 , 6432 -.Xr sftp-server 8 6433 -.Sh AUTHORS 6434 -OpenSSH is a derivative of the original and free 6435 -ssh 1.2.12 release by Tatu Ylonen. 6436 -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 6437 -Theo de Raadt and Dug Song 6438 -removed many bugs, re-added newer features and 6439 -created OpenSSH. 6440 -Markus Friedl contributed the support for SSH 6441 -protocol versions 1.5 and 2.0. 6442 -Niels Provos and Markus Friedl contributed support 6443 -for privilege separation. 6444 diff --git a/sshd_config.4 b/sshd_config.4 6445 new file mode 100644 6446 index 0000000..ba4d79a 6447 --- /dev/null 6448 +++ b/sshd_config.4 6449 @@ -0,0 +1,1736 @@ 6450 +.\" 6451 +.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 6452 +.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 6453 +.\" All rights reserved 6454 +.\" 6455 +.\" As far as I am concerned, the code I have written for this software 6456 +.\" can be used freely for any purpose. Any derived versions of this 6457 +.\" software must be clearly marked as such, and if the derived work is 6458 +.\" incompatible with the protocol description in the RFC file, it must be 6459 +.\" called by a name other than "ssh" or "Secure Shell". 6460 +.\" 6461 +.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 6462 +.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 6463 +.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 6464 +.\" 6465 +.\" Redistribution and use in source and binary forms, with or without 6466 +.\" modification, are permitted provided that the following conditions 6467 +.\" are met: 6468 +.\" 1. Redistributions of source code must retain the above copyright 6469 +.\" notice, this list of conditions and the following disclaimer. 6470 +.\" 2. Redistributions in binary form must reproduce the above copyright 6471 +.\" notice, this list of conditions and the following disclaimer in the 6472 +.\" documentation and/or other materials provided with the distribution. 6473 +.\" 6474 +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 6475 +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 6476 +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 6477 +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 6478 +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 6479 +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 6480 +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 6481 +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 6482 +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 6483 +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 6484 +.\" 6485 +.\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $ 6486 +.Dd $Mdocdate: August 14 2015 $ 6487 +.Dt SSHD_CONFIG 4 6488 +.Os 6489 +.Sh NAME 6490 +.Nm sshd_config 6491 +.Nd OpenSSH SSH daemon configuration file 6492 +.Sh SYNOPSIS 6493 +.Nm /etc/ssh/sshd_config 6494 +.Sh DESCRIPTION 6495 +.Xr sshd 1M 6496 +reads configuration data from 6497 +.Pa /etc/ssh/sshd_config 6498 +(or the file specified with 6499 +.Fl f 6500 +on the command line). 6501 +The file contains keyword-argument pairs, one per line. 6502 +Lines starting with 6503 +.Ql # 6504 +and empty lines are interpreted as comments. 6505 +Arguments may optionally be enclosed in double quotes 6506 +.Pq \&" 6507 +in order to represent arguments containing spaces. 6508 +.Pp 6509 +The possible 6510 +keywords and their meanings are as follows (note that 6511 +keywords are case-insensitive and arguments are case-sensitive): 6512 +.Bl -tag -width Ds 6513 +.It Cm AcceptEnv 6514 +Specifies what environment variables sent by the client will be copied into 6515 +the session's 6516 +.Xr environ 7 . 6517 +See 6518 +.Cm SendEnv 6519 +in 6520 +.Xr ssh_config 4 6521 +for how to configure the client. 6522 +Note that environment passing is only supported for protocol 2, and 6523 +that the 6524 +.Ev TERM 6525 +environment variable is always sent whenever the client 6526 +requests a pseudo-terminal as it is required by the protocol. 6527 +Variables are specified by name, which may contain the wildcard characters 6528 +.Ql * 6529 +and 6530 +.Ql \&? . 6531 +Multiple environment variables may be separated by whitespace or spread 6532 +across multiple 6533 +.Cm AcceptEnv 6534 +directives. 6535 +Be warned that some environment variables could be used to bypass restricted 6536 +user environments. 6537 +For this reason, care should be taken in the use of this directive. 6538 +The default is not to accept any environment variables. 6539 +.It Cm AddressFamily 6540 +Specifies which address family should be used by 6541 +.Xr sshd 1M . 6542 +Valid arguments are 6543 +.Dq any , 6544 +.Dq inet 6545 +(use IPv4 only), or 6546 +.Dq inet6 6547 +(use IPv6 only). 6548 +The default is 6549 +.Dq any . 6550 +.It Cm AllowAgentForwarding 6551 +Specifies whether 6552 +.Xr ssh-agent 1 6553 +forwarding is permitted. 6554 +The default is 6555 +.Dq yes . 6556 +Note that disabling agent forwarding does not improve security 6557 +unless users are also denied shell access, as they can always install 6558 +their own forwarders. 6559 +.It Cm AllowGroups 6560 +This keyword can be followed by a list of group name patterns, separated 6561 +by spaces. 6562 +If specified, login is allowed only for users whose primary 6563 +group or supplementary group list matches one of the patterns. 6564 +Only group names are valid; a numerical group ID is not recognized. 6565 +By default, login is allowed for all groups. 6566 +The allow/deny directives are processed in the following order: 6567 +.Cm DenyUsers , 6568 +.Cm AllowUsers , 6569 +.Cm DenyGroups , 6570 +and finally 6571 +.Cm AllowGroups . 6572 +.Pp 6573 +See PATTERNS in 6574 +.Xr ssh_config 4 6575 +for more information on patterns. 6576 +.It Cm AllowTcpForwarding 6577 +Specifies whether TCP forwarding is permitted. 6578 +The available options are 6579 +.Dq yes 6580 +or 6581 +.Dq all 6582 +to allow TCP forwarding, 6583 +.Dq no 6584 +to prevent all TCP forwarding, 6585 +.Dq local 6586 +to allow local (from the perspective of 6587 +.Xr ssh 1 ) 6588 +forwarding only or 6589 +.Dq remote 6590 +to allow remote forwarding only. 6591 +The default is 6592 +.Dq yes . 6593 +Note that disabling TCP forwarding does not improve security unless 6594 +users are also denied shell access, as they can always install their 6595 +own forwarders. 6596 +.It Cm AllowStreamLocalForwarding 6597 +Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. 6598 +The available options are 6599 +.Dq yes 6600 +or 6601 +.Dq all 6602 +to allow StreamLocal forwarding, 6603 +.Dq no 6604 +to prevent all StreamLocal forwarding, 6605 +.Dq local 6606 +to allow local (from the perspective of 6607 +.Xr ssh 1 ) 6608 +forwarding only or 6609 +.Dq remote 6610 +to allow remote forwarding only. 6611 +The default is 6612 +.Dq yes . 6613 +Note that disabling StreamLocal forwarding does not improve security unless 6614 +users are also denied shell access, as they can always install their 6615 +own forwarders. 6616 +.It Cm AllowUsers 6617 +This keyword can be followed by a list of user name patterns, separated 6618 +by spaces. 6619 +If specified, login is allowed only for user names that 6620 +match one of the patterns. 6621 +Only user names are valid; a numerical user ID is not recognized. 6622 +By default, login is allowed for all users. 6623 +If the pattern takes the form USER@HOST then USER and HOST 6624 +are separately checked, restricting logins to particular 6625 +users from particular hosts. 6626 +The allow/deny directives are processed in the following order: 6627 +.Cm DenyUsers , 6628 +.Cm AllowUsers , 6629 +.Cm DenyGroups , 6630 +and finally 6631 +.Cm AllowGroups . 6632 +.Pp 6633 +See PATTERNS in 6634 +.Xr ssh_config 4 6635 +for more information on patterns. 6636 +.It Cm AuthenticationMethods 6637 +Specifies the authentication methods that must be successfully completed 6638 +for a user to be granted access. 6639 +This option must be followed by one or more comma-separated lists of 6640 +authentication method names. 6641 +Successful authentication requires completion of every method in at least 6642 +one of these lists. 6643 +.Pp 6644 +For example, an argument of 6645 +.Dq publickey,password publickey,keyboard-interactive 6646 +would require the user to complete public key authentication, followed by 6647 +either password or keyboard interactive authentication. 6648 +Only methods that are next in one or more lists are offered at each stage, 6649 +so for this example, it would not be possible to attempt password or 6650 +keyboard-interactive authentication before public key. 6651 +.Pp 6652 +For keyboard interactive authentication it is also possible to 6653 +restrict authentication to a specific device by appending a 6654 +colon followed by the device identifier 6655 +.Dq bsdauth , 6656 +.Dq pam , 6657 +or 6658 +.Dq skey , 6659 +depending on the server configuration. 6660 +For example, 6661 +.Dq keyboard-interactive:bsdauth 6662 +would restrict keyboard interactive authentication to the 6663 +.Dq bsdauth 6664 +device. 6665 +.Pp 6666 +If the 6667 +.Dq publickey 6668 +method is listed more than once, 6669 +.Xr sshd 8 6670 +verifies that keys that have been used successfully are not reused for 6671 +subsequent authentications. 6672 +For example, an 6673 +.Cm AuthenticationMethods 6674 +of 6675 +.Dq publickey,publickey 6676 +will require successful authentication using two different public keys. 6677 +.Pp 6678 +This option is only available for SSH protocol 2 and will yield a fatal 6679 +error if enabled if protocol 1 is also enabled. 6680 +Note that each authentication method listed should also be explicitly enabled 6681 +in the configuration. 6682 +The default is not to require multiple authentication; successful completion 6683 +of a single authentication method is sufficient. 6684 +.It Cm AuthorizedKeysCommand 6685 +Specifies a program to be used to look up the user's public keys. 6686 +The program must be owned by root, not writable by group or others and 6687 +specified by an absolute path. 6688 +.Pp 6689 +Arguments to 6690 +.Cm AuthorizedKeysCommand 6691 +may be provided using the following tokens, which will be expanded 6692 +at runtime: %% is replaced by a literal '%', %u is replaced by the 6693 +username being authenticated, %h is replaced by the home directory 6694 +of the user being authenticated, %t is replaced with the key type 6695 +offered for authentication, %f is replaced with the fingerprint of 6696 +the key, and %k is replaced with the key being offered for authentication. 6697 +If no arguments are specified then the username of the target user 6698 +will be supplied. 6699 +.Pp 6700 +The program should produce on standard output zero or 6701 +more lines of authorized_keys output (see AUTHORIZED_KEYS in 6702 +.Xr sshd 1M ) . 6703 +If a key supplied by AuthorizedKeysCommand does not successfully authenticate 6704 +and authorize the user then public key authentication continues using the usual 6705 +.Cm AuthorizedKeysFile 6706 +files. 6707 +By default, no AuthorizedKeysCommand is run. 6708 +.It Cm AuthorizedKeysCommandUser 6709 +Specifies the user under whose account the AuthorizedKeysCommand is run. 6710 +It is recommended to use a dedicated user that has no other role on the host 6711 +than running authorized keys commands. 6712 +If 6713 +.Cm AuthorizedKeysCommand 6714 +is specified but 6715 +.Cm AuthorizedKeysCommandUser 6716 +is not, then 6717 +.Xr sshd 8 6718 +will refuse to start. 6719 +.It Cm AuthorizedKeysFile 6720 +Specifies the file that contains the public keys that can be used 6721 +for user authentication. 6722 +The format is described in the 6723 +AUTHORIZED_KEYS FILE FORMAT 6724 +section of 6725 +.Xr sshd 1M . 6726 +.Cm AuthorizedKeysFile 6727 +may contain tokens of the form %T which are substituted during connection 6728 +setup. 6729 +The following tokens are defined: %% is replaced by a literal '%', 6730 +%h is replaced by the home directory of the user being authenticated, and 6731 +%u is replaced by the username of that user. 6732 +After expansion, 6733 +.Cm AuthorizedKeysFile 6734 +is taken to be an absolute path or one relative to the user's home 6735 +directory. 6736 +Multiple files may be listed, separated by whitespace. 6737 +The default is 6738 +.Dq .ssh/authorized_keys .ssh/authorized_keys2 . 6739 +.It Cm AuthorizedPrincipalsCommand 6740 +Specifies a program to be used to generate the list of allowed 6741 +certificate principals as per 6742 +.Cm AuthorizedPrincipalsFile . 6743 +The program must be owned by root, not writable by group or others and 6744 +specified by an absolute path. 6745 +.Pp 6746 +Arguments to 6747 +.Cm AuthorizedPrincipalsCommand 6748 +may be provided using the following tokens, which will be expanded 6749 +at runtime: %% is replaced by a literal '%', %u is replaced by the 6750 +username being authenticated and %h is replaced by the home directory 6751 +of the user being authenticated. 6752 +.Pp 6753 +The program should produce on standard output zero or 6754 +more lines of 6755 +.Cm AuthorizedPrincipalsFile 6756 +output. 6757 +If either 6758 +.Cm AuthorizedPrincipalsCommand 6759 +or 6760 +.Cm AuthorizedPrincipalsFile 6761 +is specified, then certificates offered by the client for authentication 6762 +must contain a principal that is listed. 6763 +By default, no AuthorizedPrincipalsCommand is run. 6764 +.It Cm AuthorizedPrincipalsCommandUser 6765 +Specifies the user under whose account the AuthorizedPrincipalsCommand is run. 6766 +It is recommended to use a dedicated user that has no other role on the host 6767 +than running authorized principals commands. 6768 +If 6769 +.Cm AuthorizedPrincipalsCommand 6770 +is specified but 6771 +.Cm AuthorizedPrincipalsCommandUser 6772 +is not, then 6773 +.Xr sshd 8 6774 +will refuse to start. 6775 +.It Cm AuthorizedPrincipalsFile 6776 +Specifies a file that lists principal names that are accepted for 6777 +certificate authentication. 6778 +When using certificates signed by a key listed in 6779 +.Cm TrustedUserCAKeys , 6780 +this file lists names, one of which must appear in the certificate for it 6781 +to be accepted for authentication. 6782 +Names are listed one per line preceded by key options (as described 6783 +in AUTHORIZED_KEYS FILE FORMAT in 6784 +.Xr sshd 1M ) . 6785 +Empty lines and comments starting with 6786 +.Ql # 6787 +are ignored. 6788 +.Pp 6789 +.Cm AuthorizedPrincipalsFile 6790 +may contain tokens of the form %T which are substituted during connection 6791 +setup. 6792 +The following tokens are defined: %% is replaced by a literal '%', 6793 +%h is replaced by the home directory of the user being authenticated, and 6794 +%u is replaced by the username of that user. 6795 +After expansion, 6796 +.Cm AuthorizedPrincipalsFile 6797 +is taken to be an absolute path or one relative to the user's home 6798 +directory. 6799 +.Pp 6800 +The default is 6801 +.Dq none , 6802 +i.e. not to use a principals file \(en in this case, the username 6803 +of the user must appear in a certificate's principals list for it to be 6804 +accepted. 6805 +Note that 6806 +.Cm AuthorizedPrincipalsFile 6807 +is only used when authentication proceeds using a CA listed in 6808 +.Cm TrustedUserCAKeys 6809 +and is not consulted for certification authorities trusted via 6810 +.Pa ~/.ssh/authorized_keys , 6811 +though the 6812 +.Cm principals= 6813 +key option offers a similar facility (see 6814 +.Xr sshd 1M 6815 +for details). 6816 +.It Cm Banner 6817 +The contents of the specified file are sent to the remote user before 6818 +authentication is allowed. 6819 +If the argument is 6820 +.Dq none 6821 +then no banner is displayed. 6822 +This option is only available for protocol version 2. 6823 +By default, no banner is displayed. 6824 +.It Cm ChallengeResponseAuthentication 6825 +Specifies whether challenge-response authentication is allowed (e.g. via 6826 +PAM or through authentication styles supported in 6827 +.Xr login.conf 5 ) 6828 +The default is 6829 +.Dq yes . 6830 +.It Cm ChrootDirectory 6831 +Specifies the pathname of a directory to 6832 +.Xr chroot 2 6833 +to after authentication. 6834 +At session startup 6835 +.Xr sshd 8 6836 +checks that all components of the pathname are root-owned directories 6837 +which are not writable by any other user or group. 6838 +After the chroot, 6839 +.Xr sshd 1M 6840 +changes the working directory to the user's home directory. 6841 +.Pp 6842 +The pathname may contain the following tokens that are expanded at runtime once 6843 +the connecting user has been authenticated: %% is replaced by a literal '%', 6844 +%h is replaced by the home directory of the user being authenticated, and 6845 +%u is replaced by the username of that user. 6846 +.Pp 6847 +The 6848 +.Cm ChrootDirectory 6849 +must contain the necessary files and directories to support the 6850 +user's session. 6851 +For an interactive session this requires at least a shell, typically 6852 +.Xr sh 1 , 6853 +and basic 6854 +.Pa /dev 6855 +nodes such as 6856 +.Xr null 4 , 6857 +.Xr zero 4 , 6858 +.Xr stdin 4 , 6859 +.Xr stdout 4 , 6860 +.Xr stderr 4 , 6861 +and 6862 +.Xr tty 4 6863 +devices. 6864 +For file transfer sessions using 6865 +.Dq sftp , 6866 +no additional configuration of the environment is necessary if the 6867 +in-process sftp server is used, 6868 +though sessions which use logging may require 6869 +.Pa /dev/log 6870 +inside the chroot directory on some operating systems (see 6871 +.Xr sftp-server 8 6872 +for details). 6873 +.Pp 6874 +For safety, it is very important that the directory hierarchy be 6875 +prevented from modification by other processes on the system (especially 6876 +those outside the jail). 6877 +Misconfiguration can lead to unsafe environments which 6878 +.Xr sshd 8 6879 +cannot detect. 6880 +.Pp 6881 +The default is not to 6882 +.Xr chroot 2 . 6883 +.It Cm Ciphers 6884 +Specifies the ciphers allowed for protocol version 2. 6885 +Multiple ciphers must be comma-separated. 6886 +If the specified value begins with a 6887 +.Sq + 6888 +character, then the specified ciphers will be appended to the default set 6889 +instead of replacing them. 6890 +.Pp 6891 +The supported ciphers are: 6892 +.Pp 6893 +.Bl -item -compact -offset indent 6894 +.It 6895 +3des-cbc 6896 +.It 6897 +aes128-cbc 6898 +.It 6899 +aes192-cbc 6900 +.It 6901 +aes256-cbc 6902 +.It 6903 +aes128-ctr 6904 +.It 6905 +aes192-ctr 6906 +.It 6907 +aes256-ctr 6908 +.It 6909 +aes128-gcm@openssh.com 6910 +.It 6911 +aes256-gcm@openssh.com 6912 +.It 6913 +arcfour 6914 +.It 6915 +arcfour128 6916 +.It 6917 +arcfour256 6918 +.It 6919 +blowfish-cbc 6920 +.It 6921 +cast128-cbc 6922 +.It 6923 +chacha20-poly1305@openssh.com 6924 +.El 6925 +.Pp 6926 +The default is: 6927 +.Bd -literal -offset indent 6928 +chacha20-poly1305@openssh.com, 6929 +aes128-ctr,aes192-ctr,aes256-ctr, 6930 +aes128-gcm@openssh.com,aes256-gcm@openssh.com 6931 +.Ed 6932 +.Pp 6933 +The list of available ciphers may also be obtained using the 6934 +.Fl Q 6935 +option of 6936 +.Xr ssh 1 6937 +with an argument of 6938 +.Dq cipher . 6939 +.It Cm ClientAliveCountMax 6940 +Sets the number of client alive messages (see below) which may be 6941 +sent without 6942 +.Xr sshd 1M 6943 +receiving any messages back from the client. 6944 +If this threshold is reached while client alive messages are being sent, 6945 +sshd will disconnect the client, terminating the session. 6946 +It is important to note that the use of client alive messages is very 6947 +different from 6948 +.Cm TCPKeepAlive 6949 +(below). 6950 +The client alive messages are sent through the encrypted channel 6951 +and therefore will not be spoofable. 6952 +The TCP keepalive option enabled by 6953 +.Cm TCPKeepAlive 6954 +is spoofable. 6955 +The client alive mechanism is valuable when the client or 6956 +server depend on knowing when a connection has become inactive. 6957 +.Pp 6958 +The default value is 3. 6959 +If 6960 +.Cm ClientAliveInterval 6961 +(see below) is set to 15, and 6962 +.Cm ClientAliveCountMax 6963 +is left at the default, unresponsive SSH clients 6964 +will be disconnected after approximately 45 seconds. 6965 +This option applies to protocol version 2 only. 6966 +.It Cm ClientAliveInterval 6967 +Sets a timeout interval in seconds after which if no data has been received 6968 +from the client, 6969 +.Xr sshd 1M 6970 +will send a message through the encrypted 6971 +channel to request a response from the client. 6972 +The default 6973 +is 0, indicating that these messages will not be sent to the client. 6974 +This option applies to protocol version 2 only. 6975 +.It Cm Compression 6976 +Specifies whether compression is allowed, or delayed until 6977 +the user has authenticated successfully. 6978 +The argument must be 6979 +.Dq yes , 6980 +.Dq delayed , 6981 +or 6982 +.Dq no . 6983 +The default is 6984 +.Dq delayed . 6985 +.It Cm DenyGroups 6986 +This keyword can be followed by a list of group name patterns, separated 6987 +by spaces. 6988 +Login is disallowed for users whose primary group or supplementary 6989 +group list matches one of the patterns. 6990 +Only group names are valid; a numerical group ID is not recognized. 6991 +By default, login is allowed for all groups. 6992 +The allow/deny directives are processed in the following order: 6993 +.Cm DenyUsers , 6994 +.Cm AllowUsers , 6995 +.Cm DenyGroups , 6996 +and finally 6997 +.Cm AllowGroups . 6998 +.Pp 6999 +See PATTERNS in 7000 +.Xr ssh_config 4 7001 +for more information on patterns. 7002 +.It Cm DenyUsers 7003 +This keyword can be followed by a list of user name patterns, separated 7004 +by spaces. 7005 +Login is disallowed for user names that match one of the patterns. 7006 +Only user names are valid; a numerical user ID is not recognized. 7007 +By default, login is allowed for all users. 7008 +If the pattern takes the form USER@HOST then USER and HOST 7009 +are separately checked, restricting logins to particular 7010 +users from particular hosts. 7011 +The allow/deny directives are processed in the following order: 7012 +.Cm DenyUsers , 7013 +.Cm AllowUsers , 7014 +.Cm DenyGroups , 7015 +and finally 7016 +.Cm AllowGroups . 7017 +.Pp 7018 +See PATTERNS in 7019 +.Xr ssh_config 4 7020 +for more information on patterns. 7021 +.It Cm FingerprintHash 7022 +Specifies the hash algorithm used when logging key fingerprints. 7023 +Valid options are: 7024 +.Dq md5 7025 +and 7026 +.Dq sha256 . 7027 +The default is 7028 +.Dq sha256 . 7029 +.It Cm ForceCommand 7030 +Forces the execution of the command specified by 7031 +.Cm ForceCommand , 7032 +ignoring any command supplied by the client and 7033 +.Pa ~/.ssh/rc 7034 +if present. 7035 +The command is invoked by using the user's login shell with the -c option. 7036 +This applies to shell, command, or subsystem execution. 7037 +It is most useful inside a 7038 +.Cm Match 7039 +block. 7040 +The command originally supplied by the client is available in the 7041 +.Ev SSH_ORIGINAL_COMMAND 7042 +environment variable. 7043 +Specifying a command of 7044 +.Dq internal-sftp 7045 +will force the use of an in-process sftp server that requires no support 7046 +files when used with 7047 +.Cm ChrootDirectory . 7048 +.It Cm GatewayPorts 7049 +Specifies whether remote hosts are allowed to connect to ports 7050 +forwarded for the client. 7051 +By default, 7052 +.Xr sshd 1M 7053 +binds remote port forwardings to the loopback address. 7054 +This prevents other remote hosts from connecting to forwarded ports. 7055 +.Cm GatewayPorts 7056 +can be used to specify that sshd 7057 +should allow remote port forwardings to bind to non-loopback addresses, thus 7058 +allowing other hosts to connect. 7059 +The argument may be 7060 +.Dq no 7061 +to force remote port forwardings to be available to the local host only, 7062 +.Dq yes 7063 +to force remote port forwardings to bind to the wildcard address, or 7064 +.Dq clientspecified 7065 +to allow the client to select the address to which the forwarding is bound. 7066 +The default is 7067 +.Dq no . 7068 +.It Cm GSSAPIAuthentication 7069 +Specifies whether user authentication based on GSSAPI is allowed. 7070 +The default is 7071 +.Dq no . 7072 +Note that this option applies to protocol version 2 only. 7073 +.It Cm GSSAPICleanupCredentials 7074 +Specifies whether to automatically destroy the user's credentials cache 7075 +on logout. 7076 +The default is 7077 +.Dq yes . 7078 +Note that this option applies to protocol version 2 only. 7079 +.It Cm GSSAPIStrictAcceptorCheck 7080 +Determines whether to be strict about the identity of the GSSAPI acceptor 7081 +a client authenticates against. 7082 +If set to 7083 +.Dq yes 7084 +then the client must authenticate against the 7085 +.Pa host 7086 +service on the current hostname. 7087 +If set to 7088 +.Dq no 7089 +then the client may authenticate against any service key stored in the 7090 +machine's default store. 7091 +This facility is provided to assist with operation on multi homed machines. 7092 +The default is 7093 +.Dq yes . 7094 +.It Cm HostbasedAcceptedKeyTypes 7095 +Specifies the key types that will be accepted for hostbased authentication 7096 +as a comma-separated pattern list. 7097 +Alternately if the specified value begins with a 7098 +.Sq + 7099 +character, then the specified key types will be appended to the default set 7100 +instead of replacing them. 7101 +The default for this option is: 7102 +.Bd -literal -offset 3n 7103 +ecdsa-sha2-nistp256-cert-v01@openssh.com, 7104 +ecdsa-sha2-nistp384-cert-v01@openssh.com, 7105 +ecdsa-sha2-nistp521-cert-v01@openssh.com, 7106 +ssh-ed25519-cert-v01@openssh.com, 7107 +ssh-rsa-cert-v01@openssh.com, 7108 +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 7109 +ssh-ed25519,ssh-rsa 7110 +.Ed 7111 +.Pp 7112 +The 7113 +.Fl Q 7114 +option of 7115 +.Xr ssh 1 7116 +may be used to list supported key types. 7117 +.It Cm HostbasedAuthentication 7118 +Specifies whether rhosts or /etc/hosts.equiv authentication together 7119 +with successful public key client host authentication is allowed 7120 +(host-based authentication). 7121 +This option is similar to 7122 +.Cm RhostsRSAAuthentication 7123 +and applies to protocol version 2 only. 7124 +The default is 7125 +.Dq no . 7126 +.It Cm HostbasedUsesNameFromPacketOnly 7127 +Specifies whether or not the server will attempt to perform a reverse 7128 +name lookup when matching the name in the 7129 +.Pa ~/.shosts , 7130 +.Pa ~/.rhosts , 7131 +and 7132 +.Pa /etc/hosts.equiv 7133 +files during 7134 +.Cm HostbasedAuthentication . 7135 +A setting of 7136 +.Dq yes 7137 +means that 7138 +.Xr sshd 1M 7139 +uses the name supplied by the client rather than 7140 +attempting to resolve the name from the TCP connection itself. 7141 +The default is 7142 +.Dq no . 7143 +.It Cm HostCertificate 7144 +Specifies a file containing a public host certificate. 7145 +The certificate's public key must match a private host key already specified 7146 +by 7147 +.Cm HostKey . 7148 +The default behaviour of 7149 +.Xr sshd 1M 7150 +is not to load any certificates. 7151 +.It Cm HostKey 7152 +Specifies a file containing a private host key 7153 +used by SSH. 7154 +The default is 7155 +.Pa /etc/ssh/ssh_host_key 7156 +for protocol version 1, and 7157 +.Pa /etc/ssh/ssh_host_dsa_key , 7158 +.Pa /etc/ssh/ssh_host_ecdsa_key , 7159 +.Pa /etc/ssh/ssh_host_ed25519_key 7160 +and 7161 +.Pa /etc/ssh/ssh_host_rsa_key 7162 +for protocol version 2. 7163 +.Pp 7164 +Note that 7165 +.Xr sshd 1M 7166 +will refuse to use a file if it is group/world-accessible 7167 +and that the 7168 +.Cm HostKeyAlgorithms 7169 +option restricts which of the keys are actually used by 7170 +.Xr sshd 1M . 7171 +.Pp 7172 +It is possible to have multiple host key files. 7173 +.Dq rsa1 7174 +keys are used for version 1 and 7175 +.Dq dsa , 7176 +.Dq ecdsa , 7177 +.Dq ed25519 7178 +or 7179 +.Dq rsa 7180 +are used for version 2 of the SSH protocol. 7181 +It is also possible to specify public host key files instead. 7182 +In this case operations on the private key will be delegated 7183 +to an 7184 +.Xr ssh-agent 1 . 7185 +.It Cm HostKeyAgent 7186 +Identifies the UNIX-domain socket used to communicate 7187 +with an agent that has access to the private host keys. 7188 +If 7189 +.Dq SSH_AUTH_SOCK 7190 +is specified, the location of the socket will be read from the 7191 +.Ev SSH_AUTH_SOCK 7192 +environment variable. 7193 +.It Cm HostKeyAlgorithms 7194 +Specifies the protocol version 2 host key algorithms 7195 +that the server offers. 7196 +The default for this option is: 7197 +.Bd -literal -offset 3n 7198 +ecdsa-sha2-nistp256-cert-v01@openssh.com, 7199 +ecdsa-sha2-nistp384-cert-v01@openssh.com, 7200 +ecdsa-sha2-nistp521-cert-v01@openssh.com, 7201 +ssh-ed25519-cert-v01@openssh.com, 7202 +ssh-rsa-cert-v01@openssh.com, 7203 +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 7204 +ssh-ed25519,ssh-rsa 7205 +.Ed 7206 +.Pp 7207 +The list of available key types may also be obtained using the 7208 +.Fl Q 7209 +option of 7210 +.Xr ssh 1 7211 +with an argument of 7212 +.Dq key . 7213 +.It Cm IgnoreRhosts 7214 +Specifies that 7215 +.Pa .rhosts 7216 +and 7217 +.Pa .shosts 7218 +files will not be used in 7219 +.Cm RhostsRSAAuthentication 7220 +or 7221 +.Cm HostbasedAuthentication . 7222 +.Pp 7223 +.Pa /etc/hosts.equiv 7224 +and 7225 +.Pa /etc/shosts.equiv 7226 +are still used. 7227 +The default is 7228 +.Dq yes . 7229 +.It Cm IgnoreUserKnownHosts 7230 +Specifies whether 7231 +.Xr sshd 1M 7232 +should ignore the user's 7233 +.Pa ~/.ssh/known_hosts 7234 +during 7235 +.Cm RhostsRSAAuthentication 7236 +or 7237 +.Cm HostbasedAuthentication . 7238 +The default is 7239 +.Dq no . 7240 +.It Cm IPQoS 7241 +Specifies the IPv4 type-of-service or DSCP class for the connection. 7242 +Accepted values are 7243 +.Dq af11 , 7244 +.Dq af12 , 7245 +.Dq af13 , 7246 +.Dq af21 , 7247 +.Dq af22 , 7248 +.Dq af23 , 7249 +.Dq af31 , 7250 +.Dq af32 , 7251 +.Dq af33 , 7252 +.Dq af41 , 7253 +.Dq af42 , 7254 +.Dq af43 , 7255 +.Dq cs0 , 7256 +.Dq cs1 , 7257 +.Dq cs2 , 7258 +.Dq cs3 , 7259 +.Dq cs4 , 7260 +.Dq cs5 , 7261 +.Dq cs6 , 7262 +.Dq cs7 , 7263 +.Dq ef , 7264 +.Dq lowdelay , 7265 +.Dq throughput , 7266 +.Dq reliability , 7267 +or a numeric value. 7268 +This option may take one or two arguments, separated by whitespace. 7269 +If one argument is specified, it is used as the packet class unconditionally. 7270 +If two values are specified, the first is automatically selected for 7271 +interactive sessions and the second for non-interactive sessions. 7272 +The default is 7273 +.Dq lowdelay 7274 +for interactive sessions and 7275 +.Dq throughput 7276 +for non-interactive sessions. 7277 +.It Cm KbdInteractiveAuthentication 7278 +Specifies whether to allow keyboard-interactive authentication. 7279 +The argument to this keyword must be 7280 +.Dq yes 7281 +or 7282 +.Dq no . 7283 +The default is to use whatever value 7284 +.Cm ChallengeResponseAuthentication 7285 +is set to 7286 +(by default 7287 +.Dq yes ) . 7288 +.It Cm KerberosAuthentication 7289 +Specifies whether the password provided by the user for 7290 +.Cm PasswordAuthentication 7291 +will be validated through the Kerberos KDC. 7292 +To use this option, the server needs a 7293 +Kerberos servtab which allows the verification of the KDC's identity. 7294 +The default is 7295 +.Dq no . 7296 +.It Cm KerberosGetAFSToken 7297 +If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire 7298 +an AFS token before accessing the user's home directory. 7299 +The default is 7300 +.Dq no . 7301 +.It Cm KerberosOrLocalPasswd 7302 +If password authentication through Kerberos fails then 7303 +the password will be validated via any additional local mechanism 7304 +such as 7305 +.Pa /etc/passwd . 7306 +The default is 7307 +.Dq yes . 7308 +.It Cm KerberosTicketCleanup 7309 +Specifies whether to automatically destroy the user's ticket cache 7310 +file on logout. 7311 +The default is 7312 +.Dq yes . 7313 +.It Cm KexAlgorithms 7314 +Specifies the available KEX (Key Exchange) algorithms. 7315 +Multiple algorithms must be comma-separated. 7316 +Alternately if the specified value begins with a 7317 +.Sq + 7318 +character, then the specified methods will be appended to the default set 7319 +instead of replacing them. 7320 +The supported algorithms are: 7321 +.Pp 7322 +.Bl -item -compact -offset indent 7323 +.It 7324 +curve25519-sha256@libssh.org 7325 +.It 7326 +diffie-hellman-group1-sha1 7327 +.It 7328 +diffie-hellman-group14-sha1 7329 +.It 7330 +diffie-hellman-group-exchange-sha1 7331 +.It 7332 +diffie-hellman-group-exchange-sha256 7333 +.It 7334 +ecdh-sha2-nistp256 7335 +.It 7336 +ecdh-sha2-nistp384 7337 +.It 7338 +ecdh-sha2-nistp521 7339 +.El 7340 +.Pp 7341 +The default is: 7342 +.Bd -literal -offset indent 7343 +curve25519-sha256@libssh.org, 7344 +ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 7345 +diffie-hellman-group-exchange-sha256, 7346 +diffie-hellman-group14-sha1 7347 +.Ed 7348 +.Pp 7349 +The list of available key exchange algorithms may also be obtained using the 7350 +.Fl Q 7351 +option of 7352 +.Xr ssh 1 7353 +with an argument of 7354 +.Dq kex . 7355 +.It Cm KeyRegenerationInterval 7356 +In protocol version 1, the ephemeral server key is automatically regenerated 7357 +after this many seconds (if it has been used). 7358 +The purpose of regeneration is to prevent 7359 +decrypting captured sessions by later breaking into the machine and 7360 +stealing the keys. 7361 +The key is never stored anywhere. 7362 +If the value is 0, the key is never regenerated. 7363 +The default is 3600 (seconds). 7364 +.It Cm ListenAddress 7365 +Specifies the local addresses 7366 +.Xr sshd 1M 7367 +should listen on. 7368 +The following forms may be used: 7369 +.Pp 7370 +.Bl -item -offset indent -compact 7371 +.It 7372 +.Cm ListenAddress 7373 +.Sm off 7374 +.Ar host | Ar IPv4_addr | Ar IPv6_addr 7375 +.Sm on 7376 +.It 7377 +.Cm ListenAddress 7378 +.Sm off 7379 +.Ar host | Ar IPv4_addr : Ar port 7380 +.Sm on 7381 +.It 7382 +.Cm ListenAddress 7383 +.Sm off 7384 +.Oo 7385 +.Ar host | Ar IPv6_addr Oc : Ar port 7386 +.Sm on 7387 +.El 7388 +.Pp 7389 +If 7390 +.Ar port 7391 +is not specified, 7392 +sshd will listen on the address and all 7393 +.Cm Port 7394 +options specified. 7395 +The default is to listen on all local addresses. 7396 +Multiple 7397 +.Cm ListenAddress 7398 +options are permitted. 7399 +.It Cm LoginGraceTime 7400 +The server disconnects after this time if the user has not 7401 +successfully logged in. 7402 +If the value is 0, there is no time limit. 7403 +The default is 120 seconds. 7404 +.It Cm LogLevel 7405 +Gives the verbosity level that is used when logging messages from 7406 +.Xr sshd 1M . 7407 +The possible values are: 7408 +QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 7409 +The default is INFO. 7410 +DEBUG and DEBUG1 are equivalent. 7411 +DEBUG2 and DEBUG3 each specify higher levels of debugging output. 7412 +Logging with a DEBUG level violates the privacy of users and is not recommended. 7413 +.It Cm MACs 7414 +Specifies the available MAC (message authentication code) algorithms. 7415 +The MAC algorithm is used in protocol version 2 7416 +for data integrity protection. 7417 +Multiple algorithms must be comma-separated. 7418 +If the specified value begins with a 7419 +.Sq + 7420 +character, then the specified algorithms will be appended to the default set 7421 +instead of replacing them. 7422 +.Pp 7423 +The algorithms that contain 7424 +.Dq -etm 7425 +calculate the MAC after encryption (encrypt-then-mac). 7426 +These are considered safer and their use recommended. 7427 +The supported MACs are: 7428 +.Pp 7429 +.Bl -item -compact -offset indent 7430 +.It 7431 +hmac-md5 7432 +.It 7433 +hmac-md5-96 7434 +.It 7435 +hmac-ripemd160 7436 +.It 7437 +hmac-sha1 7438 +.It 7439 +hmac-sha1-96 7440 +.It 7441 +hmac-sha2-256 7442 +.It 7443 +hmac-sha2-512 7444 +.It 7445 +umac-64@openssh.com 7446 +.It 7447 +umac-128@openssh.com 7448 +.It 7449 +hmac-md5-etm@openssh.com 7450 +.It 7451 +hmac-md5-96-etm@openssh.com 7452 +.It 7453 +hmac-ripemd160-etm@openssh.com 7454 +.It 7455 +hmac-sha1-etm@openssh.com 7456 +.It 7457 +hmac-sha1-96-etm@openssh.com 7458 +.It 7459 +hmac-sha2-256-etm@openssh.com 7460 +.It 7461 +hmac-sha2-512-etm@openssh.com 7462 +.It 7463 +umac-64-etm@openssh.com 7464 +.It 7465 +umac-128-etm@openssh.com 7466 +.El 7467 +.Pp 7468 +The default is: 7469 +.Bd -literal -offset indent 7470 +umac-64-etm@openssh.com,umac-128-etm@openssh.com, 7471 +hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 7472 +umac-64@openssh.com,umac-128@openssh.com, 7473 +hmac-sha2-256,hmac-sha2-512 7474 +.Ed 7475 +.Pp 7476 +The list of available MAC algorithms may also be obtained using the 7477 +.Fl Q 7478 +option of 7479 +.Xr ssh 1 7480 +with an argument of 7481 +.Dq mac . 7482 +.It Cm Match 7483 +Introduces a conditional block. 7484 +If all of the criteria on the 7485 +.Cm Match 7486 +line are satisfied, the keywords on the following lines override those 7487 +set in the global section of the config file, until either another 7488 +.Cm Match 7489 +line or the end of the file. 7490 +If a keyword appears in multiple 7491 +.Cm Match 7492 +blocks that are satisfied, only the first instance of the keyword is 7493 +applied. 7494 +.Pp 7495 +The arguments to 7496 +.Cm Match 7497 +are one or more criteria-pattern pairs or the single token 7498 +.Cm All 7499 +which matches all criteria. 7500 +The available criteria are 7501 +.Cm User , 7502 +.Cm Group , 7503 +.Cm Host , 7504 +.Cm LocalAddress , 7505 +.Cm LocalPort , 7506 +and 7507 +.Cm Address . 7508 +The match patterns may consist of single entries or comma-separated 7509 +lists and may use the wildcard and negation operators described in the 7510 +PATTERNS section of 7511 +.Xr ssh_config 4 . 7512 +.Pp 7513 +The patterns in an 7514 +.Cm Address 7515 +criteria may additionally contain addresses to match in CIDR 7516 +address/masklen format, e.g.\& 7517 +.Dq 192.0.2.0/24 7518 +or 7519 +.Dq 3ffe:ffff::/32 . 7520 +Note that the mask length provided must be consistent with the address - 7521 +it is an error to specify a mask length that is too long for the address 7522 +or one with bits set in this host portion of the address. 7523 +For example, 7524 +.Dq 192.0.2.0/33 7525 +and 7526 +.Dq 192.0.2.0/8 7527 +respectively. 7528 +.Pp 7529 +Only a subset of keywords may be used on the lines following a 7530 +.Cm Match 7531 +keyword. 7532 +Available keywords are 7533 +.Cm AcceptEnv , 7534 +.Cm AllowAgentForwarding , 7535 +.Cm AllowGroups , 7536 +.Cm AllowStreamLocalForwarding , 7537 +.Cm AllowTcpForwarding , 7538 +.Cm AllowUsers , 7539 +.Cm AuthenticationMethods , 7540 +.Cm AuthorizedKeysCommand , 7541 +.Cm AuthorizedKeysCommandUser , 7542 +.Cm AuthorizedKeysFile , 7543 +.Cm AuthorizedPrincipalsFile , 7544 +.Cm Banner , 7545 +.Cm ChrootDirectory , 7546 +.Cm DenyGroups , 7547 +.Cm DenyUsers , 7548 +.Cm ForceCommand , 7549 +.Cm GatewayPorts , 7550 +.Cm GSSAPIAuthentication , 7551 +.Cm HostbasedAcceptedKeyTypes , 7552 +.Cm HostbasedAuthentication , 7553 +.Cm HostbasedUsesNameFromPacketOnly , 7554 +.Cm IPQoS , 7555 +.Cm KbdInteractiveAuthentication , 7556 +.Cm KerberosAuthentication , 7557 +.Cm MaxAuthTries , 7558 +.Cm MaxSessions , 7559 +.Cm PasswordAuthentication , 7560 +.Cm PermitEmptyPasswords , 7561 +.Cm PermitOpen , 7562 +.Cm PermitRootLogin , 7563 +.Cm PermitTTY , 7564 +.Cm PermitTunnel , 7565 +.Cm PermitUserRC , 7566 +.Cm PubkeyAcceptedKeyTypes , 7567 +.Cm PubkeyAuthentication , 7568 +.Cm RekeyLimit , 7569 +.Cm RevokedKeys , 7570 +.Cm RhostsRSAAuthentication , 7571 +.Cm RSAAuthentication , 7572 +.Cm StreamLocalBindMask , 7573 +.Cm StreamLocalBindUnlink , 7574 +.Cm TrustedUserCAKeys , 7575 +.Cm X11DisplayOffset , 7576 +.Cm X11Forwarding 7577 +and 7578 +.Cm X11UseLocalHost . 7579 +.It Cm MaxAuthTries 7580 +Specifies the maximum number of authentication attempts permitted per 7581 +connection. 7582 +Once the number of failures reaches half this value, 7583 +additional failures are logged. 7584 +The default is 6. 7585 +.It Cm MaxSessions 7586 +Specifies the maximum number of open sessions permitted per network connection. 7587 +The default is 10. 7588 +.It Cm MaxStartups 7589 +Specifies the maximum number of concurrent unauthenticated connections to the 7590 +SSH daemon. 7591 +Additional connections will be dropped until authentication succeeds or the 7592 +.Cm LoginGraceTime 7593 +expires for a connection. 7594 +The default is 10:30:100. 7595 +.Pp 7596 +Alternatively, random early drop can be enabled by specifying 7597 +the three colon separated values 7598 +.Dq start:rate:full 7599 +(e.g. "10:30:60"). 7600 +.Xr sshd 1M 7601 +will refuse connection attempts with a probability of 7602 +.Dq rate/100 7603 +(30%) 7604 +if there are currently 7605 +.Dq start 7606 +(10) 7607 +unauthenticated connections. 7608 +The probability increases linearly and all connection attempts 7609 +are refused if the number of unauthenticated connections reaches 7610 +.Dq full 7611 +(60). 7612 +.It Cm PasswordAuthentication 7613 +Specifies whether password authentication is allowed. 7614 +The default is 7615 +.Dq yes . 7616 +.It Cm PermitEmptyPasswords 7617 +When password authentication is allowed, it specifies whether the 7618 +server allows login to accounts with empty password strings. 7619 +The default is 7620 +.Dq no . 7621 +.It Cm PermitOpen 7622 +Specifies the destinations to which TCP port forwarding is permitted. 7623 +The forwarding specification must be one of the following forms: 7624 +.Pp 7625 +.Bl -item -offset indent -compact 7626 +.It 7627 +.Cm PermitOpen 7628 +.Sm off 7629 +.Ar host : port 7630 +.Sm on 7631 +.It 7632 +.Cm PermitOpen 7633 +.Sm off 7634 +.Ar IPv4_addr : port 7635 +.Sm on 7636 +.It 7637 +.Cm PermitOpen 7638 +.Sm off 7639 +.Ar \&[ IPv6_addr \&] : port 7640 +.Sm on 7641 +.El 7642 +.Pp 7643 +Multiple forwards may be specified by separating them with whitespace. 7644 +An argument of 7645 +.Dq any 7646 +can be used to remove all restrictions and permit any forwarding requests. 7647 +An argument of 7648 +.Dq none 7649 +can be used to prohibit all forwarding requests. 7650 +By default all port forwarding requests are permitted. 7651 +.It Cm PermitRootLogin 7652 +Specifies whether root can log in using 7653 +.Xr ssh 1 . 7654 +The argument must be 7655 +.Dq yes , 7656 +.Dq prohibit-password , 7657 +.Dq without-password , 7658 +.Dq forced-commands-only , 7659 +or 7660 +.Dq no . 7661 +The default is 7662 +.Dq prohibit-password . 7663 +.Pp 7664 +If this option is set to 7665 +.Dq prohibit-password 7666 +or 7667 +.Dq without-password , 7668 +password and keyboard-interactive authentication are disabled for root. 7669 +.Pp 7670 +If this option is set to 7671 +.Dq forced-commands-only , 7672 +root login with public key authentication will be allowed, 7673 +but only if the 7674 +.Ar command 7675 +option has been specified 7676 +(which may be useful for taking remote backups even if root login is 7677 +normally not allowed). 7678 +All other authentication methods are disabled for root. 7679 +.Pp 7680 +If this option is set to 7681 +.Dq no , 7682 +root is not allowed to log in. 7683 +.It Cm PermitTunnel 7684 +Specifies whether 7685 +.Xr tun 4 7686 +device forwarding is allowed. 7687 +The argument must be 7688 +.Dq yes , 7689 +.Dq point-to-point 7690 +(layer 3), 7691 +.Dq ethernet 7692 +(layer 2), or 7693 +.Dq no . 7694 +Specifying 7695 +.Dq yes 7696 +permits both 7697 +.Dq point-to-point 7698 +and 7699 +.Dq ethernet . 7700 +The default is 7701 +.Dq no . 7702 +.Pp 7703 +Independent of this setting, the permissions of the selected 7704 +.Xr tun 4 7705 +device must allow access to the user. 7706 +.It Cm PermitTTY 7707 +Specifies whether 7708 +.Xr pty 4 7709 +allocation is permitted. 7710 +The default is 7711 +.Dq yes . 7712 +.It Cm PermitUserEnvironment 7713 +Specifies whether 7714 +.Pa ~/.ssh/environment 7715 +and 7716 +.Cm environment= 7717 +options in 7718 +.Pa ~/.ssh/authorized_keys 7719 +are processed by 7720 +.Xr sshd 1M . 7721 +The default is 7722 +.Dq no . 7723 +Enabling environment processing may enable users to bypass access 7724 +restrictions in some configurations using mechanisms such as 7725 +.Ev LD_PRELOAD . 7726 +.It Cm PermitUserRC 7727 +Specifies whether any 7728 +.Pa ~/.ssh/rc 7729 +file is executed. 7730 +The default is 7731 +.Dq yes . 7732 +.It Cm PidFile 7733 +Specifies the file that contains the process ID of the 7734 +SSH daemon, or 7735 +.Dq none 7736 +to not write one. 7737 +The default is 7738 +.Pa /var/run/sshd.pid . 7739 +.It Cm Port 7740 +Specifies the port number that 7741 +.Xr sshd 1M 7742 +listens on. 7743 +The default is 22. 7744 +Multiple options of this type are permitted. 7745 +See also 7746 +.Cm ListenAddress . 7747 +.It Cm PrintLastLog 7748 +Specifies whether 7749 +.Xr sshd 1M 7750 +should print the date and time of the last user login when a user logs 7751 +in interactively. 7752 +On Solaris this option is always ignored since pam_unix_session(5) 7753 +reports the last login time. 7754 +.It Cm PrintMotd 7755 +Specifies whether 7756 +.Xr sshd 1M 7757 +should print 7758 +.Pa /etc/motd 7759 +when a user logs in interactively. 7760 +(On some systems it is also printed by the shell, 7761 +.Pa /etc/profile , 7762 +or equivalent.) 7763 +The default is 7764 +.Dq yes . 7765 +.It Cm Protocol 7766 +Specifies the protocol versions 7767 +.Xr sshd 1M 7768 +supports. 7769 +The possible values are 7770 +.Sq 1 7771 +and 7772 +.Sq 2 . 7773 +Multiple versions must be comma-separated. 7774 +The default is 7775 +.Sq 2 . 7776 +Note that the order of the protocol list does not indicate preference, 7777 +because the client selects among multiple protocol versions offered 7778 +by the server. 7779 +Specifying 7780 +.Dq 2,1 7781 +is identical to 7782 +.Dq 1,2 . 7783 +.It Cm PubkeyAcceptedKeyTypes 7784 +Specifies the key types that will be accepted for public key authentication 7785 +as a comma-separated pattern list. 7786 +Alternately if the specified value begins with a 7787 +.Sq + 7788 +character, then the specified key types will be appended to the default set 7789 +instead of replacing them. 7790 +The default for this option is: 7791 +.Bd -literal -offset 3n 7792 +ecdsa-sha2-nistp256-cert-v01@openssh.com, 7793 +ecdsa-sha2-nistp384-cert-v01@openssh.com, 7794 +ecdsa-sha2-nistp521-cert-v01@openssh.com, 7795 +ssh-ed25519-cert-v01@openssh.com, 7796 +ssh-rsa-cert-v01@openssh.com, 7797 +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 7798 +ssh-ed25519,ssh-rsa 7799 +.Ed 7800 +.Pp 7801 +The 7802 +.Fl Q 7803 +option of 7804 +.Xr ssh 1 7805 +may be used to list supported key types. 7806 +.It Cm PubkeyAuthentication 7807 +Specifies whether public key authentication is allowed. 7808 +The default is 7809 +.Dq yes . 7810 +Note that this option applies to protocol version 2 only. 7811 +.It Cm RekeyLimit 7812 +Specifies the maximum amount of data that may be transmitted before the 7813 +session key is renegotiated, optionally followed a maximum amount of 7814 +time that may pass before the session key is renegotiated. 7815 +The first argument is specified in bytes and may have a suffix of 7816 +.Sq K , 7817 +.Sq M , 7818 +or 7819 +.Sq G 7820 +to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 7821 +The default is between 7822 +.Sq 1G 7823 +and 7824 +.Sq 4G , 7825 +depending on the cipher. 7826 +The optional second value is specified in seconds and may use any of the 7827 +units documented in the 7828 +.Sx TIME FORMATS 7829 +section. 7830 +The default value for 7831 +.Cm RekeyLimit 7832 +is 7833 +.Dq default none , 7834 +which means that rekeying is performed after the cipher's default amount 7835 +of data has been sent or received and no time based rekeying is done. 7836 +This option applies to protocol version 2 only. 7837 +.It Cm RevokedKeys 7838 +Specifies revoked public keys file, or 7839 +.Dq none 7840 +to not use one. 7841 +Keys listed in this file will be refused for public key authentication. 7842 +Note that if this file is not readable, then public key authentication will 7843 +be refused for all users. 7844 +Keys may be specified as a text file, listing one public key per line, or as 7845 +an OpenSSH Key Revocation List (KRL) as generated by 7846 +.Xr ssh-keygen 1 . 7847 +For more information on KRLs, see the KEY REVOCATION LISTS section in 7848 +.Xr ssh-keygen 1 . 7849 +.It Cm RhostsRSAAuthentication 7850 +Specifies whether rhosts or /etc/hosts.equiv authentication together 7851 +with successful RSA host authentication is allowed. 7852 +The default is 7853 +.Dq no . 7854 +This option applies to protocol version 1 only. 7855 +.It Cm RSAAuthentication 7856 +Specifies whether pure RSA authentication is allowed. 7857 +The default is 7858 +.Dq yes . 7859 +This option applies to protocol version 1 only. 7860 +.It Cm ServerKeyBits 7861 +Defines the number of bits in the ephemeral protocol version 1 server key. 7862 +The default and minimum value is 1024. 7863 +.It Cm StreamLocalBindMask 7864 +Sets the octal file creation mode mask 7865 +.Pq umask 7866 +used when creating a Unix-domain socket file for local or remote 7867 +port forwarding. 7868 +This option is only used for port forwarding to a Unix-domain socket file. 7869 +.Pp 7870 +The default value is 0177, which creates a Unix-domain socket file that is 7871 +readable and writable only by the owner. 7872 +Note that not all operating systems honor the file mode on Unix-domain 7873 +socket files. 7874 +.It Cm StreamLocalBindUnlink 7875 +Specifies whether to remove an existing Unix-domain socket file for local 7876 +or remote port forwarding before creating a new one. 7877 +If the socket file already exists and 7878 +.Cm StreamLocalBindUnlink 7879 +is not enabled, 7880 +.Nm sshd 7881 +will be unable to forward the port to the Unix-domain socket file. 7882 +This option is only used for port forwarding to a Unix-domain socket file. 7883 +.Pp 7884 +The argument must be 7885 +.Dq yes 7886 +or 7887 +.Dq no . 7888 +The default is 7889 +.Dq no . 7890 +.It Cm StrictModes 7891 +Specifies whether 7892 +.Xr sshd 1M 7893 +should check file modes and ownership of the 7894 +user's files and home directory before accepting login. 7895 +This is normally desirable because novices sometimes accidentally leave their 7896 +directory or files world-writable. 7897 +The default is 7898 +.Dq yes . 7899 +Note that this does not apply to 7900 +.Cm ChrootDirectory , 7901 +whose permissions and ownership are checked unconditionally. 7902 +.It Cm Subsystem 7903 +Configures an external subsystem (e.g. file transfer daemon). 7904 +Arguments should be a subsystem name and a command (with optional arguments) 7905 +to execute upon subsystem request. 7906 +.Pp 7907 +The command 7908 +.Xr sftp-server 8 7909 +implements the 7910 +.Dq sftp 7911 +file transfer subsystem. 7912 +.Pp 7913 +Alternately the name 7914 +.Dq internal-sftp 7915 +implements an in-process 7916 +.Dq sftp 7917 +server. 7918 +This may simplify configurations using 7919 +.Cm ChrootDirectory 7920 +to force a different filesystem root on clients. 7921 +.Pp 7922 +By default no subsystems are defined. 7923 +Note that this option applies to protocol version 2 only. 7924 +.It Cm SyslogFacility 7925 +Gives the facility code that is used when logging messages from 7926 +.Xr sshd 1M . 7927 +The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 7928 +LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 7929 +The default is AUTH. 7930 +.It Cm TCPKeepAlive 7931 +Specifies whether the system should send TCP keepalive messages to the 7932 +other side. 7933 +If they are sent, death of the connection or crash of one 7934 +of the machines will be properly noticed. 7935 +However, this means that 7936 +connections will die if the route is down temporarily, and some people 7937 +find it annoying. 7938 +On the other hand, if TCP keepalives are not sent, 7939 +sessions may hang indefinitely on the server, leaving 7940 +.Dq ghost 7941 +users and consuming server resources. 7942 +.Pp 7943 +The default is 7944 +.Dq yes 7945 +(to send TCP keepalive messages), and the server will notice 7946 +if the network goes down or the client host crashes. 7947 +This avoids infinitely hanging sessions. 7948 +.Pp 7949 +To disable TCP keepalive messages, the value should be set to 7950 +.Dq no . 7951 +.It Cm TrustedUserCAKeys 7952 +Specifies a file containing public keys of certificate authorities that are 7953 +trusted to sign user certificates for authentication, or 7954 +.Dq none 7955 +to not use one. 7956 +Keys are listed one per line; empty lines and comments starting with 7957 +.Ql # 7958 +are allowed. 7959 +If a certificate is presented for authentication and has its signing CA key 7960 +listed in this file, then it may be used for authentication for any user 7961 +listed in the certificate's principals list. 7962 +Note that certificates that lack a list of principals will not be permitted 7963 +for authentication using 7964 +.Cm TrustedUserCAKeys . 7965 +For more details on certificates, see the CERTIFICATES section in 7966 +.Xr ssh-keygen 1 . 7967 +.It Cm UseDNS 7968 +Specifies whether 7969 +.Xr sshd 1M 7970 +should look up the remote host name, and to check that 7971 +the resolved host name for the remote IP address maps back to the 7972 +very same IP address. 7973 +.Pp 7974 +If this option is set to 7975 +.Dq no 7976 +(the default) then only addresses and not host names may be used in 7977 +.Pa ~/.ssh/known_hosts 7978 +.Cm from 7979 +and 7980 +.Nm 7981 +.Cm Match 7982 +.Cm Host 7983 +directives. 7984 +.It Cm UseLogin 7985 +Specifies whether 7986 +.Xr login 1 7987 +is used for interactive login sessions. 7988 +The default is 7989 +.Dq no . 7990 +Note that 7991 +.Xr login 1 7992 +is never used for remote command execution. 7993 +Note also, that if this is enabled, 7994 +.Cm X11Forwarding 7995 +will be disabled because 7996 +.Xr login 1 7997 +does not know how to handle 7998 +.Xr xauth 1 7999 +cookies. 8000 +If 8001 +.Cm UsePrivilegeSeparation 8002 +is specified, it will be disabled after authentication. 8003 +.It Cm UsePAM 8004 +Enables the Pluggable Authentication Module interface. 8005 +If set to 8006 +.Dq yes 8007 +this will enable PAM authentication using 8008 +.Cm ChallengeResponseAuthentication 8009 +and 8010 +.Cm PasswordAuthentication 8011 +in addition to PAM account and session module processing for all 8012 +authentication types. 8013 +.Pp 8014 +Because PAM challenge-response authentication usually serves an equivalent 8015 +role to password authentication, you should disable either 8016 +.Cm PasswordAuthentication 8017 +or 8018 +.Cm ChallengeResponseAuthentication. 8019 +.Pp 8020 +If 8021 +.Cm UsePAM 8022 +is enabled, you will not be able to run 8023 +.Xr sshd 1M 8024 +as a non-root user. 8025 +The default is 8026 +.Dq no . 8027 +.It Cm UsePrivilegeSeparation 8028 +Specifies whether 8029 +.Xr sshd 1M 8030 +separates privileges by creating an unprivileged child process 8031 +to deal with incoming network traffic. 8032 +After successful authentication, another process will be created that has 8033 +the privilege of the authenticated user. 8034 +The goal of privilege separation is to prevent privilege 8035 +escalation by containing any corruption within the unprivileged processes. 8036 +The default is 8037 +.Dq yes . 8038 +If 8039 +.Cm UsePrivilegeSeparation 8040 +is set to 8041 +.Dq sandbox 8042 +then the pre-authentication unprivileged process is subject to additional 8043 +restrictions. 8044 +.It Cm VersionAddendum 8045 +Optionally specifies additional text to append to the SSH protocol banner 8046 +sent by the server upon connection. 8047 +The default is 8048 +.Dq none . 8049 +.It Cm X11DisplayOffset 8050 +Specifies the first display number available for 8051 +.Xr sshd 1M Ns 's 8052 +X11 forwarding. 8053 +This prevents sshd from interfering with real X11 servers. 8054 +The default is 10. 8055 +.It Cm X11Forwarding 8056 +Specifies whether X11 forwarding is permitted. 8057 +The argument must be 8058 +.Dq yes 8059 +or 8060 +.Dq no . 8061 +The default is 8062 +.Dq no . 8063 +.Pp 8064 +When X11 forwarding is enabled, there may be additional exposure to 8065 +the server and to client displays if the 8066 +.Xr sshd 1M 8067 +proxy display is configured to listen on the wildcard address (see 8068 +.Cm X11UseLocalhost 8069 +below), though this is not the default. 8070 +Additionally, the authentication spoofing and authentication data 8071 +verification and substitution occur on the client side. 8072 +The security risk of using X11 forwarding is that the client's X11 8073 +display server may be exposed to attack when the SSH client requests 8074 +forwarding (see the warnings for 8075 +.Cm ForwardX11 8076 +in 8077 +.Xr ssh_config 4 ) . 8078 +A system administrator may have a stance in which they want to 8079 +protect clients that may expose themselves to attack by unwittingly 8080 +requesting X11 forwarding, which can warrant a 8081 +.Dq no 8082 +setting. 8083 +.Pp 8084 +Note that disabling X11 forwarding does not prevent users from 8085 +forwarding X11 traffic, as users can always install their own forwarders. 8086 +X11 forwarding is automatically disabled if 8087 +.Cm UseLogin 8088 +is enabled. 8089 +.It Cm X11UseLocalhost 8090 +Specifies whether 8091 +.Xr sshd 1M 8092 +should bind the X11 forwarding server to the loopback address or to 8093 +the wildcard address. 8094 +By default, 8095 +sshd binds the forwarding server to the loopback address and sets the 8096 +hostname part of the 8097 +.Ev DISPLAY 8098 +environment variable to 8099 +.Dq localhost . 8100 +This prevents remote hosts from connecting to the proxy display. 8101 +However, some older X11 clients may not function with this 8102 +configuration. 8103 +.Cm X11UseLocalhost 8104 +may be set to 8105 +.Dq no 8106 +to specify that the forwarding server should be bound to the wildcard 8107 +address. 8108 +The argument must be 8109 +.Dq yes 8110 +or 8111 +.Dq no . 8112 +The default is 8113 +.Dq yes . 8114 +.It Cm XAuthLocation 8115 +Specifies the full pathname of the 8116 +.Xr xauth 1 8117 +program, or 8118 +.Dq none 8119 +to not use one. 8120 +The default is 8121 +.Pa /usr/X11R6/bin/xauth . 8122 +.El 8123 +.Sh TIME FORMATS 8124 +.Xr sshd 1M 8125 +command-line arguments and configuration file options that specify time 8126 +may be expressed using a sequence of the form: 8127 +.Sm off 8128 +.Ar time Op Ar qualifier , 8129 +.Sm on 8130 +where 8131 +.Ar time 8132 +is a positive integer value and 8133 +.Ar qualifier 8134 +is one of the following: 8135 +.Pp 8136 +.Bl -tag -width Ds -compact -offset indent 8137 +.It Aq Cm none 8138 +seconds 8139 +.It Cm s | Cm S 8140 +seconds 8141 +.It Cm m | Cm M 8142 +minutes 8143 +.It Cm h | Cm H 8144 +hours 8145 +.It Cm d | Cm D 8146 +days 8147 +.It Cm w | Cm W 8148 +weeks 8149 +.El 8150 +.Pp 8151 +Each member of the sequence is added together to calculate 8152 +the total time value. 8153 +.Pp 8154 +Time format examples: 8155 +.Pp 8156 +.Bl -tag -width Ds -compact -offset indent 8157 +.It 600 8158 +600 seconds (10 minutes) 8159 +.It 10m 8160 +10 minutes 8161 +.It 1h30m 8162 +1 hour 30 minutes (90 minutes) 8163 +.El 8164 +.Sh FILES 8165 +.Bl -tag -width Ds 8166 +.It Pa /etc/ssh/sshd_config 8167 +Contains configuration data for 8168 +.Xr sshd 1M . 8169 +This file should be writable by root only, but it is recommended 8170 +(though not necessary) that it be world-readable. 8171 +.El 8172 +.Sh SEE ALSO 8173 +.Xr sshd 1M , 8174 +.Xr pam_unix_session 5 8175 +.Sh AUTHORS 8176 +OpenSSH is a derivative of the original and free 8177 +ssh 1.2.12 release by Tatu Ylonen. 8178 +Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 8179 +Theo de Raadt and Dug Song 8180 +removed many bugs, re-added newer features and 8181 +created OpenSSH. 8182 +Markus Friedl contributed the support for SSH 8183 +protocol versions 1.5 and 2.0. 8184 +Niels Provos and Markus Friedl contributed support 8185 +for privilege separation. 8186 diff --git a/sshd_config.5 b/sshd_config.5 8187 deleted file mode 100644 8188 index 476f71c..0000000 8189 --- a/sshd_config.5 8190 +++ /dev/null 8191 @@ -1,1736 +0,0 @@ 8192 -.\" 8193 -.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 8194 -.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 8195 -.\" All rights reserved 8196 -.\" 8197 -.\" As far as I am concerned, the code I have written for this software 8198 -.\" can be used freely for any purpose. Any derived versions of this 8199 -.\" software must be clearly marked as such, and if the derived work is 8200 -.\" incompatible with the protocol description in the RFC file, it must be 8201 -.\" called by a name other than "ssh" or "Secure Shell". 8202 -.\" 8203 -.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 8204 -.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 8205 -.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 8206 -.\" 8207 -.\" Redistribution and use in source and binary forms, with or without 8208 -.\" modification, are permitted provided that the following conditions 8209 -.\" are met: 8210 -.\" 1. Redistributions of source code must retain the above copyright 8211 -.\" notice, this list of conditions and the following disclaimer. 8212 -.\" 2. Redistributions in binary form must reproduce the above copyright 8213 -.\" notice, this list of conditions and the following disclaimer in the 8214 -.\" documentation and/or other materials provided with the distribution. 8215 -.\" 8216 -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 8217 -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 8218 -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 8219 -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 8220 -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 8221 -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 8222 -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 8223 -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 8224 -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 8225 -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 8226 -.\" 8227 -.\" $OpenBSD: sshd_config.5,v 1.211 2015/08/14 15:32:41 jmc Exp $ 8228 -.Dd $Mdocdate: August 14 2015 $ 8229 -.Dt SSHD_CONFIG 5 8230 -.Os 8231 -.Sh NAME 8232 -.Nm sshd_config 8233 -.Nd OpenSSH SSH daemon configuration file 8234 -.Sh SYNOPSIS 8235 -.Nm /etc/ssh/sshd_config 8236 -.Sh DESCRIPTION 8237 -.Xr sshd 8 8238 -reads configuration data from 8239 -.Pa /etc/ssh/sshd_config 8240 -(or the file specified with 8241 -.Fl f 8242 -on the command line). 8243 -The file contains keyword-argument pairs, one per line. 8244 -Lines starting with 8245 -.Ql # 8246 -and empty lines are interpreted as comments. 8247 -Arguments may optionally be enclosed in double quotes 8248 -.Pq \&" 8249 -in order to represent arguments containing spaces. 8250 -.Pp 8251 -The possible 8252 -keywords and their meanings are as follows (note that 8253 -keywords are case-insensitive and arguments are case-sensitive): 8254 -.Bl -tag -width Ds 8255 -.It Cm AcceptEnv 8256 -Specifies what environment variables sent by the client will be copied into 8257 -the session's 8258 -.Xr environ 7 . 8259 -See 8260 -.Cm SendEnv 8261 -in 8262 -.Xr ssh_config 5 8263 -for how to configure the client. 8264 -Note that environment passing is only supported for protocol 2, and 8265 -that the 8266 -.Ev TERM 8267 -environment variable is always sent whenever the client 8268 -requests a pseudo-terminal as it is required by the protocol. 8269 -Variables are specified by name, which may contain the wildcard characters 8270 -.Ql * 8271 -and 8272 -.Ql \&? . 8273 -Multiple environment variables may be separated by whitespace or spread 8274 -across multiple 8275 -.Cm AcceptEnv 8276 -directives. 8277 -Be warned that some environment variables could be used to bypass restricted 8278 -user environments. 8279 -For this reason, care should be taken in the use of this directive. 8280 -The default is not to accept any environment variables. 8281 -.It Cm AddressFamily 8282 -Specifies which address family should be used by 8283 -.Xr sshd 8 . 8284 -Valid arguments are 8285 -.Dq any , 8286 -.Dq inet 8287 -(use IPv4 only), or 8288 -.Dq inet6 8289 -(use IPv6 only). 8290 -The default is 8291 -.Dq any . 8292 -.It Cm AllowAgentForwarding 8293 -Specifies whether 8294 -.Xr ssh-agent 1 8295 -forwarding is permitted. 8296 -The default is 8297 -.Dq yes . 8298 -Note that disabling agent forwarding does not improve security 8299 -unless users are also denied shell access, as they can always install 8300 -their own forwarders. 8301 -.It Cm AllowGroups 8302 -This keyword can be followed by a list of group name patterns, separated 8303 -by spaces. 8304 -If specified, login is allowed only for users whose primary 8305 -group or supplementary group list matches one of the patterns. 8306 -Only group names are valid; a numerical group ID is not recognized. 8307 -By default, login is allowed for all groups. 8308 -The allow/deny directives are processed in the following order: 8309 -.Cm DenyUsers , 8310 -.Cm AllowUsers , 8311 -.Cm DenyGroups , 8312 -and finally 8313 -.Cm AllowGroups . 8314 -.Pp 8315 -See PATTERNS in 8316 -.Xr ssh_config 5 8317 -for more information on patterns. 8318 -.It Cm AllowTcpForwarding 8319 -Specifies whether TCP forwarding is permitted. 8320 -The available options are 8321 -.Dq yes 8322 -or 8323 -.Dq all 8324 -to allow TCP forwarding, 8325 -.Dq no 8326 -to prevent all TCP forwarding, 8327 -.Dq local 8328 -to allow local (from the perspective of 8329 -.Xr ssh 1 ) 8330 -forwarding only or 8331 -.Dq remote 8332 -to allow remote forwarding only. 8333 -The default is 8334 -.Dq yes . 8335 -Note that disabling TCP forwarding does not improve security unless 8336 -users are also denied shell access, as they can always install their 8337 -own forwarders. 8338 -.It Cm AllowStreamLocalForwarding 8339 -Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. 8340 -The available options are 8341 -.Dq yes 8342 -or 8343 -.Dq all 8344 -to allow StreamLocal forwarding, 8345 -.Dq no 8346 -to prevent all StreamLocal forwarding, 8347 -.Dq local 8348 -to allow local (from the perspective of 8349 -.Xr ssh 1 ) 8350 -forwarding only or 8351 -.Dq remote 8352 -to allow remote forwarding only. 8353 -The default is 8354 -.Dq yes . 8355 -Note that disabling StreamLocal forwarding does not improve security unless 8356 -users are also denied shell access, as they can always install their 8357 -own forwarders. 8358 -.It Cm AllowUsers 8359 -This keyword can be followed by a list of user name patterns, separated 8360 -by spaces. 8361 -If specified, login is allowed only for user names that 8362 -match one of the patterns. 8363 -Only user names are valid; a numerical user ID is not recognized. 8364 -By default, login is allowed for all users. 8365 -If the pattern takes the form USER@HOST then USER and HOST 8366 -are separately checked, restricting logins to particular 8367 -users from particular hosts. 8368 -The allow/deny directives are processed in the following order: 8369 -.Cm DenyUsers , 8370 -.Cm AllowUsers , 8371 -.Cm DenyGroups , 8372 -and finally 8373 -.Cm AllowGroups . 8374 -.Pp 8375 -See PATTERNS in 8376 -.Xr ssh_config 5 8377 -for more information on patterns. 8378 -.It Cm AuthenticationMethods 8379 -Specifies the authentication methods that must be successfully completed 8380 -for a user to be granted access. 8381 -This option must be followed by one or more comma-separated lists of 8382 -authentication method names. 8383 -Successful authentication requires completion of every method in at least 8384 -one of these lists. 8385 -.Pp 8386 -For example, an argument of 8387 -.Dq publickey,password publickey,keyboard-interactive 8388 -would require the user to complete public key authentication, followed by 8389 -either password or keyboard interactive authentication. 8390 -Only methods that are next in one or more lists are offered at each stage, 8391 -so for this example, it would not be possible to attempt password or 8392 -keyboard-interactive authentication before public key. 8393 -.Pp 8394 -For keyboard interactive authentication it is also possible to 8395 -restrict authentication to a specific device by appending a 8396 -colon followed by the device identifier 8397 -.Dq bsdauth , 8398 -.Dq pam , 8399 -or 8400 -.Dq skey , 8401 -depending on the server configuration. 8402 -For example, 8403 -.Dq keyboard-interactive:bsdauth 8404 -would restrict keyboard interactive authentication to the 8405 -.Dq bsdauth 8406 -device. 8407 -.Pp 8408 -If the 8409 -.Dq publickey 8410 -method is listed more than once, 8411 -.Xr sshd 8 8412 -verifies that keys that have been used successfully are not reused for 8413 -subsequent authentications. 8414 -For example, an 8415 -.Cm AuthenticationMethods 8416 -of 8417 -.Dq publickey,publickey 8418 -will require successful authentication using two different public keys. 8419 -.Pp 8420 -This option is only available for SSH protocol 2 and will yield a fatal 8421 -error if enabled if protocol 1 is also enabled. 8422 -Note that each authentication method listed should also be explicitly enabled 8423 -in the configuration. 8424 -The default is not to require multiple authentication; successful completion 8425 -of a single authentication method is sufficient. 8426 -.It Cm AuthorizedKeysCommand 8427 -Specifies a program to be used to look up the user's public keys. 8428 -The program must be owned by root, not writable by group or others and 8429 -specified by an absolute path. 8430 -.Pp 8431 -Arguments to 8432 -.Cm AuthorizedKeysCommand 8433 -may be provided using the following tokens, which will be expanded 8434 -at runtime: %% is replaced by a literal '%', %u is replaced by the 8435 -username being authenticated, %h is replaced by the home directory 8436 -of the user being authenticated, %t is replaced with the key type 8437 -offered for authentication, %f is replaced with the fingerprint of 8438 -the key, and %k is replaced with the key being offered for authentication. 8439 -If no arguments are specified then the username of the target user 8440 -will be supplied. 8441 -.Pp 8442 -The program should produce on standard output zero or 8443 -more lines of authorized_keys output (see AUTHORIZED_KEYS in 8444 -.Xr sshd 8 ) . 8445 -If a key supplied by AuthorizedKeysCommand does not successfully authenticate 8446 -and authorize the user then public key authentication continues using the usual 8447 -.Cm AuthorizedKeysFile 8448 -files. 8449 -By default, no AuthorizedKeysCommand is run. 8450 -.It Cm AuthorizedKeysCommandUser 8451 -Specifies the user under whose account the AuthorizedKeysCommand is run. 8452 -It is recommended to use a dedicated user that has no other role on the host 8453 -than running authorized keys commands. 8454 -If 8455 -.Cm AuthorizedKeysCommand 8456 -is specified but 8457 -.Cm AuthorizedKeysCommandUser 8458 -is not, then 8459 -.Xr sshd 8 8460 -will refuse to start. 8461 -.It Cm AuthorizedKeysFile 8462 -Specifies the file that contains the public keys that can be used 8463 -for user authentication. 8464 -The format is described in the 8465 -AUTHORIZED_KEYS FILE FORMAT 8466 -section of 8467 -.Xr sshd 8 . 8468 -.Cm AuthorizedKeysFile 8469 -may contain tokens of the form %T which are substituted during connection 8470 -setup. 8471 -The following tokens are defined: %% is replaced by a literal '%', 8472 -%h is replaced by the home directory of the user being authenticated, and 8473 -%u is replaced by the username of that user. 8474 -After expansion, 8475 -.Cm AuthorizedKeysFile 8476 -is taken to be an absolute path or one relative to the user's home 8477 -directory. 8478 -Multiple files may be listed, separated by whitespace. 8479 -The default is 8480 -.Dq .ssh/authorized_keys .ssh/authorized_keys2 . 8481 -.It Cm AuthorizedPrincipalsCommand 8482 -Specifies a program to be used to generate the list of allowed 8483 -certificate principals as per 8484 -.Cm AuthorizedPrincipalsFile . 8485 -The program must be owned by root, not writable by group or others and 8486 -specified by an absolute path. 8487 -.Pp 8488 -Arguments to 8489 -.Cm AuthorizedPrincipalsCommand 8490 -may be provided using the following tokens, which will be expanded 8491 -at runtime: %% is replaced by a literal '%', %u is replaced by the 8492 -username being authenticated and %h is replaced by the home directory 8493 -of the user being authenticated. 8494 -.Pp 8495 -The program should produce on standard output zero or 8496 -more lines of 8497 -.Cm AuthorizedPrincipalsFile 8498 -output. 8499 -If either 8500 -.Cm AuthorizedPrincipalsCommand 8501 -or 8502 -.Cm AuthorizedPrincipalsFile 8503 -is specified, then certificates offered by the client for authentication 8504 -must contain a principal that is listed. 8505 -By default, no AuthorizedPrincipalsCommand is run. 8506 -.It Cm AuthorizedPrincipalsCommandUser 8507 -Specifies the user under whose account the AuthorizedPrincipalsCommand is run. 8508 -It is recommended to use a dedicated user that has no other role on the host 8509 -than running authorized principals commands. 8510 -If 8511 -.Cm AuthorizedPrincipalsCommand 8512 -is specified but 8513 -.Cm AuthorizedPrincipalsCommandUser 8514 -is not, then 8515 -.Xr sshd 8 8516 -will refuse to start. 8517 -.It Cm AuthorizedPrincipalsFile 8518 -Specifies a file that lists principal names that are accepted for 8519 -certificate authentication. 8520 -When using certificates signed by a key listed in 8521 -.Cm TrustedUserCAKeys , 8522 -this file lists names, one of which must appear in the certificate for it 8523 -to be accepted for authentication. 8524 -Names are listed one per line preceded by key options (as described 8525 -in AUTHORIZED_KEYS FILE FORMAT in 8526 -.Xr sshd 8 ) . 8527 -Empty lines and comments starting with 8528 -.Ql # 8529 -are ignored. 8530 -.Pp 8531 -.Cm AuthorizedPrincipalsFile 8532 -may contain tokens of the form %T which are substituted during connection 8533 -setup. 8534 -The following tokens are defined: %% is replaced by a literal '%', 8535 -%h is replaced by the home directory of the user being authenticated, and 8536 -%u is replaced by the username of that user. 8537 -After expansion, 8538 -.Cm AuthorizedPrincipalsFile 8539 -is taken to be an absolute path or one relative to the user's home 8540 -directory. 8541 -.Pp 8542 -The default is 8543 -.Dq none , 8544 -i.e. not to use a principals file \(en in this case, the username 8545 -of the user must appear in a certificate's principals list for it to be 8546 -accepted. 8547 -Note that 8548 -.Cm AuthorizedPrincipalsFile 8549 -is only used when authentication proceeds using a CA listed in 8550 -.Cm TrustedUserCAKeys 8551 -and is not consulted for certification authorities trusted via 8552 -.Pa ~/.ssh/authorized_keys , 8553 -though the 8554 -.Cm principals= 8555 -key option offers a similar facility (see 8556 -.Xr sshd 8 8557 -for details). 8558 -.It Cm Banner 8559 -The contents of the specified file are sent to the remote user before 8560 -authentication is allowed. 8561 -If the argument is 8562 -.Dq none 8563 -then no banner is displayed. 8564 -This option is only available for protocol version 2. 8565 -By default, no banner is displayed. 8566 -.It Cm ChallengeResponseAuthentication 8567 -Specifies whether challenge-response authentication is allowed (e.g. via 8568 -PAM or through authentication styles supported in 8569 -.Xr login.conf 5 ) 8570 -The default is 8571 -.Dq yes . 8572 -.It Cm ChrootDirectory 8573 -Specifies the pathname of a directory to 8574 -.Xr chroot 2 8575 -to after authentication. 8576 -At session startup 8577 -.Xr sshd 8 8578 -checks that all components of the pathname are root-owned directories 8579 -which are not writable by any other user or group. 8580 -After the chroot, 8581 -.Xr sshd 8 8582 -changes the working directory to the user's home directory. 8583 -.Pp 8584 -The pathname may contain the following tokens that are expanded at runtime once 8585 -the connecting user has been authenticated: %% is replaced by a literal '%', 8586 -%h is replaced by the home directory of the user being authenticated, and 8587 -%u is replaced by the username of that user. 8588 -.Pp 8589 -The 8590 -.Cm ChrootDirectory 8591 -must contain the necessary files and directories to support the 8592 -user's session. 8593 -For an interactive session this requires at least a shell, typically 8594 -.Xr sh 1 , 8595 -and basic 8596 -.Pa /dev 8597 -nodes such as 8598 -.Xr null 4 , 8599 -.Xr zero 4 , 8600 -.Xr stdin 4 , 8601 -.Xr stdout 4 , 8602 -.Xr stderr 4 , 8603 -and 8604 -.Xr tty 4 8605 -devices. 8606 -For file transfer sessions using 8607 -.Dq sftp , 8608 -no additional configuration of the environment is necessary if the 8609 -in-process sftp server is used, 8610 -though sessions which use logging may require 8611 -.Pa /dev/log 8612 -inside the chroot directory on some operating systems (see 8613 -.Xr sftp-server 8 8614 -for details). 8615 -.Pp 8616 -For safety, it is very important that the directory hierarchy be 8617 -prevented from modification by other processes on the system (especially 8618 -those outside the jail). 8619 -Misconfiguration can lead to unsafe environments which 8620 -.Xr sshd 8 8621 -cannot detect. 8622 -.Pp 8623 -The default is not to 8624 -.Xr chroot 2 . 8625 -.It Cm Ciphers 8626 -Specifies the ciphers allowed for protocol version 2. 8627 -Multiple ciphers must be comma-separated. 8628 -If the specified value begins with a 8629 -.Sq + 8630 -character, then the specified ciphers will be appended to the default set 8631 -instead of replacing them. 8632 -.Pp 8633 -The supported ciphers are: 8634 -.Pp 8635 -.Bl -item -compact -offset indent 8636 -.It 8637 -3des-cbc 8638 -.It 8639 -aes128-cbc 8640 -.It 8641 -aes192-cbc 8642 -.It 8643 -aes256-cbc 8644 -.It 8645 -aes128-ctr 8646 -.It 8647 -aes192-ctr 8648 -.It 8649 -aes256-ctr 8650 -.It 8651 -aes128-gcm@openssh.com 8652 -.It 8653 -aes256-gcm@openssh.com 8654 -.It 8655 -arcfour 8656 -.It 8657 -arcfour128 8658 -.It 8659 -arcfour256 8660 -.It 8661 -blowfish-cbc 8662 -.It 8663 -cast128-cbc 8664 -.It 8665 -chacha20-poly1305@openssh.com 8666 -.El 8667 -.Pp 8668 -The default is: 8669 -.Bd -literal -offset indent 8670 -chacha20-poly1305@openssh.com, 8671 -aes128-ctr,aes192-ctr,aes256-ctr, 8672 -aes128-gcm@openssh.com,aes256-gcm@openssh.com 8673 -.Ed 8674 -.Pp 8675 -The list of available ciphers may also be obtained using the 8676 -.Fl Q 8677 -option of 8678 -.Xr ssh 1 8679 -with an argument of 8680 -.Dq cipher . 8681 -.It Cm ClientAliveCountMax 8682 -Sets the number of client alive messages (see below) which may be 8683 -sent without 8684 -.Xr sshd 8 8685 -receiving any messages back from the client. 8686 -If this threshold is reached while client alive messages are being sent, 8687 -sshd will disconnect the client, terminating the session. 8688 -It is important to note that the use of client alive messages is very 8689 -different from 8690 -.Cm TCPKeepAlive 8691 -(below). 8692 -The client alive messages are sent through the encrypted channel 8693 -and therefore will not be spoofable. 8694 -The TCP keepalive option enabled by 8695 -.Cm TCPKeepAlive 8696 -is spoofable. 8697 -The client alive mechanism is valuable when the client or 8698 -server depend on knowing when a connection has become inactive. 8699 -.Pp 8700 -The default value is 3. 8701 -If 8702 -.Cm ClientAliveInterval 8703 -(see below) is set to 15, and 8704 -.Cm ClientAliveCountMax 8705 -is left at the default, unresponsive SSH clients 8706 -will be disconnected after approximately 45 seconds. 8707 -This option applies to protocol version 2 only. 8708 -.It Cm ClientAliveInterval 8709 -Sets a timeout interval in seconds after which if no data has been received 8710 -from the client, 8711 -.Xr sshd 8 8712 -will send a message through the encrypted 8713 -channel to request a response from the client. 8714 -The default 8715 -is 0, indicating that these messages will not be sent to the client. 8716 -This option applies to protocol version 2 only. 8717 -.It Cm Compression 8718 -Specifies whether compression is allowed, or delayed until 8719 -the user has authenticated successfully. 8720 -The argument must be 8721 -.Dq yes , 8722 -.Dq delayed , 8723 -or 8724 -.Dq no . 8725 -The default is 8726 -.Dq delayed . 8727 -.It Cm DenyGroups 8728 -This keyword can be followed by a list of group name patterns, separated 8729 -by spaces. 8730 -Login is disallowed for users whose primary group or supplementary 8731 -group list matches one of the patterns. 8732 -Only group names are valid; a numerical group ID is not recognized. 8733 -By default, login is allowed for all groups. 8734 -The allow/deny directives are processed in the following order: 8735 -.Cm DenyUsers , 8736 -.Cm AllowUsers , 8737 -.Cm DenyGroups , 8738 -and finally 8739 -.Cm AllowGroups . 8740 -.Pp 8741 -See PATTERNS in 8742 -.Xr ssh_config 5 8743 -for more information on patterns. 8744 -.It Cm DenyUsers 8745 -This keyword can be followed by a list of user name patterns, separated 8746 -by spaces. 8747 -Login is disallowed for user names that match one of the patterns. 8748 -Only user names are valid; a numerical user ID is not recognized. 8749 -By default, login is allowed for all users. 8750 -If the pattern takes the form USER@HOST then USER and HOST 8751 -are separately checked, restricting logins to particular 8752 -users from particular hosts. 8753 -The allow/deny directives are processed in the following order: 8754 -.Cm DenyUsers , 8755 -.Cm AllowUsers , 8756 -.Cm DenyGroups , 8757 -and finally 8758 -.Cm AllowGroups . 8759 -.Pp 8760 -See PATTERNS in 8761 -.Xr ssh_config 5 8762 -for more information on patterns. 8763 -.It Cm FingerprintHash 8764 -Specifies the hash algorithm used when logging key fingerprints. 8765 -Valid options are: 8766 -.Dq md5 8767 -and 8768 -.Dq sha256 . 8769 -The default is 8770 -.Dq sha256 . 8771 -.It Cm ForceCommand 8772 -Forces the execution of the command specified by 8773 -.Cm ForceCommand , 8774 -ignoring any command supplied by the client and 8775 -.Pa ~/.ssh/rc 8776 -if present. 8777 -The command is invoked by using the user's login shell with the -c option. 8778 -This applies to shell, command, or subsystem execution. 8779 -It is most useful inside a 8780 -.Cm Match 8781 -block. 8782 -The command originally supplied by the client is available in the 8783 -.Ev SSH_ORIGINAL_COMMAND 8784 -environment variable. 8785 -Specifying a command of 8786 -.Dq internal-sftp 8787 -will force the use of an in-process sftp server that requires no support 8788 -files when used with 8789 -.Cm ChrootDirectory . 8790 -.It Cm GatewayPorts 8791 -Specifies whether remote hosts are allowed to connect to ports 8792 -forwarded for the client. 8793 -By default, 8794 -.Xr sshd 8 8795 -binds remote port forwardings to the loopback address. 8796 -This prevents other remote hosts from connecting to forwarded ports. 8797 -.Cm GatewayPorts 8798 -can be used to specify that sshd 8799 -should allow remote port forwardings to bind to non-loopback addresses, thus 8800 -allowing other hosts to connect. 8801 -The argument may be 8802 -.Dq no 8803 -to force remote port forwardings to be available to the local host only, 8804 -.Dq yes 8805 -to force remote port forwardings to bind to the wildcard address, or 8806 -.Dq clientspecified 8807 -to allow the client to select the address to which the forwarding is bound. 8808 -The default is 8809 -.Dq no . 8810 -.It Cm GSSAPIAuthentication 8811 -Specifies whether user authentication based on GSSAPI is allowed. 8812 -The default is 8813 -.Dq no . 8814 -Note that this option applies to protocol version 2 only. 8815 -.It Cm GSSAPICleanupCredentials 8816 -Specifies whether to automatically destroy the user's credentials cache 8817 -on logout. 8818 -The default is 8819 -.Dq yes . 8820 -Note that this option applies to protocol version 2 only. 8821 -.It Cm GSSAPIStrictAcceptorCheck 8822 -Determines whether to be strict about the identity of the GSSAPI acceptor 8823 -a client authenticates against. 8824 -If set to 8825 -.Dq yes 8826 -then the client must authenticate against the 8827 -.Pa host 8828 -service on the current hostname. 8829 -If set to 8830 -.Dq no 8831 -then the client may authenticate against any service key stored in the 8832 -machine's default store. 8833 -This facility is provided to assist with operation on multi homed machines. 8834 -The default is 8835 -.Dq yes . 8836 -.It Cm HostbasedAcceptedKeyTypes 8837 -Specifies the key types that will be accepted for hostbased authentication 8838 -as a comma-separated pattern list. 8839 -Alternately if the specified value begins with a 8840 -.Sq + 8841 -character, then the specified key types will be appended to the default set 8842 -instead of replacing them. 8843 -The default for this option is: 8844 -.Bd -literal -offset 3n 8845 -ecdsa-sha2-nistp256-cert-v01@openssh.com, 8846 -ecdsa-sha2-nistp384-cert-v01@openssh.com, 8847 -ecdsa-sha2-nistp521-cert-v01@openssh.com, 8848 -ssh-ed25519-cert-v01@openssh.com, 8849 -ssh-rsa-cert-v01@openssh.com, 8850 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 8851 -ssh-ed25519,ssh-rsa 8852 -.Ed 8853 -.Pp 8854 -The 8855 -.Fl Q 8856 -option of 8857 -.Xr ssh 1 8858 -may be used to list supported key types. 8859 -.It Cm HostbasedAuthentication 8860 -Specifies whether rhosts or /etc/hosts.equiv authentication together 8861 -with successful public key client host authentication is allowed 8862 -(host-based authentication). 8863 -This option is similar to 8864 -.Cm RhostsRSAAuthentication 8865 -and applies to protocol version 2 only. 8866 -The default is 8867 -.Dq no . 8868 -.It Cm HostbasedUsesNameFromPacketOnly 8869 -Specifies whether or not the server will attempt to perform a reverse 8870 -name lookup when matching the name in the 8871 -.Pa ~/.shosts , 8872 -.Pa ~/.rhosts , 8873 -and 8874 -.Pa /etc/hosts.equiv 8875 -files during 8876 -.Cm HostbasedAuthentication . 8877 -A setting of 8878 -.Dq yes 8879 -means that 8880 -.Xr sshd 8 8881 -uses the name supplied by the client rather than 8882 -attempting to resolve the name from the TCP connection itself. 8883 -The default is 8884 -.Dq no . 8885 -.It Cm HostCertificate 8886 -Specifies a file containing a public host certificate. 8887 -The certificate's public key must match a private host key already specified 8888 -by 8889 -.Cm HostKey . 8890 -The default behaviour of 8891 -.Xr sshd 8 8892 -is not to load any certificates. 8893 -.It Cm HostKey 8894 -Specifies a file containing a private host key 8895 -used by SSH. 8896 -The default is 8897 -.Pa /etc/ssh/ssh_host_key 8898 -for protocol version 1, and 8899 -.Pa /etc/ssh/ssh_host_dsa_key , 8900 -.Pa /etc/ssh/ssh_host_ecdsa_key , 8901 -.Pa /etc/ssh/ssh_host_ed25519_key 8902 -and 8903 -.Pa /etc/ssh/ssh_host_rsa_key 8904 -for protocol version 2. 8905 -.Pp 8906 -Note that 8907 -.Xr sshd 8 8908 -will refuse to use a file if it is group/world-accessible 8909 -and that the 8910 -.Cm HostKeyAlgorithms 8911 -option restricts which of the keys are actually used by 8912 -.Xr sshd 8 . 8913 -.Pp 8914 -It is possible to have multiple host key files. 8915 -.Dq rsa1 8916 -keys are used for version 1 and 8917 -.Dq dsa , 8918 -.Dq ecdsa , 8919 -.Dq ed25519 8920 -or 8921 -.Dq rsa 8922 -are used for version 2 of the SSH protocol. 8923 -It is also possible to specify public host key files instead. 8924 -In this case operations on the private key will be delegated 8925 -to an 8926 -.Xr ssh-agent 1 . 8927 -.It Cm HostKeyAgent 8928 -Identifies the UNIX-domain socket used to communicate 8929 -with an agent that has access to the private host keys. 8930 -If 8931 -.Dq SSH_AUTH_SOCK 8932 -is specified, the location of the socket will be read from the 8933 -.Ev SSH_AUTH_SOCK 8934 -environment variable. 8935 -.It Cm HostKeyAlgorithms 8936 -Specifies the protocol version 2 host key algorithms 8937 -that the server offers. 8938 -The default for this option is: 8939 -.Bd -literal -offset 3n 8940 -ecdsa-sha2-nistp256-cert-v01@openssh.com, 8941 -ecdsa-sha2-nistp384-cert-v01@openssh.com, 8942 -ecdsa-sha2-nistp521-cert-v01@openssh.com, 8943 -ssh-ed25519-cert-v01@openssh.com, 8944 -ssh-rsa-cert-v01@openssh.com, 8945 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 8946 -ssh-ed25519,ssh-rsa 8947 -.Ed 8948 -.Pp 8949 -The list of available key types may also be obtained using the 8950 -.Fl Q 8951 -option of 8952 -.Xr ssh 1 8953 -with an argument of 8954 -.Dq key . 8955 -.It Cm IgnoreRhosts 8956 -Specifies that 8957 -.Pa .rhosts 8958 -and 8959 -.Pa .shosts 8960 -files will not be used in 8961 -.Cm RhostsRSAAuthentication 8962 -or 8963 -.Cm HostbasedAuthentication . 8964 -.Pp 8965 -.Pa /etc/hosts.equiv 8966 -and 8967 -.Pa /etc/shosts.equiv 8968 -are still used. 8969 -The default is 8970 -.Dq yes . 8971 -.It Cm IgnoreUserKnownHosts 8972 -Specifies whether 8973 -.Xr sshd 8 8974 -should ignore the user's 8975 -.Pa ~/.ssh/known_hosts 8976 -during 8977 -.Cm RhostsRSAAuthentication 8978 -or 8979 -.Cm HostbasedAuthentication . 8980 -The default is 8981 -.Dq no . 8982 -.It Cm IPQoS 8983 -Specifies the IPv4 type-of-service or DSCP class for the connection. 8984 -Accepted values are 8985 -.Dq af11 , 8986 -.Dq af12 , 8987 -.Dq af13 , 8988 -.Dq af21 , 8989 -.Dq af22 , 8990 -.Dq af23 , 8991 -.Dq af31 , 8992 -.Dq af32 , 8993 -.Dq af33 , 8994 -.Dq af41 , 8995 -.Dq af42 , 8996 -.Dq af43 , 8997 -.Dq cs0 , 8998 -.Dq cs1 , 8999 -.Dq cs2 , 9000 -.Dq cs3 , 9001 -.Dq cs4 , 9002 -.Dq cs5 , 9003 -.Dq cs6 , 9004 -.Dq cs7 , 9005 -.Dq ef , 9006 -.Dq lowdelay , 9007 -.Dq throughput , 9008 -.Dq reliability , 9009 -or a numeric value. 9010 -This option may take one or two arguments, separated by whitespace. 9011 -If one argument is specified, it is used as the packet class unconditionally. 9012 -If two values are specified, the first is automatically selected for 9013 -interactive sessions and the second for non-interactive sessions. 9014 -The default is 9015 -.Dq lowdelay 9016 -for interactive sessions and 9017 -.Dq throughput 9018 -for non-interactive sessions. 9019 -.It Cm KbdInteractiveAuthentication 9020 -Specifies whether to allow keyboard-interactive authentication. 9021 -The argument to this keyword must be 9022 -.Dq yes 9023 -or 9024 -.Dq no . 9025 -The default is to use whatever value 9026 -.Cm ChallengeResponseAuthentication 9027 -is set to 9028 -(by default 9029 -.Dq yes ) . 9030 -.It Cm KerberosAuthentication 9031 -Specifies whether the password provided by the user for 9032 -.Cm PasswordAuthentication 9033 -will be validated through the Kerberos KDC. 9034 -To use this option, the server needs a 9035 -Kerberos servtab which allows the verification of the KDC's identity. 9036 -The default is 9037 -.Dq no . 9038 -.It Cm KerberosGetAFSToken 9039 -If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire 9040 -an AFS token before accessing the user's home directory. 9041 -The default is 9042 -.Dq no . 9043 -.It Cm KerberosOrLocalPasswd 9044 -If password authentication through Kerberos fails then 9045 -the password will be validated via any additional local mechanism 9046 -such as 9047 -.Pa /etc/passwd . 9048 -The default is 9049 -.Dq yes . 9050 -.It Cm KerberosTicketCleanup 9051 -Specifies whether to automatically destroy the user's ticket cache 9052 -file on logout. 9053 -The default is 9054 -.Dq yes . 9055 -.It Cm KexAlgorithms 9056 -Specifies the available KEX (Key Exchange) algorithms. 9057 -Multiple algorithms must be comma-separated. 9058 -Alternately if the specified value begins with a 9059 -.Sq + 9060 -character, then the specified methods will be appended to the default set 9061 -instead of replacing them. 9062 -The supported algorithms are: 9063 -.Pp 9064 -.Bl -item -compact -offset indent 9065 -.It 9066 -curve25519-sha256@libssh.org 9067 -.It 9068 -diffie-hellman-group1-sha1 9069 -.It 9070 -diffie-hellman-group14-sha1 9071 -.It 9072 -diffie-hellman-group-exchange-sha1 9073 -.It 9074 -diffie-hellman-group-exchange-sha256 9075 -.It 9076 -ecdh-sha2-nistp256 9077 -.It 9078 -ecdh-sha2-nistp384 9079 -.It 9080 -ecdh-sha2-nistp521 9081 -.El 9082 -.Pp 9083 -The default is: 9084 -.Bd -literal -offset indent 9085 -curve25519-sha256@libssh.org, 9086 -ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 9087 -diffie-hellman-group-exchange-sha256, 9088 -diffie-hellman-group14-sha1 9089 -.Ed 9090 -.Pp 9091 -The list of available key exchange algorithms may also be obtained using the 9092 -.Fl Q 9093 -option of 9094 -.Xr ssh 1 9095 -with an argument of 9096 -.Dq kex . 9097 -.It Cm KeyRegenerationInterval 9098 -In protocol version 1, the ephemeral server key is automatically regenerated 9099 -after this many seconds (if it has been used). 9100 -The purpose of regeneration is to prevent 9101 -decrypting captured sessions by later breaking into the machine and 9102 -stealing the keys. 9103 -The key is never stored anywhere. 9104 -If the value is 0, the key is never regenerated. 9105 -The default is 3600 (seconds). 9106 -.It Cm ListenAddress 9107 -Specifies the local addresses 9108 -.Xr sshd 8 9109 -should listen on. 9110 -The following forms may be used: 9111 -.Pp 9112 -.Bl -item -offset indent -compact 9113 -.It 9114 -.Cm ListenAddress 9115 -.Sm off 9116 -.Ar host | Ar IPv4_addr | Ar IPv6_addr 9117 -.Sm on 9118 -.It 9119 -.Cm ListenAddress 9120 -.Sm off 9121 -.Ar host | Ar IPv4_addr : Ar port 9122 -.Sm on 9123 -.It 9124 -.Cm ListenAddress 9125 -.Sm off 9126 -.Oo 9127 -.Ar host | Ar IPv6_addr Oc : Ar port 9128 -.Sm on 9129 -.El 9130 -.Pp 9131 -If 9132 -.Ar port 9133 -is not specified, 9134 -sshd will listen on the address and all 9135 -.Cm Port 9136 -options specified. 9137 -The default is to listen on all local addresses. 9138 -Multiple 9139 -.Cm ListenAddress 9140 -options are permitted. 9141 -.It Cm LoginGraceTime 9142 -The server disconnects after this time if the user has not 9143 -successfully logged in. 9144 -If the value is 0, there is no time limit. 9145 -The default is 120 seconds. 9146 -.It Cm LogLevel 9147 -Gives the verbosity level that is used when logging messages from 9148 -.Xr sshd 8 . 9149 -The possible values are: 9150 -QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 9151 -The default is INFO. 9152 -DEBUG and DEBUG1 are equivalent. 9153 -DEBUG2 and DEBUG3 each specify higher levels of debugging output. 9154 -Logging with a DEBUG level violates the privacy of users and is not recommended. 9155 -.It Cm MACs 9156 -Specifies the available MAC (message authentication code) algorithms. 9157 -The MAC algorithm is used in protocol version 2 9158 -for data integrity protection. 9159 -Multiple algorithms must be comma-separated. 9160 -If the specified value begins with a 9161 -.Sq + 9162 -character, then the specified algorithms will be appended to the default set 9163 -instead of replacing them. 9164 -.Pp 9165 -The algorithms that contain 9166 -.Dq -etm 9167 -calculate the MAC after encryption (encrypt-then-mac). 9168 -These are considered safer and their use recommended. 9169 -The supported MACs are: 9170 -.Pp 9171 -.Bl -item -compact -offset indent 9172 -.It 9173 -hmac-md5 9174 -.It 9175 -hmac-md5-96 9176 -.It 9177 -hmac-ripemd160 9178 -.It 9179 -hmac-sha1 9180 -.It 9181 -hmac-sha1-96 9182 -.It 9183 -hmac-sha2-256 9184 -.It 9185 -hmac-sha2-512 9186 -.It 9187 -umac-64@openssh.com 9188 -.It 9189 -umac-128@openssh.com 9190 -.It 9191 -hmac-md5-etm@openssh.com 9192 -.It 9193 -hmac-md5-96-etm@openssh.com 9194 -.It 9195 -hmac-ripemd160-etm@openssh.com 9196 -.It 9197 -hmac-sha1-etm@openssh.com 9198 -.It 9199 -hmac-sha1-96-etm@openssh.com 9200 -.It 9201 -hmac-sha2-256-etm@openssh.com 9202 -.It 9203 -hmac-sha2-512-etm@openssh.com 9204 -.It 9205 -umac-64-etm@openssh.com 9206 -.It 9207 -umac-128-etm@openssh.com 9208 -.El 9209 -.Pp 9210 -The default is: 9211 -.Bd -literal -offset indent 9212 -umac-64-etm@openssh.com,umac-128-etm@openssh.com, 9213 -hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 9214 -umac-64@openssh.com,umac-128@openssh.com, 9215 -hmac-sha2-256,hmac-sha2-512 9216 -.Ed 9217 -.Pp 9218 -The list of available MAC algorithms may also be obtained using the 9219 -.Fl Q 9220 -option of 9221 -.Xr ssh 1 9222 -with an argument of 9223 -.Dq mac . 9224 -.It Cm Match 9225 -Introduces a conditional block. 9226 -If all of the criteria on the 9227 -.Cm Match 9228 -line are satisfied, the keywords on the following lines override those 9229 -set in the global section of the config file, until either another 9230 -.Cm Match 9231 -line or the end of the file. 9232 -If a keyword appears in multiple 9233 -.Cm Match 9234 -blocks that are satisfied, only the first instance of the keyword is 9235 -applied. 9236 -.Pp 9237 -The arguments to 9238 -.Cm Match 9239 -are one or more criteria-pattern pairs or the single token 9240 -.Cm All 9241 -which matches all criteria. 9242 -The available criteria are 9243 -.Cm User , 9244 -.Cm Group , 9245 -.Cm Host , 9246 -.Cm LocalAddress , 9247 -.Cm LocalPort , 9248 -and 9249 -.Cm Address . 9250 -The match patterns may consist of single entries or comma-separated 9251 -lists and may use the wildcard and negation operators described in the 9252 -PATTERNS section of 9253 -.Xr ssh_config 5 . 9254 -.Pp 9255 -The patterns in an 9256 -.Cm Address 9257 -criteria may additionally contain addresses to match in CIDR 9258 -address/masklen format, e.g.\& 9259 -.Dq 192.0.2.0/24 9260 -or 9261 -.Dq 3ffe:ffff::/32 . 9262 -Note that the mask length provided must be consistent with the address - 9263 -it is an error to specify a mask length that is too long for the address 9264 -or one with bits set in this host portion of the address. 9265 -For example, 9266 -.Dq 192.0.2.0/33 9267 -and 9268 -.Dq 192.0.2.0/8 9269 -respectively. 9270 -.Pp 9271 -Only a subset of keywords may be used on the lines following a 9272 -.Cm Match 9273 -keyword. 9274 -Available keywords are 9275 -.Cm AcceptEnv , 9276 -.Cm AllowAgentForwarding , 9277 -.Cm AllowGroups , 9278 -.Cm AllowStreamLocalForwarding , 9279 -.Cm AllowTcpForwarding , 9280 -.Cm AllowUsers , 9281 -.Cm AuthenticationMethods , 9282 -.Cm AuthorizedKeysCommand , 9283 -.Cm AuthorizedKeysCommandUser , 9284 -.Cm AuthorizedKeysFile , 9285 -.Cm AuthorizedPrincipalsFile , 9286 -.Cm Banner , 9287 -.Cm ChrootDirectory , 9288 -.Cm DenyGroups , 9289 -.Cm DenyUsers , 9290 -.Cm ForceCommand , 9291 -.Cm GatewayPorts , 9292 -.Cm GSSAPIAuthentication , 9293 -.Cm HostbasedAcceptedKeyTypes , 9294 -.Cm HostbasedAuthentication , 9295 -.Cm HostbasedUsesNameFromPacketOnly , 9296 -.Cm IPQoS , 9297 -.Cm KbdInteractiveAuthentication , 9298 -.Cm KerberosAuthentication , 9299 -.Cm MaxAuthTries , 9300 -.Cm MaxSessions , 9301 -.Cm PasswordAuthentication , 9302 -.Cm PermitEmptyPasswords , 9303 -.Cm PermitOpen , 9304 -.Cm PermitRootLogin , 9305 -.Cm PermitTTY , 9306 -.Cm PermitTunnel , 9307 -.Cm PermitUserRC , 9308 -.Cm PubkeyAcceptedKeyTypes , 9309 -.Cm PubkeyAuthentication , 9310 -.Cm RekeyLimit , 9311 -.Cm RevokedKeys , 9312 -.Cm RhostsRSAAuthentication , 9313 -.Cm RSAAuthentication , 9314 -.Cm StreamLocalBindMask , 9315 -.Cm StreamLocalBindUnlink , 9316 -.Cm TrustedUserCAKeys , 9317 -.Cm X11DisplayOffset , 9318 -.Cm X11Forwarding 9319 -and 9320 -.Cm X11UseLocalHost . 9321 -.It Cm MaxAuthTries 9322 -Specifies the maximum number of authentication attempts permitted per 9323 -connection. 9324 -Once the number of failures reaches half this value, 9325 -additional failures are logged. 9326 -The default is 6. 9327 -.It Cm MaxSessions 9328 -Specifies the maximum number of open sessions permitted per network connection. 9329 -The default is 10. 9330 -.It Cm MaxStartups 9331 -Specifies the maximum number of concurrent unauthenticated connections to the 9332 -SSH daemon. 9333 -Additional connections will be dropped until authentication succeeds or the 9334 -.Cm LoginGraceTime 9335 -expires for a connection. 9336 -The default is 10:30:100. 9337 -.Pp 9338 -Alternatively, random early drop can be enabled by specifying 9339 -the three colon separated values 9340 -.Dq start:rate:full 9341 -(e.g. "10:30:60"). 9342 -.Xr sshd 8 9343 -will refuse connection attempts with a probability of 9344 -.Dq rate/100 9345 -(30%) 9346 -if there are currently 9347 -.Dq start 9348 -(10) 9349 -unauthenticated connections. 9350 -The probability increases linearly and all connection attempts 9351 -are refused if the number of unauthenticated connections reaches 9352 -.Dq full 9353 -(60). 9354 -.It Cm PasswordAuthentication 9355 -Specifies whether password authentication is allowed. 9356 -The default is 9357 -.Dq yes . 9358 -.It Cm PermitEmptyPasswords 9359 -When password authentication is allowed, it specifies whether the 9360 -server allows login to accounts with empty password strings. 9361 -The default is 9362 -.Dq no . 9363 -.It Cm PermitOpen 9364 -Specifies the destinations to which TCP port forwarding is permitted. 9365 -The forwarding specification must be one of the following forms: 9366 -.Pp 9367 -.Bl -item -offset indent -compact 9368 -.It 9369 -.Cm PermitOpen 9370 -.Sm off 9371 -.Ar host : port 9372 -.Sm on 9373 -.It 9374 -.Cm PermitOpen 9375 -.Sm off 9376 -.Ar IPv4_addr : port 9377 -.Sm on 9378 -.It 9379 -.Cm PermitOpen 9380 -.Sm off 9381 -.Ar \&[ IPv6_addr \&] : port 9382 -.Sm on 9383 -.El 9384 -.Pp 9385 -Multiple forwards may be specified by separating them with whitespace. 9386 -An argument of 9387 -.Dq any 9388 -can be used to remove all restrictions and permit any forwarding requests. 9389 -An argument of 9390 -.Dq none 9391 -can be used to prohibit all forwarding requests. 9392 -By default all port forwarding requests are permitted. 9393 -.It Cm PermitRootLogin 9394 -Specifies whether root can log in using 9395 -.Xr ssh 1 . 9396 -The argument must be 9397 -.Dq yes , 9398 -.Dq prohibit-password , 9399 -.Dq without-password , 9400 -.Dq forced-commands-only , 9401 -or 9402 -.Dq no . 9403 -The default is 9404 -.Dq prohibit-password . 9405 -.Pp 9406 -If this option is set to 9407 -.Dq prohibit-password 9408 -or 9409 -.Dq without-password , 9410 -password and keyboard-interactive authentication are disabled for root. 9411 -.Pp 9412 -If this option is set to 9413 -.Dq forced-commands-only , 9414 -root login with public key authentication will be allowed, 9415 -but only if the 9416 -.Ar command 9417 -option has been specified 9418 -(which may be useful for taking remote backups even if root login is 9419 -normally not allowed). 9420 -All other authentication methods are disabled for root. 9421 -.Pp 9422 -If this option is set to 9423 -.Dq no , 9424 -root is not allowed to log in. 9425 -.It Cm PermitTunnel 9426 -Specifies whether 9427 -.Xr tun 4 9428 -device forwarding is allowed. 9429 -The argument must be 9430 -.Dq yes , 9431 -.Dq point-to-point 9432 -(layer 3), 9433 -.Dq ethernet 9434 -(layer 2), or 9435 -.Dq no . 9436 -Specifying 9437 -.Dq yes 9438 -permits both 9439 -.Dq point-to-point 9440 -and 9441 -.Dq ethernet . 9442 -The default is 9443 -.Dq no . 9444 -.Pp 9445 -Independent of this setting, the permissions of the selected 9446 -.Xr tun 4 9447 -device must allow access to the user. 9448 -.It Cm PermitTTY 9449 -Specifies whether 9450 -.Xr pty 4 9451 -allocation is permitted. 9452 -The default is 9453 -.Dq yes . 9454 -.It Cm PermitUserEnvironment 9455 -Specifies whether 9456 -.Pa ~/.ssh/environment 9457 -and 9458 -.Cm environment= 9459 -options in 9460 -.Pa ~/.ssh/authorized_keys 9461 -are processed by 9462 -.Xr sshd 8 . 9463 -The default is 9464 -.Dq no . 9465 -Enabling environment processing may enable users to bypass access 9466 -restrictions in some configurations using mechanisms such as 9467 -.Ev LD_PRELOAD . 9468 -.It Cm PermitUserRC 9469 -Specifies whether any 9470 -.Pa ~/.ssh/rc 9471 -file is executed. 9472 -The default is 9473 -.Dq yes . 9474 -.It Cm PidFile 9475 -Specifies the file that contains the process ID of the 9476 -SSH daemon, or 9477 -.Dq none 9478 -to not write one. 9479 -The default is 9480 -.Pa /var/run/sshd.pid . 9481 -.It Cm Port 9482 -Specifies the port number that 9483 -.Xr sshd 8 9484 -listens on. 9485 -The default is 22. 9486 -Multiple options of this type are permitted. 9487 -See also 9488 -.Cm ListenAddress . 9489 -.It Cm PrintLastLog 9490 -Specifies whether 9491 -.Xr sshd 8 9492 -should print the date and time of the last user login when a user logs 9493 -in interactively. 9494 -On Solaris this option is always ignored since pam_unix_session(5) 9495 -reports the last login time. 9496 -.It Cm PrintMotd 9497 -Specifies whether 9498 -.Xr sshd 8 9499 -should print 9500 -.Pa /etc/motd 9501 -when a user logs in interactively. 9502 -(On some systems it is also printed by the shell, 9503 -.Pa /etc/profile , 9504 -or equivalent.) 9505 -The default is 9506 -.Dq yes . 9507 -.It Cm Protocol 9508 -Specifies the protocol versions 9509 -.Xr sshd 8 9510 -supports. 9511 -The possible values are 9512 -.Sq 1 9513 -and 9514 -.Sq 2 . 9515 -Multiple versions must be comma-separated. 9516 -The default is 9517 -.Sq 2 . 9518 -Note that the order of the protocol list does not indicate preference, 9519 -because the client selects among multiple protocol versions offered 9520 -by the server. 9521 -Specifying 9522 -.Dq 2,1 9523 -is identical to 9524 -.Dq 1,2 . 9525 -.It Cm PubkeyAcceptedKeyTypes 9526 -Specifies the key types that will be accepted for public key authentication 9527 -as a comma-separated pattern list. 9528 -Alternately if the specified value begins with a 9529 -.Sq + 9530 -character, then the specified key types will be appended to the default set 9531 -instead of replacing them. 9532 -The default for this option is: 9533 -.Bd -literal -offset 3n 9534 -ecdsa-sha2-nistp256-cert-v01@openssh.com, 9535 -ecdsa-sha2-nistp384-cert-v01@openssh.com, 9536 -ecdsa-sha2-nistp521-cert-v01@openssh.com, 9537 -ssh-ed25519-cert-v01@openssh.com, 9538 -ssh-rsa-cert-v01@openssh.com, 9539 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 9540 -ssh-ed25519,ssh-rsa 9541 -.Ed 9542 -.Pp 9543 -The 9544 -.Fl Q 9545 -option of 9546 -.Xr ssh 1 9547 -may be used to list supported key types. 9548 -.It Cm PubkeyAuthentication 9549 -Specifies whether public key authentication is allowed. 9550 -The default is 9551 -.Dq yes . 9552 -Note that this option applies to protocol version 2 only. 9553 -.It Cm RekeyLimit 9554 -Specifies the maximum amount of data that may be transmitted before the 9555 -session key is renegotiated, optionally followed a maximum amount of 9556 -time that may pass before the session key is renegotiated. 9557 -The first argument is specified in bytes and may have a suffix of 9558 -.Sq K , 9559 -.Sq M , 9560 -or 9561 -.Sq G 9562 -to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 9563 -The default is between 9564 -.Sq 1G 9565 -and 9566 -.Sq 4G , 9567 -depending on the cipher. 9568 -The optional second value is specified in seconds and may use any of the 9569 -units documented in the 9570 -.Sx TIME FORMATS 9571 -section. 9572 -The default value for 9573 -.Cm RekeyLimit 9574 -is 9575 -.Dq default none , 9576 -which means that rekeying is performed after the cipher's default amount 9577 -of data has been sent or received and no time based rekeying is done. 9578 -This option applies to protocol version 2 only. 9579 -.It Cm RevokedKeys 9580 -Specifies revoked public keys file, or 9581 -.Dq none 9582 -to not use one. 9583 -Keys listed in this file will be refused for public key authentication. 9584 -Note that if this file is not readable, then public key authentication will 9585 -be refused for all users. 9586 -Keys may be specified as a text file, listing one public key per line, or as 9587 -an OpenSSH Key Revocation List (KRL) as generated by 9588 -.Xr ssh-keygen 1 . 9589 -For more information on KRLs, see the KEY REVOCATION LISTS section in 9590 -.Xr ssh-keygen 1 . 9591 -.It Cm RhostsRSAAuthentication 9592 -Specifies whether rhosts or /etc/hosts.equiv authentication together 9593 -with successful RSA host authentication is allowed. 9594 -The default is 9595 -.Dq no . 9596 -This option applies to protocol version 1 only. 9597 -.It Cm RSAAuthentication 9598 -Specifies whether pure RSA authentication is allowed. 9599 -The default is 9600 -.Dq yes . 9601 -This option applies to protocol version 1 only. 9602 -.It Cm ServerKeyBits 9603 -Defines the number of bits in the ephemeral protocol version 1 server key. 9604 -The default and minimum value is 1024. 9605 -.It Cm StreamLocalBindMask 9606 -Sets the octal file creation mode mask 9607 -.Pq umask 9608 -used when creating a Unix-domain socket file for local or remote 9609 -port forwarding. 9610 -This option is only used for port forwarding to a Unix-domain socket file. 9611 -.Pp 9612 -The default value is 0177, which creates a Unix-domain socket file that is 9613 -readable and writable only by the owner. 9614 -Note that not all operating systems honor the file mode on Unix-domain 9615 -socket files. 9616 -.It Cm StreamLocalBindUnlink 9617 -Specifies whether to remove an existing Unix-domain socket file for local 9618 -or remote port forwarding before creating a new one. 9619 -If the socket file already exists and 9620 -.Cm StreamLocalBindUnlink 9621 -is not enabled, 9622 -.Nm sshd 9623 -will be unable to forward the port to the Unix-domain socket file. 9624 -This option is only used for port forwarding to a Unix-domain socket file. 9625 -.Pp 9626 -The argument must be 9627 -.Dq yes 9628 -or 9629 -.Dq no . 9630 -The default is 9631 -.Dq no . 9632 -.It Cm StrictModes 9633 -Specifies whether 9634 -.Xr sshd 8 9635 -should check file modes and ownership of the 9636 -user's files and home directory before accepting login. 9637 -This is normally desirable because novices sometimes accidentally leave their 9638 -directory or files world-writable. 9639 -The default is 9640 -.Dq yes . 9641 -Note that this does not apply to 9642 -.Cm ChrootDirectory , 9643 -whose permissions and ownership are checked unconditionally. 9644 -.It Cm Subsystem 9645 -Configures an external subsystem (e.g. file transfer daemon). 9646 -Arguments should be a subsystem name and a command (with optional arguments) 9647 -to execute upon subsystem request. 9648 -.Pp 9649 -The command 9650 -.Xr sftp-server 8 9651 -implements the 9652 -.Dq sftp 9653 -file transfer subsystem. 9654 -.Pp 9655 -Alternately the name 9656 -.Dq internal-sftp 9657 -implements an in-process 9658 -.Dq sftp 9659 -server. 9660 -This may simplify configurations using 9661 -.Cm ChrootDirectory 9662 -to force a different filesystem root on clients. 9663 -.Pp 9664 -By default no subsystems are defined. 9665 -Note that this option applies to protocol version 2 only. 9666 -.It Cm SyslogFacility 9667 -Gives the facility code that is used when logging messages from 9668 -.Xr sshd 8 . 9669 -The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 9670 -LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 9671 -The default is AUTH. 9672 -.It Cm TCPKeepAlive 9673 -Specifies whether the system should send TCP keepalive messages to the 9674 -other side. 9675 -If they are sent, death of the connection or crash of one 9676 -of the machines will be properly noticed. 9677 -However, this means that 9678 -connections will die if the route is down temporarily, and some people 9679 -find it annoying. 9680 -On the other hand, if TCP keepalives are not sent, 9681 -sessions may hang indefinitely on the server, leaving 9682 -.Dq ghost 9683 -users and consuming server resources. 9684 -.Pp 9685 -The default is 9686 -.Dq yes 9687 -(to send TCP keepalive messages), and the server will notice 9688 -if the network goes down or the client host crashes. 9689 -This avoids infinitely hanging sessions. 9690 -.Pp 9691 -To disable TCP keepalive messages, the value should be set to 9692 -.Dq no . 9693 -.It Cm TrustedUserCAKeys 9694 -Specifies a file containing public keys of certificate authorities that are 9695 -trusted to sign user certificates for authentication, or 9696 -.Dq none 9697 -to not use one. 9698 -Keys are listed one per line; empty lines and comments starting with 9699 -.Ql # 9700 -are allowed. 9701 -If a certificate is presented for authentication and has its signing CA key 9702 -listed in this file, then it may be used for authentication for any user 9703 -listed in the certificate's principals list. 9704 -Note that certificates that lack a list of principals will not be permitted 9705 -for authentication using 9706 -.Cm TrustedUserCAKeys . 9707 -For more details on certificates, see the CERTIFICATES section in 9708 -.Xr ssh-keygen 1 . 9709 -.It Cm UseDNS 9710 -Specifies whether 9711 -.Xr sshd 8 9712 -should look up the remote host name, and to check that 9713 -the resolved host name for the remote IP address maps back to the 9714 -very same IP address. 9715 -.Pp 9716 -If this option is set to 9717 -.Dq no 9718 -(the default) then only addresses and not host names may be used in 9719 -.Pa ~/.ssh/known_hosts 9720 -.Cm from 9721 -and 9722 -.Nm 9723 -.Cm Match 9724 -.Cm Host 9725 -directives. 9726 -.It Cm UseLogin 9727 -Specifies whether 9728 -.Xr login 1 9729 -is used for interactive login sessions. 9730 -The default is 9731 -.Dq no . 9732 -Note that 9733 -.Xr login 1 9734 -is never used for remote command execution. 9735 -Note also, that if this is enabled, 9736 -.Cm X11Forwarding 9737 -will be disabled because 9738 -.Xr login 1 9739 -does not know how to handle 9740 -.Xr xauth 1 9741 -cookies. 9742 -If 9743 -.Cm UsePrivilegeSeparation 9744 -is specified, it will be disabled after authentication. 9745 -.It Cm UsePAM 9746 -Enables the Pluggable Authentication Module interface. 9747 -If set to 9748 -.Dq yes 9749 -this will enable PAM authentication using 9750 -.Cm ChallengeResponseAuthentication 9751 -and 9752 -.Cm PasswordAuthentication 9753 -in addition to PAM account and session module processing for all 9754 -authentication types. 9755 -.Pp 9756 -Because PAM challenge-response authentication usually serves an equivalent 9757 -role to password authentication, you should disable either 9758 -.Cm PasswordAuthentication 9759 -or 9760 -.Cm ChallengeResponseAuthentication. 9761 -.Pp 9762 -If 9763 -.Cm UsePAM 9764 -is enabled, you will not be able to run 9765 -.Xr sshd 8 9766 -as a non-root user. 9767 -The default is 9768 -.Dq no . 9769 -.It Cm UsePrivilegeSeparation 9770 -Specifies whether 9771 -.Xr sshd 8 9772 -separates privileges by creating an unprivileged child process 9773 -to deal with incoming network traffic. 9774 -After successful authentication, another process will be created that has 9775 -the privilege of the authenticated user. 9776 -The goal of privilege separation is to prevent privilege 9777 -escalation by containing any corruption within the unprivileged processes. 9778 -The default is 9779 -.Dq yes . 9780 -If 9781 -.Cm UsePrivilegeSeparation 9782 -is set to 9783 -.Dq sandbox 9784 -then the pre-authentication unprivileged process is subject to additional 9785 -restrictions. 9786 -.It Cm VersionAddendum 9787 -Optionally specifies additional text to append to the SSH protocol banner 9788 -sent by the server upon connection. 9789 -The default is 9790 -.Dq none . 9791 -.It Cm X11DisplayOffset 9792 -Specifies the first display number available for 9793 -.Xr sshd 8 Ns 's 9794 -X11 forwarding. 9795 -This prevents sshd from interfering with real X11 servers. 9796 -The default is 10. 9797 -.It Cm X11Forwarding 9798 -Specifies whether X11 forwarding is permitted. 9799 -The argument must be 9800 -.Dq yes 9801 -or 9802 -.Dq no . 9803 -The default is 9804 -.Dq no . 9805 -.Pp 9806 -When X11 forwarding is enabled, there may be additional exposure to 9807 -the server and to client displays if the 9808 -.Xr sshd 8 9809 -proxy display is configured to listen on the wildcard address (see 9810 -.Cm X11UseLocalhost 9811 -below), though this is not the default. 9812 -Additionally, the authentication spoofing and authentication data 9813 -verification and substitution occur on the client side. 9814 -The security risk of using X11 forwarding is that the client's X11 9815 -display server may be exposed to attack when the SSH client requests 9816 -forwarding (see the warnings for 9817 -.Cm ForwardX11 9818 -in 9819 -.Xr ssh_config 5 ) . 9820 -A system administrator may have a stance in which they want to 9821 -protect clients that may expose themselves to attack by unwittingly 9822 -requesting X11 forwarding, which can warrant a 9823 -.Dq no 9824 -setting. 9825 -.Pp 9826 -Note that disabling X11 forwarding does not prevent users from 9827 -forwarding X11 traffic, as users can always install their own forwarders. 9828 -X11 forwarding is automatically disabled if 9829 -.Cm UseLogin 9830 -is enabled. 9831 -.It Cm X11UseLocalhost 9832 -Specifies whether 9833 -.Xr sshd 8 9834 -should bind the X11 forwarding server to the loopback address or to 9835 -the wildcard address. 9836 -By default, 9837 -sshd binds the forwarding server to the loopback address and sets the 9838 -hostname part of the 9839 -.Ev DISPLAY 9840 -environment variable to 9841 -.Dq localhost . 9842 -This prevents remote hosts from connecting to the proxy display. 9843 -However, some older X11 clients may not function with this 9844 -configuration. 9845 -.Cm X11UseLocalhost 9846 -may be set to 9847 -.Dq no 9848 -to specify that the forwarding server should be bound to the wildcard 9849 -address. 9850 -The argument must be 9851 -.Dq yes 9852 -or 9853 -.Dq no . 9854 -The default is 9855 -.Dq yes . 9856 -.It Cm XAuthLocation 9857 -Specifies the full pathname of the 9858 -.Xr xauth 1 9859 -program, or 9860 -.Dq none 9861 -to not use one. 9862 -The default is 9863 -.Pa /usr/X11R6/bin/xauth . 9864 -.El 9865 -.Sh TIME FORMATS 9866 -.Xr sshd 8 9867 -command-line arguments and configuration file options that specify time 9868 -may be expressed using a sequence of the form: 9869 -.Sm off 9870 -.Ar time Op Ar qualifier , 9871 -.Sm on 9872 -where 9873 -.Ar time 9874 -is a positive integer value and 9875 -.Ar qualifier 9876 -is one of the following: 9877 -.Pp 9878 -.Bl -tag -width Ds -compact -offset indent 9879 -.It Aq Cm none 9880 -seconds 9881 -.It Cm s | Cm S 9882 -seconds 9883 -.It Cm m | Cm M 9884 -minutes 9885 -.It Cm h | Cm H 9886 -hours 9887 -.It Cm d | Cm D 9888 -days 9889 -.It Cm w | Cm W 9890 -weeks 9891 -.El 9892 -.Pp 9893 -Each member of the sequence is added together to calculate 9894 -the total time value. 9895 -.Pp 9896 -Time format examples: 9897 -.Pp 9898 -.Bl -tag -width Ds -compact -offset indent 9899 -.It 600 9900 -600 seconds (10 minutes) 9901 -.It 10m 9902 -10 minutes 9903 -.It 1h30m 9904 -1 hour 30 minutes (90 minutes) 9905 -.El 9906 -.Sh FILES 9907 -.Bl -tag -width Ds 9908 -.It Pa /etc/ssh/sshd_config 9909 -Contains configuration data for 9910 -.Xr sshd 8 . 9911 -This file should be writable by root only, but it is recommended 9912 -(though not necessary) that it be world-readable. 9913 -.El 9914 -.Sh SEE ALSO 9915 -.Xr sshd 8 , 9916 -.Xr pam_unix_session 5 9917 -.Sh AUTHORS 9918 -OpenSSH is a derivative of the original and free 9919 -ssh 1.2.12 release by Tatu Ylonen. 9920 -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 9921 -Theo de Raadt and Dug Song 9922 -removed many bugs, re-added newer features and 9923 -created OpenSSH. 9924 -Markus Friedl contributed the support for SSH 9925 -protocol versions 1.5 and 2.0. 9926 -Niels Provos and Markus Friedl contributed support 9927 -for privilege separation. 9928 -- 9929 2.5.4 (Apple Git-61) 9930