version 1.284, 2016/02/17 07:38:19 |
version 1.285, 2016/08/15 12:32:04 |
|
|
.Nm sshd |
.Nm sshd |
.Bk -words |
.Bk -words |
.Op Fl 46DdeiqTt |
.Op Fl 46DdeiqTt |
.Op Fl b Ar bits |
|
.Op Fl C Ar connection_spec |
.Op Fl C Ar connection_spec |
.Op Fl c Ar host_certificate_file |
.Op Fl c Ar host_certificate_file |
.Op Fl E Ar log_file |
.Op Fl E Ar log_file |
.Op Fl f Ar config_file |
.Op Fl f Ar config_file |
.Op Fl g Ar login_grace_time |
.Op Fl g Ar login_grace_time |
.Op Fl h Ar host_key_file |
.Op Fl h Ar host_key_file |
.Op Fl k Ar key_gen_time |
|
.Op Fl o Ar option |
.Op Fl o Ar option |
.Op Fl p Ar port |
.Op Fl p Ar port |
.Op Fl u Ar len |
.Op Fl u Ar len |
|
|
Forces |
Forces |
.Nm |
.Nm |
to use IPv6 addresses only. |
to use IPv6 addresses only. |
.It Fl b Ar bits |
|
Specifies the number of bits in the ephemeral protocol version 1 |
|
server key (default 1024). |
|
.It Fl C Ar connection_spec |
.It Fl C Ar connection_spec |
Specify the connection parameters to use for the |
Specify the connection parameters to use for the |
.Fl T |
.Fl T |
|
|
is not run as root (as the normal |
is not run as root (as the normal |
host key files are normally not readable by anyone but root). |
host key files are normally not readable by anyone but root). |
The default is |
The default is |
.Pa /etc/ssh/ssh_host_key |
|
for protocol version 1, and |
|
.Pa /etc/ssh/ssh_host_dsa_key , |
.Pa /etc/ssh/ssh_host_dsa_key , |
.Pa /etc/ssh/ssh_host_ecdsa_key . |
.Pa /etc/ssh/ssh_host_ecdsa_key , |
.Pa /etc/ssh/ssh_host_ed25519_key |
.Pa /etc/ssh/ssh_host_ed25519_key |
and |
and |
.Pa /etc/ssh/ssh_host_rsa_key |
.Pa /etc/ssh/ssh_host_rsa_key . |
for protocol version 2. |
|
It is possible to have multiple host key files for |
It is possible to have multiple host key files for |
the different protocol versions and host key algorithms. |
the different host key algorithms. |
.It Fl i |
.It Fl i |
Specifies that |
Specifies that |
.Nm |
.Nm |
is being run from |
is being run from |
.Xr inetd 8 . |
.Xr inetd 8 . |
If SSH protocol 1 is enabled, |
|
.Nm |
|
should not normally be run |
|
from inetd because it needs to generate the server key before it can |
|
respond to the client, and this may take some time. |
|
Clients may have to wait too long if the key was regenerated every time. |
|
.It Fl k Ar key_gen_time |
|
Specifies how often the ephemeral protocol version 1 server key is |
|
regenerated (default 3600 seconds, or one hour). |
|
The motivation for regenerating the key fairly |
|
often is that the key is not stored anywhere, and after about an hour |
|
it becomes impossible to recover the key for decrypting intercepted |
|
communications even if the machine is cracked into or physically |
|
seized. |
|
A value of zero indicates that the key will never be regenerated. |
|
.It Fl o Ar option |
.It Fl o Ar option |
Can be used to give options in the format used in the configuration file. |
Can be used to give options in the format used in the configuration file. |
This is useful for specifying options for which there is no separate |
This is useful for specifying options for which there is no separate |
|
|
from making DNS requests unless the authentication |
from making DNS requests unless the authentication |
mechanism or configuration requires it. |
mechanism or configuration requires it. |
Authentication mechanisms that may require DNS include |
Authentication mechanisms that may require DNS include |
.Cm RhostsRSAAuthentication , |
.Cm HostbasedAuthentication |
.Cm HostbasedAuthentication , |
|
and using a |
and using a |
.Cm from="pattern-list" |
.Cm from="pattern-list" |
option in a key file. |
option in a key file. |
|
|
.Cm DenyUsers . |
.Cm DenyUsers . |
.El |
.El |
.Sh AUTHENTICATION |
.Sh AUTHENTICATION |
The OpenSSH SSH daemon supports SSH protocols 1 and 2. |
The OpenSSH SSH daemon supports SSH protocol 2 only. |
The default is to use protocol 2 only, |
|
though this can be changed via the |
|
.Cm Protocol |
|
option in |
|
.Xr sshd_config 5 . |
|
Protocol 1 should not be used |
|
and is only offered to support legacy devices. |
|
.Pp |
|
Each host has a host-specific key, |
Each host has a host-specific key, |
used to identify the host. |
used to identify the host. |
Partial forward security for protocol 1 is provided through |
|
an additional server key, |
|
normally 1024 bits, |
|
generated when the server starts. |
|
This key is normally regenerated every hour if it has been used, and |
|
is never stored on disk. |
|
Whenever a client connects, the daemon responds with its public |
Whenever a client connects, the daemon responds with its public |
host and server keys. |
host key. |
The client compares the |
The client compares the |
RSA host key against its own database to verify that it has not changed. |
host key against its own database to verify that it has not changed. |
The client then generates a 256-bit random number. |
Forward security is provided through a Diffie-Hellman key agreement. |
It encrypts this |
|
random number using both the host key and the server key, and sends |
|
the encrypted number to the server. |
|
Both sides then use this |
|
random number as a session key which is used to encrypt all further |
|
communications in the session. |
|
The rest of the session is encrypted |
|
using a conventional cipher, currently Blowfish or 3DES, with 3DES |
|
being used by default. |
|
The client selects the encryption algorithm |
|
to use from those offered by the server. |
|
.Pp |
|
For protocol 2, |
|
forward security is provided through a Diffie-Hellman key agreement. |
|
This key agreement results in a shared session key. |
This key agreement results in a shared session key. |
The rest of the session is encrypted using a symmetric cipher, currently |
The rest of the session is encrypted using a symmetric cipher, currently |
128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. |
128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. |
|
|
.Ql # |
.Ql # |
are ignored as |
are ignored as |
comments). |
comments). |
Protocol 1 public keys consist of the following space-separated fields: |
Public keys consist of the following space-separated fields: |
options, bits, exponent, modulus, comment. |
|
Protocol 2 public key consist of: |
|
options, keytype, base64-encoded key, comment. |
options, keytype, base64-encoded key, comment. |
The options field is optional; |
The options field is optional. |
its presence is determined by whether the line starts |
The keytype is |
with a number or not (the options field never starts with a number). |
|
The bits, exponent, modulus, and comment fields give the RSA key for |
|
protocol version 1; the |
|
comment field is not used for anything (but may be convenient for the |
|
user to identify the key). |
|
For protocol version 2 the keytype is |
|
.Dq ecdsa-sha2-nistp256 , |
.Dq ecdsa-sha2-nistp256 , |
.Dq ecdsa-sha2-nistp384 , |
.Dq ecdsa-sha2-nistp384 , |
.Dq ecdsa-sha2-nistp521 , |
.Dq ecdsa-sha2-nistp521 , |
.Dq ssh-ed25519 , |
.Dq ssh-ed25519 , |
.Dq ssh-dss |
.Dq ssh-dss |
or |
or |
.Dq ssh-rsa . |
.Dq ssh-rsa ; |
|
the comment field is not used for anything (but may be convenient for the |
|
user to identify the key). |
.Pp |
.Pp |
Note that lines in this file are usually several hundred bytes long |
Note that lines in this file can be several hundred bytes long |
(because of the size of the public key encoding) up to a limit of |
(because of the size of the public key encoding) up to a limit of |
8 kilobytes, which permits DSA keys up to 8 kilobits and RSA |
8 kilobytes, which permits DSA keys up to 8 kilobits and RSA |
keys up to 16 kilobits. |
keys up to 16 kilobits. |
You don't want to type them in; instead, copy the |
You don't want to type them in; instead, copy the |
.Pa identity.pub , |
|
.Pa id_dsa.pub , |
.Pa id_dsa.pub , |
.Pa id_ecdsa.pub , |
.Pa id_ecdsa.pub , |
.Pa id_ed25519.pub , |
.Pa id_ed25519.pub , |
|
|
file and edit it. |
file and edit it. |
.Pp |
.Pp |
.Nm |
.Nm |
enforces a minimum RSA key modulus size for protocol 1 |
enforces a minimum RSA key modulus size of 768 bits. |
and protocol 2 keys of 768 bits. |
|
.Pp |
.Pp |
The options (if present) consist of comma-separated option |
The options (if present) consist of comma-separated option |
specifications. |
specifications. |
|
|
its key is added to the per-user file. |
its key is added to the per-user file. |
.Pp |
.Pp |
Each line in these files contains the following fields: markers (optional), |
Each line in these files contains the following fields: markers (optional), |
hostnames, bits, exponent, modulus, comment. |
hostnames, keytype, base64-encoded key, comment. |
The fields are separated by spaces. |
The fields are separated by spaces. |
.Pp |
.Pp |
The marker is optional, but if it is present then it must be one of |
The marker is optional, but if it is present then it must be one of |
|
|
Only one hashed hostname may appear on a single line and none of the above |
Only one hashed hostname may appear on a single line and none of the above |
negation or wildcard operators may be applied. |
negation or wildcard operators may be applied. |
.Pp |
.Pp |
Bits, exponent, and modulus are taken directly from the RSA host key; they |
The keytype and base64-encoded key are taken directly from the host key; they |
can be obtained, for example, from |
can be obtained, for example, from |
.Pa /etc/ssh/ssh_host_key.pub . |
.Pa /etc/ssh/ssh_host_rsa_key.pub . |
The optional comment field continues to the end of the line, and is not used. |
The optional comment field continues to the end of the line, and is not used. |
.Pp |
.Pp |
Lines starting with |
Lines starting with |
|
|
long, and you definitely don't want to type in the host keys by hand. |
long, and you definitely don't want to type in the host keys by hand. |
Rather, generate them by a script, |
Rather, generate them by a script, |
.Xr ssh-keyscan 1 |
.Xr ssh-keyscan 1 |
or by taking |
or by taking, for example, |
.Pa /etc/ssh/ssh_host_key.pub |
.Pa /etc/ssh/ssh_host_rsa_key.pub |
and adding the host names at the front. |
and adding the host names at the front. |
.Xr ssh-keygen 1 |
.Xr ssh-keygen 1 |
also offers some basic automated editing for |
also offers some basic automated editing for |
|
|
but allows host-based authentication without permitting login with |
but allows host-based authentication without permitting login with |
rlogin/rsh. |
rlogin/rsh. |
.Pp |
.Pp |
.It Pa /etc/ssh/ssh_host_key |
|
.It Pa /etc/ssh/ssh_host_dsa_key |
.It Pa /etc/ssh/ssh_host_dsa_key |
.It Pa /etc/ssh/ssh_host_ecdsa_key |
.It Pa /etc/ssh/ssh_host_ecdsa_key |
.It Pa /etc/ssh/ssh_host_ed25519_key |
.It Pa /etc/ssh/ssh_host_ed25519_key |
|
|
.Nm |
.Nm |
does not start if these files are group/world-accessible. |
does not start if these files are group/world-accessible. |
.Pp |
.Pp |
.It Pa /etc/ssh/ssh_host_key.pub |
|
.It Pa /etc/ssh/ssh_host_dsa_key.pub |
.It Pa /etc/ssh/ssh_host_dsa_key.pub |
.It Pa /etc/ssh/ssh_host_ecdsa_key.pub |
.It Pa /etc/ssh/ssh_host_ecdsa_key.pub |
.It Pa /etc/ssh/ssh_host_ed25519_key.pub |
.It Pa /etc/ssh/ssh_host_ed25519_key.pub |