xref: /freebsd/crypto/openssh/sshd.8 (revision 7c1b51d6dc2e165ae7333373513b080f17cf79bd)
1.\"
2.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4.\"                    All rights reserved
5.\"
6.\" As far as I am concerned, the code I have written for this software
7.\" can be used freely for any purpose.  Any derived versions of this
8.\" software must be clearly marked as such, and if the derived work is
9.\" incompatible with the protocol description in the RFC file, it must be
10.\" called by a name other than "ssh" or "Secure Shell".
11.\"
12.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
13.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
14.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
15.\"
16.\" Redistribution and use in source and binary forms, with or without
17.\" modification, are permitted provided that the following conditions
18.\" are met:
19.\" 1. Redistributions of source code must retain the above copyright
20.\"    notice, this list of conditions and the following disclaimer.
21.\" 2. Redistributions in binary form must reproduce the above copyright
22.\"    notice, this list of conditions and the following disclaimer in the
23.\"    documentation and/or other materials provided with the distribution.
24.\"
25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\"
36.\" $OpenBSD: sshd.8,v 1.288 2017/01/30 23:27:39 dtucker Exp $
37.\" $FreeBSD$
38.Dd $Mdocdate: January 30 2017 $
39.Dt SSHD 8
40.Os
41.Sh NAME
42.Nm sshd
43.Nd OpenSSH SSH daemon
44.Sh SYNOPSIS
45.Nm sshd
46.Bk -words
47.Op Fl 46DdeiqTt
48.Op Fl C Ar connection_spec
49.Op Fl c Ar host_certificate_file
50.Op Fl E Ar log_file
51.Op Fl f Ar config_file
52.Op Fl g Ar login_grace_time
53.Op Fl h Ar host_key_file
54.Op Fl o Ar option
55.Op Fl p Ar port
56.Op Fl u Ar len
57.Ek
58.Sh DESCRIPTION
59.Nm
60(OpenSSH Daemon) is the daemon program for
61.Xr ssh 1 .
62Together these programs replace rlogin and rsh,
63and provide secure encrypted communications between two untrusted hosts
64over an insecure network.
65.Pp
66.Nm
67listens for connections from clients.
68It is normally started at boot from
69.Pa /etc/rc.d/sshd .
70It forks a new
71daemon for each incoming connection.
72The forked daemons handle
73key exchange, encryption, authentication, command execution,
74and data exchange.
75.Pp
76.Nm
77can be configured using command-line options or a configuration file
78(by default
79.Xr sshd_config 5 ) ;
80command-line options override values specified in the
81configuration file.
82.Nm
83rereads its configuration file when it receives a hangup signal,
84.Dv SIGHUP ,
85by executing itself with the name and options it was started with, e.g.\&
86.Pa /usr/sbin/sshd .
87.Pp
88The options are as follows:
89.Bl -tag -width Ds
90.It Fl 4
91Forces
92.Nm
93to use IPv4 addresses only.
94.It Fl 6
95Forces
96.Nm
97to use IPv6 addresses only.
98.It Fl C Ar connection_spec
99Specify the connection parameters to use for the
100.Fl T
101extended test mode.
102If provided, any
103.Cm Match
104directives in the configuration file
105that would apply to the specified user, host, and address will be set before
106the configuration is written to standard output.
107The connection parameters are supplied as keyword=value pairs.
108The keywords are
109.Dq user ,
110.Dq host ,
111.Dq laddr ,
112.Dq lport ,
113and
114.Dq addr .
115All are required and may be supplied in any order, either with multiple
116.Fl C
117options or as a comma-separated list.
118.It Fl c Ar host_certificate_file
119Specifies a path to a certificate file to identify
120.Nm
121during key exchange.
122The certificate file must match a host key file specified using the
123.Fl h
124option or the
125.Cm HostKey
126configuration directive.
127.It Fl D
128When this option is specified,
129.Nm
130will not detach and does not become a daemon.
131This allows easy monitoring of
132.Nm sshd .
133.It Fl d
134Debug mode.
135The server sends verbose debug output to standard error,
136and does not put itself in the background.
137The server also will not fork and will only process one connection.
138This option is only intended for debugging for the server.
139Multiple
140.Fl d
141options increase the debugging level.
142Maximum is 3.
143.It Fl E Ar log_file
144Append debug logs to
145.Ar log_file
146instead of the system log.
147.It Fl e
148Write debug logs to standard error instead of the system log.
149.It Fl f Ar config_file
150Specifies the name of the configuration file.
151The default is
152.Pa /etc/ssh/sshd_config .
153.Nm
154refuses to start if there is no configuration file.
155.It Fl g Ar login_grace_time
156Gives the grace time for clients to authenticate themselves (default
157120 seconds).
158If the client fails to authenticate the user within
159this many seconds, the server disconnects and exits.
160A value of zero indicates no limit.
161.It Fl h Ar host_key_file
162Specifies a file from which a host key is read.
163This option must be given if
164.Nm
165is not run as root (as the normal
166host key files are normally not readable by anyone but root).
167The default is
168.Pa /etc/ssh/ssh_host_dsa_key ,
169.Pa /etc/ssh/ssh_host_ecdsa_key ,
170.Pa /etc/ssh/ssh_host_ed25519_key
171and
172.Pa /etc/ssh/ssh_host_rsa_key .
173It is possible to have multiple host key files for
174the different host key algorithms.
175.It Fl i
176Specifies that
177.Nm
178is being run from
179.Xr inetd 8 .
180.It Fl o Ar option
181Can be used to give options in the format used in the configuration file.
182This is useful for specifying options for which there is no separate
183command-line flag.
184For full details of the options, and their values, see
185.Xr sshd_config 5 .
186.It Fl p Ar port
187Specifies the port on which the server listens for connections
188(default 22).
189Multiple port options are permitted.
190Ports specified in the configuration file with the
191.Cm Port
192option are ignored when a command-line port is specified.
193Ports specified using the
194.Cm ListenAddress
195option override command-line ports.
196.It Fl q
197Quiet mode.
198Nothing is sent to the system log.
199Normally the beginning,
200authentication, and termination of each connection is logged.
201.It Fl T
202Extended test mode.
203Check the validity of the configuration file, output the effective configuration
204to stdout and then exit.
205Optionally,
206.Cm Match
207rules may be applied by specifying the connection parameters using one or more
208.Fl C
209options.
210.It Fl t
211Test mode.
212Only check the validity of the configuration file and sanity of the keys.
213This is useful for updating
214.Nm
215reliably as configuration options may change.
216.It Fl u Ar len
217This option is used to specify the size of the field
218in the
219.Li utmp
220structure that holds the remote host name.
221If the resolved host name is longer than
222.Ar len ,
223the dotted decimal value will be used instead.
224This allows hosts with very long host names that
225overflow this field to still be uniquely identified.
226Specifying
227.Fl u0
228indicates that only dotted decimal addresses
229should be put into the
230.Pa utmp
231file.
232.Fl u0
233may also be used to prevent
234.Nm
235from making DNS requests unless the authentication
236mechanism or configuration requires it.
237Authentication mechanisms that may require DNS include
238.Cm HostbasedAuthentication
239and using a
240.Cm from="pattern-list"
241option in a key file.
242Configuration options that require DNS include using a
243USER@HOST pattern in
244.Cm AllowUsers
245or
246.Cm DenyUsers .
247.El
248.Sh AUTHENTICATION
249The OpenSSH SSH daemon supports SSH protocol 2 only.
250Each host has a host-specific key,
251used to identify the host.
252Whenever a client connects, the daemon responds with its public
253host key.
254The client compares the
255host key against its own database to verify that it has not changed.
256Forward security is provided through a Diffie-Hellman key agreement.
257This key agreement results in a shared session key.
258The rest of the session is encrypted using a symmetric cipher, currently
259128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
260The client selects the encryption algorithm
261to use from those offered by the server.
262Additionally, session integrity is provided
263through a cryptographic message authentication code
264(hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160,
265hmac-sha2-256 or hmac-sha2-512).
266.Pp
267Finally, the server and the client enter an authentication dialog.
268The client tries to authenticate itself using
269host-based authentication,
270public key authentication,
271challenge-response authentication,
272or password authentication.
273.Pp
274Regardless of the authentication type, the account is checked to
275ensure that it is accessible.  An account is not accessible if it is
276locked, listed in
277.Cm DenyUsers
278or its group is listed in
279.Cm DenyGroups
280\&.  The definition of a locked account is system dependant. Some platforms
281have their own account database (eg AIX) and some modify the passwd field (
282.Ql \&*LK\&*
283on Solaris and UnixWare,
284.Ql \&*
285on HP-UX, containing
286.Ql Nologin
287on Tru64,
288a leading
289.Ql \&*LOCKED\&*
290on FreeBSD and a leading
291.Ql \&!
292on most Linuxes).
293If there is a requirement to disable password authentication
294for the account while allowing still public-key, then the passwd field
295should be set to something other than these values (eg
296.Ql NP
297or
298.Ql \&*NP\&*
299).
300.Pp
301If the client successfully authenticates itself, a dialog for
302preparing the session is entered.
303At this time the client may request
304things like allocating a pseudo-tty, forwarding X11 connections,
305forwarding TCP connections, or forwarding the authentication agent
306connection over the secure channel.
307.Pp
308After this, the client either requests a shell or execution of a command.
309The sides then enter session mode.
310In this mode, either side may send
311data at any time, and such data is forwarded to/from the shell or
312command on the server side, and the user terminal in the client side.
313.Pp
314When the user program terminates and all forwarded X11 and other
315connections have been closed, the server sends command exit status to
316the client, and both sides exit.
317.Sh LOGIN PROCESS
318When a user successfully logs in,
319.Nm
320does the following:
321.Bl -enum -offset indent
322.It
323If the login is on a tty, and no command has been specified,
324prints last login time and
325.Pa /etc/motd
326(unless prevented in the configuration file or by
327.Pa ~/.hushlogin ;
328see the
329.Sx FILES
330section).
331.It
332If the login is on a tty, records login time.
333.It
334Checks
335.Pa /etc/nologin and
336.Pa /var/run/nologin ;
337if one exists, it prints the contents and quits
338(unless root).
339.It
340Changes to run with normal user privileges.
341.It
342Sets up basic environment.
343.It
344Reads the file
345.Pa ~/.ssh/environment ,
346if it exists, and users are allowed to change their environment.
347See the
348.Cm PermitUserEnvironment
349option in
350.Xr sshd_config 5 .
351.It
352Changes to user's home directory.
353.It
354If
355.Pa ~/.ssh/rc
356exists and the
357.Xr sshd_config 5
358.Cm PermitUserRC
359option is set, runs it; else if
360.Pa /etc/ssh/sshrc
361exists, runs
362it; otherwise runs
363.Xr xauth 1 .
364The
365.Dq rc
366files are given the X11
367authentication protocol and cookie in standard input.
368See
369.Sx SSHRC ,
370below.
371.It
372Runs user's shell or command.
373All commands are run under the user's login shell as specified in the
374system password database.
375.El
376.Sh SSHRC
377If the file
378.Pa ~/.ssh/rc
379exists,
380.Xr sh 1
381runs it after reading the
382environment files but before starting the user's shell or command.
383It must not produce any output on stdout; stderr must be used
384instead.
385If X11 forwarding is in use, it will receive the "proto cookie" pair in
386its standard input (and
387.Ev DISPLAY
388in its environment).
389The script must call
390.Xr xauth 1
391because
392.Nm
393will not run xauth automatically to add X11 cookies.
394.Pp
395The primary purpose of this file is to run any initialization routines
396which may be needed before the user's home directory becomes
397accessible; AFS is a particular example of such an environment.
398.Pp
399This file will probably contain some initialization code followed by
400something similar to:
401.Bd -literal -offset 3n
402if read proto cookie && [ -n "$DISPLAY" ]; then
403	if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
404		# X11UseLocalhost=yes
405		echo add unix:`echo $DISPLAY |
406		    cut -c11-` $proto $cookie
407	else
408		# X11UseLocalhost=no
409		echo add $DISPLAY $proto $cookie
410	fi | xauth -q -
411fi
412.Ed
413.Pp
414If this file does not exist,
415.Pa /etc/ssh/sshrc
416is run, and if that
417does not exist either, xauth is used to add the cookie.
418.Sh AUTHORIZED_KEYS FILE FORMAT
419.Cm AuthorizedKeysFile
420specifies the files containing public keys for
421public key authentication;
422if this option is not specified, the default is
423.Pa ~/.ssh/authorized_keys
424and
425.Pa ~/.ssh/authorized_keys2 .
426Each line of the file contains one
427key (empty lines and lines starting with a
428.Ql #
429are ignored as
430comments).
431Public keys consist of the following space-separated fields:
432options, keytype, base64-encoded key, comment.
433The options field is optional.
434The keytype is
435.Dq ecdsa-sha2-nistp256 ,
436.Dq ecdsa-sha2-nistp384 ,
437.Dq ecdsa-sha2-nistp521 ,
438.Dq ssh-ed25519 ,
439.Dq ssh-dss
440or
441.Dq ssh-rsa ;
442the comment field is not used for anything (but may be convenient for the
443user to identify the key).
444.Pp
445Note that lines in this file can be several hundred bytes long
446(because of the size of the public key encoding) up to a limit of
4478 kilobytes, which permits DSA keys up to 8 kilobits and RSA
448keys up to 16 kilobits.
449You don't want to type them in; instead, copy the
450.Pa id_dsa.pub ,
451.Pa id_ecdsa.pub ,
452.Pa id_ed25519.pub ,
453or the
454.Pa id_rsa.pub
455file and edit it.
456.Pp
457.Nm
458enforces a minimum RSA key modulus size of 768 bits.
459.Pp
460The options (if present) consist of comma-separated option
461specifications.
462No spaces are permitted, except within double quotes.
463The following option specifications are supported (note
464that option keywords are case-insensitive):
465.Bl -tag -width Ds
466.It Cm agent-forwarding
467Enable authentication agent forwarding previously disabled by the
468.Cm restrict
469option.
470.It Cm cert-authority
471Specifies that the listed key is a certification authority (CA) that is
472trusted to validate signed certificates for user authentication.
473.Pp
474Certificates may encode access restrictions similar to these key options.
475If both certificate restrictions and key options are present, the most
476restrictive union of the two is applied.
477.It Cm command="command"
478Specifies that the command is executed whenever this key is used for
479authentication.
480The command supplied by the user (if any) is ignored.
481The command is run on a pty if the client requests a pty;
482otherwise it is run without a tty.
483If an 8-bit clean channel is required,
484one must not request a pty or should specify
485.Cm no-pty .
486A quote may be included in the command by quoting it with a backslash.
487.Pp
488This option might be useful
489to restrict certain public keys to perform just a specific operation.
490An example might be a key that permits remote backups but nothing else.
491Note that the client may specify TCP and/or X11
492forwarding unless they are explicitly prohibited, e.g. using the
493.Cm restrict
494key option.
495.Pp
496The command originally supplied by the client is available in the
497.Ev SSH_ORIGINAL_COMMAND
498environment variable.
499Note that this option applies to shell, command or subsystem execution.
500Also note that this command may be superseded by a
501.Xr sshd_config 5
502.Cm ForceCommand
503directive.
504.Pp
505If a command is specified and a forced-command is embedded in a certificate
506used for authentication, then the certificate will be accepted only if the
507two commands are identical.
508.It Cm environment="NAME=value"
509Specifies that the string is to be added to the environment when
510logging in using this key.
511Environment variables set this way
512override other default environment values.
513Multiple options of this type are permitted.
514Environment processing is disabled by default and is
515controlled via the
516.Cm PermitUserEnvironment
517option.
518.It Cm from="pattern-list"
519Specifies that in addition to public key authentication, either the canonical
520name of the remote host or its IP address must be present in the
521comma-separated list of patterns.
522See PATTERNS in
523.Xr ssh_config 5
524for more information on patterns.
525.Pp
526In addition to the wildcard matching that may be applied to hostnames or
527addresses, a
528.Cm from
529stanza may match IP addresses using CIDR address/masklen notation.
530.Pp
531The purpose of this option is to optionally increase security: public key
532authentication by itself does not trust the network or name servers or
533anything (but the key); however, if somebody somehow steals the key, the key
534permits an intruder to log in from anywhere in the world.
535This additional option makes using a stolen key more difficult (name
536servers and/or routers would have to be compromised in addition to
537just the key).
538.It Cm no-agent-forwarding
539Forbids authentication agent forwarding when this key is used for
540authentication.
541.It Cm no-port-forwarding
542Forbids TCP forwarding when this key is used for authentication.
543Any port forward requests by the client will return an error.
544This might be used, e.g. in connection with the
545.Cm command
546option.
547.It Cm no-pty
548Prevents tty allocation (a request to allocate a pty will fail).
549.It Cm no-user-rc
550Disables execution of
551.Pa ~/.ssh/rc .
552.It Cm no-X11-forwarding
553Forbids X11 forwarding when this key is used for authentication.
554Any X11 forward requests by the client will return an error.
555.It Cm permitopen="host:port"
556Limit local port forwarding with
557.Xr ssh 1
558.Fl L
559such that it may only connect to the specified host and port.
560IPv6 addresses can be specified by enclosing the address in square brackets.
561Multiple
562.Cm permitopen
563options may be applied separated by commas.
564No pattern matching is performed on the specified hostnames,
565they must be literal domains or addresses.
566A port specification of
567.Cm *
568matches any port.
569.It Cm port-forwarding
570Enable port forwarding previously disabled by the
571.Cm restrict
572.It Cm principals="principals"
573On a
574.Cm cert-authority
575line, specifies allowed principals for certificate authentication as a
576comma-separated list.
577At least one name from the list must appear in the certificate's
578list of principals for the certificate to be accepted.
579This option is ignored for keys that are not marked as trusted certificate
580signers using the
581.Cm cert-authority
582option.
583.It Cm pty
584Permits tty allocation previously disabled by the
585.Cm restrict
586option.
587.It Cm restrict
588Enable all restrictions, i.e. disable port, agent and X11 forwarding,
589as well as disabling PTY allocation
590and execution of
591.Pa ~/.ssh/rc .
592If any future restriction capabilities are added to authorized_keys files
593they will be included in this set.
594.It Cm tunnel="n"
595Force a
596.Xr tun 4
597device on the server.
598Without this option, the next available device will be used if
599the client requests a tunnel.
600.It Cm user-rc
601Enables execution of
602.Pa ~/.ssh/rc
603previously disabled by the
604.Cm restrict
605option.
606.It Cm X11-forwarding
607Permits X11 forwarding previously disabled by the
608.Cm restrict
609option.
610.El
611.Pp
612An example authorized_keys file:
613.Bd -literal -offset 3n
614# Comments allowed at start of line
615ssh-rsa AAAAB3Nza...LiPk== user@example.net
616from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
617AAAAB2...19Q== john@example.net
618command="dump /home",no-pty,no-port-forwarding ssh-dss
619AAAAC3...51R== example.net
620permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss
621AAAAB5...21S==
622tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...==
623jane@example.net
624restrict,command="uptime" ssh-rsa AAAA1C8...32Tv==
625user@example.net
626restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5==
627user@example.net
628.Ed
629.Sh SSH_KNOWN_HOSTS FILE FORMAT
630The
631.Pa /etc/ssh/ssh_known_hosts
632and
633.Pa ~/.ssh/known_hosts
634files contain host public keys for all known hosts.
635The global file should
636be prepared by the administrator (optional), and the per-user file is
637maintained automatically: whenever the user connects to an unknown host,
638its key is added to the per-user file.
639.Pp
640Each line in these files contains the following fields: markers (optional),
641hostnames, keytype, base64-encoded key, comment.
642The fields are separated by spaces.
643.Pp
644The marker is optional, but if it is present then it must be one of
645.Dq @cert-authority ,
646to indicate that the line contains a certification authority (CA) key,
647or
648.Dq @revoked ,
649to indicate that the key contained on the line is revoked and must not ever
650be accepted.
651Only one marker should be used on a key line.
652.Pp
653Hostnames is a comma-separated list of patterns
654.Pf ( Ql *
655and
656.Ql \&?
657act as
658wildcards); each pattern in turn is matched against the canonical host
659name (when authenticating a client) or against the user-supplied
660name (when authenticating a server).
661A pattern may also be preceded by
662.Ql \&!
663to indicate negation: if the host name matches a negated
664pattern, it is not accepted (by that line) even if it matched another
665pattern on the line.
666A hostname or address may optionally be enclosed within
667.Ql \&[
668and
669.Ql \&]
670brackets then followed by
671.Ql \&:
672and a non-standard port number.
673.Pp
674Alternately, hostnames may be stored in a hashed form which hides host names
675and addresses should the file's contents be disclosed.
676Hashed hostnames start with a
677.Ql |
678character.
679Only one hashed hostname may appear on a single line and none of the above
680negation or wildcard operators may be applied.
681.Pp
682The keytype and base64-encoded key are taken directly from the host key; they
683can be obtained, for example, from
684.Pa /etc/ssh/ssh_host_rsa_key.pub .
685The optional comment field continues to the end of the line, and is not used.
686.Pp
687Lines starting with
688.Ql #
689and empty lines are ignored as comments.
690.Pp
691When performing host authentication, authentication is accepted if any
692matching line has the proper key; either one that matches exactly or,
693if the server has presented a certificate for authentication, the key
694of the certification authority that signed the certificate.
695For a key to be trusted as a certification authority, it must use the
696.Dq @cert-authority
697marker described above.
698.Pp
699The known hosts file also provides a facility to mark keys as revoked,
700for example when it is known that the associated private key has been
701stolen.
702Revoked keys are specified by including the
703.Dq @revoked
704marker at the beginning of the key line, and are never accepted for
705authentication or as certification authorities, but instead will
706produce a warning from
707.Xr ssh 1
708when they are encountered.
709.Pp
710It is permissible (but not
711recommended) to have several lines or different host keys for the same
712names.
713This will inevitably happen when short forms of host names
714from different domains are put in the file.
715It is possible
716that the files contain conflicting information; authentication is
717accepted if valid information can be found from either file.
718.Pp
719Note that the lines in these files are typically hundreds of characters
720long, and you definitely don't want to type in the host keys by hand.
721Rather, generate them by a script,
722.Xr ssh-keyscan 1
723or by taking, for example,
724.Pa /etc/ssh/ssh_host_rsa_key.pub
725and adding the host names at the front.
726.Xr ssh-keygen 1
727also offers some basic automated editing for
728.Pa ~/.ssh/known_hosts
729including removing hosts matching a host name and converting all host
730names to their hashed representations.
731.Pp
732An example ssh_known_hosts file:
733.Bd -literal -offset 3n
734# Comments allowed at start of line
735closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net
736cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....=
737# A hashed hostname
738|1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa
739AAAA1234.....=
740# A revoked key
741@revoked * ssh-rsa AAAAB5W...
742# A CA key, accepted for any host in *.mydomain.com or *.mydomain.org
743@cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W...
744.Ed
745.Sh FILES
746.Bl -tag -width Ds -compact
747.It Pa ~/.hushlogin
748This file is used to suppress printing the last login time and
749.Pa /etc/motd ,
750if
751.Cm PrintLastLog
752and
753.Cm PrintMotd ,
754respectively,
755are enabled.
756It does not suppress printing of the banner specified by
757.Cm Banner .
758.Pp
759.It Pa ~/.rhosts
760This file is used for host-based authentication (see
761.Xr ssh 1
762for more information).
763On some machines this file may need to be
764world-readable if the user's home directory is on an NFS partition,
765because
766.Nm
767reads it as root.
768Additionally, this file must be owned by the user,
769and must not have write permissions for anyone else.
770The recommended
771permission for most machines is read/write for the user, and not
772accessible by others.
773.Pp
774.It Pa ~/.shosts
775This file is used in exactly the same way as
776.Pa .rhosts ,
777but allows host-based authentication without permitting login with
778rlogin/rsh.
779.Pp
780.It Pa ~/.ssh/
781This directory is the default location for all user-specific configuration
782and authentication information.
783There is no general requirement to keep the entire contents of this directory
784secret, but the recommended permissions are read/write/execute for the user,
785and not accessible by others.
786.Pp
787.It Pa ~/.ssh/authorized_keys
788Lists the public keys (DSA, ECDSA, Ed25519, RSA)
789that can be used for logging in as this user.
790The format of this file is described above.
791The content of the file is not highly sensitive, but the recommended
792permissions are read/write for the user, and not accessible by others.
793.Pp
794If this file, the
795.Pa ~/.ssh
796directory, or the user's home directory are writable
797by other users, then the file could be modified or replaced by unauthorized
798users.
799In this case,
800.Nm
801will not allow it to be used unless the
802.Cm StrictModes
803option has been set to
804.Dq no .
805.Pp
806.It Pa ~/.ssh/environment
807This file is read into the environment at login (if it exists).
808It can only contain empty lines, comment lines (that start with
809.Ql # ) ,
810and assignment lines of the form name=value.
811The file should be writable
812only by the user; it need not be readable by anyone else.
813Environment processing is disabled by default and is
814controlled via the
815.Cm PermitUserEnvironment
816option.
817.Pp
818.It Pa ~/.ssh/known_hosts
819Contains a list of host keys for all hosts the user has logged into
820that are not already in the systemwide list of known host keys.
821The format of this file is described above.
822This file should be writable only by root/the owner and
823can, but need not be, world-readable.
824.Pp
825.It Pa ~/.ssh/rc
826Contains initialization routines to be run before
827the user's home directory becomes accessible.
828This file should be writable only by the user, and need not be
829readable by anyone else.
830.Pp
831.It Pa /etc/hosts.allow
832.It Pa /etc/hosts.deny
833Access controls that should be enforced by tcp-wrappers are defined here.
834Further details are described in
835.Xr hosts_access 5 .
836.Pp
837.It Pa /etc/hosts.equiv
838This file is for host-based authentication (see
839.Xr ssh 1 ) .
840It should only be writable by root.
841.Pp
842.It Pa /etc/moduli
843Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange"
844key exchange method.
845The file format is described in
846.Xr moduli 5 .
847If no usable groups are found in this file then fixed internal groups will
848be used.
849.Pp
850.It Pa /etc/motd
851See
852.Xr motd 5 .
853.Pp
854.It Pa /etc/nologin
855If this file exists,
856.Nm
857refuses to let anyone except root log in.
858The contents of the file
859are displayed to anyone trying to log in, and non-root connections are
860refused.
861The file should be world-readable.
862.Pp
863.It Pa /etc/shosts.equiv
864This file is used in exactly the same way as
865.Pa hosts.equiv ,
866but allows host-based authentication without permitting login with
867rlogin/rsh.
868.Pp
869.It Pa /etc/ssh/ssh_host_dsa_key
870.It Pa /etc/ssh/ssh_host_ecdsa_key
871.It Pa /etc/ssh/ssh_host_ed25519_key
872.It Pa /etc/ssh/ssh_host_rsa_key
873These files contain the private parts of the host keys.
874These files should only be owned by root, readable only by root, and not
875accessible to others.
876Note that
877.Nm
878does not start if these files are group/world-accessible.
879.Pp
880.It Pa /etc/ssh/ssh_host_dsa_key.pub
881.It Pa /etc/ssh/ssh_host_ecdsa_key.pub
882.It Pa /etc/ssh/ssh_host_ed25519_key.pub
883.It Pa /etc/ssh/ssh_host_rsa_key.pub
884These files contain the public parts of the host keys.
885These files should be world-readable but writable only by
886root.
887Their contents should match the respective private parts.
888These files are not
889really used for anything; they are provided for the convenience of
890the user so their contents can be copied to known hosts files.
891These files are created using
892.Xr ssh-keygen 1 .
893.Pp
894.It Pa /etc/ssh/ssh_known_hosts
895Systemwide list of known host keys.
896This file should be prepared by the
897system administrator to contain the public host keys of all machines in the
898organization.
899The format of this file is described above.
900This file should be writable only by root/the owner and
901should be world-readable.
902.Pp
903.It Pa /etc/ssh/sshd_config
904Contains configuration data for
905.Nm sshd .
906The file format and configuration options are described in
907.Xr sshd_config 5 .
908.Pp
909.It Pa /etc/ssh/sshrc
910Similar to
911.Pa ~/.ssh/rc ,
912it can be used to specify
913machine-specific login-time initializations globally.
914This file should be writable only by root, and should be world-readable.
915.Pp
916.It Pa /var/empty
917.Xr chroot 2
918directory used by
919.Nm
920during privilege separation in the pre-authentication phase.
921The directory should not contain any files and must be owned by root
922and not group or world-writable.
923.Pp
924.It Pa /var/run/sshd.pid
925Contains the process ID of the
926.Nm
927listening for connections (if there are several daemons running
928concurrently for different ports, this contains the process ID of the one
929started last).
930The content of this file is not sensitive; it can be world-readable.
931.El
932.Sh SEE ALSO
933.Xr scp 1 ,
934.Xr sftp 1 ,
935.Xr ssh 1 ,
936.Xr ssh-add 1 ,
937.Xr ssh-agent 1 ,
938.Xr ssh-keygen 1 ,
939.Xr ssh-keyscan 1 ,
940.Xr chroot 2 ,
941.Xr hosts_access 5 ,
942.Xr login.conf 5 ,
943.Xr moduli 5 ,
944.Xr sshd_config 5 ,
945.Xr inetd 8 ,
946.Xr sftp-server 8
947.Sh AUTHORS
948OpenSSH is a derivative of the original and free
949ssh 1.2.12 release by Tatu Ylonen.
950Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
951Theo de Raadt and Dug Song
952removed many bugs, re-added newer features and
953created OpenSSH.
954Markus Friedl contributed the support for SSH
955protocol versions 1.5 and 2.0.
956Niels Provos and Markus Friedl contributed support
957for privilege separation.
958