[BACK]Return to sshd.8 CVS log [TXT][DIR] Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshd.8 between version 1.176 and 1.176.2.5

version 1.176, 2002/04/05 20:56:21 version 1.176.2.5, 2002/10/11 14:51:53
Line 116 
Line 116 
 because it is fundamentally insecure, but can be enabled in the server  because it is fundamentally insecure, but can be enabled in the server
 configuration file if desired.  configuration file if desired.
 System security is not improved unless  System security is not improved unless
 .Xr rshd 8 ,  .Nm rshd ,
 .Xr rlogind 8 ,  .Nm rlogind ,
 and  and
 .Xr rexecd 8  .Xr rexecd
 are disabled (thus completely disabling  are disabled (thus completely disabling
 .Xr rlogin 1  .Xr rlogin
 and  and
 .Xr rsh 1  .Xr rsh
 into the machine).  into the machine).
 .Pp  .Pp
 .Ss SSH protocol version 2  .Ss SSH protocol version 2
Line 203 
Line 203 
 refuses to start if there is no configuration file.  refuses to start if there is no configuration file.
 .It Fl g Ar login_grace_time  .It Fl g Ar login_grace_time
 Gives the grace time for clients to authenticate themselves (default  Gives the grace time for clients to authenticate themselves (default
 600 seconds).  120 seconds).
 If the client fails to authenticate the user within  If the client fails to authenticate the user within
 this many seconds, the server disconnects and exits.  this many seconds, the server disconnects and exits.
 A value of zero indicates no limit.  A value of zero indicates no limit.
Line 320 
Line 320 
 (or the file specified with  (or the file specified with
 .Fl f  .Fl f
 on the command line).  on the command line).
 The file contains keyword-argument pairs, one per line.  The file format and configuration options are described in
 Lines starting with  .Xr sshd_config 5 .
 .Ql #  
 and empty lines are interpreted as comments.  
 .Pp  
 The possible  
 keywords and their meanings are as follows (note that  
 keywords are case-insensitive and arguments are case-sensitive):  
 .Bl -tag -width Ds  
 .It Cm AFSTokenPassing  
 Specifies whether an AFS token may be forwarded to the server.  
 Default is  
 .Dq yes .  
 .It Cm AllowGroups  
 This keyword can be followed by a list of group name patterns, separated  
 by spaces.  
 If specified, login is allowed only for users whose primary  
 group or supplementary group list matches one of the patterns.  
 .Ql \&*  
 and  
 .Ql ?  
 can be used as  
 wildcards in the patterns.  
 Only group names are valid; a numerical group ID is not recognized.  
 By default, login is allowed for all groups.  
 .Pp  
 .It Cm AllowTcpForwarding  
 Specifies whether TCP forwarding is permitted.  
 The default is  
 .Dq yes .  
 Note that disabling TCP forwarding does not improve security unless  
 users are also denied shell access, as they can always install their  
 own forwarders.  
 .Pp  
 .It Cm AllowUsers  
 This keyword can be followed by a list of user name patterns, separated  
 by spaces.  
 If specified, login is allowed only for users names that  
 match one of the patterns.  
 .Ql \&*  
 and  
 .Ql ?  
 can be used as  
 wildcards in the patterns.  
 Only user names are valid; a numerical user ID is not recognized.  
 By default, login is allowed for all users.  
 If the pattern takes the form USER@HOST then USER and HOST  
 are separately checked, restricting logins to particular  
 users from particular hosts.  
 .Pp  
 .It Cm AuthorizedKeysFile  
 Specifies the file that contains the public keys that can be used  
 for user authentication.  
 .Cm AuthorizedKeysFile  
 may contain tokens of the form %T which are substituted during connection  
 set-up. The following tokens are defined: %% is replaced by a literal '%',  
 %h is replaced by the home directory of the user being authenticated and  
 %u is replaced by the username of that user.  
 After expansion,  
 .Cm AuthorizedKeysFile  
 is taken to be an absolute path or one relative to the user's home  
 directory.  
 The default is  
 .Dq .ssh/authorized_keys .  
 .It Cm Banner  
 In some jurisdictions, sending a warning message before authentication  
 may be relevant for getting legal protection.  
 The contents of the specified file are sent to the remote user before  
 authentication is allowed.  
 This option is only available for protocol version 2.  
 By default, no banner is displayed.  
 .Pp  
 .It Cm ChallengeResponseAuthentication  
 Specifies whether challenge response authentication is allowed.  
 All authentication styles from  
 .Xr login.conf 5  
 are supported.  
 The default is  
 .Dq yes .  
 .It Cm Ciphers  
 Specifies the ciphers allowed for protocol version 2.  
 Multiple ciphers must be comma-separated.  
 The default is  
 .Pp  
 .Bd -literal  
   ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,  
     aes192-cbc,aes256-cbc''  
 .Ed  
 .It Cm ClientAliveInterval  
 Sets a timeout interval in seconds after which if no data has been received  
 from the client,  
 .Nm  
 will send a message through the encrypted  
 channel to request a response from the client.  
 The default  
 is 0, indicating that these messages will not be sent to the client.  
 This option applies to protocol version 2 only.  
 .It Cm ClientAliveCountMax  
 Sets the number of client alive messages (see above) which may be  
 sent without  
 .Nm  
 receiving any messages back from the client. If this threshold is  
 reached while client alive messages are being sent,  
 .Nm  
 will disconnect the client, terminating the session. It is important  
 to note that the use of client alive messages is very different from  
 .Cm KeepAlive  
 (below). The client alive messages are sent through the  
 encrypted channel and therefore will not be spoofable. The TCP keepalive  
 option enabled by  
 .Cm KeepAlive  
 is spoofable. The client alive mechanism is valuable when the client or  
 server depend on knowing when a connection has become inactive.  
 .Pp  
 The default value is 3. If  
 .Cm ClientAliveInterval  
 (above) is set to 15, and  
 .Cm ClientAliveCountMax  
 is left at the default, unresponsive ssh clients  
 will be disconnected after approximately 45 seconds.  
 .It Cm DenyGroups  
 This keyword can be followed by a list of group name patterns, separated  
 by spaces.  
 Login is disallowed for users whose primary group or supplementary  
 group list matches one of the patterns.  
 .Ql \&*  
 and  
 .Ql ?  
 can be used as  
 wildcards in the patterns.  
 Only group names are valid; a numerical group ID is not recognized.  
 By default, login is allowed for all groups.  
 .Pp  
 .It Cm DenyUsers  
 This keyword can be followed by a list of user name patterns, separated  
 by spaces.  
 Login is disallowed for user names that match one of the patterns.  
 .Ql \&*  
 and  
 .Ql ?  
 can be used as wildcards in the patterns.  
 Only user names are valid; a numerical user ID is not recognized.  
 By default, login is allowed for all users.  
 If the pattern takes the form USER@HOST then USER and HOST  
 are separately checked, restricting logins to particular  
 users from particular hosts.  
 .It Cm GatewayPorts  
 Specifies whether remote hosts are allowed to connect to ports  
 forwarded for the client.  
 By default,  
 .Nm  
 binds remote port forwardings to the loopback addresss.  This  
 prevents other remote hosts from connecting to forwarded ports.  
 .Cm GatewayPorts  
 can be used to specify that  
 .Nm  
 should bind remote port forwardings to the wildcard address,  
 thus allowing remote hosts to connect to forwarded ports.  
 The argument must be  
 .Dq yes  
 or  
 .Dq no .  
 The default is  
 .Dq no .  
 .It Cm HostbasedAuthentication  
 Specifies whether rhosts or /etc/hosts.equiv authentication together  
 with successful public key client host authentication is allowed  
 (hostbased authentication).  
 This option is similar to  
 .Cm RhostsRSAAuthentication  
 and applies to protocol version 2 only.  
 The default is  
 .Dq no .  
 .It Cm HostKey  
 Specifies a file containing a private host key  
 used by SSH.  
 The default is  
 .Pa /etc/ssh/ssh_host_key  
 for protocol version 1, and  
 .Pa /etc/ssh/ssh_host_rsa_key  
 and  
 .Pa /etc/ssh/ssh_host_dsa_key  
 for protocol version 2.  
 Note that  
 .Nm  
 will refuse to use a file if it is group/world-accessible.  
 It is possible to have multiple host key files.  
 .Dq rsa1  
 keys are used for version 1 and  
 .Dq dsa  
 or  
 .Dq rsa  
 are used for version 2 of the SSH protocol.  
 .It Cm IgnoreRhosts  
 Specifies that  
 .Pa .rhosts  
 and  
 .Pa .shosts  
 files will not be used in  
 .Cm RhostsAuthentication ,  
 .Cm RhostsRSAAuthentication  
 or  
 .Cm HostbasedAuthentication .  
 .Pp  
 .Pa /etc/hosts.equiv  
 and  
 .Pa /etc/shosts.equiv  
 are still used.  
 The default is  
 .Dq yes .  
 .It Cm IgnoreUserKnownHosts  
 Specifies whether  
 .Nm  
 should ignore the user's  
 .Pa $HOME/.ssh/known_hosts  
 during  
 .Cm RhostsRSAAuthentication  
 or  
 .Cm HostbasedAuthentication .  
 The default is  
 .Dq no .  
 .It Cm KeepAlive  
 Specifies whether the system should send TCP keepalive messages to the  
 other side.  
 If they are sent, death of the connection or crash of one  
 of the machines will be properly noticed.  
 However, this means that  
 connections will die if the route is down temporarily, and some people  
 find it annoying.  
 On the other hand, if keepalives are not sent,  
 sessions may hang indefinitely on the server, leaving  
 .Dq ghost  
 users and consuming server resources.  
 .Pp  
 The default is  
 .Dq yes  
 (to send keepalives), and the server will notice  
 if the network goes down or the client host crashes.  
 This avoids infinitely hanging sessions.  
 .Pp  
 To disable keepalives, the value should be set to  
 .Dq no .  
 .It Cm KerberosAuthentication  
 Specifies whether Kerberos authentication is allowed.  
 This can be in the form of a Kerberos ticket, or if  
 .Cm PasswordAuthentication  
 is yes, the password provided by the user will be validated through  
 the Kerberos KDC.  
 To use this option, the server needs a  
 Kerberos servtab which allows the verification of the KDC's identity.  
 Default is  
 .Dq yes .  
 .It Cm KerberosOrLocalPasswd  
 If set then if password authentication through Kerberos fails then  
 the password will be validated via any additional local mechanism  
 such as  
 .Pa /etc/passwd .  
 Default is  
 .Dq yes .  
 .It Cm KerberosTgtPassing  
 Specifies whether a Kerberos TGT may be forwarded to the server.  
 Default is  
 .Dq no ,  
 as this only works when the Kerberos KDC is actually an AFS kaserver.  
 .It Cm KerberosTicketCleanup  
 Specifies whether to automatically destroy the user's ticket cache  
 file on logout.  
 Default is  
 .Dq yes .  
 .It Cm KeyRegenerationInterval  
 In protocol version 1, the ephemeral server key is automatically regenerated  
 after this many seconds (if it has been used).  
 The purpose of regeneration is to prevent  
 decrypting captured sessions by later breaking into the machine and  
 stealing the keys.  
 The key is never stored anywhere.  
 If the value is 0, the key is never regenerated.  
 The default is 3600 (seconds).  
 .It Cm ListenAddress  
 Specifies the local addresses  
 .Nm  
 should listen on.  
 The following forms may be used:  
 .Pp  
 .Bl -item -offset indent -compact  
 .It  
 .Cm ListenAddress  
 .Sm off  
 .Ar host No | Ar IPv4_addr No | Ar IPv6_addr  
 .Sm on  
 .It  
 .Cm ListenAddress  
 .Sm off  
 .Ar host No | Ar IPv4_addr No : Ar port  
 .Sm on  
 .It  
 .Cm ListenAddress  
 .Sm off  
 .Oo  
 .Ar host No | Ar IPv6_addr Oc : Ar port  
 .Sm on  
 .El  
 .Pp  
 If  
 .Ar port  
 is not specified,  
 .Nm  
 will listen on the address and all prior  
 .Cm Port  
 options specified. The default is to listen on all local  
 addresses.  Multiple  
 .Cm ListenAddress  
 options are permitted. Additionally, any  
 .Cm Port  
 options must precede this option for non port qualified addresses.  
 .It Cm LoginGraceTime  
 The server disconnects after this time if the user has not  
 successfully logged in.  
 If the value is 0, there is no time limit.  
 The default is 600 (seconds).  
 .It Cm LogLevel  
 Gives the verbosity level that is used when logging messages from  
 .Nm sshd .  
 The possible values are:  
 QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.  
 The default is INFO.  DEBUG and DEBUG1 are equivalent.  DEBUG2  
 and DEBUG3 each specify higher levels of debugging output.  
 Logging with a DEBUG level violates the privacy of users  
 and is not recommended.  
 .It Cm MACs  
 Specifies the available MAC (message authentication code) algorithms.  
 The MAC algorithm is used in protocol version 2  
 for data integrity protection.  
 Multiple algorithms must be comma-separated.  
 The default is  
 .Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .  
 .It Cm MaxStartups  
 Specifies the maximum number of concurrent unauthenticated connections to the  
 .Nm  
 daemon.  
 Additional connections will be dropped until authentication succeeds or the  
 .Cm LoginGraceTime  
 expires for a connection.  
 The default is 10.  
 .Pp  
 Alternatively, random early drop can be enabled by specifying  
 the three colon separated values  
 .Dq start:rate:full  
 (e.g., "10:30:60").  
 .Nm  
 will refuse connection attempts with a probability of  
 .Dq rate/100  
 (30%)  
 if there are currently  
 .Dq start  
 (10)  
 unauthenticated connections.  
 The probability increases linearly and all connection attempts  
 are refused if the number of unauthenticated connections reaches  
 .Dq full  
 (60).  
 .It Cm PasswordAuthentication  
 Specifies whether password authentication is allowed.  
 The default is  
 .Dq yes .  
 .It Cm PermitEmptyPasswords  
 When password authentication is allowed, it specifies whether the  
 server allows login to accounts with empty password strings.  
 The default is  
 .Dq no .  
 .It Cm PermitRootLogin  
 Specifies whether root can login using  
 .Xr ssh 1 .  
 The argument must be  
 .Dq yes ,  
 .Dq without-password ,  
 .Dq forced-commands-only  
 or  
 .Dq no .  
 The default is  
 .Dq yes .  
 .Pp  
 If this option is set to  
 .Dq without-password  
 password authentication is disabled for root.  
 .Pp  
 If this option is set to  
 .Dq forced-commands-only  
 root login with public key authentication will be allowed,  
 but only if the  
 .Ar command  
 option has been specified  
 (which may be useful for taking remote backups even if root login is  
 normally not allowed). All other authentication methods are disabled  
 for root.  
 .Pp  
 If this option is set to  
 .Dq no  
 root is not allowed to login.  
 .It Cm PidFile  
 Specifies the file that contains the process identifier of the  
 .Nm  
 daemon.  
 The default is  
 .Pa /var/run/sshd.pid .  
 .It Cm Port  
 Specifies the port number that  
 .Nm  
 listens on.  
 The default is 22.  
 Multiple options of this type are permitted.  
 See also  
 .Cm ListenAddress .  
 .It Cm PrintLastLog  
 Specifies whether  
 .Nm  
 should print the date and time when the user last logged in.  
 The default is  
 .Dq yes .  
 .It Cm PrintMotd  
 Specifies whether  
 .Nm  
 should print  
 .Pa /etc/motd  
 when a user logs in interactively.  
 (On some systems it is also printed by the shell,  
 .Pa /etc/profile ,  
 or equivalent.)  
 The default is  
 .Dq yes .  
 .It Cm Protocol  
 Specifies the protocol versions  
 .Nm  
 should support.  
 The possible values are  
 .Dq 1  
 and  
 .Dq 2 .  
 Multiple versions must be comma-separated.  
 The default is  
 .Dq 2,1 .  
 .It Cm PubkeyAuthentication  
 Specifies whether public key authentication is allowed.  
 The default is  
 .Dq yes .  
 Note that this option applies to protocol version 2 only.  
 .It Cm RhostsAuthentication  
 Specifies whether authentication using rhosts or /etc/hosts.equiv  
 files is sufficient.  
 Normally, this method should not be permitted because it is insecure.  
 .Cm RhostsRSAAuthentication  
 should be used  
 instead, because it performs RSA-based host authentication in addition  
 to normal rhosts or /etc/hosts.equiv authentication.  
 The default is  
 .Dq no .  
 This option applies to protocol version 1 only.  
 .It Cm RhostsRSAAuthentication  
 Specifies whether rhosts or /etc/hosts.equiv authentication together  
 with successful RSA host authentication is allowed.  
 The default is  
 .Dq no .  
 This option applies to protocol version 1 only.  
 .It Cm RSAAuthentication  
 Specifies whether pure RSA authentication is allowed.  
 The default is  
 .Dq yes .  
 This option applies to protocol version 1 only.  
 .It Cm ServerKeyBits  
 Defines the number of bits in the ephemeral protocol version 1 server key.  
 The minimum value is 512, and the default is 768.  
 .It Cm StrictModes  
 Specifies whether  
 .Nm  
 should check file modes and ownership of the  
 user's files and home directory before accepting login.  
 This is normally desirable because novices sometimes accidentally leave their  
 directory or files world-writable.  
 The default is  
 .Dq yes .  
 .It Cm Subsystem  
 Configures an external subsystem (e.g., file transfer daemon).  
 Arguments should be a subsystem name and a command to execute upon subsystem  
 request.  
 The command  
 .Xr sftp-server 8  
 implements the  
 .Dq sftp  
 file transfer subsystem.  
 By default no subsystems are defined.  
 Note that this option applies to protocol version 2 only.  
 .It Cm SyslogFacility  
 Gives the facility code that is used when logging messages from  
 .Nm sshd .  
 The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,  
 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  
 The default is AUTH.  
 .It Cm UseLogin  
 Specifies whether  
 .Xr login 1  
 is used for interactive login sessions.  
 The default is  
 .Dq no .  
 Note that  
 .Xr login 1  
 is never used for remote command execution.  
 Note also, that if this is enabled,  
 .Cm X11Forwarding  
 will be disabled because  
 .Xr login 1  
 does not know how to handle  
 .Xr xauth 1  
 cookies.  If  
 .Cm UsePrivilegeSeparation  
 is specified, it will be disabled after authentication.  
 .It Cm UsePrivilegeSeparation  
 Specifies whether  
 .Nm  
 separated privileges by creating an unprivileged child process  
 to deal with incoming network traffic.  After successful authentication,  
 another process will be created that has the privilege of the authenticated  
 user.  The goal of privilege separation is to prevent privilege  
 escalation by containing any corruption within the unprivileged processes.  
 The default is  
 .Dq no .  
 .It Cm VerifyReverseMapping  
 Specifies whether  
 .Nm  
 should try to verify the remote host name and check that  
 the resolved host name for the remote IP address maps back to the  
 very same IP address.  
 The default is  
 .Dq no .  
 .It Cm X11DisplayOffset  
 Specifies the first display number available for  
 .Nm sshd Ns 's  
 X11 forwarding.  
 This prevents  
 .Nm  
 from interfering with real X11 servers.  
 The default is 10.  
 .It Cm X11Forwarding  
 Specifies whether X11 forwarding is permitted.  
 The default is  
 .Dq no .  
 Note that disabling X11 forwarding does not improve security in any  
 way, as users can always install their own forwarders.  
 X11 forwarding is automatically disabled if  
 .Cm UseLogin  
 is enabled.  
 .It Cm X11UseLocalhost  
 Specifies whether  
 .Nm  
 should bind the X11 forwarding server to the loopback address or to  
 the wildcard address.  By default,  
 .Nm  
 binds the forwarding server to the loopback address and sets the  
 hostname part of the  
 .Ev DISPLAY  
 environment variable to  
 .Dq localhost .  
 This prevents remote hosts from connecting to the fake display.  
 However, some older X11 clients may not function with this  
 configuration.  
 .Cm X11UseLocalhost  
 may be set to  
 .Dq no  
 to specify that the forwarding server should be bound to the wildcard  
 address.  
 The argument must be  
 .Dq yes  
 or  
 .Dq no .  
 The default is  
 .Dq yes .  
 .It Cm XAuthLocation  
 Specifies the location of the  
 .Xr xauth 1  
 program.  
 The default is  
 .Pa /usr/X11R6/bin/xauth .  
 .El  
 .Ss Time Formats  
 .Pp  
 .Nm  
 command-line arguments and configuration file options that specify time  
 may be expressed using a sequence of the form:  
 .Sm off  
 .Ar time Oo Ar qualifier Oc ,  
 .Sm on  
 where  
 .Ar time  
 is a positive integer value and  
 .Ar qualifier  
 is one of the following:  
 .Pp  
 .Bl -tag -width Ds -compact -offset indent  
 .It Cm <none>  
 seconds  
 .It Cm s | Cm S  
 seconds  
 .It Cm m | Cm M  
 minutes  
 .It Cm h | Cm H  
 hours  
 .It Cm d | Cm D  
 days  
 .It Cm w | Cm W  
 weeks  
 .El  
 .Pp  
 Each member of the sequence is added together to calculate  
 the total time value.  
 .Pp  
 Time format examples:  
 .Pp  
 .Bl -tag -width Ds -compact -offset indent  
 .It 600  
 600 seconds (10 minutes)  
 .It 10m  
 10 minutes  
 .It 1h30m  
 1 hour 30 minutes (90 minutes)  
 .El  
 .Sh LOGIN PROCESS  .Sh LOGIN PROCESS
 When a user successfully logs in,  When a user successfully logs in,
 .Nm  .Nm
Line 972 
Line 350 
 .It  .It
 Reads  Reads
 .Pa $HOME/.ssh/environment  .Pa $HOME/.ssh/environment
 if it exists.  if it exists and users are allowed to change their environment.
   See the
   .Cm PermitUserEnvironment
   option in
   .Xr sshd_config 5 .
 .It  .It
 Changes to user's home directory.  Changes to user's home directory.
 .It  .It
Line 1007 
Line 389 
 spaces: options, bits, exponent, modulus, comment.  spaces: options, bits, exponent, modulus, comment.
 Each protocol version 2 public key consists of:  Each protocol version 2 public key consists of:
 options, keytype, base64 encoded key, comment.  options, keytype, base64 encoded key, comment.
 The options fields  The options field
 are optional; its presence is determined by whether the line starts  is optional; its presence is determined by whether the line starts
 with a number or not (the option field never starts with a number).  with a number or not (the options field never starts with a number).
 The bits, exponent, modulus and comment fields give the RSA key for  The bits, exponent, modulus and comment fields give the RSA key for
 protocol version 1; the  protocol version 1; the
 comment field is not used for anything (but may be convenient for the  comment field is not used for anything (but may be convenient for the
Line 1020 
Line 402 
 .Dq ssh-rsa .  .Dq ssh-rsa .
 .Pp  .Pp
 Note that lines in this file are usually several hundred bytes long  Note that lines in this file are usually several hundred bytes long
 (because of the size of the RSA key modulus).  (because of the size of the public key encoding).
 You don't want to type them in; instead, copy the  You don't want to type them in; instead, copy the
 .Pa identity.pub ,  .Pa identity.pub ,
 .Pa id_dsa.pub  .Pa id_dsa.pub
Line 1039 
Line 421 
 that option keywords are case-insensitive):  that option keywords are case-insensitive):
 .Bl -tag -width Ds  .Bl -tag -width Ds
 .It Cm from="pattern-list"  .It Cm from="pattern-list"
 Specifies that in addition to RSA authentication, the canonical name  Specifies that in addition to public key authentication, the canonical name
 of the remote host must be present in the comma-separated list of  of the remote host must be present in the comma-separated list of
 patterns  patterns
 .Pf ( Ql *  .Pf ( Ql *
Line 1051 
Line 433 
 .Ql ! ;  .Ql ! ;
 if the canonical host name matches a negated pattern, the key is not accepted.  if the canonical host name matches a negated pattern, the key is not accepted.
 The purpose  The purpose
 of this option is to optionally increase security: RSA authentication  of this option is to optionally increase security: public key authentication
 by itself does not trust the network or name servers or anything (but  by itself does not trust the network or name servers or anything (but
 the key); however, if somebody somehow steals the key, the key  the key); however, if somebody somehow steals the key, the key
 permits an intruder to log in from anywhere in the world.  permits an intruder to log in from anywhere in the world.
Line 1069 
Line 451 
 .Cm no-pty .  .Cm no-pty .
 A quote may be included in the command by quoting it with a backslash.  A quote may be included in the command by quoting it with a backslash.
 This option might be useful  This option might be useful
 to restrict certain RSA keys to perform just a specific operation.  to restrict certain public keys to perform just a specific operation.
 An example might be a key that permits remote backups but nothing else.  An example might be a key that permits remote backups but nothing else.
 Note that the client may specify TCP/IP and/or X11  Note that the client may specify TCP/IP and/or X11
 forwarding unless they are explicitly prohibited.  forwarding unless they are explicitly prohibited.
Line 1080 
Line 462 
 Environment variables set this way  Environment variables set this way
 override other default environment values.  override other default environment values.
 Multiple options of this type are permitted.  Multiple options of this type are permitted.
   Environment processing is disabled by default and is
   controlled via the
   .Cm PermitUserEnvironment
   option.
 This option is automatically disabled if  This option is automatically disabled if
 .Cm UseLogin  .Cm UseLogin
 is enabled.  is enabled.
Line 1179 
Line 565 
 .It Pa /etc/ssh/sshd_config  .It Pa /etc/ssh/sshd_config
 Contains configuration data for  Contains configuration data for
 .Nm sshd .  .Nm sshd .
 This file should be writable by root only, but it is recommended  The file format and configuration options are described in
 (though not necessary) that it be world-readable.  .Xr sshd_config 5 .
 .It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key  .It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
 These three files contain the private parts of the host keys.  These three files contain the private parts of the host keys.
 These files should only be owned by root, readable only by root, and not  These files should only be owned by root, readable only by root, and not
Line 1200 
Line 586 
 .Xr ssh-keygen 1 .  .Xr ssh-keygen 1 .
 .It Pa /etc/moduli  .It Pa /etc/moduli
 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".  Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
   The file format is described in
   .Xr moduli 5 .
   .It Pa /var/empty
   .Xr chroot 2
   directory used by
   .Nm
   during privilege separation in the pre-authentication phase.
   The directory should not contain any files and must be owned by root
   and not group or world-writable.
 .It Pa /var/run/sshd.pid  .It Pa /var/run/sshd.pid
 Contains the process ID of the  Contains the process ID of the
 .Nm  .Nm
 listening for connections (if there are several daemons running  listening for connections (if there are several daemons running
 concurrently for different ports, this contains the pid of the one  concurrently for different ports, this contains the process ID of the one
 started last).  started last).
 The content of this file is not sensitive; it can be world-readable.  The content of this file is not sensitive; it can be world-readable.
 .It Pa $HOME/.ssh/authorized_keys  .It Pa $HOME/.ssh/authorized_keys
Line 1313 
Line 708 
 and assignment lines of the form name=value.  and assignment lines of the form name=value.
 The file should be writable  The file should be writable
 only by the user; it need not be readable by anyone else.  only by the user; it need not be readable by anyone else.
   Environment processing is disabled by default and is
   controlled via the
   .Cm PermitUserEnvironment
   option.
 .It Pa $HOME/.ssh/rc  .It Pa $HOME/.ssh/rc
 If this file exists, it is run with /bin/sh after reading the  If this file exists, it is run with /bin/sh after reading the
 environment files but before starting the user's shell or command.  environment files but before starting the user's shell or command.
Line 1338 
Line 737 
 if read proto cookie && [ -n "$DISPLAY" ]; then  if read proto cookie && [ -n "$DISPLAY" ]; then
         if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then          if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
                 # X11UseLocalhost=yes                  # X11UseLocalhost=yes
                 xauth add unix:`echo $DISPLAY |                  echo add unix:`echo $DISPLAY |
                     cut -c11-` $proto $cookie                      cut -c11-` $proto $cookie
         else          else
                 # X11UseLocalhost=no                  # X11UseLocalhost=no
                 xauth add $DISPLAY $proto $cookie                  echo add $DISPLAY $proto $cookie
         fi          fi | xauth -q -
 fi  fi
 .Ed  .Ed
 .Pp  .Pp
Line 1381 
Line 780 
 .Xr ssh-keygen 1 ,  .Xr ssh-keygen 1 ,
 .Xr login.conf 5 ,  .Xr login.conf 5 ,
 .Xr moduli 5 ,  .Xr moduli 5 ,
   .Xr sshd_config 5 ,
 .Xr sftp-server 8  .Xr sftp-server 8
 .Rs  .Rs
 .%A T. Ylonen  .%A T. Ylonen
Legend:
Removed from v.1.176  
changed lines
  Added in v.1.176.2.5