1.\" 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" All rights reserved 5.\" 6.\" As far as I am concerned, the code I have written for this software 7.\" can be used freely for any purpose. Any derived versions of this 8.\" software must be clearly marked as such, and if the derived work is 9.\" incompatible with the protocol description in the RFC file, it must be 10.\" called by a name other than "ssh" or "Secure Shell". 11.\" 12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 15.\" 16.\" Redistribution and use in source and binary forms, with or without 17.\" modification, are permitted provided that the following conditions 18.\" are met: 19.\" 1. Redistributions of source code must retain the above copyright 20.\" notice, this list of conditions and the following disclaimer. 21.\" 2. Redistributions in binary form must reproduce the above copyright 22.\" notice, this list of conditions and the following disclaimer in the 23.\" documentation and/or other materials provided with the distribution. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" $OpenBSD: sshd_config.5,v 1.135 2011/08/02 01:22:11 djm Exp $ 37.\" $FreeBSD$ 38.Dd August 2, 2011 39.Dt SSHD_CONFIG 5 40.Os 41.Sh NAME 42.Nm sshd_config 43.Nd OpenSSH SSH daemon configuration file 44.Sh SYNOPSIS 45.Nm /etc/ssh/sshd_config 46.Sh DESCRIPTION 47.Xr sshd 8 48reads configuration data from 49.Pa /etc/ssh/sshd_config 50(or the file specified with 51.Fl f 52on the command line). 53The file contains keyword-argument pairs, one per line. 54Lines starting with 55.Ql # 56and empty lines are interpreted as comments. 57Arguments may optionally be enclosed in double quotes 58.Pq \&" 59in order to represent arguments containing spaces. 60.Pp 61The possible 62keywords and their meanings are as follows (note that 63keywords are case-insensitive and arguments are case-sensitive): 64.Bl -tag -width Ds 65.It Cm AcceptEnv 66Specifies what environment variables sent by the client will be copied into 67the session's 68.Xr environ 7 . 69See 70.Cm SendEnv 71in 72.Xr ssh_config 5 73for how to configure the client. 74Note that environment passing is only supported for protocol 2. 75Variables are specified by name, which may contain the wildcard characters 76.Ql * 77and 78.Ql \&? . 79Multiple environment variables may be separated by whitespace or spread 80across multiple 81.Cm AcceptEnv 82directives. 83Be warned that some environment variables could be used to bypass restricted 84user environments. 85For this reason, care should be taken in the use of this directive. 86The default is not to accept any environment variables. 87.It Cm AddressFamily 88Specifies which address family should be used by 89.Xr sshd 8 . 90Valid arguments are 91.Dq any , 92.Dq inet 93(use IPv4 only), or 94.Dq inet6 95(use IPv6 only). 96The default is 97.Dq any . 98.It Cm AllowAgentForwarding 99Specifies whether 100.Xr ssh-agent 1 101forwarding is permitted. 102The default is 103.Dq yes . 104Note that disabling agent forwarding does not improve security 105unless users are also denied shell access, as they can always install 106their own forwarders. 107.It Cm AllowGroups 108This keyword can be followed by a list of group name patterns, separated 109by spaces. 110If specified, login is allowed only for users whose primary 111group or supplementary group list matches one of the patterns. 112Only group names are valid; a numerical group ID is not recognized. 113By default, login is allowed for all groups. 114The allow/deny directives are processed in the following order: 115.Cm DenyUsers , 116.Cm AllowUsers , 117.Cm DenyGroups , 118and finally 119.Cm AllowGroups . 120.Pp 121See 122.Sx PATTERNS 123in 124.Xr ssh_config 5 125for more information on patterns. 126.It Cm AllowTcpForwarding 127Specifies whether TCP forwarding is permitted. 128The default is 129.Dq yes . 130Note that disabling TCP forwarding does not improve security unless 131users are also denied shell access, as they can always install their 132own forwarders. 133.It Cm AllowUsers 134This keyword can be followed by a list of user name patterns, separated 135by spaces. 136If specified, login is allowed only for user names that 137match one of the patterns. 138Only user names are valid; a numerical user ID is not recognized. 139By default, login is allowed for all users. 140If the pattern takes the form USER@HOST then USER and HOST 141are separately checked, restricting logins to particular 142users from particular hosts. 143The allow/deny directives are processed in the following order: 144.Cm DenyUsers , 145.Cm AllowUsers , 146.Cm DenyGroups , 147and finally 148.Cm AllowGroups . 149.Pp 150See 151.Sx PATTERNS 152in 153.Xr ssh_config 5 154for more information on patterns. 155.It Cm AuthorizedKeysFile 156Specifies the file that contains the public keys that can be used 157for user authentication. 158The format is described in the 159.Sx AUTHORIZED_KEYS FILE FORMAT 160section of 161.Xr sshd 8 . 162.Cm AuthorizedKeysFile 163may contain tokens of the form %T which are substituted during connection 164setup. 165The following tokens are defined: %% is replaced by a literal '%', 166%h is replaced by the home directory of the user being authenticated, and 167%u is replaced by the username of that user. 168After expansion, 169.Cm AuthorizedKeysFile 170is taken to be an absolute path or one relative to the user's home 171directory. 172Multiple files may be listed, separated by whitespace. 173The default is 174.Dq .ssh/authorized_keys .ssh/authorized_keys2 . 175.It Cm AuthorizedPrincipalsFile 176Specifies a file that lists principal names that are accepted for 177certificate authentication. 178When using certificates signed by a key listed in 179.Cm TrustedUserCAKeys , 180this file lists names, one of which must appear in the certificate for it 181to be accepted for authentication. 182Names are listed one per line preceded by key options (as described 183in 184.Sx AUTHORIZED_KEYS FILE FORMAT 185in 186.Xr sshd 8 ) . 187Empty lines and comments starting with 188.Ql # 189are ignored. 190.Pp 191.Cm AuthorizedPrincipalsFile 192may contain tokens of the form %T which are substituted during connection 193setup. 194The following tokens are defined: %% is replaced by a literal '%', 195%h is replaced by the home directory of the user being authenticated, and 196%u is replaced by the username of that user. 197After expansion, 198.Cm AuthorizedPrincipalsFile 199is taken to be an absolute path or one relative to the user's home 200directory. 201.Pp 202The default is not to use a principals file \(en in this case, the username 203of the user must appear in a certificate's principals list for it to be 204accepted. 205Note that 206.Cm AuthorizedPrincipalsFile 207is only used when authentication proceeds using a CA listed in 208.Cm TrustedUserCAKeys 209and is not consulted for certification authorities trusted via 210.Pa ~/.ssh/authorized_keys , 211though the 212.Cm principals= 213key option offers a similar facility (see 214.Xr sshd 8 215for details). 216.It Cm Banner 217The contents of the specified file are sent to the remote user before 218authentication is allowed. 219If the argument is 220.Dq none 221then no banner is displayed. 222This option is only available for protocol version 2. 223By default, no banner is displayed. 224.It Cm ChallengeResponseAuthentication 225Specifies whether challenge-response authentication is allowed (e.g. via 226PAM or though authentication styles supported in 227.Xr login.conf 5 ) 228The default is 229.Dq yes . 230.It Cm ChrootDirectory 231Specifies the pathname of a directory to 232.Xr chroot 2 233to after authentication. 234All components of the pathname must be root-owned directories that are 235not writable by any other user or group. 236After the chroot, 237.Xr sshd 8 238changes the working directory to the user's home directory. 239.Pp 240The pathname may contain the following tokens that are expanded at runtime once 241the connecting user has been authenticated: %% is replaced by a literal '%', 242%h is replaced by the home directory of the user being authenticated, and 243%u is replaced by the username of that user. 244.Pp 245The 246.Cm ChrootDirectory 247must contain the necessary files and directories to support the 248user's session. 249For an interactive session this requires at least a shell, typically 250.Xr sh 1 , 251and basic 252.Pa /dev 253nodes such as 254.Xr null 4 , 255.Xr zero 4 , 256.Xr stdin 4 , 257.Xr stdout 4 , 258.Xr stderr 4 , 259.Xr arandom 4 260and 261.Xr tty 4 262devices. 263For file transfer sessions using 264.Dq sftp , 265no additional configuration of the environment is necessary if the 266in-process sftp server is used, 267though sessions which use logging do require 268.Pa /dev/log 269inside the chroot directory (see 270.Xr sftp-server 8 271for details). 272.Pp 273The default is not to 274.Xr chroot 2 . 275.It Cm Ciphers 276Specifies the ciphers allowed for protocol version 2. 277Multiple ciphers must be comma-separated. 278The supported ciphers are 279.Dq 3des-cbc , 280.Dq aes128-cbc , 281.Dq aes192-cbc , 282.Dq aes256-cbc , 283.Dq aes128-ctr , 284.Dq aes192-ctr , 285.Dq aes256-ctr , 286.Dq arcfour128 , 287.Dq arcfour256 , 288.Dq arcfour , 289.Dq blowfish-cbc , 290and 291.Dq cast128-cbc . 292The default is: 293.Bd -literal -offset 3n 294aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, 295aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, 296aes256-cbc,arcfour 297.Ed 298.It Cm ClientAliveCountMax 299Sets the number of client alive messages (see below) which may be 300sent without 301.Xr sshd 8 302receiving any messages back from the client. 303If this threshold is reached while client alive messages are being sent, 304sshd will disconnect the client, terminating the session. 305It is important to note that the use of client alive messages is very 306different from 307.Cm TCPKeepAlive 308(below). 309The client alive messages are sent through the encrypted channel 310and therefore will not be spoofable. 311The TCP keepalive option enabled by 312.Cm TCPKeepAlive 313is spoofable. 314The client alive mechanism is valuable when the client or 315server depend on knowing when a connection has become inactive. 316.Pp 317The default value is 3. 318If 319.Cm ClientAliveInterval 320(see below) is set to 15, and 321.Cm ClientAliveCountMax 322is left at the default, unresponsive SSH clients 323will be disconnected after approximately 45 seconds. 324This option applies to protocol version 2 only. 325.It Cm ClientAliveInterval 326Sets a timeout interval in seconds after which if no data has been received 327from the client, 328.Xr sshd 8 329will send a message through the encrypted 330channel to request a response from the client. 331The default 332is 0, indicating that these messages will not be sent to the client. 333This option applies to protocol version 2 only. 334.It Cm Compression 335Specifies whether compression is allowed, or delayed until 336the user has authenticated successfully. 337The argument must be 338.Dq yes , 339.Dq delayed , 340or 341.Dq no . 342The default is 343.Dq delayed . 344.It Cm DenyGroups 345This keyword can be followed by a list of group name patterns, separated 346by spaces. 347Login is disallowed for users whose primary group or supplementary 348group list matches one of the patterns. 349Only group names are valid; a numerical group ID is not recognized. 350By default, login is allowed for all groups. 351The allow/deny directives are processed in the following order: 352.Cm DenyUsers , 353.Cm AllowUsers , 354.Cm DenyGroups , 355and finally 356.Cm AllowGroups . 357.Pp 358See 359.Sx PATTERNS 360in 361.Xr ssh_config 5 362for more information on patterns. 363.It Cm DenyUsers 364This keyword can be followed by a list of user name patterns, separated 365by spaces. 366Login is disallowed for user names that match one of the patterns. 367Only user names are valid; a numerical user ID is not recognized. 368By default, login is allowed for all users. 369If the pattern takes the form USER@HOST then USER and HOST 370are separately checked, restricting logins to particular 371users from particular hosts. 372The allow/deny directives are processed in the following order: 373.Cm DenyUsers , 374.Cm AllowUsers , 375.Cm DenyGroups , 376and finally 377.Cm AllowGroups . 378.Pp 379See 380.Sx PATTERNS 381in 382.Xr ssh_config 5 383for more information on patterns. 384.It Cm ForceCommand 385Forces the execution of the command specified by 386.Cm ForceCommand , 387ignoring any command supplied by the client and 388.Pa ~/.ssh/rc 389if present. 390The command is invoked by using the user's login shell with the -c option. 391This applies to shell, command, or subsystem execution. 392It is most useful inside a 393.Cm Match 394block. 395The command originally supplied by the client is available in the 396.Ev SSH_ORIGINAL_COMMAND 397environment variable. 398Specifying a command of 399.Dq internal-sftp 400will force the use of an in-process sftp server that requires no support 401files when used with 402.Cm ChrootDirectory . 403.It Cm GatewayPorts 404Specifies whether remote hosts are allowed to connect to ports 405forwarded for the client. 406By default, 407.Xr sshd 8 408binds remote port forwardings to the loopback address. 409This prevents other remote hosts from connecting to forwarded ports. 410.Cm GatewayPorts 411can be used to specify that sshd 412should allow remote port forwardings to bind to non-loopback addresses, thus 413allowing other hosts to connect. 414The argument may be 415.Dq no 416to force remote port forwardings to be available to the local host only, 417.Dq yes 418to force remote port forwardings to bind to the wildcard address, or 419.Dq clientspecified 420to allow the client to select the address to which the forwarding is bound. 421The default is 422.Dq no . 423.It Cm GSSAPIAuthentication 424Specifies whether user authentication based on GSSAPI is allowed. 425The default is 426.Dq no . 427Note that this option applies to protocol version 2 only. 428.It Cm GSSAPICleanupCredentials 429Specifies whether to automatically destroy the user's credentials cache 430on logout. 431The default is 432.Dq yes . 433Note that this option applies to protocol version 2 only. 434.It Cm HostbasedAuthentication 435Specifies whether rhosts or /etc/hosts.equiv authentication together 436with successful public key client host authentication is allowed 437(host-based authentication). 438This option is similar to 439.Cm RhostsRSAAuthentication 440and applies to protocol version 2 only. 441The default is 442.Dq no . 443.It Cm HostbasedUsesNameFromPacketOnly 444Specifies whether or not the server will attempt to perform a reverse 445name lookup when matching the name in the 446.Pa ~/.shosts , 447.Pa ~/.rhosts , 448and 449.Pa /etc/hosts.equiv 450files during 451.Cm HostbasedAuthentication . 452A setting of 453.Dq yes 454means that 455.Xr sshd 8 456uses the name supplied by the client rather than 457attempting to resolve the name from the TCP connection itself. 458The default is 459.Dq no . 460.It Cm HostCertificate 461Specifies a file containing a public host certificate. 462The certificate's public key must match a private host key already specified 463by 464.Cm HostKey . 465The default behaviour of 466.Xr sshd 8 467is not to load any certificates. 468.It Cm HostKey 469Specifies a file containing a private host key 470used by SSH. 471The default is 472.Pa /etc/ssh/ssh_host_key 473for protocol version 1, and 474.Pa /etc/ssh/ssh_host_dsa_key , 475.Pa /etc/ssh/ssh_host_ecdsa_key 476and 477.Pa /etc/ssh/ssh_host_rsa_key 478for protocol version 2. 479Note that 480.Xr sshd 8 481will refuse to use a file if it is group/world-accessible. 482It is possible to have multiple host key files. 483.Dq rsa1 484keys are used for version 1 and 485.Dq dsa , 486.Dq ecdsa 487or 488.Dq rsa 489are used for version 2 of the SSH protocol. 490.It Cm IgnoreRhosts 491Specifies that 492.Pa .rhosts 493and 494.Pa .shosts 495files will not be used in 496.Cm RhostsRSAAuthentication 497or 498.Cm HostbasedAuthentication . 499.Pp 500.Pa /etc/hosts.equiv 501and 502.Pa /etc/ssh/shosts.equiv 503are still used. 504The default is 505.Dq yes . 506.It Cm IgnoreUserKnownHosts 507Specifies whether 508.Xr sshd 8 509should ignore the user's 510.Pa ~/.ssh/known_hosts 511during 512.Cm RhostsRSAAuthentication 513or 514.Cm HostbasedAuthentication . 515The default is 516.Dq no . 517.It Cm IPQoS 518Specifies the IPv4 type-of-service or DSCP class for the connection. 519Accepted values are 520.Dq af11 , 521.Dq af12 , 522.Dq af13 , 523.Dq af14 , 524.Dq af22 , 525.Dq af23 , 526.Dq af31 , 527.Dq af32 , 528.Dq af33 , 529.Dq af41 , 530.Dq af42 , 531.Dq af43 , 532.Dq cs0 , 533.Dq cs1 , 534.Dq cs2 , 535.Dq cs3 , 536.Dq cs4 , 537.Dq cs5 , 538.Dq cs6 , 539.Dq cs7 , 540.Dq ef , 541.Dq lowdelay , 542.Dq throughput , 543.Dq reliability , 544or a numeric value. 545This option may take one or two arguments, separated by whitespace. 546If one argument is specified, it is used as the packet class unconditionally. 547If two values are specified, the first is automatically selected for 548interactive sessions and the second for non-interactive sessions. 549The default is 550.Dq lowdelay 551for interactive sessions and 552.Dq throughput 553for non-interactive sessions. 554.It Cm KerberosAuthentication 555Specifies whether the password provided by the user for 556.Cm PasswordAuthentication 557will be validated through the Kerberos KDC. 558To use this option, the server needs a 559Kerberos servtab which allows the verification of the KDC's identity. 560The default is 561.Dq no . 562.It Cm KerberosGetAFSToken 563If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire 564an AFS token before accessing the user's home directory. 565The default is 566.Dq no . 567.It Cm KerberosOrLocalPasswd 568If password authentication through Kerberos fails then 569the password will be validated via any additional local mechanism 570such as 571.Pa /etc/passwd . 572The default is 573.Dq yes . 574.It Cm KerberosTicketCleanup 575Specifies whether to automatically destroy the user's ticket cache 576file on logout. 577The default is 578.Dq yes . 579.It Cm KexAlgorithms 580Specifies the available KEX (Key Exchange) algorithms. 581Multiple algorithms must be comma-separated. 582The default is 583.Dq ecdh-sha2-nistp256 , 584.Dq ecdh-sha2-nistp384 , 585.Dq ecdh-sha2-nistp521 , 586.Dq diffie-hellman-group-exchange-sha256 , 587.Dq diffie-hellman-group-exchange-sha1 , 588.Dq diffie-hellman-group14-sha1 , 589.Dq diffie-hellman-group1-sha1 . 590.It Cm KeyRegenerationInterval 591In protocol version 1, the ephemeral server key is automatically regenerated 592after this many seconds (if it has been used). 593The purpose of regeneration is to prevent 594decrypting captured sessions by later breaking into the machine and 595stealing the keys. 596The key is never stored anywhere. 597If the value is 0, the key is never regenerated. 598The default is 3600 (seconds). 599.It Cm ListenAddress 600Specifies the local addresses 601.Xr sshd 8 602should listen on. 603The following forms may be used: 604.Pp 605.Bl -item -offset indent -compact 606.It 607.Cm ListenAddress 608.Sm off 609.Ar host No | Ar IPv4_addr No | Ar IPv6_addr 610.Sm on 611.It 612.Cm ListenAddress 613.Sm off 614.Ar host No | Ar IPv4_addr No : Ar port 615.Sm on 616.It 617.Cm ListenAddress 618.Sm off 619.Oo 620.Ar host No | Ar IPv6_addr Oc : Ar port 621.Sm on 622.El 623.Pp 624If 625.Ar port 626is not specified, 627sshd will listen on the address and all prior 628.Cm Port 629options specified. 630The default is to listen on all local addresses. 631Multiple 632.Cm ListenAddress 633options are permitted. 634Additionally, any 635.Cm Port 636options must precede this option for non-port qualified addresses. 637.It Cm LoginGraceTime 638The server disconnects after this time if the user has not 639successfully logged in. 640If the value is 0, there is no time limit. 641The default is 120 seconds. 642.It Cm LogLevel 643Gives the verbosity level that is used when logging messages from 644.Xr sshd 8 . 645The possible values are: 646QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 647The default is INFO. 648DEBUG and DEBUG1 are equivalent. 649DEBUG2 and DEBUG3 each specify higher levels of debugging output. 650Logging with a DEBUG level violates the privacy of users and is not recommended. 651.It Cm MACs 652Specifies the available MAC (message authentication code) algorithms. 653The MAC algorithm is used in protocol version 2 654for data integrity protection. 655Multiple algorithms must be comma-separated. 656The default is: 657.Bd -literal -offset indent 658hmac-md5,hmac-sha1,umac-64@openssh.com, 659hmac-ripemd160,hmac-sha1-96,hmac-md5-96, 660hmac-sha2-256,hmac-sha256-96,hmac-sha2-512, 661hmac-sha2-512-96 662.Ed 663.It Cm Match 664Introduces a conditional block. 665If all of the criteria on the 666.Cm Match 667line are satisfied, the keywords on the following lines override those 668set in the global section of the config file, until either another 669.Cm Match 670line or the end of the file. 671.Pp 672The arguments to 673.Cm Match 674are one or more criteria-pattern pairs. 675The available criteria are 676.Cm User , 677.Cm Group , 678.Cm Host , 679and 680.Cm Address . 681The match patterns may consist of single entries or comma-separated 682lists and may use the wildcard and negation operators described in the 683.Sx PATTERNS 684section of 685.Xr ssh_config 5 . 686.Pp 687The patterns in an 688.Cm Address 689criteria may additionally contain addresses to match in CIDR 690address/masklen format, e.g.\& 691.Dq 192.0.2.0/24 692or 693.Dq 3ffe:ffff::/32 . 694Note that the mask length provided must be consistent with the address - 695it is an error to specify a mask length that is too long for the address 696or one with bits set in this host portion of the address. 697For example, 698.Dq 192.0.2.0/33 699and 700.Dq 192.0.2.0/8 701respectively. 702.Pp 703Only a subset of keywords may be used on the lines following a 704.Cm Match 705keyword. 706Available keywords are 707.Cm AllowAgentForwarding , 708.Cm AllowTcpForwarding , 709.Cm AuthorizedKeysFile , 710.Cm AuthorizedPrincipalsFile , 711.Cm Banner , 712.Cm ChrootDirectory , 713.Cm ForceCommand , 714.Cm GatewayPorts , 715.Cm GSSAPIAuthentication , 716.Cm HostbasedAuthentication , 717.Cm HostbasedUsesNameFromPacketOnly , 718.Cm KbdInteractiveAuthentication , 719.Cm KerberosAuthentication , 720.Cm MaxAuthTries , 721.Cm MaxSessions , 722.Cm PasswordAuthentication , 723.Cm PermitEmptyPasswords , 724.Cm PermitOpen , 725.Cm PermitRootLogin , 726.Cm PermitTunnel , 727.Cm PubkeyAuthentication , 728.Cm RhostsRSAAuthentication , 729.Cm RSAAuthentication , 730.Cm X11DisplayOffset , 731.Cm X11Forwarding 732and 733.Cm X11UseLocalHost . 734.It Cm MaxAuthTries 735Specifies the maximum number of authentication attempts permitted per 736connection. 737Once the number of failures reaches half this value, 738additional failures are logged. 739The default is 6. 740.It Cm MaxSessions 741Specifies the maximum number of open sessions permitted per network connection. 742The default is 10. 743.It Cm MaxStartups 744Specifies the maximum number of concurrent unauthenticated connections to the 745SSH daemon. 746Additional connections will be dropped until authentication succeeds or the 747.Cm LoginGraceTime 748expires for a connection. 749The default is 10. 750.Pp 751Alternatively, random early drop can be enabled by specifying 752the three colon separated values 753.Dq start:rate:full 754(e.g. "10:30:60"). 755.Xr sshd 8 756will refuse connection attempts with a probability of 757.Dq rate/100 758(30%) 759if there are currently 760.Dq start 761(10) 762unauthenticated connections. 763The probability increases linearly and all connection attempts 764are refused if the number of unauthenticated connections reaches 765.Dq full 766(60). 767.It Cm PasswordAuthentication 768Specifies whether password authentication is allowed. 769See also 770.Cm UsePAM . 771The default is 772.Dq no . 773.It Cm PermitEmptyPasswords 774When password authentication is allowed, it specifies whether the 775server allows login to accounts with empty password strings. 776The default is 777.Dq no . 778.It Cm PermitOpen 779Specifies the destinations to which TCP port forwarding is permitted. 780The forwarding specification must be one of the following forms: 781.Pp 782.Bl -item -offset indent -compact 783.It 784.Cm PermitOpen 785.Sm off 786.Ar host : port 787.Sm on 788.It 789.Cm PermitOpen 790.Sm off 791.Ar IPv4_addr : port 792.Sm on 793.It 794.Cm PermitOpen 795.Sm off 796.Ar \&[ IPv6_addr \&] : port 797.Sm on 798.El 799.Pp 800Multiple forwards may be specified by separating them with whitespace. 801An argument of 802.Dq any 803can be used to remove all restrictions and permit any forwarding requests. 804By default all port forwarding requests are permitted. 805.It Cm PermitRootLogin 806Specifies whether root can log in using 807.Xr ssh 1 . 808The argument must be 809.Dq yes , 810.Dq without-password , 811.Dq forced-commands-only , 812or 813.Dq no . 814The default is 815.Dq no . 816Note that if 817.Cm ChallengeResponseAuthentication 818is 819.Dq yes , 820the root user may be allowed in with its password even if 821.Cm PermitRootLogin is set to 822.Dq without-password . 823.Pp 824If this option is set to 825.Dq without-password , 826password authentication is disabled for root. 827.Pp 828If this option is set to 829.Dq forced-commands-only , 830root login with public key authentication will be allowed, 831but only if the 832.Ar command 833option has been specified 834(which may be useful for taking remote backups even if root login is 835normally not allowed). 836All other authentication methods are disabled for root. 837.Pp 838If this option is set to 839.Dq no , 840root is not allowed to log in. 841.It Cm PermitTunnel 842Specifies whether 843.Xr tun 4 844device forwarding is allowed. 845The argument must be 846.Dq yes , 847.Dq point-to-point 848(layer 3), 849.Dq ethernet 850(layer 2), or 851.Dq no . 852Specifying 853.Dq yes 854permits both 855.Dq point-to-point 856and 857.Dq ethernet . 858The default is 859.Dq no . 860.It Cm PermitUserEnvironment 861Specifies whether 862.Pa ~/.ssh/environment 863and 864.Cm environment= 865options in 866.Pa ~/.ssh/authorized_keys 867are processed by 868.Xr sshd 8 . 869The default is 870.Dq no . 871Enabling environment processing may enable users to bypass access 872restrictions in some configurations using mechanisms such as 873.Ev LD_PRELOAD . 874.It Cm PidFile 875Specifies the file that contains the process ID of the 876SSH daemon. 877The default is 878.Pa /var/run/sshd.pid . 879.It Cm Port 880Specifies the port number that 881.Xr sshd 8 882listens on. 883The default is 22. 884Multiple options of this type are permitted. 885See also 886.Cm ListenAddress . 887.It Cm PrintLastLog 888Specifies whether 889.Xr sshd 8 890should print the date and time of the last user login when a user logs 891in interactively. 892The default is 893.Dq yes . 894.It Cm PrintMotd 895Specifies whether 896.Xr sshd 8 897should print 898.Pa /etc/motd 899when a user logs in interactively. 900(On some systems it is also printed by the shell, 901.Pa /etc/profile , 902or equivalent.) 903The default is 904.Dq yes . 905.It Cm Protocol 906Specifies the protocol versions 907.Xr sshd 8 908supports. 909The possible values are 910.Sq 1 911and 912.Sq 2 . 913Multiple versions must be comma-separated. 914The default is 915.Sq 2 . 916Note that the order of the protocol list does not indicate preference, 917because the client selects among multiple protocol versions offered 918by the server. 919Specifying 920.Dq 2,1 921is identical to 922.Dq 1,2 . 923.It Cm PubkeyAuthentication 924Specifies whether public key authentication is allowed. 925The default is 926.Dq yes . 927Note that this option applies to protocol version 2 only. 928.It Cm RevokedKeys 929Specifies a list of revoked public keys. 930Keys listed in this file will be refused for public key authentication. 931Note that if this file is not readable, then public key authentication will 932be refused for all users. 933.It Cm RhostsRSAAuthentication 934Specifies whether rhosts or 935.Pa /etc/hosts.equiv 936authentication together 937with successful RSA host authentication is allowed. 938The default is 939.Dq no . 940This option applies to protocol version 1 only. 941.It Cm RSAAuthentication 942Specifies whether pure RSA authentication is allowed. 943The default is 944.Dq yes . 945This option applies to protocol version 1 only. 946.It Cm ServerKeyBits 947Defines the number of bits in the ephemeral protocol version 1 server key. 948The minimum value is 512, and the default is 1024. 949.It Cm StrictModes 950Specifies whether 951.Xr sshd 8 952should check file modes and ownership of the 953user's files and home directory before accepting login. 954This is normally desirable because novices sometimes accidentally leave their 955directory or files world-writable. 956The default is 957.Dq yes . 958Note that this does not apply to 959.Cm ChrootDirectory , 960whose permissions and ownership are checked unconditionally. 961.It Cm Subsystem 962Configures an external subsystem (e.g. file transfer daemon). 963Arguments should be a subsystem name and a command (with optional arguments) 964to execute upon subsystem request. 965.Pp 966The command 967.Xr sftp-server 8 968implements the 969.Dq sftp 970file transfer subsystem. 971.Pp 972Alternately the name 973.Dq internal-sftp 974implements an in-process 975.Dq sftp 976server. 977This may simplify configurations using 978.Cm ChrootDirectory 979to force a different filesystem root on clients. 980.Pp 981By default no subsystems are defined. 982Note that this option applies to protocol version 2 only. 983.It Cm SyslogFacility 984Gives the facility code that is used when logging messages from 985.Xr sshd 8 . 986The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 987LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 988The default is AUTH. 989.It Cm TCPKeepAlive 990Specifies whether the system should send TCP keepalive messages to the 991other side. 992If they are sent, death of the connection or crash of one 993of the machines will be properly noticed. 994However, this means that 995connections will die if the route is down temporarily, and some people 996find it annoying. 997On the other hand, if TCP keepalives are not sent, 998sessions may hang indefinitely on the server, leaving 999.Dq ghost 1000users and consuming server resources. 1001.Pp 1002The default is 1003.Dq yes 1004(to send TCP keepalive messages), and the server will notice 1005if the network goes down or the client host crashes. 1006This avoids infinitely hanging sessions. 1007.Pp 1008To disable TCP keepalive messages, the value should be set to 1009.Dq no . 1010.It Cm TrustedUserCAKeys 1011Specifies a file containing public keys of certificate authorities that are 1012trusted to sign user certificates for authentication. 1013Keys are listed one per line; empty lines and comments starting with 1014.Ql # 1015are allowed. 1016If a certificate is presented for authentication and has its signing CA key 1017listed in this file, then it may be used for authentication for any user 1018listed in the certificate's principals list. 1019Note that certificates that lack a list of principals will not be permitted 1020for authentication using 1021.Cm TrustedUserCAKeys . 1022For more details on certificates, see the 1023.Sx CERTIFICATES 1024section in 1025.Xr ssh-keygen 1 . 1026.It Cm UseDNS 1027Specifies whether 1028.Xr sshd 8 1029should look up the remote host name and check that 1030the resolved host name for the remote IP address maps back to the 1031very same IP address. 1032The default is 1033.Dq yes . 1034.It Cm UseLogin 1035Specifies whether 1036.Xr login 1 1037is used for interactive login sessions. 1038The default is 1039.Dq no . 1040Note that 1041.Xr login 1 1042is never used for remote command execution. 1043Note also, that if this is enabled, 1044.Cm X11Forwarding 1045will be disabled because 1046.Xr login 1 1047does not know how to handle 1048.Xr xauth 1 1049cookies. 1050If 1051.Cm UsePrivilegeSeparation 1052is specified, it will be disabled after authentication. 1053.It Cm UsePAM 1054Enables the Pluggable Authentication Module interface. 1055If set to 1056.Dq yes 1057this will enable PAM authentication using 1058.Cm ChallengeResponseAuthentication 1059and 1060.Cm PasswordAuthentication 1061in addition to PAM account and session module processing for all 1062authentication types. 1063.Pp 1064Because PAM challenge-response authentication usually serves an equivalent 1065role to password authentication, you should disable either 1066.Cm PasswordAuthentication 1067or 1068.Cm ChallengeResponseAuthentication. 1069.Pp 1070If 1071.Cm UsePAM 1072is enabled, you will not be able to run 1073.Xr sshd 8 1074as a non-root user. 1075The default is 1076.Dq yes . 1077.It Cm UsePrivilegeSeparation 1078Specifies whether 1079.Xr sshd 8 1080separates privileges by creating an unprivileged child process 1081to deal with incoming network traffic. 1082After successful authentication, another process will be created that has 1083the privilege of the authenticated user. 1084The goal of privilege separation is to prevent privilege 1085escalation by containing any corruption within the unprivileged processes. 1086The default is 1087.Dq yes . 1088If 1089.Cm UsePrivilegeSeparation 1090is set to 1091.Dq sandbox 1092then the pre-authentication unprivileged process is subject to additional 1093restrictions. 1094.It Cm VersionAddendum 1095Specifies a string to append to the regular version string to identify 1096OS- or site-specific modifications. 1097The default is 1098.Dq FreeBSD-20111001 . 1099.It Cm X11DisplayOffset 1100Specifies the first display number available for 1101.Xr sshd 8 Ns 's 1102X11 forwarding. 1103This prevents sshd from interfering with real X11 servers. 1104The default is 10. 1105.It Cm X11Forwarding 1106Specifies whether X11 forwarding is permitted. 1107The argument must be 1108.Dq yes 1109or 1110.Dq no . 1111The default is 1112.Dq yes . 1113.Pp 1114When X11 forwarding is enabled, there may be additional exposure to 1115the server and to client displays if the 1116.Xr sshd 8 1117proxy display is configured to listen on the wildcard address (see 1118.Cm X11UseLocalhost 1119below), though this is not the default. 1120Additionally, the authentication spoofing and authentication data 1121verification and substitution occur on the client side. 1122The security risk of using X11 forwarding is that the client's X11 1123display server may be exposed to attack when the SSH client requests 1124forwarding (see the warnings for 1125.Cm ForwardX11 1126in 1127.Xr ssh_config 5 ) . 1128A system administrator may have a stance in which they want to 1129protect clients that may expose themselves to attack by unwittingly 1130requesting X11 forwarding, which can warrant a 1131.Dq no 1132setting. 1133.Pp 1134Note that disabling X11 forwarding does not prevent users from 1135forwarding X11 traffic, as users can always install their own forwarders. 1136X11 forwarding is automatically disabled if 1137.Cm UseLogin 1138is enabled. 1139.It Cm X11UseLocalhost 1140Specifies whether 1141.Xr sshd 8 1142should bind the X11 forwarding server to the loopback address or to 1143the wildcard address. 1144By default, 1145sshd binds the forwarding server to the loopback address and sets the 1146hostname part of the 1147.Ev DISPLAY 1148environment variable to 1149.Dq localhost . 1150This prevents remote hosts from connecting to the proxy display. 1151However, some older X11 clients may not function with this 1152configuration. 1153.Cm X11UseLocalhost 1154may be set to 1155.Dq no 1156to specify that the forwarding server should be bound to the wildcard 1157address. 1158The argument must be 1159.Dq yes 1160or 1161.Dq no . 1162The default is 1163.Dq yes . 1164.It Cm XAuthLocation 1165Specifies the full pathname of the 1166.Xr xauth 1 1167program. 1168The default is 1169.Pa /usr/local/bin/xauth . 1170.El 1171.Sh TIME FORMATS 1172.Xr sshd 8 1173command-line arguments and configuration file options that specify time 1174may be expressed using a sequence of the form: 1175.Sm off 1176.Ar time Op Ar qualifier , 1177.Sm on 1178where 1179.Ar time 1180is a positive integer value and 1181.Ar qualifier 1182is one of the following: 1183.Pp 1184.Bl -tag -width Ds -compact -offset indent 1185.It Aq Cm none 1186seconds 1187.It Cm s | Cm S 1188seconds 1189.It Cm m | Cm M 1190minutes 1191.It Cm h | Cm H 1192hours 1193.It Cm d | Cm D 1194days 1195.It Cm w | Cm W 1196weeks 1197.El 1198.Pp 1199Each member of the sequence is added together to calculate 1200the total time value. 1201.Pp 1202Time format examples: 1203.Pp 1204.Bl -tag -width Ds -compact -offset indent 1205.It 600 1206600 seconds (10 minutes) 1207.It 10m 120810 minutes 1209.It 1h30m 12101 hour 30 minutes (90 minutes) 1211.El 1212.Sh FILES 1213.Bl -tag -width Ds 1214.It Pa /etc/ssh/sshd_config 1215Contains configuration data for 1216.Xr sshd 8 . 1217This file should be writable by root only, but it is recommended 1218(though not necessary) that it be world-readable. 1219.El 1220.Sh SEE ALSO 1221.Xr sshd 8 1222.Sh AUTHORS 1223OpenSSH is a derivative of the original and free 1224ssh 1.2.12 release by Tatu Ylonen. 1225Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 1226Theo de Raadt and Dug Song 1227removed many bugs, re-added newer features and 1228created OpenSSH. 1229Markus Friedl contributed the support for SSH 1230protocol versions 1.5 and 2.0. 1231Niels Provos and Markus Friedl contributed support 1232for privilege separation. 1233