xref: /freebsd/crypto/openssh/sshd_config.5 (revision 3422ca83ba48e5c9174542a2d3ba8225275779a6)
1.\"
2.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4.\"                    All rights reserved
5.\"
6.\" As far as I am concerned, the code I have written for this software
7.\" can be used freely for any purpose.  Any derived versions of this
8.\" software must be clearly marked as such, and if the derived work is
9.\" incompatible with the protocol description in the RFC file, it must be
10.\" called by a name other than "ssh" or "Secure Shell".
11.\"
12.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
13.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
14.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
15.\"
16.\" Redistribution and use in source and binary forms, with or without
17.\" modification, are permitted provided that the following conditions
18.\" are met:
19.\" 1. Redistributions of source code must retain the above copyright
20.\"    notice, this list of conditions and the following disclaimer.
21.\" 2. Redistributions in binary form must reproduce the above copyright
22.\"    notice, this list of conditions and the following disclaimer in the
23.\"    documentation and/or other materials provided with the distribution.
24.\"
25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\"
36.\" $OpenBSD: sshd_config.5,v 1.282 2018/09/20 03:28:06 djm Exp $
37.\" $FreeBSD$
38.Dd $Mdocdate: July 28 2020 $
39.Dt SSHD_CONFIG 5
40.Os
41.Sh NAME
42.Nm sshd_config
43.Nd OpenSSH SSH daemon configuration file
44.Sh DESCRIPTION
45.Xr sshd 8
46reads configuration data from
47.Pa /etc/ssh/sshd_config
48(or the file specified with
49.Fl f
50on the command line).
51The file contains keyword-argument pairs, one per line.
52For each keyword, the first obtained value will be used.
53Lines starting with
54.Ql #
55and empty lines are interpreted as comments.
56Arguments may optionally be enclosed in double quotes
57.Pq \&"
58in order to represent arguments containing spaces.
59.Pp
60The possible
61keywords and their meanings are as follows (note that
62keywords are case-insensitive and arguments are case-sensitive):
63.Bl -tag -width Ds
64.It Cm AcceptEnv
65Specifies what environment variables sent by the client will be copied into
66the session's
67.Xr environ 7 .
68See
69.Cm SendEnv
70and
71.Cm SetEnv
72in
73.Xr ssh_config 5
74for how to configure the client.
75The
76.Ev TERM
77environment variable is always accepted whenever the client
78requests a pseudo-terminal as it is required by the protocol.
79Variables are specified by name, which may contain the wildcard characters
80.Ql *
81and
82.Ql \&? .
83Multiple environment variables may be separated by whitespace or spread
84across multiple
85.Cm AcceptEnv
86directives.
87Be warned that some environment variables could be used to bypass restricted
88user environments.
89For this reason, care should be taken in the use of this directive.
90The default is not to accept any environment variables.
91.It Cm AddressFamily
92Specifies which address family should be used by
93.Xr sshd 8 .
94Valid arguments are
95.Cm any
96(the default),
97.Cm inet
98(use IPv4 only), or
99.Cm inet6
100(use IPv6 only).
101.It Cm AllowAgentForwarding
102Specifies whether
103.Xr ssh-agent 1
104forwarding is permitted.
105The default is
106.Cm yes .
107Note that disabling agent forwarding does not improve security
108unless users are also denied shell access, as they can always install
109their own forwarders.
110.It Cm AllowGroups
111This keyword can be followed by a list of group name patterns, separated
112by spaces.
113If specified, login is allowed only for users whose primary
114group or supplementary group list matches one of the patterns.
115Only group names are valid; a numerical group ID is not recognized.
116By default, login is allowed for all groups.
117The allow/deny directives are processed in the following order:
118.Cm DenyUsers ,
119.Cm AllowUsers ,
120.Cm DenyGroups ,
121and finally
122.Cm AllowGroups .
123.Pp
124See PATTERNS in
125.Xr ssh_config 5
126for more information on patterns.
127.It Cm AllowStreamLocalForwarding
128Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
129The available options are
130.Cm yes
131(the default)
132or
133.Cm all
134to allow StreamLocal forwarding,
135.Cm no
136to prevent all StreamLocal forwarding,
137.Cm local
138to allow local (from the perspective of
139.Xr ssh 1 )
140forwarding only or
141.Cm remote
142to allow remote forwarding only.
143Note that disabling StreamLocal forwarding does not improve security unless
144users are also denied shell access, as they can always install their
145own forwarders.
146.It Cm AllowTcpForwarding
147Specifies whether TCP forwarding is permitted.
148The available options are
149.Cm yes
150(the default)
151or
152.Cm all
153to allow TCP forwarding,
154.Cm no
155to prevent all TCP forwarding,
156.Cm local
157to allow local (from the perspective of
158.Xr ssh 1 )
159forwarding only or
160.Cm remote
161to allow remote forwarding only.
162Note that disabling TCP forwarding does not improve security unless
163users are also denied shell access, as they can always install their
164own forwarders.
165.It Cm AllowUsers
166This keyword can be followed by a list of user name patterns, separated
167by spaces.
168If specified, login is allowed only for user names that
169match one of the patterns.
170Only user names are valid; a numerical user ID is not recognized.
171By default, login is allowed for all users.
172If the pattern takes the form USER@HOST then USER and HOST
173are separately checked, restricting logins to particular
174users from particular hosts.
175HOST criteria may additionally contain addresses to match in CIDR
176address/masklen format.
177The allow/deny directives are processed in the following order:
178.Cm DenyUsers ,
179.Cm AllowUsers ,
180.Cm DenyGroups ,
181and finally
182.Cm AllowGroups .
183.Pp
184See PATTERNS in
185.Xr ssh_config 5
186for more information on patterns.
187.It Cm AuthenticationMethods
188Specifies the authentication methods that must be successfully completed
189for a user to be granted access.
190This option must be followed by one or more lists of comma-separated
191authentication method names, or by the single string
192.Cm any
193to indicate the default behaviour of accepting any single authentication
194method.
195If the default is overridden, then successful authentication requires
196completion of every method in at least one of these lists.
197.Pp
198For example,
199.Qq publickey,password publickey,keyboard-interactive
200would require the user to complete public key authentication, followed by
201either password or keyboard interactive authentication.
202Only methods that are next in one or more lists are offered at each stage,
203so for this example it would not be possible to attempt password or
204keyboard-interactive authentication before public key.
205.Pp
206For keyboard interactive authentication it is also possible to
207restrict authentication to a specific device by appending a
208colon followed by the device identifier
209.Cm bsdauth
210or
211.Cm pam .
212depending on the server configuration.
213For example,
214.Qq keyboard-interactive:bsdauth
215would restrict keyboard interactive authentication to the
216.Cm bsdauth
217device.
218.Pp
219If the publickey method is listed more than once,
220.Xr sshd 8
221verifies that keys that have been used successfully are not reused for
222subsequent authentications.
223For example,
224.Qq publickey,publickey
225requires successful authentication using two different public keys.
226.Pp
227Note that each authentication method listed should also be explicitly enabled
228in the configuration.
229.Pp
230The available authentication methods are:
231.Qq gssapi-with-mic ,
232.Qq hostbased ,
233.Qq keyboard-interactive ,
234.Qq none
235(used for access to password-less accounts when
236.Cm PermitEmptyPasswords
237is enabled),
238.Qq password
239and
240.Qq publickey .
241.It Cm AuthorizedKeysCommand
242Specifies a program to be used to look up the user's public keys.
243The program must be owned by root, not writable by group or others and
244specified by an absolute path.
245Arguments to
246.Cm AuthorizedKeysCommand
247accept the tokens described in the
248.Sx TOKENS
249section.
250If no arguments are specified then the username of the target user is used.
251.Pp
252The program should produce on standard output zero or
253more lines of authorized_keys output (see
254.Sx AUTHORIZED_KEYS
255in
256.Xr sshd 8 ) .
257If a key supplied by
258.Cm AuthorizedKeysCommand
259does not successfully authenticate
260and authorize the user then public key authentication continues using the usual
261.Cm AuthorizedKeysFile
262files.
263By default, no
264.Cm AuthorizedKeysCommand
265is run.
266.It Cm AuthorizedKeysCommandUser
267Specifies the user under whose account the
268.Cm AuthorizedKeysCommand
269is run.
270It is recommended to use a dedicated user that has no other role on the host
271than running authorized keys commands.
272If
273.Cm AuthorizedKeysCommand
274is specified but
275.Cm AuthorizedKeysCommandUser
276is not, then
277.Xr sshd 8
278will refuse to start.
279.It Cm AuthorizedKeysFile
280Specifies the file that contains the public keys used for user authentication.
281The format is described in the
282.Sx AUTHORIZED_KEYS FILE FORMAT
283section of
284.Xr sshd 8 .
285Arguments to
286.Cm AuthorizedKeysFile
287accept the tokens described in the
288.Sx TOKENS
289section.
290After expansion,
291.Cm AuthorizedKeysFile
292is taken to be an absolute path or one relative to the user's home
293directory.
294Multiple files may be listed, separated by whitespace.
295Alternately this option may be set to
296.Cm none
297to skip checking for user keys in files.
298The default is
299.Qq .ssh/authorized_keys .ssh/authorized_keys2 .
300.It Cm AuthorizedPrincipalsCommand
301Specifies a program to be used to generate the list of allowed
302certificate principals as per
303.Cm AuthorizedPrincipalsFile .
304The program must be owned by root, not writable by group or others and
305specified by an absolute path.
306Arguments to
307.Cm AuthorizedPrincipalsCommand
308accept the tokens described in the
309.Sx TOKENS
310section.
311If no arguments are specified then the username of the target user is used.
312.Pp
313The program should produce on standard output zero or
314more lines of
315.Cm AuthorizedPrincipalsFile
316output.
317If either
318.Cm AuthorizedPrincipalsCommand
319or
320.Cm AuthorizedPrincipalsFile
321is specified, then certificates offered by the client for authentication
322must contain a principal that is listed.
323By default, no
324.Cm AuthorizedPrincipalsCommand
325is run.
326.It Cm AuthorizedPrincipalsCommandUser
327Specifies the user under whose account the
328.Cm AuthorizedPrincipalsCommand
329is run.
330It is recommended to use a dedicated user that has no other role on the host
331than running authorized principals commands.
332If
333.Cm AuthorizedPrincipalsCommand
334is specified but
335.Cm AuthorizedPrincipalsCommandUser
336is not, then
337.Xr sshd 8
338will refuse to start.
339.It Cm AuthorizedPrincipalsFile
340Specifies a file that lists principal names that are accepted for
341certificate authentication.
342When using certificates signed by a key listed in
343.Cm TrustedUserCAKeys ,
344this file lists names, one of which must appear in the certificate for it
345to be accepted for authentication.
346Names are listed one per line preceded by key options (as described in
347.Sx AUTHORIZED_KEYS FILE FORMAT
348in
349.Xr sshd 8 ) .
350Empty lines and comments starting with
351.Ql #
352are ignored.
353.Pp
354Arguments to
355.Cm AuthorizedPrincipalsFile
356accept the tokens described in the
357.Sx TOKENS
358section.
359After expansion,
360.Cm AuthorizedPrincipalsFile
361is taken to be an absolute path or one relative to the user's home directory.
362The default is
363.Cm none ,
364i.e. not to use a principals file \(en in this case, the username
365of the user must appear in a certificate's principals list for it to be
366accepted.
367.Pp
368Note that
369.Cm AuthorizedPrincipalsFile
370is only used when authentication proceeds using a CA listed in
371.Cm TrustedUserCAKeys
372and is not consulted for certification authorities trusted via
373.Pa ~/.ssh/authorized_keys ,
374though the
375.Cm principals=
376key option offers a similar facility (see
377.Xr sshd 8
378for details).
379.It Cm Banner
380The contents of the specified file are sent to the remote user before
381authentication is allowed.
382If the argument is
383.Cm none
384then no banner is displayed.
385By default, no banner is displayed.
386.It Cm CASignatureAlgorithms
387Specifies which algorithms are allowed for signing of certificates
388by certificate authorities (CAs).
389The default is:
390.Bd -literal -offset indent
391ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
392ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
393.Ed
394.Pp
395Certificates signed using other algorithms will not be accepted for
396public key or host-based authentication.
397.It Cm ChallengeResponseAuthentication
398Specifies whether challenge-response authentication is allowed (e.g. via
399PAM or through authentication styles supported in
400.Xr login.conf 5 )
401The default is
402.Cm yes .
403.It Cm ChrootDirectory
404Specifies the pathname of a directory to
405.Xr chroot 2
406to after authentication.
407At session startup
408.Xr sshd 8
409checks that all components of the pathname are root-owned directories
410which are not writable by any other user or group.
411After the chroot,
412.Xr sshd 8
413changes the working directory to the user's home directory.
414Arguments to
415.Cm ChrootDirectory
416accept the tokens described in the
417.Sx TOKENS
418section.
419.Pp
420The
421.Cm ChrootDirectory
422must contain the necessary files and directories to support the
423user's session.
424For an interactive session this requires at least a shell, typically
425.Xr sh 1 ,
426and basic
427.Pa /dev
428nodes such as
429.Xr null 4 ,
430.Xr zero 4 ,
431.Xr stdin 4 ,
432.Xr stdout 4 ,
433.Xr stderr 4 ,
434and
435.Xr tty 4
436devices.
437For file transfer sessions using SFTP
438no additional configuration of the environment is necessary if the in-process
439sftp-server is used,
440though sessions which use logging may require
441.Pa /dev/log
442inside the chroot directory on some operating systems (see
443.Xr sftp-server 8
444for details).
445.Pp
446For safety, it is very important that the directory hierarchy be
447prevented from modification by other processes on the system (especially
448those outside the jail).
449Misconfiguration can lead to unsafe environments which
450.Xr sshd 8
451cannot detect.
452.Pp
453The default is
454.Cm none ,
455indicating not to
456.Xr chroot 2 .
457.It Cm Ciphers
458Specifies the ciphers allowed.
459Multiple ciphers must be comma-separated.
460If the specified value begins with a
461.Sq +
462character, then the specified ciphers will be appended to the default set
463instead of replacing them.
464If the specified value begins with a
465.Sq -
466character, then the specified ciphers (including wildcards) will be removed
467from the default set instead of replacing them.
468.Pp
469The supported ciphers are:
470.Pp
471.Bl -item -compact -offset indent
472.It
4733des-cbc
474.It
475aes128-cbc
476.It
477aes192-cbc
478.It
479aes256-cbc
480.It
481aes128-ctr
482.It
483aes192-ctr
484.It
485aes256-ctr
486.It
487aes128-gcm@openssh.com
488.It
489aes256-gcm@openssh.com
490.It
491chacha20-poly1305@openssh.com
492.El
493.Pp
494The default is:
495.Bd -literal -offset indent
496chacha20-poly1305@openssh.com,
497aes128-ctr,aes192-ctr,aes256-ctr,
498aes128-gcm@openssh.com,aes256-gcm@openssh.com
499.Ed
500.Pp
501The list of available ciphers may also be obtained using
502.Qq ssh -Q cipher .
503.It Cm ClientAliveCountMax
504Sets the number of client alive messages which may be sent without
505.Xr sshd 8
506receiving any messages back from the client.
507If this threshold is reached while client alive messages are being sent,
508sshd will disconnect the client, terminating the session.
509It is important to note that the use of client alive messages is very
510different from
511.Cm TCPKeepAlive .
512The client alive messages are sent through the encrypted channel
513and therefore will not be spoofable.
514The TCP keepalive option enabled by
515.Cm TCPKeepAlive
516is spoofable.
517The client alive mechanism is valuable when the client or
518server depend on knowing when a connection has become inactive.
519.Pp
520The default value is 3.
521If
522.Cm ClientAliveInterval
523is set to 15, and
524.Cm ClientAliveCountMax
525is left at the default, unresponsive SSH clients
526will be disconnected after approximately 45 seconds.
527.It Cm ClientAliveInterval
528Sets a timeout interval in seconds after which if no data has been received
529from the client,
530.Xr sshd 8
531will send a message through the encrypted
532channel to request a response from the client.
533The default
534is 0, indicating that these messages will not be sent to the client.
535.It Cm Compression
536Specifies whether compression is enabled after
537the user has authenticated successfully.
538The argument must be
539.Cm yes ,
540.Cm delayed
541(a legacy synonym for
542.Cm yes )
543or
544.Cm no .
545The default is
546.Cm yes .
547.It Cm DenyGroups
548This keyword can be followed by a list of group name patterns, separated
549by spaces.
550Login is disallowed for users whose primary group or supplementary
551group list matches one of the patterns.
552Only group names are valid; a numerical group ID is not recognized.
553By default, login is allowed for all groups.
554The allow/deny directives are processed in the following order:
555.Cm DenyUsers ,
556.Cm AllowUsers ,
557.Cm DenyGroups ,
558and finally
559.Cm AllowGroups .
560.Pp
561See PATTERNS in
562.Xr ssh_config 5
563for more information on patterns.
564.It Cm DenyUsers
565This keyword can be followed by a list of user name patterns, separated
566by spaces.
567Login is disallowed for user names that match one of the patterns.
568Only user names are valid; a numerical user ID is not recognized.
569By default, login is allowed for all users.
570If the pattern takes the form USER@HOST then USER and HOST
571are separately checked, restricting logins to particular
572users from particular hosts.
573HOST criteria may additionally contain addresses to match in CIDR
574address/masklen format.
575The allow/deny directives are processed in the following order:
576.Cm DenyUsers ,
577.Cm AllowUsers ,
578.Cm DenyGroups ,
579and finally
580.Cm AllowGroups .
581.Pp
582See PATTERNS in
583.Xr ssh_config 5
584for more information on patterns.
585.It Cm DisableForwarding
586Disables all forwarding features, including X11,
587.Xr ssh-agent 1 ,
588TCP and StreamLocal.
589This option overrides all other forwarding-related options and may
590simplify restricted configurations.
591.It Cm ExposeAuthInfo
592Writes a temporary file containing a list of authentication methods and
593public credentials (e.g. keys) used to authenticate the user.
594The location of the file is exposed to the user session through the
595.Ev SSH_USER_AUTH
596environment variable.
597The default is
598.Cm no .
599.It Cm FingerprintHash
600Specifies the hash algorithm used when logging key fingerprints.
601Valid options are:
602.Cm md5
603and
604.Cm sha256 .
605The default is
606.Cm sha256 .
607.It Cm ForceCommand
608Forces the execution of the command specified by
609.Cm ForceCommand ,
610ignoring any command supplied by the client and
611.Pa ~/.ssh/rc
612if present.
613The command is invoked by using the user's login shell with the -c option.
614This applies to shell, command, or subsystem execution.
615It is most useful inside a
616.Cm Match
617block.
618The command originally supplied by the client is available in the
619.Ev SSH_ORIGINAL_COMMAND
620environment variable.
621Specifying a command of
622.Cm internal-sftp
623will force the use of an in-process SFTP server that requires no support
624files when used with
625.Cm ChrootDirectory .
626The default is
627.Cm none .
628.It Cm GatewayPorts
629Specifies whether remote hosts are allowed to connect to ports
630forwarded for the client.
631By default,
632.Xr sshd 8
633binds remote port forwardings to the loopback address.
634This prevents other remote hosts from connecting to forwarded ports.
635.Cm GatewayPorts
636can be used to specify that sshd
637should allow remote port forwardings to bind to non-loopback addresses, thus
638allowing other hosts to connect.
639The argument may be
640.Cm no
641to force remote port forwardings to be available to the local host only,
642.Cm yes
643to force remote port forwardings to bind to the wildcard address, or
644.Cm clientspecified
645to allow the client to select the address to which the forwarding is bound.
646The default is
647.Cm no .
648.It Cm GSSAPIAuthentication
649Specifies whether user authentication based on GSSAPI is allowed.
650The default is
651.Cm no .
652.It Cm GSSAPICleanupCredentials
653Specifies whether to automatically destroy the user's credentials cache
654on logout.
655The default is
656.Cm yes .
657.It Cm GSSAPIStrictAcceptorCheck
658Determines whether to be strict about the identity of the GSSAPI acceptor
659a client authenticates against.
660If set to
661.Cm yes
662then the client must authenticate against the host
663service on the current hostname.
664If set to
665.Cm no
666then the client may authenticate against any service key stored in the
667machine's default store.
668This facility is provided to assist with operation on multi homed machines.
669The default is
670.Cm yes .
671.It Cm HostbasedAcceptedKeyTypes
672Specifies the key types that will be accepted for hostbased authentication
673as a list of comma-separated patterns.
674Alternately if the specified value begins with a
675.Sq +
676character, then the specified key types will be appended to the default set
677instead of replacing them.
678If the specified value begins with a
679.Sq -
680character, then the specified key types (including wildcards) will be removed
681from the default set instead of replacing them.
682The default for this option is:
683.Bd -literal -offset 3n
684ecdsa-sha2-nistp256-cert-v01@openssh.com,
685ecdsa-sha2-nistp384-cert-v01@openssh.com,
686ecdsa-sha2-nistp521-cert-v01@openssh.com,
687ssh-ed25519-cert-v01@openssh.com,
688rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
689ssh-rsa-cert-v01@openssh.com,
690ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
691ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
692.Ed
693.Pp
694The list of available key types may also be obtained using
695.Qq ssh -Q key .
696.It Cm HostbasedAuthentication
697Specifies whether rhosts or /etc/hosts.equiv authentication together
698with successful public key client host authentication is allowed
699(host-based authentication).
700The default is
701.Cm no .
702.It Cm HostbasedUsesNameFromPacketOnly
703Specifies whether or not the server will attempt to perform a reverse
704name lookup when matching the name in the
705.Pa ~/.shosts ,
706.Pa ~/.rhosts ,
707and
708.Pa /etc/hosts.equiv
709files during
710.Cm HostbasedAuthentication .
711A setting of
712.Cm yes
713means that
714.Xr sshd 8
715uses the name supplied by the client rather than
716attempting to resolve the name from the TCP connection itself.
717The default is
718.Cm no .
719.It Cm HostCertificate
720Specifies a file containing a public host certificate.
721The certificate's public key must match a private host key already specified
722by
723.Cm HostKey .
724The default behaviour of
725.Xr sshd 8
726is not to load any certificates.
727.It Cm HostKey
728Specifies a file containing a private host key
729used by SSH.
730The defaults are
731.Pa /etc/ssh/ssh_host_ecdsa_key ,
732.Pa /etc/ssh/ssh_host_ed25519_key
733and
734.Pa /etc/ssh/ssh_host_rsa_key .
735.Pp
736Note that
737.Xr sshd 8
738will refuse to use a file if it is group/world-accessible
739and that the
740.Cm HostKeyAlgorithms
741option restricts which of the keys are actually used by
742.Xr sshd 8 .
743.Pp
744It is possible to have multiple host key files.
745It is also possible to specify public host key files instead.
746In this case operations on the private key will be delegated
747to an
748.Xr ssh-agent 1 .
749.It Cm HostKeyAgent
750Identifies the UNIX-domain socket used to communicate
751with an agent that has access to the private host keys.
752If the string
753.Qq SSH_AUTH_SOCK
754is specified, the location of the socket will be read from the
755.Ev SSH_AUTH_SOCK
756environment variable.
757.It Cm HostKeyAlgorithms
758Specifies the host key algorithms
759that the server offers.
760The default for this option is:
761.Bd -literal -offset 3n
762ecdsa-sha2-nistp256-cert-v01@openssh.com,
763ecdsa-sha2-nistp384-cert-v01@openssh.com,
764ecdsa-sha2-nistp521-cert-v01@openssh.com,
765ssh-ed25519-cert-v01@openssh.com,
766rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
767ssh-rsa-cert-v01@openssh.com,
768ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
769ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
770.Ed
771.Pp
772The list of available key types may also be obtained using
773.Qq ssh -Q key .
774.It Cm IgnoreRhosts
775Specifies that
776.Pa .rhosts
777and
778.Pa .shosts
779files will not be used in
780.Cm HostbasedAuthentication .
781.Pp
782.Pa /etc/hosts.equiv
783and
784.Pa /etc/ssh/shosts.equiv
785are still used.
786The default is
787.Cm yes .
788.It Cm IgnoreUserKnownHosts
789Specifies whether
790.Xr sshd 8
791should ignore the user's
792.Pa ~/.ssh/known_hosts
793during
794.Cm HostbasedAuthentication
795and use only the system-wide known hosts file
796.Pa /etc/ssh/known_hosts .
797The default is
798.Cm no .
799.It Cm IPQoS
800Specifies the IPv4 type-of-service or DSCP class for the connection.
801Accepted values are
802.Cm af11 ,
803.Cm af12 ,
804.Cm af13 ,
805.Cm af21 ,
806.Cm af22 ,
807.Cm af23 ,
808.Cm af31 ,
809.Cm af32 ,
810.Cm af33 ,
811.Cm af41 ,
812.Cm af42 ,
813.Cm af43 ,
814.Cm cs0 ,
815.Cm cs1 ,
816.Cm cs2 ,
817.Cm cs3 ,
818.Cm cs4 ,
819.Cm cs5 ,
820.Cm cs6 ,
821.Cm cs7 ,
822.Cm ef ,
823.Cm lowdelay ,
824.Cm throughput ,
825.Cm reliability ,
826a numeric value, or
827.Cm none
828to use the operating system default.
829This option may take one or two arguments, separated by whitespace.
830If one argument is specified, it is used as the packet class unconditionally.
831If two values are specified, the first is automatically selected for
832interactive sessions and the second for non-interactive sessions.
833The default is
834.Cm af21
835(Low-Latency Data)
836for interactive sessions and
837.Cm cs1
838(Lower Effort)
839for non-interactive sessions.
840.It Cm KbdInteractiveAuthentication
841Specifies whether to allow keyboard-interactive authentication.
842The argument to this keyword must be
843.Cm yes
844or
845.Cm no .
846The default is to use whatever value
847.Cm ChallengeResponseAuthentication
848is set to
849(by default
850.Cm yes ) .
851.It Cm KerberosAuthentication
852Specifies whether the password provided by the user for
853.Cm PasswordAuthentication
854will be validated through the Kerberos KDC.
855To use this option, the server needs a
856Kerberos servtab which allows the verification of the KDC's identity.
857The default is
858.Cm no .
859.It Cm KerberosGetAFSToken
860If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire
861an AFS token before accessing the user's home directory.
862The default is
863.Cm no .
864.It Cm KerberosOrLocalPasswd
865If password authentication through Kerberos fails then
866the password will be validated via any additional local mechanism
867such as
868.Pa /etc/passwd .
869The default is
870.Cm yes .
871.It Cm KerberosTicketCleanup
872Specifies whether to automatically destroy the user's ticket cache
873file on logout.
874The default is
875.Cm yes .
876.It Cm KexAlgorithms
877Specifies the available KEX (Key Exchange) algorithms.
878Multiple algorithms must be comma-separated.
879Alternately if the specified value begins with a
880.Sq +
881character, then the specified methods will be appended to the default set
882instead of replacing them.
883If the specified value begins with a
884.Sq -
885character, then the specified methods (including wildcards) will be removed
886from the default set instead of replacing them.
887The supported algorithms are:
888.Pp
889.Bl -item -compact -offset indent
890.It
891curve25519-sha256
892.It
893curve25519-sha256@libssh.org
894.It
895diffie-hellman-group1-sha1
896.It
897diffie-hellman-group14-sha1
898.It
899diffie-hellman-group14-sha256
900.It
901diffie-hellman-group16-sha512
902.It
903diffie-hellman-group18-sha512
904.It
905diffie-hellman-group-exchange-sha1
906.It
907diffie-hellman-group-exchange-sha256
908.It
909ecdh-sha2-nistp256
910.It
911ecdh-sha2-nistp384
912.It
913ecdh-sha2-nistp521
914.El
915.Pp
916The default is:
917.Bd -literal -offset indent
918curve25519-sha256,curve25519-sha256@libssh.org,
919ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
920diffie-hellman-group-exchange-sha256,
921diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
922diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
923.Ed
924.Pp
925The list of available key exchange algorithms may also be obtained using
926.Qq ssh -Q kex .
927.It Cm ListenAddress
928Specifies the local addresses
929.Xr sshd 8
930should listen on.
931The following forms may be used:
932.Pp
933.Bl -item -offset indent -compact
934.It
935.Cm ListenAddress
936.Sm off
937.Ar hostname | address
938.Sm on
939.Op Cm rdomain Ar domain
940.It
941.Cm ListenAddress
942.Sm off
943.Ar hostname : port
944.Sm on
945.Op Cm rdomain Ar domain
946.It
947.Cm ListenAddress
948.Sm off
949.Ar IPv4_address : port
950.Sm on
951.Op Cm rdomain Ar domain
952.It
953.Cm ListenAddress
954.Sm off
955.Oo Ar hostname | address Oc : Ar port
956.Sm on
957.Op Cm rdomain Ar domain
958.El
959.Pp
960The optional
961.Cm rdomain
962qualifier requests
963.Xr sshd 8
964listen in an explicit routing domain.
965If
966.Ar port
967is not specified,
968sshd will listen on the address and all
969.Cm Port
970options specified.
971The default is to listen on all local addresses on the current default
972routing domain.
973Multiple
974.Cm ListenAddress
975options are permitted.
976For more information on routing domains, see
977.Xr rdomain 4 .
978.It Cm LoginGraceTime
979The server disconnects after this time if the user has not
980successfully logged in.
981If the value is 0, there is no time limit.
982The default is 120 seconds.
983.It Cm LogLevel
984Gives the verbosity level that is used when logging messages from
985.Xr sshd 8 .
986The possible values are:
987QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
988The default is INFO.
989DEBUG and DEBUG1 are equivalent.
990DEBUG2 and DEBUG3 each specify higher levels of debugging output.
991Logging with a DEBUG level violates the privacy of users and is not recommended.
992.It Cm MACs
993Specifies the available MAC (message authentication code) algorithms.
994The MAC algorithm is used for data integrity protection.
995Multiple algorithms must be comma-separated.
996If the specified value begins with a
997.Sq +
998character, then the specified algorithms will be appended to the default set
999instead of replacing them.
1000If the specified value begins with a
1001.Sq -
1002character, then the specified algorithms (including wildcards) will be removed
1003from the default set instead of replacing them.
1004.Pp
1005The algorithms that contain
1006.Qq -etm
1007calculate the MAC after encryption (encrypt-then-mac).
1008These are considered safer and their use recommended.
1009The supported MACs are:
1010.Pp
1011.Bl -item -compact -offset indent
1012.It
1013hmac-md5
1014.It
1015hmac-md5-96
1016.It
1017hmac-sha1
1018.It
1019hmac-sha1-96
1020.It
1021hmac-sha2-256
1022.It
1023hmac-sha2-512
1024.It
1025umac-64@openssh.com
1026.It
1027umac-128@openssh.com
1028.It
1029hmac-md5-etm@openssh.com
1030.It
1031hmac-md5-96-etm@openssh.com
1032.It
1033hmac-sha1-etm@openssh.com
1034.It
1035hmac-sha1-96-etm@openssh.com
1036.It
1037hmac-sha2-256-etm@openssh.com
1038.It
1039hmac-sha2-512-etm@openssh.com
1040.It
1041umac-64-etm@openssh.com
1042.It
1043umac-128-etm@openssh.com
1044.El
1045.Pp
1046The default is:
1047.Bd -literal -offset indent
1048umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1049hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1050hmac-sha1-etm@openssh.com,
1051umac-64@openssh.com,umac-128@openssh.com,
1052hmac-sha2-256,hmac-sha2-512,hmac-sha1
1053.Ed
1054.Pp
1055The list of available MAC algorithms may also be obtained using
1056.Qq ssh -Q mac .
1057.It Cm Match
1058Introduces a conditional block.
1059If all of the criteria on the
1060.Cm Match
1061line are satisfied, the keywords on the following lines override those
1062set in the global section of the config file, until either another
1063.Cm Match
1064line or the end of the file.
1065If a keyword appears in multiple
1066.Cm Match
1067blocks that are satisfied, only the first instance of the keyword is
1068applied.
1069.Pp
1070The arguments to
1071.Cm Match
1072are one or more criteria-pattern pairs or the single token
1073.Cm All
1074which matches all criteria.
1075The available criteria are
1076.Cm User ,
1077.Cm Group ,
1078.Cm Host ,
1079.Cm LocalAddress ,
1080.Cm LocalPort ,
1081.Cm RDomain ,
1082and
1083.Cm Address
1084(with
1085.Cm RDomain
1086representing the
1087.Xr rdomain 4
1088on which the connection was received.)
1089.Pp
1090The match patterns may consist of single entries or comma-separated
1091lists and may use the wildcard and negation operators described in the
1092.Sx PATTERNS
1093section of
1094.Xr ssh_config 5 .
1095.Pp
1096The patterns in an
1097.Cm Address
1098criteria may additionally contain addresses to match in CIDR
1099address/masklen format,
1100such as 192.0.2.0/24 or 2001:db8::/32.
1101Note that the mask length provided must be consistent with the address -
1102it is an error to specify a mask length that is too long for the address
1103or one with bits set in this host portion of the address.
1104For example, 192.0.2.0/33 and 192.0.2.0/8, respectively.
1105.Pp
1106Only a subset of keywords may be used on the lines following a
1107.Cm Match
1108keyword.
1109Available keywords are
1110.Cm AcceptEnv ,
1111.Cm AllowAgentForwarding ,
1112.Cm AllowGroups ,
1113.Cm AllowStreamLocalForwarding ,
1114.Cm AllowTcpForwarding ,
1115.Cm AllowUsers ,
1116.Cm AuthenticationMethods ,
1117.Cm AuthorizedKeysCommand ,
1118.Cm AuthorizedKeysCommandUser ,
1119.Cm AuthorizedKeysFile ,
1120.Cm AuthorizedPrincipalsCommand ,
1121.Cm AuthorizedPrincipalsCommandUser ,
1122.Cm AuthorizedPrincipalsFile ,
1123.Cm Banner ,
1124.Cm ChrootDirectory ,
1125.Cm ClientAliveCountMax ,
1126.Cm ClientAliveInterval ,
1127.Cm DenyGroups ,
1128.Cm DenyUsers ,
1129.Cm ForceCommand ,
1130.Cm GatewayPorts ,
1131.Cm GSSAPIAuthentication ,
1132.Cm HostbasedAcceptedKeyTypes ,
1133.Cm HostbasedAuthentication ,
1134.Cm HostbasedUsesNameFromPacketOnly ,
1135.Cm IPQoS ,
1136.Cm KbdInteractiveAuthentication ,
1137.Cm KerberosAuthentication ,
1138.Cm LogLevel ,
1139.Cm MaxAuthTries ,
1140.Cm MaxSessions ,
1141.Cm PasswordAuthentication ,
1142.Cm PermitEmptyPasswords ,
1143.Cm PermitListen ,
1144.Cm PermitOpen ,
1145.Cm PermitRootLogin ,
1146.Cm PermitTTY ,
1147.Cm PermitTunnel ,
1148.Cm PermitUserRC ,
1149.Cm PubkeyAcceptedKeyTypes ,
1150.Cm PubkeyAuthentication ,
1151.Cm RekeyLimit ,
1152.Cm RevokedKeys ,
1153.Cm RDomain ,
1154.Cm SetEnv ,
1155.Cm StreamLocalBindMask ,
1156.Cm StreamLocalBindUnlink ,
1157.Cm TrustedUserCAKeys ,
1158.Cm X11DisplayOffset ,
1159.Cm X11Forwarding
1160and
1161.Cm X11UseLocalHost .
1162.It Cm MaxAuthTries
1163Specifies the maximum number of authentication attempts permitted per
1164connection.
1165Once the number of failures reaches half this value,
1166additional failures are logged.
1167The default is 6.
1168.It Cm MaxSessions
1169Specifies the maximum number of open shell, login or subsystem (e.g. sftp)
1170sessions permitted per network connection.
1171Multiple sessions may be established by clients that support connection
1172multiplexing.
1173Setting
1174.Cm MaxSessions
1175to 1 will effectively disable session multiplexing, whereas setting it to 0
1176will prevent all shell, login and subsystem sessions while still permitting
1177forwarding.
1178The default is 10.
1179.It Cm MaxStartups
1180Specifies the maximum number of concurrent unauthenticated connections to the
1181SSH daemon.
1182Additional connections will be dropped until authentication succeeds or the
1183.Cm LoginGraceTime
1184expires for a connection.
1185The default is 10:30:100.
1186.Pp
1187Alternatively, random early drop can be enabled by specifying
1188the three colon separated values
1189start:rate:full (e.g. "10:30:60").
1190.Xr sshd 8
1191will refuse connection attempts with a probability of rate/100 (30%)
1192if there are currently start (10) unauthenticated connections.
1193The probability increases linearly and all connection attempts
1194are refused if the number of unauthenticated connections reaches full (60).
1195.It Cm PasswordAuthentication
1196Specifies whether password authentication is allowed.
1197See also
1198.Cm UsePAM .
1199The default is
1200.Cm no .
1201.It Cm PermitEmptyPasswords
1202When password authentication is allowed, it specifies whether the
1203server allows login to accounts with empty password strings.
1204The default is
1205.Cm no .
1206.It Cm PermitListen
1207Specifies the addresses/ports on which a remote TCP port forwarding may listen.
1208The listen specification must be one of the following forms:
1209.Pp
1210.Bl -item -offset indent -compact
1211.It
1212.Cm PermitListen
1213.Sm off
1214.Ar port
1215.Sm on
1216.It
1217.Cm PermitListen
1218.Sm off
1219.Ar host : port
1220.Sm on
1221.El
1222.Pp
1223Multiple permissions may be specified by separating them with whitespace.
1224An argument of
1225.Cm any
1226can be used to remove all restrictions and permit any listen requests.
1227An argument of
1228.Cm none
1229can be used to prohibit all listen requests.
1230The host name may contain wildcards as described in the PATTERNS section in
1231.Xr ssh_config 5 .
1232The wildcard
1233.Sq *
1234can also be used in place of a port number to allow all ports.
1235By default all port forwarding listen requests are permitted.
1236Note that the
1237.Cm GatewayPorts
1238option may further restrict which addresses may be listened on.
1239Note also that
1240.Xr ssh 1
1241will request a listen host of
1242.Dq localhost
1243if no listen host was specifically requested, and this this name is
1244treated differently to explicit localhost addresses of
1245.Dq 127.0.0.1
1246and
1247.Dq ::1 .
1248.It Cm PermitOpen
1249Specifies the destinations to which TCP port forwarding is permitted.
1250The forwarding specification must be one of the following forms:
1251.Pp
1252.Bl -item -offset indent -compact
1253.It
1254.Cm PermitOpen
1255.Sm off
1256.Ar host : port
1257.Sm on
1258.It
1259.Cm PermitOpen
1260.Sm off
1261.Ar IPv4_addr : port
1262.Sm on
1263.It
1264.Cm PermitOpen
1265.Sm off
1266.Ar \&[ IPv6_addr \&] : port
1267.Sm on
1268.El
1269.Pp
1270Multiple forwards may be specified by separating them with whitespace.
1271An argument of
1272.Cm any
1273can be used to remove all restrictions and permit any forwarding requests.
1274An argument of
1275.Cm none
1276can be used to prohibit all forwarding requests.
1277The wildcard
1278.Sq *
1279can be used for host or port to allow all hosts or ports, respectively.
1280By default all port forwarding requests are permitted.
1281.It Cm PermitRootLogin
1282Specifies whether root can log in using
1283.Xr ssh 1 .
1284The argument must be
1285.Cm yes ,
1286.Cm prohibit-password ,
1287.Cm forced-commands-only ,
1288or
1289.Cm no .
1290The default is
1291.Cm no .
1292Note that if
1293.Cm ChallengeResponseAuthentication
1294and
1295.Cm UsePAM
1296are both
1297.Cm yes ,
1298this setting may be overridden by the PAM policy.
1299.Pp
1300If this option is set to
1301.Cm prohibit-password
1302(or its deprecated alias,
1303.Cm without-password ) ,
1304password and keyboard-interactive authentication are disabled for root.
1305.Pp
1306If this option is set to
1307.Cm forced-commands-only ,
1308root login with public key authentication will be allowed,
1309but only if the
1310.Ar command
1311option has been specified
1312(which may be useful for taking remote backups even if root login is
1313normally not allowed).
1314All other authentication methods are disabled for root.
1315.Pp
1316If this option is set to
1317.Cm no ,
1318root is not allowed to log in.
1319.It Cm PermitTTY
1320Specifies whether
1321.Xr pty 4
1322allocation is permitted.
1323The default is
1324.Cm yes .
1325.It Cm PermitTunnel
1326Specifies whether
1327.Xr tun 4
1328device forwarding is allowed.
1329The argument must be
1330.Cm yes ,
1331.Cm point-to-point
1332(layer 3),
1333.Cm ethernet
1334(layer 2), or
1335.Cm no .
1336Specifying
1337.Cm yes
1338permits both
1339.Cm point-to-point
1340and
1341.Cm ethernet .
1342The default is
1343.Cm no .
1344.Pp
1345Independent of this setting, the permissions of the selected
1346.Xr tun 4
1347device must allow access to the user.
1348.It Cm PermitUserEnvironment
1349Specifies whether
1350.Pa ~/.ssh/environment
1351and
1352.Cm environment=
1353options in
1354.Pa ~/.ssh/authorized_keys
1355are processed by
1356.Xr sshd 8 .
1357Valid options are
1358.Cm yes ,
1359.Cm no
1360or a pattern-list specifying which environment variable names to accept
1361(for example
1362.Qq LANG,LC_* ) .
1363The default is
1364.Cm no .
1365Enabling environment processing may enable users to bypass access
1366restrictions in some configurations using mechanisms such as
1367.Ev LD_PRELOAD .
1368.It Cm PermitUserRC
1369Specifies whether any
1370.Pa ~/.ssh/rc
1371file is executed.
1372The default is
1373.Cm yes .
1374.It Cm PidFile
1375Specifies the file that contains the process ID of the
1376SSH daemon, or
1377.Cm none
1378to not write one.
1379The default is
1380.Pa /var/run/sshd.pid .
1381.It Cm Port
1382Specifies the port number that
1383.Xr sshd 8
1384listens on.
1385The default is 22.
1386Multiple options of this type are permitted.
1387See also
1388.Cm ListenAddress .
1389.It Cm PrintLastLog
1390Specifies whether
1391.Xr sshd 8
1392should print the date and time of the last user login when a user logs
1393in interactively.
1394The default is
1395.Cm yes .
1396.It Cm PrintMotd
1397Specifies whether
1398.Xr sshd 8
1399should print
1400.Pa /etc/motd
1401when a user logs in interactively.
1402(On some systems it is also printed by the shell,
1403.Pa /etc/profile ,
1404or equivalent.)
1405The default is
1406.Cm yes .
1407.It Cm PubkeyAcceptedKeyTypes
1408Specifies the key types that will be accepted for public key authentication
1409as a list of comma-separated patterns.
1410Alternately if the specified value begins with a
1411.Sq +
1412character, then the specified key types will be appended to the default set
1413instead of replacing them.
1414If the specified value begins with a
1415.Sq -
1416character, then the specified key types (including wildcards) will be removed
1417from the default set instead of replacing them.
1418The default for this option is:
1419.Bd -literal -offset 3n
1420ecdsa-sha2-nistp256-cert-v01@openssh.com,
1421ecdsa-sha2-nistp384-cert-v01@openssh.com,
1422ecdsa-sha2-nistp521-cert-v01@openssh.com,
1423ssh-ed25519-cert-v01@openssh.com,
1424rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
1425ssh-rsa-cert-v01@openssh.com,
1426ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1427ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
1428.Ed
1429.Pp
1430The list of available key types may also be obtained using
1431.Qq ssh -Q key .
1432.It Cm PubkeyAuthentication
1433Specifies whether public key authentication is allowed.
1434The default is
1435.Cm yes .
1436.It Cm RekeyLimit
1437Specifies the maximum amount of data that may be transmitted before the
1438session key is renegotiated, optionally followed a maximum amount of
1439time that may pass before the session key is renegotiated.
1440The first argument is specified in bytes and may have a suffix of
1441.Sq K ,
1442.Sq M ,
1443or
1444.Sq G
1445to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
1446The default is between
1447.Sq 1G
1448and
1449.Sq 4G ,
1450depending on the cipher.
1451The optional second value is specified in seconds and may use any of the
1452units documented in the
1453.Sx TIME FORMATS
1454section.
1455The default value for
1456.Cm RekeyLimit
1457is
1458.Cm default none ,
1459which means that rekeying is performed after the cipher's default amount
1460of data has been sent or received and no time based rekeying is done.
1461.It Cm RevokedKeys
1462Specifies revoked public keys file, or
1463.Cm none
1464to not use one.
1465Keys listed in this file will be refused for public key authentication.
1466Note that if this file is not readable, then public key authentication will
1467be refused for all users.
1468Keys may be specified as a text file, listing one public key per line, or as
1469an OpenSSH Key Revocation List (KRL) as generated by
1470.Xr ssh-keygen 1 .
1471For more information on KRLs, see the KEY REVOCATION LISTS section in
1472.Xr ssh-keygen 1 .
1473.It Cm RDomain
1474Specifies an explicit routing domain that is applied after authentication
1475has completed.
1476The user session, as well and any forwarded or listening IP sockets,
1477will be bound to this
1478.Xr rdomain 4 .
1479If the routing domain is set to
1480.Cm \&%D ,
1481then the domain in which the incoming connection was received will be applied.
1482.It Cm SetEnv
1483Specifies one or more environment variables to set in child sessions started
1484by
1485.Xr sshd 8
1486as
1487.Dq NAME=VALUE .
1488The environment value may be quoted (e.g. if it contains whitespace
1489characters).
1490Environment variables set by
1491.Cm SetEnv
1492override the default environment and any variables specified by the user
1493via
1494.Cm AcceptEnv
1495or
1496.Cm PermitUserEnvironment .
1497.It Cm StreamLocalBindMask
1498Sets the octal file creation mode mask
1499.Pq umask
1500used when creating a Unix-domain socket file for local or remote
1501port forwarding.
1502This option is only used for port forwarding to a Unix-domain socket file.
1503.Pp
1504The default value is 0177, which creates a Unix-domain socket file that is
1505readable and writable only by the owner.
1506Note that not all operating systems honor the file mode on Unix-domain
1507socket files.
1508.It Cm StreamLocalBindUnlink
1509Specifies whether to remove an existing Unix-domain socket file for local
1510or remote port forwarding before creating a new one.
1511If the socket file already exists and
1512.Cm StreamLocalBindUnlink
1513is not enabled,
1514.Nm sshd
1515will be unable to forward the port to the Unix-domain socket file.
1516This option is only used for port forwarding to a Unix-domain socket file.
1517.Pp
1518The argument must be
1519.Cm yes
1520or
1521.Cm no .
1522The default is
1523.Cm no .
1524.It Cm StrictModes
1525Specifies whether
1526.Xr sshd 8
1527should check file modes and ownership of the
1528user's files and home directory before accepting login.
1529This is normally desirable because novices sometimes accidentally leave their
1530directory or files world-writable.
1531The default is
1532.Cm yes .
1533Note that this does not apply to
1534.Cm ChrootDirectory ,
1535whose permissions and ownership are checked unconditionally.
1536.It Cm Subsystem
1537Configures an external subsystem (e.g. file transfer daemon).
1538Arguments should be a subsystem name and a command (with optional arguments)
1539to execute upon subsystem request.
1540.Pp
1541The command
1542.Cm sftp-server
1543implements the SFTP file transfer subsystem.
1544.Pp
1545Alternately the name
1546.Cm internal-sftp
1547implements an in-process SFTP server.
1548This may simplify configurations using
1549.Cm ChrootDirectory
1550to force a different filesystem root on clients.
1551.Pp
1552By default no subsystems are defined.
1553.It Cm SyslogFacility
1554Gives the facility code that is used when logging messages from
1555.Xr sshd 8 .
1556The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
1557LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
1558The default is AUTH.
1559.It Cm TCPKeepAlive
1560Specifies whether the system should send TCP keepalive messages to the
1561other side.
1562If they are sent, death of the connection or crash of one
1563of the machines will be properly noticed.
1564However, this means that
1565connections will die if the route is down temporarily, and some people
1566find it annoying.
1567On the other hand, if TCP keepalives are not sent,
1568sessions may hang indefinitely on the server, leaving
1569.Qq ghost
1570users and consuming server resources.
1571.Pp
1572The default is
1573.Cm yes
1574(to send TCP keepalive messages), and the server will notice
1575if the network goes down or the client host crashes.
1576This avoids infinitely hanging sessions.
1577.Pp
1578To disable TCP keepalive messages, the value should be set to
1579.Cm no .
1580.It Cm TrustedUserCAKeys
1581Specifies a file containing public keys of certificate authorities that are
1582trusted to sign user certificates for authentication, or
1583.Cm none
1584to not use one.
1585Keys are listed one per line; empty lines and comments starting with
1586.Ql #
1587are allowed.
1588If a certificate is presented for authentication and has its signing CA key
1589listed in this file, then it may be used for authentication for any user
1590listed in the certificate's principals list.
1591Note that certificates that lack a list of principals will not be permitted
1592for authentication using
1593.Cm TrustedUserCAKeys .
1594For more details on certificates, see the CERTIFICATES section in
1595.Xr ssh-keygen 1 .
1596.It Cm UseBlacklist
1597Specifies whether
1598.Xr sshd 8
1599attempts to send authentication success and failure messages
1600to the
1601.Xr blacklistd 8
1602daemon.
1603The default is
1604.Cm no .
1605For forward compatibility with an upcoming
1606.Xr blacklistd
1607rename, the
1608.Cm UseBlocklist
1609alias can be used instead.
1610.It Cm UseDNS
1611Specifies whether
1612.Xr sshd 8
1613should look up the remote host name, and to check that
1614the resolved host name for the remote IP address maps back to the
1615very same IP address.
1616.Pp
1617If this option is set to
1618.Cm no ,
1619then only addresses and not host names may be used in
1620.Pa ~/.ssh/authorized_keys
1621.Cm from
1622and
1623.Nm
1624.Cm Match
1625.Cm Host
1626directives.
1627The default is
1628.Dq yes .
1629.It Cm UsePAM
1630Enables the Pluggable Authentication Module interface.
1631If set to
1632.Cm yes
1633this will enable PAM authentication using
1634.Cm ChallengeResponseAuthentication
1635and
1636.Cm PasswordAuthentication
1637in addition to PAM account and session module processing for all
1638authentication types.
1639.Pp
1640Because PAM challenge-response authentication usually serves an equivalent
1641role to password authentication, you should disable either
1642.Cm PasswordAuthentication
1643or
1644.Cm ChallengeResponseAuthentication.
1645.Pp
1646If
1647.Cm UsePAM
1648is enabled, you will not be able to run
1649.Xr sshd 8
1650as a non-root user.
1651The default is
1652.Cm yes .
1653.It Cm VersionAddendum
1654Optionally specifies additional text to append to the SSH protocol banner
1655sent by the server upon connection.
1656The default is
1657.Qq FreeBSD-20180909 .
1658The value
1659.Cm none
1660may be used to disable this.
1661.It Cm X11DisplayOffset
1662Specifies the first display number available for
1663.Xr sshd 8 Ns 's
1664X11 forwarding.
1665This prevents sshd from interfering with real X11 servers.
1666The default is 10.
1667.It Cm X11Forwarding
1668Specifies whether X11 forwarding is permitted.
1669The argument must be
1670.Cm yes
1671or
1672.Cm no .
1673The default is
1674.Cm yes .
1675.Pp
1676When X11 forwarding is enabled, there may be additional exposure to
1677the server and to client displays if the
1678.Xr sshd 8
1679proxy display is configured to listen on the wildcard address (see
1680.Cm X11UseLocalhost ) ,
1681though this is not the default.
1682Additionally, the authentication spoofing and authentication data
1683verification and substitution occur on the client side.
1684The security risk of using X11 forwarding is that the client's X11
1685display server may be exposed to attack when the SSH client requests
1686forwarding (see the warnings for
1687.Cm ForwardX11
1688in
1689.Xr ssh_config 5 ) .
1690A system administrator may have a stance in which they want to
1691protect clients that may expose themselves to attack by unwittingly
1692requesting X11 forwarding, which can warrant a
1693.Cm no
1694setting.
1695.Pp
1696Note that disabling X11 forwarding does not prevent users from
1697forwarding X11 traffic, as users can always install their own forwarders.
1698.It Cm X11UseLocalhost
1699Specifies whether
1700.Xr sshd 8
1701should bind the X11 forwarding server to the loopback address or to
1702the wildcard address.
1703By default,
1704sshd binds the forwarding server to the loopback address and sets the
1705hostname part of the
1706.Ev DISPLAY
1707environment variable to
1708.Cm localhost .
1709This prevents remote hosts from connecting to the proxy display.
1710However, some older X11 clients may not function with this
1711configuration.
1712.Cm X11UseLocalhost
1713may be set to
1714.Cm no
1715to specify that the forwarding server should be bound to the wildcard
1716address.
1717The argument must be
1718.Cm yes
1719or
1720.Cm no .
1721The default is
1722.Cm yes .
1723.It Cm XAuthLocation
1724Specifies the full pathname of the
1725.Xr xauth 1
1726program, or
1727.Cm none
1728to not use one.
1729The default is
1730.Pa /usr/local/bin/xauth .
1731.El
1732.Sh TIME FORMATS
1733.Xr sshd 8
1734command-line arguments and configuration file options that specify time
1735may be expressed using a sequence of the form:
1736.Sm off
1737.Ar time Op Ar qualifier ,
1738.Sm on
1739where
1740.Ar time
1741is a positive integer value and
1742.Ar qualifier
1743is one of the following:
1744.Pp
1745.Bl -tag -width Ds -compact -offset indent
1746.It Aq Cm none
1747seconds
1748.It Cm s | Cm S
1749seconds
1750.It Cm m | Cm M
1751minutes
1752.It Cm h | Cm H
1753hours
1754.It Cm d | Cm D
1755days
1756.It Cm w | Cm W
1757weeks
1758.El
1759.Pp
1760Each member of the sequence is added together to calculate
1761the total time value.
1762.Pp
1763Time format examples:
1764.Pp
1765.Bl -tag -width Ds -compact -offset indent
1766.It 600
1767600 seconds (10 minutes)
1768.It 10m
176910 minutes
1770.It 1h30m
17711 hour 30 minutes (90 minutes)
1772.El
1773.Sh TOKENS
1774Arguments to some keywords can make use of tokens,
1775which are expanded at runtime:
1776.Pp
1777.Bl -tag -width XXXX -offset indent -compact
1778.It %%
1779A literal
1780.Sq % .
1781.It \&%D
1782The routing domain in which the incoming connection was received.
1783.It %F
1784The fingerprint of the CA key.
1785.It %f
1786The fingerprint of the key or certificate.
1787.It %h
1788The home directory of the user.
1789.It %i
1790The key ID in the certificate.
1791.It %K
1792The base64-encoded CA key.
1793.It %k
1794The base64-encoded key or certificate for authentication.
1795.It %s
1796The serial number of the certificate.
1797.It \&%T
1798The type of the CA key.
1799.It %t
1800The key or certificate type.
1801.It \&%U
1802The numeric user ID of the target user.
1803.It %u
1804The username.
1805.El
1806.Pp
1807.Cm AuthorizedKeysCommand
1808accepts the tokens %%, %f, %h, %k, %t, %U, and %u.
1809.Pp
1810.Cm AuthorizedKeysFile
1811accepts the tokens %%, %h, %U, and %u.
1812.Pp
1813.Cm AuthorizedPrincipalsCommand
1814accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, %U, and %u.
1815.Pp
1816.Cm AuthorizedPrincipalsFile
1817accepts the tokens %%, %h, %U, and %u.
1818.Pp
1819.Cm ChrootDirectory
1820accepts the tokens %%, %h, %U, and %u.
1821.Pp
1822.Cm RoutingDomain
1823accepts the token %D.
1824.Sh FILES
1825.Bl -tag -width Ds
1826.It Pa /etc/ssh/sshd_config
1827Contains configuration data for
1828.Xr sshd 8 .
1829This file should be writable by root only, but it is recommended
1830(though not necessary) that it be world-readable.
1831.El
1832.Sh SEE ALSO
1833.Xr sftp-server 8 ,
1834.Xr sshd 8
1835.Sh AUTHORS
1836.An -nosplit
1837OpenSSH is a derivative of the original and free
1838ssh 1.2.12 release by
1839.An Tatu Ylonen .
1840.An Aaron Campbell , Bob Beck , Markus Friedl , Niels Provos ,
1841.An Theo de Raadt
1842and
1843.An Dug Song
1844removed many bugs, re-added newer features and
1845created OpenSSH.
1846.An Markus Friedl
1847contributed the support for SSH protocol versions 1.5 and 2.0.
1848.An Niels Provos
1849and
1850.An Markus Friedl
1851contributed support for privilege separation.
1852