| version 1.284, 2016/02/17 07:38:19 |
version 1.285, 2016/08/15 12:32:04 |
|
|
| .Nm sshd |
.Nm sshd |
| .Bk -words |
.Bk -words |
| .Op Fl 46DdeiqTt |
.Op Fl 46DdeiqTt |
| .Op Fl b Ar bits |
|
| .Op Fl C Ar connection_spec |
.Op Fl C Ar connection_spec |
| .Op Fl c Ar host_certificate_file |
.Op Fl c Ar host_certificate_file |
| .Op Fl E Ar log_file |
.Op Fl E Ar log_file |
| .Op Fl f Ar config_file |
.Op Fl f Ar config_file |
| .Op Fl g Ar login_grace_time |
.Op Fl g Ar login_grace_time |
| .Op Fl h Ar host_key_file |
.Op Fl h Ar host_key_file |
| .Op Fl k Ar key_gen_time |
|
| .Op Fl o Ar option |
.Op Fl o Ar option |
| .Op Fl p Ar port |
.Op Fl p Ar port |
| .Op Fl u Ar len |
.Op Fl u Ar len |
|
|
| Forces |
Forces |
| .Nm |
.Nm |
| to use IPv6 addresses only. |
to use IPv6 addresses only. |
| .It Fl b Ar bits |
|
| Specifies the number of bits in the ephemeral protocol version 1 |
|
| server key (default 1024). |
|
| .It Fl C Ar connection_spec |
.It Fl C Ar connection_spec |
| Specify the connection parameters to use for the |
Specify the connection parameters to use for the |
| .Fl T |
.Fl T |
|
|
| is not run as root (as the normal |
is not run as root (as the normal |
| host key files are normally not readable by anyone but root). |
host key files are normally not readable by anyone but root). |
| The default is |
The default is |
| .Pa /etc/ssh/ssh_host_key |
|
| for protocol version 1, and |
|
| .Pa /etc/ssh/ssh_host_dsa_key , |
.Pa /etc/ssh/ssh_host_dsa_key , |
| .Pa /etc/ssh/ssh_host_ecdsa_key . |
.Pa /etc/ssh/ssh_host_ecdsa_key , |
| .Pa /etc/ssh/ssh_host_ed25519_key |
.Pa /etc/ssh/ssh_host_ed25519_key |
| and |
and |
| .Pa /etc/ssh/ssh_host_rsa_key |
.Pa /etc/ssh/ssh_host_rsa_key . |
| for protocol version 2. |
|
| It is possible to have multiple host key files for |
It is possible to have multiple host key files for |
| the different protocol versions and host key algorithms. |
the different host key algorithms. |
| .It Fl i |
.It Fl i |
| Specifies that |
Specifies that |
| .Nm |
.Nm |
| is being run from |
is being run from |
| .Xr inetd 8 . |
.Xr inetd 8 . |
| If SSH protocol 1 is enabled, |
|
| .Nm |
|
| should not normally be run |
|
| from inetd because it needs to generate the server key before it can |
|
| respond to the client, and this may take some time. |
|
| Clients may have to wait too long if the key was regenerated every time. |
|
| .It Fl k Ar key_gen_time |
|
| Specifies how often the ephemeral protocol version 1 server key is |
|
| regenerated (default 3600 seconds, or one hour). |
|
| The motivation for regenerating the key fairly |
|
| often is that the key is not stored anywhere, and after about an hour |
|
| it becomes impossible to recover the key for decrypting intercepted |
|
| communications even if the machine is cracked into or physically |
|
| seized. |
|
| A value of zero indicates that the key will never be regenerated. |
|
| .It Fl o Ar option |
.It Fl o Ar option |
| Can be used to give options in the format used in the configuration file. |
Can be used to give options in the format used in the configuration file. |
| This is useful for specifying options for which there is no separate |
This is useful for specifying options for which there is no separate |
|
|
| from making DNS requests unless the authentication |
from making DNS requests unless the authentication |
| mechanism or configuration requires it. |
mechanism or configuration requires it. |
| Authentication mechanisms that may require DNS include |
Authentication mechanisms that may require DNS include |
| .Cm RhostsRSAAuthentication , |
.Cm HostbasedAuthentication |
| .Cm HostbasedAuthentication , |
|
| and using a |
and using a |
| .Cm from="pattern-list" |
.Cm from="pattern-list" |
| option in a key file. |
option in a key file. |
|
|
| .Cm DenyUsers . |
.Cm DenyUsers . |
| .El |
.El |
| .Sh AUTHENTICATION |
.Sh AUTHENTICATION |
| The OpenSSH SSH daemon supports SSH protocols 1 and 2. |
The OpenSSH SSH daemon supports SSH protocol 2 only. |
| The default is to use protocol 2 only, |
|
| though this can be changed via the |
|
| .Cm Protocol |
|
| option in |
|
| .Xr sshd_config 5 . |
|
| Protocol 1 should not be used |
|
| and is only offered to support legacy devices. |
|
| .Pp |
|
| Each host has a host-specific key, |
Each host has a host-specific key, |
| used to identify the host. |
used to identify the host. |
| Partial forward security for protocol 1 is provided through |
|
| an additional server key, |
|
| normally 1024 bits, |
|
| generated when the server starts. |
|
| This key is normally regenerated every hour if it has been used, and |
|
| is never stored on disk. |
|
| Whenever a client connects, the daemon responds with its public |
Whenever a client connects, the daemon responds with its public |
| host and server keys. |
host key. |
| The client compares the |
The client compares the |
| RSA host key against its own database to verify that it has not changed. |
host key against its own database to verify that it has not changed. |
| The client then generates a 256-bit random number. |
Forward security is provided through a Diffie-Hellman key agreement. |
| It encrypts this |
|
| random number using both the host key and the server key, and sends |
|
| the encrypted number to the server. |
|
| Both sides then use this |
|
| random number as a session key which is used to encrypt all further |
|
| communications in the session. |
|
| The rest of the session is encrypted |
|
| using a conventional cipher, currently Blowfish or 3DES, with 3DES |
|
| being used by default. |
|
| The client selects the encryption algorithm |
|
| to use from those offered by the server. |
|
| .Pp |
|
| For protocol 2, |
|
| forward security is provided through a Diffie-Hellman key agreement. |
|
| This key agreement results in a shared session key. |
This key agreement results in a shared session key. |
| The rest of the session is encrypted using a symmetric cipher, currently |
The rest of the session is encrypted using a symmetric cipher, currently |
| 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. |
128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. |
|
|
| .Ql # |
.Ql # |
| are ignored as |
are ignored as |
| comments). |
comments). |
| Protocol 1 public keys consist of the following space-separated fields: |
Public keys consist of the following space-separated fields: |
| options, bits, exponent, modulus, comment. |
|
| Protocol 2 public key consist of: |
|
| options, keytype, base64-encoded key, comment. |
options, keytype, base64-encoded key, comment. |
| The options field is optional; |
The options field is optional. |
| its presence is determined by whether the line starts |
The keytype is |
| with a number or not (the options field never starts with a number). |
|
| The bits, exponent, modulus, and comment fields give the RSA key for |
|
| protocol version 1; the |
|
| comment field is not used for anything (but may be convenient for the |
|
| user to identify the key). |
|
| For protocol version 2 the keytype is |
|
| .Dq ecdsa-sha2-nistp256 , |
.Dq ecdsa-sha2-nistp256 , |
| .Dq ecdsa-sha2-nistp384 , |
.Dq ecdsa-sha2-nistp384 , |
| .Dq ecdsa-sha2-nistp521 , |
.Dq ecdsa-sha2-nistp521 , |
| .Dq ssh-ed25519 , |
.Dq ssh-ed25519 , |
| .Dq ssh-dss |
.Dq ssh-dss |
| or |
or |
| .Dq ssh-rsa . |
.Dq ssh-rsa ; |
| |
the comment field is not used for anything (but may be convenient for the |
| |
user to identify the key). |
| .Pp |
.Pp |
| Note that lines in this file are usually several hundred bytes long |
Note that lines in this file can be several hundred bytes long |
| (because of the size of the public key encoding) up to a limit of |
(because of the size of the public key encoding) up to a limit of |
| 8 kilobytes, which permits DSA keys up to 8 kilobits and RSA |
8 kilobytes, which permits DSA keys up to 8 kilobits and RSA |
| keys up to 16 kilobits. |
keys up to 16 kilobits. |
| You don't want to type them in; instead, copy the |
You don't want to type them in; instead, copy the |
| .Pa identity.pub , |
|
| .Pa id_dsa.pub , |
.Pa id_dsa.pub , |
| .Pa id_ecdsa.pub , |
.Pa id_ecdsa.pub , |
| .Pa id_ed25519.pub , |
.Pa id_ed25519.pub , |
|
|
| file and edit it. |
file and edit it. |
| .Pp |
.Pp |
| .Nm |
.Nm |
| enforces a minimum RSA key modulus size for protocol 1 |
enforces a minimum RSA key modulus size of 768 bits. |
| and protocol 2 keys of 768 bits. |
|
| .Pp |
.Pp |
| The options (if present) consist of comma-separated option |
The options (if present) consist of comma-separated option |
| specifications. |
specifications. |
|
|
| its key is added to the per-user file. |
its key is added to the per-user file. |
| .Pp |
.Pp |
| Each line in these files contains the following fields: markers (optional), |
Each line in these files contains the following fields: markers (optional), |
| hostnames, bits, exponent, modulus, comment. |
hostnames, keytype, base64-encoded key, comment. |
| The fields are separated by spaces. |
The fields are separated by spaces. |
| .Pp |
.Pp |
| The marker is optional, but if it is present then it must be one of |
The marker is optional, but if it is present then it must be one of |
|
|
| Only one hashed hostname may appear on a single line and none of the above |
Only one hashed hostname may appear on a single line and none of the above |
| negation or wildcard operators may be applied. |
negation or wildcard operators may be applied. |
| .Pp |
.Pp |
| Bits, exponent, and modulus are taken directly from the RSA host key; they |
The keytype and base64-encoded key are taken directly from the host key; they |
| can be obtained, for example, from |
can be obtained, for example, from |
| .Pa /etc/ssh/ssh_host_key.pub . |
.Pa /etc/ssh/ssh_host_rsa_key.pub . |
| The optional comment field continues to the end of the line, and is not used. |
The optional comment field continues to the end of the line, and is not used. |
| .Pp |
.Pp |
| Lines starting with |
Lines starting with |
|
|
| long, and you definitely don't want to type in the host keys by hand. |
long, and you definitely don't want to type in the host keys by hand. |
| Rather, generate them by a script, |
Rather, generate them by a script, |
| .Xr ssh-keyscan 1 |
.Xr ssh-keyscan 1 |
| or by taking |
or by taking, for example, |
| .Pa /etc/ssh/ssh_host_key.pub |
.Pa /etc/ssh/ssh_host_rsa_key.pub |
| and adding the host names at the front. |
and adding the host names at the front. |
| .Xr ssh-keygen 1 |
.Xr ssh-keygen 1 |
| also offers some basic automated editing for |
also offers some basic automated editing for |
|
|
| but allows host-based authentication without permitting login with |
but allows host-based authentication without permitting login with |
| rlogin/rsh. |
rlogin/rsh. |
| .Pp |
.Pp |
| .It Pa /etc/ssh/ssh_host_key |
|
| .It Pa /etc/ssh/ssh_host_dsa_key |
.It Pa /etc/ssh/ssh_host_dsa_key |
| .It Pa /etc/ssh/ssh_host_ecdsa_key |
.It Pa /etc/ssh/ssh_host_ecdsa_key |
| .It Pa /etc/ssh/ssh_host_ed25519_key |
.It Pa /etc/ssh/ssh_host_ed25519_key |
|
|
| .Nm |
.Nm |
| does not start if these files are group/world-accessible. |
does not start if these files are group/world-accessible. |
| .Pp |
.Pp |
| .It Pa /etc/ssh/ssh_host_key.pub |
|
| .It Pa /etc/ssh/ssh_host_dsa_key.pub |
.It Pa /etc/ssh/ssh_host_dsa_key.pub |
| .It Pa /etc/ssh/ssh_host_ecdsa_key.pub |
.It Pa /etc/ssh/ssh_host_ecdsa_key.pub |
| .It Pa /etc/ssh/ssh_host_ed25519_key.pub |
.It Pa /etc/ssh/ssh_host_ed25519_key.pub |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd.8 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh