=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd.8,v retrieving revision 1.51.2.5 retrieving revision 1.52 diff -u -r1.51.2.5 -r1.52 --- src/usr.bin/ssh/sshd.8 2001/03/21 18:53:16 1.51.2.5 +++ src/usr.bin/ssh/sshd.8 2000/05/31 06:36:40 1.52 @@ -1,60 +1,35 @@ .\" -*- nroff -*- .\" +.\" sshd.8.in +.\" .\" Author: Tatu Ylonen +.\" .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland .\" All rights reserved .\" -.\" As far as I am concerned, the code I have written for this software -.\" can be used freely for any purpose. Any derived versions of this -.\" software must be clearly marked as such, and if the derived work is -.\" incompatible with the protocol description in the RFC file, it must be -.\" called by a name other than "ssh" or "Secure Shell". +.\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. -.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. -.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. +.\" $Id: sshd.8,v 1.52 2000/05/31 06:36:40 markus Exp $ .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $OpenBSD: sshd.8,v 1.51.2.5 2001/03/21 18:53:16 jason Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os .Sh NAME .Nm sshd -.Nd OpenSSH ssh daemon +.Nd secure shell daemon .Sh SYNOPSIS .Nm sshd -.Op Fl diqD46 +.Op Fl diqQ46 .Op Fl b Ar bits .Op Fl f Ar config_file .Op Fl g Ar login_grace_time .Op Fl h Ar host_key_file .Op Fl k Ar key_gen_time .Op Fl p Ar port -.Op Fl u Ar len .Op Fl V Ar client_protocol_id .Sh DESCRIPTION .Nm -(SSH Daemon) is the daemon program for +(Secure Shell Daemon) is the daemon program for .Xr ssh 1 . Together these programs replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts @@ -129,13 +104,14 @@ .Pp .Ss SSH protocol version 2 .Pp -Version 2 works similarly: +Version 2 works similar: Each host has a host-specific DSA key used to identify the host. However, when the daemon starts, it does not generate a server key. Forward security is provided through a Diffie-Hellman key agreement. This key agreement results in a shared session key. -The rest of the session is encrypted using a symmetric cipher, currently -Blowfish, 3DES, CAST128, Arcfour, 128 bit AES, or 256 bit AES. +The rest of the session is encrypted +using a symmetric cipher, currently +Blowfish, 3DES or CAST128 in CBC mode or Arcfour. The client selects the encryption algorithm to use from those offered by the server. Additionally, session integrity is provided @@ -143,7 +119,7 @@ (hmac-sha1 or hmac-md5). .Pp Protocol version 2 provides a public key based -user authentication method (PubkeyAuthentication) +user authentication method (DSAAuthentication) and conventional password authentication. .Pp .Ss Command execution and data forwarding @@ -173,9 +149,7 @@ .Pp .Nm rereads its configuration file when it receives a hangup signal, -.Dv SIGHUP , -by executing itself with the name it was started as, ie. -.Pa /usr/sbin/sshd . +.Dv SIGHUP . .Pp The options are as follows: .Bl -tag -width Ds @@ -188,8 +162,6 @@ log, and does not put itself in the background. The server also will not fork and will only process one connection. This option is only intended for debugging for the server. -Multiple -d options increases the debugging level. -Maximum is 3. .It Fl f Ar configuration_file Specifies the name of the configuration file. The default is @@ -198,19 +170,17 @@ refuses to start if there is no configuration file. .It Fl g Ar login_grace_time Gives the grace time for clients to authenticate themselves (default -600 seconds). +300 seconds). If the client fails to authenticate the user within this many seconds, the server disconnects and exits. A value of zero indicates no limit. .It Fl h Ar host_key_file -Specifies the file from which the host key is read (default +Specifies the file from which the RSA host key is read (default .Pa /etc/ssh_host_key ) . This option must be given if .Nm is not run as root (as the normal host file is normally not readable by anyone but root). -It is possible to have multiple host key files for -the different protocol versions. .It Fl i Specifies that .Nm @@ -241,36 +211,15 @@ Nothing is sent to the system log. Normally the beginning, authentication, and termination of each connection is logged. -.It Fl u Ar len -This option is used to specify the size of the field -in the -.Li utmp -structure that holds the remote host name. -If the resolved host name is longer than -.Ar len , -the dotted decimal value will be used instead. -This allows hosts with very long host names that -overflow this field to still be uniquely identified. -Specifying -.Fl u0 -indicates that only dotted decimal addresses -should be put into the -.Pa utmp -file. -.It Fl D -When this option is specified -.Nm -will not detach and does not become a daemon. -This allows easy monitoring of -.Nm sshd . +.It Fl Q +Do not print an error message if RSA support is missing. .It Fl V Ar client_protocol_id -SSH-2 compatibility mode. +SSH2 compatibility mode. When this option is specified .Nm assumes the client has sent the supplied version string and skips the Protocol Version Identification Exchange. -This option is not intended to be called directly. .It Fl 4 Forces .Nm @@ -299,28 +248,20 @@ Default is .Dq yes . .It Cm AllowGroups -This keyword can be followed by a list of group names, separated +This keyword can be followed by a number of group names, separated by spaces. If specified, login is allowed only for users whose primary -group or supplementary group list matches one of the patterns. +group matches one of the patterns. .Ql \&* and .Ql ? can be used as wildcards in the patterns. -Only group names are valid; a numerical group ID isn't recognized. -By default login is allowed regardless of the group list. +Only group names are valid, a numerical group ID isn't recognized. +By default login is allowed regardless of the primary group. .Pp -.It Cm AllowTcpForwarding -Specifies whether TCP forwarding is permitted. -The default is -.Dq yes . -Note that disabling TCP forwarding does not improve security unless -users are also denied shell access, as they can always install their -own forwarders. -.Pp .It Cm AllowUsers -This keyword can be followed by a list of user names, separated +This keyword can be followed by a number of user names, separated by spaces. If specified, login is allowed only for users names that match one of the patterns. @@ -329,30 +270,14 @@ .Ql ? can be used as wildcards in the patterns. -Only user names are valid; a numerical user ID isn't recognized. +Only user names are valid, a numerical user ID isn't recognized. By default login is allowed regardless of the user name. .Pp -.It Cm Banner -In some jurisdictions, sending a warning message before authentication -may be relevant for getting legal protection. -The contents of the specified file are sent to the remote user before -authentication is allowed. -This option is only available for protocol version 2. -.Pp -.It Cm ChallengeResponseAuthentication -Specifies whether -challenge response -authentication is allowed. -Currently there is only support for -.Xr skey 1 -authentication. -The default is -.Dq yes . .It Cm Ciphers Specifies the ciphers allowed for protocol version 2. Multiple ciphers must be comma-separated. The default is -.Dq aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour. +.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc . .It Cm CheckMail Specifies whether .Nm @@ -362,15 +287,15 @@ .It Cm DenyGroups This keyword can be followed by a number of group names, separated by spaces. -Users whose primary group or supplementary group list matches -one of the patterns aren't allowed to log in. +Users whose primary group matches one of the patterns +aren't allowed to log in. .Ql \&* and .Ql ? can be used as wildcards in the patterns. -Only group names are valid; a numerical group ID isn't recognized. -By default login is allowed regardless of the group list. +Only group names are valid, a numerical group ID isn't recognized. +By default login is allowed regardless of the primary group. .Pp .It Cm DenyUsers This keyword can be followed by a number of user names, separated @@ -380,8 +305,13 @@ and .Ql ? can be used as wildcards in the patterns. -Only user names are valid; a numerical user ID isn't recognized. +Only user names are valid, a numerical user ID isn't recognized. By default login is allowed regardless of the user name. +.It Cm DSAAuthentication +Specifies whether DSA authentication is allowed. +The default is +.Dq yes . +Note that this option applies to protocol version 2 only. .It Cm GatewayPorts Specifies whether remote hosts are allowed to connect to ports forwarded for the client. @@ -391,20 +321,20 @@ .Dq no . The default is .Dq no . +.It Cm HostDsaKey +Specifies the file containing the private DSA host key (default +.Pa /etc/ssh_host_dsa_key ) +used by SSH protocol 2.0. +Note that +.Nm +disables protocol 2.0 if this file is group/world-accessible. .It Cm HostKey -Specifies the file containing the private host keys (default +Specifies the file containing the private RSA host key (default .Pa /etc/ssh_host_key ) -used by SSH protocol versions 1 and 2. +used by SSH protocols 1.3 and 1.5. Note that .Nm -will refuse to use a file if it is group/world-accessible. -It is possible to have multiple host key files. -.Dq rsa1 -keys are used for version 1 and -.Dq dsa -or -.Dq rsa -are used for version 2 of the SSH protocol. +disables protocols 1.3 and 1.5 if this file is group/world-accessible. .It Cm IgnoreRhosts Specifies that .Pa .rhosts @@ -454,15 +384,14 @@ .Cm PasswordAuthentication is yes, the password provided by the user will be validated through the Kerberos KDC. -To use this option, the server needs a -Kerberos servtab which allows the verification of the KDC's identity. Default is .Dq yes . .It Cm KerberosOrLocalPasswd If set then if password authentication through Kerberos fails then the password will be validated via any additional local mechanism such as -.Pa /etc/passwd . +.Pa /etc/passwd +or SecurID. Default is .Dq yes . .It Cm KerberosTgtPassing @@ -506,81 +435,36 @@ The default is INFO. Logging with level DEBUG violates the privacy of users and is not recommended. -.It Cm MACs -Specifies the available MAC (message authentication code) algorithms. -The MAC algorithm is used in protocol version 2 -for data integrity protection. -Multiple algorithms must be comma-separated. -The default is -.Pp -.Bd -literal - ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com, - hmac-sha1-96,hmac-md5-96'' -.Ed -.It Cm MaxStartups -Specifies the maximum number of concurrent unauthenticated connections to the -.Nm -daemon. -Additional connections will be dropped until authentication succeeds or the -.Cm LoginGraceTime -expires for a connection. -The default is 10. -.Pp -Alternatively, random early drop can be enabled by specifying -the three colon separated values -.Dq start:rate:full -(e.g., "10:30:60"). -.Nm -will refuse connection attempts with a probability of -.Dq rate/100 -(30%) -if there are currently -.Dq start -(10) -unauthenticated connections. -The probability increases linearly and all connection attempts -are refused if the number of unauthenticated connections reaches -.Dq full -(60). .It Cm PasswordAuthentication Specifies whether password authentication is allowed. The default is .Dq yes . -Note that this option applies to both protocol versions 1 and 2. +Note that this option applies to both protocol version 1 and 2. .It Cm PermitEmptyPasswords When password authentication is allowed, it specifies whether the server allows login to accounts with empty password strings. The default is .Dq no . .It Cm PermitRootLogin -Specifies whether root can login using +Specifies whether the root can log in using .Xr ssh 1 . The argument must be .Dq yes , -.Dq without-password , -.Dq forced-commands-only +.Dq without-password or .Dq no . The default is .Dq yes . -.Pp -If this option is set to +If this options is set to .Dq without-password -password authentication is disabled for root. +only password authentication is disabled for root. .Pp -If this option is set to -.Dq forced-commands-only -root login with public key authentication will be allowed, -but only if the +Root login with RSA authentication when the .Ar command -option has been specified +option has been +specified will be allowed regardless of the value of this setting (which may be useful for taking remote backups even if root login is -normally not allowed). All other authentication methods are disabled -for root. -.Pp -If this option is set to -.Dq no -root is not allowed to login. +normally not allowed). .It Cm PidFile Specifies the file that contains the process identifier of the .Nm @@ -615,19 +499,9 @@ Multiple versions must be comma-separated. The default is .Dq 1 . -.It Cm PubkeyAuthentication -Specifies whether public key authentication is allowed. -The default is -.Dq yes . -Note that this option applies to protocol version 2 only. -.It Cm ReverseMappingCheck -Specifies whether -.Nm -should try to verify the remote host name and check that -the resolved host name for the remote IP address maps back to the -very same IP address. -The default is -.Dq no . +.It Cm RandomSeed +Obsolete. +Random number generation uses other techniques. .It Cm RhostsAuthentication Specifies whether authentication using rhosts or /etc/hosts.equiv files is sufficient. @@ -651,6 +525,15 @@ .It Cm ServerKeyBits Defines the number of bits in the server key. The minimum value is 512, and the default is 768. +.It Cm SkeyAuthentication +Specifies whether +.Xr skey 1 +authentication is allowed. +The default is +.Dq yes . +Note that s/key authentication is enabled only if +.Cm PasswordAuthentication +is allowed, too. .It Cm StrictModes Specifies whether .Nm @@ -660,17 +543,6 @@ directory or files world-writable. The default is .Dq yes . -.It Cm Subsystem -Configures an external subsystem (e.g., file transfer daemon). -Arguments should be a subsystem name and a command to execute upon subsystem -request. -The command -.Xr sftp-server 8 -implements the -.Dq sftp -file transfer subsystem. -By default no subsystems are defined. -Note that this option applies to protocol version 2 only. .It Cm SyslogFacility Gives the facility code that is used when logging messages from .Nm sshd . @@ -680,10 +552,7 @@ .It Cm UseLogin Specifies whether .Xr login 1 -is used for interactive login sessions. -Note that -.Xr login 1 -is never used for remote command execution. +is used. The default is .Dq no . .It Cm X11DisplayOffset @@ -759,40 +628,29 @@ permitted for RSA authentication in SSH protocols 1.3 and 1.5 Similarly, the .Pa $HOME/.ssh/authorized_keys2 -file lists the DSA and RSA keys that are -permitted for public key authentication (PubkeyAuthentication) -in SSH protocol 2.0. -.Pp +file lists the DSA keys that are +permitted for DSA authentication in SSH protocol 2.0. Each line of the file contains one key (empty lines and lines starting with a .Ql # are ignored as comments). -Each RSA public key consists of the following fields, separated by +Each line consists of the following fields, separated by spaces: options, bits, exponent, modulus, comment. -Each protocol version 2 public key consists of: -options, keytype, base64 encoded key, comment. -The options fields -are optional; its presence is determined by whether the line starts +The options field +is optional; its presence is determined by whether the line starts with a number or not (the option field never starts with a number). -The bits, exponent, modulus and comment fields give the RSA key for -protocol version 1; the +The bits, exponent, modulus and comment fields give the RSA key; the comment field is not used for anything (but may be convenient for the user to identify the key). -For protocol version 2 the keytype is -.Dq ssh-dss -or -.Dq ssh-rsa . .Pp Note that lines in this file are usually several hundred bytes long (because of the size of the RSA key modulus). You don't want to type them in; instead, copy the .Pa identity.pub -or the -.Pa id_dsa.pub file and edit it. .Pp -The options (if present) consist of comma-separated option +The options (if present) consists of comma-separated option specifications. No spaces are permitted, except within double quotes. The following option specifications are supported: @@ -823,9 +681,6 @@ The command supplied by the user (if any) is ignored. The command is run on a pty if the connection requests a pty; otherwise it is run without a tty. -Note that if you want a 8-bit clean channel, -you must not request a pty or should specify -.Cm no-pty . A quote may be included in the command by quoting it with a backslash. This option might be useful to restrict certain RSA keys to perform just a specific operation. @@ -852,15 +707,6 @@ authentication. .It Cm no-pty Prevents tty allocation (a request to allocate a pty will fail). -.It Cm permitopen="host:port" -Limit local -.Li ``ssh -L'' -port-forwading such that it may only connect to the specified host and -port. Multiple -.Cm permitopen -options may be applied seperated by commas. No pattern matching is -performed on the specified hostnames, they must be literal domains or -addresses. .El .Ss Examples 1024 33 12121.\|.\|.\|312314325 ylo@foo.bar @@ -868,8 +714,6 @@ from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula .Pp command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi -.Pp -permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323 .Sh SSH_KNOWN_HOSTS FILE FORMAT The .Pa /etc/ssh_known_hosts , @@ -880,7 +724,7 @@ files contain host public keys for all known hosts. The global file should be prepared by the administrator (optional), and the per-user file is -maintained automatically: whenever the user connects from an unknown host +maintained automatically: whenever the user connects an unknown host its key is added to the per-user file. .Pp Each line in these files contains the following fields: hostnames, @@ -932,34 +776,30 @@ .Nm sshd . This file should be writable by root only, but it is recommended (though not necessary) that it be world-readable. -.It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key -These three files contain the private parts of the -(SSH1, SSH2 DSA, and SSH2 RSA) host keys. -These files should only be owned by root, readable only by root, and not +.It Pa /etc/ssh_host_key +Contains the private part of the host key. +This file should only be owned by root, readable only by root, and not accessible to others. Note that .Nm does not start if this file is group/world-accessible. -.It Pa /etc/ssh_host_key.pub, /etc/ssh_host_dsa_key.pub, /etc/ssh_host_rsa_key.pub -There three files contain the public parts of the -(SSH1, SSH2 DSA, and SSH2 RSA) host keys. -These files should be world-readable but writable only by +.It Pa /etc/ssh_host_key.pub +Contains the public part of the host key. +This file should be world-readable but writable only by root. -Their contents should match the respective private parts. -These files are not -really used for anything; they are provided for the convenience of -the user so their contents can be copied to known hosts files. -These files are created using +Its contents should match the private part. +This file is not +really used for anything; it is only provided for the convenience of +the user so its contents can be copied to known hosts files. +These two files are created using .Xr ssh-keygen 1 . -.It Pa /etc/primes -Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". .It Pa /var/run/sshd.pid Contains the process ID of the .Nm listening for connections (if there are several daemons running concurrently for different ports, this contains the pid of the one started last). -The content of this file is not sensitive; it can be world-readable. +The contents of this file are not sensitive; it can be world-readable. .It Pa $HOME/.ssh/authorized_keys Lists the RSA keys that can be used to log into the user's account. This file must be readable by root (which may on some machines imply @@ -987,7 +827,7 @@ authentication to check the public key of the host. The key must be listed in one of these files to be accepted. The client uses the same files -to verify that it is connecting to the correct remote host. +to verify that the remote host is the one we intended to connect. These files should be writable only by root/the owner. .Pa /etc/ssh_known_hosts should be world-readable, and @@ -1026,7 +866,7 @@ .Pa .rhosts . However, this file is not used by rlogin and rshd, so using this permits access using SSH only. -.It Pa /etc/hosts.equiv +.Pa /etc/hosts.equiv This file is used during .Pa .rhosts authentication. @@ -1106,23 +946,48 @@ This can be used to specify machine-specific login-time initializations globally. This file should be writable only by root, and should be world-readable. +.Sh AUTHOR +OpenSSH +is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen, +but with bugs removed and newer features re-added. +Rapidly after the +1.2.12 release, newer versions of the original ssh bore successively +more restrictive licenses, and thus demand for a free version was born. +.Pp +This version of OpenSSH +.Bl -bullet +.It +has all components of a restrictive nature (i.e., patents, see +.Xr ssl 8 ) +directly removed from the source code; any licensed or patented components +are chosen from +external libraries. +.It +has been updated to support SSH protocol 1.5 and 2, making it compatible with +all other SSH clients and servers. +.It +contains added support for +.Xr kerberos 8 +authentication and ticket passing. +.It +supports one-time password authentication with +.Xr skey 1 . .El -.Sh AUTHORS -OpenSSH is a derivative of the original and free -ssh 1.2.12 release by Tatu Ylonen. -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, -Theo de Raadt and Dug Song -removed many bugs, re-added newer features and -created OpenSSH. -Markus Friedl contributed the support for SSH -protocol versions 1.5 and 2.0. +.Pp +The libraries described in +.Xr ssl 8 +are required for proper operation. +.Pp +OpenSSH has been created by Aaron Campbell, Bob Beck, Markus Friedl, +Niels Provos, Theo de Raadt, and Dug Song. +.Pp +The support for SSH protocol 2 was written by Markus Friedl. .Sh SEE ALSO .Xr scp 1 , -.Xr sftp 1 , -.Xr sftp-server 8 , .Xr ssh 1 , .Xr ssh-add 1 , .Xr ssh-agent 1 , .Xr ssh-keygen 1 , +.Xr ssl 8 , .Xr rlogin 1 , .Xr rsh 1