mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-23 02:12:12 +00:00
- stevesk@cvs.openbsd.org 2002/06/20 19:56:07
[ssh.1 sshd.8] move configuration file options from ssh.1/sshd.8 to ssh_config.5/sshd_config.5; ok deraadt@ millert@
This commit is contained in:
parent
402c6cc681
commit
9f04903c50
@ -35,6 +35,10 @@
|
||||
make the monitor sync the transfer ssh1 session key;
|
||||
transfer keycontext only for RC4 (this is still depends on EVP
|
||||
implementation details and is broken).
|
||||
- stevesk@cvs.openbsd.org 2002/06/20 19:56:07
|
||||
[ssh.1 sshd.8]
|
||||
move configuration file options from ssh.1/sshd.8 to
|
||||
ssh_config.5/sshd_config.5; ok deraadt@ millert@
|
||||
- (bal) Cygwin special handling of empty passwords wrong. Patch by
|
||||
vinschen@redhat.com
|
||||
|
||||
@ -965,4 +969,4 @@
|
||||
- (stevesk) entropy.c: typo in debug message
|
||||
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
|
||||
|
||||
$Id: ChangeLog,v 1.2226 2002/06/21 00:43:42 mouring Exp $
|
||||
$Id: ChangeLog,v 1.2227 2002/06/21 00:59:05 mouring Exp $
|
||||
|
569
ssh.1
569
ssh.1
@ -34,7 +34,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh.1,v 1.157 2002/06/19 00:27:55 deraadt Exp $
|
||||
.\" $OpenBSD: ssh.1,v 1.158 2002/06/20 19:56:07 stevesk Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSH 1
|
||||
.Os
|
||||
@ -384,7 +384,7 @@ this mechanism is to prevent man-in-the-middle attacks which could
|
||||
otherwise be used to circumvent the encryption.
|
||||
The
|
||||
.Cm StrictHostKeyChecking
|
||||
option (see below) can be used to prevent logins to machines whose
|
||||
option can be used to prevent logins to machines whose
|
||||
host key is not known or has changed.
|
||||
.Pp
|
||||
The options are as follows:
|
||||
@ -568,13 +568,13 @@ and the
|
||||
.Dq level
|
||||
can be controlled by the
|
||||
.Cm CompressionLevel
|
||||
option (see below).
|
||||
option.
|
||||
Compression is desirable on modem lines and other
|
||||
slow connections, but will only slow down things on fast networks.
|
||||
The default value can be set on a host-by-host basis in the
|
||||
configuration files; see the
|
||||
.Cm Compression
|
||||
option below.
|
||||
option.
|
||||
.It Fl F Ar configfile
|
||||
Specifies an alternative per-user configuration file.
|
||||
If a configuration file is given on the command line,
|
||||
@ -649,547 +649,10 @@ to use IPv6 addresses only.
|
||||
.El
|
||||
.Sh CONFIGURATION FILES
|
||||
.Nm
|
||||
obtains configuration data from the following sources in
|
||||
the following order:
|
||||
command line options, user's configuration file
|
||||
.Pq Pa $HOME/.ssh/config ,
|
||||
and system-wide configuration file
|
||||
.Pq Pa /etc/ssh/ssh_config .
|
||||
For each parameter, the first obtained value
|
||||
will be used.
|
||||
The configuration files contain sections bracketed by
|
||||
.Dq Host
|
||||
specifications, and that section is only applied for hosts that
|
||||
match one of the patterns given in the specification.
|
||||
The matched host name is the one given on the command line.
|
||||
.Pp
|
||||
Since the first obtained value for each parameter is used, more
|
||||
host-specific declarations should be given near the beginning of the
|
||||
file, and general defaults at the end.
|
||||
.Pp
|
||||
The configuration file has the following format:
|
||||
.Pp
|
||||
Empty lines and lines starting with
|
||||
.Ql #
|
||||
are comments.
|
||||
.Pp
|
||||
Otherwise a line is of the format
|
||||
.Dq keyword arguments .
|
||||
Configuration options may be separated by whitespace or
|
||||
optional whitespace and exactly one
|
||||
.Ql = ;
|
||||
the latter format is useful to avoid the need to quote whitespace
|
||||
when specifying configuration options using the
|
||||
.Nm ssh ,
|
||||
.Nm scp
|
||||
and
|
||||
.Nm sftp
|
||||
.Fl o
|
||||
option.
|
||||
.Pp
|
||||
The possible
|
||||
keywords and their meanings are as follows (note that
|
||||
keywords are case-insensitive and arguments are case-sensitive):
|
||||
.Bl -tag -width Ds
|
||||
.It Cm Host
|
||||
Restricts the following declarations (up to the next
|
||||
.Cm Host
|
||||
keyword) to be only for those hosts that match one of the patterns
|
||||
given after the keyword.
|
||||
.Ql \&*
|
||||
and
|
||||
.Ql ?
|
||||
can be used as wildcards in the
|
||||
patterns.
|
||||
A single
|
||||
.Ql \&*
|
||||
as a pattern can be used to provide global
|
||||
defaults for all hosts.
|
||||
The host is the
|
||||
.Ar hostname
|
||||
argument given on the command line (i.e., the name is not converted to
|
||||
a canonicalized host name before matching).
|
||||
.It Cm AFSTokenPassing
|
||||
Specifies whether to pass AFS tokens to remote host.
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
This option applies to protocol version 1 only.
|
||||
.It Cm BatchMode
|
||||
If set to
|
||||
.Dq yes ,
|
||||
passphrase/password querying will be disabled.
|
||||
This option is useful in scripts and other batch jobs where no user
|
||||
is present to supply the password.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm BindAddress
|
||||
Specify the interface to transmit from on machines with multiple
|
||||
interfaces or aliased addresses.
|
||||
Note that this option does not work if
|
||||
.Cm UsePrivilegedPort
|
||||
is set to
|
||||
.Dq yes .
|
||||
.It Cm ChallengeResponseAuthentication
|
||||
Specifies whether to use challenge response authentication.
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm CheckHostIP
|
||||
If this flag is set to
|
||||
.Dq yes ,
|
||||
ssh will additionally check the host IP address in the
|
||||
.Pa known_hosts
|
||||
file.
|
||||
This allows ssh to detect if a host key changed due to DNS spoofing.
|
||||
If the option is set to
|
||||
.Dq no ,
|
||||
the check will not be executed.
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm Cipher
|
||||
Specifies the cipher to use for encrypting the session
|
||||
in protocol version 1.
|
||||
Currently,
|
||||
.Dq blowfish ,
|
||||
.Dq 3des ,
|
||||
and
|
||||
.Dq des
|
||||
are supported.
|
||||
.Ar des
|
||||
is only supported in the
|
||||
.Nm
|
||||
client for interoperability with legacy protocol 1 implementations
|
||||
that do not support the
|
||||
.Ar 3des
|
||||
cipher. Its use is strongly discouraged due to cryptographic
|
||||
weaknesses.
|
||||
The default is
|
||||
.Dq 3des .
|
||||
.It Cm Ciphers
|
||||
Specifies the ciphers allowed for protocol version 2
|
||||
in order of preference.
|
||||
Multiple ciphers must be comma-separated.
|
||||
The default is
|
||||
.Pp
|
||||
.Bd -literal
|
||||
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
|
||||
aes192-cbc,aes256-cbc''
|
||||
.Ed
|
||||
.It Cm ClearAllForwardings
|
||||
Specifies that all local, remote and dynamic port forwardings
|
||||
specified in the configuration files or on the command line be
|
||||
cleared. This option is primarily useful when used from the
|
||||
.Nm
|
||||
command line to clear port forwardings set in
|
||||
configuration files, and is automatically set by
|
||||
.Xr scp 1
|
||||
and
|
||||
.Xr sftp 1 .
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm Compression
|
||||
Specifies whether to use compression.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm CompressionLevel
|
||||
Specifies the compression level to use if compression is enabled.
|
||||
The argument must be an integer from 1 (fast) to 9 (slow, best).
|
||||
The default level is 6, which is good for most applications.
|
||||
The meaning of the values is the same as in
|
||||
.Xr gzip 1 .
|
||||
Note that this option applies to protocol version 1 only.
|
||||
.It Cm ConnectionAttempts
|
||||
Specifies the number of tries (one per second) to make before exiting.
|
||||
The argument must be an integer.
|
||||
This may be useful in scripts if the connection sometimes fails.
|
||||
The default is 1.
|
||||
.It Cm DynamicForward
|
||||
Specifies that a TCP/IP port on the local machine be forwarded
|
||||
over the secure channel, and the application
|
||||
protocol is then used to determine where to connect to from the
|
||||
remote machine. The argument must be a port number.
|
||||
Currently the SOCKS4 protocol is supported, and
|
||||
.Nm
|
||||
will act as a SOCKS4 server.
|
||||
Multiple forwardings may be specified, and
|
||||
additional forwardings can be given on the command line. Only
|
||||
the superuser can forward privileged ports.
|
||||
.It Cm EscapeChar
|
||||
Sets the escape character (default:
|
||||
.Ql ~ ) .
|
||||
The escape character can also
|
||||
be set on the command line.
|
||||
The argument should be a single character,
|
||||
.Ql ^
|
||||
followed by a letter, or
|
||||
.Dq none
|
||||
to disable the escape
|
||||
character entirely (making the connection transparent for binary
|
||||
data).
|
||||
.It Cm ForwardAgent
|
||||
Specifies whether the connection to the authentication agent (if any)
|
||||
will be forwarded to the remote machine.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm ForwardX11
|
||||
Specifies whether X11 connections will be automatically redirected
|
||||
over the secure channel and
|
||||
.Ev DISPLAY
|
||||
set.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm GatewayPorts
|
||||
Specifies whether remote hosts are allowed to connect to local
|
||||
forwarded ports.
|
||||
By default,
|
||||
.Nm
|
||||
binds local port forwardings to the loopback address. This
|
||||
prevents other remote hosts from connecting to forwarded ports.
|
||||
.Cm GatewayPorts
|
||||
can be used to specify that
|
||||
.Nm
|
||||
should bind local port forwardings to the wildcard address,
|
||||
thus allowing remote hosts to connect to forwarded ports.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm GlobalKnownHostsFile
|
||||
Specifies a file to use for the global
|
||||
host key database instead of
|
||||
.Pa /etc/ssh/ssh_known_hosts .
|
||||
.It Cm HostbasedAuthentication
|
||||
Specifies whether to try rhosts based authentication with public key
|
||||
authentication.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
This option applies to protocol version 2 only and
|
||||
is similar to
|
||||
.Cm RhostsRSAAuthentication .
|
||||
.It Cm HostKeyAlgorithms
|
||||
Specifies the protocol version 2 host key algorithms
|
||||
that the client wants to use in order of preference.
|
||||
The default for this option is:
|
||||
.Dq ssh-rsa,ssh-dss .
|
||||
.It Cm HostKeyAlias
|
||||
Specifies an alias that should be used instead of the
|
||||
real host name when looking up or saving the host key
|
||||
in the host key database files.
|
||||
This option is useful for tunneling ssh connections
|
||||
or for multiple servers running on a single host.
|
||||
.It Cm HostName
|
||||
Specifies the real host name to log into.
|
||||
This can be used to specify nicknames or abbreviations for hosts.
|
||||
Default is the name given on the command line.
|
||||
Numeric IP addresses are also permitted (both on the command line and in
|
||||
.Cm HostName
|
||||
specifications).
|
||||
.It Cm IdentityFile
|
||||
Specifies a file from which the user's RSA or DSA authentication identity
|
||||
is read. The default is
|
||||
.Pa $HOME/.ssh/identity
|
||||
for protocol version 1, and
|
||||
.Pa $HOME/.ssh/id_rsa
|
||||
and
|
||||
.Pa $HOME/.ssh/id_dsa
|
||||
for protocol version 2.
|
||||
Additionally, any identities represented by the authentication agent
|
||||
will be used for authentication.
|
||||
The file name may use the tilde
|
||||
syntax to refer to a user's home directory.
|
||||
It is possible to have
|
||||
multiple identity files specified in configuration files; all these
|
||||
identities will be tried in sequence.
|
||||
.It Cm KeepAlive
|
||||
Specifies whether the system should send TCP keepalive messages to the
|
||||
other side.
|
||||
If they are sent, death of the connection or crash of one
|
||||
of the machines will be properly noticed.
|
||||
However, this means that
|
||||
connections will die if the route is down temporarily, and some people
|
||||
find it annoying.
|
||||
.Pp
|
||||
The default is
|
||||
.Dq yes
|
||||
(to send keepalives), and the client will notice
|
||||
if the network goes down or the remote host dies.
|
||||
This is important in scripts, and many users want it too.
|
||||
.Pp
|
||||
To disable keepalives, the value should be set to
|
||||
.Dq no .
|
||||
.It Cm KerberosAuthentication
|
||||
Specifies whether Kerberos authentication will be used.
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
.It Cm KerberosTgtPassing
|
||||
Specifies whether a Kerberos TGT will be forwarded to the server.
|
||||
This will only work if the Kerberos server is actually an AFS kaserver.
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
.It Cm LocalForward
|
||||
Specifies that a TCP/IP port on the local machine be forwarded over
|
||||
the secure channel to the specified host and port from the remote machine.
|
||||
The first argument must be a port number, and the second must be
|
||||
.Ar host:port .
|
||||
IPv6 addresses can be specified with an alternative syntax:
|
||||
.Ar host/port .
|
||||
Multiple forwardings may be specified, and additional
|
||||
forwardings can be given on the command line.
|
||||
Only the superuser can forward privileged ports.
|
||||
.It Cm LogLevel
|
||||
Gives the verbosity level that is used when logging messages from
|
||||
.Nm ssh .
|
||||
The possible values are:
|
||||
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
|
||||
The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
|
||||
and DEBUG3 each specify higher levels of verbose output.
|
||||
.It Cm MACs
|
||||
Specifies the MAC (message authentication code) algorithms
|
||||
in order of preference.
|
||||
The MAC algorithm is used in protocol version 2
|
||||
for data integrity protection.
|
||||
Multiple algorithms must be comma-separated.
|
||||
The default is
|
||||
.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
|
||||
.It Cm NoHostAuthenticationForLocalhost
|
||||
This option can be used if the home directory is shared across machines.
|
||||
In this case localhost will refer to a different machine on each of
|
||||
the machines and the user will get many warnings about changed host keys.
|
||||
However, this option disables host authentication for localhost.
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is to check the host key for localhost.
|
||||
.It Cm NumberOfPasswordPrompts
|
||||
Specifies the number of password prompts before giving up.
|
||||
The argument to this keyword must be an integer.
|
||||
Default is 3.
|
||||
.It Cm PasswordAuthentication
|
||||
Specifies whether to use password authentication.
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm Port
|
||||
Specifies the port number to connect on the remote host.
|
||||
Default is 22.
|
||||
.It Cm PreferredAuthentications
|
||||
Specifies the order in which the client should try protocol 2
|
||||
authentication methods. This allows a client to prefer one method (e.g.
|
||||
.Cm keyboard-interactive )
|
||||
over another method (e.g.
|
||||
.Cm password )
|
||||
The default for this option is:
|
||||
.Dq hostbased,publickey,keyboard-interactive,password .
|
||||
.It Cm Protocol
|
||||
Specifies the protocol versions
|
||||
.Nm
|
||||
should support in order of preference.
|
||||
The possible values are
|
||||
.Dq 1
|
||||
and
|
||||
.Dq 2 .
|
||||
Multiple versions must be comma-separated.
|
||||
The default is
|
||||
.Dq 2,1 .
|
||||
This means that
|
||||
.Nm
|
||||
tries version 2 and falls back to version 1
|
||||
if version 2 is not available.
|
||||
.It Cm ProxyCommand
|
||||
Specifies the command to use to connect to the server.
|
||||
The command
|
||||
string extends to the end of the line, and is executed with
|
||||
.Pa /bin/sh .
|
||||
In the command string,
|
||||
.Ql %h
|
||||
will be substituted by the host name to
|
||||
connect and
|
||||
.Ql %p
|
||||
by the port.
|
||||
The command can be basically anything,
|
||||
and should read from its standard input and write to its standard output.
|
||||
It should eventually connect an
|
||||
.Xr sshd 8
|
||||
server running on some machine, or execute
|
||||
.Ic sshd -i
|
||||
somewhere.
|
||||
Host key management will be done using the
|
||||
HostName of the host being connected (defaulting to the name typed by
|
||||
the user).
|
||||
Note that
|
||||
.Cm CheckHostIP
|
||||
is not available for connects with a proxy command.
|
||||
.Pp
|
||||
.It Cm PubkeyAuthentication
|
||||
Specifies whether to try public key authentication.
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq yes .
|
||||
This option applies to protocol version 2 only.
|
||||
.It Cm RemoteForward
|
||||
Specifies that a TCP/IP port on the remote machine be forwarded over
|
||||
the secure channel to the specified host and port from the local machine.
|
||||
The first argument must be a port number, and the second must be
|
||||
.Ar host:port .
|
||||
IPv6 addresses can be specified with an alternative syntax:
|
||||
.Ar host/port .
|
||||
Multiple forwardings may be specified, and additional
|
||||
forwardings can be given on the command line.
|
||||
Only the superuser can forward privileged ports.
|
||||
.It Cm RhostsAuthentication
|
||||
Specifies whether to try rhosts based authentication.
|
||||
Note that this
|
||||
declaration only affects the client side and has no effect whatsoever
|
||||
on security.
|
||||
Most servers do not permit RhostsAuthentication because it
|
||||
is not secure (see
|
||||
.Cm RhostsRSAAuthentication ) .
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
This option applies to protocol version 1 only.
|
||||
.It Cm RhostsRSAAuthentication
|
||||
Specifies whether to try rhosts based authentication with RSA host
|
||||
authentication.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
This option applies to protocol version 1 only and requires
|
||||
.Nm
|
||||
to be setuid root.
|
||||
.It Cm RSAAuthentication
|
||||
Specifies whether to try RSA authentication.
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
RSA authentication will only be
|
||||
attempted if the identity file exists, or an authentication agent is
|
||||
running.
|
||||
The default is
|
||||
.Dq yes .
|
||||
Note that this option applies to protocol version 1 only.
|
||||
.It Cm SmartcardDevice
|
||||
Specifies which smartcard device to use. The argument to this keyword is
|
||||
the device
|
||||
.Nm
|
||||
should use to communicate with a smartcard used for storing the user's
|
||||
private RSA key. By default, no device is specified and smartcard support
|
||||
is not activated.
|
||||
.It Cm StrictHostKeyChecking
|
||||
If this flag is set to
|
||||
.Dq yes ,
|
||||
.Nm
|
||||
will never automatically add host keys to the
|
||||
.Pa $HOME/.ssh/known_hosts
|
||||
file, and refuses to connect to hosts whose host key has changed.
|
||||
This provides maximum protection against trojan horse attacks,
|
||||
however, can be annoying when the
|
||||
.Pa /etc/ssh/ssh_known_hosts
|
||||
file is poorly maintained, or connections to new hosts are
|
||||
frequently made.
|
||||
This option forces the user to manually
|
||||
add all new hosts.
|
||||
If this flag is set to
|
||||
.Dq no ,
|
||||
.Nm
|
||||
will automatically add new host keys to the
|
||||
user known hosts files.
|
||||
If this flag is set to
|
||||
.Dq ask ,
|
||||
new host keys
|
||||
will be added to the user known host files only after the user
|
||||
has confirmed that is what they really want to do, and
|
||||
.Nm
|
||||
will refuse to connect to hosts whose host key has changed.
|
||||
The host keys of
|
||||
known hosts will be verified automatically in all cases.
|
||||
The argument must be
|
||||
.Dq yes ,
|
||||
.Dq no
|
||||
or
|
||||
.Dq ask .
|
||||
The default is
|
||||
.Dq ask .
|
||||
.It Cm UsePrivilegedPort
|
||||
Specifies whether to use a privileged port for outgoing connections.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
Note that this option must be set to
|
||||
.Dq yes
|
||||
if
|
||||
.Cm RhostsAuthentication
|
||||
and
|
||||
.Cm RhostsRSAAuthentication
|
||||
authentications are needed with older servers.
|
||||
.It Cm User
|
||||
Specifies the user to log in as.
|
||||
This can be useful when a different user name is used on different machines.
|
||||
This saves the trouble of
|
||||
having to remember to give the user name on the command line.
|
||||
.It Cm UserKnownHostsFile
|
||||
Specifies a file to use for the user
|
||||
host key database instead of
|
||||
.Pa $HOME/.ssh/known_hosts .
|
||||
.It Cm XAuthLocation
|
||||
Specifies the location of the
|
||||
.Xr xauth 1
|
||||
program.
|
||||
The default is
|
||||
.Pa /usr/X11R6/bin/xauth .
|
||||
.El
|
||||
may additionally obtain configuration data from
|
||||
a per-user configuration file and a system-wide configuration file.
|
||||
The file format and configuration options are described in
|
||||
.Xr ssh_config 5 .
|
||||
.Sh ENVIRONMENT
|
||||
.Nm
|
||||
will normally set the following environment variables:
|
||||
@ -1324,13 +787,8 @@ never used automatically and are not necessary; they are only provided for
|
||||
the convenience of the user.
|
||||
.It Pa $HOME/.ssh/config
|
||||
This is the per-user configuration file.
|
||||
The format of this file is described above.
|
||||
This file is used by the
|
||||
.Nm
|
||||
client.
|
||||
This file does not usually contain any sensitive information,
|
||||
but the recommended permissions are read/write for the user, and not
|
||||
accessible by others.
|
||||
The file format and configuration options are described in
|
||||
.Xr ssh_config 5 .
|
||||
.It Pa $HOME/.ssh/authorized_keys
|
||||
Lists the public keys (RSA/DSA) that can be used for logging in as this user.
|
||||
The format of this file is described in the
|
||||
@ -1365,10 +823,8 @@ checking the key, because someone with access to the name servers
|
||||
would then be able to fool host authentication.
|
||||
.It Pa /etc/ssh/ssh_config
|
||||
Systemwide configuration file.
|
||||
This file provides defaults for those
|
||||
values that are not specified in the user's configuration file, and
|
||||
for those users who do not have a configuration file.
|
||||
This file must be world-readable.
|
||||
The file format and configuration options are described in
|
||||
.Xr ssh_config 5 .
|
||||
.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
|
||||
These three files contain the private parts of the host keys
|
||||
and are used for
|
||||
@ -1496,6 +952,7 @@ protocol versions 1.5 and 2.0.
|
||||
.Xr ssh-agent 1 ,
|
||||
.Xr ssh-keygen 1 ,
|
||||
.Xr telnet 1 ,
|
||||
.Xr ssh_config 4 ,
|
||||
.Xr ssh-keysign 8,
|
||||
.Xr sshd 8
|
||||
.Rs
|
||||
|
621
ssh_config.5
Normal file
621
ssh_config.5
Normal file
@ -0,0 +1,621 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
.\" All rights reserved
|
||||
.\"
|
||||
.\" As far as I am concerned, the code I have written for this software
|
||||
.\" can be used freely for any purpose. Any derived versions of this
|
||||
.\" software must be clearly marked as such, and if the derived work is
|
||||
.\" incompatible with the protocol description in the RFC file, it must be
|
||||
.\" called by a name other than "ssh" or "Secure Shell".
|
||||
.\"
|
||||
.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
|
||||
.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
|
||||
.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: ssh_config.5,v 1.1 2002/06/20 19:56:07 stevesk Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSH_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
.Nm ssh_config
|
||||
.Nd OpenSSH SSH client configuration files
|
||||
.Sh SYNOPSIS
|
||||
.Bl -tag -width Ds -compact
|
||||
.It Pa $HOME/.ssh/config
|
||||
.It Pa /etc/ssh/ssh_config
|
||||
.El
|
||||
.Sh DESCRIPTION
|
||||
.Nm ssh
|
||||
obtains configuration data from the following sources in
|
||||
the following order:
|
||||
command line options, user's configuration file
|
||||
.Pq Pa $HOME/.ssh/config ,
|
||||
and system-wide configuration file
|
||||
.Pq Pa /etc/ssh/ssh_config .
|
||||
.Pp
|
||||
For each parameter, the first obtained value
|
||||
will be used.
|
||||
The configuration files contain sections bracketed by
|
||||
.Dq Host
|
||||
specifications, and that section is only applied for hosts that
|
||||
match one of the patterns given in the specification.
|
||||
The matched host name is the one given on the command line.
|
||||
.Pp
|
||||
Since the first obtained value for each parameter is used, more
|
||||
host-specific declarations should be given near the beginning of the
|
||||
file, and general defaults at the end.
|
||||
.Pp
|
||||
The configuration file has the following format:
|
||||
.Pp
|
||||
Empty lines and lines starting with
|
||||
.Ql #
|
||||
are comments.
|
||||
.Pp
|
||||
Otherwise a line is of the format
|
||||
.Dq keyword arguments .
|
||||
Configuration options may be separated by whitespace or
|
||||
optional whitespace and exactly one
|
||||
.Ql = ;
|
||||
the latter format is useful to avoid the need to quote whitespace
|
||||
when specifying configuration options using the
|
||||
.Nm ssh ,
|
||||
.Nm scp
|
||||
and
|
||||
.Nm sftp
|
||||
.Fl o
|
||||
option.
|
||||
.Pp
|
||||
The possible
|
||||
keywords and their meanings are as follows (note that
|
||||
keywords are case-insensitive and arguments are case-sensitive):
|
||||
.Bl -tag -width Ds
|
||||
.It Cm Host
|
||||
Restricts the following declarations (up to the next
|
||||
.Cm Host
|
||||
keyword) to be only for those hosts that match one of the patterns
|
||||
given after the keyword.
|
||||
.Ql \&*
|
||||
and
|
||||
.Ql ?
|
||||
can be used as wildcards in the
|
||||
patterns.
|
||||
A single
|
||||
.Ql \&*
|
||||
as a pattern can be used to provide global
|
||||
defaults for all hosts.
|
||||
The host is the
|
||||
.Ar hostname
|
||||
argument given on the command line (i.e., the name is not converted to
|
||||
a canonicalized host name before matching).
|
||||
.It Cm AFSTokenPassing
|
||||
Specifies whether to pass AFS tokens to remote host.
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
This option applies to protocol version 1 only.
|
||||
.It Cm BatchMode
|
||||
If set to
|
||||
.Dq yes ,
|
||||
passphrase/password querying will be disabled.
|
||||
This option is useful in scripts and other batch jobs where no user
|
||||
is present to supply the password.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm BindAddress
|
||||
Specify the interface to transmit from on machines with multiple
|
||||
interfaces or aliased addresses.
|
||||
Note that this option does not work if
|
||||
.Cm UsePrivilegedPort
|
||||
is set to
|
||||
.Dq yes .
|
||||
.It Cm ChallengeResponseAuthentication
|
||||
Specifies whether to use challenge response authentication.
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm CheckHostIP
|
||||
If this flag is set to
|
||||
.Dq yes ,
|
||||
ssh will additionally check the host IP address in the
|
||||
.Pa known_hosts
|
||||
file.
|
||||
This allows ssh to detect if a host key changed due to DNS spoofing.
|
||||
If the option is set to
|
||||
.Dq no ,
|
||||
the check will not be executed.
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm Cipher
|
||||
Specifies the cipher to use for encrypting the session
|
||||
in protocol version 1.
|
||||
Currently,
|
||||
.Dq blowfish ,
|
||||
.Dq 3des ,
|
||||
and
|
||||
.Dq des
|
||||
are supported.
|
||||
.Ar des
|
||||
is only supported in the
|
||||
.Nm ssh
|
||||
client for interoperability with legacy protocol 1 implementations
|
||||
that do not support the
|
||||
.Ar 3des
|
||||
cipher. Its use is strongly discouraged due to cryptographic
|
||||
weaknesses.
|
||||
The default is
|
||||
.Dq 3des .
|
||||
.It Cm Ciphers
|
||||
Specifies the ciphers allowed for protocol version 2
|
||||
in order of preference.
|
||||
Multiple ciphers must be comma-separated.
|
||||
The default is
|
||||
.Pp
|
||||
.Bd -literal
|
||||
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
|
||||
aes192-cbc,aes256-cbc''
|
||||
.Ed
|
||||
.It Cm ClearAllForwardings
|
||||
Specifies that all local, remote and dynamic port forwardings
|
||||
specified in the configuration files or on the command line be
|
||||
cleared. This option is primarily useful when used from the
|
||||
.Nm ssh
|
||||
command line to clear port forwardings set in
|
||||
configuration files, and is automatically set by
|
||||
.Xr scp 1
|
||||
and
|
||||
.Xr sftp 1 .
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm Compression
|
||||
Specifies whether to use compression.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm CompressionLevel
|
||||
Specifies the compression level to use if compression is enabled.
|
||||
The argument must be an integer from 1 (fast) to 9 (slow, best).
|
||||
The default level is 6, which is good for most applications.
|
||||
The meaning of the values is the same as in
|
||||
.Xr gzip 1 .
|
||||
Note that this option applies to protocol version 1 only.
|
||||
.It Cm ConnectionAttempts
|
||||
Specifies the number of tries (one per second) to make before exiting.
|
||||
The argument must be an integer.
|
||||
This may be useful in scripts if the connection sometimes fails.
|
||||
The default is 1.
|
||||
.It Cm DynamicForward
|
||||
Specifies that a TCP/IP port on the local machine be forwarded
|
||||
over the secure channel, and the application
|
||||
protocol is then used to determine where to connect to from the
|
||||
remote machine. The argument must be a port number.
|
||||
Currently the SOCKS4 protocol is supported, and
|
||||
.Nm ssh
|
||||
will act as a SOCKS4 server.
|
||||
Multiple forwardings may be specified, and
|
||||
additional forwardings can be given on the command line. Only
|
||||
the superuser can forward privileged ports.
|
||||
.It Cm EscapeChar
|
||||
Sets the escape character (default:
|
||||
.Ql ~ ) .
|
||||
The escape character can also
|
||||
be set on the command line.
|
||||
The argument should be a single character,
|
||||
.Ql ^
|
||||
followed by a letter, or
|
||||
.Dq none
|
||||
to disable the escape
|
||||
character entirely (making the connection transparent for binary
|
||||
data).
|
||||
.It Cm ForwardAgent
|
||||
Specifies whether the connection to the authentication agent (if any)
|
||||
will be forwarded to the remote machine.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm ForwardX11
|
||||
Specifies whether X11 connections will be automatically redirected
|
||||
over the secure channel and
|
||||
.Ev DISPLAY
|
||||
set.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm GatewayPorts
|
||||
Specifies whether remote hosts are allowed to connect to local
|
||||
forwarded ports.
|
||||
By default,
|
||||
.Nm ssh
|
||||
binds local port forwardings to the loopback address. This
|
||||
prevents other remote hosts from connecting to forwarded ports.
|
||||
.Cm GatewayPorts
|
||||
can be used to specify that
|
||||
.Nm ssh
|
||||
should bind local port forwardings to the wildcard address,
|
||||
thus allowing remote hosts to connect to forwarded ports.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm GlobalKnownHostsFile
|
||||
Specifies a file to use for the global
|
||||
host key database instead of
|
||||
.Pa /etc/ssh/ssh_known_hosts .
|
||||
.It Cm HostbasedAuthentication
|
||||
Specifies whether to try rhosts based authentication with public key
|
||||
authentication.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
This option applies to protocol version 2 only and
|
||||
is similar to
|
||||
.Cm RhostsRSAAuthentication .
|
||||
.It Cm HostKeyAlgorithms
|
||||
Specifies the protocol version 2 host key algorithms
|
||||
that the client wants to use in order of preference.
|
||||
The default for this option is:
|
||||
.Dq ssh-rsa,ssh-dss .
|
||||
.It Cm HostKeyAlias
|
||||
Specifies an alias that should be used instead of the
|
||||
real host name when looking up or saving the host key
|
||||
in the host key database files.
|
||||
This option is useful for tunneling ssh connections
|
||||
or for multiple servers running on a single host.
|
||||
.It Cm HostName
|
||||
Specifies the real host name to log into.
|
||||
This can be used to specify nicknames or abbreviations for hosts.
|
||||
Default is the name given on the command line.
|
||||
Numeric IP addresses are also permitted (both on the command line and in
|
||||
.Cm HostName
|
||||
specifications).
|
||||
.It Cm IdentityFile
|
||||
Specifies a file from which the user's RSA or DSA authentication identity
|
||||
is read. The default is
|
||||
.Pa $HOME/.ssh/identity
|
||||
for protocol version 1, and
|
||||
.Pa $HOME/.ssh/id_rsa
|
||||
and
|
||||
.Pa $HOME/.ssh/id_dsa
|
||||
for protocol version 2.
|
||||
Additionally, any identities represented by the authentication agent
|
||||
will be used for authentication.
|
||||
The file name may use the tilde
|
||||
syntax to refer to a user's home directory.
|
||||
It is possible to have
|
||||
multiple identity files specified in configuration files; all these
|
||||
identities will be tried in sequence.
|
||||
.It Cm KeepAlive
|
||||
Specifies whether the system should send TCP keepalive messages to the
|
||||
other side.
|
||||
If they are sent, death of the connection or crash of one
|
||||
of the machines will be properly noticed.
|
||||
However, this means that
|
||||
connections will die if the route is down temporarily, and some people
|
||||
find it annoying.
|
||||
.Pp
|
||||
The default is
|
||||
.Dq yes
|
||||
(to send keepalives), and the client will notice
|
||||
if the network goes down or the remote host dies.
|
||||
This is important in scripts, and many users want it too.
|
||||
.Pp
|
||||
To disable keepalives, the value should be set to
|
||||
.Dq no .
|
||||
.It Cm KerberosAuthentication
|
||||
Specifies whether Kerberos authentication will be used.
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
.It Cm KerberosTgtPassing
|
||||
Specifies whether a Kerberos TGT will be forwarded to the server.
|
||||
This will only work if the Kerberos server is actually an AFS kaserver.
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
.It Cm LocalForward
|
||||
Specifies that a TCP/IP port on the local machine be forwarded over
|
||||
the secure channel to the specified host and port from the remote machine.
|
||||
The first argument must be a port number, and the second must be
|
||||
.Ar host:port .
|
||||
IPv6 addresses can be specified with an alternative syntax:
|
||||
.Ar host/port .
|
||||
Multiple forwardings may be specified, and additional
|
||||
forwardings can be given on the command line.
|
||||
Only the superuser can forward privileged ports.
|
||||
.It Cm LogLevel
|
||||
Gives the verbosity level that is used when logging messages from
|
||||
.Nm ssh .
|
||||
The possible values are:
|
||||
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
|
||||
The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
|
||||
and DEBUG3 each specify higher levels of verbose output.
|
||||
.It Cm MACs
|
||||
Specifies the MAC (message authentication code) algorithms
|
||||
in order of preference.
|
||||
The MAC algorithm is used in protocol version 2
|
||||
for data integrity protection.
|
||||
Multiple algorithms must be comma-separated.
|
||||
The default is
|
||||
.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
|
||||
.It Cm NoHostAuthenticationForLocalhost
|
||||
This option can be used if the home directory is shared across machines.
|
||||
In this case localhost will refer to a different machine on each of
|
||||
the machines and the user will get many warnings about changed host keys.
|
||||
However, this option disables host authentication for localhost.
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is to check the host key for localhost.
|
||||
.It Cm NumberOfPasswordPrompts
|
||||
Specifies the number of password prompts before giving up.
|
||||
The argument to this keyword must be an integer.
|
||||
Default is 3.
|
||||
.It Cm PasswordAuthentication
|
||||
Specifies whether to use password authentication.
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm Port
|
||||
Specifies the port number to connect on the remote host.
|
||||
Default is 22.
|
||||
.It Cm PreferredAuthentications
|
||||
Specifies the order in which the client should try protocol 2
|
||||
authentication methods. This allows a client to prefer one method (e.g.
|
||||
.Cm keyboard-interactive )
|
||||
over another method (e.g.
|
||||
.Cm password )
|
||||
The default for this option is:
|
||||
.Dq hostbased,publickey,keyboard-interactive,password .
|
||||
.It Cm Protocol
|
||||
Specifies the protocol versions
|
||||
.Nm ssh
|
||||
should support in order of preference.
|
||||
The possible values are
|
||||
.Dq 1
|
||||
and
|
||||
.Dq 2 .
|
||||
Multiple versions must be comma-separated.
|
||||
The default is
|
||||
.Dq 2,1 .
|
||||
This means that
|
||||
.Nm ssh
|
||||
tries version 2 and falls back to version 1
|
||||
if version 2 is not available.
|
||||
.It Cm ProxyCommand
|
||||
Specifies the command to use to connect to the server.
|
||||
The command
|
||||
string extends to the end of the line, and is executed with
|
||||
.Pa /bin/sh .
|
||||
In the command string,
|
||||
.Ql %h
|
||||
will be substituted by the host name to
|
||||
connect and
|
||||
.Ql %p
|
||||
by the port.
|
||||
The command can be basically anything,
|
||||
and should read from its standard input and write to its standard output.
|
||||
It should eventually connect an
|
||||
.Xr sshd 8
|
||||
server running on some machine, or execute
|
||||
.Ic sshd -i
|
||||
somewhere.
|
||||
Host key management will be done using the
|
||||
HostName of the host being connected (defaulting to the name typed by
|
||||
the user).
|
||||
Note that
|
||||
.Cm CheckHostIP
|
||||
is not available for connects with a proxy command.
|
||||
.Pp
|
||||
.It Cm PubkeyAuthentication
|
||||
Specifies whether to try public key authentication.
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq yes .
|
||||
This option applies to protocol version 2 only.
|
||||
.It Cm RemoteForward
|
||||
Specifies that a TCP/IP port on the remote machine be forwarded over
|
||||
the secure channel to the specified host and port from the local machine.
|
||||
The first argument must be a port number, and the second must be
|
||||
.Ar host:port .
|
||||
IPv6 addresses can be specified with an alternative syntax:
|
||||
.Ar host/port .
|
||||
Multiple forwardings may be specified, and additional
|
||||
forwardings can be given on the command line.
|
||||
Only the superuser can forward privileged ports.
|
||||
.It Cm RhostsAuthentication
|
||||
Specifies whether to try rhosts based authentication.
|
||||
Note that this
|
||||
declaration only affects the client side and has no effect whatsoever
|
||||
on security.
|
||||
Most servers do not permit RhostsAuthentication because it
|
||||
is not secure (see
|
||||
.Cm RhostsRSAAuthentication ) .
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
This option applies to protocol version 1 only.
|
||||
.It Cm RhostsRSAAuthentication
|
||||
Specifies whether to try rhosts based authentication with RSA host
|
||||
authentication.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
This option applies to protocol version 1 only and requires
|
||||
.Nm ssh
|
||||
to be setuid root.
|
||||
.It Cm RSAAuthentication
|
||||
Specifies whether to try RSA authentication.
|
||||
The argument to this keyword must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
RSA authentication will only be
|
||||
attempted if the identity file exists, or an authentication agent is
|
||||
running.
|
||||
The default is
|
||||
.Dq yes .
|
||||
Note that this option applies to protocol version 1 only.
|
||||
.It Cm SmartcardDevice
|
||||
Specifies which smartcard device to use. The argument to this keyword is
|
||||
the device
|
||||
.Nm ssh
|
||||
should use to communicate with a smartcard used for storing the user's
|
||||
private RSA key. By default, no device is specified and smartcard support
|
||||
is not activated.
|
||||
.It Cm StrictHostKeyChecking
|
||||
If this flag is set to
|
||||
.Dq yes ,
|
||||
.Nm ssh
|
||||
will never automatically add host keys to the
|
||||
.Pa $HOME/.ssh/known_hosts
|
||||
file, and refuses to connect to hosts whose host key has changed.
|
||||
This provides maximum protection against trojan horse attacks,
|
||||
however, can be annoying when the
|
||||
.Pa /etc/ssh/ssh_known_hosts
|
||||
file is poorly maintained, or connections to new hosts are
|
||||
frequently made.
|
||||
This option forces the user to manually
|
||||
add all new hosts.
|
||||
If this flag is set to
|
||||
.Dq no ,
|
||||
.Nm ssh
|
||||
will automatically add new host keys to the
|
||||
user known hosts files.
|
||||
If this flag is set to
|
||||
.Dq ask ,
|
||||
new host keys
|
||||
will be added to the user known host files only after the user
|
||||
has confirmed that is what they really want to do, and
|
||||
.Nm ssh
|
||||
will refuse to connect to hosts whose host key has changed.
|
||||
The host keys of
|
||||
known hosts will be verified automatically in all cases.
|
||||
The argument must be
|
||||
.Dq yes ,
|
||||
.Dq no
|
||||
or
|
||||
.Dq ask .
|
||||
The default is
|
||||
.Dq ask .
|
||||
.It Cm UsePrivilegedPort
|
||||
Specifies whether to use a privileged port for outgoing connections.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
Note that this option must be set to
|
||||
.Dq yes
|
||||
if
|
||||
.Cm RhostsAuthentication
|
||||
and
|
||||
.Cm RhostsRSAAuthentication
|
||||
authentications are needed with older servers.
|
||||
.It Cm User
|
||||
Specifies the user to log in as.
|
||||
This can be useful when a different user name is used on different machines.
|
||||
This saves the trouble of
|
||||
having to remember to give the user name on the command line.
|
||||
.It Cm UserKnownHostsFile
|
||||
Specifies a file to use for the user
|
||||
host key database instead of
|
||||
.Pa $HOME/.ssh/known_hosts .
|
||||
.It Cm XAuthLocation
|
||||
Specifies the location of the
|
||||
.Xr xauth 1
|
||||
program.
|
||||
The default is
|
||||
.Pa /usr/X11R6/bin/xauth .
|
||||
.El
|
||||
.Sh FILES
|
||||
.Bl -tag -width Ds
|
||||
.It Pa $HOME/.ssh/config
|
||||
This is the per-user configuration file.
|
||||
The format of this file is described above.
|
||||
This file is used by the
|
||||
.Nm ssh
|
||||
client.
|
||||
This file does not usually contain any sensitive information,
|
||||
but the recommended permissions are read/write for the user, and not
|
||||
accessible by others.
|
||||
.It Pa /etc/ssh/ssh_config
|
||||
Systemwide configuration file.
|
||||
This file provides defaults for those
|
||||
values that are not specified in the user's configuration file, and
|
||||
for those users who do not have a configuration file.
|
||||
This file must be world-readable.
|
||||
.El
|
||||
.Sh AUTHORS
|
||||
OpenSSH is a derivative of the original and free
|
||||
ssh 1.2.12 release by Tatu Ylonen.
|
||||
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
|
||||
Theo de Raadt and Dug Song
|
||||
removed many bugs, re-added newer features and
|
||||
created OpenSSH.
|
||||
Markus Friedl contributed the support for SSH
|
||||
protocol versions 1.5 and 2.0.
|
||||
.Sh SEE ALSO
|
||||
.Xr ssh 1
|
641
sshd.8
641
sshd.8
@ -34,7 +34,7 @@
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd.8,v 1.183 2002/05/29 03:06:30 stevesk Exp $
|
||||
.\" $OpenBSD: sshd.8,v 1.184 2002/06/20 19:56:07 stevesk Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSHD 8
|
||||
.Os
|
||||
@ -320,638 +320,8 @@ reads configuration data from
|
||||
(or the file specified with
|
||||
.Fl f
|
||||
on the command line).
|
||||
The file contains keyword-argument pairs, one per line.
|
||||
Lines starting with
|
||||
.Ql #
|
||||
and empty lines are interpreted as comments.
|
||||
.Pp
|
||||
The possible
|
||||
keywords and their meanings are as follows (note that
|
||||
keywords are case-insensitive and arguments are case-sensitive):
|
||||
.Bl -tag -width Ds
|
||||
.It Cm AFSTokenPassing
|
||||
Specifies whether an AFS token may be forwarded to the server.
|
||||
Default is
|
||||
.Dq no .
|
||||
.It Cm AllowGroups
|
||||
This keyword can be followed by a list of group name patterns, separated
|
||||
by spaces.
|
||||
If specified, login is allowed only for users whose primary
|
||||
group or supplementary group list matches one of the patterns.
|
||||
.Ql \&*
|
||||
and
|
||||
.Ql ?
|
||||
can be used as
|
||||
wildcards in the patterns.
|
||||
Only group names are valid; a numerical group ID is not recognized.
|
||||
By default, login is allowed for all groups.
|
||||
.Pp
|
||||
.It Cm AllowTcpForwarding
|
||||
Specifies whether TCP forwarding is permitted.
|
||||
The default is
|
||||
.Dq yes .
|
||||
Note that disabling TCP forwarding does not improve security unless
|
||||
users are also denied shell access, as they can always install their
|
||||
own forwarders.
|
||||
.Pp
|
||||
.It Cm AllowUsers
|
||||
This keyword can be followed by a list of user name patterns, separated
|
||||
by spaces.
|
||||
If specified, login is allowed only for users names that
|
||||
match one of the patterns.
|
||||
.Ql \&*
|
||||
and
|
||||
.Ql ?
|
||||
can be used as
|
||||
wildcards in the patterns.
|
||||
Only user names are valid; a numerical user ID is not recognized.
|
||||
By default, login is allowed for all users.
|
||||
If the pattern takes the form USER@HOST then USER and HOST
|
||||
are separately checked, restricting logins to particular
|
||||
users from particular hosts.
|
||||
.Pp
|
||||
.It Cm AuthorizedKeysFile
|
||||
Specifies the file that contains the public keys that can be used
|
||||
for user authentication.
|
||||
.Cm AuthorizedKeysFile
|
||||
may contain tokens of the form %T which are substituted during connection
|
||||
set-up. The following tokens are defined: %% is replaced by a literal '%',
|
||||
%h is replaced by the home directory of the user being authenticated and
|
||||
%u is replaced by the username of that user.
|
||||
After expansion,
|
||||
.Cm AuthorizedKeysFile
|
||||
is taken to be an absolute path or one relative to the user's home
|
||||
directory.
|
||||
The default is
|
||||
.Dq .ssh/authorized_keys .
|
||||
.It Cm Banner
|
||||
In some jurisdictions, sending a warning message before authentication
|
||||
may be relevant for getting legal protection.
|
||||
The contents of the specified file are sent to the remote user before
|
||||
authentication is allowed.
|
||||
This option is only available for protocol version 2.
|
||||
By default, no banner is displayed.
|
||||
.Pp
|
||||
.It Cm ChallengeResponseAuthentication
|
||||
Specifies whether challenge response authentication is allowed.
|
||||
All authentication styles from
|
||||
.Xr login.conf 5
|
||||
are supported.
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm Ciphers
|
||||
Specifies the ciphers allowed for protocol version 2.
|
||||
Multiple ciphers must be comma-separated.
|
||||
The default is
|
||||
.Pp
|
||||
.Bd -literal
|
||||
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
|
||||
aes192-cbc,aes256-cbc''
|
||||
.Ed
|
||||
.It Cm ClientAliveInterval
|
||||
Sets a timeout interval in seconds after which if no data has been received
|
||||
from the client,
|
||||
.Nm
|
||||
will send a message through the encrypted
|
||||
channel to request a response from the client.
|
||||
The default
|
||||
is 0, indicating that these messages will not be sent to the client.
|
||||
This option applies to protocol version 2 only.
|
||||
.It Cm ClientAliveCountMax
|
||||
Sets the number of client alive messages (see above) which may be
|
||||
sent without
|
||||
.Nm
|
||||
receiving any messages back from the client. If this threshold is
|
||||
reached while client alive messages are being sent,
|
||||
.Nm
|
||||
will disconnect the client, terminating the session. It is important
|
||||
to note that the use of client alive messages is very different from
|
||||
.Cm KeepAlive
|
||||
(below). The client alive messages are sent through the
|
||||
encrypted channel and therefore will not be spoofable. The TCP keepalive
|
||||
option enabled by
|
||||
.Cm KeepAlive
|
||||
is spoofable. The client alive mechanism is valuable when the client or
|
||||
server depend on knowing when a connection has become inactive.
|
||||
.Pp
|
||||
The default value is 3. If
|
||||
.Cm ClientAliveInterval
|
||||
(above) is set to 15, and
|
||||
.Cm ClientAliveCountMax
|
||||
is left at the default, unresponsive ssh clients
|
||||
will be disconnected after approximately 45 seconds.
|
||||
.It Cm DenyGroups
|
||||
This keyword can be followed by a list of group name patterns, separated
|
||||
by spaces.
|
||||
Login is disallowed for users whose primary group or supplementary
|
||||
group list matches one of the patterns.
|
||||
.Ql \&*
|
||||
and
|
||||
.Ql ?
|
||||
can be used as
|
||||
wildcards in the patterns.
|
||||
Only group names are valid; a numerical group ID is not recognized.
|
||||
By default, login is allowed for all groups.
|
||||
.Pp
|
||||
.It Cm DenyUsers
|
||||
This keyword can be followed by a list of user name patterns, separated
|
||||
by spaces.
|
||||
Login is disallowed for user names that match one of the patterns.
|
||||
.Ql \&*
|
||||
and
|
||||
.Ql ?
|
||||
can be used as wildcards in the patterns.
|
||||
Only user names are valid; a numerical user ID is not recognized.
|
||||
By default, login is allowed for all users.
|
||||
If the pattern takes the form USER@HOST then USER and HOST
|
||||
are separately checked, restricting logins to particular
|
||||
users from particular hosts.
|
||||
.It Cm GatewayPorts
|
||||
Specifies whether remote hosts are allowed to connect to ports
|
||||
forwarded for the client.
|
||||
By default,
|
||||
.Nm
|
||||
binds remote port forwardings to the loopback address. This
|
||||
prevents other remote hosts from connecting to forwarded ports.
|
||||
.Cm GatewayPorts
|
||||
can be used to specify that
|
||||
.Nm
|
||||
should bind remote port forwardings to the wildcard address,
|
||||
thus allowing remote hosts to connect to forwarded ports.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm HostbasedAuthentication
|
||||
Specifies whether rhosts or /etc/hosts.equiv authentication together
|
||||
with successful public key client host authentication is allowed
|
||||
(hostbased authentication).
|
||||
This option is similar to
|
||||
.Cm RhostsRSAAuthentication
|
||||
and applies to protocol version 2 only.
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm HostKey
|
||||
Specifies a file containing a private host key
|
||||
used by SSH.
|
||||
The default is
|
||||
.Pa /etc/ssh/ssh_host_key
|
||||
for protocol version 1, and
|
||||
.Pa /etc/ssh/ssh_host_rsa_key
|
||||
and
|
||||
.Pa /etc/ssh/ssh_host_dsa_key
|
||||
for protocol version 2.
|
||||
Note that
|
||||
.Nm
|
||||
will refuse to use a file if it is group/world-accessible.
|
||||
It is possible to have multiple host key files.
|
||||
.Dq rsa1
|
||||
keys are used for version 1 and
|
||||
.Dq dsa
|
||||
or
|
||||
.Dq rsa
|
||||
are used for version 2 of the SSH protocol.
|
||||
.It Cm IgnoreRhosts
|
||||
Specifies that
|
||||
.Pa .rhosts
|
||||
and
|
||||
.Pa .shosts
|
||||
files will not be used in
|
||||
.Cm RhostsAuthentication ,
|
||||
.Cm RhostsRSAAuthentication
|
||||
or
|
||||
.Cm HostbasedAuthentication .
|
||||
.Pp
|
||||
.Pa /etc/hosts.equiv
|
||||
and
|
||||
.Pa /etc/shosts.equiv
|
||||
are still used.
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm IgnoreUserKnownHosts
|
||||
Specifies whether
|
||||
.Nm
|
||||
should ignore the user's
|
||||
.Pa $HOME/.ssh/known_hosts
|
||||
during
|
||||
.Cm RhostsRSAAuthentication
|
||||
or
|
||||
.Cm HostbasedAuthentication .
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm KeepAlive
|
||||
Specifies whether the system should send TCP keepalive messages to the
|
||||
other side.
|
||||
If they are sent, death of the connection or crash of one
|
||||
of the machines will be properly noticed.
|
||||
However, this means that
|
||||
connections will die if the route is down temporarily, and some people
|
||||
find it annoying.
|
||||
On the other hand, if keepalives are not sent,
|
||||
sessions may hang indefinitely on the server, leaving
|
||||
.Dq ghost
|
||||
users and consuming server resources.
|
||||
.Pp
|
||||
The default is
|
||||
.Dq yes
|
||||
(to send keepalives), and the server will notice
|
||||
if the network goes down or the client host crashes.
|
||||
This avoids infinitely hanging sessions.
|
||||
.Pp
|
||||
To disable keepalives, the value should be set to
|
||||
.Dq no .
|
||||
.It Cm KerberosAuthentication
|
||||
Specifies whether Kerberos authentication is allowed.
|
||||
This can be in the form of a Kerberos ticket, or if
|
||||
.Cm PasswordAuthentication
|
||||
is yes, the password provided by the user will be validated through
|
||||
the Kerberos KDC.
|
||||
To use this option, the server needs a
|
||||
Kerberos servtab which allows the verification of the KDC's identity.
|
||||
Default is
|
||||
.Dq no .
|
||||
.It Cm KerberosOrLocalPasswd
|
||||
If set then if password authentication through Kerberos fails then
|
||||
the password will be validated via any additional local mechanism
|
||||
such as
|
||||
.Pa /etc/passwd .
|
||||
Default is
|
||||
.Dq yes .
|
||||
.It Cm KerberosTgtPassing
|
||||
Specifies whether a Kerberos TGT may be forwarded to the server.
|
||||
Default is
|
||||
.Dq no ,
|
||||
as this only works when the Kerberos KDC is actually an AFS kaserver.
|
||||
.It Cm KerberosTicketCleanup
|
||||
Specifies whether to automatically destroy the user's ticket cache
|
||||
file on logout.
|
||||
Default is
|
||||
.Dq yes .
|
||||
.It Cm KeyRegenerationInterval
|
||||
In protocol version 1, the ephemeral server key is automatically regenerated
|
||||
after this many seconds (if it has been used).
|
||||
The purpose of regeneration is to prevent
|
||||
decrypting captured sessions by later breaking into the machine and
|
||||
stealing the keys.
|
||||
The key is never stored anywhere.
|
||||
If the value is 0, the key is never regenerated.
|
||||
The default is 3600 (seconds).
|
||||
.It Cm ListenAddress
|
||||
Specifies the local addresses
|
||||
.Nm
|
||||
should listen on.
|
||||
The following forms may be used:
|
||||
.Pp
|
||||
.Bl -item -offset indent -compact
|
||||
.It
|
||||
.Cm ListenAddress
|
||||
.Sm off
|
||||
.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
|
||||
.Sm on
|
||||
.It
|
||||
.Cm ListenAddress
|
||||
.Sm off
|
||||
.Ar host No | Ar IPv4_addr No : Ar port
|
||||
.Sm on
|
||||
.It
|
||||
.Cm ListenAddress
|
||||
.Sm off
|
||||
.Oo
|
||||
.Ar host No | Ar IPv6_addr Oc : Ar port
|
||||
.Sm on
|
||||
.El
|
||||
.Pp
|
||||
If
|
||||
.Ar port
|
||||
is not specified,
|
||||
.Nm
|
||||
will listen on the address and all prior
|
||||
.Cm Port
|
||||
options specified. The default is to listen on all local
|
||||
addresses. Multiple
|
||||
.Cm ListenAddress
|
||||
options are permitted. Additionally, any
|
||||
.Cm Port
|
||||
options must precede this option for non port qualified addresses.
|
||||
.It Cm LoginGraceTime
|
||||
The server disconnects after this time if the user has not
|
||||
successfully logged in.
|
||||
If the value is 0, there is no time limit.
|
||||
The default is 600 (seconds).
|
||||
.It Cm LogLevel
|
||||
Gives the verbosity level that is used when logging messages from
|
||||
.Nm sshd .
|
||||
The possible values are:
|
||||
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
|
||||
The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
|
||||
and DEBUG3 each specify higher levels of debugging output.
|
||||
Logging with a DEBUG level violates the privacy of users
|
||||
and is not recommended.
|
||||
.It Cm MACs
|
||||
Specifies the available MAC (message authentication code) algorithms.
|
||||
The MAC algorithm is used in protocol version 2
|
||||
for data integrity protection.
|
||||
Multiple algorithms must be comma-separated.
|
||||
The default is
|
||||
.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
|
||||
.It Cm MaxStartups
|
||||
Specifies the maximum number of concurrent unauthenticated connections to the
|
||||
.Nm
|
||||
daemon.
|
||||
Additional connections will be dropped until authentication succeeds or the
|
||||
.Cm LoginGraceTime
|
||||
expires for a connection.
|
||||
The default is 10.
|
||||
.Pp
|
||||
Alternatively, random early drop can be enabled by specifying
|
||||
the three colon separated values
|
||||
.Dq start:rate:full
|
||||
(e.g., "10:30:60").
|
||||
.Nm
|
||||
will refuse connection attempts with a probability of
|
||||
.Dq rate/100
|
||||
(30%)
|
||||
if there are currently
|
||||
.Dq start
|
||||
(10)
|
||||
unauthenticated connections.
|
||||
The probability increases linearly and all connection attempts
|
||||
are refused if the number of unauthenticated connections reaches
|
||||
.Dq full
|
||||
(60).
|
||||
.It Cm PAMAuthenticationViaKbdInt
|
||||
Specifies whether PAM challenge response authentication is allowed. This
|
||||
allows the use of most PAM challenge response authentication modules, but
|
||||
it will allow password authentication regardless of whether
|
||||
.Cm PasswordAuthentication
|
||||
is disabled.
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm PasswordAuthentication
|
||||
Specifies whether password authentication is allowed.
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm PermitEmptyPasswords
|
||||
When password authentication is allowed, it specifies whether the
|
||||
server allows login to accounts with empty password strings.
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm PermitRootLogin
|
||||
Specifies whether root can login using
|
||||
.Xr ssh 1 .
|
||||
The argument must be
|
||||
.Dq yes ,
|
||||
.Dq without-password ,
|
||||
.Dq forced-commands-only
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq yes .
|
||||
.Pp
|
||||
If this option is set to
|
||||
.Dq without-password
|
||||
password authentication is disabled for root.
|
||||
.Pp
|
||||
If this option is set to
|
||||
.Dq forced-commands-only
|
||||
root login with public key authentication will be allowed,
|
||||
but only if the
|
||||
.Ar command
|
||||
option has been specified
|
||||
(which may be useful for taking remote backups even if root login is
|
||||
normally not allowed). All other authentication methods are disabled
|
||||
for root.
|
||||
.Pp
|
||||
If this option is set to
|
||||
.Dq no
|
||||
root is not allowed to login.
|
||||
.It Cm PidFile
|
||||
Specifies the file that contains the process identifier of the
|
||||
.Nm
|
||||
daemon.
|
||||
The default is
|
||||
.Pa /var/run/sshd.pid .
|
||||
.It Cm Port
|
||||
Specifies the port number that
|
||||
.Nm
|
||||
listens on.
|
||||
The default is 22.
|
||||
Multiple options of this type are permitted.
|
||||
See also
|
||||
.Cm ListenAddress .
|
||||
.It Cm PrintLastLog
|
||||
Specifies whether
|
||||
.Nm
|
||||
should print the date and time when the user last logged in.
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm PrintMotd
|
||||
Specifies whether
|
||||
.Nm
|
||||
should print
|
||||
.Pa /etc/motd
|
||||
when a user logs in interactively.
|
||||
(On some systems it is also printed by the shell,
|
||||
.Pa /etc/profile ,
|
||||
or equivalent.)
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm Protocol
|
||||
Specifies the protocol versions
|
||||
.Nm
|
||||
should support.
|
||||
The possible values are
|
||||
.Dq 1
|
||||
and
|
||||
.Dq 2 .
|
||||
Multiple versions must be comma-separated.
|
||||
The default is
|
||||
.Dq 2,1 .
|
||||
.It Cm PubkeyAuthentication
|
||||
Specifies whether public key authentication is allowed.
|
||||
The default is
|
||||
.Dq yes .
|
||||
Note that this option applies to protocol version 2 only.
|
||||
.It Cm RhostsAuthentication
|
||||
Specifies whether authentication using rhosts or /etc/hosts.equiv
|
||||
files is sufficient.
|
||||
Normally, this method should not be permitted because it is insecure.
|
||||
.Cm RhostsRSAAuthentication
|
||||
should be used
|
||||
instead, because it performs RSA-based host authentication in addition
|
||||
to normal rhosts or /etc/hosts.equiv authentication.
|
||||
The default is
|
||||
.Dq no .
|
||||
This option applies to protocol version 1 only.
|
||||
.It Cm RhostsRSAAuthentication
|
||||
Specifies whether rhosts or /etc/hosts.equiv authentication together
|
||||
with successful RSA host authentication is allowed.
|
||||
The default is
|
||||
.Dq no .
|
||||
This option applies to protocol version 1 only.
|
||||
.It Cm RSAAuthentication
|
||||
Specifies whether pure RSA authentication is allowed.
|
||||
The default is
|
||||
.Dq yes .
|
||||
This option applies to protocol version 1 only.
|
||||
.It Cm ServerKeyBits
|
||||
Defines the number of bits in the ephemeral protocol version 1 server key.
|
||||
The minimum value is 512, and the default is 768.
|
||||
.It Cm StrictModes
|
||||
Specifies whether
|
||||
.Nm
|
||||
should check file modes and ownership of the
|
||||
user's files and home directory before accepting login.
|
||||
This is normally desirable because novices sometimes accidentally leave their
|
||||
directory or files world-writable.
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm Subsystem
|
||||
Configures an external subsystem (e.g., file transfer daemon).
|
||||
Arguments should be a subsystem name and a command to execute upon subsystem
|
||||
request.
|
||||
The command
|
||||
.Xr sftp-server 8
|
||||
implements the
|
||||
.Dq sftp
|
||||
file transfer subsystem.
|
||||
By default no subsystems are defined.
|
||||
Note that this option applies to protocol version 2 only.
|
||||
.It Cm SyslogFacility
|
||||
Gives the facility code that is used when logging messages from
|
||||
.Nm sshd .
|
||||
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
|
||||
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
|
||||
The default is AUTH.
|
||||
.It Cm UseLogin
|
||||
Specifies whether
|
||||
.Xr login 1
|
||||
is used for interactive login sessions.
|
||||
The default is
|
||||
.Dq no .
|
||||
Note that
|
||||
.Xr login 1
|
||||
is never used for remote command execution.
|
||||
Note also, that if this is enabled,
|
||||
.Cm X11Forwarding
|
||||
will be disabled because
|
||||
.Xr login 1
|
||||
does not know how to handle
|
||||
.Xr xauth 1
|
||||
cookies. If
|
||||
.Cm UsePrivilegeSeparation
|
||||
is specified, it will be disabled after authentication.
|
||||
.It Cm UsePrivilegeSeparation
|
||||
Specifies whether
|
||||
.Nm
|
||||
separated privileges by creating an unprivileged child process
|
||||
to deal with incoming network traffic. After successful authentication,
|
||||
another process will be created that has the privilege of the authenticated
|
||||
user. The goal of privilege separation is to prevent privilege
|
||||
escalation by containing any corruption within the unprivileged processes.
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm VerifyReverseMapping
|
||||
Specifies whether
|
||||
.Nm
|
||||
should try to verify the remote host name and check that
|
||||
the resolved host name for the remote IP address maps back to the
|
||||
very same IP address.
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm X11DisplayOffset
|
||||
Specifies the first display number available for
|
||||
.Nm sshd Ns 's
|
||||
X11 forwarding.
|
||||
This prevents
|
||||
.Nm
|
||||
from interfering with real X11 servers.
|
||||
The default is 10.
|
||||
.It Cm X11Forwarding
|
||||
Specifies whether X11 forwarding is permitted.
|
||||
The default is
|
||||
.Dq no .
|
||||
Note that disabling X11 forwarding does not improve security in any
|
||||
way, as users can always install their own forwarders.
|
||||
X11 forwarding is automatically disabled if
|
||||
.Cm UseLogin
|
||||
is enabled.
|
||||
.It Cm X11UseLocalhost
|
||||
Specifies whether
|
||||
.Nm
|
||||
should bind the X11 forwarding server to the loopback address or to
|
||||
the wildcard address. By default,
|
||||
.Nm
|
||||
binds the forwarding server to the loopback address and sets the
|
||||
hostname part of the
|
||||
.Ev DISPLAY
|
||||
environment variable to
|
||||
.Dq localhost .
|
||||
This prevents remote hosts from connecting to the fake display.
|
||||
However, some older X11 clients may not function with this
|
||||
configuration.
|
||||
.Cm X11UseLocalhost
|
||||
may be set to
|
||||
.Dq no
|
||||
to specify that the forwarding server should be bound to the wildcard
|
||||
address.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm XAuthLocation
|
||||
Specifies the location of the
|
||||
.Xr xauth 1
|
||||
program.
|
||||
The default is
|
||||
.Pa /usr/X11R6/bin/xauth .
|
||||
.El
|
||||
.Ss Time Formats
|
||||
.Pp
|
||||
.Nm
|
||||
command-line arguments and configuration file options that specify time
|
||||
may be expressed using a sequence of the form:
|
||||
.Sm off
|
||||
.Ar time Oo Ar qualifier Oc ,
|
||||
.Sm on
|
||||
where
|
||||
.Ar time
|
||||
is a positive integer value and
|
||||
.Ar qualifier
|
||||
is one of the following:
|
||||
.Pp
|
||||
.Bl -tag -width Ds -compact -offset indent
|
||||
.It Cm <none>
|
||||
seconds
|
||||
.It Cm s | Cm S
|
||||
seconds
|
||||
.It Cm m | Cm M
|
||||
minutes
|
||||
.It Cm h | Cm H
|
||||
hours
|
||||
.It Cm d | Cm D
|
||||
days
|
||||
.It Cm w | Cm W
|
||||
weeks
|
||||
.El
|
||||
.Pp
|
||||
Each member of the sequence is added together to calculate
|
||||
the total time value.
|
||||
.Pp
|
||||
Time format examples:
|
||||
.Pp
|
||||
.Bl -tag -width Ds -compact -offset indent
|
||||
.It 600
|
||||
600 seconds (10 minutes)
|
||||
.It 10m
|
||||
10 minutes
|
||||
.It 1h30m
|
||||
1 hour 30 minutes (90 minutes)
|
||||
.El
|
||||
The file format and configuration options are described in
|
||||
.Xr sshd_config 5 .
|
||||
.Sh LOGIN PROCESS
|
||||
When a user successfully logs in,
|
||||
.Nm
|
||||
@ -1187,8 +557,8 @@ cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
|
||||
.It Pa /etc/ssh/sshd_config
|
||||
Contains configuration data for
|
||||
.Nm sshd .
|
||||
This file should be writable by root only, but it is recommended
|
||||
(though not necessary) that it be world-readable.
|
||||
The file format and configuration options are described in
|
||||
.Xr sshd_config 5 .
|
||||
.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
|
||||
These three files contain the private parts of the host keys.
|
||||
These files should only be owned by root, readable only by root, and not
|
||||
@ -1389,6 +759,7 @@ for privilege separation.
|
||||
.Xr ssh-keygen 1 ,
|
||||
.Xr login.conf 5 ,
|
||||
.Xr moduli 5 ,
|
||||
.Xr sshd_config 5 ,
|
||||
.Xr sftp-server 8
|
||||
.Rs
|
||||
.%A T. Ylonen
|
||||
|
711
sshd_config.5
Normal file
711
sshd_config.5
Normal file
@ -0,0 +1,711 @@
|
||||
.\" -*- nroff -*-
|
||||
.\"
|
||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
.\" All rights reserved
|
||||
.\"
|
||||
.\" As far as I am concerned, the code I have written for this software
|
||||
.\" can be used freely for any purpose. Any derived versions of this
|
||||
.\" software must be clearly marked as such, and if the derived work is
|
||||
.\" incompatible with the protocol description in the RFC file, it must be
|
||||
.\" called by a name other than "ssh" or "Secure Shell".
|
||||
.\"
|
||||
.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
|
||||
.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
|
||||
.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
|
||||
.\"
|
||||
.\" Redistribution and use in source and binary forms, with or without
|
||||
.\" modification, are permitted provided that the following conditions
|
||||
.\" are met:
|
||||
.\" 1. Redistributions of source code must retain the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer.
|
||||
.\" 2. Redistributions in binary form must reproduce the above copyright
|
||||
.\" notice, this list of conditions and the following disclaimer in the
|
||||
.\" documentation and/or other materials provided with the distribution.
|
||||
.\"
|
||||
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
||||
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
||||
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
||||
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
||||
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
||||
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
||||
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
||||
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.\" $OpenBSD: sshd_config.5,v 1.3 2002/06/20 23:37:12 markus Exp $
|
||||
.Dd September 25, 1999
|
||||
.Dt SSHD_CONFIG 5
|
||||
.Os
|
||||
.Sh NAME
|
||||
.Nm sshd_config
|
||||
.Nd OpenSSH SSH daemon configuration file
|
||||
.Sh SYNOPSIS
|
||||
.Bl -tag -width Ds -compact
|
||||
.It Pa /etc/ssh/sshd_config
|
||||
.El
|
||||
.Sh DESCRIPTION
|
||||
.Nm sshd
|
||||
reads configuration data from
|
||||
.Pa /etc/ssh/sshd_config
|
||||
(or the file specified with
|
||||
.Fl f
|
||||
on the command line).
|
||||
The file contains keyword-argument pairs, one per line.
|
||||
Lines starting with
|
||||
.Ql #
|
||||
and empty lines are interpreted as comments.
|
||||
.Pp
|
||||
The possible
|
||||
keywords and their meanings are as follows (note that
|
||||
keywords are case-insensitive and arguments are case-sensitive):
|
||||
.Bl -tag -width Ds
|
||||
.It Cm AFSTokenPassing
|
||||
Specifies whether an AFS token may be forwarded to the server.
|
||||
Default is
|
||||
.Dq no .
|
||||
.It Cm AllowGroups
|
||||
This keyword can be followed by a list of group name patterns, separated
|
||||
by spaces.
|
||||
If specified, login is allowed only for users whose primary
|
||||
group or supplementary group list matches one of the patterns.
|
||||
.Ql \&*
|
||||
and
|
||||
.Ql ?
|
||||
can be used as
|
||||
wildcards in the patterns.
|
||||
Only group names are valid; a numerical group ID is not recognized.
|
||||
By default, login is allowed for all groups.
|
||||
.Pp
|
||||
.It Cm AllowTcpForwarding
|
||||
Specifies whether TCP forwarding is permitted.
|
||||
The default is
|
||||
.Dq yes .
|
||||
Note that disabling TCP forwarding does not improve security unless
|
||||
users are also denied shell access, as they can always install their
|
||||
own forwarders.
|
||||
.Pp
|
||||
.It Cm AllowUsers
|
||||
This keyword can be followed by a list of user name patterns, separated
|
||||
by spaces.
|
||||
If specified, login is allowed only for users names that
|
||||
match one of the patterns.
|
||||
.Ql \&*
|
||||
and
|
||||
.Ql ?
|
||||
can be used as
|
||||
wildcards in the patterns.
|
||||
Only user names are valid; a numerical user ID is not recognized.
|
||||
By default, login is allowed for all users.
|
||||
If the pattern takes the form USER@HOST then USER and HOST
|
||||
are separately checked, restricting logins to particular
|
||||
users from particular hosts.
|
||||
.Pp
|
||||
.It Cm AuthorizedKeysFile
|
||||
Specifies the file that contains the public keys that can be used
|
||||
for user authentication.
|
||||
.Cm AuthorizedKeysFile
|
||||
may contain tokens of the form %T which are substituted during connection
|
||||
set-up. The following tokens are defined: %% is replaced by a literal '%',
|
||||
%h is replaced by the home directory of the user being authenticated and
|
||||
%u is replaced by the username of that user.
|
||||
After expansion,
|
||||
.Cm AuthorizedKeysFile
|
||||
is taken to be an absolute path or one relative to the user's home
|
||||
directory.
|
||||
The default is
|
||||
.Dq .ssh/authorized_keys .
|
||||
.It Cm Banner
|
||||
In some jurisdictions, sending a warning message before authentication
|
||||
may be relevant for getting legal protection.
|
||||
The contents of the specified file are sent to the remote user before
|
||||
authentication is allowed.
|
||||
This option is only available for protocol version 2.
|
||||
By default, no banner is displayed.
|
||||
.Pp
|
||||
.It Cm ChallengeResponseAuthentication
|
||||
Specifies whether challenge response authentication is allowed.
|
||||
All authentication styles from
|
||||
.Xr login.conf 5
|
||||
are supported.
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm Ciphers
|
||||
Specifies the ciphers allowed for protocol version 2.
|
||||
Multiple ciphers must be comma-separated.
|
||||
The default is
|
||||
.Pp
|
||||
.Bd -literal
|
||||
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
|
||||
aes192-cbc,aes256-cbc''
|
||||
.Ed
|
||||
.It Cm ClientAliveInterval
|
||||
Sets a timeout interval in seconds after which if no data has been received
|
||||
from the client,
|
||||
.Nm sshd
|
||||
will send a message through the encrypted
|
||||
channel to request a response from the client.
|
||||
The default
|
||||
is 0, indicating that these messages will not be sent to the client.
|
||||
This option applies to protocol version 2 only.
|
||||
.It Cm ClientAliveCountMax
|
||||
Sets the number of client alive messages (see above) which may be
|
||||
sent without
|
||||
.Nm sshd
|
||||
receiving any messages back from the client. If this threshold is
|
||||
reached while client alive messages are being sent,
|
||||
.Nm sshd
|
||||
will disconnect the client, terminating the session. It is important
|
||||
to note that the use of client alive messages is very different from
|
||||
.Cm KeepAlive
|
||||
(below). The client alive messages are sent through the
|
||||
encrypted channel and therefore will not be spoofable. The TCP keepalive
|
||||
option enabled by
|
||||
.Cm KeepAlive
|
||||
is spoofable. The client alive mechanism is valuable when the client or
|
||||
server depend on knowing when a connection has become inactive.
|
||||
.Pp
|
||||
The default value is 3. If
|
||||
.Cm ClientAliveInterval
|
||||
(above) is set to 15, and
|
||||
.Cm ClientAliveCountMax
|
||||
is left at the default, unresponsive ssh clients
|
||||
will be disconnected after approximately 45 seconds.
|
||||
.It Cm Compression
|
||||
Specifies whether compression is allowed.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm DenyGroups
|
||||
This keyword can be followed by a list of group name patterns, separated
|
||||
by spaces.
|
||||
Login is disallowed for users whose primary group or supplementary
|
||||
group list matches one of the patterns.
|
||||
.Ql \&*
|
||||
and
|
||||
.Ql ?
|
||||
can be used as
|
||||
wildcards in the patterns.
|
||||
Only group names are valid; a numerical group ID is not recognized.
|
||||
By default, login is allowed for all groups.
|
||||
.Pp
|
||||
.It Cm DenyUsers
|
||||
This keyword can be followed by a list of user name patterns, separated
|
||||
by spaces.
|
||||
Login is disallowed for user names that match one of the patterns.
|
||||
.Ql \&*
|
||||
and
|
||||
.Ql ?
|
||||
can be used as wildcards in the patterns.
|
||||
Only user names are valid; a numerical user ID is not recognized.
|
||||
By default, login is allowed for all users.
|
||||
If the pattern takes the form USER@HOST then USER and HOST
|
||||
are separately checked, restricting logins to particular
|
||||
users from particular hosts.
|
||||
.It Cm GatewayPorts
|
||||
Specifies whether remote hosts are allowed to connect to ports
|
||||
forwarded for the client.
|
||||
By default,
|
||||
.Nm sshd
|
||||
binds remote port forwardings to the loopback address. This
|
||||
prevents other remote hosts from connecting to forwarded ports.
|
||||
.Cm GatewayPorts
|
||||
can be used to specify that
|
||||
.Nm sshd
|
||||
should bind remote port forwardings to the wildcard address,
|
||||
thus allowing remote hosts to connect to forwarded ports.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm HostbasedAuthentication
|
||||
Specifies whether rhosts or /etc/hosts.equiv authentication together
|
||||
with successful public key client host authentication is allowed
|
||||
(hostbased authentication).
|
||||
This option is similar to
|
||||
.Cm RhostsRSAAuthentication
|
||||
and applies to protocol version 2 only.
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm HostKey
|
||||
Specifies a file containing a private host key
|
||||
used by SSH.
|
||||
The default is
|
||||
.Pa /etc/ssh/ssh_host_key
|
||||
for protocol version 1, and
|
||||
.Pa /etc/ssh/ssh_host_rsa_key
|
||||
and
|
||||
.Pa /etc/ssh/ssh_host_dsa_key
|
||||
for protocol version 2.
|
||||
Note that
|
||||
.Nm sshd
|
||||
will refuse to use a file if it is group/world-accessible.
|
||||
It is possible to have multiple host key files.
|
||||
.Dq rsa1
|
||||
keys are used for version 1 and
|
||||
.Dq dsa
|
||||
or
|
||||
.Dq rsa
|
||||
are used for version 2 of the SSH protocol.
|
||||
.It Cm IgnoreRhosts
|
||||
Specifies that
|
||||
.Pa .rhosts
|
||||
and
|
||||
.Pa .shosts
|
||||
files will not be used in
|
||||
.Cm RhostsAuthentication ,
|
||||
.Cm RhostsRSAAuthentication
|
||||
or
|
||||
.Cm HostbasedAuthentication .
|
||||
.Pp
|
||||
.Pa /etc/hosts.equiv
|
||||
and
|
||||
.Pa /etc/shosts.equiv
|
||||
are still used.
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm IgnoreUserKnownHosts
|
||||
Specifies whether
|
||||
.Nm sshd
|
||||
should ignore the user's
|
||||
.Pa $HOME/.ssh/known_hosts
|
||||
during
|
||||
.Cm RhostsRSAAuthentication
|
||||
or
|
||||
.Cm HostbasedAuthentication .
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm KeepAlive
|
||||
Specifies whether the system should send TCP keepalive messages to the
|
||||
other side.
|
||||
If they are sent, death of the connection or crash of one
|
||||
of the machines will be properly noticed.
|
||||
However, this means that
|
||||
connections will die if the route is down temporarily, and some people
|
||||
find it annoying.
|
||||
On the other hand, if keepalives are not sent,
|
||||
sessions may hang indefinitely on the server, leaving
|
||||
.Dq ghost
|
||||
users and consuming server resources.
|
||||
.Pp
|
||||
The default is
|
||||
.Dq yes
|
||||
(to send keepalives), and the server will notice
|
||||
if the network goes down or the client host crashes.
|
||||
This avoids infinitely hanging sessions.
|
||||
.Pp
|
||||
To disable keepalives, the value should be set to
|
||||
.Dq no .
|
||||
.It Cm KerberosAuthentication
|
||||
Specifies whether Kerberos authentication is allowed.
|
||||
This can be in the form of a Kerberos ticket, or if
|
||||
.It Cm PAMAuthenticationViaKbdInt
|
||||
Specifies whether PAM challenge response authentication is allowed. This
|
||||
allows the use of most PAM challenge response authentication modules, but
|
||||
it will allow password authentication regardless of whether
|
||||
.Cm PasswordAuthentication
|
||||
is yes, the password provided by the user will be validated through
|
||||
the Kerberos KDC.
|
||||
To use this option, the server needs a
|
||||
Kerberos servtab which allows the verification of the KDC's identity.
|
||||
Default is
|
||||
.Dq no .
|
||||
.It Cm KerberosOrLocalPasswd
|
||||
If set then if password authentication through Kerberos fails then
|
||||
the password will be validated via any additional local mechanism
|
||||
such as
|
||||
.Pa /etc/passwd .
|
||||
Default is
|
||||
.Dq yes .
|
||||
.It Cm KerberosTgtPassing
|
||||
Specifies whether a Kerberos TGT may be forwarded to the server.
|
||||
Default is
|
||||
.Dq no ,
|
||||
as this only works when the Kerberos KDC is actually an AFS kaserver.
|
||||
.It Cm KerberosTicketCleanup
|
||||
Specifies whether to automatically destroy the user's ticket cache
|
||||
file on logout.
|
||||
Default is
|
||||
.Dq yes .
|
||||
.It Cm KeyRegenerationInterval
|
||||
In protocol version 1, the ephemeral server key is automatically regenerated
|
||||
after this many seconds (if it has been used).
|
||||
The purpose of regeneration is to prevent
|
||||
decrypting captured sessions by later breaking into the machine and
|
||||
stealing the keys.
|
||||
The key is never stored anywhere.
|
||||
If the value is 0, the key is never regenerated.
|
||||
The default is 3600 (seconds).
|
||||
.It Cm ListenAddress
|
||||
Specifies the local addresses
|
||||
.Nm sshd
|
||||
should listen on.
|
||||
The following forms may be used:
|
||||
.Pp
|
||||
.Bl -item -offset indent -compact
|
||||
.It
|
||||
.Cm ListenAddress
|
||||
.Sm off
|
||||
.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
|
||||
.Sm on
|
||||
.It
|
||||
.Cm ListenAddress
|
||||
.Sm off
|
||||
.Ar host No | Ar IPv4_addr No : Ar port
|
||||
.Sm on
|
||||
.It
|
||||
.Cm ListenAddress
|
||||
.Sm off
|
||||
.Oo
|
||||
.Ar host No | Ar IPv6_addr Oc : Ar port
|
||||
.Sm on
|
||||
.El
|
||||
.Pp
|
||||
If
|
||||
.Ar port
|
||||
is not specified,
|
||||
.Nm sshd
|
||||
will listen on the address and all prior
|
||||
.Cm Port
|
||||
options specified. The default is to listen on all local
|
||||
addresses. Multiple
|
||||
.Cm ListenAddress
|
||||
options are permitted. Additionally, any
|
||||
.Cm Port
|
||||
options must precede this option for non port qualified addresses.
|
||||
.It Cm LoginGraceTime
|
||||
The server disconnects after this time if the user has not
|
||||
successfully logged in.
|
||||
If the value is 0, there is no time limit.
|
||||
The default is 600 (seconds).
|
||||
.It Cm LogLevel
|
||||
Gives the verbosity level that is used when logging messages from
|
||||
.Nm sshd .
|
||||
The possible values are:
|
||||
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
|
||||
The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2
|
||||
and DEBUG3 each specify higher levels of debugging output.
|
||||
Logging with a DEBUG level violates the privacy of users
|
||||
and is not recommended.
|
||||
.It Cm MACs
|
||||
Specifies the available MAC (message authentication code) algorithms.
|
||||
The MAC algorithm is used in protocol version 2
|
||||
for data integrity protection.
|
||||
Multiple algorithms must be comma-separated.
|
||||
The default is
|
||||
.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
|
||||
.It Cm MaxStartups
|
||||
Specifies the maximum number of concurrent unauthenticated connections to the
|
||||
.Nm sshd
|
||||
daemon.
|
||||
Additional connections will be dropped until authentication succeeds or the
|
||||
.Cm LoginGraceTime
|
||||
expires for a connection.
|
||||
The default is 10.
|
||||
.Pp
|
||||
Alternatively, random early drop can be enabled by specifying
|
||||
the three colon separated values
|
||||
.Dq start:rate:full
|
||||
(e.g., "10:30:60").
|
||||
.Nm sshd
|
||||
will refuse connection attempts with a probability of
|
||||
.Dq rate/100
|
||||
(30%)
|
||||
if there are currently
|
||||
.Dq start
|
||||
(10)
|
||||
unauthenticated connections.
|
||||
The probability increases linearly and all connection attempts
|
||||
are refused if the number of unauthenticated connections reaches
|
||||
.Dq full
|
||||
(60).
|
||||
.It Cm PasswordAuthentication
|
||||
Specifies whether password authentication is allowed.
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm PermitEmptyPasswords
|
||||
When password authentication is allowed, it specifies whether the
|
||||
server allows login to accounts with empty password strings.
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm PermitRootLogin
|
||||
Specifies whether root can login using
|
||||
.Xr ssh 1 .
|
||||
The argument must be
|
||||
.Dq yes ,
|
||||
.Dq without-password ,
|
||||
.Dq forced-commands-only
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq yes .
|
||||
.Pp
|
||||
If this option is set to
|
||||
.Dq without-password
|
||||
password authentication is disabled for root.
|
||||
.Pp
|
||||
If this option is set to
|
||||
.Dq forced-commands-only
|
||||
root login with public key authentication will be allowed,
|
||||
but only if the
|
||||
.Ar command
|
||||
option has been specified
|
||||
(which may be useful for taking remote backups even if root login is
|
||||
normally not allowed). All other authentication methods are disabled
|
||||
for root.
|
||||
.Pp
|
||||
If this option is set to
|
||||
.Dq no
|
||||
root is not allowed to login.
|
||||
.It Cm PidFile
|
||||
Specifies the file that contains the process identifier of the
|
||||
.Nm sshd
|
||||
daemon.
|
||||
The default is
|
||||
.Pa /var/run/sshd.pid .
|
||||
.It Cm Port
|
||||
Specifies the port number that
|
||||
.Nm sshd
|
||||
listens on.
|
||||
The default is 22.
|
||||
Multiple options of this type are permitted.
|
||||
See also
|
||||
.Cm ListenAddress .
|
||||
.It Cm PrintLastLog
|
||||
Specifies whether
|
||||
.Nm sshd
|
||||
should print the date and time when the user last logged in.
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm PrintMotd
|
||||
Specifies whether
|
||||
.Nm sshd
|
||||
should print
|
||||
.Pa /etc/motd
|
||||
when a user logs in interactively.
|
||||
(On some systems it is also printed by the shell,
|
||||
.Pa /etc/profile ,
|
||||
or equivalent.)
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm Protocol
|
||||
Specifies the protocol versions
|
||||
.Nm sshd
|
||||
should support.
|
||||
The possible values are
|
||||
.Dq 1
|
||||
and
|
||||
.Dq 2 .
|
||||
Multiple versions must be comma-separated.
|
||||
The default is
|
||||
.Dq 2,1 .
|
||||
.It Cm PubkeyAuthentication
|
||||
Specifies whether public key authentication is allowed.
|
||||
The default is
|
||||
.Dq yes .
|
||||
Note that this option applies to protocol version 2 only.
|
||||
.It Cm RhostsAuthentication
|
||||
Specifies whether authentication using rhosts or /etc/hosts.equiv
|
||||
files is sufficient.
|
||||
Normally, this method should not be permitted because it is insecure.
|
||||
.Cm RhostsRSAAuthentication
|
||||
should be used
|
||||
instead, because it performs RSA-based host authentication in addition
|
||||
to normal rhosts or /etc/hosts.equiv authentication.
|
||||
The default is
|
||||
.Dq no .
|
||||
This option applies to protocol version 1 only.
|
||||
.It Cm RhostsRSAAuthentication
|
||||
Specifies whether rhosts or /etc/hosts.equiv authentication together
|
||||
with successful RSA host authentication is allowed.
|
||||
The default is
|
||||
.Dq no .
|
||||
This option applies to protocol version 1 only.
|
||||
.It Cm RSAAuthentication
|
||||
Specifies whether pure RSA authentication is allowed.
|
||||
The default is
|
||||
.Dq yes .
|
||||
This option applies to protocol version 1 only.
|
||||
.It Cm ServerKeyBits
|
||||
Defines the number of bits in the ephemeral protocol version 1 server key.
|
||||
The minimum value is 512, and the default is 768.
|
||||
.It Cm StrictModes
|
||||
Specifies whether
|
||||
.Nm sshd
|
||||
should check file modes and ownership of the
|
||||
user's files and home directory before accepting login.
|
||||
This is normally desirable because novices sometimes accidentally leave their
|
||||
directory or files world-writable.
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm Subsystem
|
||||
Configures an external subsystem (e.g., file transfer daemon).
|
||||
Arguments should be a subsystem name and a command to execute upon subsystem
|
||||
request.
|
||||
The command
|
||||
.Xr sftp-server 8
|
||||
implements the
|
||||
.Dq sftp
|
||||
file transfer subsystem.
|
||||
By default no subsystems are defined.
|
||||
Note that this option applies to protocol version 2 only.
|
||||
.It Cm SyslogFacility
|
||||
Gives the facility code that is used when logging messages from
|
||||
.Nm sshd .
|
||||
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
|
||||
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
|
||||
The default is AUTH.
|
||||
.It Cm UseLogin
|
||||
Specifies whether
|
||||
.Xr login 1
|
||||
is used for interactive login sessions.
|
||||
The default is
|
||||
.Dq no .
|
||||
Note that
|
||||
.Xr login 1
|
||||
is never used for remote command execution.
|
||||
Note also, that if this is enabled,
|
||||
.Cm X11Forwarding
|
||||
will be disabled because
|
||||
.Xr login 1
|
||||
does not know how to handle
|
||||
.Xr xauth 1
|
||||
cookies. If
|
||||
.Cm UsePrivilegeSeparation
|
||||
is specified, it will be disabled after authentication.
|
||||
.It Cm UsePrivilegeSeparation
|
||||
Specifies whether
|
||||
.Nm sshd
|
||||
separates privileges by creating an unprivileged child process
|
||||
to deal with incoming network traffic. After successful authentication,
|
||||
another process will be created that has the privilege of the authenticated
|
||||
user. The goal of privilege separation is to prevent privilege
|
||||
escalation by containing any corruption within the unprivileged processes.
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm VerifyReverseMapping
|
||||
Specifies whether
|
||||
.Nm sshd
|
||||
should try to verify the remote host name and check that
|
||||
the resolved host name for the remote IP address maps back to the
|
||||
very same IP address.
|
||||
The default is
|
||||
.Dq no .
|
||||
.It Cm X11DisplayOffset
|
||||
Specifies the first display number available for
|
||||
.Nm sshd Ns 's
|
||||
X11 forwarding.
|
||||
This prevents
|
||||
.Nm sshd
|
||||
from interfering with real X11 servers.
|
||||
The default is 10.
|
||||
.It Cm X11Forwarding
|
||||
Specifies whether X11 forwarding is permitted.
|
||||
The default is
|
||||
.Dq no .
|
||||
Note that disabling X11 forwarding does not improve security in any
|
||||
way, as users can always install their own forwarders.
|
||||
X11 forwarding is automatically disabled if
|
||||
.Cm UseLogin
|
||||
is enabled.
|
||||
.It Cm X11UseLocalhost
|
||||
Specifies whether
|
||||
.Nm sshd
|
||||
should bind the X11 forwarding server to the loopback address or to
|
||||
the wildcard address. By default,
|
||||
.Nm sshd
|
||||
binds the forwarding server to the loopback address and sets the
|
||||
hostname part of the
|
||||
.Ev DISPLAY
|
||||
environment variable to
|
||||
.Dq localhost .
|
||||
This prevents remote hosts from connecting to the fake display.
|
||||
However, some older X11 clients may not function with this
|
||||
configuration.
|
||||
.Cm X11UseLocalhost
|
||||
may be set to
|
||||
.Dq no
|
||||
to specify that the forwarding server should be bound to the wildcard
|
||||
address.
|
||||
The argument must be
|
||||
.Dq yes
|
||||
or
|
||||
.Dq no .
|
||||
The default is
|
||||
.Dq yes .
|
||||
.It Cm XAuthLocation
|
||||
Specifies the location of the
|
||||
.Xr xauth 1
|
||||
program.
|
||||
The default is
|
||||
.Pa /usr/X11R6/bin/xauth .
|
||||
.El
|
||||
.Ss Time Formats
|
||||
.Pp
|
||||
.Nm sshd
|
||||
command-line arguments and configuration file options that specify time
|
||||
may be expressed using a sequence of the form:
|
||||
.Sm off
|
||||
.Ar time Oo Ar qualifier Oc ,
|
||||
.Sm on
|
||||
where
|
||||
.Ar time
|
||||
is a positive integer value and
|
||||
.Ar qualifier
|
||||
is one of the following:
|
||||
.Pp
|
||||
.Bl -tag -width Ds -compact -offset indent
|
||||
.It Cm <none>
|
||||
seconds
|
||||
.It Cm s | Cm S
|
||||
seconds
|
||||
.It Cm m | Cm M
|
||||
minutes
|
||||
.It Cm h | Cm H
|
||||
hours
|
||||
.It Cm d | Cm D
|
||||
days
|
||||
.It Cm w | Cm W
|
||||
weeks
|
||||
.El
|
||||
.Pp
|
||||
Each member of the sequence is added together to calculate
|
||||
the total time value.
|
||||
.Pp
|
||||
Time format examples:
|
||||
.Pp
|
||||
.Bl -tag -width Ds -compact -offset indent
|
||||
.It 600
|
||||
600 seconds (10 minutes)
|
||||
.It 10m
|
||||
10 minutes
|
||||
.It 1h30m
|
||||
1 hour 30 minutes (90 minutes)
|
||||
.El
|
||||
.Sh FILES
|
||||
.Bl -tag -width Ds
|
||||
.It Pa /etc/ssh/sshd_config
|
||||
Contains configuration data for
|
||||
.Nm sshd .
|
||||
This file should be writable by root only, but it is recommended
|
||||
(though not necessary) that it be world-readable.
|
||||
.El
|
||||
.Sh AUTHORS
|
||||
OpenSSH is a derivative of the original and free
|
||||
ssh 1.2.12 release by Tatu Ylonen.
|
||||
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
|
||||
Theo de Raadt and Dug Song
|
||||
removed many bugs, re-added newer features and
|
||||
created OpenSSH.
|
||||
Markus Friedl contributed the support for SSH
|
||||
protocol versions 1.5 and 2.0.
|
||||
Niels Provos and Markus Friedl contributed support
|
||||
for privilege separation.
|
||||
.Sh SEE ALSO
|
||||
.Xr sshd 8
|
Loading…
Reference in New Issue
Block a user