xref: /freebsd/crypto/openssh/sshd_config.5 (revision f6a3b357e9be4c6423c85eff9a847163a0d307c8)
1.\"
2.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4.\"                    All rights reserved
5.\"
6.\" As far as I am concerned, the code I have written for this software
7.\" can be used freely for any purpose.  Any derived versions of this
8.\" software must be clearly marked as such, and if the derived work is
9.\" incompatible with the protocol description in the RFC file, it must be
10.\" called by a name other than "ssh" or "Secure Shell".
11.\"
12.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
13.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
14.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
15.\"
16.\" Redistribution and use in source and binary forms, with or without
17.\" modification, are permitted provided that the following conditions
18.\" are met:
19.\" 1. Redistributions of source code must retain the above copyright
20.\"    notice, this list of conditions and the following disclaimer.
21.\" 2. Redistributions in binary form must reproduce the above copyright
22.\"    notice, this list of conditions and the following disclaimer in the
23.\"    documentation and/or other materials provided with the distribution.
24.\"
25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\"
36.\" $OpenBSD: sshd_config.5,v 1.281 2018/07/20 05:01:10 djm Exp $
37.\" $FreeBSD$
38.Dd $Mdocdate: July 20 2018 $
39.Dt SSHD_CONFIG 5
40.Os
41.Sh NAME
42.Nm sshd_config
43.Nd OpenSSH SSH daemon configuration file
44.Sh DESCRIPTION
45.Xr sshd 8
46reads configuration data from
47.Pa /etc/ssh/sshd_config
48(or the file specified with
49.Fl f
50on the command line).
51The file contains keyword-argument pairs, one per line.
52For each keyword, the first obtained value will be used.
53Lines starting with
54.Ql #
55and empty lines are interpreted as comments.
56Arguments may optionally be enclosed in double quotes
57.Pq \&"
58in order to represent arguments containing spaces.
59.Pp
60The possible
61keywords and their meanings are as follows (note that
62keywords are case-insensitive and arguments are case-sensitive):
63.Bl -tag -width Ds
64.It Cm AcceptEnv
65Specifies what environment variables sent by the client will be copied into
66the session's
67.Xr environ 7 .
68See
69.Cm SendEnv
70and
71.Cm SetEnv
72in
73.Xr ssh_config 5
74for how to configure the client.
75The
76.Ev TERM
77environment variable is always accepted whenever the client
78requests a pseudo-terminal as it is required by the protocol.
79Variables are specified by name, which may contain the wildcard characters
80.Ql *
81and
82.Ql \&? .
83Multiple environment variables may be separated by whitespace or spread
84across multiple
85.Cm AcceptEnv
86directives.
87Be warned that some environment variables could be used to bypass restricted
88user environments.
89For this reason, care should be taken in the use of this directive.
90The default is not to accept any environment variables.
91.It Cm AddressFamily
92Specifies which address family should be used by
93.Xr sshd 8 .
94Valid arguments are
95.Cm any
96(the default),
97.Cm inet
98(use IPv4 only), or
99.Cm inet6
100(use IPv6 only).
101.It Cm AllowAgentForwarding
102Specifies whether
103.Xr ssh-agent 1
104forwarding is permitted.
105The default is
106.Cm yes .
107Note that disabling agent forwarding does not improve security
108unless users are also denied shell access, as they can always install
109their own forwarders.
110.It Cm AllowGroups
111This keyword can be followed by a list of group name patterns, separated
112by spaces.
113If specified, login is allowed only for users whose primary
114group or supplementary group list matches one of the patterns.
115Only group names are valid; a numerical group ID is not recognized.
116By default, login is allowed for all groups.
117The allow/deny directives are processed in the following order:
118.Cm DenyUsers ,
119.Cm AllowUsers ,
120.Cm DenyGroups ,
121and finally
122.Cm AllowGroups .
123.Pp
124See PATTERNS in
125.Xr ssh_config 5
126for more information on patterns.
127.It Cm AllowStreamLocalForwarding
128Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
129The available options are
130.Cm yes
131(the default)
132or
133.Cm all
134to allow StreamLocal forwarding,
135.Cm no
136to prevent all StreamLocal forwarding,
137.Cm local
138to allow local (from the perspective of
139.Xr ssh 1 )
140forwarding only or
141.Cm remote
142to allow remote forwarding only.
143Note that disabling StreamLocal forwarding does not improve security unless
144users are also denied shell access, as they can always install their
145own forwarders.
146.It Cm AllowTcpForwarding
147Specifies whether TCP forwarding is permitted.
148The available options are
149.Cm yes
150(the default)
151or
152.Cm all
153to allow TCP forwarding,
154.Cm no
155to prevent all TCP forwarding,
156.Cm local
157to allow local (from the perspective of
158.Xr ssh 1 )
159forwarding only or
160.Cm remote
161to allow remote forwarding only.
162Note that disabling TCP forwarding does not improve security unless
163users are also denied shell access, as they can always install their
164own forwarders.
165.It Cm AllowUsers
166This keyword can be followed by a list of user name patterns, separated
167by spaces.
168If specified, login is allowed only for user names that
169match one of the patterns.
170Only user names are valid; a numerical user ID is not recognized.
171By default, login is allowed for all users.
172If the pattern takes the form USER@HOST then USER and HOST
173are separately checked, restricting logins to particular
174users from particular hosts.
175HOST criteria may additionally contain addresses to match in CIDR
176address/masklen format.
177The allow/deny directives are processed in the following order:
178.Cm DenyUsers ,
179.Cm AllowUsers ,
180.Cm DenyGroups ,
181and finally
182.Cm AllowGroups .
183.Pp
184See PATTERNS in
185.Xr ssh_config 5
186for more information on patterns.
187.It Cm AuthenticationMethods
188Specifies the authentication methods that must be successfully completed
189for a user to be granted access.
190This option must be followed by one or more lists of comma-separated
191authentication method names, or by the single string
192.Cm any
193to indicate the default behaviour of accepting any single authentication
194method.
195If the default is overridden, then successful authentication requires
196completion of every method in at least one of these lists.
197.Pp
198For example,
199.Qq publickey,password publickey,keyboard-interactive
200would require the user to complete public key authentication, followed by
201either password or keyboard interactive authentication.
202Only methods that are next in one or more lists are offered at each stage,
203so for this example it would not be possible to attempt password or
204keyboard-interactive authentication before public key.
205.Pp
206For keyboard interactive authentication it is also possible to
207restrict authentication to a specific device by appending a
208colon followed by the device identifier
209.Cm bsdauth
210or
211.Cm pam .
212depending on the server configuration.
213For example,
214.Qq keyboard-interactive:bsdauth
215would restrict keyboard interactive authentication to the
216.Cm bsdauth
217device.
218.Pp
219If the publickey method is listed more than once,
220.Xr sshd 8
221verifies that keys that have been used successfully are not reused for
222subsequent authentications.
223For example,
224.Qq publickey,publickey
225requires successful authentication using two different public keys.
226.Pp
227Note that each authentication method listed should also be explicitly enabled
228in the configuration.
229.Pp
230The available authentication methods are:
231.Qq gssapi-with-mic ,
232.Qq hostbased ,
233.Qq keyboard-interactive ,
234.Qq none
235(used for access to password-less accounts when
236.Cm PermitEmptyPasswords
237is enabled),
238.Qq password
239and
240.Qq publickey .
241.It Cm AuthorizedKeysCommand
242Specifies a program to be used to look up the user's public keys.
243The program must be owned by root, not writable by group or others and
244specified by an absolute path.
245Arguments to
246.Cm AuthorizedKeysCommand
247accept the tokens described in the
248.Sx TOKENS
249section.
250If no arguments are specified then the username of the target user is used.
251.Pp
252The program should produce on standard output zero or
253more lines of authorized_keys output (see
254.Sx AUTHORIZED_KEYS
255in
256.Xr sshd 8 ) .
257If a key supplied by
258.Cm AuthorizedKeysCommand
259does not successfully authenticate
260and authorize the user then public key authentication continues using the usual
261.Cm AuthorizedKeysFile
262files.
263By default, no
264.Cm AuthorizedKeysCommand
265is run.
266.It Cm AuthorizedKeysCommandUser
267Specifies the user under whose account the
268.Cm AuthorizedKeysCommand
269is run.
270It is recommended to use a dedicated user that has no other role on the host
271than running authorized keys commands.
272If
273.Cm AuthorizedKeysCommand
274is specified but
275.Cm AuthorizedKeysCommandUser
276is not, then
277.Xr sshd 8
278will refuse to start.
279.It Cm AuthorizedKeysFile
280Specifies the file that contains the public keys used for user authentication.
281The format is described in the
282.Sx AUTHORIZED_KEYS FILE FORMAT
283section of
284.Xr sshd 8 .
285Arguments to
286.Cm AuthorizedKeysFile
287accept the tokens described in the
288.Sx TOKENS
289section.
290After expansion,
291.Cm AuthorizedKeysFile
292is taken to be an absolute path or one relative to the user's home
293directory.
294Multiple files may be listed, separated by whitespace.
295Alternately this option may be set to
296.Cm none
297to skip checking for user keys in files.
298The default is
299.Qq .ssh/authorized_keys .ssh/authorized_keys2 .
300.It Cm AuthorizedPrincipalsCommand
301Specifies a program to be used to generate the list of allowed
302certificate principals as per
303.Cm AuthorizedPrincipalsFile .
304The program must be owned by root, not writable by group or others and
305specified by an absolute path.
306Arguments to
307.Cm AuthorizedPrincipalsCommand
308accept the tokens described in the
309.Sx TOKENS
310section.
311If no arguments are specified then the username of the target user is used.
312.Pp
313The program should produce on standard output zero or
314more lines of
315.Cm AuthorizedPrincipalsFile
316output.
317If either
318.Cm AuthorizedPrincipalsCommand
319or
320.Cm AuthorizedPrincipalsFile
321is specified, then certificates offered by the client for authentication
322must contain a principal that is listed.
323By default, no
324.Cm AuthorizedPrincipalsCommand
325is run.
326.It Cm AuthorizedPrincipalsCommandUser
327Specifies the user under whose account the
328.Cm AuthorizedPrincipalsCommand
329is run.
330It is recommended to use a dedicated user that has no other role on the host
331than running authorized principals commands.
332If
333.Cm AuthorizedPrincipalsCommand
334is specified but
335.Cm AuthorizedPrincipalsCommandUser
336is not, then
337.Xr sshd 8
338will refuse to start.
339.It Cm AuthorizedPrincipalsFile
340Specifies a file that lists principal names that are accepted for
341certificate authentication.
342When using certificates signed by a key listed in
343.Cm TrustedUserCAKeys ,
344this file lists names, one of which must appear in the certificate for it
345to be accepted for authentication.
346Names are listed one per line preceded by key options (as described in
347.Sx AUTHORIZED_KEYS FILE FORMAT
348in
349.Xr sshd 8 ) .
350Empty lines and comments starting with
351.Ql #
352are ignored.
353.Pp
354Arguments to
355.Cm AuthorizedPrincipalsFile
356accept the tokens described in the
357.Sx TOKENS
358section.
359After expansion,
360.Cm AuthorizedPrincipalsFile
361is taken to be an absolute path or one relative to the user's home directory.
362The default is
363.Cm none ,
364i.e. not to use a principals file \(en in this case, the username
365of the user must appear in a certificate's principals list for it to be
366accepted.
367.Pp
368Note that
369.Cm AuthorizedPrincipalsFile
370is only used when authentication proceeds using a CA listed in
371.Cm TrustedUserCAKeys
372and is not consulted for certification authorities trusted via
373.Pa ~/.ssh/authorized_keys ,
374though the
375.Cm principals=
376key option offers a similar facility (see
377.Xr sshd 8
378for details).
379.It Cm Banner
380The contents of the specified file are sent to the remote user before
381authentication is allowed.
382If the argument is
383.Cm none
384then no banner is displayed.
385By default, no banner is displayed.
386.It Cm ChallengeResponseAuthentication
387Specifies whether challenge-response authentication is allowed (e.g. via
388PAM or through authentication styles supported in
389.Xr login.conf 5 )
390The default is
391.Cm yes .
392.It Cm ChrootDirectory
393Specifies the pathname of a directory to
394.Xr chroot 2
395to after authentication.
396At session startup
397.Xr sshd 8
398checks that all components of the pathname are root-owned directories
399which are not writable by any other user or group.
400After the chroot,
401.Xr sshd 8
402changes the working directory to the user's home directory.
403Arguments to
404.Cm ChrootDirectory
405accept the tokens described in the
406.Sx TOKENS
407section.
408.Pp
409The
410.Cm ChrootDirectory
411must contain the necessary files and directories to support the
412user's session.
413For an interactive session this requires at least a shell, typically
414.Xr sh 1 ,
415and basic
416.Pa /dev
417nodes such as
418.Xr null 4 ,
419.Xr zero 4 ,
420.Xr stdin 4 ,
421.Xr stdout 4 ,
422.Xr stderr 4 ,
423and
424.Xr tty 4
425devices.
426For file transfer sessions using SFTP
427no additional configuration of the environment is necessary if the in-process
428sftp-server is used,
429though sessions which use logging may require
430.Pa /dev/log
431inside the chroot directory on some operating systems (see
432.Xr sftp-server 8
433for details).
434.Pp
435For safety, it is very important that the directory hierarchy be
436prevented from modification by other processes on the system (especially
437those outside the jail).
438Misconfiguration can lead to unsafe environments which
439.Xr sshd 8
440cannot detect.
441.Pp
442The default is
443.Cm none ,
444indicating not to
445.Xr chroot 2 .
446.It Cm Ciphers
447Specifies the ciphers allowed.
448Multiple ciphers must be comma-separated.
449If the specified value begins with a
450.Sq +
451character, then the specified ciphers will be appended to the default set
452instead of replacing them.
453If the specified value begins with a
454.Sq -
455character, then the specified ciphers (including wildcards) will be removed
456from the default set instead of replacing them.
457.Pp
458The supported ciphers are:
459.Pp
460.Bl -item -compact -offset indent
461.It
4623des-cbc
463.It
464aes128-cbc
465.It
466aes192-cbc
467.It
468aes256-cbc
469.It
470aes128-ctr
471.It
472aes192-ctr
473.It
474aes256-ctr
475.It
476aes128-gcm@openssh.com
477.It
478aes256-gcm@openssh.com
479.It
480chacha20-poly1305@openssh.com
481.El
482.Pp
483The default is:
484.Bd -literal -offset indent
485chacha20-poly1305@openssh.com,
486aes128-ctr,aes192-ctr,aes256-ctr,
487aes128-gcm@openssh.com,aes256-gcm@openssh.com,
488aes128-cbc,aes192-cbc,aes256-cbc
489.Ed
490.Pp
491The list of available ciphers may also be obtained using
492.Qq ssh -Q cipher .
493.It Cm ClientAliveCountMax
494Sets the number of client alive messages which may be sent without
495.Xr sshd 8
496receiving any messages back from the client.
497If this threshold is reached while client alive messages are being sent,
498sshd will disconnect the client, terminating the session.
499It is important to note that the use of client alive messages is very
500different from
501.Cm TCPKeepAlive .
502The client alive messages are sent through the encrypted channel
503and therefore will not be spoofable.
504The TCP keepalive option enabled by
505.Cm TCPKeepAlive
506is spoofable.
507The client alive mechanism is valuable when the client or
508server depend on knowing when a connection has become inactive.
509.Pp
510The default value is 3.
511If
512.Cm ClientAliveInterval
513is set to 15, and
514.Cm ClientAliveCountMax
515is left at the default, unresponsive SSH clients
516will be disconnected after approximately 45 seconds.
517.It Cm ClientAliveInterval
518Sets a timeout interval in seconds after which if no data has been received
519from the client,
520.Xr sshd 8
521will send a message through the encrypted
522channel to request a response from the client.
523The default
524is 0, indicating that these messages will not be sent to the client.
525.It Cm Compression
526Specifies whether compression is enabled after
527the user has authenticated successfully.
528The argument must be
529.Cm yes ,
530.Cm delayed
531(a legacy synonym for
532.Cm yes )
533or
534.Cm no .
535The default is
536.Cm yes .
537.It Cm DenyGroups
538This keyword can be followed by a list of group name patterns, separated
539by spaces.
540Login is disallowed for users whose primary group or supplementary
541group list matches one of the patterns.
542Only group names are valid; a numerical group ID is not recognized.
543By default, login is allowed for all groups.
544The allow/deny directives are processed in the following order:
545.Cm DenyUsers ,
546.Cm AllowUsers ,
547.Cm DenyGroups ,
548and finally
549.Cm AllowGroups .
550.Pp
551See PATTERNS in
552.Xr ssh_config 5
553for more information on patterns.
554.It Cm DenyUsers
555This keyword can be followed by a list of user name patterns, separated
556by spaces.
557Login is disallowed for user names that match one of the patterns.
558Only user names are valid; a numerical user ID is not recognized.
559By default, login is allowed for all users.
560If the pattern takes the form USER@HOST then USER and HOST
561are separately checked, restricting logins to particular
562users from particular hosts.
563HOST criteria may additionally contain addresses to match in CIDR
564address/masklen format.
565The allow/deny directives are processed in the following order:
566.Cm DenyUsers ,
567.Cm AllowUsers ,
568.Cm DenyGroups ,
569and finally
570.Cm AllowGroups .
571.Pp
572See PATTERNS in
573.Xr ssh_config 5
574for more information on patterns.
575.It Cm DisableForwarding
576Disables all forwarding features, including X11,
577.Xr ssh-agent 1 ,
578TCP and StreamLocal.
579This option overrides all other forwarding-related options and may
580simplify restricted configurations.
581.It Cm ExposeAuthInfo
582Writes a temporary file containing a list of authentication methods and
583public credentials (e.g. keys) used to authenticate the user.
584The location of the file is exposed to the user session through the
585.Ev SSH_USER_AUTH
586environment variable.
587The default is
588.Cm no .
589.It Cm FingerprintHash
590Specifies the hash algorithm used when logging key fingerprints.
591Valid options are:
592.Cm md5
593and
594.Cm sha256 .
595The default is
596.Cm sha256 .
597.It Cm ForceCommand
598Forces the execution of the command specified by
599.Cm ForceCommand ,
600ignoring any command supplied by the client and
601.Pa ~/.ssh/rc
602if present.
603The command is invoked by using the user's login shell with the -c option.
604This applies to shell, command, or subsystem execution.
605It is most useful inside a
606.Cm Match
607block.
608The command originally supplied by the client is available in the
609.Ev SSH_ORIGINAL_COMMAND
610environment variable.
611Specifying a command of
612.Cm internal-sftp
613will force the use of an in-process SFTP server that requires no support
614files when used with
615.Cm ChrootDirectory .
616The default is
617.Cm none .
618.It Cm GatewayPorts
619Specifies whether remote hosts are allowed to connect to ports
620forwarded for the client.
621By default,
622.Xr sshd 8
623binds remote port forwardings to the loopback address.
624This prevents other remote hosts from connecting to forwarded ports.
625.Cm GatewayPorts
626can be used to specify that sshd
627should allow remote port forwardings to bind to non-loopback addresses, thus
628allowing other hosts to connect.
629The argument may be
630.Cm no
631to force remote port forwardings to be available to the local host only,
632.Cm yes
633to force remote port forwardings to bind to the wildcard address, or
634.Cm clientspecified
635to allow the client to select the address to which the forwarding is bound.
636The default is
637.Cm no .
638.It Cm GSSAPIAuthentication
639Specifies whether user authentication based on GSSAPI is allowed.
640The default is
641.Cm no .
642.It Cm GSSAPICleanupCredentials
643Specifies whether to automatically destroy the user's credentials cache
644on logout.
645The default is
646.Cm yes .
647.It Cm GSSAPIStrictAcceptorCheck
648Determines whether to be strict about the identity of the GSSAPI acceptor
649a client authenticates against.
650If set to
651.Cm yes
652then the client must authenticate against the host
653service on the current hostname.
654If set to
655.Cm no
656then the client may authenticate against any service key stored in the
657machine's default store.
658This facility is provided to assist with operation on multi homed machines.
659The default is
660.Cm yes .
661.It Cm HostbasedAcceptedKeyTypes
662Specifies the key types that will be accepted for hostbased authentication
663as a list of comma-separated patterns.
664Alternately if the specified value begins with a
665.Sq +
666character, then the specified key types will be appended to the default set
667instead of replacing them.
668If the specified value begins with a
669.Sq -
670character, then the specified key types (including wildcards) will be removed
671from the default set instead of replacing them.
672The default for this option is:
673.Bd -literal -offset 3n
674ecdsa-sha2-nistp256-cert-v01@openssh.com,
675ecdsa-sha2-nistp384-cert-v01@openssh.com,
676ecdsa-sha2-nistp521-cert-v01@openssh.com,
677ssh-ed25519-cert-v01@openssh.com,
678rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
679ssh-rsa-cert-v01@openssh.com,
680ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
681ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
682.Ed
683.Pp
684The list of available key types may also be obtained using
685.Qq ssh -Q key .
686.It Cm HostbasedAuthentication
687Specifies whether rhosts or /etc/hosts.equiv authentication together
688with successful public key client host authentication is allowed
689(host-based authentication).
690The default is
691.Cm no .
692.It Cm HostbasedUsesNameFromPacketOnly
693Specifies whether or not the server will attempt to perform a reverse
694name lookup when matching the name in the
695.Pa ~/.shosts ,
696.Pa ~/.rhosts ,
697and
698.Pa /etc/hosts.equiv
699files during
700.Cm HostbasedAuthentication .
701A setting of
702.Cm yes
703means that
704.Xr sshd 8
705uses the name supplied by the client rather than
706attempting to resolve the name from the TCP connection itself.
707The default is
708.Cm no .
709.It Cm HostCertificate
710Specifies a file containing a public host certificate.
711The certificate's public key must match a private host key already specified
712by
713.Cm HostKey .
714The default behaviour of
715.Xr sshd 8
716is not to load any certificates.
717.It Cm HostKey
718Specifies a file containing a private host key
719used by SSH.
720The defaults are
721.Pa /etc/ssh/ssh_host_ecdsa_key ,
722.Pa /etc/ssh/ssh_host_ed25519_key
723and
724.Pa /etc/ssh/ssh_host_rsa_key .
725.Pp
726Note that
727.Xr sshd 8
728will refuse to use a file if it is group/world-accessible
729and that the
730.Cm HostKeyAlgorithms
731option restricts which of the keys are actually used by
732.Xr sshd 8 .
733.Pp
734It is possible to have multiple host key files.
735It is also possible to specify public host key files instead.
736In this case operations on the private key will be delegated
737to an
738.Xr ssh-agent 1 .
739.It Cm HostKeyAgent
740Identifies the UNIX-domain socket used to communicate
741with an agent that has access to the private host keys.
742If the string
743.Qq SSH_AUTH_SOCK
744is specified, the location of the socket will be read from the
745.Ev SSH_AUTH_SOCK
746environment variable.
747.It Cm HostKeyAlgorithms
748Specifies the host key algorithms
749that the server offers.
750The default for this option is:
751.Bd -literal -offset 3n
752ecdsa-sha2-nistp256-cert-v01@openssh.com,
753ecdsa-sha2-nistp384-cert-v01@openssh.com,
754ecdsa-sha2-nistp521-cert-v01@openssh.com,
755ssh-ed25519-cert-v01@openssh.com,
756rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
757ssh-rsa-cert-v01@openssh.com,
758ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
759ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
760.Ed
761.Pp
762The list of available key types may also be obtained using
763.Qq ssh -Q key .
764.It Cm IgnoreRhosts
765Specifies that
766.Pa .rhosts
767and
768.Pa .shosts
769files will not be used in
770.Cm HostbasedAuthentication .
771.Pp
772.Pa /etc/hosts.equiv
773and
774.Pa /etc/ssh/shosts.equiv
775are still used.
776The default is
777.Cm yes .
778.It Cm IgnoreUserKnownHosts
779Specifies whether
780.Xr sshd 8
781should ignore the user's
782.Pa ~/.ssh/known_hosts
783during
784.Cm HostbasedAuthentication
785and use only the system-wide known hosts file
786.Pa /etc/ssh/known_hosts .
787The default is
788.Cm no .
789.It Cm IPQoS
790Specifies the IPv4 type-of-service or DSCP class for the connection.
791Accepted values are
792.Cm af11 ,
793.Cm af12 ,
794.Cm af13 ,
795.Cm af21 ,
796.Cm af22 ,
797.Cm af23 ,
798.Cm af31 ,
799.Cm af32 ,
800.Cm af33 ,
801.Cm af41 ,
802.Cm af42 ,
803.Cm af43 ,
804.Cm cs0 ,
805.Cm cs1 ,
806.Cm cs2 ,
807.Cm cs3 ,
808.Cm cs4 ,
809.Cm cs5 ,
810.Cm cs6 ,
811.Cm cs7 ,
812.Cm ef ,
813.Cm lowdelay ,
814.Cm throughput ,
815.Cm reliability ,
816a numeric value, or
817.Cm none
818to use the operating system default.
819This option may take one or two arguments, separated by whitespace.
820If one argument is specified, it is used as the packet class unconditionally.
821If two values are specified, the first is automatically selected for
822interactive sessions and the second for non-interactive sessions.
823The default is
824.Cm af21
825(Low-Latency Data)
826for interactive sessions and
827.Cm cs1
828(Lower Effort)
829for non-interactive sessions.
830.It Cm KbdInteractiveAuthentication
831Specifies whether to allow keyboard-interactive authentication.
832The argument to this keyword must be
833.Cm yes
834or
835.Cm no .
836The default is to use whatever value
837.Cm ChallengeResponseAuthentication
838is set to
839(by default
840.Cm yes ) .
841.It Cm KerberosAuthentication
842Specifies whether the password provided by the user for
843.Cm PasswordAuthentication
844will be validated through the Kerberos KDC.
845To use this option, the server needs a
846Kerberos servtab which allows the verification of the KDC's identity.
847The default is
848.Cm no .
849.It Cm KerberosGetAFSToken
850If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire
851an AFS token before accessing the user's home directory.
852The default is
853.Cm no .
854.It Cm KerberosOrLocalPasswd
855If password authentication through Kerberos fails then
856the password will be validated via any additional local mechanism
857such as
858.Pa /etc/passwd .
859The default is
860.Cm yes .
861.It Cm KerberosTicketCleanup
862Specifies whether to automatically destroy the user's ticket cache
863file on logout.
864The default is
865.Cm yes .
866.It Cm KexAlgorithms
867Specifies the available KEX (Key Exchange) algorithms.
868Multiple algorithms must be comma-separated.
869Alternately if the specified value begins with a
870.Sq +
871character, then the specified methods will be appended to the default set
872instead of replacing them.
873If the specified value begins with a
874.Sq -
875character, then the specified methods (including wildcards) will be removed
876from the default set instead of replacing them.
877The supported algorithms are:
878.Pp
879.Bl -item -compact -offset indent
880.It
881curve25519-sha256
882.It
883curve25519-sha256@libssh.org
884.It
885diffie-hellman-group1-sha1
886.It
887diffie-hellman-group14-sha1
888.It
889diffie-hellman-group14-sha256
890.It
891diffie-hellman-group16-sha512
892.It
893diffie-hellman-group18-sha512
894.It
895diffie-hellman-group-exchange-sha1
896.It
897diffie-hellman-group-exchange-sha256
898.It
899ecdh-sha2-nistp256
900.It
901ecdh-sha2-nistp384
902.It
903ecdh-sha2-nistp521
904.El
905.Pp
906The default is:
907.Bd -literal -offset indent
908curve25519-sha256,curve25519-sha256@libssh.org,
909ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
910diffie-hellman-group-exchange-sha256,
911diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
912diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
913.Ed
914.Pp
915The list of available key exchange algorithms may also be obtained using
916.Qq ssh -Q kex .
917.It Cm ListenAddress
918Specifies the local addresses
919.Xr sshd 8
920should listen on.
921The following forms may be used:
922.Pp
923.Bl -item -offset indent -compact
924.It
925.Cm ListenAddress
926.Sm off
927.Ar hostname | address
928.Sm on
929.Op Cm rdomain Ar domain
930.It
931.Cm ListenAddress
932.Sm off
933.Ar hostname : port
934.Sm on
935.Op Cm rdomain Ar domain
936.It
937.Cm ListenAddress
938.Sm off
939.Ar IPv4_address : port
940.Sm on
941.Op Cm rdomain Ar domain
942.It
943.Cm ListenAddress
944.Sm off
945.Oo Ar hostname | address Oc : Ar port
946.Sm on
947.Op Cm rdomain Ar domain
948.El
949.Pp
950The optional
951.Cm rdomain
952qualifier requests
953.Xr sshd 8
954listen in an explicit routing domain.
955If
956.Ar port
957is not specified,
958sshd will listen on the address and all
959.Cm Port
960options specified.
961The default is to listen on all local addresses on the current default
962routing domain.
963Multiple
964.Cm ListenAddress
965options are permitted.
966For more information on routing domains, see
967.Xr rdomain 4 .
968.It Cm LoginGraceTime
969The server disconnects after this time if the user has not
970successfully logged in.
971If the value is 0, there is no time limit.
972The default is 120 seconds.
973.It Cm LogLevel
974Gives the verbosity level that is used when logging messages from
975.Xr sshd 8 .
976The possible values are:
977QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
978The default is INFO.
979DEBUG and DEBUG1 are equivalent.
980DEBUG2 and DEBUG3 each specify higher levels of debugging output.
981Logging with a DEBUG level violates the privacy of users and is not recommended.
982.It Cm MACs
983Specifies the available MAC (message authentication code) algorithms.
984The MAC algorithm is used for data integrity protection.
985Multiple algorithms must be comma-separated.
986If the specified value begins with a
987.Sq +
988character, then the specified algorithms will be appended to the default set
989instead of replacing them.
990If the specified value begins with a
991.Sq -
992character, then the specified algorithms (including wildcards) will be removed
993from the default set instead of replacing them.
994.Pp
995The algorithms that contain
996.Qq -etm
997calculate the MAC after encryption (encrypt-then-mac).
998These are considered safer and their use recommended.
999The supported MACs are:
1000.Pp
1001.Bl -item -compact -offset indent
1002.It
1003hmac-md5
1004.It
1005hmac-md5-96
1006.It
1007hmac-sha1
1008.It
1009hmac-sha1-96
1010.It
1011hmac-sha2-256
1012.It
1013hmac-sha2-512
1014.It
1015umac-64@openssh.com
1016.It
1017umac-128@openssh.com
1018.It
1019hmac-md5-etm@openssh.com
1020.It
1021hmac-md5-96-etm@openssh.com
1022.It
1023hmac-sha1-etm@openssh.com
1024.It
1025hmac-sha1-96-etm@openssh.com
1026.It
1027hmac-sha2-256-etm@openssh.com
1028.It
1029hmac-sha2-512-etm@openssh.com
1030.It
1031umac-64-etm@openssh.com
1032.It
1033umac-128-etm@openssh.com
1034.El
1035.Pp
1036The default is:
1037.Bd -literal -offset indent
1038umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1039hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1040hmac-sha1-etm@openssh.com,
1041umac-64@openssh.com,umac-128@openssh.com,
1042hmac-sha2-256,hmac-sha2-512,hmac-sha1
1043.Ed
1044.Pp
1045The list of available MAC algorithms may also be obtained using
1046.Qq ssh -Q mac .
1047.It Cm Match
1048Introduces a conditional block.
1049If all of the criteria on the
1050.Cm Match
1051line are satisfied, the keywords on the following lines override those
1052set in the global section of the config file, until either another
1053.Cm Match
1054line or the end of the file.
1055If a keyword appears in multiple
1056.Cm Match
1057blocks that are satisfied, only the first instance of the keyword is
1058applied.
1059.Pp
1060The arguments to
1061.Cm Match
1062are one or more criteria-pattern pairs or the single token
1063.Cm All
1064which matches all criteria.
1065The available criteria are
1066.Cm User ,
1067.Cm Group ,
1068.Cm Host ,
1069.Cm LocalAddress ,
1070.Cm LocalPort ,
1071.Cm RDomain ,
1072and
1073.Cm Address
1074(with
1075.Cm RDomain
1076representing the
1077.Xr rdomain 4
1078on which the connection was received.)
1079.Pp
1080The match patterns may consist of single entries or comma-separated
1081lists and may use the wildcard and negation operators described in the
1082.Sx PATTERNS
1083section of
1084.Xr ssh_config 5 .
1085.Pp
1086The patterns in an
1087.Cm Address
1088criteria may additionally contain addresses to match in CIDR
1089address/masklen format,
1090such as 192.0.2.0/24 or 2001:db8::/32.
1091Note that the mask length provided must be consistent with the address -
1092it is an error to specify a mask length that is too long for the address
1093or one with bits set in this host portion of the address.
1094For example, 192.0.2.0/33 and 192.0.2.0/8, respectively.
1095.Pp
1096Only a subset of keywords may be used on the lines following a
1097.Cm Match
1098keyword.
1099Available keywords are
1100.Cm AcceptEnv ,
1101.Cm AllowAgentForwarding ,
1102.Cm AllowGroups ,
1103.Cm AllowStreamLocalForwarding ,
1104.Cm AllowTcpForwarding ,
1105.Cm AllowUsers ,
1106.Cm AuthenticationMethods ,
1107.Cm AuthorizedKeysCommand ,
1108.Cm AuthorizedKeysCommandUser ,
1109.Cm AuthorizedKeysFile ,
1110.Cm AuthorizedPrincipalsCommand ,
1111.Cm AuthorizedPrincipalsCommandUser ,
1112.Cm AuthorizedPrincipalsFile ,
1113.Cm Banner ,
1114.Cm ChrootDirectory ,
1115.Cm ClientAliveCountMax ,
1116.Cm ClientAliveInterval ,
1117.Cm DenyGroups ,
1118.Cm DenyUsers ,
1119.Cm ForceCommand ,
1120.Cm GatewayPorts ,
1121.Cm GSSAPIAuthentication ,
1122.Cm HostbasedAcceptedKeyTypes ,
1123.Cm HostbasedAuthentication ,
1124.Cm HostbasedUsesNameFromPacketOnly ,
1125.Cm IPQoS ,
1126.Cm KbdInteractiveAuthentication ,
1127.Cm KerberosAuthentication ,
1128.Cm LogLevel ,
1129.Cm MaxAuthTries ,
1130.Cm MaxSessions ,
1131.Cm PasswordAuthentication ,
1132.Cm PermitEmptyPasswords ,
1133.Cm PermitListen ,
1134.Cm PermitOpen ,
1135.Cm PermitRootLogin ,
1136.Cm PermitTTY ,
1137.Cm PermitTunnel ,
1138.Cm PermitUserRC ,
1139.Cm PubkeyAcceptedKeyTypes ,
1140.Cm PubkeyAuthentication ,
1141.Cm RekeyLimit ,
1142.Cm RevokedKeys ,
1143.Cm RDomain ,
1144.Cm SetEnv ,
1145.Cm StreamLocalBindMask ,
1146.Cm StreamLocalBindUnlink ,
1147.Cm TrustedUserCAKeys ,
1148.Cm X11DisplayOffset ,
1149.Cm X11Forwarding
1150and
1151.Cm X11UseLocalHost .
1152.It Cm MaxAuthTries
1153Specifies the maximum number of authentication attempts permitted per
1154connection.
1155Once the number of failures reaches half this value,
1156additional failures are logged.
1157The default is 6.
1158.It Cm MaxSessions
1159Specifies the maximum number of open shell, login or subsystem (e.g. sftp)
1160sessions permitted per network connection.
1161Multiple sessions may be established by clients that support connection
1162multiplexing.
1163Setting
1164.Cm MaxSessions
1165to 1 will effectively disable session multiplexing, whereas setting it to 0
1166will prevent all shell, login and subsystem sessions while still permitting
1167forwarding.
1168The default is 10.
1169.It Cm MaxStartups
1170Specifies the maximum number of concurrent unauthenticated connections to the
1171SSH daemon.
1172Additional connections will be dropped until authentication succeeds or the
1173.Cm LoginGraceTime
1174expires for a connection.
1175The default is 10:30:100.
1176.Pp
1177Alternatively, random early drop can be enabled by specifying
1178the three colon separated values
1179start:rate:full (e.g. "10:30:60").
1180.Xr sshd 8
1181will refuse connection attempts with a probability of rate/100 (30%)
1182if there are currently start (10) unauthenticated connections.
1183The probability increases linearly and all connection attempts
1184are refused if the number of unauthenticated connections reaches full (60).
1185.It Cm PasswordAuthentication
1186Specifies whether password authentication is allowed.
1187See also
1188.Cm UsePAM .
1189The default is
1190.Cm no .
1191.It Cm PermitEmptyPasswords
1192When password authentication is allowed, it specifies whether the
1193server allows login to accounts with empty password strings.
1194The default is
1195.Cm no .
1196.It Cm PermitListen
1197Specifies the addresses/ports on which a remote TCP port forwarding may listen.
1198The listen specification must be one of the following forms:
1199.Pp
1200.Bl -item -offset indent -compact
1201.It
1202.Cm PermitListen
1203.Sm off
1204.Ar port
1205.Sm on
1206.It
1207.Cm PermitListen
1208.Sm off
1209.Ar host : port
1210.Sm on
1211.El
1212.Pp
1213Multiple permissions may be specified by separating them with whitespace.
1214An argument of
1215.Cm any
1216can be used to remove all restrictions and permit any listen requests.
1217An argument of
1218.Cm none
1219can be used to prohibit all listen requests.
1220The host name may contain wildcards as described in the PATTERNS section in
1221.Xr ssh_config 5 .
1222The wildcard
1223.Sq *
1224can also be used in place of a port number to allow all ports.
1225By default all port forwarding listen requests are permitted.
1226Note that the
1227.Cm GatewayPorts
1228option may further restrict which addresses may be listened on.
1229Note also that
1230.Xr ssh 1
1231will request a listen host of
1232.Dq localhost
1233if no listen host was specifically requested, and this this name is
1234treated differently to explicit localhost addresses of
1235.Dq 127.0.0.1
1236and
1237.Dq ::1 .
1238.It Cm PermitOpen
1239Specifies the destinations to which TCP port forwarding is permitted.
1240The forwarding specification must be one of the following forms:
1241.Pp
1242.Bl -item -offset indent -compact
1243.It
1244.Cm PermitOpen
1245.Sm off
1246.Ar host : port
1247.Sm on
1248.It
1249.Cm PermitOpen
1250.Sm off
1251.Ar IPv4_addr : port
1252.Sm on
1253.It
1254.Cm PermitOpen
1255.Sm off
1256.Ar \&[ IPv6_addr \&] : port
1257.Sm on
1258.El
1259.Pp
1260Multiple forwards may be specified by separating them with whitespace.
1261An argument of
1262.Cm any
1263can be used to remove all restrictions and permit any forwarding requests.
1264An argument of
1265.Cm none
1266can be used to prohibit all forwarding requests.
1267The wildcard
1268.Sq *
1269can be used for host or port to allow all hosts or ports, respectively.
1270By default all port forwarding requests are permitted.
1271.It Cm PermitRootLogin
1272Specifies whether root can log in using
1273.Xr ssh 1 .
1274The argument must be
1275.Cm yes ,
1276.Cm prohibit-password ,
1277.Cm forced-commands-only ,
1278or
1279.Cm no .
1280The default is
1281.Cm no .
1282Note that if
1283.Cm ChallengeResponseAuthentication
1284and
1285.Cm UsePAM
1286are both
1287.Cm yes ,
1288this setting may be overridden by the PAM policy.
1289.Pp
1290If this option is set to
1291.Cm prohibit-password
1292(or its deprecated alias,
1293.Cm without-password ) ,
1294password and keyboard-interactive authentication are disabled for root.
1295.Pp
1296If this option is set to
1297.Cm forced-commands-only ,
1298root login with public key authentication will be allowed,
1299but only if the
1300.Ar command
1301option has been specified
1302(which may be useful for taking remote backups even if root login is
1303normally not allowed).
1304All other authentication methods are disabled for root.
1305.Pp
1306If this option is set to
1307.Cm no ,
1308root is not allowed to log in.
1309.It Cm PermitTTY
1310Specifies whether
1311.Xr pty 4
1312allocation is permitted.
1313The default is
1314.Cm yes .
1315.It Cm PermitTunnel
1316Specifies whether
1317.Xr tun 4
1318device forwarding is allowed.
1319The argument must be
1320.Cm yes ,
1321.Cm point-to-point
1322(layer 3),
1323.Cm ethernet
1324(layer 2), or
1325.Cm no .
1326Specifying
1327.Cm yes
1328permits both
1329.Cm point-to-point
1330and
1331.Cm ethernet .
1332The default is
1333.Cm no .
1334.Pp
1335Independent of this setting, the permissions of the selected
1336.Xr tun 4
1337device must allow access to the user.
1338.It Cm PermitUserEnvironment
1339Specifies whether
1340.Pa ~/.ssh/environment
1341and
1342.Cm environment=
1343options in
1344.Pa ~/.ssh/authorized_keys
1345are processed by
1346.Xr sshd 8 .
1347Valid options are
1348.Cm yes ,
1349.Cm no
1350or a pattern-list specifying which environment variable names to accept
1351(for example
1352.Qq LANG,LC_* ) .
1353The default is
1354.Cm no .
1355Enabling environment processing may enable users to bypass access
1356restrictions in some configurations using mechanisms such as
1357.Ev LD_PRELOAD .
1358.It Cm PermitUserRC
1359Specifies whether any
1360.Pa ~/.ssh/rc
1361file is executed.
1362The default is
1363.Cm yes .
1364.It Cm PidFile
1365Specifies the file that contains the process ID of the
1366SSH daemon, or
1367.Cm none
1368to not write one.
1369The default is
1370.Pa /var/run/sshd.pid .
1371.It Cm Port
1372Specifies the port number that
1373.Xr sshd 8
1374listens on.
1375The default is 22.
1376Multiple options of this type are permitted.
1377See also
1378.Cm ListenAddress .
1379.It Cm PrintLastLog
1380Specifies whether
1381.Xr sshd 8
1382should print the date and time of the last user login when a user logs
1383in interactively.
1384The default is
1385.Cm yes .
1386.It Cm PrintMotd
1387Specifies whether
1388.Xr sshd 8
1389should print
1390.Pa /etc/motd
1391when a user logs in interactively.
1392(On some systems it is also printed by the shell,
1393.Pa /etc/profile ,
1394or equivalent.)
1395The default is
1396.Cm yes .
1397.It Cm PubkeyAcceptedKeyTypes
1398Specifies the key types that will be accepted for public key authentication
1399as a list of comma-separated patterns.
1400Alternately if the specified value begins with a
1401.Sq +
1402character, then the specified key types will be appended to the default set
1403instead of replacing them.
1404If the specified value begins with a
1405.Sq -
1406character, then the specified key types (including wildcards) will be removed
1407from the default set instead of replacing them.
1408The default for this option is:
1409.Bd -literal -offset 3n
1410ecdsa-sha2-nistp256-cert-v01@openssh.com,
1411ecdsa-sha2-nistp384-cert-v01@openssh.com,
1412ecdsa-sha2-nistp521-cert-v01@openssh.com,
1413ssh-ed25519-cert-v01@openssh.com,
1414rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
1415ssh-rsa-cert-v01@openssh.com,
1416ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1417ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
1418.Ed
1419.Pp
1420The list of available key types may also be obtained using
1421.Qq ssh -Q key .
1422.It Cm PubkeyAuthentication
1423Specifies whether public key authentication is allowed.
1424The default is
1425.Cm yes .
1426.It Cm RekeyLimit
1427Specifies the maximum amount of data that may be transmitted before the
1428session key is renegotiated, optionally followed a maximum amount of
1429time that may pass before the session key is renegotiated.
1430The first argument is specified in bytes and may have a suffix of
1431.Sq K ,
1432.Sq M ,
1433or
1434.Sq G
1435to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
1436The default is between
1437.Sq 1G
1438and
1439.Sq 4G ,
1440depending on the cipher.
1441The optional second value is specified in seconds and may use any of the
1442units documented in the
1443.Sx TIME FORMATS
1444section.
1445The default value for
1446.Cm RekeyLimit
1447is
1448.Cm default none ,
1449which means that rekeying is performed after the cipher's default amount
1450of data has been sent or received and no time based rekeying is done.
1451.It Cm RevokedKeys
1452Specifies revoked public keys file, or
1453.Cm none
1454to not use one.
1455Keys listed in this file will be refused for public key authentication.
1456Note that if this file is not readable, then public key authentication will
1457be refused for all users.
1458Keys may be specified as a text file, listing one public key per line, or as
1459an OpenSSH Key Revocation List (KRL) as generated by
1460.Xr ssh-keygen 1 .
1461For more information on KRLs, see the KEY REVOCATION LISTS section in
1462.Xr ssh-keygen 1 .
1463.It Cm RDomain
1464Specifies an explicit routing domain that is applied after authentication
1465has completed.
1466The user session, as well and any forwarded or listening IP sockets,
1467will be bound to this
1468.Xr rdomain 4 .
1469If the routing domain is set to
1470.Cm \&%D ,
1471then the domain in which the incoming connection was received will be applied.
1472.It Cm SetEnv
1473Specifies one or more environment variables to set in child sessions started
1474by
1475.Xr sshd 8
1476as
1477.Dq NAME=VALUE .
1478The environment value may be quoted (e.g. if it contains whitespace
1479characters).
1480Environment variables set by
1481.Cm SetEnv
1482override the default environment and any variables specified by the user
1483via
1484.Cm AcceptEnv
1485or
1486.Cm PermitUserEnvironment .
1487.It Cm StreamLocalBindMask
1488Sets the octal file creation mode mask
1489.Pq umask
1490used when creating a Unix-domain socket file for local or remote
1491port forwarding.
1492This option is only used for port forwarding to a Unix-domain socket file.
1493.Pp
1494The default value is 0177, which creates a Unix-domain socket file that is
1495readable and writable only by the owner.
1496Note that not all operating systems honor the file mode on Unix-domain
1497socket files.
1498.It Cm StreamLocalBindUnlink
1499Specifies whether to remove an existing Unix-domain socket file for local
1500or remote port forwarding before creating a new one.
1501If the socket file already exists and
1502.Cm StreamLocalBindUnlink
1503is not enabled,
1504.Nm sshd
1505will be unable to forward the port to the Unix-domain socket file.
1506This option is only used for port forwarding to a Unix-domain socket file.
1507.Pp
1508The argument must be
1509.Cm yes
1510or
1511.Cm no .
1512The default is
1513.Cm no .
1514.It Cm StrictModes
1515Specifies whether
1516.Xr sshd 8
1517should check file modes and ownership of the
1518user's files and home directory before accepting login.
1519This is normally desirable because novices sometimes accidentally leave their
1520directory or files world-writable.
1521The default is
1522.Cm yes .
1523Note that this does not apply to
1524.Cm ChrootDirectory ,
1525whose permissions and ownership are checked unconditionally.
1526.It Cm Subsystem
1527Configures an external subsystem (e.g. file transfer daemon).
1528Arguments should be a subsystem name and a command (with optional arguments)
1529to execute upon subsystem request.
1530.Pp
1531The command
1532.Cm sftp-server
1533implements the SFTP file transfer subsystem.
1534.Pp
1535Alternately the name
1536.Cm internal-sftp
1537implements an in-process SFTP server.
1538This may simplify configurations using
1539.Cm ChrootDirectory
1540to force a different filesystem root on clients.
1541.Pp
1542By default no subsystems are defined.
1543.It Cm SyslogFacility
1544Gives the facility code that is used when logging messages from
1545.Xr sshd 8 .
1546The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
1547LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
1548The default is AUTH.
1549.It Cm TCPKeepAlive
1550Specifies whether the system should send TCP keepalive messages to the
1551other side.
1552If they are sent, death of the connection or crash of one
1553of the machines will be properly noticed.
1554However, this means that
1555connections will die if the route is down temporarily, and some people
1556find it annoying.
1557On the other hand, if TCP keepalives are not sent,
1558sessions may hang indefinitely on the server, leaving
1559.Qq ghost
1560users and consuming server resources.
1561.Pp
1562The default is
1563.Cm yes
1564(to send TCP keepalive messages), and the server will notice
1565if the network goes down or the client host crashes.
1566This avoids infinitely hanging sessions.
1567.Pp
1568To disable TCP keepalive messages, the value should be set to
1569.Cm no .
1570.It Cm TrustedUserCAKeys
1571Specifies a file containing public keys of certificate authorities that are
1572trusted to sign user certificates for authentication, or
1573.Cm none
1574to not use one.
1575Keys are listed one per line; empty lines and comments starting with
1576.Ql #
1577are allowed.
1578If a certificate is presented for authentication and has its signing CA key
1579listed in this file, then it may be used for authentication for any user
1580listed in the certificate's principals list.
1581Note that certificates that lack a list of principals will not be permitted
1582for authentication using
1583.Cm TrustedUserCAKeys .
1584For more details on certificates, see the CERTIFICATES section in
1585.Xr ssh-keygen 1 .
1586.It Cm UseBlacklist
1587Specifies whether
1588.Xr sshd 8
1589attempts to send authentication success and failure messages
1590to the
1591.Xr blacklistd 8
1592daemon.
1593The default is
1594.Cm no .
1595.It Cm UseDNS
1596Specifies whether
1597.Xr sshd 8
1598should look up the remote host name, and to check that
1599the resolved host name for the remote IP address maps back to the
1600very same IP address.
1601.Pp
1602If this option is set to
1603.Cm no ,
1604then only addresses and not host names may be used in
1605.Pa ~/.ssh/authorized_keys
1606.Cm from
1607and
1608.Nm
1609.Cm Match
1610.Cm Host
1611directives.
1612The default is
1613.Dq yes .
1614.It Cm UsePAM
1615Enables the Pluggable Authentication Module interface.
1616If set to
1617.Cm yes
1618this will enable PAM authentication using
1619.Cm ChallengeResponseAuthentication
1620and
1621.Cm PasswordAuthentication
1622in addition to PAM account and session module processing for all
1623authentication types.
1624.Pp
1625Because PAM challenge-response authentication usually serves an equivalent
1626role to password authentication, you should disable either
1627.Cm PasswordAuthentication
1628or
1629.Cm ChallengeResponseAuthentication.
1630.Pp
1631If
1632.Cm UsePAM
1633is enabled, you will not be able to run
1634.Xr sshd 8
1635as a non-root user.
1636The default is
1637.Cm yes .
1638.It Cm VersionAddendum
1639Optionally specifies additional text to append to the SSH protocol banner
1640sent by the server upon connection.
1641The default is
1642.Qq FreeBSD-20180909 .
1643The value
1644.Cm none
1645may be used to disable this.
1646.It Cm X11DisplayOffset
1647Specifies the first display number available for
1648.Xr sshd 8 Ns 's
1649X11 forwarding.
1650This prevents sshd from interfering with real X11 servers.
1651The default is 10.
1652.It Cm X11Forwarding
1653Specifies whether X11 forwarding is permitted.
1654The argument must be
1655.Cm yes
1656or
1657.Cm no .
1658The default is
1659.Cm yes .
1660.Pp
1661When X11 forwarding is enabled, there may be additional exposure to
1662the server and to client displays if the
1663.Xr sshd 8
1664proxy display is configured to listen on the wildcard address (see
1665.Cm X11UseLocalhost ) ,
1666though this is not the default.
1667Additionally, the authentication spoofing and authentication data
1668verification and substitution occur on the client side.
1669The security risk of using X11 forwarding is that the client's X11
1670display server may be exposed to attack when the SSH client requests
1671forwarding (see the warnings for
1672.Cm ForwardX11
1673in
1674.Xr ssh_config 5 ) .
1675A system administrator may have a stance in which they want to
1676protect clients that may expose themselves to attack by unwittingly
1677requesting X11 forwarding, which can warrant a
1678.Cm no
1679setting.
1680.Pp
1681Note that disabling X11 forwarding does not prevent users from
1682forwarding X11 traffic, as users can always install their own forwarders.
1683.It Cm X11UseLocalhost
1684Specifies whether
1685.Xr sshd 8
1686should bind the X11 forwarding server to the loopback address or to
1687the wildcard address.
1688By default,
1689sshd binds the forwarding server to the loopback address and sets the
1690hostname part of the
1691.Ev DISPLAY
1692environment variable to
1693.Cm localhost .
1694This prevents remote hosts from connecting to the proxy display.
1695However, some older X11 clients may not function with this
1696configuration.
1697.Cm X11UseLocalhost
1698may be set to
1699.Cm no
1700to specify that the forwarding server should be bound to the wildcard
1701address.
1702The argument must be
1703.Cm yes
1704or
1705.Cm no .
1706The default is
1707.Cm yes .
1708.It Cm XAuthLocation
1709Specifies the full pathname of the
1710.Xr xauth 1
1711program, or
1712.Cm none
1713to not use one.
1714The default is
1715.Pa /usr/local/bin/xauth .
1716.El
1717.Sh TIME FORMATS
1718.Xr sshd 8
1719command-line arguments and configuration file options that specify time
1720may be expressed using a sequence of the form:
1721.Sm off
1722.Ar time Op Ar qualifier ,
1723.Sm on
1724where
1725.Ar time
1726is a positive integer value and
1727.Ar qualifier
1728is one of the following:
1729.Pp
1730.Bl -tag -width Ds -compact -offset indent
1731.It Aq Cm none
1732seconds
1733.It Cm s | Cm S
1734seconds
1735.It Cm m | Cm M
1736minutes
1737.It Cm h | Cm H
1738hours
1739.It Cm d | Cm D
1740days
1741.It Cm w | Cm W
1742weeks
1743.El
1744.Pp
1745Each member of the sequence is added together to calculate
1746the total time value.
1747.Pp
1748Time format examples:
1749.Pp
1750.Bl -tag -width Ds -compact -offset indent
1751.It 600
1752600 seconds (10 minutes)
1753.It 10m
175410 minutes
1755.It 1h30m
17561 hour 30 minutes (90 minutes)
1757.El
1758.Sh TOKENS
1759Arguments to some keywords can make use of tokens,
1760which are expanded at runtime:
1761.Pp
1762.Bl -tag -width XXXX -offset indent -compact
1763.It %%
1764A literal
1765.Sq % .
1766.It \&%D
1767The routing domain in which the incoming connection was received.
1768.It %F
1769The fingerprint of the CA key.
1770.It %f
1771The fingerprint of the key or certificate.
1772.It %h
1773The home directory of the user.
1774.It %i
1775The key ID in the certificate.
1776.It %K
1777The base64-encoded CA key.
1778.It %k
1779The base64-encoded key or certificate for authentication.
1780.It %s
1781The serial number of the certificate.
1782.It \&%T
1783The type of the CA key.
1784.It %t
1785The key or certificate type.
1786.It \&%U
1787The numeric user ID of the target user.
1788.It %u
1789The username.
1790.El
1791.Pp
1792.Cm AuthorizedKeysCommand
1793accepts the tokens %%, %f, %h, %k, %t, %U, and %u.
1794.Pp
1795.Cm AuthorizedKeysFile
1796accepts the tokens %%, %h, %U, and %u.
1797.Pp
1798.Cm AuthorizedPrincipalsCommand
1799accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, %U, and %u.
1800.Pp
1801.Cm AuthorizedPrincipalsFile
1802accepts the tokens %%, %h, %U, and %u.
1803.Pp
1804.Cm ChrootDirectory
1805accepts the tokens %%, %h, %U, and %u.
1806.Pp
1807.Cm RoutingDomain
1808accepts the token %D.
1809.Sh FILES
1810.Bl -tag -width Ds
1811.It Pa /etc/ssh/sshd_config
1812Contains configuration data for
1813.Xr sshd 8 .
1814This file should be writable by root only, but it is recommended
1815(though not necessary) that it be world-readable.
1816.El
1817.Sh SEE ALSO
1818.Xr sftp-server 8 ,
1819.Xr sshd 8
1820.Sh AUTHORS
1821.An -nosplit
1822OpenSSH is a derivative of the original and free
1823ssh 1.2.12 release by
1824.An Tatu Ylonen .
1825.An Aaron Campbell , Bob Beck , Markus Friedl , Niels Provos ,
1826.An Theo de Raadt
1827and
1828.An Dug Song
1829removed many bugs, re-added newer features and
1830created OpenSSH.
1831.An Markus Friedl
1832contributed the support for SSH protocol versions 1.5 and 2.0.
1833.An Niels Provos
1834and
1835.An Markus Friedl
1836contributed support for privilege separation.
1837