src/usr.bin/ssh/sshd.8 - diff

Return to sshd.8 CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/sshd.8 between version 1.193 and 1.193.2.2

version 1.193, 2002/09/24 20:59:44

version 1.193.2.2, 2003/09/16 21:20:29

Line 43

.Nd OpenSSH SSH daemon

.Sh SYNOPSIS

.Nm sshd

.Bk -words

.Op Fl deiqtD46

.Op Fl b Ar bits

.Op Fl f Ar config_file

Line 52

Line 53

.Op Fl o Ar option

.Op Fl p Ar port

.Op Fl u Ar len

.Ek

.Sh DESCRIPTION

.Nm

(SSH Daemon) is the daemon program for

Line 75

Line 77

.Nm

supports both SSH protocol version 1 and 2 simultaneously.

.Nm

works as follows.

works as follows:

.Pp

.Ss SSH protocol version 1

.Pp

Line 86

Line 88

This key is normally regenerated every hour if it has been used, and

is never stored on disk.

.Pp

Whenever a client connects the daemon responds with its public

Whenever a client connects, the daemon responds with its public

host and server keys.

The client compares the

RSA host key against its own database to verify that it has not changed.

Line 119

Line 121

.Nm rshd ,

.Nm rlogind ,

and

.Xr rexecd

.Nm rexecd

are disabled (thus completely disabling

.Xr rlogin

and

Line 189

Line 191

log, and does not put itself in the background.

The server also will not fork and will only process one connection.

This option is only intended for debugging for the server.

Multiple -d options increase the debugging level.

Multiple

.Fl d

options increase the debugging level.

Maximum is 3.

.It Fl e

When this option is specified,

Line 225

Line 229

.It Fl i

Specifies that

.Nm

is being run from inetd.

is being run from

.Xr inetd 8 .

.Nm

is normally not run

from inetd because it needs to generate the server key before it can

Line 282

Line 287

.Pa utmp

file.

.Fl u0

is also be used to prevent

may also be used to prevent

.Nm

from making DNS requests unless the authentication

mechanism or configuration requires it.

Authentication mechanisms that may require DNS include

.Cm RhostsAuthentication ,

.Cm RhostsRSAAuthentication ,

.Cm HostbasedAuthentication

and using a

Line 424

Line 428

Specifies that in addition to public key authentication, the canonical name

of the remote host must be present in the comma-separated list of

patterns

.Pf ( Ql *

.Pf ( Ql \&*

and

.Ql ?

.Ql \&?

serve as wildcards).

The list may also contain

patterns negated by prefixing them with

.Ql ! ;

.Ql \&! ;

if the canonical host name matches a negated pattern, the key is not accepted.

The purpose

of this option is to optionally increase security: public key authentication

Line 446

Line 450

The command supplied by the user (if any) is ignored.

The command is run on a pty if the client requests a pty;

otherwise it is run without a tty.

If a 8-bit clean channel is required,

If an 8-bit clean channel is required,

one must not request a pty or should specify

.Cm no-pty .

A quote may be included in the command by quoting it with a backslash.

Line 492

Line 496

.Ar host/port .

Multiple

.Cm permitopen

options may be applied separated by commas. No pattern matching is

options may be applied separated by commas.

performed on the specified hostnames, they must be literal domains or

No pattern matching is performed on the specified hostnames,

addresses.

they must be literal domains or addresses.

.El

.Ss Examples

1024 33 12121.\|.\|.\|312314325 ylo@foo.bar

Line 506

Line 510

permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323

.Sh SSH_KNOWN_HOSTS FILE FORMAT

The

.Pa /etc/ssh/ssh_known_hosts ,

.Pa /etc/ssh/ssh_known_hosts

and

.Pa $HOME/.ssh/known_hosts

files contain host public keys for all known hosts.

Line 519

Line 523

bits, exponent, modulus, comment.

The fields are separated by spaces.

.Pp

Hostnames is a comma-separated list of patterns ('*' and '?' act as

Hostnames is a comma-separated list of patterns

.Pf ( Ql \&*

and

.Ql \&?

act as

wildcards); each pattern in turn is matched against the canonical host

name (when authenticating a client) or against the user-supplied

name (when authenticating a server).

A pattern may also be preceded by

.Ql !

.Ql \&!

to indicate negation: if the host name matches a negated

pattern, it is not accepted (by that line) even if it matched another

pattern on the line.

Line 627

Line 635

.Pa /etc/ssh/ssh_known_hosts

should be world-readable, and

.Pa $HOME/.ssh/known_hosts

can but need not be world-readable.

can, but need not be, world-readable.

.It Pa /etc/nologin

If this file exists,

.Nm

Line 644

Line 652

This file contains host-username pairs, separated by a space, one per

line.

The given user on the corresponding host is permitted to log in

without password.

without a password.

The same file is used by rlogind and rshd.

The file must

be writable only by the user; it is recommended that it not be

Line 713

Line 721

.Cm PermitUserEnvironment

option.

.It Pa $HOME/.ssh/rc

If this file exists, it is run with /bin/sh after reading the

If this file exists, it is run with

.Pa /bin/sh

after reading the

environment files but before starting the user's shell or command.

It must not produce any output on stdout; stderr must be used

instead.

Line 760

Line 770

machine-specific login-time initializations globally.

This file should be writable only by root, and should be world-readable.

.El

.Sh AUTHORS

OpenSSH is a derivative of the original and free

ssh 1.2.12 release by Tatu Ylonen.

Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,

Theo de Raadt and Dug Song

removed many bugs, re-added newer features and

created OpenSSH.

Markus Friedl contributed the support for SSH

protocol versions 1.5 and 2.0.

Niels Provos and Markus Friedl contributed support

for privilege separation.

.Sh SEE ALSO

.Xr scp 1 ,

.Xr sftp 1 ,

Line 802

Line 801

.%D January 2002

.%O work in progress material

.Re