1.\" -*- nroff -*- 2.\" 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5.\" All rights reserved 6.\" 7.\" As far as I am concerned, the code I have written for this software 8.\" can be used freely for any purpose. Any derived versions of this 9.\" software must be clearly marked as such, and if the derived work is 10.\" incompatible with the protocol description in the RFC file, it must be 11.\" called by a name other than "ssh" or "Secure Shell". 12.\" 13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 16.\" 17.\" Redistribution and use in source and binary forms, with or without 18.\" modification, are permitted provided that the following conditions 19.\" are met: 20.\" 1. Redistributions of source code must retain the above copyright 21.\" notice, this list of conditions and the following disclaimer. 22.\" 2. Redistributions in binary form must reproduce the above copyright 23.\" notice, this list of conditions and the following disclaimer in the 24.\" documentation and/or other materials provided with the distribution. 25.\" 26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" 37.\" $OpenBSD: sshd_config.5,v 1.102 2009/02/22 23:59:25 djm Exp $ 38.\" $FreeBSD$ 39.Dd February 22 2009 40.Dt SSHD_CONFIG 5 41.Os 42.Sh NAME 43.Nm sshd_config 44.Nd OpenSSH SSH daemon configuration file 45.Sh SYNOPSIS 46.Nm /etc/ssh/sshd_config 47.Sh DESCRIPTION 48.Xr sshd 8 49reads configuration data from 50.Pa /etc/ssh/sshd_config 51(or the file specified with 52.Fl f 53on the command line). 54The file contains keyword-argument pairs, one per line. 55Lines starting with 56.Ql # 57and empty lines are interpreted as comments. 58Arguments may optionally be enclosed in double quotes 59.Pq \&" 60in order to represent arguments containing spaces. 61.Pp 62The possible 63keywords and their meanings are as follows (note that 64keywords are case-insensitive and arguments are case-sensitive): 65.Bl -tag -width Ds 66.It Cm AcceptEnv 67Specifies what environment variables sent by the client will be copied into 68the session's 69.Xr environ 7 . 70See 71.Cm SendEnv 72in 73.Xr ssh_config 5 74for how to configure the client. 75Note that environment passing is only supported for protocol 2. 76Variables are specified by name, which may contain the wildcard characters 77.Ql * 78and 79.Ql \&? . 80Multiple environment variables may be separated by whitespace or spread 81across multiple 82.Cm AcceptEnv 83directives. 84Be warned that some environment variables could be used to bypass restricted 85user environments. 86For this reason, care should be taken in the use of this directive. 87The default is not to accept any environment variables. 88.It Cm AddressFamily 89Specifies which address family should be used by 90.Xr sshd 8 . 91Valid arguments are 92.Dq any , 93.Dq inet 94(use IPv4 only), or 95.Dq inet6 96(use IPv6 only). 97The default is 98.Dq any . 99.It Cm AllowAgentForwarding 100Specifies whether 101.Xr ssh-agent 1 102forwarding is permitted. 103The default is 104.Dq yes . 105Note that disabling agent forwarding does not improve security 106unless users are also denied shell access, as they can always install 107their own forwarders. 108.It Cm AllowGroups 109This keyword can be followed by a list of group name patterns, separated 110by spaces. 111If specified, login is allowed only for users whose primary 112group or supplementary group list matches one of the patterns. 113Only group names are valid; a numerical group ID is not recognized. 114By default, login is allowed for all groups. 115The allow/deny directives are processed in the following order: 116.Cm DenyUsers , 117.Cm AllowUsers , 118.Cm DenyGroups , 119and finally 120.Cm AllowGroups . 121.Pp 122See 123.Sx PATTERNS 124in 125.Xr ssh_config 5 126for more information on patterns. 127.It Cm AllowTcpForwarding 128Specifies whether TCP forwarding is permitted. 129The default is 130.Dq yes . 131Note that disabling TCP forwarding does not improve security unless 132users are also denied shell access, as they can always install their 133own forwarders. 134.It Cm AllowUsers 135This keyword can be followed by a list of user name patterns, separated 136by spaces. 137If specified, login is allowed only for user names that 138match one of the patterns. 139Only user names are valid; a numerical user ID is not recognized. 140By default, login is allowed for all users. 141If the pattern takes the form USER@HOST then USER and HOST 142are separately checked, restricting logins to particular 143users from particular hosts. 144The allow/deny directives are processed in the following order: 145.Cm DenyUsers , 146.Cm AllowUsers , 147.Cm DenyGroups , 148and finally 149.Cm AllowGroups . 150.Pp 151See 152.Sx PATTERNS 153in 154.Xr ssh_config 5 155for more information on patterns. 156.It Cm AuthorizedKeysFile 157Specifies the file that contains the public keys that can be used 158for user authentication. 159.Cm AuthorizedKeysFile 160may contain tokens of the form %T which are substituted during connection 161setup. 162The following tokens are defined: %% is replaced by a literal '%', 163%h is replaced by the home directory of the user being authenticated, and 164%u is replaced by the username of that user. 165After expansion, 166.Cm AuthorizedKeysFile 167is taken to be an absolute path or one relative to the user's home 168directory. 169The default is 170.Dq .ssh/authorized_keys . 171.It Cm Banner 172The contents of the specified file are sent to the remote user before 173authentication is allowed. 174If the argument is 175.Dq none 176then no banner is displayed. 177This option is only available for protocol version 2. 178By default, no banner is displayed. 179.It Cm ChallengeResponseAuthentication 180Specifies whether challenge-response authentication is allowed. 181See also 182.Cm UsePAM . 183The default is 184.Dq yes . 185.It Cm ChrootDirectory 186Specifies a path to 187.Xr chroot 2 188to after authentication. 189This path, and all its components, must be root-owned directories that are 190not writable by any other user or group. 191.Pp 192The path may contain the following tokens that are expanded at runtime once 193the connecting user has been authenticated: %% is replaced by a literal '%', 194%h is replaced by the home directory of the user being authenticated, and 195%u is replaced by the username of that user. 196.Pp 197The 198.Cm ChrootDirectory 199must contain the necessary files and directories to support the 200users' session. 201For an interactive session this requires at least a shell, typically 202.Xr sh 1 , 203and basic 204.Pa /dev 205nodes such as 206.Xr null 4 , 207.Xr zero 4 , 208.Xr stdin 4 , 209.Xr stdout 4 , 210.Xr stderr 4 , 211.Xr arandom 4 212and 213.Xr tty 4 214devices. 215For file transfer sessions using 216.Dq sftp , 217no additional configuration of the environment is necessary if the 218in-process sftp server is used (see 219.Cm Subsystem 220for details). 221.Pp 222The default is not to 223.Xr chroot 2 . 224.It Cm Ciphers 225Specifies the ciphers allowed for protocol version 2. 226Multiple ciphers must be comma-separated. 227The supported ciphers are 228.Dq 3des-cbc , 229.Dq aes128-cbc , 230.Dq aes192-cbc , 231.Dq aes256-cbc , 232.Dq aes128-ctr , 233.Dq aes192-ctr , 234.Dq aes256-ctr , 235.Dq arcfour128 , 236.Dq arcfour256 , 237.Dq arcfour , 238.Dq blowfish-cbc , 239and 240.Dq cast128-cbc . 241The default is: 242.Bd -literal -offset 3n 243aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, 244aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, 245aes256-cbc,arcfour 246.Ed 247.It Cm ClientAliveCountMax 248Sets the number of client alive messages (see below) which may be 249sent without 250.Xr sshd 8 251receiving any messages back from the client. 252If this threshold is reached while client alive messages are being sent, 253sshd will disconnect the client, terminating the session. 254It is important to note that the use of client alive messages is very 255different from 256.Cm TCPKeepAlive 257(below). 258The client alive messages are sent through the encrypted channel 259and therefore will not be spoofable. 260The TCP keepalive option enabled by 261.Cm TCPKeepAlive 262is spoofable. 263The client alive mechanism is valuable when the client or 264server depend on knowing when a connection has become inactive. 265.Pp 266The default value is 3. 267If 268.Cm ClientAliveInterval 269(see below) is set to 15, and 270.Cm ClientAliveCountMax 271is left at the default, unresponsive SSH clients 272will be disconnected after approximately 45 seconds. 273This option applies to protocol version 2 only. 274.It Cm ClientAliveInterval 275Sets a timeout interval in seconds after which if no data has been received 276from the client, 277.Xr sshd 8 278will send a message through the encrypted 279channel to request a response from the client. 280The default 281is 0, indicating that these messages will not be sent to the client. 282This option applies to protocol version 2 only. 283.It Cm Compression 284Specifies whether compression is allowed, or delayed until 285the user has authenticated successfully. 286The argument must be 287.Dq yes , 288.Dq delayed , 289or 290.Dq no . 291The default is 292.Dq delayed . 293.It Cm DenyGroups 294This keyword can be followed by a list of group name patterns, separated 295by spaces. 296Login is disallowed for users whose primary group or supplementary 297group list matches one of the patterns. 298Only group names are valid; a numerical group ID is not recognized. 299By default, login is allowed for all groups. 300The allow/deny directives are processed in the following order: 301.Cm DenyUsers , 302.Cm AllowUsers , 303.Cm DenyGroups , 304and finally 305.Cm AllowGroups . 306.Pp 307See 308.Sx PATTERNS 309in 310.Xr ssh_config 5 311for more information on patterns. 312.It Cm DenyUsers 313This keyword can be followed by a list of user name patterns, separated 314by spaces. 315Login is disallowed for user names that match one of the patterns. 316Only user names are valid; a numerical user ID is not recognized. 317By default, login is allowed for all users. 318If the pattern takes the form USER@HOST then USER and HOST 319are separately checked, restricting logins to particular 320users from particular hosts. 321The allow/deny directives are processed in the following order: 322.Cm DenyUsers , 323.Cm AllowUsers , 324.Cm DenyGroups , 325and finally 326.Cm AllowGroups . 327.Pp 328See 329.Sx PATTERNS 330in 331.Xr ssh_config 5 332for more information on patterns. 333.It Cm ForceCommand 334Forces the execution of the command specified by 335.Cm ForceCommand , 336ignoring any command supplied by the client and 337.Pa ~/.ssh/rc 338if present. 339The command is invoked by using the user's login shell with the -c option. 340This applies to shell, command, or subsystem execution. 341It is most useful inside a 342.Cm Match 343block. 344The command originally supplied by the client is available in the 345.Ev SSH_ORIGINAL_COMMAND 346environment variable. 347Specifying a command of 348.Dq internal-sftp 349will force the use of an in-process sftp server that requires no support 350files when used with 351.Cm ChrootDirectory . 352.It Cm GatewayPorts 353Specifies whether remote hosts are allowed to connect to ports 354forwarded for the client. 355By default, 356.Xr sshd 8 357binds remote port forwardings to the loopback address. 358This prevents other remote hosts from connecting to forwarded ports. 359.Cm GatewayPorts 360can be used to specify that sshd 361should allow remote port forwardings to bind to non-loopback addresses, thus 362allowing other hosts to connect. 363The argument may be 364.Dq no 365to force remote port forwardings to be available to the local host only, 366.Dq yes 367to force remote port forwardings to bind to the wildcard address, or 368.Dq clientspecified 369to allow the client to select the address to which the forwarding is bound. 370The default is 371.Dq no . 372.It Cm GSSAPIAuthentication 373Specifies whether user authentication based on GSSAPI is allowed. 374The default is 375.Dq no . 376Note that this option applies to protocol version 2 only. 377.It Cm GSSAPICleanupCredentials 378Specifies whether to automatically destroy the user's credentials cache 379on logout. 380The default is 381.Dq yes . 382Note that this option applies to protocol version 2 only. 383.It Cm HostbasedAuthentication 384Specifies whether rhosts or /etc/hosts.equiv authentication together 385with successful public key client host authentication is allowed 386(host-based authentication). 387This option is similar to 388.Cm RhostsRSAAuthentication 389and applies to protocol version 2 only. 390The default is 391.Dq no . 392.It Cm HostbasedUsesNameFromPacketOnly 393Specifies whether or not the server will attempt to perform a reverse 394name lookup when matching the name in the 395.Pa ~/.shosts , 396.Pa ~/.rhosts , 397and 398.Pa /etc/hosts.equiv 399files during 400.Cm HostbasedAuthentication . 401A setting of 402.Dq yes 403means that 404.Xr sshd 8 405uses the name supplied by the client rather than 406attempting to resolve the name from the TCP connection itself. 407The default is 408.Dq no . 409.It Cm HostKey 410Specifies a file containing a private host key 411used by SSH. 412The default is 413.Pa /etc/ssh/ssh_host_key 414for protocol version 1, and 415.Pa /etc/ssh/ssh_host_rsa_key 416and 417.Pa /etc/ssh/ssh_host_dsa_key 418for protocol version 2. 419Note that 420.Xr sshd 8 421will refuse to use a file if it is group/world-accessible. 422It is possible to have multiple host key files. 423.Dq rsa1 424keys are used for version 1 and 425.Dq dsa 426or 427.Dq rsa 428are used for version 2 of the SSH protocol. 429.It Cm IgnoreRhosts 430Specifies that 431.Pa .rhosts 432and 433.Pa .shosts 434files will not be used in 435.Cm RhostsRSAAuthentication 436or 437.Cm HostbasedAuthentication . 438.Pp 439.Pa /etc/hosts.equiv 440and 441.Pa /etc/ssh/shosts.equiv 442are still used. 443The default is 444.Dq yes . 445.It Cm IgnoreUserKnownHosts 446Specifies whether 447.Xr sshd 8 448should ignore the user's 449.Pa ~/.ssh/known_hosts 450during 451.Cm RhostsRSAAuthentication 452or 453.Cm HostbasedAuthentication . 454The default is 455.Dq no . 456.It Cm KerberosAuthentication 457Specifies whether the password provided by the user for 458.Cm PasswordAuthentication 459will be validated through the Kerberos KDC. 460To use this option, the server needs a 461Kerberos servtab which allows the verification of the KDC's identity. 462The default is 463.Dq no . 464.It Cm KerberosGetAFSToken 465If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire 466an AFS token before accessing the user's home directory. 467The default is 468.Dq no . 469.It Cm KerberosOrLocalPasswd 470If password authentication through Kerberos fails then 471the password will be validated via any additional local mechanism 472such as 473.Pa /etc/passwd . 474The default is 475.Dq yes . 476.It Cm KerberosTicketCleanup 477Specifies whether to automatically destroy the user's ticket cache 478file on logout. 479The default is 480.Dq yes . 481.It Cm KeyRegenerationInterval 482In protocol version 1, the ephemeral server key is automatically regenerated 483after this many seconds (if it has been used). 484The purpose of regeneration is to prevent 485decrypting captured sessions by later breaking into the machine and 486stealing the keys. 487The key is never stored anywhere. 488If the value is 0, the key is never regenerated. 489The default is 3600 (seconds). 490.It Cm ListenAddress 491Specifies the local addresses 492.Xr sshd 8 493should listen on. 494The following forms may be used: 495.Pp 496.Bl -item -offset indent -compact 497.It 498.Cm ListenAddress 499.Sm off 500.Ar host No | Ar IPv4_addr No | Ar IPv6_addr 501.Sm on 502.It 503.Cm ListenAddress 504.Sm off 505.Ar host No | Ar IPv4_addr No : Ar port 506.Sm on 507.It 508.Cm ListenAddress 509.Sm off 510.Oo 511.Ar host No | Ar IPv6_addr Oc : Ar port 512.Sm on 513.El 514.Pp 515If 516.Ar port 517is not specified, 518sshd will listen on the address and all prior 519.Cm Port 520options specified. 521The default is to listen on all local addresses. 522Multiple 523.Cm ListenAddress 524options are permitted. 525Additionally, any 526.Cm Port 527options must precede this option for non-port qualified addresses. 528.It Cm LoginGraceTime 529The server disconnects after this time if the user has not 530successfully logged in. 531If the value is 0, there is no time limit. 532The default is 120 seconds. 533.It Cm LogLevel 534Gives the verbosity level that is used when logging messages from 535.Xr sshd 8 . 536The possible values are: 537QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 538The default is INFO. 539DEBUG and DEBUG1 are equivalent. 540DEBUG2 and DEBUG3 each specify higher levels of debugging output. 541Logging with a DEBUG level violates the privacy of users and is not recommended. 542.It Cm MACs 543Specifies the available MAC (message authentication code) algorithms. 544The MAC algorithm is used in protocol version 2 545for data integrity protection. 546Multiple algorithms must be comma-separated. 547The default is: 548.Bd -literal -offset indent 549hmac-md5,hmac-sha1,umac-64@openssh.com, 550hmac-ripemd160,hmac-sha1-96,hmac-md5-96 551.Ed 552.It Cm Match 553Introduces a conditional block. 554If all of the criteria on the 555.Cm Match 556line are satisfied, the keywords on the following lines override those 557set in the global section of the config file, until either another 558.Cm Match 559line or the end of the file. 560.Pp 561The arguments to 562.Cm Match 563are one or more criteria-pattern pairs. 564The available criteria are 565.Cm User , 566.Cm Group , 567.Cm Host , 568and 569.Cm Address . 570The match patterns may consist of single entries or comma-separated 571lists and may use the wildcard and negation operators described in the 572.Sx PATTERNS 573section of 574.Xr ssh_config 5 . 575.Pp 576The patterns in an 577.Cm Address 578criteria may additionally contain addresses to match in CIDR 579address/masklen format, e.g.\& 580.Dq 192.0.2.0/24 581or 582.Dq 3ffe:ffff::/32 . 583Note that the mask length provided must be consistent with the address - 584it is an error to specify a mask length that is too long for the address 585or one with bits set in this host portion of the address. 586For example, 587.Dq 192.0.2.0/33 588and 589.Dq 192.0.2.0/8 590respectively. 591.Pp 592Only a subset of keywords may be used on the lines following a 593.Cm Match 594keyword. 595Available keywords are 596.Cm AllowAgentForwarding , 597.Cm AllowTcpForwarding , 598.Cm Banner , 599.Cm ChrootDirectory , 600.Cm ForceCommand , 601.Cm GatewayPorts , 602.Cm GSSAPIAuthentication , 603.Cm HostbasedAuthentication , 604.Cm KbdInteractiveAuthentication , 605.Cm KerberosAuthentication , 606.Cm MaxAuthTries , 607.Cm MaxSessions , 608.Cm PasswordAuthentication , 609.Cm PermitEmptyPasswords , 610.Cm PermitOpen , 611.Cm PermitRootLogin , 612.Cm RhostsRSAAuthentication , 613.Cm RSAAuthentication , 614.Cm X11DisplayOffset , 615.Cm X11Forwarding 616and 617.Cm X11UseLocalHost . 618.It Cm MaxAuthTries 619Specifies the maximum number of authentication attempts permitted per 620connection. 621Once the number of failures reaches half this value, 622additional failures are logged. 623The default is 6. 624.It Cm MaxSessions 625Specifies the maximum number of open sessions permitted per network connection. 626The default is 10. 627.It Cm MaxStartups 628Specifies the maximum number of concurrent unauthenticated connections to the 629SSH daemon. 630Additional connections will be dropped until authentication succeeds or the 631.Cm LoginGraceTime 632expires for a connection. 633The default is 10. 634.Pp 635Alternatively, random early drop can be enabled by specifying 636the three colon separated values 637.Dq start:rate:full 638(e.g. "10:30:60"). 639.Xr sshd 8 640will refuse connection attempts with a probability of 641.Dq rate/100 642(30%) 643if there are currently 644.Dq start 645(10) 646unauthenticated connections. 647The probability increases linearly and all connection attempts 648are refused if the number of unauthenticated connections reaches 649.Dq full 650(60). 651.It Cm PasswordAuthentication 652Specifies whether password authentication is allowed. 653See also 654.Cm UsePAM . 655The default is 656.Dq no . 657.It Cm PermitEmptyPasswords 658When password authentication is allowed, it specifies whether the 659server allows login to accounts with empty password strings. 660The default is 661.Dq no . 662.It Cm PermitOpen 663Specifies the destinations to which TCP port forwarding is permitted. 664The forwarding specification must be one of the following forms: 665.Pp 666.Bl -item -offset indent -compact 667.It 668.Cm PermitOpen 669.Sm off 670.Ar host : port 671.Sm on 672.It 673.Cm PermitOpen 674.Sm off 675.Ar IPv4_addr : port 676.Sm on 677.It 678.Cm PermitOpen 679.Sm off 680.Ar \&[ IPv6_addr \&] : port 681.Sm on 682.El 683.Pp 684Multiple forwards may be specified by separating them with whitespace. 685An argument of 686.Dq any 687can be used to remove all restrictions and permit any forwarding requests. 688By default all port forwarding requests are permitted. 689.It Cm PermitRootLogin 690Specifies whether root can log in using 691.Xr ssh 1 . 692The argument must be 693.Dq yes , 694.Dq without-password , 695.Dq forced-commands-only , 696or 697.Dq no . 698The default is 699.Dq no . 700Note that if 701.Cm ChallengeResponseAuthentication 702is 703.Dq yes , 704the root user may be allowed in with its password even if 705.Cm PermitRootLogin is set to 706.Dq without-password . 707.Pp 708If this option is set to 709.Dq without-password , 710password authentication is disabled for root. 711.Pp 712If this option is set to 713.Dq forced-commands-only , 714root login with public key authentication will be allowed, 715but only if the 716.Ar command 717option has been specified 718(which may be useful for taking remote backups even if root login is 719normally not allowed). 720All other authentication methods are disabled for root. 721.Pp 722If this option is set to 723.Dq no , 724root is not allowed to log in. 725.It Cm PermitTunnel 726Specifies whether 727.Xr tun 4 728device forwarding is allowed. 729The argument must be 730.Dq yes , 731.Dq point-to-point 732(layer 3), 733.Dq ethernet 734(layer 2), or 735.Dq no . 736Specifying 737.Dq yes 738permits both 739.Dq point-to-point 740and 741.Dq ethernet . 742The default is 743.Dq no . 744.It Cm PermitUserEnvironment 745Specifies whether 746.Pa ~/.ssh/environment 747and 748.Cm environment= 749options in 750.Pa ~/.ssh/authorized_keys 751are processed by 752.Xr sshd 8 . 753The default is 754.Dq no . 755Enabling environment processing may enable users to bypass access 756restrictions in some configurations using mechanisms such as 757.Ev LD_PRELOAD . 758.It Cm PidFile 759Specifies the file that contains the process ID of the 760SSH daemon. 761The default is 762.Pa /var/run/sshd.pid . 763.It Cm Port 764Specifies the port number that 765.Xr sshd 8 766listens on. 767The default is 22. 768Multiple options of this type are permitted. 769See also 770.Cm ListenAddress . 771.It Cm PrintLastLog 772Specifies whether 773.Xr sshd 8 774should print the date and time of the last user login when a user logs 775in interactively. 776The default is 777.Dq yes . 778.It Cm PrintMotd 779Specifies whether 780.Xr sshd 8 781should print 782.Pa /etc/motd 783when a user logs in interactively. 784(On some systems it is also printed by the shell, 785.Pa /etc/profile , 786or equivalent.) 787The default is 788.Dq yes . 789.It Cm Protocol 790Specifies the protocol versions 791.Xr sshd 8 792supports. 793The possible values are 794.Sq 1 795and 796.Sq 2 . 797Multiple versions must be comma-separated. 798The default is 799.Dq 2 . 800Note that the order of the protocol list does not indicate preference, 801because the client selects among multiple protocol versions offered 802by the server. 803Specifying 804.Dq 2,1 805is identical to 806.Dq 1,2 . 807.It Cm PubkeyAuthentication 808Specifies whether public key authentication is allowed. 809The default is 810.Dq yes . 811Note that this option applies to protocol version 2 only. 812.It Cm RhostsRSAAuthentication 813Specifies whether rhosts or 814.Pa /etc/hosts.equiv 815authentication together 816with successful RSA host authentication is allowed. 817The default is 818.Dq no . 819This option applies to protocol version 1 only. 820.It Cm RSAAuthentication 821Specifies whether pure RSA authentication is allowed. 822The default is 823.Dq yes . 824This option applies to protocol version 1 only. 825.It Cm ServerKeyBits 826Defines the number of bits in the ephemeral protocol version 1 server key. 827The minimum value is 512, and the default is 1024. 828.It Cm StrictModes 829Specifies whether 830.Xr sshd 8 831should check file modes and ownership of the 832user's files and home directory before accepting login. 833This is normally desirable because novices sometimes accidentally leave their 834directory or files world-writable. 835The default is 836.Dq yes . 837.It Cm Subsystem 838Configures an external subsystem (e.g. file transfer daemon). 839Arguments should be a subsystem name and a command (with optional arguments) 840to execute upon subsystem request. 841.Pp 842The command 843.Xr sftp-server 8 844implements the 845.Dq sftp 846file transfer subsystem. 847.Pp 848Alternately the name 849.Dq internal-sftp 850implements an in-process 851.Dq sftp 852server. 853This may simplify configurations using 854.Cm ChrootDirectory 855to force a different filesystem root on clients. 856.Pp 857By default no subsystems are defined. 858Note that this option applies to protocol version 2 only. 859.It Cm SyslogFacility 860Gives the facility code that is used when logging messages from 861.Xr sshd 8 . 862The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 863LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 864The default is AUTH. 865.It Cm TCPKeepAlive 866Specifies whether the system should send TCP keepalive messages to the 867other side. 868If they are sent, death of the connection or crash of one 869of the machines will be properly noticed. 870However, this means that 871connections will die if the route is down temporarily, and some people 872find it annoying. 873On the other hand, if TCP keepalives are not sent, 874sessions may hang indefinitely on the server, leaving 875.Dq ghost 876users and consuming server resources. 877.Pp 878The default is 879.Dq yes 880(to send TCP keepalive messages), and the server will notice 881if the network goes down or the client host crashes. 882This avoids infinitely hanging sessions. 883.Pp 884To disable TCP keepalive messages, the value should be set to 885.Dq no . 886.It Cm UseDNS 887Specifies whether 888.Xr sshd 8 889should look up the remote host name and check that 890the resolved host name for the remote IP address maps back to the 891very same IP address. 892The default is 893.Dq yes . 894.It Cm UseLogin 895Specifies whether 896.Xr login 1 897is used for interactive login sessions. 898The default is 899.Dq no . 900Note that 901.Xr login 1 902is never used for remote command execution. 903Note also, that if this is enabled, 904.Cm X11Forwarding 905will be disabled because 906.Xr login 1 907does not know how to handle 908.Xr xauth 1 909cookies. 910If 911.Cm UsePrivilegeSeparation 912is specified, it will be disabled after authentication. 913.It Cm UsePAM 914Enables the Pluggable Authentication Module interface. 915If set to 916.Dq yes 917this will enable PAM authentication using 918.Cm ChallengeResponseAuthentication 919and 920.Cm PasswordAuthentication 921in addition to PAM account and session module processing for all 922authentication types. 923.Pp 924Because PAM challenge-response authentication usually serves an equivalent 925role to password authentication, you should disable either 926.Cm PasswordAuthentication 927or 928.Cm ChallengeResponseAuthentication. 929.Pp 930If 931.Cm UsePAM 932is enabled, you will not be able to run 933.Xr sshd 8 934as a non-root user. 935The default is 936.Dq yes . 937.It Cm UsePrivilegeSeparation 938Specifies whether 939.Xr sshd 8 940separates privileges by creating an unprivileged child process 941to deal with incoming network traffic. 942After successful authentication, another process will be created that has 943the privilege of the authenticated user. 944The goal of privilege separation is to prevent privilege 945escalation by containing any corruption within the unprivileged processes. 946The default is 947.Dq yes . 948.It Cm VersionAddendum 949Specifies a string to append to the regular version string to identify 950OS- or site-specific modifications. 951The default is 952.Dq FreeBSD-20090522 . 953.It Cm X11DisplayOffset 954Specifies the first display number available for 955.Xr sshd 8 Ns 's 956X11 forwarding. 957This prevents sshd from interfering with real X11 servers. 958The default is 10. 959.It Cm X11Forwarding 960Specifies whether X11 forwarding is permitted. 961The argument must be 962.Dq yes 963or 964.Dq no . 965The default is 966.Dq yes . 967.Pp 968When X11 forwarding is enabled, there may be additional exposure to 969the server and to client displays if the 970.Xr sshd 8 971proxy display is configured to listen on the wildcard address (see 972.Cm X11UseLocalhost 973below), though this is not the default. 974Additionally, the authentication spoofing and authentication data 975verification and substitution occur on the client side. 976The security risk of using X11 forwarding is that the client's X11 977display server may be exposed to attack when the SSH client requests 978forwarding (see the warnings for 979.Cm ForwardX11 980in 981.Xr ssh_config 5 ) . 982A system administrator may have a stance in which they want to 983protect clients that may expose themselves to attack by unwittingly 984requesting X11 forwarding, which can warrant a 985.Dq no 986setting. 987.Pp 988Note that disabling X11 forwarding does not prevent users from 989forwarding X11 traffic, as users can always install their own forwarders. 990X11 forwarding is automatically disabled if 991.Cm UseLogin 992is enabled. 993.It Cm X11UseLocalhost 994Specifies whether 995.Xr sshd 8 996should bind the X11 forwarding server to the loopback address or to 997the wildcard address. 998By default, 999sshd binds the forwarding server to the loopback address and sets the 1000hostname part of the 1001.Ev DISPLAY 1002environment variable to 1003.Dq localhost . 1004This prevents remote hosts from connecting to the proxy display. 1005However, some older X11 clients may not function with this 1006configuration. 1007.Cm X11UseLocalhost 1008may be set to 1009.Dq no 1010to specify that the forwarding server should be bound to the wildcard 1011address. 1012The argument must be 1013.Dq yes 1014or 1015.Dq no . 1016The default is 1017.Dq yes . 1018.It Cm XAuthLocation 1019Specifies the full pathname of the 1020.Xr xauth 1 1021program. 1022The default is 1023.Pa /usr/local/bin/xauth . 1024.El 1025.Sh TIME FORMATS 1026.Xr sshd 8 1027command-line arguments and configuration file options that specify time 1028may be expressed using a sequence of the form: 1029.Sm off 1030.Ar time Op Ar qualifier , 1031.Sm on 1032where 1033.Ar time 1034is a positive integer value and 1035.Ar qualifier 1036is one of the following: 1037.Pp 1038.Bl -tag -width Ds -compact -offset indent 1039.It Aq Cm none 1040seconds 1041.It Cm s | Cm S 1042seconds 1043.It Cm m | Cm M 1044minutes 1045.It Cm h | Cm H 1046hours 1047.It Cm d | Cm D 1048days 1049.It Cm w | Cm W 1050weeks 1051.El 1052.Pp 1053Each member of the sequence is added together to calculate 1054the total time value. 1055.Pp 1056Time format examples: 1057.Pp 1058.Bl -tag -width Ds -compact -offset indent 1059.It 600 1060600 seconds (10 minutes) 1061.It 10m 106210 minutes 1063.It 1h30m 10641 hour 30 minutes (90 minutes) 1065.El 1066.Sh FILES 1067.Bl -tag -width Ds 1068.It Pa /etc/ssh/sshd_config 1069Contains configuration data for 1070.Xr sshd 8 . 1071This file should be writable by root only, but it is recommended 1072(though not necessary) that it be world-readable. 1073.El 1074.Sh SEE ALSO 1075.Xr sshd 8 1076.Sh AUTHORS 1077OpenSSH is a derivative of the original and free 1078ssh 1.2.12 release by Tatu Ylonen. 1079Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 1080Theo de Raadt and Dug Song 1081removed many bugs, re-added newer features and 1082created OpenSSH. 1083Markus Friedl contributed the support for SSH 1084protocol versions 1.5 and 2.0. 1085Niels Provos and Markus Friedl contributed support 1086for privilege separation. 1087