1.\" -*- nroff -*- 2.\" 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5.\" All rights reserved 6.\" 7.\" As far as I am concerned, the code I have written for this software 8.\" can be used freely for any purpose. Any derived versions of this 9.\" software must be clearly marked as such, and if the derived work is 10.\" incompatible with the protocol description in the RFC file, it must be 11.\" called by a name other than "ssh" or "Secure Shell". 12.\" 13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 16.\" 17.\" Redistribution and use in source and binary forms, with or without 18.\" modification, are permitted provided that the following conditions 19.\" are met: 20.\" 1. Redistributions of source code must retain the above copyright 21.\" notice, this list of conditions and the following disclaimer. 22.\" 2. Redistributions in binary form must reproduce the above copyright 23.\" notice, this list of conditions and the following disclaimer in the 24.\" documentation and/or other materials provided with the distribution. 25.\" 26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" 37.\" $OpenBSD: sshd_config.5,v 1.4 2002/06/22 16:45:29 stevesk Exp $ 38.\" $FreeBSD$ 39.Dd September 25, 1999 40.Dt SSHD_CONFIG 5 41.Os 42.Sh NAME 43.Nm sshd_config 44.Nd OpenSSH SSH daemon configuration file 45.Sh SYNOPSIS 46.Bl -tag -width Ds -compact 47.It Pa /etc/ssh/sshd_config 48.El 49.Sh DESCRIPTION 50.Nm sshd 51reads configuration data from 52.Pa /etc/ssh/sshd_config 53(or the file specified with 54.Fl f 55on the command line). 56The file contains keyword-argument pairs, one per line. 57Lines starting with 58.Ql # 59and empty lines are interpreted as comments. 60.Pp 61The possible 62keywords and their meanings are as follows (note that 63keywords are case-insensitive and arguments are case-sensitive): 64.Bl -tag -width Ds 65.It Cm AFSTokenPassing 66Specifies whether an AFS token may be forwarded to the server. 67Default is 68.Dq no . 69.It Cm AllowGroups 70This keyword can be followed by a list of group name patterns, separated 71by spaces. 72If specified, login is allowed only for users whose primary 73group or supplementary group list matches one of the patterns. 74.Ql \&* 75and 76.Ql ? 77can be used as 78wildcards in the patterns. 79Only group names are valid; a numerical group ID is not recognized. 80By default, login is allowed for all groups. 81.Pp 82.It Cm AllowTcpForwarding 83Specifies whether TCP forwarding is permitted. 84The default is 85.Dq yes . 86Note that disabling TCP forwarding does not improve security unless 87users are also denied shell access, as they can always install their 88own forwarders. 89.Pp 90.It Cm AllowUsers 91This keyword can be followed by a list of user name patterns, separated 92by spaces. 93If specified, login is allowed only for users names that 94match one of the patterns. 95.Ql \&* 96and 97.Ql ? 98can be used as 99wildcards in the patterns. 100Only user names are valid; a numerical user ID is not recognized. 101By default, login is allowed for all users. 102If the pattern takes the form USER@HOST then USER and HOST 103are separately checked, restricting logins to particular 104users from particular hosts. 105.Pp 106.It Cm AuthorizedKeysFile 107Specifies the file that contains the public keys that can be used 108for user authentication. 109.Cm AuthorizedKeysFile 110may contain tokens of the form %T which are substituted during connection 111set-up. The following tokens are defined: %% is replaced by a literal '%', 112%h is replaced by the home directory of the user being authenticated and 113%u is replaced by the username of that user. 114After expansion, 115.Cm AuthorizedKeysFile 116is taken to be an absolute path or one relative to the user's home 117directory. 118The default is 119.Dq .ssh/authorized_keys . 120.It Cm Banner 121In some jurisdictions, sending a warning message before authentication 122may be relevant for getting legal protection. 123The contents of the specified file are sent to the remote user before 124authentication is allowed. 125This option is only available for protocol version 2. 126By default, no banner is displayed. 127.Pp 128.It Cm ChallengeResponseAuthentication 129Specifies whether challenge response authentication is allowed. 130All authentication styles from 131.Xr login.conf 5 132are supported. 133The default is 134.Dq yes . 135.It Cm Ciphers 136Specifies the ciphers allowed for protocol version 2. 137Multiple ciphers must be comma-separated. 138The default is 139.Pp 140.Bd -literal 141 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, 142 aes192-cbc,aes256-cbc'' 143.Ed 144.It Cm ClientAliveInterval 145Sets a timeout interval in seconds after which if no data has been received 146from the client, 147.Nm sshd 148will send a message through the encrypted 149channel to request a response from the client. 150The default 151is 0, indicating that these messages will not be sent to the client. 152This option applies to protocol version 2 only. 153.It Cm ClientAliveCountMax 154Sets the number of client alive messages (see above) which may be 155sent without 156.Nm sshd 157receiving any messages back from the client. If this threshold is 158reached while client alive messages are being sent, 159.Nm sshd 160will disconnect the client, terminating the session. It is important 161to note that the use of client alive messages is very different from 162.Cm KeepAlive 163(below). The client alive messages are sent through the 164encrypted channel and therefore will not be spoofable. The TCP keepalive 165option enabled by 166.Cm KeepAlive 167is spoofable. The client alive mechanism is valuable when the client or 168server depend on knowing when a connection has become inactive. 169.Pp 170The default value is 3. If 171.Cm ClientAliveInterval 172(above) is set to 15, and 173.Cm ClientAliveCountMax 174is left at the default, unresponsive ssh clients 175will be disconnected after approximately 45 seconds. 176.It Cm Compression 177Specifies whether compression is allowed. 178The argument must be 179.Dq yes 180or 181.Dq no . 182The default is 183.Dq yes . 184.It Cm DenyGroups 185This keyword can be followed by a list of group name patterns, separated 186by spaces. 187Login is disallowed for users whose primary group or supplementary 188group list matches one of the patterns. 189.Ql \&* 190and 191.Ql ? 192can be used as 193wildcards in the patterns. 194Only group names are valid; a numerical group ID is not recognized. 195By default, login is allowed for all groups. 196.Pp 197.It Cm DenyUsers 198This keyword can be followed by a list of user name patterns, separated 199by spaces. 200Login is disallowed for user names that match one of the patterns. 201.Ql \&* 202and 203.Ql ? 204can be used as wildcards in the patterns. 205Only user names are valid; a numerical user ID is not recognized. 206By default, login is allowed for all users. 207If the pattern takes the form USER@HOST then USER and HOST 208are separately checked, restricting logins to particular 209users from particular hosts. 210.It Cm GatewayPorts 211Specifies whether remote hosts are allowed to connect to ports 212forwarded for the client. 213By default, 214.Nm sshd 215binds remote port forwardings to the loopback address. This 216prevents other remote hosts from connecting to forwarded ports. 217.Cm GatewayPorts 218can be used to specify that 219.Nm sshd 220should bind remote port forwardings to the wildcard address, 221thus allowing remote hosts to connect to forwarded ports. 222The argument must be 223.Dq yes 224or 225.Dq no . 226The default is 227.Dq no . 228.It Cm HostbasedAuthentication 229Specifies whether rhosts or /etc/hosts.equiv authentication together 230with successful public key client host authentication is allowed 231(hostbased authentication). 232This option is similar to 233.Cm RhostsRSAAuthentication 234and applies to protocol version 2 only. 235The default is 236.Dq no . 237.It Cm HostKey 238Specifies a file containing a private host key 239used by SSH. 240The default is 241.Pa /etc/ssh/ssh_host_key 242for protocol version 1, and 243.Pa /etc/ssh/ssh_host_rsa_key 244and 245.Pa /etc/ssh/ssh_host_dsa_key 246for protocol version 2. 247Note that 248.Nm sshd 249will refuse to use a file if it is group/world-accessible. 250It is possible to have multiple host key files. 251.Dq rsa1 252keys are used for version 1 and 253.Dq dsa 254or 255.Dq rsa 256are used for version 2 of the SSH protocol. 257.It Cm IgnoreRhosts 258Specifies that 259.Pa .rhosts 260and 261.Pa .shosts 262files will not be used in 263.Cm RhostsAuthentication , 264.Cm RhostsRSAAuthentication 265or 266.Cm HostbasedAuthentication . 267.Pp 268.Pa /etc/hosts.equiv 269and 270.Pa /etc/ssh/shosts.equiv 271are still used. 272The default is 273.Dq yes . 274.It Cm IgnoreUserKnownHosts 275Specifies whether 276.Nm sshd 277should ignore the user's 278.Pa $HOME/.ssh/known_hosts 279during 280.Cm RhostsRSAAuthentication 281or 282.Cm HostbasedAuthentication . 283The default is 284.Dq no . 285.It Cm KeepAlive 286Specifies whether the system should send TCP keepalive messages to the 287other side. 288If they are sent, death of the connection or crash of one 289of the machines will be properly noticed. 290However, this means that 291connections will die if the route is down temporarily, and some people 292find it annoying. 293On the other hand, if keepalives are not sent, 294sessions may hang indefinitely on the server, leaving 295.Dq ghost 296users and consuming server resources. 297.Pp 298The default is 299.Dq yes 300(to send keepalives), and the server will notice 301if the network goes down or the client host crashes. 302This avoids infinitely hanging sessions. 303.Pp 304To disable keepalives, the value should be set to 305.Dq no . 306.It Cm KerberosAuthentication 307Specifies whether Kerberos authentication is allowed. 308This can be in the form of a Kerberos ticket, or if 309.Cm PasswordAuthentication 310is yes, the password provided by the user will be validated through 311the Kerberos KDC. 312To use this option, the server needs a 313Kerberos servtab which allows the verification of the KDC's identity. 314Default is 315.Dq no . 316.It Cm KerberosOrLocalPasswd 317If set then if password authentication through Kerberos fails then 318the password will be validated via any additional local mechanism 319such as 320.Pa /etc/passwd . 321Default is 322.Dq yes . 323.It Cm KerberosTgtPassing 324Specifies whether a Kerberos TGT may be forwarded to the server. 325Default is 326.Dq no , 327as this only works when the Kerberos KDC is actually an AFS kaserver. 328.It Cm KerberosTicketCleanup 329Specifies whether to automatically destroy the user's ticket cache 330file on logout. 331Default is 332.Dq yes . 333.It Cm KeyRegenerationInterval 334In protocol version 1, the ephemeral server key is automatically regenerated 335after this many seconds (if it has been used). 336The purpose of regeneration is to prevent 337decrypting captured sessions by later breaking into the machine and 338stealing the keys. 339The key is never stored anywhere. 340If the value is 0, the key is never regenerated. 341The default is 3600 (seconds). 342.It Cm ListenAddress 343Specifies the local addresses 344.Nm sshd 345should listen on. 346The following forms may be used: 347.Pp 348.Bl -item -offset indent -compact 349.It 350.Cm ListenAddress 351.Sm off 352.Ar host No | Ar IPv4_addr No | Ar IPv6_addr 353.Sm on 354.It 355.Cm ListenAddress 356.Sm off 357.Ar host No | Ar IPv4_addr No : Ar port 358.Sm on 359.It 360.Cm ListenAddress 361.Sm off 362.Oo 363.Ar host No | Ar IPv6_addr Oc : Ar port 364.Sm on 365.El 366.Pp 367If 368.Ar port 369is not specified, 370.Nm sshd 371will listen on the address and all prior 372.Cm Port 373options specified. The default is to listen on all local 374addresses. Multiple 375.Cm ListenAddress 376options are permitted. Additionally, any 377.Cm Port 378options must precede this option for non port qualified addresses. 379.It Cm LoginGraceTime 380The server disconnects after this time if the user has not 381successfully logged in. 382If the value is 0, there is no time limit. 383The default is 120 (seconds). 384.It Cm LogLevel 385Gives the verbosity level that is used when logging messages from 386.Nm sshd . 387The possible values are: 388QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. 389The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 390and DEBUG3 each specify higher levels of debugging output. 391Logging with a DEBUG level violates the privacy of users 392and is not recommended. 393.It Cm MACs 394Specifies the available MAC (message authentication code) algorithms. 395The MAC algorithm is used in protocol version 2 396for data integrity protection. 397Multiple algorithms must be comma-separated. 398The default is 399.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . 400.It Cm MaxStartups 401Specifies the maximum number of concurrent unauthenticated connections to the 402.Nm sshd 403daemon. 404Additional connections will be dropped until authentication succeeds or the 405.Cm LoginGraceTime 406expires for a connection. 407The default is 10. 408.Pp 409Alternatively, random early drop can be enabled by specifying 410the three colon separated values 411.Dq start:rate:full 412(e.g., "10:30:60"). 413.Nm sshd 414will refuse connection attempts with a probability of 415.Dq rate/100 416(30%) 417if there are currently 418.Dq start 419(10) 420unauthenticated connections. 421The probability increases linearly and all connection attempts 422are refused if the number of unauthenticated connections reaches 423.Dq full 424(60). 425.It Cm PAMAuthenticationViaKbdInt 426Specifies whether PAM challenge response authentication is allowed. This 427allows the use of most PAM challenge response authentication modules, but 428it will allow password authentication regardless of whether 429.Cm PasswordAuthentication 430is enabled. 431.It Cm PasswordAuthentication 432Specifies whether password authentication is allowed. 433The default is 434.Dq yes . 435.It Cm PermitEmptyPasswords 436When password authentication is allowed, it specifies whether the 437server allows login to accounts with empty password strings. 438The default is 439.Dq no . 440.It Cm PermitRootLogin 441Specifies whether root can login using 442.Xr ssh 1 . 443The argument must be 444.Dq yes , 445.Dq without-password , 446.Dq forced-commands-only 447or 448.Dq no . 449The default is 450.Dq no . 451.Pp 452If this option is set to 453.Dq without-password 454password authentication is disabled for root. 455.Pp 456If this option is set to 457.Dq forced-commands-only 458root login with public key authentication will be allowed, 459but only if the 460.Ar command 461option has been specified 462(which may be useful for taking remote backups even if root login is 463normally not allowed). All other authentication methods are disabled 464for root. 465.Pp 466If this option is set to 467.Dq no 468root is not allowed to login. 469.It Cm PidFile 470Specifies the file that contains the process ID of the 471.Nm sshd 472daemon. 473The default is 474.Pa /var/run/sshd.pid . 475.It Cm Port 476Specifies the port number that 477.Nm sshd 478listens on. 479The default is 22. 480Multiple options of this type are permitted. 481See also 482.Cm ListenAddress . 483.It Cm PrintLastLog 484Specifies whether 485.Nm sshd 486should print the date and time when the user last logged in. 487The default is 488.Dq yes . 489.It Cm PrintMotd 490Specifies whether 491.Nm sshd 492should print 493.Pa /etc/motd 494when a user logs in interactively. 495(On some systems it is also printed by the shell, 496.Pa /etc/profile , 497or equivalent.) 498The default is 499.Dq yes . 500.It Cm Protocol 501Specifies the protocol versions 502.Nm sshd 503should support. 504The possible values are 505.Dq 1 506and 507.Dq 2 . 508Multiple versions must be comma-separated. 509The default is 510.Dq 2,1 . 511.It Cm PubkeyAuthentication 512Specifies whether public key authentication is allowed. 513The default is 514.Dq yes . 515Note that this option applies to protocol version 2 only. 516.It Cm RhostsAuthentication 517Specifies whether authentication using rhosts or 518.Pa /etc/hosts.equiv 519files is sufficient. 520Normally, this method should not be permitted because it is insecure. 521.Cm RhostsRSAAuthentication 522should be used 523instead, because it performs RSA-based host authentication in addition 524to normal rhosts or 525.Pa /etc/hosts.equiv 526authentication. 527The default is 528.Dq no . 529This option applies to protocol version 1 only. 530.It Cm RhostsRSAAuthentication 531Specifies whether rhosts or 532.Pa /etc/hosts.equiv 533authentication together 534with successful RSA host authentication is allowed. 535The default is 536.Dq no . 537This option applies to protocol version 1 only. 538.It Cm RSAAuthentication 539Specifies whether pure RSA authentication is allowed. 540The default is 541.Dq yes . 542This option applies to protocol version 1 only. 543.It Cm ServerKeyBits 544Defines the number of bits in the ephemeral protocol version 1 server key. 545The minimum value is 512, and the default is 768. 546.It Cm StrictModes 547Specifies whether 548.Nm sshd 549should check file modes and ownership of the 550user's files and home directory before accepting login. 551This is normally desirable because novices sometimes accidentally leave their 552directory or files world-writable. 553The default is 554.Dq yes . 555.It Cm Subsystem 556Configures an external subsystem (e.g., file transfer daemon). 557Arguments should be a subsystem name and a command to execute upon subsystem 558request. 559The command 560.Xr sftp-server 8 561implements the 562.Dq sftp 563file transfer subsystem. 564By default no subsystems are defined. 565Note that this option applies to protocol version 2 only. 566.It Cm SyslogFacility 567Gives the facility code that is used when logging messages from 568.Nm sshd . 569The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 570LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 571The default is AUTH. 572.It Cm UseLogin 573Specifies whether 574.Xr login 1 575is used for interactive login sessions. 576The default is 577.Dq no . 578Note that 579.Xr login 1 580is never used for remote command execution. 581Note also, that if this is enabled, 582.Cm X11Forwarding 583will be disabled because 584.Xr login 1 585does not know how to handle 586.Xr xauth 1 587cookies. If 588.Cm UsePrivilegeSeparation 589is specified, it will be disabled after authentication. 590.It Cm UsePrivilegeSeparation 591Specifies whether 592.Nm sshd 593separates privileges by creating an unprivileged child process 594to deal with incoming network traffic. After successful authentication, 595another process will be created that has the privilege of the authenticated 596user. The goal of privilege separation is to prevent privilege 597escalation by containing any corruption within the unprivileged processes. 598The default is 599.Dq yes . 600.It Cm VerifyReverseMapping 601Specifies whether 602.Nm sshd 603should try to verify the remote host name and check that 604the resolved host name for the remote IP address maps back to the 605very same IP address. 606The default is 607.Dq no . 608.It Cm VersionAddendum 609Specifies a string to append to the regular version string to identify 610OS- or site-specific modifications. 611.It Cm X11DisplayOffset 612Specifies the first display number available for 613.Nm sshd Ns 's 614X11 forwarding. 615This prevents 616.Nm sshd 617from interfering with real X11 servers. 618The default is 10. 619.It Cm X11Forwarding 620Specifies whether X11 forwarding is permitted. 621The default is 622.Dq no . 623Note that disabling X11 forwarding does not improve security in any 624way, as users can always install their own forwarders. 625X11 forwarding is automatically disabled if 626.Cm UseLogin 627is enabled. 628.It Cm X11UseLocalhost 629Specifies whether 630.Nm sshd 631should bind the X11 forwarding server to the loopback address or to 632the wildcard address. By default, 633.Nm sshd 634binds the forwarding server to the loopback address and sets the 635hostname part of the 636.Ev DISPLAY 637environment variable to 638.Dq localhost . 639This prevents remote hosts from connecting to the fake display. 640However, some older X11 clients may not function with this 641configuration. 642.Cm X11UseLocalhost 643may be set to 644.Dq no 645to specify that the forwarding server should be bound to the wildcard 646address. 647The argument must be 648.Dq yes 649or 650.Dq no . 651The default is 652.Dq yes . 653.It Cm XAuthLocation 654Specifies the location of the 655.Xr xauth 1 656program. 657The default is 658.Pa /usr/X11R6/bin/xauth . 659.El 660.Ss Time Formats 661.Pp 662.Nm sshd 663command-line arguments and configuration file options that specify time 664may be expressed using a sequence of the form: 665.Sm off 666.Ar time Oo Ar qualifier Oc , 667.Sm on 668where 669.Ar time 670is a positive integer value and 671.Ar qualifier 672is one of the following: 673.Pp 674.Bl -tag -width Ds -compact -offset indent 675.It Cm <none> 676seconds 677.It Cm s | Cm S 678seconds 679.It Cm m | Cm M 680minutes 681.It Cm h | Cm H 682hours 683.It Cm d | Cm D 684days 685.It Cm w | Cm W 686weeks 687.El 688.Pp 689Each member of the sequence is added together to calculate 690the total time value. 691.Pp 692Time format examples: 693.Pp 694.Bl -tag -width Ds -compact -offset indent 695.It 600 696600 seconds (10 minutes) 697.It 10m 69810 minutes 699.It 1h30m 7001 hour 30 minutes (90 minutes) 701.El 702.Sh FILES 703.Bl -tag -width Ds 704.It Pa /etc/ssh/sshd_config 705Contains configuration data for 706.Nm sshd . 707This file should be writable by root only, but it is recommended 708(though not necessary) that it be world-readable. 709.El 710.Sh AUTHORS 711OpenSSH is a derivative of the original and free 712ssh 1.2.12 release by Tatu Ylonen. 713Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 714Theo de Raadt and Dug Song 715removed many bugs, re-added newer features and 716created OpenSSH. 717Markus Friedl contributed the support for SSH 718protocol versions 1.5 and 2.0. 719Niels Provos and Markus Friedl contributed support 720for privilege separation. 721.Sh SEE ALSO 722.Xr sshd 8 723