1.\" -*- nroff -*- 2.\" 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5.\" All rights reserved 6.\" 7.\" As far as I am concerned, the code I have written for this software 8.\" can be used freely for any purpose. Any derived versions of this 9.\" software must be clearly marked as such, and if the derived work is 10.\" incompatible with the protocol description in the RFC file, it must be 11.\" called by a name other than "ssh" or "Secure Shell". 12.\" 13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 16.\" 17.\" Redistribution and use in source and binary forms, with or without 18.\" modification, are permitted provided that the following conditions 19.\" are met: 20.\" 1. Redistributions of source code must retain the above copyright 21.\" notice, this list of conditions and the following disclaimer. 22.\" 2. Redistributions in binary form must reproduce the above copyright 23.\" notice, this list of conditions and the following disclaimer in the 24.\" documentation and/or other materials provided with the distribution. 25.\" 26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" 37.\" $OpenBSD: sshd_config.5,v 1.4 2002/06/22 16:45:29 stevesk Exp $ 38.\" $FreeBSD$ 39.Dd September 25, 1999 40.Dt SSHD_CONFIG 5 41.Os 42.Sh NAME 43.Nm sshd_config 44.Nd OpenSSH SSH daemon configuration file 45.Sh SYNOPSIS 46.Bl -tag -width Ds -compact 47.It Pa /etc/ssh/sshd_config 48.El 49.Sh DESCRIPTION 50.Nm sshd 51reads configuration data from 52.Pa /etc/ssh/sshd_config 53(or the file specified with 54.Fl f 55on the command line). 56The file contains keyword-argument pairs, one per line. 57Lines starting with 58.Ql # 59and empty lines are interpreted as comments. 60.Pp 61The possible 62keywords and their meanings are as follows (note that 63keywords are case-insensitive and arguments are case-sensitive): 64.Bl -tag -width Ds 65.It Cm AFSTokenPassing 66Specifies whether an AFS token may be forwarded to the server. 67Default is 68.Dq no . 69.It Cm AllowGroups 70This keyword can be followed by a list of group name patterns, separated 71by spaces. 72If specified, login is allowed only for users whose primary 73group or supplementary group list matches one of the patterns. 74.Ql \&* 75and 76.Ql ? 77can be used as 78wildcards in the patterns. 79Only group names are valid; a numerical group ID is not recognized. 80By default, login is allowed for all groups. 81.Pp 82.It Cm AllowTcpForwarding 83Specifies whether TCP forwarding is permitted. 84The default is 85.Dq yes . 86Note that disabling TCP forwarding does not improve security unless 87users are also denied shell access, as they can always install their 88own forwarders. 89.Pp 90.It Cm AllowUsers 91This keyword can be followed by a list of user name patterns, separated 92by spaces. 93If specified, login is allowed only for users names that 94match one of the patterns. 95.Ql \&* 96and 97.Ql ? 98can be used as 99wildcards in the patterns. 100Only user names are valid; a numerical user ID is not recognized. 101By default, login is allowed for all users. 102If the pattern takes the form USER@HOST then USER and HOST 103are separately checked, restricting logins to particular 104users from particular hosts. 105.Pp 106.It Cm AuthorizedKeysFile 107Specifies the file that contains the public keys that can be used 108for user authentication. 109.Cm AuthorizedKeysFile 110may contain tokens of the form %T which are substituted during connection 111set-up. The following tokens are defined: %% is replaced by a literal '%', 112%h is replaced by the home directory of the user being authenticated and 113%u is replaced by the username of that user. 114After expansion, 115.Cm AuthorizedKeysFile 116is taken to be an absolute path or one relative to the user's home 117directory. 118The default is 119.Dq .ssh/authorized_keys . 120.It Cm Banner 121In some jurisdictions, sending a warning message before authentication 122may be relevant for getting legal protection. 123The contents of the specified file are sent to the remote user before 124authentication is allowed. 125This option is only available for protocol version 2. 126By default, no banner is displayed. 127.Pp 128.It Cm ChallengeResponseAuthentication 129Specifies whether challenge response authentication is allowed. 130All authentication styles from 131.Xr login.conf 5 132are supported. 133The default is 134.Dq yes . 135.It Cm Ciphers 136Specifies the ciphers allowed for protocol version 2. 137Multiple ciphers must be comma-separated. 138The default is 139.Pp 140.Bd -literal 141 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, 142 aes192-cbc,aes256-cbc'' 143.Ed 144.It Cm ClientAliveInterval 145Sets a timeout interval in seconds after which if no data has been received 146from the client, 147.Nm sshd 148will send a message through the encrypted 149channel to request a response from the client. 150The default 151is 0, indicating that these messages will not be sent to the client. 152This option applies to protocol version 2 only. 153.It Cm ClientAliveCountMax 154Sets the number of client alive messages (see above) which may be 155sent without 156.Nm sshd 157receiving any messages back from the client. If this threshold is 158reached while client alive messages are being sent, 159.Nm sshd 160will disconnect the client, terminating the session. It is important 161to note that the use of client alive messages is very different from 162.Cm KeepAlive 163(below). The client alive messages are sent through the 164encrypted channel and therefore will not be spoofable. The TCP keepalive 165option enabled by 166.Cm KeepAlive 167is spoofable. The client alive mechanism is valuable when the client or 168server depend on knowing when a connection has become inactive. 169.Pp 170The default value is 3. If 171.Cm ClientAliveInterval 172(above) is set to 15, and 173.Cm ClientAliveCountMax 174is left at the default, unresponsive ssh clients 175will be disconnected after approximately 45 seconds. 176.It Cm Compression 177Specifies whether compression is allowed. 178The argument must be 179.Dq yes 180or 181.Dq no . 182The default is 183.Dq yes . 184.It Cm DenyGroups 185This keyword can be followed by a list of group name patterns, separated 186by spaces. 187Login is disallowed for users whose primary group or supplementary 188group list matches one of the patterns. 189.Ql \&* 190and 191.Ql ? 192can be used as 193wildcards in the patterns. 194Only group names are valid; a numerical group ID is not recognized. 195By default, login is allowed for all groups. 196.Pp 197.It Cm DenyUsers 198This keyword can be followed by a list of user name patterns, separated 199by spaces. 200Login is disallowed for user names that match one of the patterns. 201.Ql \&* 202and 203.Ql ? 204can be used as wildcards in the patterns. 205Only user names are valid; a numerical user ID is not recognized. 206By default, login is allowed for all users. 207If the pattern takes the form USER@HOST then USER and HOST 208are separately checked, restricting logins to particular 209users from particular hosts. 210.It Cm GatewayPorts 211Specifies whether remote hosts are allowed to connect to ports 212forwarded for the client. 213By default, 214.Nm sshd 215binds remote port forwardings to the loopback address. This 216prevents other remote hosts from connecting to forwarded ports. 217.Cm GatewayPorts 218can be used to specify that 219.Nm sshd 220should bind remote port forwardings to the wildcard address, 221thus allowing remote hosts to connect to forwarded ports. 222The argument must be 223.Dq yes 224or 225.Dq no . 226The default is 227.Dq no . 228.It Cm HostbasedAuthentication 229Specifies whether rhosts or /etc/hosts.equiv authentication together 230with successful public key client host authentication is allowed 231(hostbased authentication). 232This option is similar to 233.Cm RhostsRSAAuthentication 234and applies to protocol version 2 only. 235The default is 236.Dq no . 237.It Cm HostKey 238Specifies a file containing a private host key 239used by SSH. 240The default is 241.Pa /etc/ssh/ssh_host_key 242for protocol version 1, and 243.Pa /etc/ssh/ssh_host_dsa_key 244for protocol version 2. 245Note that 246.Nm sshd 247will refuse to use a file if it is group/world-accessible. 248It is possible to have multiple host key files. 249.Dq rsa1 250keys are used for version 1 and 251.Dq dsa 252or 253.Dq rsa 254are used for version 2 of the SSH protocol. 255.It Cm IgnoreRhosts 256Specifies that 257.Pa .rhosts 258and 259.Pa .shosts 260files will not be used in 261.Cm RhostsAuthentication , 262.Cm RhostsRSAAuthentication 263or 264.Cm HostbasedAuthentication . 265.Pp 266.Pa /etc/hosts.equiv 267and 268.Pa /etc/ssh/shosts.equiv 269are still used. 270The default is 271.Dq yes . 272.It Cm IgnoreUserKnownHosts 273Specifies whether 274.Nm sshd 275should ignore the user's 276.Pa $HOME/.ssh/known_hosts 277during 278.Cm RhostsRSAAuthentication 279or 280.Cm HostbasedAuthentication . 281The default is 282.Dq no . 283.It Cm KeepAlive 284Specifies whether the system should send TCP keepalive messages to the 285other side. 286If they are sent, death of the connection or crash of one 287of the machines will be properly noticed. 288However, this means that 289connections will die if the route is down temporarily, and some people 290find it annoying. 291On the other hand, if keepalives are not sent, 292sessions may hang indefinitely on the server, leaving 293.Dq ghost 294users and consuming server resources. 295.Pp 296The default is 297.Dq yes 298(to send keepalives), and the server will notice 299if the network goes down or the client host crashes. 300This avoids infinitely hanging sessions. 301.Pp 302To disable keepalives, the value should be set to 303.Dq no . 304.It Cm KerberosAuthentication 305Specifies whether Kerberos authentication is allowed. 306This can be in the form of a Kerberos ticket, or if 307.Cm PasswordAuthentication 308is yes, the password provided by the user will be validated through 309the Kerberos KDC. 310To use this option, the server needs a 311Kerberos servtab which allows the verification of the KDC's identity. 312Default is 313.Dq no . 314.It Cm KerberosOrLocalPasswd 315If set then if password authentication through Kerberos fails then 316the password will be validated via any additional local mechanism 317such as 318.Pa /etc/passwd . 319Default is 320.Dq yes . 321.It Cm KerberosTgtPassing 322Specifies whether a Kerberos TGT may be forwarded to the server. 323Default is 324.Dq no , 325as this only works when the Kerberos KDC is actually an AFS kaserver. 326.It Cm KerberosTicketCleanup 327Specifies whether to automatically destroy the user's ticket cache 328file on logout. 329Default is 330.Dq yes . 331.It Cm KeyRegenerationInterval 332In protocol version 1, the ephemeral server key is automatically regenerated 333after this many seconds (if it has been used). 334The purpose of regeneration is to prevent 335decrypting captured sessions by later breaking into the machine and 336stealing the keys. 337The key is never stored anywhere. 338If the value is 0, the key is never regenerated. 339The default is 3600 (seconds). 340.It Cm ListenAddress 341Specifies the local addresses 342.Nm sshd 343should listen on. 344The following forms may be used: 345.Pp 346.Bl -item -offset indent -compact 347.It 348.Cm ListenAddress 349.Sm off 350.Ar host No | Ar IPv4_addr No | Ar IPv6_addr 351.Sm on 352.It 353.Cm ListenAddress 354.Sm off 355.Ar host No | Ar IPv4_addr No : Ar port 356.Sm on 357.It 358.Cm ListenAddress 359.Sm off 360.Oo 361.Ar host No | Ar IPv6_addr Oc : Ar port 362.Sm on 363.El 364.Pp 365If 366.Ar port 367is not specified, 368.Nm sshd 369will listen on the address and all prior 370.Cm Port 371options specified. The default is to listen on all local 372addresses. Multiple 373.Cm ListenAddress 374options are permitted. Additionally, any 375.Cm Port 376options must precede this option for non port qualified addresses. 377.It Cm LoginGraceTime 378The server disconnects after this time if the user has not 379successfully logged in. 380If the value is 0, there is no time limit. 381The default is 120 (seconds). 382.It Cm LogLevel 383Gives the verbosity level that is used when logging messages from 384.Nm sshd . 385The possible values are: 386QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. 387The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 388and DEBUG3 each specify higher levels of debugging output. 389Logging with a DEBUG level violates the privacy of users 390and is not recommended. 391.It Cm MACs 392Specifies the available MAC (message authentication code) algorithms. 393The MAC algorithm is used in protocol version 2 394for data integrity protection. 395Multiple algorithms must be comma-separated. 396The default is 397.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . 398.It Cm MaxStartups 399Specifies the maximum number of concurrent unauthenticated connections to the 400.Nm sshd 401daemon. 402Additional connections will be dropped until authentication succeeds or the 403.Cm LoginGraceTime 404expires for a connection. 405The default is 10. 406.Pp 407Alternatively, random early drop can be enabled by specifying 408the three colon separated values 409.Dq start:rate:full 410(e.g., "10:30:60"). 411.Nm sshd 412will refuse connection attempts with a probability of 413.Dq rate/100 414(30%) 415if there are currently 416.Dq start 417(10) 418unauthenticated connections. 419The probability increases linearly and all connection attempts 420are refused if the number of unauthenticated connections reaches 421.Dq full 422(60). 423.It Cm PAMAuthenticationViaKbdInt 424Specifies whether PAM challenge response authentication is allowed. This 425allows the use of most PAM challenge response authentication modules, but 426it will allow password authentication regardless of whether 427.Cm PasswordAuthentication 428is enabled. 429.It Cm PasswordAuthentication 430Specifies whether password authentication is allowed. 431The default is 432.Dq yes . 433.It Cm PermitEmptyPasswords 434When password authentication is allowed, it specifies whether the 435server allows login to accounts with empty password strings. 436The default is 437.Dq no . 438.It Cm PermitRootLogin 439Specifies whether root can login using 440.Xr ssh 1 . 441The argument must be 442.Dq yes , 443.Dq without-password , 444.Dq forced-commands-only 445or 446.Dq no . 447The default is 448.Dq no . 449.Pp 450If this option is set to 451.Dq without-password 452password authentication is disabled for root. 453.Pp 454If this option is set to 455.Dq forced-commands-only 456root login with public key authentication will be allowed, 457but only if the 458.Ar command 459option has been specified 460(which may be useful for taking remote backups even if root login is 461normally not allowed). All other authentication methods are disabled 462for root. 463.Pp 464If this option is set to 465.Dq no 466root is not allowed to login. 467.It Cm PidFile 468Specifies the file that contains the process ID of the 469.Nm sshd 470daemon. 471The default is 472.Pa /var/run/sshd.pid . 473.It Cm Port 474Specifies the port number that 475.Nm sshd 476listens on. 477The default is 22. 478Multiple options of this type are permitted. 479See also 480.Cm ListenAddress . 481.It Cm PrintLastLog 482Specifies whether 483.Nm sshd 484should print the date and time when the user last logged in. 485The default is 486.Dq yes . 487.It Cm PrintMotd 488Specifies whether 489.Nm sshd 490should print 491.Pa /etc/motd 492when a user logs in interactively. 493(On some systems it is also printed by the shell, 494.Pa /etc/profile , 495or equivalent.) 496The default is 497.Dq yes . 498.It Cm Protocol 499Specifies the protocol versions 500.Nm sshd 501should support. 502The possible values are 503.Dq 1 504and 505.Dq 2 . 506Multiple versions must be comma-separated. 507The default is 508.Dq 2,1 . 509.It Cm PubkeyAuthentication 510Specifies whether public key authentication is allowed. 511The default is 512.Dq yes . 513Note that this option applies to protocol version 2 only. 514.It Cm RhostsAuthentication 515Specifies whether authentication using rhosts or 516.Pa /etc/hosts.equiv 517files is sufficient. 518Normally, this method should not be permitted because it is insecure. 519.Cm RhostsRSAAuthentication 520should be used 521instead, because it performs RSA-based host authentication in addition 522to normal rhosts or 523.Pa /etc/hosts.equiv 524authentication. 525The default is 526.Dq no . 527This option applies to protocol version 1 only. 528.It Cm RhostsRSAAuthentication 529Specifies whether rhosts or 530.Pa /etc/hosts.equiv 531authentication together 532with successful RSA host authentication is allowed. 533The default is 534.Dq no . 535This option applies to protocol version 1 only. 536.It Cm RSAAuthentication 537Specifies whether pure RSA authentication is allowed. 538The default is 539.Dq yes . 540This option applies to protocol version 1 only. 541.It Cm ServerKeyBits 542Defines the number of bits in the ephemeral protocol version 1 server key. 543The minimum value is 512, and the default is 768. 544.It Cm StrictModes 545Specifies whether 546.Nm sshd 547should check file modes and ownership of the 548user's files and home directory before accepting login. 549This is normally desirable because novices sometimes accidentally leave their 550directory or files world-writable. 551The default is 552.Dq yes . 553.It Cm Subsystem 554Configures an external subsystem (e.g., file transfer daemon). 555Arguments should be a subsystem name and a command to execute upon subsystem 556request. 557The command 558.Xr sftp-server 8 559implements the 560.Dq sftp 561file transfer subsystem. 562By default no subsystems are defined. 563Note that this option applies to protocol version 2 only. 564.It Cm SyslogFacility 565Gives the facility code that is used when logging messages from 566.Nm sshd . 567The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 568LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 569The default is AUTH. 570.It Cm UseLogin 571Specifies whether 572.Xr login 1 573is used for interactive login sessions. 574The default is 575.Dq no . 576Note that 577.Xr login 1 578is never used for remote command execution. 579Note also, that if this is enabled, 580.Cm X11Forwarding 581will be disabled because 582.Xr login 1 583does not know how to handle 584.Xr xauth 1 585cookies. If 586.Cm UsePrivilegeSeparation 587is specified, it will be disabled after authentication. 588.It Cm UsePrivilegeSeparation 589Specifies whether 590.Nm sshd 591separates privileges by creating an unprivileged child process 592to deal with incoming network traffic. After successful authentication, 593another process will be created that has the privilege of the authenticated 594user. The goal of privilege separation is to prevent privilege 595escalation by containing any corruption within the unprivileged processes. 596The default is 597.Dq yes . 598.It Cm VerifyReverseMapping 599Specifies whether 600.Nm sshd 601should try to verify the remote host name and check that 602the resolved host name for the remote IP address maps back to the 603very same IP address. 604The default is 605.Dq no . 606.It Cm VersionAddendum 607Specifies a string to append to the regular version string to identify 608OS- or site-specific modifications. 609.It Cm X11DisplayOffset 610Specifies the first display number available for 611.Nm sshd Ns 's 612X11 forwarding. 613This prevents 614.Nm sshd 615from interfering with real X11 servers. 616The default is 10. 617.It Cm X11Forwarding 618Specifies whether X11 forwarding is permitted. 619The default is 620.Dq no . 621Note that disabling X11 forwarding does not improve security in any 622way, as users can always install their own forwarders. 623X11 forwarding is automatically disabled if 624.Cm UseLogin 625is enabled. 626.It Cm X11UseLocalhost 627Specifies whether 628.Nm sshd 629should bind the X11 forwarding server to the loopback address or to 630the wildcard address. By default, 631.Nm sshd 632binds the forwarding server to the loopback address and sets the 633hostname part of the 634.Ev DISPLAY 635environment variable to 636.Dq localhost . 637This prevents remote hosts from connecting to the fake display. 638However, some older X11 clients may not function with this 639configuration. 640.Cm X11UseLocalhost 641may be set to 642.Dq no 643to specify that the forwarding server should be bound to the wildcard 644address. 645The argument must be 646.Dq yes 647or 648.Dq no . 649The default is 650.Dq yes . 651.It Cm XAuthLocation 652Specifies the location of the 653.Xr xauth 1 654program. 655The default is 656.Pa /usr/X11R6/bin/xauth . 657.El 658.Ss Time Formats 659.Pp 660.Nm sshd 661command-line arguments and configuration file options that specify time 662may be expressed using a sequence of the form: 663.Sm off 664.Ar time Oo Ar qualifier Oc , 665.Sm on 666where 667.Ar time 668is a positive integer value and 669.Ar qualifier 670is one of the following: 671.Pp 672.Bl -tag -width Ds -compact -offset indent 673.It Cm <none> 674seconds 675.It Cm s | Cm S 676seconds 677.It Cm m | Cm M 678minutes 679.It Cm h | Cm H 680hours 681.It Cm d | Cm D 682days 683.It Cm w | Cm W 684weeks 685.El 686.Pp 687Each member of the sequence is added together to calculate 688the total time value. 689.Pp 690Time format examples: 691.Pp 692.Bl -tag -width Ds -compact -offset indent 693.It 600 694600 seconds (10 minutes) 695.It 10m 69610 minutes 697.It 1h30m 6981 hour 30 minutes (90 minutes) 699.El 700.Sh FILES 701.Bl -tag -width Ds 702.It Pa /etc/ssh/sshd_config 703Contains configuration data for 704.Nm sshd . 705This file should be writable by root only, but it is recommended 706(though not necessary) that it be world-readable. 707.El 708.Sh AUTHORS 709OpenSSH is a derivative of the original and free 710ssh 1.2.12 release by Tatu Ylonen. 711Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 712Theo de Raadt and Dug Song 713removed many bugs, re-added newer features and 714created OpenSSH. 715Markus Friedl contributed the support for SSH 716protocol versions 1.5 and 2.0. 717Niels Provos and Markus Friedl contributed support 718for privilege separation. 719.Sh SEE ALSO 720.Xr sshd 8 721