1.\" -*- nroff -*- 2.\" 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5.\" All rights reserved 6.\" 7.\" As far as I am concerned, the code I have written for this software 8.\" can be used freely for any purpose. Any derived versions of this 9.\" software must be clearly marked as such, and if the derived work is 10.\" incompatible with the protocol description in the RFC file, it must be 11.\" called by a name other than "ssh" or "Secure Shell". 12.\" 13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 16.\" 17.\" Redistribution and use in source and binary forms, with or without 18.\" modification, are permitted provided that the following conditions 19.\" are met: 20.\" 1. Redistributions of source code must retain the above copyright 21.\" notice, this list of conditions and the following disclaimer. 22.\" 2. Redistributions in binary form must reproduce the above copyright 23.\" notice, this list of conditions and the following disclaimer in the 24.\" documentation and/or other materials provided with the distribution. 25.\" 26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" 37.\" $OpenBSD: sshd_config.5,v 1.120 2010/03/04 23:17:25 djm Exp $ 38.\" $FreeBSD$ 39.Dd March 4, 2010 40.Dt SSHD_CONFIG 5 41.Os 42.Sh NAME 43.Nm sshd_config 44.Nd OpenSSH SSH daemon configuration file 45.Sh SYNOPSIS 46.Nm /etc/ssh/sshd_config 47.Sh DESCRIPTION 48.Xr sshd 8 49reads configuration data from 50.Pa /etc/ssh/sshd_config 51(or the file specified with 52.Fl f 53on the command line). 54The file contains keyword-argument pairs, one per line. 55Lines starting with 56.Ql # 57and empty lines are interpreted as comments. 58Arguments may optionally be enclosed in double quotes 59.Pq \&" 60in order to represent arguments containing spaces. 61.Pp 62The possible 63keywords and their meanings are as follows (note that 64keywords are case-insensitive and arguments are case-sensitive): 65.Bl -tag -width Ds 66.It Cm AcceptEnv 67Specifies what environment variables sent by the client will be copied into 68the session's 69.Xr environ 7 . 70See 71.Cm SendEnv 72in 73.Xr ssh_config 5 74for how to configure the client. 75Note that environment passing is only supported for protocol 2. 76Variables are specified by name, which may contain the wildcard characters 77.Ql * 78and 79.Ql \&? . 80Multiple environment variables may be separated by whitespace or spread 81across multiple 82.Cm AcceptEnv 83directives. 84Be warned that some environment variables could be used to bypass restricted 85user environments. 86For this reason, care should be taken in the use of this directive. 87The default is not to accept any environment variables. 88.It Cm AddressFamily 89Specifies which address family should be used by 90.Xr sshd 8 . 91Valid arguments are 92.Dq any , 93.Dq inet 94(use IPv4 only), or 95.Dq inet6 96(use IPv6 only). 97The default is 98.Dq any . 99.It Cm AllowAgentForwarding 100Specifies whether 101.Xr ssh-agent 1 102forwarding is permitted. 103The default is 104.Dq yes . 105Note that disabling agent forwarding does not improve security 106unless users are also denied shell access, as they can always install 107their own forwarders. 108.It Cm AllowGroups 109This keyword can be followed by a list of group name patterns, separated 110by spaces. 111If specified, login is allowed only for users whose primary 112group or supplementary group list matches one of the patterns. 113Only group names are valid; a numerical group ID is not recognized. 114By default, login is allowed for all groups. 115The allow/deny directives are processed in the following order: 116.Cm DenyUsers , 117.Cm AllowUsers , 118.Cm DenyGroups , 119and finally 120.Cm AllowGroups . 121.Pp 122See 123.Sx PATTERNS 124in 125.Xr ssh_config 5 126for more information on patterns. 127.It Cm AllowTcpForwarding 128Specifies whether TCP forwarding is permitted. 129The default is 130.Dq yes . 131Note that disabling TCP forwarding does not improve security unless 132users are also denied shell access, as they can always install their 133own forwarders. 134.It Cm AllowUsers 135This keyword can be followed by a list of user name patterns, separated 136by spaces. 137If specified, login is allowed only for user names that 138match one of the patterns. 139Only user names are valid; a numerical user ID is not recognized. 140By default, login is allowed for all users. 141If the pattern takes the form USER@HOST then USER and HOST 142are separately checked, restricting logins to particular 143users from particular hosts. 144The allow/deny directives are processed in the following order: 145.Cm DenyUsers , 146.Cm AllowUsers , 147.Cm DenyGroups , 148and finally 149.Cm AllowGroups . 150.Pp 151See 152.Sx PATTERNS 153in 154.Xr ssh_config 5 155for more information on patterns. 156.It Cm AuthorizedKeysFile 157Specifies the file that contains the public keys that can be used 158for user authentication. 159.Cm AuthorizedKeysFile 160may contain tokens of the form %T which are substituted during connection 161setup. 162The following tokens are defined: %% is replaced by a literal '%', 163%h is replaced by the home directory of the user being authenticated, and 164%u is replaced by the username of that user. 165After expansion, 166.Cm AuthorizedKeysFile 167is taken to be an absolute path or one relative to the user's home 168directory. 169The default is 170.Dq .ssh/authorized_keys . 171.It Cm Banner 172The contents of the specified file are sent to the remote user before 173authentication is allowed. 174If the argument is 175.Dq none 176then no banner is displayed. 177This option is only available for protocol version 2. 178By default, no banner is displayed. 179.It Cm ChallengeResponseAuthentication 180Specifies whether challenge-response authentication is allowed (e.g. via 181PAM or though authentication styles supported in 182.Xr login.conf 5 ) 183The default is 184.Dq yes . 185.It Cm ChrootDirectory 186Specifies the pathname of a directory to 187.Xr chroot 2 188to after authentication. 189All components of the pathname must be root-owned directories that are 190not writable by any other user or group. 191After the chroot, 192.Xr sshd 8 193changes the working directory to the user's home directory. 194.Pp 195The pathname may contain the following tokens that are expanded at runtime once 196the connecting user has been authenticated: %% is replaced by a literal '%', 197%h is replaced by the home directory of the user being authenticated, and 198%u is replaced by the username of that user. 199.Pp 200The 201.Cm ChrootDirectory 202must contain the necessary files and directories to support the 203user's session. 204For an interactive session this requires at least a shell, typically 205.Xr sh 1 , 206and basic 207.Pa /dev 208nodes such as 209.Xr null 4 , 210.Xr zero 4 , 211.Xr stdin 4 , 212.Xr stdout 4 , 213.Xr stderr 4 , 214.Xr arandom 4 215and 216.Xr tty 4 217devices. 218For file transfer sessions using 219.Dq sftp , 220no additional configuration of the environment is necessary if the 221in-process sftp server is used, 222though sessions which use logging do require 223.Pa /dev/log 224inside the chroot directory (see 225.Xr sftp-server 8 226for details). 227.Pp 228The default is not to 229.Xr chroot 2 . 230.It Cm Ciphers 231Specifies the ciphers allowed for protocol version 2. 232Multiple ciphers must be comma-separated. 233The supported ciphers are 234.Dq 3des-cbc , 235.Dq aes128-cbc , 236.Dq aes192-cbc , 237.Dq aes256-cbc , 238.Dq aes128-ctr , 239.Dq aes192-ctr , 240.Dq aes256-ctr , 241.Dq arcfour128 , 242.Dq arcfour256 , 243.Dq arcfour , 244.Dq blowfish-cbc , 245and 246.Dq cast128-cbc . 247The default is: 248.Bd -literal -offset 3n 249aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, 250aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, 251aes256-cbc,arcfour 252.Ed 253.It Cm ClientAliveCountMax 254Sets the number of client alive messages (see below) which may be 255sent without 256.Xr sshd 8 257receiving any messages back from the client. 258If this threshold is reached while client alive messages are being sent, 259sshd will disconnect the client, terminating the session. 260It is important to note that the use of client alive messages is very 261different from 262.Cm TCPKeepAlive 263(below). 264The client alive messages are sent through the encrypted channel 265and therefore will not be spoofable. 266The TCP keepalive option enabled by 267.Cm TCPKeepAlive 268is spoofable. 269The client alive mechanism is valuable when the client or 270server depend on knowing when a connection has become inactive. 271.Pp 272The default value is 3. 273If 274.Cm ClientAliveInterval 275(see below) is set to 15, and 276.Cm ClientAliveCountMax 277is left at the default, unresponsive SSH clients 278will be disconnected after approximately 45 seconds. 279This option applies to protocol version 2 only. 280.It Cm ClientAliveInterval 281Sets a timeout interval in seconds after which if no data has been received 282from the client, 283.Xr sshd 8 284will send a message through the encrypted 285channel to request a response from the client. 286The default 287is 0, indicating that these messages will not be sent to the client. 288This option applies to protocol version 2 only. 289.It Cm Compression 290Specifies whether compression is allowed, or delayed until 291the user has authenticated successfully. 292The argument must be 293.Dq yes , 294.Dq delayed , 295or 296.Dq no . 297The default is 298.Dq delayed . 299.It Cm DenyGroups 300This keyword can be followed by a list of group name patterns, separated 301by spaces. 302Login is disallowed for users whose primary group or supplementary 303group list matches one of the patterns. 304Only group names are valid; a numerical group ID is not recognized. 305By default, login is allowed for all groups. 306The allow/deny directives are processed in the following order: 307.Cm DenyUsers , 308.Cm AllowUsers , 309.Cm DenyGroups , 310and finally 311.Cm AllowGroups . 312.Pp 313See 314.Sx PATTERNS 315in 316.Xr ssh_config 5 317for more information on patterns. 318.It Cm DenyUsers 319This keyword can be followed by a list of user name patterns, separated 320by spaces. 321Login is disallowed for user names that match one of the patterns. 322Only user names are valid; a numerical user ID is not recognized. 323By default, login is allowed for all users. 324If the pattern takes the form USER@HOST then USER and HOST 325are separately checked, restricting logins to particular 326users from particular hosts. 327The allow/deny directives are processed in the following order: 328.Cm DenyUsers , 329.Cm AllowUsers , 330.Cm DenyGroups , 331and finally 332.Cm AllowGroups . 333.Pp 334See 335.Sx PATTERNS 336in 337.Xr ssh_config 5 338for more information on patterns. 339.It Cm ForceCommand 340Forces the execution of the command specified by 341.Cm ForceCommand , 342ignoring any command supplied by the client and 343.Pa ~/.ssh/rc 344if present. 345The command is invoked by using the user's login shell with the -c option. 346This applies to shell, command, or subsystem execution. 347It is most useful inside a 348.Cm Match 349block. 350The command originally supplied by the client is available in the 351.Ev SSH_ORIGINAL_COMMAND 352environment variable. 353Specifying a command of 354.Dq internal-sftp 355will force the use of an in-process sftp server that requires no support 356files when used with 357.Cm ChrootDirectory . 358.It Cm GatewayPorts 359Specifies whether remote hosts are allowed to connect to ports 360forwarded for the client. 361By default, 362.Xr sshd 8 363binds remote port forwardings to the loopback address. 364This prevents other remote hosts from connecting to forwarded ports. 365.Cm GatewayPorts 366can be used to specify that sshd 367should allow remote port forwardings to bind to non-loopback addresses, thus 368allowing other hosts to connect. 369The argument may be 370.Dq no 371to force remote port forwardings to be available to the local host only, 372.Dq yes 373to force remote port forwardings to bind to the wildcard address, or 374.Dq clientspecified 375to allow the client to select the address to which the forwarding is bound. 376The default is 377.Dq no . 378.It Cm GSSAPIAuthentication 379Specifies whether user authentication based on GSSAPI is allowed. 380The default is 381.Dq no . 382Note that this option applies to protocol version 2 only. 383.It Cm GSSAPICleanupCredentials 384Specifies whether to automatically destroy the user's credentials cache 385on logout. 386The default is 387.Dq yes . 388Note that this option applies to protocol version 2 only. 389.It Cm HostbasedAuthentication 390Specifies whether rhosts or /etc/hosts.equiv authentication together 391with successful public key client host authentication is allowed 392(host-based authentication). 393This option is similar to 394.Cm RhostsRSAAuthentication 395and applies to protocol version 2 only. 396The default is 397.Dq no . 398.It Cm HostbasedUsesNameFromPacketOnly 399Specifies whether or not the server will attempt to perform a reverse 400name lookup when matching the name in the 401.Pa ~/.shosts , 402.Pa ~/.rhosts , 403and 404.Pa /etc/hosts.equiv 405files during 406.Cm HostbasedAuthentication . 407A setting of 408.Dq yes 409means that 410.Xr sshd 8 411uses the name supplied by the client rather than 412attempting to resolve the name from the TCP connection itself. 413The default is 414.Dq no . 415.It Cm HostCertificate 416Specifies a file containing a public host certificate. 417The certificate's public key must match a private host key already specified 418by 419.Cm HostKey . 420The default behaviour of 421.Xr sshd 8 422is not to load any certificates. 423.It Cm HostKey 424Specifies a file containing a private host key 425used by SSH. 426The default is 427.Pa /etc/ssh/ssh_host_key 428for protocol version 1, and 429.Pa /etc/ssh/ssh_host_rsa_key 430and 431.Pa /etc/ssh/ssh_host_dsa_key 432for protocol version 2. 433Note that 434.Xr sshd 8 435will refuse to use a file if it is group/world-accessible. 436It is possible to have multiple host key files. 437.Dq rsa1 438keys are used for version 1 and 439.Dq dsa 440or 441.Dq rsa 442are used for version 2 of the SSH protocol. 443.It Cm IgnoreRhosts 444Specifies that 445.Pa .rhosts 446and 447.Pa .shosts 448files will not be used in 449.Cm RhostsRSAAuthentication 450or 451.Cm HostbasedAuthentication . 452.Pp 453.Pa /etc/hosts.equiv 454and 455.Pa /etc/ssh/shosts.equiv 456are still used. 457The default is 458.Dq yes . 459.It Cm IgnoreUserKnownHosts 460Specifies whether 461.Xr sshd 8 462should ignore the user's 463.Pa ~/.ssh/known_hosts 464during 465.Cm RhostsRSAAuthentication 466or 467.Cm HostbasedAuthentication . 468The default is 469.Dq no . 470.It Cm KerberosAuthentication 471Specifies whether the password provided by the user for 472.Cm PasswordAuthentication 473will be validated through the Kerberos KDC. 474To use this option, the server needs a 475Kerberos servtab which allows the verification of the KDC's identity. 476The default is 477.Dq no . 478.It Cm KerberosGetAFSToken 479If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire 480an AFS token before accessing the user's home directory. 481The default is 482.Dq no . 483.It Cm KerberosOrLocalPasswd 484If password authentication through Kerberos fails then 485the password will be validated via any additional local mechanism 486such as 487.Pa /etc/passwd . 488The default is 489.Dq yes . 490.It Cm KerberosTicketCleanup 491Specifies whether to automatically destroy the user's ticket cache 492file on logout. 493The default is 494.Dq yes . 495.It Cm KeyRegenerationInterval 496In protocol version 1, the ephemeral server key is automatically regenerated 497after this many seconds (if it has been used). 498The purpose of regeneration is to prevent 499decrypting captured sessions by later breaking into the machine and 500stealing the keys. 501The key is never stored anywhere. 502If the value is 0, the key is never regenerated. 503The default is 3600 (seconds). 504.It Cm ListenAddress 505Specifies the local addresses 506.Xr sshd 8 507should listen on. 508The following forms may be used: 509.Pp 510.Bl -item -offset indent -compact 511.It 512.Cm ListenAddress 513.Sm off 514.Ar host No | Ar IPv4_addr No | Ar IPv6_addr 515.Sm on 516.It 517.Cm ListenAddress 518.Sm off 519.Ar host No | Ar IPv4_addr No : Ar port 520.Sm on 521.It 522.Cm ListenAddress 523.Sm off 524.Oo 525.Ar host No | Ar IPv6_addr Oc : Ar port 526.Sm on 527.El 528.Pp 529If 530.Ar port 531is not specified, 532sshd will listen on the address and all prior 533.Cm Port 534options specified. 535The default is to listen on all local addresses. 536Multiple 537.Cm ListenAddress 538options are permitted. 539Additionally, any 540.Cm Port 541options must precede this option for non-port qualified addresses. 542.It Cm LoginGraceTime 543The server disconnects after this time if the user has not 544successfully logged in. 545If the value is 0, there is no time limit. 546The default is 120 seconds. 547.It Cm LogLevel 548Gives the verbosity level that is used when logging messages from 549.Xr sshd 8 . 550The possible values are: 551QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 552The default is INFO. 553DEBUG and DEBUG1 are equivalent. 554DEBUG2 and DEBUG3 each specify higher levels of debugging output. 555Logging with a DEBUG level violates the privacy of users and is not recommended. 556.It Cm MACs 557Specifies the available MAC (message authentication code) algorithms. 558The MAC algorithm is used in protocol version 2 559for data integrity protection. 560Multiple algorithms must be comma-separated. 561The default is: 562.Bd -literal -offset indent 563hmac-md5,hmac-sha1,umac-64@openssh.com, 564hmac-ripemd160,hmac-sha1-96,hmac-md5-96 565.Ed 566.It Cm Match 567Introduces a conditional block. 568If all of the criteria on the 569.Cm Match 570line are satisfied, the keywords on the following lines override those 571set in the global section of the config file, until either another 572.Cm Match 573line or the end of the file. 574.Pp 575The arguments to 576.Cm Match 577are one or more criteria-pattern pairs. 578The available criteria are 579.Cm User , 580.Cm Group , 581.Cm Host , 582and 583.Cm Address . 584The match patterns may consist of single entries or comma-separated 585lists and may use the wildcard and negation operators described in the 586.Sx PATTERNS 587section of 588.Xr ssh_config 5 . 589.Pp 590The patterns in an 591.Cm Address 592criteria may additionally contain addresses to match in CIDR 593address/masklen format, e.g.\& 594.Dq 192.0.2.0/24 595or 596.Dq 3ffe:ffff::/32 . 597Note that the mask length provided must be consistent with the address - 598it is an error to specify a mask length that is too long for the address 599or one with bits set in this host portion of the address. 600For example, 601.Dq 192.0.2.0/33 602and 603.Dq 192.0.2.0/8 604respectively. 605.Pp 606Only a subset of keywords may be used on the lines following a 607.Cm Match 608keyword. 609Available keywords are 610.Cm AllowAgentForwarding , 611.Cm AllowTcpForwarding , 612.Cm Banner , 613.Cm ChrootDirectory , 614.Cm ForceCommand , 615.Cm GatewayPorts , 616.Cm GSSAPIAuthentication , 617.Cm HostbasedAuthentication , 618.Cm KbdInteractiveAuthentication , 619.Cm KerberosAuthentication , 620.Cm MaxAuthTries , 621.Cm MaxSessions , 622.Cm PasswordAuthentication , 623.Cm PermitEmptyPasswords , 624.Cm PermitOpen , 625.Cm PermitRootLogin , 626.Cm PubkeyAuthentication , 627.Cm RhostsRSAAuthentication , 628.Cm RSAAuthentication , 629.Cm X11DisplayOffset , 630.Cm X11Forwarding 631and 632.Cm X11UseLocalHost . 633.It Cm MaxAuthTries 634Specifies the maximum number of authentication attempts permitted per 635connection. 636Once the number of failures reaches half this value, 637additional failures are logged. 638The default is 6. 639.It Cm MaxSessions 640Specifies the maximum number of open sessions permitted per network connection. 641The default is 10. 642.It Cm MaxStartups 643Specifies the maximum number of concurrent unauthenticated connections to the 644SSH daemon. 645Additional connections will be dropped until authentication succeeds or the 646.Cm LoginGraceTime 647expires for a connection. 648The default is 10. 649.Pp 650Alternatively, random early drop can be enabled by specifying 651the three colon separated values 652.Dq start:rate:full 653(e.g. "10:30:60"). 654.Xr sshd 8 655will refuse connection attempts with a probability of 656.Dq rate/100 657(30%) 658if there are currently 659.Dq start 660(10) 661unauthenticated connections. 662The probability increases linearly and all connection attempts 663are refused if the number of unauthenticated connections reaches 664.Dq full 665(60). 666.It Cm PasswordAuthentication 667Specifies whether password authentication is allowed. 668See also 669.Cm UsePAM . 670The default is 671.Dq no . 672.It Cm PermitEmptyPasswords 673When password authentication is allowed, it specifies whether the 674server allows login to accounts with empty password strings. 675The default is 676.Dq no . 677.It Cm PermitOpen 678Specifies the destinations to which TCP port forwarding is permitted. 679The forwarding specification must be one of the following forms: 680.Pp 681.Bl -item -offset indent -compact 682.It 683.Cm PermitOpen 684.Sm off 685.Ar host : port 686.Sm on 687.It 688.Cm PermitOpen 689.Sm off 690.Ar IPv4_addr : port 691.Sm on 692.It 693.Cm PermitOpen 694.Sm off 695.Ar \&[ IPv6_addr \&] : port 696.Sm on 697.El 698.Pp 699Multiple forwards may be specified by separating them with whitespace. 700An argument of 701.Dq any 702can be used to remove all restrictions and permit any forwarding requests. 703By default all port forwarding requests are permitted. 704.It Cm PermitRootLogin 705Specifies whether root can log in using 706.Xr ssh 1 . 707The argument must be 708.Dq yes , 709.Dq without-password , 710.Dq forced-commands-only , 711or 712.Dq no . 713The default is 714.Dq no . 715Note that if 716.Cm ChallengeResponseAuthentication 717is 718.Dq yes , 719the root user may be allowed in with its password even if 720.Cm PermitRootLogin is set to 721.Dq without-password . 722.Pp 723If this option is set to 724.Dq without-password , 725password authentication is disabled for root. 726.Pp 727If this option is set to 728.Dq forced-commands-only , 729root login with public key authentication will be allowed, 730but only if the 731.Ar command 732option has been specified 733(which may be useful for taking remote backups even if root login is 734normally not allowed). 735All other authentication methods are disabled for root. 736.Pp 737If this option is set to 738.Dq no , 739root is not allowed to log in. 740.It Cm PermitTunnel 741Specifies whether 742.Xr tun 4 743device forwarding is allowed. 744The argument must be 745.Dq yes , 746.Dq point-to-point 747(layer 3), 748.Dq ethernet 749(layer 2), or 750.Dq no . 751Specifying 752.Dq yes 753permits both 754.Dq point-to-point 755and 756.Dq ethernet . 757The default is 758.Dq no . 759.It Cm PermitUserEnvironment 760Specifies whether 761.Pa ~/.ssh/environment 762and 763.Cm environment= 764options in 765.Pa ~/.ssh/authorized_keys 766are processed by 767.Xr sshd 8 . 768The default is 769.Dq no . 770Enabling environment processing may enable users to bypass access 771restrictions in some configurations using mechanisms such as 772.Ev LD_PRELOAD . 773.It Cm PidFile 774Specifies the file that contains the process ID of the 775SSH daemon. 776The default is 777.Pa /var/run/sshd.pid . 778.It Cm Port 779Specifies the port number that 780.Xr sshd 8 781listens on. 782The default is 22. 783Multiple options of this type are permitted. 784See also 785.Cm ListenAddress . 786.It Cm PrintLastLog 787Specifies whether 788.Xr sshd 8 789should print the date and time of the last user login when a user logs 790in interactively. 791The default is 792.Dq yes . 793.It Cm PrintMotd 794Specifies whether 795.Xr sshd 8 796should print 797.Pa /etc/motd 798when a user logs in interactively. 799(On some systems it is also printed by the shell, 800.Pa /etc/profile , 801or equivalent.) 802The default is 803.Dq yes . 804.It Cm Protocol 805Specifies the protocol versions 806.Xr sshd 8 807supports. 808The possible values are 809.Sq 1 810and 811.Sq 2 . 812Multiple versions must be comma-separated. 813The default is 814.Sq 2 . 815Note that the order of the protocol list does not indicate preference, 816because the client selects among multiple protocol versions offered 817by the server. 818Specifying 819.Dq 2,1 820is identical to 821.Dq 1,2 . 822.It Cm PubkeyAuthentication 823Specifies whether public key authentication is allowed. 824The default is 825.Dq yes . 826Note that this option applies to protocol version 2 only. 827.It Cm RevokedKeys 828Specifies a list of revoked public keys. 829Keys listed in this file will be refused for public key authentication. 830Note that if this file is not readable, then public key authentication will 831be refused for all users. 832.It Cm RhostsRSAAuthentication 833Specifies whether rhosts or 834.Pa /etc/hosts.equiv 835authentication together 836with successful RSA host authentication is allowed. 837The default is 838.Dq no . 839This option applies to protocol version 1 only. 840.It Cm RSAAuthentication 841Specifies whether pure RSA authentication is allowed. 842The default is 843.Dq yes . 844This option applies to protocol version 1 only. 845.It Cm ServerKeyBits 846Defines the number of bits in the ephemeral protocol version 1 server key. 847The minimum value is 512, and the default is 1024. 848.It Cm StrictModes 849Specifies whether 850.Xr sshd 8 851should check file modes and ownership of the 852user's files and home directory before accepting login. 853This is normally desirable because novices sometimes accidentally leave their 854directory or files world-writable. 855The default is 856.Dq yes . 857Note that this does not apply to 858.Cm ChrootDirectory , 859whose permissions and ownership are checked unconditionally. 860.It Cm Subsystem 861Configures an external subsystem (e.g. file transfer daemon). 862Arguments should be a subsystem name and a command (with optional arguments) 863to execute upon subsystem request. 864.Pp 865The command 866.Xr sftp-server 8 867implements the 868.Dq sftp 869file transfer subsystem. 870.Pp 871Alternately the name 872.Dq internal-sftp 873implements an in-process 874.Dq sftp 875server. 876This may simplify configurations using 877.Cm ChrootDirectory 878to force a different filesystem root on clients. 879.Pp 880By default no subsystems are defined. 881Note that this option applies to protocol version 2 only. 882.It Cm SyslogFacility 883Gives the facility code that is used when logging messages from 884.Xr sshd 8 . 885The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 886LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 887The default is AUTH. 888.It Cm TCPKeepAlive 889Specifies whether the system should send TCP keepalive messages to the 890other side. 891If they are sent, death of the connection or crash of one 892of the machines will be properly noticed. 893However, this means that 894connections will die if the route is down temporarily, and some people 895find it annoying. 896On the other hand, if TCP keepalives are not sent, 897sessions may hang indefinitely on the server, leaving 898.Dq ghost 899users and consuming server resources. 900.Pp 901The default is 902.Dq yes 903(to send TCP keepalive messages), and the server will notice 904if the network goes down or the client host crashes. 905This avoids infinitely hanging sessions. 906.Pp 907To disable TCP keepalive messages, the value should be set to 908.Dq no . 909.It Cm TrustedUserCAKeys 910Specifies a file containing public keys of certificate authorities that are 911trusted to sign user certificates for authentication. 912Keys are listed one per line; empty lines and comments starting with 913.Ql # 914are allowed. 915If a certificate is presented for authentication and has its signing CA key 916listed in this file, then it may be used for authentication for any user 917listed in the certificate's principals list. 918Note that certificates that lack a list of principals will not be permitted 919for authentication using 920.Cm TrustedUserCAKeys . 921For more details on certificates, see the 922.Sx CERTIFICATES 923section in 924.Xr ssh-keygen 1 . 925.It Cm UseDNS 926Specifies whether 927.Xr sshd 8 928should look up the remote host name and check that 929the resolved host name for the remote IP address maps back to the 930very same IP address. 931The default is 932.Dq yes . 933.It Cm UseLogin 934Specifies whether 935.Xr login 1 936is used for interactive login sessions. 937The default is 938.Dq no . 939Note that 940.Xr login 1 941is never used for remote command execution. 942Note also, that if this is enabled, 943.Cm X11Forwarding 944will be disabled because 945.Xr login 1 946does not know how to handle 947.Xr xauth 1 948cookies. 949If 950.Cm UsePrivilegeSeparation 951is specified, it will be disabled after authentication. 952.It Cm UsePAM 953Enables the Pluggable Authentication Module interface. 954If set to 955.Dq yes 956this will enable PAM authentication using 957.Cm ChallengeResponseAuthentication 958and 959.Cm PasswordAuthentication 960in addition to PAM account and session module processing for all 961authentication types. 962.Pp 963Because PAM challenge-response authentication usually serves an equivalent 964role to password authentication, you should disable either 965.Cm PasswordAuthentication 966or 967.Cm ChallengeResponseAuthentication. 968.Pp 969If 970.Cm UsePAM 971is enabled, you will not be able to run 972.Xr sshd 8 973as a non-root user. 974The default is 975.Dq yes . 976.It Cm UsePrivilegeSeparation 977Specifies whether 978.Xr sshd 8 979separates privileges by creating an unprivileged child process 980to deal with incoming network traffic. 981After successful authentication, another process will be created that has 982the privilege of the authenticated user. 983The goal of privilege separation is to prevent privilege 984escalation by containing any corruption within the unprivileged processes. 985The default is 986.Dq yes . 987.It Cm VersionAddendum 988Specifies a string to append to the regular version string to identify 989OS- or site-specific modifications. 990The default is 991.Dq FreeBSD-20100428 . 992.It Cm X11DisplayOffset 993Specifies the first display number available for 994.Xr sshd 8 Ns 's 995X11 forwarding. 996This prevents sshd from interfering with real X11 servers. 997The default is 10. 998.It Cm X11Forwarding 999Specifies whether X11 forwarding is permitted. 1000The argument must be 1001.Dq yes 1002or 1003.Dq no . 1004The default is 1005.Dq yes . 1006.Pp 1007When X11 forwarding is enabled, there may be additional exposure to 1008the server and to client displays if the 1009.Xr sshd 8 1010proxy display is configured to listen on the wildcard address (see 1011.Cm X11UseLocalhost 1012below), though this is not the default. 1013Additionally, the authentication spoofing and authentication data 1014verification and substitution occur on the client side. 1015The security risk of using X11 forwarding is that the client's X11 1016display server may be exposed to attack when the SSH client requests 1017forwarding (see the warnings for 1018.Cm ForwardX11 1019in 1020.Xr ssh_config 5 ) . 1021A system administrator may have a stance in which they want to 1022protect clients that may expose themselves to attack by unwittingly 1023requesting X11 forwarding, which can warrant a 1024.Dq no 1025setting. 1026.Pp 1027Note that disabling X11 forwarding does not prevent users from 1028forwarding X11 traffic, as users can always install their own forwarders. 1029X11 forwarding is automatically disabled if 1030.Cm UseLogin 1031is enabled. 1032.It Cm X11UseLocalhost 1033Specifies whether 1034.Xr sshd 8 1035should bind the X11 forwarding server to the loopback address or to 1036the wildcard address. 1037By default, 1038sshd binds the forwarding server to the loopback address and sets the 1039hostname part of the 1040.Ev DISPLAY 1041environment variable to 1042.Dq localhost . 1043This prevents remote hosts from connecting to the proxy display. 1044However, some older X11 clients may not function with this 1045configuration. 1046.Cm X11UseLocalhost 1047may be set to 1048.Dq no 1049to specify that the forwarding server should be bound to the wildcard 1050address. 1051The argument must be 1052.Dq yes 1053or 1054.Dq no . 1055The default is 1056.Dq yes . 1057.It Cm XAuthLocation 1058Specifies the full pathname of the 1059.Xr xauth 1 1060program. 1061The default is 1062.Pa /usr/local/bin/xauth . 1063.El 1064.Sh TIME FORMATS 1065.Xr sshd 8 1066command-line arguments and configuration file options that specify time 1067may be expressed using a sequence of the form: 1068.Sm off 1069.Ar time Op Ar qualifier , 1070.Sm on 1071where 1072.Ar time 1073is a positive integer value and 1074.Ar qualifier 1075is one of the following: 1076.Pp 1077.Bl -tag -width Ds -compact -offset indent 1078.It Aq Cm none 1079seconds 1080.It Cm s | Cm S 1081seconds 1082.It Cm m | Cm M 1083minutes 1084.It Cm h | Cm H 1085hours 1086.It Cm d | Cm D 1087days 1088.It Cm w | Cm W 1089weeks 1090.El 1091.Pp 1092Each member of the sequence is added together to calculate 1093the total time value. 1094.Pp 1095Time format examples: 1096.Pp 1097.Bl -tag -width Ds -compact -offset indent 1098.It 600 1099600 seconds (10 minutes) 1100.It 10m 110110 minutes 1102.It 1h30m 11031 hour 30 minutes (90 minutes) 1104.El 1105.Sh FILES 1106.Bl -tag -width Ds 1107.It Pa /etc/ssh/sshd_config 1108Contains configuration data for 1109.Xr sshd 8 . 1110This file should be writable by root only, but it is recommended 1111(though not necessary) that it be world-readable. 1112.El 1113.Sh SEE ALSO 1114.Xr sshd 8 1115.Sh AUTHORS 1116OpenSSH is a derivative of the original and free 1117ssh 1.2.12 release by Tatu Ylonen. 1118Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 1119Theo de Raadt and Dug Song 1120removed many bugs, re-added newer features and 1121created OpenSSH. 1122Markus Friedl contributed the support for SSH 1123protocol versions 1.5 and 2.0. 1124Niels Provos and Markus Friedl contributed support 1125for privilege separation. 1126