| version 1.39, 2000/03/29 20:17:56 |
version 1.40, 2000/04/12 21:47:51 |
|
|
| .Op Fl k Ar key_gen_time |
.Op Fl k Ar key_gen_time |
| .Op Fl p Ar port |
.Op Fl p Ar port |
| .Op Fl V Ar client_protocol_id |
.Op Fl V Ar client_protocol_id |
| .Sh DESCRIPTION |
.Sh DESCRIPTION |
| .Nm |
.Nm |
| (Secure Shell Daemon) is the daemon program for |
(Secure Shell Daemon) is the daemon program for |
| .Xr ssh 1 . |
.Xr ssh 1 . |
| Together these programs replace rlogin and rsh programs, and |
Together these programs replace rlogin and rsh programs, and |
| provide secure encrypted communications between two untrusted hosts |
provide secure encrypted communications between two untrusted hosts |
|
|
| .Pp |
.Pp |
| .Nm |
.Nm |
| is the daemon that listens for connections from clients. |
is the daemon that listens for connections from clients. |
| It is normally started at boot from |
It is normally started at boot from |
| .Pa /etc/rc . |
.Pa /etc/rc . |
| It forks a new |
It forks a new |
| daemon for each incoming connection. |
daemon for each incoming connection. |
|
|
| .It Fl i |
.It Fl i |
| Specifies that |
Specifies that |
| .Nm |
.Nm |
| is being run from inetd. |
is being run from inetd. |
| .Nm |
.Nm |
| is normally not run |
is normally not run |
| from inetd because it needs to generate the server key before it can |
from inetd because it needs to generate the server key before it can |
|
|
| .El |
.El |
| .Sh CONFIGURATION FILE |
.Sh CONFIGURATION FILE |
| .Nm |
.Nm |
| reads configuration data from |
reads configuration data from |
| .Pa /etc/sshd_config |
.Pa /etc/sshd_config |
| (or the file specified with |
(or the file specified with |
| .Fl f |
.Fl f |
|
|
| .It Cm IgnoreRhosts |
.It Cm IgnoreRhosts |
| Specifies that |
Specifies that |
| .Pa .rhosts |
.Pa .rhosts |
| and |
and |
| .Pa .shosts |
.Pa .shosts |
| files will not be used in authentication. |
files will not be used in authentication. |
| .Pa /etc/hosts.equiv |
.Pa /etc/hosts.equiv |
| and |
and |
| .Pa /etc/shosts.equiv |
.Pa /etc/shosts.equiv |
| are still used. |
are still used. |
| The default is |
The default is |
| .Dq yes . |
.Dq yes . |
| .It Cm IgnoreUserKnownHosts |
.It Cm IgnoreUserKnownHosts |
| Specifies whether |
Specifies whether |
|
|
| .Dq yes . |
.Dq yes . |
| .It Cm KerberosTgtPassing |
.It Cm KerberosTgtPassing |
| Specifies whether a Kerberos TGT may be forwarded to the server. |
Specifies whether a Kerberos TGT may be forwarded to the server. |
| Default is |
Default is |
| .Dq no , |
.Dq no , |
| as this only works when the Kerberos KDC is actually an AFS kaserver. |
as this only works when the Kerberos KDC is actually an AFS kaserver. |
| .It Cm KerberosTicketCleanup |
.It Cm KerberosTicketCleanup |
|
|
| .It Cm PrintMotd |
.It Cm PrintMotd |
| Specifies whether |
Specifies whether |
| .Nm |
.Nm |
| should print |
should print |
| .Pa /etc/motd |
.Pa /etc/motd |
| when a user logs in interactively. |
when a user logs in interactively. |
| (On some systems it is also printed by the shell, |
(On some systems it is also printed by the shell, |
|
|
| The minimum value is 512, and the default is 768. |
The minimum value is 512, and the default is 768. |
| .It Cm SkeyAuthentication |
.It Cm SkeyAuthentication |
| Specifies whether |
Specifies whether |
| .Xr skey 1 |
.Xr skey 1 |
| authentication is allowed. |
authentication is allowed. |
| The default is |
The default is |
| .Dq yes . |
.Dq yes . |
|
|
| .Bl -enum -offset indent |
.Bl -enum -offset indent |
| .It |
.It |
| If the login is on a tty, and no command has been specified, |
If the login is on a tty, and no command has been specified, |
| prints last login time and |
prints last login time and |
| .Pa /etc/motd |
.Pa /etc/motd |
| (unless prevented in the configuration file or by |
(unless prevented in the configuration file or by |
| .Pa $HOME/.hushlogin ; |
.Pa $HOME/.hushlogin ; |
| see the |
see the |
| .Sx FILES |
.Sx FILES |
| section). |
section). |
| .It |
.It |
| If the login is on a tty, records login time. |
If the login is on a tty, records login time. |
|
|
| Runs user's shell or command. |
Runs user's shell or command. |
| .El |
.El |
| .Sh AUTHORIZED_KEYS FILE FORMAT |
.Sh AUTHORIZED_KEYS FILE FORMAT |
| The |
The |
| .Pa $HOME/.ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys |
| file lists the RSA keys that are |
file lists the RSA keys that are |
| permitted for RSA authentication. |
permitted for RSA authentication. |
|
|
| .Pp |
.Pp |
| command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi |
command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi |
| .Sh SSH_KNOWN_HOSTS FILE FORMAT |
.Sh SSH_KNOWN_HOSTS FILE FORMAT |
| The |
The |
| .Pa /etc/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
| and |
and |
| .Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
| files contain host public keys for all known hosts. |
files contain host public keys for all known hosts. |
| The global file should |
The global file should |
|
|
| Note that the lines in these files are typically hundreds of characters |
Note that the lines in these files are typically hundreds of characters |
| long, and you definitely don't want to type in the host keys by hand. |
long, and you definitely don't want to type in the host keys by hand. |
| Rather, generate them by a script |
Rather, generate them by a script |
| or by taking |
or by taking |
| .Pa /etc/ssh_host_key.pub |
.Pa /etc/ssh_host_key.pub |
| and adding the host names at the front. |
and adding the host names at the front. |
| .Ss Examples |
.Ss Examples |
|
|
| .Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
| can but need not be world-readable. |
can but need not be world-readable. |
| .It Pa /etc/nologin |
.It Pa /etc/nologin |
| If this file exists, |
If this file exists, |
| .Nm |
.Nm |
| refuses to let anyone except root log in. |
refuses to let anyone except root log in. |
| The contents of the file |
The contents of the file |
|
|
| has been updated to support ssh protocol 1.5, making it compatible with |
has been updated to support ssh protocol 1.5, making it compatible with |
| all other ssh protocol 1 clients and servers. |
all other ssh protocol 1 clients and servers. |
| .It |
.It |
| contains added support for |
contains added support for |
| .Xr kerberos 8 |
.Xr kerberos 8 |
| authentication and ticket passing. |
authentication and ticket passing. |
| .It |
.It |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd.8 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh