xref: /freebsd/crypto/openssh/sshd_config.5 (revision f7c4bd95ba735bd6a5454b4953945a99cefbb80c)
1.\"  -*- nroff -*-
2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\"                    All rights reserved
6.\"
7.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose.  Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
12.\"
13.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
14.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
15.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
16.\"
17.\" Redistribution and use in source and binary forms, with or without
18.\" modification, are permitted provided that the following conditions
19.\" are met:
20.\" 1. Redistributions of source code must retain the above copyright
21.\"    notice, this list of conditions and the following disclaimer.
22.\" 2. Redistributions in binary form must reproduce the above copyright
23.\"    notice, this list of conditions and the following disclaimer in the
24.\"    documentation and/or other materials provided with the distribution.
25.\"
26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\"
37.\" $OpenBSD: sshd_config.5,v 1.96 2008/07/02 02:24:18 djm Exp $
38.\" $FreeBSD$
39.Dd $Mdocdate: July 2 2008 $
40.Dt SSHD_CONFIG 5
41.Os
42.Sh NAME
43.Nm sshd_config
44.Nd OpenSSH SSH daemon configuration file
45.Sh SYNOPSIS
46.Nm /etc/ssh/sshd_config
47.Sh DESCRIPTION
48.Xr sshd 8
49reads configuration data from
50.Pa /etc/ssh/sshd_config
51(or the file specified with
52.Fl f
53on the command line).
54The file contains keyword-argument pairs, one per line.
55Lines starting with
56.Ql #
57and empty lines are interpreted as comments.
58Arguments may optionally be enclosed in double quotes
59.Pq \&"
60in order to represent arguments containing spaces.
61.Pp
62The possible
63keywords and their meanings are as follows (note that
64keywords are case-insensitive and arguments are case-sensitive):
65.Bl -tag -width Ds
66.It Cm AcceptEnv
67Specifies what environment variables sent by the client will be copied into
68the session's
69.Xr environ 7 .
70See
71.Cm SendEnv
72in
73.Xr ssh_config 5
74for how to configure the client.
75Note that environment passing is only supported for protocol 2.
76Variables are specified by name, which may contain the wildcard characters
77.Ql *
78and
79.Ql \&? .
80Multiple environment variables may be separated by whitespace or spread
81across multiple
82.Cm AcceptEnv
83directives.
84Be warned that some environment variables could be used to bypass restricted
85user environments.
86For this reason, care should be taken in the use of this directive.
87The default is not to accept any environment variables.
88.It Cm AddressFamily
89Specifies which address family should be used by
90.Xr sshd 8 .
91Valid arguments are
92.Dq any ,
93.Dq inet
94(use IPv4 only), or
95.Dq inet6
96(use IPv6 only).
97The default is
98.Dq any .
99.It Cm AllowAgentForwarding
100Specifies whether
101.Xr ssh-agent 1
102forwarding is permitted.
103The default is
104.Dq yes .
105Note that disabling agent forwarding does not improve security
106unless users are also denied shell access, as they can always install
107their own forwarders.
108.It Cm AllowGroups
109This keyword can be followed by a list of group name patterns, separated
110by spaces.
111If specified, login is allowed only for users whose primary
112group or supplementary group list matches one of the patterns.
113Only group names are valid; a numerical group ID is not recognized.
114By default, login is allowed for all groups.
115The allow/deny directives are processed in the following order:
116.Cm DenyUsers ,
117.Cm AllowUsers ,
118.Cm DenyGroups ,
119and finally
120.Cm AllowGroups .
121.Pp
122See
123.Sx PATTERNS
124in
125.Xr ssh_config 5
126for more information on patterns.
127.It Cm AllowTcpForwarding
128Specifies whether TCP forwarding is permitted.
129The default is
130.Dq yes .
131Note that disabling TCP forwarding does not improve security unless
132users are also denied shell access, as they can always install their
133own forwarders.
134.It Cm AllowUsers
135This keyword can be followed by a list of user name patterns, separated
136by spaces.
137If specified, login is allowed only for user names that
138match one of the patterns.
139Only user names are valid; a numerical user ID is not recognized.
140By default, login is allowed for all users.
141If the pattern takes the form USER@HOST then USER and HOST
142are separately checked, restricting logins to particular
143users from particular hosts.
144The allow/deny directives are processed in the following order:
145.Cm DenyUsers ,
146.Cm AllowUsers ,
147.Cm DenyGroups ,
148and finally
149.Cm AllowGroups .
150.Pp
151See
152.Sx PATTERNS
153in
154.Xr ssh_config 5
155for more information on patterns.
156.It Cm AuthorizedKeysFile
157Specifies the file that contains the public keys that can be used
158for user authentication.
159.Cm AuthorizedKeysFile
160may contain tokens of the form %T which are substituted during connection
161setup.
162The following tokens are defined: %% is replaced by a literal '%',
163%h is replaced by the home directory of the user being authenticated, and
164%u is replaced by the username of that user.
165After expansion,
166.Cm AuthorizedKeysFile
167is taken to be an absolute path or one relative to the user's home
168directory.
169The default is
170.Dq .ssh/authorized_keys .
171.It Cm Banner
172The contents of the specified file are sent to the remote user before
173authentication is allowed.
174If the argument is
175.Dq none
176then no banner is displayed.
177This option is only available for protocol version 2.
178By default, no banner is displayed.
179.It Cm ChallengeResponseAuthentication
180Specifies whether challenge-response authentication is allowed.
181See also
182.Cm UsePAM .
183The default is
184.Dq yes .
185.It Cm ChrootDirectory
186Specifies a path to
187.Xr chroot 2
188to after authentication.
189This path, and all its components, must be root-owned directories that are
190not writable by any other user or group.
191.Pp
192The path may contain the following tokens that are expanded at runtime once
193the connecting user has been authenticated: %% is replaced by a literal '%',
194%h is replaced by the home directory of the user being authenticated, and
195%u is replaced by the username of that user.
196.Pp
197The
198.Cm ChrootDirectory
199must contain the necessary files and directories to support the
200users' session.
201For an interactive session this requires at least a shell, typically
202.Xr sh 1 ,
203and basic
204.Pa /dev
205nodes such as
206.Xr null 4 ,
207.Xr zero 4 ,
208.Xr stdin 4 ,
209.Xr stdout 4 ,
210.Xr stderr 4 ,
211.Xr arandom 4
212and
213.Xr tty 4
214devices.
215For file transfer sessions using
216.Dq sftp ,
217no additional configuration of the environment is necessary if the
218in-process sftp server is used (see
219.Cm Subsystem
220for details).
221.Pp
222The default is not to
223.Xr chroot 2 .
224.It Cm Ciphers
225Specifies the ciphers allowed for protocol version 2.
226Multiple ciphers must be comma-separated.
227The supported ciphers are
228.Dq 3des-cbc ,
229.Dq aes128-cbc ,
230.Dq aes192-cbc ,
231.Dq aes256-cbc ,
232.Dq aes128-ctr ,
233.Dq aes192-ctr ,
234.Dq aes256-ctr ,
235.Dq arcfour128 ,
236.Dq arcfour256 ,
237.Dq arcfour ,
238.Dq blowfish-cbc ,
239and
240.Dq cast128-cbc .
241The default is:
242.Bd -literal -offset 3n
243aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
244arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
245aes192-ctr,aes256-ctr
246.Ed
247.It Cm ClientAliveCountMax
248Sets the number of client alive messages (see below) which may be
249sent without
250.Xr sshd 8
251receiving any messages back from the client.
252If this threshold is reached while client alive messages are being sent,
253sshd will disconnect the client, terminating the session.
254It is important to note that the use of client alive messages is very
255different from
256.Cm TCPKeepAlive
257(below).
258The client alive messages are sent through the encrypted channel
259and therefore will not be spoofable.
260The TCP keepalive option enabled by
261.Cm TCPKeepAlive
262is spoofable.
263The client alive mechanism is valuable when the client or
264server depend on knowing when a connection has become inactive.
265.Pp
266The default value is 3.
267If
268.Cm ClientAliveInterval
269(see below) is set to 15, and
270.Cm ClientAliveCountMax
271is left at the default, unresponsive SSH clients
272will be disconnected after approximately 45 seconds.
273This option applies to protocol version 2 only.
274.It Cm ClientAliveInterval
275Sets a timeout interval in seconds after which if no data has been received
276from the client,
277.Xr sshd 8
278will send a message through the encrypted
279channel to request a response from the client.
280The default
281is 0, indicating that these messages will not be sent to the client.
282This option applies to protocol version 2 only.
283.It Cm Compression
284Specifies whether compression is allowed, or delayed until
285the user has authenticated successfully.
286The argument must be
287.Dq yes ,
288.Dq delayed ,
289or
290.Dq no .
291The default is
292.Dq delayed .
293.It Cm DenyGroups
294This keyword can be followed by a list of group name patterns, separated
295by spaces.
296Login is disallowed for users whose primary group or supplementary
297group list matches one of the patterns.
298Only group names are valid; a numerical group ID is not recognized.
299By default, login is allowed for all groups.
300The allow/deny directives are processed in the following order:
301.Cm DenyUsers ,
302.Cm AllowUsers ,
303.Cm DenyGroups ,
304and finally
305.Cm AllowGroups .
306.Pp
307See
308.Sx PATTERNS
309in
310.Xr ssh_config 5
311for more information on patterns.
312.It Cm DenyUsers
313This keyword can be followed by a list of user name patterns, separated
314by spaces.
315Login is disallowed for user names that match one of the patterns.
316Only user names are valid; a numerical user ID is not recognized.
317By default, login is allowed for all users.
318If the pattern takes the form USER@HOST then USER and HOST
319are separately checked, restricting logins to particular
320users from particular hosts.
321The allow/deny directives are processed in the following order:
322.Cm DenyUsers ,
323.Cm AllowUsers ,
324.Cm DenyGroups ,
325and finally
326.Cm AllowGroups .
327.Pp
328See
329.Sx PATTERNS
330in
331.Xr ssh_config 5
332for more information on patterns.
333.It Cm ForceCommand
334Forces the execution of the command specified by
335.Cm ForceCommand ,
336ignoring any command supplied by the client and
337.Pa ~/.ssh/rc
338if present.
339The command is invoked by using the user's login shell with the -c option.
340This applies to shell, command, or subsystem execution.
341It is most useful inside a
342.Cm Match
343block.
344The command originally supplied by the client is available in the
345.Ev SSH_ORIGINAL_COMMAND
346environment variable.
347Specifying a command of
348.Dq internal-sftp
349will force the use of an in-process sftp server that requires no support
350files when used with
351.Cm ChrootDirectory .
352.It Cm GatewayPorts
353Specifies whether remote hosts are allowed to connect to ports
354forwarded for the client.
355By default,
356.Xr sshd 8
357binds remote port forwardings to the loopback address.
358This prevents other remote hosts from connecting to forwarded ports.
359.Cm GatewayPorts
360can be used to specify that sshd
361should allow remote port forwardings to bind to non-loopback addresses, thus
362allowing other hosts to connect.
363The argument may be
364.Dq no
365to force remote port forwardings to be available to the local host only,
366.Dq yes
367to force remote port forwardings to bind to the wildcard address, or
368.Dq clientspecified
369to allow the client to select the address to which the forwarding is bound.
370The default is
371.Dq no .
372.It Cm GSSAPIAuthentication
373Specifies whether user authentication based on GSSAPI is allowed.
374The default is
375.Dq no .
376Note that this option applies to protocol version 2 only.
377.It Cm GSSAPICleanupCredentials
378Specifies whether to automatically destroy the user's credentials cache
379on logout.
380The default is
381.Dq yes .
382Note that this option applies to protocol version 2 only.
383.It Cm HostbasedAuthentication
384Specifies whether rhosts or /etc/hosts.equiv authentication together
385with successful public key client host authentication is allowed
386(host-based authentication).
387This option is similar to
388.Cm RhostsRSAAuthentication
389and applies to protocol version 2 only.
390The default is
391.Dq no .
392.It Cm HostbasedUsesNameFromPacketOnly
393Specifies whether or not the server will attempt to perform a reverse
394name lookup when matching the name in the
395.Pa ~/.shosts ,
396.Pa ~/.rhosts ,
397and
398.Pa /etc/hosts.equiv
399files during
400.Cm HostbasedAuthentication .
401A setting of
402.Dq yes
403means that
404.Xr sshd 8
405uses the name supplied by the client rather than
406attempting to resolve the name from the TCP connection itself.
407The default is
408.Dq no .
409.It Cm HostKey
410Specifies a file containing a private host key
411used by SSH.
412The default is
413.Pa /etc/ssh/ssh_host_key
414for protocol version 1, and
415.Pa /etc/ssh/ssh_host_rsa_key
416and
417.Pa /etc/ssh/ssh_host_dsa_key
418for protocol version 2.
419Note that
420.Xr sshd 8
421will refuse to use a file if it is group/world-accessible.
422It is possible to have multiple host key files.
423.Dq rsa1
424keys are used for version 1 and
425.Dq dsa
426or
427.Dq rsa
428are used for version 2 of the SSH protocol.
429.It Cm IgnoreRhosts
430Specifies that
431.Pa .rhosts
432and
433.Pa .shosts
434files will not be used in
435.Cm RhostsRSAAuthentication
436or
437.Cm HostbasedAuthentication .
438.Pp
439.Pa /etc/hosts.equiv
440and
441.Pa /etc/ssh/shosts.equiv
442are still used.
443The default is
444.Dq yes .
445.It Cm IgnoreUserKnownHosts
446Specifies whether
447.Xr sshd 8
448should ignore the user's
449.Pa ~/.ssh/known_hosts
450during
451.Cm RhostsRSAAuthentication
452or
453.Cm HostbasedAuthentication .
454The default is
455.Dq no .
456.It Cm KerberosAuthentication
457Specifies whether the password provided by the user for
458.Cm PasswordAuthentication
459will be validated through the Kerberos KDC.
460To use this option, the server needs a
461Kerberos servtab which allows the verification of the KDC's identity.
462The default is
463.Dq no .
464.It Cm KerberosGetAFSToken
465If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire
466an AFS token before accessing the user's home directory.
467The default is
468.Dq no .
469.It Cm KerberosOrLocalPasswd
470If password authentication through Kerberos fails then
471the password will be validated via any additional local mechanism
472such as
473.Pa /etc/passwd .
474The default is
475.Dq yes .
476.It Cm KerberosTicketCleanup
477Specifies whether to automatically destroy the user's ticket cache
478file on logout.
479The default is
480.Dq yes .
481.It Cm KeyRegenerationInterval
482In protocol version 1, the ephemeral server key is automatically regenerated
483after this many seconds (if it has been used).
484The purpose of regeneration is to prevent
485decrypting captured sessions by later breaking into the machine and
486stealing the keys.
487The key is never stored anywhere.
488If the value is 0, the key is never regenerated.
489The default is 3600 (seconds).
490.It Cm ListenAddress
491Specifies the local addresses
492.Xr sshd 8
493should listen on.
494The following forms may be used:
495.Pp
496.Bl -item -offset indent -compact
497.It
498.Cm ListenAddress
499.Sm off
500.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
501.Sm on
502.It
503.Cm ListenAddress
504.Sm off
505.Ar host No | Ar IPv4_addr No : Ar port
506.Sm on
507.It
508.Cm ListenAddress
509.Sm off
510.Oo
511.Ar host No | Ar IPv6_addr Oc : Ar port
512.Sm on
513.El
514.Pp
515If
516.Ar port
517is not specified,
518sshd will listen on the address and all prior
519.Cm Port
520options specified.
521The default is to listen on all local addresses.
522Multiple
523.Cm ListenAddress
524options are permitted.
525Additionally, any
526.Cm Port
527options must precede this option for non-port qualified addresses.
528.It Cm LoginGraceTime
529The server disconnects after this time if the user has not
530successfully logged in.
531If the value is 0, there is no time limit.
532The default is 120 seconds.
533.It Cm LogLevel
534Gives the verbosity level that is used when logging messages from
535.Xr sshd 8 .
536The possible values are:
537QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
538The default is INFO.
539DEBUG and DEBUG1 are equivalent.
540DEBUG2 and DEBUG3 each specify higher levels of debugging output.
541Logging with a DEBUG level violates the privacy of users and is not recommended.
542.It Cm MACs
543Specifies the available MAC (message authentication code) algorithms.
544The MAC algorithm is used in protocol version 2
545for data integrity protection.
546Multiple algorithms must be comma-separated.
547The default is:
548.Bd -literal -offset indent
549hmac-md5,hmac-sha1,umac-64@openssh.com,
550hmac-ripemd160,hmac-sha1-96,hmac-md5-96
551.Ed
552.It Cm Match
553Introduces a conditional block.
554If all of the criteria on the
555.Cm Match
556line are satisfied, the keywords on the following lines override those
557set in the global section of the config file, until either another
558.Cm Match
559line or the end of the file.
560.Pp
561The arguments to
562.Cm Match
563are one or more criteria-pattern pairs.
564The available criteria are
565.Cm User ,
566.Cm Group ,
567.Cm Host ,
568and
569.Cm Address .
570The match patterns may consist of single entries or comma-separated
571lists and may use the wildcard and negation operators described in the
572.Sx PATTERNS
573section of
574.Xr ssh_config 5 .
575.Pp
576The patterns in an
577.Cm Address
578criteria may additionally contain addresses to match in CIDR
579address/masklen format, e.g.\&
580.Dq 192.0.2.0/24
581or
582.Dq 3ffe:ffff::/32 .
583Note that the mask length provided must be consistent with the address -
584it is an error to specify a mask length that is too long for the address
585or one with bits set in this host portion of the address.
586For example,
587.Dq 192.0.2.0/33
588and
589.Dq 192.0.2.0/8
590respectively.
591.Pp
592Only a subset of keywords may be used on the lines following a
593.Cm Match
594keyword.
595Available keywords are
596.Cm AllowTcpForwarding ,
597.Cm Banner ,
598.Cm ChrootDirectory ,
599.Cm ForceCommand ,
600.Cm GatewayPorts ,
601.Cm GSSAPIAuthentication ,
602.Cm HostbasedAuthentication ,
603.Cm KbdInteractiveAuthentication ,
604.Cm KerberosAuthentication ,
605.Cm MaxAuthTries ,
606.Cm MaxSessions ,
607.Cm PasswordAuthentication ,
608.Cm PermitOpen ,
609.Cm PermitRootLogin ,
610.Cm RhostsRSAAuthentication ,
611.Cm RSAAuthentication ,
612.Cm X11DisplayOffset ,
613.Cm X11Forwarding ,
614and
615.Cm X11UseLocalHost .
616.It Cm MaxAuthTries
617Specifies the maximum number of authentication attempts permitted per
618connection.
619Once the number of failures reaches half this value,
620additional failures are logged.
621The default is 6.
622.It Cm MaxSessions
623Specifies the maximum number of open sessions permitted per network connection.
624The default is 10.
625.It Cm MaxStartups
626Specifies the maximum number of concurrent unauthenticated connections to the
627SSH daemon.
628Additional connections will be dropped until authentication succeeds or the
629.Cm LoginGraceTime
630expires for a connection.
631The default is 10.
632.Pp
633Alternatively, random early drop can be enabled by specifying
634the three colon separated values
635.Dq start:rate:full
636(e.g. "10:30:60").
637.Xr sshd 8
638will refuse connection attempts with a probability of
639.Dq rate/100
640(30%)
641if there are currently
642.Dq start
643(10)
644unauthenticated connections.
645The probability increases linearly and all connection attempts
646are refused if the number of unauthenticated connections reaches
647.Dq full
648(60).
649.It Cm PasswordAuthentication
650Specifies whether password authentication is allowed.
651See also
652.Cm UsePAM .
653The default is
654.Dq no .
655.It Cm PermitEmptyPasswords
656When password authentication is allowed, it specifies whether the
657server allows login to accounts with empty password strings.
658The default is
659.Dq no .
660.It Cm PermitOpen
661Specifies the destinations to which TCP port forwarding is permitted.
662The forwarding specification must be one of the following forms:
663.Pp
664.Bl -item -offset indent -compact
665.It
666.Cm PermitOpen
667.Sm off
668.Ar host : port
669.Sm on
670.It
671.Cm PermitOpen
672.Sm off
673.Ar IPv4_addr : port
674.Sm on
675.It
676.Cm PermitOpen
677.Sm off
678.Ar \&[ IPv6_addr \&] : port
679.Sm on
680.El
681.Pp
682Multiple forwards may be specified by separating them with whitespace.
683An argument of
684.Dq any
685can be used to remove all restrictions and permit any forwarding requests.
686By default all port forwarding requests are permitted.
687.It Cm PermitRootLogin
688Specifies whether root can log in using
689.Xr ssh 1 .
690The argument must be
691.Dq yes ,
692.Dq without-password ,
693.Dq forced-commands-only ,
694or
695.Dq no .
696The default is
697.Dq no .
698Note that if
699.Cm ChallengeResponseAuthentication
700is
701.Dq yes ,
702the root user may be allowed in with its password even if
703.Cm PermitRootLogin is set to
704.Dq without-password .
705.Pp
706If this option is set to
707.Dq without-password ,
708password authentication is disabled for root.
709.Pp
710If this option is set to
711.Dq forced-commands-only ,
712root login with public key authentication will be allowed,
713but only if the
714.Ar command
715option has been specified
716(which may be useful for taking remote backups even if root login is
717normally not allowed).
718All other authentication methods are disabled for root.
719.Pp
720If this option is set to
721.Dq no ,
722root is not allowed to log in.
723.It Cm PermitTunnel
724Specifies whether
725.Xr tun 4
726device forwarding is allowed.
727The argument must be
728.Dq yes ,
729.Dq point-to-point
730(layer 3),
731.Dq ethernet
732(layer 2), or
733.Dq no .
734Specifying
735.Dq yes
736permits both
737.Dq point-to-point
738and
739.Dq ethernet .
740The default is
741.Dq no .
742.It Cm PermitUserEnvironment
743Specifies whether
744.Pa ~/.ssh/environment
745and
746.Cm environment=
747options in
748.Pa ~/.ssh/authorized_keys
749are processed by
750.Xr sshd 8 .
751The default is
752.Dq no .
753Enabling environment processing may enable users to bypass access
754restrictions in some configurations using mechanisms such as
755.Ev LD_PRELOAD .
756.It Cm PidFile
757Specifies the file that contains the process ID of the
758SSH daemon.
759The default is
760.Pa /var/run/sshd.pid .
761.It Cm Port
762Specifies the port number that
763.Xr sshd 8
764listens on.
765The default is 22.
766Multiple options of this type are permitted.
767See also
768.Cm ListenAddress .
769.It Cm PrintLastLog
770Specifies whether
771.Xr sshd 8
772should print the date and time of the last user login when a user logs
773in interactively.
774The default is
775.Dq yes .
776.It Cm PrintMotd
777Specifies whether
778.Xr sshd 8
779should print
780.Pa /etc/motd
781when a user logs in interactively.
782(On some systems it is also printed by the shell,
783.Pa /etc/profile ,
784or equivalent.)
785The default is
786.Dq yes .
787.It Cm Protocol
788Specifies the protocol versions
789.Xr sshd 8
790supports.
791The possible values are
792.Sq 1
793and
794.Sq 2 .
795Multiple versions must be comma-separated.
796The default is
797.Dq 2 .
798Note that the order of the protocol list does not indicate preference,
799because the client selects among multiple protocol versions offered
800by the server.
801Specifying
802.Dq 2,1
803is identical to
804.Dq 1,2 .
805.It Cm PubkeyAuthentication
806Specifies whether public key authentication is allowed.
807The default is
808.Dq yes .
809Note that this option applies to protocol version 2 only.
810.It Cm RhostsRSAAuthentication
811Specifies whether rhosts or
812.Pa /etc/hosts.equiv
813authentication together
814with successful RSA host authentication is allowed.
815The default is
816.Dq no .
817This option applies to protocol version 1 only.
818.It Cm RSAAuthentication
819Specifies whether pure RSA authentication is allowed.
820The default is
821.Dq yes .
822This option applies to protocol version 1 only.
823.It Cm ServerKeyBits
824Defines the number of bits in the ephemeral protocol version 1 server key.
825The minimum value is 512, and the default is 1024.
826.It Cm StrictModes
827Specifies whether
828.Xr sshd 8
829should check file modes and ownership of the
830user's files and home directory before accepting login.
831This is normally desirable because novices sometimes accidentally leave their
832directory or files world-writable.
833The default is
834.Dq yes .
835.It Cm Subsystem
836Configures an external subsystem (e.g. file transfer daemon).
837Arguments should be a subsystem name and a command (with optional arguments)
838to execute upon subsystem request.
839.Pp
840The command
841.Xr sftp-server 8
842implements the
843.Dq sftp
844file transfer subsystem.
845.Pp
846Alternately the name
847.Dq internal-sftp
848implements an in-process
849.Dq sftp
850server.
851This may simplify configurations using
852.Cm ChrootDirectory
853to force a different filesystem root on clients.
854.Pp
855By default no subsystems are defined.
856Note that this option applies to protocol version 2 only.
857.It Cm SyslogFacility
858Gives the facility code that is used when logging messages from
859.Xr sshd 8 .
860The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
861LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
862The default is AUTH.
863.It Cm TCPKeepAlive
864Specifies whether the system should send TCP keepalive messages to the
865other side.
866If they are sent, death of the connection or crash of one
867of the machines will be properly noticed.
868However, this means that
869connections will die if the route is down temporarily, and some people
870find it annoying.
871On the other hand, if TCP keepalives are not sent,
872sessions may hang indefinitely on the server, leaving
873.Dq ghost
874users and consuming server resources.
875.Pp
876The default is
877.Dq yes
878(to send TCP keepalive messages), and the server will notice
879if the network goes down or the client host crashes.
880This avoids infinitely hanging sessions.
881.Pp
882To disable TCP keepalive messages, the value should be set to
883.Dq no .
884.It Cm UseDNS
885Specifies whether
886.Xr sshd 8
887should look up the remote host name and check that
888the resolved host name for the remote IP address maps back to the
889very same IP address.
890The default is
891.Dq yes .
892.It Cm UseLogin
893Specifies whether
894.Xr login 1
895is used for interactive login sessions.
896The default is
897.Dq no .
898Note that
899.Xr login 1
900is never used for remote command execution.
901Note also, that if this is enabled,
902.Cm X11Forwarding
903will be disabled because
904.Xr login 1
905does not know how to handle
906.Xr xauth 1
907cookies.
908If
909.Cm UsePrivilegeSeparation
910is specified, it will be disabled after authentication.
911.It Cm UsePAM
912Enables the Pluggable Authentication Module interface.
913If set to
914.Dq yes
915this will enable PAM authentication using
916.Cm ChallengeResponseAuthentication
917and
918.Cm PasswordAuthentication
919in addition to PAM account and session module processing for all
920authentication types.
921.Pp
922Because PAM challenge-response authentication usually serves an equivalent
923role to password authentication, you should disable either
924.Cm PasswordAuthentication
925or
926.Cm ChallengeResponseAuthentication.
927.Pp
928If
929.Cm UsePAM
930is enabled, you will not be able to run
931.Xr sshd 8
932as a non-root user.
933The default is
934.Dq yes .
935.It Cm UsePrivilegeSeparation
936Specifies whether
937.Xr sshd 8
938separates privileges by creating an unprivileged child process
939to deal with incoming network traffic.
940After successful authentication, another process will be created that has
941the privilege of the authenticated user.
942The goal of privilege separation is to prevent privilege
943escalation by containing any corruption within the unprivileged processes.
944The default is
945.Dq yes .
946.It Cm VersionAddendum
947Specifies a string to append to the regular version string to identify
948OS- or site-specific modifications.
949The default is
950.Dq FreeBSD-20080801 .
951.It Cm X11DisplayOffset
952Specifies the first display number available for
953.Xr sshd 8 Ns 's
954X11 forwarding.
955This prevents sshd from interfering with real X11 servers.
956The default is 10.
957.It Cm X11Forwarding
958Specifies whether X11 forwarding is permitted.
959The argument must be
960.Dq yes
961or
962.Dq no .
963The default is
964.Dq yes .
965.Pp
966When X11 forwarding is enabled, there may be additional exposure to
967the server and to client displays if the
968.Xr sshd 8
969proxy display is configured to listen on the wildcard address (see
970.Cm X11UseLocalhost
971below), though this is not the default.
972Additionally, the authentication spoofing and authentication data
973verification and substitution occur on the client side.
974The security risk of using X11 forwarding is that the client's X11
975display server may be exposed to attack when the SSH client requests
976forwarding (see the warnings for
977.Cm ForwardX11
978in
979.Xr ssh_config 5 ) .
980A system administrator may have a stance in which they want to
981protect clients that may expose themselves to attack by unwittingly
982requesting X11 forwarding, which can warrant a
983.Dq no
984setting.
985.Pp
986Note that disabling X11 forwarding does not prevent users from
987forwarding X11 traffic, as users can always install their own forwarders.
988X11 forwarding is automatically disabled if
989.Cm UseLogin
990is enabled.
991.It Cm X11UseLocalhost
992Specifies whether
993.Xr sshd 8
994should bind the X11 forwarding server to the loopback address or to
995the wildcard address.
996By default,
997sshd binds the forwarding server to the loopback address and sets the
998hostname part of the
999.Ev DISPLAY
1000environment variable to
1001.Dq localhost .
1002This prevents remote hosts from connecting to the proxy display.
1003However, some older X11 clients may not function with this
1004configuration.
1005.Cm X11UseLocalhost
1006may be set to
1007.Dq no
1008to specify that the forwarding server should be bound to the wildcard
1009address.
1010The argument must be
1011.Dq yes
1012or
1013.Dq no .
1014The default is
1015.Dq yes .
1016.It Cm XAuthLocation
1017Specifies the full pathname of the
1018.Xr xauth 1
1019program.
1020The default is
1021.Pa /usr/local/bin/xauth .
1022.El
1023.Sh TIME FORMATS
1024.Xr sshd 8
1025command-line arguments and configuration file options that specify time
1026may be expressed using a sequence of the form:
1027.Sm off
1028.Ar time Op Ar qualifier ,
1029.Sm on
1030where
1031.Ar time
1032is a positive integer value and
1033.Ar qualifier
1034is one of the following:
1035.Pp
1036.Bl -tag -width Ds -compact -offset indent
1037.It Aq Cm none
1038seconds
1039.It Cm s | Cm S
1040seconds
1041.It Cm m | Cm M
1042minutes
1043.It Cm h | Cm H
1044hours
1045.It Cm d | Cm D
1046days
1047.It Cm w | Cm W
1048weeks
1049.El
1050.Pp
1051Each member of the sequence is added together to calculate
1052the total time value.
1053.Pp
1054Time format examples:
1055.Pp
1056.Bl -tag -width Ds -compact -offset indent
1057.It 600
1058600 seconds (10 minutes)
1059.It 10m
106010 minutes
1061.It 1h30m
10621 hour 30 minutes (90 minutes)
1063.El
1064.Sh FILES
1065.Bl -tag -width Ds
1066.It Pa /etc/ssh/sshd_config
1067Contains configuration data for
1068.Xr sshd 8 .
1069This file should be writable by root only, but it is recommended
1070(though not necessary) that it be world-readable.
1071.El
1072.Sh SEE ALSO
1073.Xr sshd 8
1074.Sh AUTHORS
1075OpenSSH is a derivative of the original and free
1076ssh 1.2.12 release by Tatu Ylonen.
1077Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
1078Theo de Raadt and Dug Song
1079removed many bugs, re-added newer features and
1080created OpenSSH.
1081Markus Friedl contributed the support for SSH
1082protocol versions 1.5 and 2.0.
1083Niels Provos and Markus Friedl contributed support
1084for privilege separation.
1085