Annotation of src/usr.bin/ssh/sshd.8, Revision 1.39
1.1 deraadt 1: .\" -*- nroff -*-
2: .\"
3: .\" sshd.8.in
4: .\"
5: .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
6: .\"
7: .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8: .\" All rights reserved
9: .\"
10: .\" Created: Sat Apr 22 21:55:14 1995 ylo
11: .\"
1.39 ! deraadt 12: .\" $Id: sshd.8,v 1.38 2000/03/29 07:12:39 deraadt Exp $
1.1 deraadt 13: .\"
1.2 deraadt 14: .Dd September 25, 1999
15: .Dt SSHD 8
16: .Os
17: .Sh NAME
18: .Nm sshd
19: .Nd secure shell daemon
20: .Sh SYNOPSIS
21: .Nm sshd
1.29 markus 22: .Op Fl diqQ46
1.2 deraadt 23: .Op Fl b Ar bits
24: .Op Fl f Ar config_file
25: .Op Fl g Ar login_grace_time
26: .Op Fl h Ar host_key_file
27: .Op Fl k Ar key_gen_time
28: .Op Fl p Ar port
1.26 markus 29: .Op Fl V Ar client_protocol_id
1.2 deraadt 30: .Sh DESCRIPTION
31: .Nm
1.1 deraadt 32: (Secure Shell Daemon) is the daemon program for
1.2 deraadt 33: .Xr ssh 1 .
1.1 deraadt 34: Together these programs replace rlogin and rsh programs, and
35: provide secure encrypted communications between two untrusted hosts
1.36 aaron 36: over an insecure network.
37: The programs are intended to be as easy to
1.1 deraadt 38: install and use as possible.
1.2 deraadt 39: .Pp
40: .Nm
1.36 aaron 41: is the daemon that listens for connections from clients.
42: It is normally started at boot from
1.2 deraadt 43: .Pa /etc/rc .
44: It forks a new
1.36 aaron 45: daemon for each incoming connection.
46: The forked daemons handle
1.1 deraadt 47: key exchange, encryption, authentication, command execution,
48: and data exchange.
1.2 deraadt 49: .Pp
50: .Nm
1.36 aaron 51: works as follows.
52: Each host has a host-specific RSA key
53: (normally 1024 bits) used to identify the host.
54: Additionally, when
1.1 deraadt 55: the daemon starts, it generates a server RSA key (normally 768 bits).
56: This key is normally regenerated every hour if it has been used, and
57: is never stored on disk.
1.2 deraadt 58: .Pp
1.1 deraadt 59: Whenever a client connects the daemon, the daemon sends its host
1.36 aaron 60: and server public keys to the client.
61: The client compares the
1.1 deraadt 62: host key against its own database to verify that it has not changed.
1.36 aaron 63: The client then generates a 256 bit random number.
64: It encrypts this
1.1 deraadt 65: random number using both the host key and the server key, and sends
1.36 aaron 66: the encrypted number to the server.
67: Both sides then start to use this
1.1 deraadt 68: random number as a session key which is used to encrypt all further
1.36 aaron 69: communications in the session.
70: The rest of the session is encrypted
1.5 deraadt 71: using a conventional cipher, currently Blowfish and 3DES, with 3DES
1.39 ! deraadt 72: being used by default.
1.36 aaron 73: The client selects the encryption algorithm
1.5 deraadt 74: to use from those offered by the server.
1.2 deraadt 75: .Pp
1.36 aaron 76: Next, the server and the client enter an authentication dialog.
77: The client tries to authenticate itself using
1.2 deraadt 78: .Pa .rhosts
79: authentication,
80: .Pa .rhosts
81: authentication combined with RSA host
1.1 deraadt 82: authentication, RSA challenge-response authentication, or password
83: based authentication.
1.2 deraadt 84: .Pp
1.1 deraadt 85: Rhosts authentication is normally disabled
86: because it is fundamentally insecure, but can be enabled in the server
1.36 aaron 87: configuration file if desired.
88: System security is not improved unless
1.2 deraadt 89: .Xr rshd 8 ,
90: .Xr rlogind 8 ,
91: .Xr rexecd 8 ,
92: and
93: .Xr rexd 8
1.1 deraadt 94: are disabled (thus completely disabling
1.2 deraadt 95: .Xr rlogin 1
1.1 deraadt 96: and
1.2 deraadt 97: .Xr rsh 1
1.1 deraadt 98: into that machine).
1.2 deraadt 99: .Pp
1.1 deraadt 100: If the client successfully authenticates itself, a dialog for
1.36 aaron 101: preparing the session is entered.
102: At this time the client may request
1.1 deraadt 103: things like allocating a pseudo-tty, forwarding X11 connections,
104: forwarding TCP/IP connections, or forwarding the authentication agent
105: connection over the secure channel.
1.2 deraadt 106: .Pp
1.1 deraadt 107: Finally, the client either requests a shell or execution of a command.
1.36 aaron 108: The sides then enter session mode.
109: In this mode, either side may send
1.1 deraadt 110: data at any time, and such data is forwarded to/from the shell or
111: command on the server side, and the user terminal in the client side.
1.2 deraadt 112: .Pp
1.1 deraadt 113: When the user program terminates and all forwarded X11 and other
114: connections have been closed, the server sends command exit status to
115: the client, and both sides exit.
1.2 deraadt 116: .Pp
117: .Nm
1.1 deraadt 118: can be configured using command-line options or a configuration
1.36 aaron 119: file.
120: Command-line options override values specified in the
1.1 deraadt 121: configuration file.
1.25 markus 122: .Pp
123: .Nm
124: rereads its configuration file when it receives a hangup signal,
125: .Dv SIGHUP .
1.18 aaron 126: .Pp
127: The options are as follows:
1.2 deraadt 128: .Bl -tag -width Ds
129: .It Fl b Ar bits
1.1 deraadt 130: Specifies the number of bits in the server key (default 768).
1.2 deraadt 131: .Pp
132: .It Fl d
1.36 aaron 133: Debug mode.
134: The server sends verbose debug output to the system
135: log, and does not put itself in the background.
136: The server also will not fork and will only process one connection.
137: This option is only intended for debugging for the server.
1.2 deraadt 138: .It Fl f Ar configuration_file
1.36 aaron 139: Specifies the name of the configuration file.
140: The default is
1.2 deraadt 141: .Pa /etc/sshd_config .
1.16 markus 142: .Nm
143: refuses to start if there is no configuration file.
1.2 deraadt 144: .It Fl g Ar login_grace_time
1.1 deraadt 145: Gives the grace time for clients to authenticate themselves (default
1.36 aaron 146: 300 seconds).
147: If the client fails to authenticate the user within
148: this many seconds, the server disconnects and exits.
149: A value of zero indicates no limit.
1.2 deraadt 150: .It Fl h Ar host_key_file
1.1 deraadt 151: Specifies the file from which the host key is read (default
1.2 deraadt 152: .Pa /etc/ssh_host_key ) .
1.7 markus 153: This option must be given if
154: .Nm
155: is not run as root (as the normal
1.1 deraadt 156: host file is normally not readable by anyone but root).
1.2 deraadt 157: .It Fl i
1.7 markus 158: Specifies that
159: .Nm
160: is being run from inetd.
161: .Nm
162: is normally not run
1.1 deraadt 163: from inetd because it needs to generate the server key before it can
1.36 aaron 164: respond to the client, and this may take tens of seconds.
165: Clients would have to wait too long if the key was regenerated every time.
1.35 aaron 166: However, with small key sizes (e.g., 512) using
1.7 markus 167: .Nm
168: from inetd may
1.1 deraadt 169: be feasible.
1.2 deraadt 170: .It Fl k Ar key_gen_time
1.1 deraadt 171: Specifies how often the server key is regenerated (default 3600
1.36 aaron 172: seconds, or one hour).
173: The motivation for regenerating the key fairly
1.1 deraadt 174: often is that the key is not stored anywhere, and after about an hour,
175: it becomes impossible to recover the key for decrypting intercepted
176: communications even if the machine is cracked into or physically
1.36 aaron 177: seized.
178: A value of zero indicates that the key will never be regenerated.
1.2 deraadt 179: .It Fl p Ar port
1.1 deraadt 180: Specifies the port on which the server listens for connections
181: (default 22).
1.2 deraadt 182: .It Fl q
1.36 aaron 183: Quiet mode.
184: Nothing is sent to the system log.
185: Normally the beginning,
1.1 deraadt 186: authentication, and termination of each connection is logged.
1.18 aaron 187: .It Fl Q
188: Do not print an error message if RSA support is missing.
1.26 markus 189: .It Fl V Ar client_protocol_id
190: SSH2 compatibility mode.
191: When this options is specified
192: .Nm
193: assumes the client has sent the given version string
194: and skips the
195: Protocol Version Identification Exchange.
1.29 markus 196: .It Fl 4
197: Forces
198: .Nm
199: to use IPv4 addresses only.
200: .It Fl 6
201: Forces
202: .Nm
203: to use IPv6 addresses only.
1.2 deraadt 204: .El
205: .Sh CONFIGURATION FILE
206: .Nm
1.1 deraadt 207: reads configuration data from
1.2 deraadt 208: .Pa /etc/sshd_config
209: (or the file specified with
210: .Fl f
1.36 aaron 211: on the command line).
212: The file contains keyword-value pairs, one per line.
213: Lines starting with
1.2 deraadt 214: .Ql #
1.1 deraadt 215: and empty lines are interpreted as comments.
1.2 deraadt 216: .Pp
1.1 deraadt 217: The following keywords are possible.
1.2 deraadt 218: .Bl -tag -width Ds
219: .It Cm AFSTokenPassing
1.36 aaron 220: Specifies whether an AFS token may be forwarded to the server.
221: Default is
1.2 deraadt 222: .Dq yes .
1.11 markus 223: .It Cm AllowGroups
224: This keyword can be followed by a number of group names, separated
1.36 aaron 225: by spaces.
226: If specified, login is allowed only for users whose primary
1.11 markus 227: group matches one of the patterns.
228: .Ql \&*
229: and
230: .Ql ?
231: can be used as
1.36 aaron 232: wildcards in the patterns.
233: Only group names are valid, a numerical group ID isn't recognized.
234: By default login is allowed regardless of the primary group.
1.3 dugsong 235: .Pp
1.11 markus 236: .It Cm AllowUsers
237: This keyword can be followed by a number of user names, separated
1.36 aaron 238: by spaces.
239: If specified, login is allowed only for users names that
1.11 markus 240: match one of the patterns.
241: .Ql \&*
242: and
243: .Ql ?
244: can be used as
1.36 aaron 245: wildcards in the patterns.
246: Only user names are valid, a numerical user ID isn't recognized.
247: By default login is allowed regardless of the user name.
1.11 markus 248: .Pp
1.8 markus 249: .It Cm CheckMail
250: Specifies whether
251: .Nm
252: should check for new mail for interactive logins.
253: The default is
254: .Dq no .
1.11 markus 255: .It Cm DenyGroups
256: This keyword can be followed by a number of group names, separated
1.36 aaron 257: by spaces.
258: Users whose primary group matches one of the patterns
1.11 markus 259: aren't allowed to log in.
260: .Ql \&*
261: and
262: .Ql ?
263: can be used as
1.36 aaron 264: wildcards in the patterns.
265: Only group names are valid, a numerical group ID isn't recognized.
266: By default login is allowed regardless of the primary group.
1.11 markus 267: .Pp
268: .It Cm DenyUsers
269: This keyword can be followed by a number of user names, separated
1.36 aaron 270: by spaces.
271: Login is disallowed for user names that match one of the patterns.
1.11 markus 272: .Ql \&*
273: and
274: .Ql ?
1.36 aaron 275: can be used as wildcards in the patterns.
276: Only user names are valid, a numerical user ID isn't recognized.
277: By default login is allowed regardless of the user name.
1.2 deraadt 278: .It Cm HostKey
1.1 deraadt 279: Specifies the file containing the private host key (default
1.2 deraadt 280: .Pa /etc/ssh_host_key ) .
1.9 markus 281: Note that
282: .Nm
1.14 markus 283: does not start if this file is group/world-accessible.
1.2 deraadt 284: .It Cm IgnoreRhosts
1.34 markus 285: Specifies that
286: .Pa .rhosts
287: and
288: .Pa .shosts
289: files will not be used in authentication.
1.2 deraadt 290: .Pa /etc/hosts.equiv
1.1 deraadt 291: and
1.2 deraadt 292: .Pa /etc/shosts.equiv
1.36 aaron 293: are still used.
294: The default is
1.34 markus 295: .Dq yes .
1.24 markus 296: .It Cm IgnoreUserKnownHosts
297: Specifies whether
298: .Nm
299: should ignore the user's
300: .Pa $HOME/.ssh/known_hosts
301: during
302: .Cm RhostsRSAAuthentication .
303: The default is
1.2 deraadt 304: .Dq no .
305: .It Cm KeepAlive
1.1 deraadt 306: Specifies whether the system should send keepalive messages to the
1.36 aaron 307: other side.
308: If they are sent, death of the connection or crash of one
309: of the machines will be properly noticed.
310: However, this means that
1.1 deraadt 311: connections will die if the route is down temporarily, and some people
1.36 aaron 312: find it annoying.
313: On the other hand, if keepalives are not send,
1.2 deraadt 314: sessions may hang indefinitely on the server, leaving
315: .Dq ghost
316: users and consuming server resources.
317: .Pp
318: The default is
319: .Dq yes
320: (to send keepalives), and the server will notice
1.36 aaron 321: if the network goes down or the client host reboots.
322: This avoids infinitely hanging sessions.
1.2 deraadt 323: .Pp
324: To disable keepalives, the value should be set to
325: .Dq no
326: in both the server and the client configuration files.
327: .It Cm KerberosAuthentication
1.36 aaron 328: Specifies whether Kerberos authentication is allowed.
329: This can be in the form of a Kerberos ticket, or if
1.7 markus 330: .Cm PasswordAuthentication
1.1 deraadt 331: is yes, the password provided by the user will be validated through
1.36 aaron 332: the Kerberos KDC.
333: Default is
1.3 dugsong 334: .Dq yes .
1.2 deraadt 335: .It Cm KerberosOrLocalPasswd
1.1 deraadt 336: If set then if password authentication through Kerberos fails then
337: the password will be validated via any additional local mechanism
1.2 deraadt 338: such as
339: .Pa /etc/passwd
1.36 aaron 340: or SecurID.
341: Default is
1.20 dugsong 342: .Dq yes .
1.2 deraadt 343: .It Cm KerberosTgtPassing
1.1 deraadt 344: Specifies whether a Kerberos TGT may be forwarded to the server.
1.3 dugsong 345: Default is
346: .Dq no ,
347: as this only works when the Kerberos KDC is actually an AFS kaserver.
1.2 deraadt 348: .It Cm KerberosTicketCleanup
1.7 markus 349: Specifies whether to automatically destroy the user's ticket cache
1.36 aaron 350: file on logout.
351: Default is
1.3 dugsong 352: .Dq yes .
1.2 deraadt 353: .It Cm KeyRegenerationInterval
1.1 deraadt 354: The server key is automatically regenerated after this many seconds
1.36 aaron 355: (if it has been used).
356: The purpose of regeneration is to prevent
1.1 deraadt 357: decrypting captured sessions by later breaking into the machine and
1.36 aaron 358: stealing the keys.
359: The key is never stored anywhere.
360: If the value is 0, the key is never regenerated.
361: The default is 3600 (seconds).
1.7 markus 362: .It Cm ListenAddress
363: Specifies what local address
364: .Nm
365: should listen on.
366: The default is to listen to all local addresses.
1.28 markus 367: Multiple options of this type are permitted.
368: Additionally, the
369: .Cm Ports
370: options must precede this option.
1.2 deraadt 371: .It Cm LoginGraceTime
1.1 deraadt 372: The server disconnects after this time if the user has not
1.36 aaron 373: successfully logged in.
374: If the value is 0, there is no time limit.
1.1 deraadt 375: The default is 600 (seconds).
1.23 markus 376: .It Cm LogLevel
377: Gives the verbosity level that is used when logging messages from
378: .Nm sshd .
379: The possible values are:
1.27 markus 380: QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
1.23 markus 381: The default is INFO.
382: Logging with level DEBUG violates the privacy of users
383: and is not recommended.
1.2 deraadt 384: .It Cm PasswordAuthentication
1.1 deraadt 385: Specifies whether password authentication is allowed.
1.2 deraadt 386: The default is
387: .Dq yes .
388: .It Cm PermitEmptyPasswords
1.1 deraadt 389: When password authentication is allowed, it specifies whether the
1.36 aaron 390: server allows login to accounts with empty password strings.
391: The default is
1.34 markus 392: .Dq no .
1.2 deraadt 393: .It Cm PermitRootLogin
1.1 deraadt 394: Specifies whether the root can log in using
1.2 deraadt 395: .Xr ssh 1 .
1.15 markus 396: The argument must be
397: .Dq yes ,
398: .Dq without-password
399: or
400: .Dq no .
1.2 deraadt 401: The default is
402: .Dq yes .
1.15 markus 403: If this options is set to
404: .Dq without-password
405: only password authentication is disabled for root.
1.2 deraadt 406: .Pp
407: Root login with RSA authentication when the
408: .Ar command
409: option has been
1.1 deraadt 410: specified will be allowed regardless of the value of this setting
411: (which may be useful for taking remote backups even if root login is
412: normally not allowed).
1.2 deraadt 413: .It Cm Port
1.1 deraadt 414: Specifies the port number that
1.2 deraadt 415: .Nm
1.36 aaron 416: listens on.
417: The default is 22.
1.28 markus 418: Multiple options of this type are permitted.
1.2 deraadt 419: .It Cm PrintMotd
1.1 deraadt 420: Specifies whether
1.2 deraadt 421: .Nm
1.1 deraadt 422: should print
1.2 deraadt 423: .Pa /etc/motd
1.36 aaron 424: when a user logs in interactively.
425: (On some systems it is also printed by the shell,
1.2 deraadt 426: .Pa /etc/profile ,
1.36 aaron 427: or equivalent.)
428: The default is
1.2 deraadt 429: .Dq yes .
430: .It Cm RandomSeed
1.36 aaron 431: Obsolete.
432: Random number generation uses other techniques.
1.2 deraadt 433: .It Cm RhostsAuthentication
1.1 deraadt 434: Specifies whether authentication using rhosts or /etc/hosts.equiv
1.36 aaron 435: files is sufficient.
436: Normally, this method should not be permitted because it is insecure.
1.7 markus 437: .Cm RhostsRSAAuthentication
438: should be used
1.1 deraadt 439: instead, because it performs RSA-based host authentication in addition
440: to normal rhosts or /etc/hosts.equiv authentication.
1.2 deraadt 441: The default is
442: .Dq no .
443: .It Cm RhostsRSAAuthentication
1.1 deraadt 444: Specifies whether rhosts or /etc/hosts.equiv authentication together
1.36 aaron 445: with successful RSA host authentication is allowed.
446: The default is
1.34 markus 447: .Dq no .
1.2 deraadt 448: .It Cm RSAAuthentication
1.36 aaron 449: Specifies whether pure RSA authentication is allowed.
450: The default is
1.2 deraadt 451: .Dq yes .
452: .It Cm ServerKeyBits
1.36 aaron 453: Defines the number of bits in the server key.
454: The minimum value is 512, and the default is 768.
1.7 markus 455: .It Cm SkeyAuthentication
456: Specifies whether
457: .Xr skey 1
1.36 aaron 458: authentication is allowed.
459: The default is
1.7 markus 460: .Dq yes .
461: Note that s/key authentication is enabled only if
462: .Cm PasswordAuthentication
463: is allowed, too.
1.2 deraadt 464: .It Cm StrictModes
1.12 markus 465: Specifies whether
466: .Nm
467: should check file modes and ownership of the
1.36 aaron 468: user's files and home directory before accepting login.
469: This is normally desirable because novices sometimes accidentally leave their
470: directory or files world-writable.
471: The default is
1.7 markus 472: .Dq yes .
1.2 deraadt 473: .It Cm SyslogFacility
1.1 deraadt 474: Gives the facility code that is used when logging messages from
1.2 deraadt 475: .Nm sshd .
1.1 deraadt 476: The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
1.36 aaron 477: LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
478: The default is AUTH.
1.10 markus 479: .It Cm UseLogin
480: Specifies whether
481: .Xr login 1
1.36 aaron 482: is used.
483: The default is
1.10 markus 484: .Dq no .
1.6 aaron 485: .It Cm X11DisplayOffset
486: Specifies the first display number available for
487: .Nm sshd Ns 's
1.36 aaron 488: X11 forwarding.
489: This prevents
1.6 aaron 490: .Nm
491: from interfering with real X11 servers.
1.34 markus 492: The default is 10.
1.30 markus 493: .It Cm X11Forwarding
1.36 aaron 494: Specifies whether X11 forwarding is permitted.
495: The default is
1.34 markus 496: .Dq no .
1.30 markus 497: Note that disabling X11 forwarding does not improve security in any
498: way, as users can always install their own forwarders.
1.2 deraadt 499: .El
500: .Sh LOGIN PROCESS
1.1 deraadt 501: When a user successfully logs in,
1.2 deraadt 502: .Nm
1.1 deraadt 503: does the following:
1.2 deraadt 504: .Bl -enum -offset indent
505: .It
1.1 deraadt 506: If the login is on a tty, and no command has been specified,
507: prints last login time and
1.2 deraadt 508: .Pa /etc/motd
1.1 deraadt 509: (unless prevented in the configuration file or by
1.2 deraadt 510: .Pa $HOME/.hushlogin ;
511: see the
512: .Sx FILES
513: section).
514: .It
1.1 deraadt 515: If the login is on a tty, records login time.
1.2 deraadt 516: .It
517: Checks
518: .Pa /etc/nologin ;
519: if it exists, prints contents and quits
1.1 deraadt 520: (unless root).
1.2 deraadt 521: .It
1.1 deraadt 522: Changes to run with normal user privileges.
1.2 deraadt 523: .It
1.1 deraadt 524: Sets up basic environment.
1.2 deraadt 525: .It
526: Reads
527: .Pa $HOME/.ssh/environment
528: if it exists.
529: .It
1.1 deraadt 530: Changes to user's home directory.
1.2 deraadt 531: .It
532: If
533: .Pa $HOME/.ssh/rc
534: exists, runs it; else if
535: .Pa /etc/sshrc
536: exists, runs
1.36 aaron 537: it; otherwise runs xauth.
538: The
1.2 deraadt 539: .Dq rc
540: files are given the X11
1.1 deraadt 541: authentication protocol and cookie in standard input.
1.2 deraadt 542: .It
1.1 deraadt 543: Runs user's shell or command.
1.2 deraadt 544: .El
545: .Sh AUTHORIZED_KEYS FILE FORMAT
1.1 deraadt 546: The
1.2 deraadt 547: .Pa $HOME/.ssh/authorized_keys
1.1 deraadt 548: file lists the RSA keys that are
1.36 aaron 549: permitted for RSA authentication.
550: Each line of the file contains one
1.2 deraadt 551: key (empty lines and lines starting with a
552: .Ql #
553: are ignored as
1.36 aaron 554: comments).
555: Each line consists of the following fields, separated by
556: spaces: options, bits, exponent, modulus, comment.
557: The options field
1.1 deraadt 558: is optional; its presence is determined by whether the line starts
559: with a number or not (the option field never starts with a number).
560: The bits, exponent, modulus and comment fields give the RSA key; the
561: comment field is not used for anything (but may be convenient for the
562: user to identify the key).
1.2 deraadt 563: .Pp
1.1 deraadt 564: Note that lines in this file are usually several hundred bytes long
1.36 aaron 565: (because of the size of the RSA key modulus).
566: You don't want to type them in; instead, copy the
1.2 deraadt 567: .Pa identity.pub
1.1 deraadt 568: file and edit it.
1.2 deraadt 569: .Pp
1.1 deraadt 570: The options (if present) consists of comma-separated option
1.36 aaron 571: specifications.
572: No spaces are permitted, except within double quotes.
1.1 deraadt 573: The following option specifications are supported:
1.2 deraadt 574: .Bl -tag -width Ds
575: .It Cm from="pattern-list"
1.1 deraadt 576: Specifies that in addition to RSA authentication, the canonical name
577: of the remote host must be present in the comma-separated list of
1.36 aaron 578: patterns
579: .Pf ( Ql *
580: and
581: .Ql ?
582: serve as wildcards).
583: The list may also contain
584: patterns negated by prefixing them with
585: .Ql ! ;
586: if the canonical host name matches a negated pattern, the key is not accepted.
587: The purpose
1.1 deraadt 588: of this option is to optionally increase security: RSA authentication
589: by itself does not trust the network or name servers or anything (but
590: the key); however, if somebody somehow steals the key, the key
1.36 aaron 591: permits an intruder to log in from anywhere in the world.
592: This additional option makes using a stolen key more difficult (name
1.1 deraadt 593: servers and/or routers would have to be compromised in addition to
594: just the key).
1.2 deraadt 595: .It Cm command="command"
1.1 deraadt 596: Specifies that the command is executed whenever this key is used for
1.36 aaron 597: authentication.
598: The command supplied by the user (if any) is ignored.
1.1 deraadt 599: The command is run on a pty if the connection requests a pty;
1.36 aaron 600: otherwise it is run without a tty.
601: A quote may be included in the command by quoting it with a backslash.
602: This option might be useful
603: to restrict certain RSA keys to perform just a specific operation.
604: An example might be a key that permits remote backups but nothing else.
605: Notice that the client may specify TCP/IP and/or X11
1.1 deraadt 606: forwardings unless they are explicitly prohibited.
1.2 deraadt 607: .It Cm environment="NAME=value"
1.1 deraadt 608: Specifies that the string is to be added to the environment when
1.36 aaron 609: logging in using this key.
610: Environment variables set this way
611: override other default environment values.
612: Multiple options of this type are permitted.
1.2 deraadt 613: .It Cm no-port-forwarding
1.1 deraadt 614: Forbids TCP/IP forwarding when this key is used for authentication.
1.36 aaron 615: Any port forward requests by the client will return an error.
616: This might be used, e.g., in connection with the
1.2 deraadt 617: .Cm command
1.1 deraadt 618: option.
1.2 deraadt 619: .It Cm no-X11-forwarding
1.1 deraadt 620: Forbids X11 forwarding when this key is used for authentication.
621: Any X11 forward requests by the client will return an error.
1.2 deraadt 622: .It Cm no-agent-forwarding
1.1 deraadt 623: Forbids authentication agent forwarding when this key is used for
624: authentication.
1.2 deraadt 625: .It Cm no-pty
1.1 deraadt 626: Prevents tty allocation (a request to allocate a pty will fail).
1.2 deraadt 627: .El
628: .Ss Examples
1.1 deraadt 629: 1024 33 12121.\|.\|.\|312314325 ylo@foo.bar
1.2 deraadt 630: .Pp
1.1 deraadt 631: from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula
1.2 deraadt 632: .Pp
1.1 deraadt 633: command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi
1.2 deraadt 634: .Sh SSH_KNOWN_HOSTS FILE FORMAT
1.1 deraadt 635: The
1.2 deraadt 636: .Pa /etc/ssh_known_hosts
1.1 deraadt 637: and
1.2 deraadt 638: .Pa $HOME/.ssh/known_hosts
1.36 aaron 639: files contain host public keys for all known hosts.
640: The global file should
1.37 brad 641: be prepared by the administrator (optional), and the per-user file is
1.1 deraadt 642: maintained automatically: whenever the user connects an unknown host
1.36 aaron 643: its key is added to the per-user file.
1.2 deraadt 644: .Pp
1.1 deraadt 645: Each line in these files contains the following fields: hostnames,
1.36 aaron 646: bits, exponent, modulus, comment.
647: The fields are separated by spaces.
1.2 deraadt 648: .Pp
1.1 deraadt 649: Hostnames is a comma-separated list of patterns ('*' and '?' act as
650: wildcards); each pattern in turn is matched against the canonical host
651: name (when authenticating a client) or against the user-supplied
1.36 aaron 652: name (when authenticating a server).
653: A pattern may also be preceded by
1.2 deraadt 654: .Ql !
655: to indicate negation: if the host name matches a negated
1.1 deraadt 656: pattern, it is not accepted (by that line) even if it matched another
657: pattern on the line.
1.2 deraadt 658: .Pp
1.1 deraadt 659: Bits, exponent, and modulus are taken directly from the host key; they
1.2 deraadt 660: can be obtained, e.g., from
661: .Pa /etc/ssh_host_key.pub .
1.1 deraadt 662: The optional comment field continues to the end of the line, and is not used.
1.2 deraadt 663: .Pp
664: Lines starting with
665: .Ql #
666: and empty lines are ignored as comments.
667: .Pp
1.1 deraadt 668: When performing host authentication, authentication is accepted if any
1.36 aaron 669: matching line has the proper key.
670: It is thus permissible (but not
1.1 deraadt 671: recommended) to have several lines or different host keys for the same
1.36 aaron 672: names.
673: This will inevitably happen when short forms of host names
674: from different domains are put in the file.
675: It is possible
1.1 deraadt 676: that the files contain conflicting information; authentication is
677: accepted if valid information can be found from either file.
1.2 deraadt 678: .Pp
1.1 deraadt 679: Note that the lines in these files are typically hundreds of characters
680: long, and you definitely don't want to type in the host keys by hand.
1.6 aaron 681: Rather, generate them by a script
1.1 deraadt 682: or by taking
1.2 deraadt 683: .Pa /etc/ssh_host_key.pub
1.1 deraadt 684: and adding the host names at the front.
1.2 deraadt 685: .Ss Examples
1.1 deraadt 686: closenet,closenet.hut.fi,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi
1.2 deraadt 687: .Sh FILES
688: .Bl -tag -width Ds
689: .It Pa /etc/sshd_config
1.1 deraadt 690: Contains configuration data for
1.2 deraadt 691: .Nm sshd .
1.1 deraadt 692: This file should be writable by root only, but it is recommended
693: (though not necessary) that it be world-readable.
1.2 deraadt 694: .It Pa /etc/ssh_host_key
1.7 markus 695: Contains the private part of the host key.
1.1 deraadt 696: This file should only be owned by root, readable only by root, and not
697: accessible to others.
1.14 markus 698: Note that
699: .Nm
700: does not start if this file is group/world-accessible.
1.2 deraadt 701: .It Pa /etc/ssh_host_key.pub
1.7 markus 702: Contains the public part of the host key.
703: This file should be world-readable but writable only by
1.36 aaron 704: root.
705: Its contents should match the private part.
706: This file is not
1.1 deraadt 707: really used for anything; it is only provided for the convenience of
708: the user so its contents can be copied to known hosts files.
1.7 markus 709: These two files are created using
710: .Xr ssh-keygen 1 .
1.2 deraadt 711: .It Pa /var/run/sshd.pid
712: Contains the process ID of the
713: .Nm
1.1 deraadt 714: listening for connections (if there are several daemons running
715: concurrently for different ports, this contains the pid of the one
1.36 aaron 716: started last).
717: The contents of this file are not sensitive; it can be world-readable.
1.2 deraadt 718: .It Pa $HOME/.ssh/authorized_keys
1.1 deraadt 719: Lists the RSA keys that can be used to log into the user's account.
720: This file must be readable by root (which may on some machines imply
721: it being world-readable if the user's home directory resides on an NFS
1.36 aaron 722: volume).
723: It is recommended that it not be accessible by others.
724: The format of this file is described above.
1.22 markus 725: .It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
726: These files are consulted when using rhosts with RSA host
1.36 aaron 727: authentication to check the public key of the host.
728: The key must be listed in one of these files to be accepted.
1.22 markus 729: The client uses the same files
1.36 aaron 730: to verify that the remote host is the one we intended to connect.
731: These files should be writable only by root/the owner.
1.2 deraadt 732: .Pa /etc/ssh_known_hosts
733: should be world-readable, and
734: .Pa $HOME/.ssh/known_hosts
735: can but need not be world-readable.
1.6 aaron 736: .It Pa /etc/nologin
1.1 deraadt 737: If this file exists,
1.2 deraadt 738: .Nm
1.36 aaron 739: refuses to let anyone except root log in.
740: The contents of the file
1.1 deraadt 741: are displayed to anyone trying to log in, and non-root connections are
1.36 aaron 742: refused.
743: The file should be world-readable.
1.19 dugsong 744: .It Pa /etc/hosts.allow, /etc/hosts.deny
745: If compiled with
746: .Sy LIBWRAP
747: support, tcp-wrappers access controls may be defined here as described in
748: .Xr hosts_access 5 .
1.6 aaron 749: .It Pa $HOME/.rhosts
1.1 deraadt 750: This file contains host-username pairs, separated by a space, one per
1.36 aaron 751: line.
752: The given user on the corresponding host is permitted to log in
753: without password.
754: The same file is used by rlogind and rshd.
1.6 aaron 755: The file must
1.1 deraadt 756: be writable only by the user; it is recommended that it not be
757: accessible by others.
1.2 deraadt 758: .Pp
1.36 aaron 759: If is also possible to use netgroups in the file.
760: Either host or user
1.1 deraadt 761: name may be of the form +@groupname to specify all hosts or all users
762: in the group.
1.2 deraadt 763: .It Pa $HOME/.shosts
764: For ssh,
765: this file is exactly the same as for
766: .Pa .rhosts .
767: However, this file is
768: not used by rlogin and rshd, so using this permits access using SSH only.
769: .Pa /etc/hosts.equiv
770: This file is used during
771: .Pa .rhosts
1.36 aaron 772: authentication.
773: In the simplest form, this file contains host names, one per line.
774: Users on
1.1 deraadt 775: those hosts are permitted to log in without a password, provided they
1.36 aaron 776: have the same user name on both machines.
777: The host name may also be
1.1 deraadt 778: followed by a user name; such users are permitted to log in as
1.2 deraadt 779: .Em any
1.36 aaron 780: user on this machine (except root).
781: Additionally, the syntax
1.2 deraadt 782: .Dq +@group
1.36 aaron 783: can be used to specify netgroups.
784: Negated entries start with
1.2 deraadt 785: .Ql \&- .
786: .Pp
1.1 deraadt 787: If the client host/user is successfully matched in this file, login is
788: automatically permitted provided the client and server user names are the
1.36 aaron 789: same.
790: Additionally, successful RSA host authentication is normally required.
791: This file must be writable only by root; it is recommended
1.1 deraadt 792: that it be world-readable.
1.2 deraadt 793: .Pp
1.6 aaron 794: .Sy "Warning: It is almost never a good idea to use user names in"
1.2 deraadt 795: .Pa hosts.equiv .
1.1 deraadt 796: Beware that it really means that the named user(s) can log in as
1.2 deraadt 797: .Em anybody ,
1.1 deraadt 798: which includes bin, daemon, adm, and other accounts that own critical
1.36 aaron 799: binaries and directories.
800: Using a user name practically grants the user root access.
801: The only valid use for user names that I can think
1.1 deraadt 802: of is in negative entries.
1.2 deraadt 803: .Pp
804: Note that this warning also applies to rsh/rlogin.
805: .It Pa /etc/shosts.equiv
1.1 deraadt 806: This is processed exactly as
1.2 deraadt 807: .Pa /etc/hosts.equiv .
1.1 deraadt 808: However, this file may be useful in environments that want to run both
1.2 deraadt 809: rsh/rlogin and ssh.
1.6 aaron 810: .It Pa $HOME/.ssh/environment
1.36 aaron 811: This file is read into the environment at login (if it exists).
812: It can only contain empty lines, comment lines (that start with
1.2 deraadt 813: .Ql # ) ,
1.36 aaron 814: and assignment lines of the form name=value.
815: The file should be writable
1.6 aaron 816: only by the user; it need not be readable by anyone else.
1.2 deraadt 817: .It Pa $HOME/.ssh/rc
1.1 deraadt 818: If this file exists, it is run with /bin/sh after reading the
1.36 aaron 819: environment files but before starting the user's shell or command.
820: If X11 spoofing is in use, this will receive the "proto cookie" pair in
1.2 deraadt 821: standard input (and
822: .Ev DISPLAY
1.36 aaron 823: in environment).
824: This must call
1.2 deraadt 825: .Xr xauth 1
826: in that case.
827: .Pp
1.1 deraadt 828: The primary purpose of this file is to run any initialization routines
829: which may be needed before the user's home directory becomes
830: accessible; AFS is a particular example of such an environment.
1.2 deraadt 831: .Pp
1.1 deraadt 832: This file will probably contain some initialization code followed by
833: something similar to: "if read proto cookie; then echo add $DISPLAY
834: $proto $cookie | xauth -q -; fi".
1.2 deraadt 835: .Pp
836: If this file does not exist,
837: .Pa /etc/sshrc
838: is run, and if that
1.1 deraadt 839: does not exist either, xauth is used to store the cookie.
1.2 deraadt 840: .Pp
1.1 deraadt 841: This file should be writable only by the user, and need not be
842: readable by anyone else.
1.2 deraadt 843: .It Pa /etc/sshrc
844: Like
845: .Pa $HOME/.ssh/rc .
846: This can be used to specify
1.36 aaron 847: machine-specific login-time initializations globally.
848: This file should be writable only by root, and should be world-readable.
1.2 deraadt 849: .Sh AUTHOR
1.17 deraadt 850: OpenSSH
1.33 deraadt 851: is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen,
1.36 aaron 852: but with bugs removed and newer features re-added.
853: Rapidly after the
1.33 deraadt 854: 1.2.12 release, newer versions of the original ssh bore successively
855: more restrictive licenses, and thus demand for a free version was born.
856: This version of OpenSSH
1.17 deraadt 857: .Bl -bullet
858: .It
1.32 aaron 859: has all components of a restrictive nature (i.e., patents, see
1.17 deraadt 860: .Xr ssl 8 )
861: directly removed from the source code; any licensed or patented components
862: are chosen from
863: external libraries.
864: .It
1.33 deraadt 865: has been updated to support ssh protocol 1.5, making it compatible with
866: all other ssh protocol 1 clients and servers.
1.17 deraadt 867: .It
868: contains added support for
869: .Xr kerberos 8
870: authentication and ticket passing.
871: .It
872: supports one-time password authentication with
873: .Xr skey 1 .
874: .El
875: .Pp
876: The libraries described in
1.5 deraadt 877: .Xr ssl 8
878: are required for proper operation.
1.2 deraadt 879: .Sh SEE ALSO
880: .Xr scp 1 ,
881: .Xr ssh 1 ,
1.5 deraadt 882: .Xr ssh-add 1 ,
1.2 deraadt 883: .Xr ssh-agent 1 ,
1.5 deraadt 884: .Xr ssh-keygen 1 ,
1.38 deraadt 885: .Xr ssl 8 ,
886: .Xr rlogin 1 ,
887: .Xr rsh 1