version 1.119, 2001/04/22 13:32:27 |
version 1.120, 2001/04/22 23:58:36 |
|
|
.Os |
.Os |
.Sh NAME |
.Sh NAME |
.Nm sshd |
.Nm sshd |
.Nd OpenSSH ssh daemon |
.Nd OpenSSH SSH daemon |
.Sh SYNOPSIS |
.Sh SYNOPSIS |
.Nm sshd |
.Nm sshd |
.Op Fl deiqD46 |
.Op Fl deiqD46 |
|
|
However, when the daemon starts, it does not generate a server key. |
However, when the daemon starts, it does not generate a server key. |
Forward security is provided through a Diffie-Hellman key agreement. |
Forward security is provided through a Diffie-Hellman key agreement. |
This key agreement results in a shared session key. |
This key agreement results in a shared session key. |
|
.Pp |
The rest of the session is encrypted using a symmetric cipher, currently |
The rest of the session is encrypted using a symmetric cipher, currently |
Blowfish, 3DES, CAST128, Arcfour, 128 bit AES, or 256 bit AES. |
128 bit AES, Blowfish, 3DES, CAST128, Arcfour, 192 bit AES, or 256 bit AES. |
The client selects the encryption algorithm |
The client selects the encryption algorithm |
to use from those offered by the server. |
to use from those offered by the server. |
Additionally, session integrity is provided |
Additionally, session integrity is provided |
|
|
(hmac-sha1 or hmac-md5). |
(hmac-sha1 or hmac-md5). |
.Pp |
.Pp |
Protocol version 2 provides a public key based |
Protocol version 2 provides a public key based |
user authentication method (PubkeyAuthentication) |
user (PubkeyAuthentication) or |
and conventional password authentication. |
client host (HostbasedAuthentication) authentication method, |
|
conventional password authentication and challenge response based methods. |
.Pp |
.Pp |
.Ss Command execution and data forwarding |
.Ss Command execution and data forwarding |
.Pp |
.Pp |
|
|
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Fl b Ar bits |
.It Fl b Ar bits |
Specifies the number of bits in the server key (default 768). |
Specifies the number of bits in the ephemeral protocol version 1 |
|
server key (default 768). |
.Pp |
.Pp |
.It Fl d |
.It Fl d |
Debug mode. |
Debug mode. |
|
|
log, and does not put itself in the background. |
log, and does not put itself in the background. |
The server also will not fork and will only process one connection. |
The server also will not fork and will only process one connection. |
This option is only intended for debugging for the server. |
This option is only intended for debugging for the server. |
Multiple -d options increases the debugging level. |
Multiple -d options increase the debugging level. |
Maximum is 3. |
Maximum is 3. |
|
.It Fl e |
|
When this option is specified, |
|
.Nm |
|
will send the output to the standard error instead of the system log. |
.It Fl f Ar configuration_file |
.It Fl f Ar configuration_file |
Specifies the name of the configuration file. |
Specifies the name of the configuration file. |
The default is |
The default is |
|
|
is not run as root (as the normal |
is not run as root (as the normal |
host file is normally not readable by anyone but root). |
host file is normally not readable by anyone but root). |
It is possible to have multiple host key files for |
It is possible to have multiple host key files for |
the different protocol versions. |
the different protocol versions and host key algorithms. |
.It Fl i |
.It Fl i |
Specifies that |
Specifies that |
.Nm |
.Nm |
|
|
from inetd may |
from inetd may |
be feasible. |
be feasible. |
.It Fl k Ar key_gen_time |
.It Fl k Ar key_gen_time |
Specifies how often the server key is regenerated (default 3600 |
Specifies how often the ephemeral protocol version 1 server key is |
seconds, or one hour). |
regenerated (default 3600 seconds, or one hour). |
The motivation for regenerating the key fairly |
The motivation for regenerating the key fairly |
often is that the key is not stored anywhere, and after about an hour, |
often is that the key is not stored anywhere, and after about an hour, |
it becomes impossible to recover the key for decrypting intercepted |
it becomes impossible to recover the key for decrypting intercepted |
|
|
will not detach and does not become a daemon. |
will not detach and does not become a daemon. |
This allows easy monitoring of |
This allows easy monitoring of |
.Nm sshd . |
.Nm sshd . |
.It Fl e |
|
When this option is specified, |
|
.Nm |
|
will send the output to the standard error instead of the system log. |
|
.It Fl V Ar client_protocol_id |
|
SSH-2 compatibility mode. |
|
When this option is specified |
|
.Nm |
|
assumes the client has sent the supplied version string |
|
and skips the |
|
Protocol Version Identification Exchange. |
|
This option is not intended to be called directly. |
|
.It Fl 4 |
.It Fl 4 |
Forces |
Forces |
.Nm |
.Nm |
|
|
.Dq no . |
.Dq no . |
The default is |
The default is |
.Dq no . |
.Dq no . |
|
.It Cm HostbasedAuthentication |
|
Specifies whether rhosts or /etc/hosts.equiv authentication together |
|
with successful public key client host authentication is allowed |
|
(hostbased authentication). |
|
This option is similar to |
|
.Cm RhostsRSAAuthentication |
|
and applies to protocol version 2 only. |
|
The default is |
|
.Dq no . |
.It Cm HostKey |
.It Cm HostKey |
Specifies the file containing the private host keys (default |
Specifies the file containing the private host keys (default |
.Pa /etc/ssh_host_key ) |
.Pa /etc/ssh_host_key ) |
|
|
.Pa .rhosts |
.Pa .rhosts |
and |
and |
.Pa .shosts |
.Pa .shosts |
files will not be used in authentication. |
files will not be used in |
|
.Cm RhostsAuthentication , |
|
.Cm RhostsRSAAuthentication |
|
or |
|
.Cm HostbasedAuthentication . |
|
.Pp |
.Pa /etc/hosts.equiv |
.Pa /etc/hosts.equiv |
and |
and |
.Pa /etc/shosts.equiv |
.Pa /etc/shosts.equiv |
|
|
should ignore the user's |
should ignore the user's |
.Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
during |
during |
.Cm RhostsRSAAuthentication . |
.Cm RhostsRSAAuthentication |
|
or |
|
.Cm HostbasedAuthentication . |
The default is |
The default is |
.Dq no . |
.Dq no . |
.It Cm KeepAlive |
.It Cm KeepAlive |
|
|
Default is |
Default is |
.Dq yes . |
.Dq yes . |
.It Cm KeyRegenerationInterval |
.It Cm KeyRegenerationInterval |
The server key is automatically regenerated after this many seconds |
In protocol version 1, the ephemeral server key is automatically regenerated |
(if it has been used). |
after this many seconds (if it has been used). |
The purpose of regeneration is to prevent |
The purpose of regeneration is to prevent |
decrypting captured sessions by later breaking into the machine and |
decrypting captured sessions by later breaking into the machine and |
stealing the keys. |
stealing the keys. |
|
|
The default is 3600 (seconds). |
The default is 3600 (seconds). |
.It Cm ListenAddress |
.It Cm ListenAddress |
Specifies the local addresses |
Specifies the local addresses |
.Xr sshd 8 |
.Nm |
should listen on. |
should listen on. |
The following forms may be used: |
The following forms may be used: |
.Pp |
.Pp |
|
|
If |
If |
.Ar port |
.Ar port |
is not specified, |
is not specified, |
.Xr sshd 8 |
.Nm |
will listen on the address and all prior |
will listen on the address and all prior |
.Cm Port |
.Cm Port |
options specified. The default is to listen on all local |
options specified. The default is to listen on all local |
|
|
Specifies whether password authentication is allowed. |
Specifies whether password authentication is allowed. |
The default is |
The default is |
.Dq yes . |
.Dq yes . |
Note that this option applies to both protocol versions 1 and 2. |
|
.It Cm PermitEmptyPasswords |
.It Cm PermitEmptyPasswords |
When password authentication is allowed, it specifies whether the |
When password authentication is allowed, it specifies whether the |
server allows login to accounts with empty password strings. |
server allows login to accounts with empty password strings. |
|
|
listens on. |
listens on. |
The default is 22. |
The default is 22. |
Multiple options of this type are permitted. |
Multiple options of this type are permitted. |
|
See also |
|
.Cm ListenAddress . |
.It Cm PrintLastLog |
.It Cm PrintLastLog |
Specifies whether |
Specifies whether |
.Nm |
.Nm |
|
|
to normal rhosts or /etc/hosts.equiv authentication. |
to normal rhosts or /etc/hosts.equiv authentication. |
The default is |
The default is |
.Dq no . |
.Dq no . |
|
This option applies to protocol version 1 only. |
.It Cm RhostsRSAAuthentication |
.It Cm RhostsRSAAuthentication |
Specifies whether rhosts or /etc/hosts.equiv authentication together |
Specifies whether rhosts or /etc/hosts.equiv authentication together |
with successful RSA host authentication is allowed. |
with successful RSA host authentication is allowed. |
The default is |
The default is |
.Dq no . |
.Dq no . |
|
This option applies to protocol version 1 only. |
.It Cm RSAAuthentication |
.It Cm RSAAuthentication |
Specifies whether pure RSA authentication is allowed. |
Specifies whether pure RSA authentication is allowed. |
The default is |
The default is |
.Dq yes . |
.Dq yes . |
Note that this option applies to protocol version 1 only. |
This option applies to protocol version 1 only. |
.It Cm ServerKeyBits |
.It Cm ServerKeyBits |
Defines the number of bits in the server key. |
Defines the number of bits in the ephemeral protocol version 1 server key. |
The minimum value is 512, and the default is 768. |
The minimum value is 512, and the default is 768. |
.It Cm StrictModes |
.It Cm StrictModes |
Specifies whether |
Specifies whether |
|
|
The |
The |
.Pa $HOME/.ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys |
file lists the RSA keys that are |
file lists the RSA keys that are |
permitted for RSA authentication in SSH protocols 1.3 and 1.5 |
permitted for RSA authentication in protocol version 1 |
Similarly, the |
Similarly, the |
.Pa $HOME/.ssh/authorized_keys2 |
.Pa $HOME/.ssh/authorized_keys2 |
file lists the DSA and RSA keys that are |
file lists the DSA and RSA keys that are |
permitted for public key authentication (PubkeyAuthentication) |
permitted for public key authentication (PubkeyAuthentication) |
in SSH protocol 2.0. |
in protocol version 2. |
.Pp |
.Pp |
Each line of the file contains one |
Each line of the file contains one |
key (empty lines and lines starting with a |
key (empty lines and lines starting with a |
|
|
.Pa /etc/ssh_host_key.pub |
.Pa /etc/ssh_host_key.pub |
and adding the host names at the front. |
and adding the host names at the front. |
.Ss Examples |
.Ss Examples |
closenet,closenet.hut.fi,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi |
.Bd -literal |
|
closenet,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi |
|
cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....= |
|
.Ed |
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Pa /etc/sshd_config |
.It Pa /etc/sshd_config |
|
|
This file should be writable by root only, but it is recommended |
This file should be writable by root only, but it is recommended |
(though not necessary) that it be world-readable. |
(though not necessary) that it be world-readable. |
.It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key |
.It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key |
These three files contain the private parts of the |
These three files contain the private parts of the host keys. |
(SSH1, SSH2 DSA, and SSH2 RSA) host keys. |
|
These files should only be owned by root, readable only by root, and not |
These files should only be owned by root, readable only by root, and not |
accessible to others. |
accessible to others. |
Note that |
Note that |
.Nm |
.Nm |
does not start if this file is group/world-accessible. |
does not start if this file is group/world-accessible. |
.It Pa /etc/ssh_host_key.pub, /etc/ssh_host_dsa_key.pub, /etc/ssh_host_rsa_key.pub |
.It Pa /etc/ssh_host_key.pub, /etc/ssh_host_dsa_key.pub, /etc/ssh_host_rsa_key.pub |
These three files contain the public parts of the |
These three files contain the public parts of the host keys. |
(SSH1, SSH2 DSA, and SSH2 RSA) host keys. |
|
These files should be world-readable but writable only by |
These files should be world-readable but writable only by |
root. |
root. |
Their contents should match the respective private parts. |
Their contents should match the respective private parts. |
|
|
files into this file, as described in |
files into this file, as described in |
.Xr ssh-keygen 1 . |
.Xr ssh-keygen 1 . |
.It Pa $HOME/.ssh/authorized_keys2 |
.It Pa $HOME/.ssh/authorized_keys2 |
Lists the DSA keys that can be used to log into the user's account. |
Lists the public keys (RSA or DSA) that can be used to log into the user's account. |
This file must be readable by root (which may on some machines imply |
This file must be readable by root (which may on some machines imply |
it being world-readable if the user's home directory resides on an NFS |
it being world-readable if the user's home directory resides on an NFS |
volume). |
volume). |
|
|
should be world-readable, and |
should be world-readable, and |
.Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
can but need not be world-readable. |
can but need not be world-readable. |
|
.It Pa "/etc/ssh_known_hosts2" and "$HOME/.ssh/known_hosts2" |
|
These files are consulted when using protocol version 2 hostbased |
|
authentication to check the public key of the host. |
|
The key must be listed in one of these files to be accepted. |
|
The client uses the same files |
|
to verify that it is connecting to the correct remote host. |
|
These files should be writable only by root/the owner. |
|
.Pa /etc/ssh_known_hosts2 |
|
should be world-readable, and |
|
.Pa $HOME/.ssh/known_hosts2 |
|
can but need not be world-readable. |
.It Pa /etc/nologin |
.It Pa /etc/nologin |
If this file exists, |
If this file exists, |
.Nm |
.Nm |
|
|
accessible; AFS is a particular example of such an environment. |
accessible; AFS is a particular example of such an environment. |
.Pp |
.Pp |
This file will probably contain some initialization code followed by |
This file will probably contain some initialization code followed by |
something similar to: "if read proto cookie; then echo add $DISPLAY |
something similar to: |
$proto $cookie | xauth -q -; fi". |
.Bd -literal |
|
if read proto cookie; then |
|
echo add $DISPLAY $proto $cookie | xauth -q - |
|
fi |
|
.Ed |
.Pp |
.Pp |
If this file does not exist, |
If this file does not exist, |
.Pa /etc/sshrc |
.Pa /etc/sshrc |
|
|
.%A S. Lehtinen |
.%A S. Lehtinen |
.%T "SSH Protocol Architecture" |
.%T "SSH Protocol Architecture" |
.%N draft-ietf-secsh-architecture-07.txt |
.%N draft-ietf-secsh-architecture-07.txt |
|
.%D January 2001 |
|
.%O work in progress material |
|
.Re |
|
.Rs |
|
.%A M. Friedl |
|
.%A N. Provos |
|
.%A W. A. Simpson |
|
.%T "Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol" |
|
.%N draft-ietf-secsh-dh-group-exchange-00.txt |
.%D January 2001 |
.%D January 2001 |
.%O work in progress material |
.%O work in progress material |
.Re |
.Re |