version 1.51, 2006/02/24 20:31:31 |
version 1.52, 2006/02/24 23:43:57 |
|
|
Valid arguments are |
Valid arguments are |
.Dq any , |
.Dq any , |
.Dq inet |
.Dq inet |
(use IPv4 only) or |
(use IPv4 only), or |
.Dq inet6 |
.Dq inet6 |
(use IPv6 only). |
(use IPv6 only). |
The default is |
The default is |
|
|
for user authentication. |
for user authentication. |
.Cm AuthorizedKeysFile |
.Cm AuthorizedKeysFile |
may contain tokens of the form %T which are substituted during connection |
may contain tokens of the form %T which are substituted during connection |
set-up. |
setup. |
The following tokens are defined: %% is replaced by a literal '%', |
The following tokens are defined: %% is replaced by a literal '%', |
%h is replaced by the home directory of the user being authenticated and |
%h is replaced by the home directory of the user being authenticated, and |
%u is replaced by the username of that user. |
%u is replaced by the username of that user. |
After expansion, |
After expansion, |
.Cm AuthorizedKeysFile |
.Cm AuthorizedKeysFile |
|
|
.Dq blowfish-cbc , |
.Dq blowfish-cbc , |
and |
and |
.Dq cast128-cbc . |
.Dq cast128-cbc . |
The default is |
The default is: |
.Bd -literal |
.Bd -literal -offset 3n |
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, |
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, |
arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, |
arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, |
aes192-ctr,aes256-ctr'' |
aes192-ctr,aes256-ctr |
.Ed |
.Ed |
.It Cm ClientAliveCountMax |
.It Cm ClientAliveCountMax |
Sets the number of client alive messages (see below) which may be |
Sets the number of client alive messages (see below) which may be |
sent without |
sent without |
.Nm sshd |
.Xr sshd 8 |
receiving any messages back from the client. |
receiving any messages back from the client. |
If this threshold is reached while client alive messages are being sent, |
If this threshold is reached while client alive messages are being sent, |
.Nm sshd |
sshd will disconnect the client, terminating the session. |
will disconnect the client, terminating the session. |
|
It is important to note that the use of client alive messages is very |
It is important to note that the use of client alive messages is very |
different from |
different from |
.Cm TCPKeepAlive |
.Cm TCPKeepAlive |
|
|
.Cm ClientAliveInterval |
.Cm ClientAliveInterval |
(see below) is set to 15, and |
(see below) is set to 15, and |
.Cm ClientAliveCountMax |
.Cm ClientAliveCountMax |
is left at the default, unresponsive ssh clients |
is left at the default, unresponsive SSH clients |
will be disconnected after approximately 45 seconds. |
will be disconnected after approximately 45 seconds. |
.It Cm ClientAliveInterval |
.It Cm ClientAliveInterval |
Sets a timeout interval in seconds after which if no data has been received |
Sets a timeout interval in seconds after which if no data has been received |
from the client, |
from the client, |
.Nm sshd |
.Xr sshd 8 |
will send a message through the encrypted |
will send a message through the encrypted |
channel to request a response from the client. |
channel to request a response from the client. |
The default |
The default |
|
|
Specifies whether remote hosts are allowed to connect to ports |
Specifies whether remote hosts are allowed to connect to ports |
forwarded for the client. |
forwarded for the client. |
By default, |
By default, |
.Nm sshd |
.Xr sshd 8 |
binds remote port forwardings to the loopback address. |
binds remote port forwardings to the loopback address. |
This prevents other remote hosts from connecting to forwarded ports. |
This prevents other remote hosts from connecting to forwarded ports. |
.Cm GatewayPorts |
.Cm GatewayPorts |
can be used to specify that |
can be used to specify that sshd |
.Nm sshd |
|
should allow remote port forwardings to bind to non-loopback addresses, thus |
should allow remote port forwardings to bind to non-loopback addresses, thus |
allowing other hosts to connect. |
allowing other hosts to connect. |
The argument may be |
The argument may be |
|
|
.Pa /etc/ssh/ssh_host_dsa_key |
.Pa /etc/ssh/ssh_host_dsa_key |
for protocol version 2. |
for protocol version 2. |
Note that |
Note that |
.Nm sshd |
.Xr sshd 8 |
will refuse to use a file if it is group/world-accessible. |
will refuse to use a file if it is group/world-accessible. |
It is possible to have multiple host key files. |
It is possible to have multiple host key files. |
.Dq rsa1 |
.Dq rsa1 |
|
|
.Dq yes . |
.Dq yes . |
.It Cm IgnoreUserKnownHosts |
.It Cm IgnoreUserKnownHosts |
Specifies whether |
Specifies whether |
.Nm sshd |
.Xr sshd 8 |
should ignore the user's |
should ignore the user's |
.Pa ~/.ssh/known_hosts |
.Pa ~/.ssh/known_hosts |
during |
during |
|
|
will be validated through the Kerberos KDC. |
will be validated through the Kerberos KDC. |
To use this option, the server needs a |
To use this option, the server needs a |
Kerberos servtab which allows the verification of the KDC's identity. |
Kerberos servtab which allows the verification of the KDC's identity. |
Default is |
The default is |
.Dq no . |
.Dq no . |
.It Cm KerberosGetAFSToken |
.It Cm KerberosGetAFSToken |
If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire |
If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire |
an AFS token before accessing the user's home directory. |
an AFS token before accessing the user's home directory. |
Default is |
The default is |
.Dq no . |
.Dq no . |
.It Cm KerberosOrLocalPasswd |
.It Cm KerberosOrLocalPasswd |
If set then if password authentication through Kerberos fails then |
If password authentication through Kerberos fails then |
the password will be validated via any additional local mechanism |
the password will be validated via any additional local mechanism |
such as |
such as |
.Pa /etc/passwd . |
.Pa /etc/passwd . |
Default is |
The default is |
.Dq yes . |
.Dq yes . |
.It Cm KerberosTicketCleanup |
.It Cm KerberosTicketCleanup |
Specifies whether to automatically destroy the user's ticket cache |
Specifies whether to automatically destroy the user's ticket cache |
file on logout. |
file on logout. |
Default is |
The default is |
.Dq yes . |
.Dq yes . |
.It Cm KeyRegenerationInterval |
.It Cm KeyRegenerationInterval |
In protocol version 1, the ephemeral server key is automatically regenerated |
In protocol version 1, the ephemeral server key is automatically regenerated |
|
|
The default is 3600 (seconds). |
The default is 3600 (seconds). |
.It Cm ListenAddress |
.It Cm ListenAddress |
Specifies the local addresses |
Specifies the local addresses |
.Nm sshd |
.Xr sshd 8 |
should listen on. |
should listen on. |
The following forms may be used: |
The following forms may be used: |
.Pp |
.Pp |
|
|
If |
If |
.Ar port |
.Ar port |
is not specified, |
is not specified, |
.Nm sshd |
sshd will listen on the address and all prior |
will listen on the address and all prior |
|
.Cm Port |
.Cm Port |
options specified. |
options specified. |
The default is to listen on all local addresses. |
The default is to listen on all local addresses. |
|
|
options are permitted. |
options are permitted. |
Additionally, any |
Additionally, any |
.Cm Port |
.Cm Port |
options must precede this option for non port qualified addresses. |
options must precede this option for non-port qualified addresses. |
.It Cm LoginGraceTime |
.It Cm LoginGraceTime |
The server disconnects after this time if the user has not |
The server disconnects after this time if the user has not |
successfully logged in. |
successfully logged in. |
|
|
Gives the verbosity level that is used when logging messages from |
Gives the verbosity level that is used when logging messages from |
.Nm sshd . |
.Nm sshd . |
The possible values are: |
The possible values are: |
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. |
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. |
The default is INFO. |
The default is INFO. |
DEBUG and DEBUG1 are equivalent. |
DEBUG and DEBUG1 are equivalent. |
DEBUG2 and DEBUG3 each specify higher levels of debugging output. |
DEBUG2 and DEBUG3 each specify higher levels of debugging output. |
|
|
The MAC algorithm is used in protocol version 2 |
The MAC algorithm is used in protocol version 2 |
for data integrity protection. |
for data integrity protection. |
Multiple algorithms must be comma-separated. |
Multiple algorithms must be comma-separated. |
The default is |
The default is: |
.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . |
.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . |
.It Cm MaxAuthTries |
.It Cm MaxAuthTries |
Specifies the maximum number of authentication attempts permitted per |
Specifies the maximum number of authentication attempts permitted per |
|
|
The default is 6. |
The default is 6. |
.It Cm MaxStartups |
.It Cm MaxStartups |
Specifies the maximum number of concurrent unauthenticated connections to the |
Specifies the maximum number of concurrent unauthenticated connections to the |
.Nm sshd |
SSH daemon. |
daemon. |
|
Additional connections will be dropped until authentication succeeds or the |
Additional connections will be dropped until authentication succeeds or the |
.Cm LoginGraceTime |
.Cm LoginGraceTime |
expires for a connection. |
expires for a connection. |
|
|
The argument must be |
The argument must be |
.Dq yes , |
.Dq yes , |
.Dq without-password , |
.Dq without-password , |
.Dq forced-commands-only |
.Dq forced-commands-only , |
or |
or |
.Dq no . |
.Dq no . |
The default is |
The default is |
.Dq yes . |
.Dq yes . |
.Pp |
.Pp |
If this option is set to |
If this option is set to |
.Dq without-password |
.Dq without-password , |
password authentication is disabled for root. |
password authentication is disabled for root. |
.Pp |
.Pp |
If this option is set to |
If this option is set to |
.Dq forced-commands-only |
.Dq forced-commands-only , |
root login with public key authentication will be allowed, |
root login with public key authentication will be allowed, |
but only if the |
but only if the |
.Ar command |
.Ar command |
|
|
All other authentication methods are disabled for root. |
All other authentication methods are disabled for root. |
.Pp |
.Pp |
If this option is set to |
If this option is set to |
.Dq no |
.Dq no , |
root is not allowed to log in. |
root is not allowed to log in. |
.It Cm PermitTunnel |
.It Cm PermitTunnel |
Specifies whether |
Specifies whether |
|
|
The argument must be |
The argument must be |
.Dq yes , |
.Dq yes , |
.Dq point-to-point , |
.Dq point-to-point , |
.Dq ethernet |
.Dq ethernet , |
or |
or |
.Dq no . |
.Dq no . |
The default is |
The default is |
|
|
options in |
options in |
.Pa ~/.ssh/authorized_keys |
.Pa ~/.ssh/authorized_keys |
are processed by |
are processed by |
.Nm sshd . |
.Xr sshd 8 . |
The default is |
The default is |
.Dq no . |
.Dq no . |
Enabling environment processing may enable users to bypass access |
Enabling environment processing may enable users to bypass access |
|
|
.Pa /var/run/sshd.pid . |
.Pa /var/run/sshd.pid . |
.It Cm Port |
.It Cm Port |
Specifies the port number that |
Specifies the port number that |
.Nm sshd |
.Xr sshd 8 |
listens on. |
listens on. |
The default is 22. |
The default is 22. |
Multiple options of this type are permitted. |
Multiple options of this type are permitted. |
|
|
.Cm ListenAddress . |
.Cm ListenAddress . |
.It Cm PrintLastLog |
.It Cm PrintLastLog |
Specifies whether |
Specifies whether |
.Nm sshd |
.Xr sshd 8 |
should print the date and time of the last user login when a user logs |
should print the date and time of the last user login when a user logs |
in interactively. |
in interactively. |
The default is |
The default is |
.Dq yes . |
.Dq yes . |
.It Cm PrintMotd |
.It Cm PrintMotd |
Specifies whether |
Specifies whether |
.Nm sshd |
.Xr sshd 8 |
should print |
should print |
.Pa /etc/motd |
.Pa /etc/motd |
when a user logs in interactively. |
when a user logs in interactively. |
|
|
.Dq yes . |
.Dq yes . |
.It Cm Protocol |
.It Cm Protocol |
Specifies the protocol versions |
Specifies the protocol versions |
.Nm sshd |
.Xr sshd 8 |
supports. |
supports. |
The possible values are |
The possible values are |
.Dq 1 |
.Sq 1 |
and |
and |
.Dq 2 . |
.Sq 2 . |
Multiple versions must be comma-separated. |
Multiple versions must be comma-separated. |
The default is |
The default is |
.Dq 2,1 . |
.Dq 2,1 . |
|
|
The minimum value is 512, and the default is 768. |
The minimum value is 512, and the default is 768. |
.It Cm StrictModes |
.It Cm StrictModes |
Specifies whether |
Specifies whether |
.Nm sshd |
.Xr sshd 8 |
should check file modes and ownership of the |
should check file modes and ownership of the |
user's files and home directory before accepting login. |
user's files and home directory before accepting login. |
This is normally desirable because novices sometimes accidentally leave their |
This is normally desirable because novices sometimes accidentally leave their |
|
|
.Dq no . |
.Dq no . |
.It Cm UseDNS |
.It Cm UseDNS |
Specifies whether |
Specifies whether |
.Nm sshd |
.Xr sshd 8 |
should look up the remote host name and check that |
should look up the remote host name and check that |
the resolved host name for the remote IP address maps back to the |
the resolved host name for the remote IP address maps back to the |
very same IP address. |
very same IP address. |
|
|
is specified, it will be disabled after authentication. |
is specified, it will be disabled after authentication. |
.It Cm UsePrivilegeSeparation |
.It Cm UsePrivilegeSeparation |
Specifies whether |
Specifies whether |
.Nm sshd |
.Xr sshd 8 |
separates privileges by creating an unprivileged child process |
separates privileges by creating an unprivileged child process |
to deal with incoming network traffic. |
to deal with incoming network traffic. |
After successful authentication, another process will be created that has |
After successful authentication, another process will be created that has |
|
|
.Dq yes . |
.Dq yes . |
.It Cm X11DisplayOffset |
.It Cm X11DisplayOffset |
Specifies the first display number available for |
Specifies the first display number available for |
.Nm sshd Ns 's |
.Xr sshd 8 Ns 's |
X11 forwarding. |
X11 forwarding. |
This prevents |
This prevents sshd from interfering with real X11 servers. |
.Nm sshd |
|
from interfering with real X11 servers. |
|
The default is 10. |
The default is 10. |
.It Cm X11Forwarding |
.It Cm X11Forwarding |
Specifies whether X11 forwarding is permitted. |
Specifies whether X11 forwarding is permitted. |
|
|
.Pp |
.Pp |
When X11 forwarding is enabled, there may be additional exposure to |
When X11 forwarding is enabled, there may be additional exposure to |
the server and to client displays if the |
the server and to client displays if the |
.Nm sshd |
.Xr sshd 8 |
proxy display is configured to listen on the wildcard address (see |
proxy display is configured to listen on the wildcard address (see |
.Cm X11UseLocalhost |
.Cm X11UseLocalhost |
below), however this is not the default. |
below), though this is not the default. |
Additionally, the authentication spoofing and authentication data |
Additionally, the authentication spoofing and authentication data |
verification and substitution occur on the client side. |
verification and substitution occur on the client side. |
The security risk of using X11 forwarding is that the client's X11 |
The security risk of using X11 forwarding is that the client's X11 |
display server may be exposed to attack when the ssh client requests |
display server may be exposed to attack when the SSH client requests |
forwarding (see the warnings for |
forwarding (see the warnings for |
.Cm ForwardX11 |
.Cm ForwardX11 |
in |
in |
|
|
is enabled. |
is enabled. |
.It Cm X11UseLocalhost |
.It Cm X11UseLocalhost |
Specifies whether |
Specifies whether |
.Nm sshd |
.Xr sshd 8 |
should bind the X11 forwarding server to the loopback address or to |
should bind the X11 forwarding server to the loopback address or to |
the wildcard address. |
the wildcard address. |
By default, |
By default, |
.Nm sshd |
sshd binds the forwarding server to the loopback address and sets the |
binds the forwarding server to the loopback address and sets the |
|
hostname part of the |
hostname part of the |
.Ev DISPLAY |
.Ev DISPLAY |
environment variable to |
environment variable to |