| version 1.14, 2003/01/23 08:58:47 |
version 1.14.2.3, 2004/03/04 18:18:17 |
|
|
| keywords and their meanings are as follows (note that |
keywords and their meanings are as follows (note that |
| keywords are case-insensitive and arguments are case-sensitive): |
keywords are case-insensitive and arguments are case-sensitive): |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Cm AFSTokenPassing |
|
| Specifies whether an AFS token may be forwarded to the server. |
|
| Default is |
|
| .Dq no . |
|
| .It Cm AllowGroups |
.It Cm AllowGroups |
| This keyword can be followed by a list of group name patterns, separated |
This keyword can be followed by a list of group name patterns, separated |
| by spaces. |
by spaces. |
|
|
| group or supplementary group list matches one of the patterns. |
group or supplementary group list matches one of the patterns. |
| .Ql \&* |
.Ql \&* |
| and |
and |
| .Ql ? |
.Ql \&? |
| can be used as |
can be used as |
| wildcards in the patterns. |
wildcards in the patterns. |
| Only group names are valid; a numerical group ID is not recognized. |
Only group names are valid; a numerical group ID is not recognized. |
|
|
| match one of the patterns. |
match one of the patterns. |
| .Ql \&* |
.Ql \&* |
| and |
and |
| .Ql ? |
.Ql \&? |
| can be used as |
can be used as |
| wildcards in the patterns. |
wildcards in the patterns. |
| Only user names are valid; a numerical user ID is not recognized. |
Only user names are valid; a numerical user ID is not recognized. |
|
|
| for user authentication. |
for user authentication. |
| .Cm AuthorizedKeysFile |
.Cm AuthorizedKeysFile |
| may contain tokens of the form %T which are substituted during connection |
may contain tokens of the form %T which are substituted during connection |
| set-up. The following tokens are defined: %% is replaced by a literal '%', |
set-up. |
| |
The following tokens are defined: %% is replaced by a literal '%', |
| %h is replaced by the home directory of the user being authenticated and |
%h is replaced by the home directory of the user being authenticated and |
| %u is replaced by the username of that user. |
%u is replaced by the username of that user. |
| After expansion, |
After expansion, |
|
|
| .Pp |
.Pp |
| .Bd -literal |
.Bd -literal |
| ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, |
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, |
| aes192-cbc,aes256-cbc'' |
aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr'' |
| .Ed |
.Ed |
| .It Cm ClientAliveInterval |
.It Cm ClientAliveInterval |
| Sets a timeout interval in seconds after which if no data has been received |
Sets a timeout interval in seconds after which if no data has been received |
|
|
| Sets the number of client alive messages (see above) which may be |
Sets the number of client alive messages (see above) which may be |
| sent without |
sent without |
| .Nm sshd |
.Nm sshd |
| receiving any messages back from the client. If this threshold is |
receiving any messages back from the client. |
| reached while client alive messages are being sent, |
If this threshold is reached while client alive messages are being sent, |
| .Nm sshd |
.Nm sshd |
| will disconnect the client, terminating the session. It is important |
will disconnect the client, terminating the session. |
| to note that the use of client alive messages is very different from |
It is important to note that the use of client alive messages is very |
| .Cm KeepAlive |
different from |
| (below). The client alive messages are sent through the |
.Cm TCPKeepAlive |
| encrypted channel and therefore will not be spoofable. The TCP keepalive |
(below). |
| option enabled by |
The client alive messages are sent through the encrypted channel |
| .Cm KeepAlive |
and therefore will not be spoofable. |
| is spoofable. The client alive mechanism is valuable when the client or |
The TCP keepalive option enabled by |
| |
.Cm TCPKeepAlive |
| |
is spoofable. |
| |
The client alive mechanism is valuable when the client or |
| server depend on knowing when a connection has become inactive. |
server depend on knowing when a connection has become inactive. |
| .Pp |
.Pp |
| The default value is 3. If |
The default value is 3. |
| |
If |
| .Cm ClientAliveInterval |
.Cm ClientAliveInterval |
| (above) is set to 15, and |
(above) is set to 15, and |
| .Cm ClientAliveCountMax |
.Cm ClientAliveCountMax |
|
|
| group list matches one of the patterns. |
group list matches one of the patterns. |
| .Ql \&* |
.Ql \&* |
| and |
and |
| .Ql ? |
.Ql \&? |
| can be used as |
can be used as |
| wildcards in the patterns. |
wildcards in the patterns. |
| Only group names are valid; a numerical group ID is not recognized. |
Only group names are valid; a numerical group ID is not recognized. |
|
|
| Login is disallowed for user names that match one of the patterns. |
Login is disallowed for user names that match one of the patterns. |
| .Ql \&* |
.Ql \&* |
| and |
and |
| .Ql ? |
.Ql \&? |
| can be used as wildcards in the patterns. |
can be used as wildcards in the patterns. |
| Only user names are valid; a numerical user ID is not recognized. |
Only user names are valid; a numerical user ID is not recognized. |
| By default, login is allowed for all users. |
By default, login is allowed for all users. |
|
|
| forwarded for the client. |
forwarded for the client. |
| By default, |
By default, |
| .Nm sshd |
.Nm sshd |
| binds remote port forwardings to the loopback address. This |
binds remote port forwardings to the loopback address. |
| prevents other remote hosts from connecting to forwarded ports. |
This prevents other remote hosts from connecting to forwarded ports. |
| .Cm GatewayPorts |
.Cm GatewayPorts |
| can be used to specify that |
can be used to specify that |
| .Nm sshd |
.Nm sshd |
|
|
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| |
.It Cm GSSAPIAuthentication |
| |
Specifies whether user authentication based on GSSAPI is allowed. |
| |
The default is |
| |
.Dq no . |
| |
Note that this option applies to protocol version 2 only. |
| |
.It Cm GSSAPICleanupCredentials |
| |
Specifies whether to automatically destroy the user's credentials cache |
| |
on logout. |
| |
The default is |
| |
.Dq yes . |
| |
Note that this option applies to protocol version 2 only. |
| .It Cm HostbasedAuthentication |
.It Cm HostbasedAuthentication |
| Specifies whether rhosts or /etc/hosts.equiv authentication together |
Specifies whether rhosts or /etc/hosts.equiv authentication together |
| with successful public key client host authentication is allowed |
with successful public key client host authentication is allowed |
|
|
| and |
and |
| .Pa .shosts |
.Pa .shosts |
| files will not be used in |
files will not be used in |
| .Cm RhostsAuthentication , |
|
| .Cm RhostsRSAAuthentication |
.Cm RhostsRSAAuthentication |
| or |
or |
| .Cm HostbasedAuthentication . |
.Cm HostbasedAuthentication . |
|
|
| .Cm HostbasedAuthentication . |
.Cm HostbasedAuthentication . |
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| .It Cm KeepAlive |
|
| Specifies whether the system should send TCP keepalive messages to the |
|
| other side. |
|
| If they are sent, death of the connection or crash of one |
|
| of the machines will be properly noticed. |
|
| However, this means that |
|
| connections will die if the route is down temporarily, and some people |
|
| find it annoying. |
|
| On the other hand, if keepalives are not sent, |
|
| sessions may hang indefinitely on the server, leaving |
|
| .Dq ghost |
|
| users and consuming server resources. |
|
| .Pp |
|
| The default is |
|
| .Dq yes |
|
| (to send keepalives), and the server will notice |
|
| if the network goes down or the client host crashes. |
|
| This avoids infinitely hanging sessions. |
|
| .Pp |
|
| To disable keepalives, the value should be set to |
|
| .Dq no . |
|
| .It Cm KerberosAuthentication |
.It Cm KerberosAuthentication |
| Specifies whether Kerberos authentication is allowed. |
Specifies whether the password provided by the user for |
| This can be in the form of a Kerberos ticket, or if |
|
| .Cm PasswordAuthentication |
.Cm PasswordAuthentication |
| is yes, the password provided by the user will be validated through |
will be validated through the Kerberos KDC. |
| the Kerberos KDC. |
|
| To use this option, the server needs a |
To use this option, the server needs a |
| Kerberos servtab which allows the verification of the KDC's identity. |
Kerberos servtab which allows the verification of the KDC's identity. |
| Default is |
Default is |
|
|
| .Pa /etc/passwd . |
.Pa /etc/passwd . |
| Default is |
Default is |
| .Dq yes . |
.Dq yes . |
| .It Cm KerberosTgtPassing |
|
| Specifies whether a Kerberos TGT may be forwarded to the server. |
|
| Default is |
|
| .Dq no , |
|
| as this only works when the Kerberos KDC is actually an AFS kaserver. |
|
| .It Cm KerberosTicketCleanup |
.It Cm KerberosTicketCleanup |
| Specifies whether to automatically destroy the user's ticket cache |
Specifies whether to automatically destroy the user's ticket cache |
| file on logout. |
file on logout. |
|
|
| .Nm sshd |
.Nm sshd |
| will listen on the address and all prior |
will listen on the address and all prior |
| .Cm Port |
.Cm Port |
| options specified. The default is to listen on all local |
options specified. |
| addresses. Multiple |
The default is to listen on all local addresses. |
| |
Multiple |
| .Cm ListenAddress |
.Cm ListenAddress |
| options are permitted. Additionally, any |
options are permitted. |
| |
Additionally, any |
| .Cm Port |
.Cm Port |
| options must precede this option for non port qualified addresses. |
options must precede this option for non port qualified addresses. |
| .It Cm LoginGraceTime |
.It Cm LoginGraceTime |
|
|
| .Nm sshd . |
.Nm sshd . |
| The possible values are: |
The possible values are: |
| QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. |
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. |
| The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 |
The default is INFO. |
| and DEBUG3 each specify higher levels of debugging output. |
DEBUG and DEBUG1 are equivalent. |
| Logging with a DEBUG level violates the privacy of users |
DEBUG2 and DEBUG3 each specify higher levels of debugging output. |
| and is not recommended. |
Logging with a DEBUG level violates the privacy of users and is not recommended. |
| .It Cm MACs |
.It Cm MACs |
| Specifies the available MAC (message authentication code) algorithms. |
Specifies the available MAC (message authentication code) algorithms. |
| The MAC algorithm is used in protocol version 2 |
The MAC algorithm is used in protocol version 2 |
|
|
| .Ar command |
.Ar command |
| option has been specified |
option has been specified |
| (which may be useful for taking remote backups even if root login is |
(which may be useful for taking remote backups even if root login is |
| normally not allowed). All other authentication methods are disabled |
normally not allowed). |
| for root. |
All other authentication methods are disabled for root. |
| .Pp |
.Pp |
| If this option is set to |
If this option is set to |
| .Dq no |
.Dq no |
|
|
| The default is |
The default is |
| .Dq yes . |
.Dq yes . |
| Note that this option applies to protocol version 2 only. |
Note that this option applies to protocol version 2 only. |
| .It Cm RhostsAuthentication |
|
| Specifies whether authentication using rhosts or /etc/hosts.equiv |
|
| files is sufficient. |
|
| Normally, this method should not be permitted because it is insecure. |
|
| .Cm RhostsRSAAuthentication |
|
| should be used |
|
| instead, because it performs RSA-based host authentication in addition |
|
| to normal rhosts or /etc/hosts.equiv authentication. |
|
| The default is |
|
| .Dq no . |
|
| This option applies to protocol version 1 only. |
|
| .It Cm RhostsRSAAuthentication |
.It Cm RhostsRSAAuthentication |
| Specifies whether rhosts or /etc/hosts.equiv authentication together |
Specifies whether rhosts or /etc/hosts.equiv authentication together |
| with successful RSA host authentication is allowed. |
with successful RSA host authentication is allowed. |
|
|
| The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, |
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, |
| LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. |
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. |
| The default is AUTH. |
The default is AUTH. |
| |
.It Cm TCPKeepAlive |
| |
Specifies whether the system should send TCP keepalive messages to the |
| |
other side. |
| |
If they are sent, death of the connection or crash of one |
| |
of the machines will be properly noticed. |
| |
However, this means that |
| |
connections will die if the route is down temporarily, and some people |
| |
find it annoying. |
| |
On the other hand, if TCP keepalives are not sent, |
| |
sessions may hang indefinitely on the server, leaving |
| |
.Dq ghost |
| |
users and consuming server resources. |
| |
.Pp |
| |
The default is |
| |
.Dq yes |
| |
(to send TCP keepalive messages), and the server will notice |
| |
if the network goes down or the client host crashes. |
| |
This avoids infinitely hanging sessions. |
| |
.Pp |
| |
To disable TCP keepalive messages, the value should be set to |
| |
.Dq no . |
| |
.It Cm UseDNS |
| |
Specifies whether |
| |
.Nm sshd |
| |
should lookup the remote host name and check that |
| |
the resolved host name for the remote IP address maps back to the |
| |
very same IP address. |
| |
The default is |
| |
.Dq yes . |
| .It Cm UseLogin |
.It Cm UseLogin |
| Specifies whether |
Specifies whether |
| .Xr login 1 |
.Xr login 1 |
|
|
| .Xr login 1 |
.Xr login 1 |
| does not know how to handle |
does not know how to handle |
| .Xr xauth 1 |
.Xr xauth 1 |
| cookies. If |
cookies. |
| |
If |
| .Cm UsePrivilegeSeparation |
.Cm UsePrivilegeSeparation |
| is specified, it will be disabled after authentication. |
is specified, it will be disabled after authentication. |
| .It Cm UsePrivilegeSeparation |
.It Cm UsePrivilegeSeparation |
| Specifies whether |
Specifies whether |
| .Nm sshd |
.Nm sshd |
| separates privileges by creating an unprivileged child process |
separates privileges by creating an unprivileged child process |
| to deal with incoming network traffic. After successful authentication, |
to deal with incoming network traffic. |
| another process will be created that has the privilege of the authenticated |
After successful authentication, another process will be created that has |
| user. The goal of privilege separation is to prevent privilege |
the privilege of the authenticated user. |
| |
The goal of privilege separation is to prevent privilege |
| escalation by containing any corruption within the unprivileged processes. |
escalation by containing any corruption within the unprivileged processes. |
| The default is |
The default is |
| .Dq yes . |
.Dq yes . |
| .It Cm VerifyReverseMapping |
|
| Specifies whether |
|
| .Nm sshd |
|
| should try to verify the remote host name and check that |
|
| the resolved host name for the remote IP address maps back to the |
|
| very same IP address. |
|
| The default is |
|
| .Dq no . |
|
| .It Cm X11DisplayOffset |
.It Cm X11DisplayOffset |
| Specifies the first display number available for |
Specifies the first display number available for |
| .Nm sshd Ns 's |
.Nm sshd Ns 's |
|
|
| forwarding (see the warnings for |
forwarding (see the warnings for |
| .Cm ForwardX11 |
.Cm ForwardX11 |
| in |
in |
| .Xr ssh_config 5 ). |
.Xr ssh_config 5 ) . |
| A system administrator may have a stance in which they want to |
A system administrator may have a stance in which they want to |
| protect clients that may expose themselves to attack by unwittingly |
protect clients that may expose themselves to attack by unwittingly |
| requesting X11 forwarding, which can warrant a |
requesting X11 forwarding, which can warrant a |
|
|
| Specifies whether |
Specifies whether |
| .Nm sshd |
.Nm sshd |
| should bind the X11 forwarding server to the loopback address or to |
should bind the X11 forwarding server to the loopback address or to |
| the wildcard address. By default, |
the wildcard address. |
| |
By default, |
| .Nm sshd |
.Nm sshd |
| binds the forwarding server to the loopback address and sets the |
binds the forwarding server to the loopback address and sets the |
| hostname part of the |
hostname part of the |
|
|
| .Pa /usr/X11R6/bin/xauth . |
.Pa /usr/X11R6/bin/xauth . |
| .El |
.El |
| .Ss Time Formats |
.Ss Time Formats |
| .Pp |
|
| .Nm sshd |
.Nm sshd |
| command-line arguments and configuration file options that specify time |
command-line arguments and configuration file options that specify time |
| may be expressed using a sequence of the form: |
may be expressed using a sequence of the form: |
|
|
| This file should be writable by root only, but it is recommended |
This file should be writable by root only, but it is recommended |
| (though not necessary) that it be world-readable. |
(though not necessary) that it be world-readable. |
| .El |
.El |
| |
.Sh SEE ALSO |
| |
.Xr sshd 8 |
| .Sh AUTHORS |
.Sh AUTHORS |
| OpenSSH is a derivative of the original and free |
OpenSSH is a derivative of the original and free |
| ssh 1.2.12 release by Tatu Ylonen. |
ssh 1.2.12 release by Tatu Ylonen. |
|
|
| protocol versions 1.5 and 2.0. |
protocol versions 1.5 and 2.0. |
| Niels Provos and Markus Friedl contributed support |
Niels Provos and Markus Friedl contributed support |
| for privilege separation. |
for privilege separation. |
| .Sh SEE ALSO |
|
| .Xr sshd 8 |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd_config.5 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh