| version 1.193, 2002/09/24 20:59:44 |
version 1.193.2.1, 2003/04/01 00:12:14 |
|
|
| .Nd OpenSSH SSH daemon |
.Nd OpenSSH SSH daemon |
| .Sh SYNOPSIS |
.Sh SYNOPSIS |
| .Nm sshd |
.Nm sshd |
| |
.Bk -words |
| .Op Fl deiqtD46 |
.Op Fl deiqtD46 |
| .Op Fl b Ar bits |
.Op Fl b Ar bits |
| .Op Fl f Ar config_file |
.Op Fl f Ar config_file |
|
|
| .Op Fl o Ar option |
.Op Fl o Ar option |
| .Op Fl p Ar port |
.Op Fl p Ar port |
| .Op Fl u Ar len |
.Op Fl u Ar len |
| |
.Ek |
| .Sh DESCRIPTION |
.Sh DESCRIPTION |
| .Nm |
.Nm |
| (SSH Daemon) is the daemon program for |
(SSH Daemon) is the daemon program for |
|
|
| .Nm |
.Nm |
| supports both SSH protocol version 1 and 2 simultaneously. |
supports both SSH protocol version 1 and 2 simultaneously. |
| .Nm |
.Nm |
| works as follows. |
works as follows: |
| .Pp |
.Pp |
| .Ss SSH protocol version 1 |
.Ss SSH protocol version 1 |
| .Pp |
.Pp |
|
|
| This key is normally regenerated every hour if it has been used, and |
This key is normally regenerated every hour if it has been used, and |
| is never stored on disk. |
is never stored on disk. |
| .Pp |
.Pp |
| Whenever a client connects the daemon responds with its public |
Whenever a client connects, the daemon responds with its public |
| host and server keys. |
host and server keys. |
| The client compares the |
The client compares the |
| RSA host key against its own database to verify that it has not changed. |
RSA host key against its own database to verify that it has not changed. |
|
|
| .Nm rshd , |
.Nm rshd , |
| .Nm rlogind , |
.Nm rlogind , |
| and |
and |
| .Xr rexecd |
.Nm rexecd |
| are disabled (thus completely disabling |
are disabled (thus completely disabling |
| .Xr rlogin |
.Xr rlogin |
| and |
and |
|
|
| log, and does not put itself in the background. |
log, and does not put itself in the background. |
| The server also will not fork and will only process one connection. |
The server also will not fork and will only process one connection. |
| This option is only intended for debugging for the server. |
This option is only intended for debugging for the server. |
| Multiple -d options increase the debugging level. |
Multiple |
| |
.Fl d |
| |
options increase the debugging level. |
| Maximum is 3. |
Maximum is 3. |
| .It Fl e |
.It Fl e |
| When this option is specified, |
When this option is specified, |
|
|
| .It Fl i |
.It Fl i |
| Specifies that |
Specifies that |
| .Nm |
.Nm |
| is being run from inetd. |
is being run from |
| |
.Xr inetd 8 . |
| .Nm |
.Nm |
| is normally not run |
is normally not run |
| from inetd because it needs to generate the server key before it can |
from inetd because it needs to generate the server key before it can |
|
|
| .Pa utmp |
.Pa utmp |
| file. |
file. |
| .Fl u0 |
.Fl u0 |
| is also be used to prevent |
may also be used to prevent |
| .Nm |
.Nm |
| from making DNS requests unless the authentication |
from making DNS requests unless the authentication |
| mechanism or configuration requires it. |
mechanism or configuration requires it. |
|
|
| The command supplied by the user (if any) is ignored. |
The command supplied by the user (if any) is ignored. |
| The command is run on a pty if the client requests a pty; |
The command is run on a pty if the client requests a pty; |
| otherwise it is run without a tty. |
otherwise it is run without a tty. |
| If a 8-bit clean channel is required, |
If an 8-bit clean channel is required, |
| one must not request a pty or should specify |
one must not request a pty or should specify |
| .Cm no-pty . |
.Cm no-pty . |
| A quote may be included in the command by quoting it with a backslash. |
A quote may be included in the command by quoting it with a backslash. |
|
|
| permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 |
permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 |
| .Sh SSH_KNOWN_HOSTS FILE FORMAT |
.Sh SSH_KNOWN_HOSTS FILE FORMAT |
| The |
The |
| .Pa /etc/ssh/ssh_known_hosts , |
.Pa /etc/ssh/ssh_known_hosts |
| and |
and |
| .Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
| files contain host public keys for all known hosts. |
files contain host public keys for all known hosts. |
|
|
| .Pa /etc/ssh/ssh_known_hosts |
.Pa /etc/ssh/ssh_known_hosts |
| should be world-readable, and |
should be world-readable, and |
| .Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
| can but need not be world-readable. |
can, but need not be, world-readable. |
| .It Pa /etc/nologin |
.It Pa /etc/nologin |
| If this file exists, |
If this file exists, |
| .Nm |
.Nm |
|
|
| This file contains host-username pairs, separated by a space, one per |
This file contains host-username pairs, separated by a space, one per |
| line. |
line. |
| The given user on the corresponding host is permitted to log in |
The given user on the corresponding host is permitted to log in |
| without password. |
without a password. |
| The same file is used by rlogind and rshd. |
The same file is used by rlogind and rshd. |
| The file must |
The file must |
| be writable only by the user; it is recommended that it not be |
be writable only by the user; it is recommended that it not be |
|
|
| .Cm PermitUserEnvironment |
.Cm PermitUserEnvironment |
| option. |
option. |
| .It Pa $HOME/.ssh/rc |
.It Pa $HOME/.ssh/rc |
| If this file exists, it is run with /bin/sh after reading the |
If this file exists, it is run with |
| |
.Pa /bin/sh |
| |
after reading the |
| environment files but before starting the user's shell or command. |
environment files but before starting the user's shell or command. |
| It must not produce any output on stdout; stderr must be used |
It must not produce any output on stdout; stderr must be used |
| instead. |
instead. |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd.8 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh