2 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 .\" All rights reserved
6 .\" As far as I am concerned, the code I have written for this software
7 .\" can be used freely for any purpose. Any derived versions of this
8 .\" software must be clearly marked as such, and if the derived work is
9 .\" incompatible with the protocol description in the RFC file, it must be
10 .\" called by a name other than "ssh" or "Secure Shell".
12 .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
13 .\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
14 .\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
16 .\" Redistribution and use in source and binary forms, with or without
17 .\" modification, are permitted provided that the following conditions
19 .\" 1. Redistributions of source code must retain the above copyright
20 .\" notice, this list of conditions and the following disclaimer.
21 .\" 2. Redistributions in binary form must reproduce the above copyright
22 .\" notice, this list of conditions and the following disclaimer in the
23 .\" documentation and/or other materials provided with the distribution.
25 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26 .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27 .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28 .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29 .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30 .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31 .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32 .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 .\" $OpenBSD: sshd_config.5,v 1.162 2013/07/19 07:37:48 markus Exp $
43 .Nd OpenSSH SSH daemon configuration file
45 .Nm /etc/ssh/sshd_config
48 reads configuration data from
49 .Pa /etc/ssh/sshd_config
50 (or the file specified with
53 The file contains keyword-argument pairs, one per line.
56 and empty lines are interpreted as comments.
57 Arguments may optionally be enclosed in double quotes
59 in order to represent arguments containing spaces.
62 keywords and their meanings are as follows (note that
63 keywords are case-insensitive and arguments are case-sensitive):
66 Specifies what environment variables sent by the client will be copied into
73 for how to configure the client.
74 Note that environment passing is only supported for protocol 2.
75 Variables are specified by name, which may contain the wildcard characters
79 Multiple environment variables may be separated by whitespace or spread
83 Be warned that some environment variables could be used to bypass restricted
85 For this reason, care should be taken in the use of this directive.
86 The default is not to accept any environment variables.
88 Specifies which address family should be used by
98 .It Cm AllowAgentForwarding
101 forwarding is permitted.
104 Note that disabling agent forwarding does not improve security
105 unless users are also denied shell access, as they can always install
106 their own forwarders.
108 This keyword can be followed by a list of group name patterns, separated
110 If specified, login is allowed only for users whose primary
111 group or supplementary group list matches one of the patterns.
112 Only group names are valid; a numerical group ID is not recognized.
113 By default, login is allowed for all groups.
114 The allow/deny directives are processed in the following order:
123 for more information on patterns.
124 .It Cm AllowTcpForwarding
125 Specifies whether TCP forwarding is permitted.
126 The available options are
130 to allow TCP forwarding,
132 to prevent all TCP forwarding,
134 to allow local (from the perspective of
138 to allow remote forwarding only.
141 Note that disabling TCP forwarding does not improve security unless
142 users are also denied shell access, as they can always install their
145 This keyword can be followed by a list of user name patterns, separated
147 If specified, login is allowed only for user names that
148 match one of the patterns.
149 Only user names are valid; a numerical user ID is not recognized.
150 By default, login is allowed for all users.
151 If the pattern takes the form USER@HOST then USER and HOST
152 are separately checked, restricting logins to particular
153 users from particular hosts.
154 The allow/deny directives are processed in the following order:
163 for more information on patterns.
164 .It Cm AuthenticationMethods
165 Specifies the authentication methods that must be successfully completed
166 for a user to be granted access.
167 This option must be followed by one or more comma-separated lists of
168 authentication method names.
169 Successful authentication requires completion of every method in at least
172 For example, an argument of
173 .Dq publickey,password publickey,keyboard-interactive
174 would require the user to complete public key authentication, followed by
175 either password or keyboard interactive authentication.
176 Only methods that are next in one or more lists are offered at each stage,
177 so for this example, it would not be possible to attempt password or
178 keyboard-interactive authentication before public key.
180 For keyboard interactive authentication it is also possible to
181 restrict authentication to a specific device by appending a
182 colon followed by the device identifier
187 depending on the server configuration.
189 .Dq keyboard-interactive:bsdauth
190 would restrict keyboard interactive authentication to the
194 This option is only available for SSH protocol 2 and will yield a fatal
195 error if enabled if protocol 1 is also enabled.
196 Note that each authentication method listed should also be explicitly enabled
197 in the configuration.
198 The default is not to require multiple authentication; successful completion
199 of a single authentication method is sufficient.
200 .It Cm AuthorizedKeysCommand
201 Specifies a program to be used to look up the user's public keys.
202 The program must be owned by root and not writable by group or others.
203 It will be invoked with a single argument of the username
204 being authenticated, and should produce on standard output zero or
205 more lines of authorized_keys output (see AUTHORIZED_KEYS in
207 If a key supplied by AuthorizedKeysCommand does not successfully authenticate
208 and authorize the user then public key authentication continues using the usual
209 .Cm AuthorizedKeysFile
211 By default, no AuthorizedKeysCommand is run.
212 .It Cm AuthorizedKeysCommandUser
213 Specifies the user under whose account the AuthorizedKeysCommand is run.
214 It is recommended to use a dedicated user that has no other role on the host
215 than running authorized keys commands.
216 .It Cm AuthorizedKeysFile
217 Specifies the file that contains the public keys that can be used
218 for user authentication.
219 The format is described in the
220 AUTHORIZED_KEYS FILE FORMAT
223 .Cm AuthorizedKeysFile
224 may contain tokens of the form %T which are substituted during connection
226 The following tokens are defined: %% is replaced by a literal '%',
227 %h is replaced by the home directory of the user being authenticated, and
228 %u is replaced by the username of that user.
230 .Cm AuthorizedKeysFile
231 is taken to be an absolute path or one relative to the user's home
233 Multiple files may be listed, separated by whitespace.
235 .Dq .ssh/authorized_keys .ssh/authorized_keys2 .
236 .It Cm AuthorizedPrincipalsFile
237 Specifies a file that lists principal names that are accepted for
238 certificate authentication.
239 When using certificates signed by a key listed in
240 .Cm TrustedUserCAKeys ,
241 this file lists names, one of which must appear in the certificate for it
242 to be accepted for authentication.
243 Names are listed one per line preceded by key options (as described
244 in AUTHORIZED_KEYS FILE FORMAT in
246 Empty lines and comments starting with
250 .Cm AuthorizedPrincipalsFile
251 may contain tokens of the form %T which are substituted during connection
253 The following tokens are defined: %% is replaced by a literal '%',
254 %h is replaced by the home directory of the user being authenticated, and
255 %u is replaced by the username of that user.
257 .Cm AuthorizedPrincipalsFile
258 is taken to be an absolute path or one relative to the user's home
263 i.e. not to use a principals file \(en in this case, the username
264 of the user must appear in a certificate's principals list for it to be
267 .Cm AuthorizedPrincipalsFile
268 is only used when authentication proceeds using a CA listed in
269 .Cm TrustedUserCAKeys
270 and is not consulted for certification authorities trusted via
271 .Pa ~/.ssh/authorized_keys ,
274 key option offers a similar facility (see
278 The contents of the specified file are sent to the remote user before
279 authentication is allowed.
282 then no banner is displayed.
283 This option is only available for protocol version 2.
284 By default, no banner is displayed.
285 .It Cm ChallengeResponseAuthentication
286 Specifies whether challenge-response authentication is allowed (e.g. via
287 PAM or though authentication styles supported in
291 .It Cm ChrootDirectory
292 Specifies the pathname of a directory to
294 to after authentication.
295 All components of the pathname must be root-owned directories that are
296 not writable by any other user or group.
299 changes the working directory to the user's home directory.
301 The pathname may contain the following tokens that are expanded at runtime once
302 the connecting user has been authenticated: %% is replaced by a literal '%',
303 %h is replaced by the home directory of the user being authenticated, and
304 %u is replaced by the username of that user.
308 must contain the necessary files and directories to support the
310 For an interactive session this requires at least a shell, typically
324 For file transfer sessions using
326 no additional configuration of the environment is necessary if the
327 in-process sftp server is used,
328 though sessions which use logging do require
330 inside the chroot directory (see
334 The default is not to
337 Specifies the ciphers allowed for protocol version 2.
338 Multiple ciphers must be comma-separated.
339 The supported ciphers are
347 .Dq aes128-gcm@openssh.com ,
348 .Dq aes256-gcm@openssh.com ,
356 .Bd -literal -offset 3n
357 aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,
358 aes128-gcm@openssh.com,aes256-gcm@openssh.com,
359 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,
362 .It Cm ClientAliveCountMax
363 Sets the number of client alive messages (see below) which may be
366 receiving any messages back from the client.
367 If this threshold is reached while client alive messages are being sent,
368 sshd will disconnect the client, terminating the session.
369 It is important to note that the use of client alive messages is very
373 The client alive messages are sent through the encrypted channel
374 and therefore will not be spoofable.
375 The TCP keepalive option enabled by
378 The client alive mechanism is valuable when the client or
379 server depend on knowing when a connection has become inactive.
381 The default value is 3.
383 .Cm ClientAliveInterval
384 (see below) is set to 15, and
385 .Cm ClientAliveCountMax
386 is left at the default, unresponsive SSH clients
387 will be disconnected after approximately 45 seconds.
388 This option applies to protocol version 2 only.
389 .It Cm ClientAliveInterval
390 Sets a timeout interval in seconds after which if no data has been received
393 will send a message through the encrypted
394 channel to request a response from the client.
396 is 0, indicating that these messages will not be sent to the client.
397 This option applies to protocol version 2 only.
399 Specifies whether compression is allowed, or delayed until
400 the user has authenticated successfully.
409 This keyword can be followed by a list of group name patterns, separated
411 Login is disallowed for users whose primary group or supplementary
412 group list matches one of the patterns.
413 Only group names are valid; a numerical group ID is not recognized.
414 By default, login is allowed for all groups.
415 The allow/deny directives are processed in the following order:
424 for more information on patterns.
426 This keyword can be followed by a list of user name patterns, separated
428 Login is disallowed for user names that match one of the patterns.
429 Only user names are valid; a numerical user ID is not recognized.
430 By default, login is allowed for all users.
431 If the pattern takes the form USER@HOST then USER and HOST
432 are separately checked, restricting logins to particular
433 users from particular hosts.
434 The allow/deny directives are processed in the following order:
443 for more information on patterns.
445 Forces the execution of the command specified by
447 ignoring any command supplied by the client and
450 The command is invoked by using the user's login shell with the -c option.
451 This applies to shell, command, or subsystem execution.
452 It is most useful inside a
455 The command originally supplied by the client is available in the
456 .Ev SSH_ORIGINAL_COMMAND
457 environment variable.
458 Specifying a command of
460 will force the use of an in-process sftp server that requires no support
462 .Cm ChrootDirectory .
464 Specifies whether remote hosts are allowed to connect to ports
465 forwarded for the client.
468 binds remote port forwardings to the loopback address.
469 This prevents other remote hosts from connecting to forwarded ports.
471 can be used to specify that sshd
472 should allow remote port forwardings to bind to non-loopback addresses, thus
473 allowing other hosts to connect.
476 to force remote port forwardings to be available to the local host only,
478 to force remote port forwardings to bind to the wildcard address, or
480 to allow the client to select the address to which the forwarding is bound.
483 .It Cm GSSAPIAuthentication
484 Specifies whether user authentication based on GSSAPI is allowed.
487 Note that this option applies to protocol version 2 only.
488 .It Cm GSSAPICleanupCredentials
489 Specifies whether to automatically destroy the user's credentials cache
493 Note that this option applies to protocol version 2 only.
494 .It Cm HostbasedAuthentication
495 Specifies whether rhosts or /etc/hosts.equiv authentication together
496 with successful public key client host authentication is allowed
497 (host-based authentication).
498 This option is similar to
499 .Cm RhostsRSAAuthentication
500 and applies to protocol version 2 only.
503 .It Cm HostbasedUsesNameFromPacketOnly
504 Specifies whether or not the server will attempt to perform a reverse
505 name lookup when matching the name in the
511 .Cm HostbasedAuthentication .
516 uses the name supplied by the client rather than
517 attempting to resolve the name from the TCP connection itself.
520 .It Cm HostCertificate
521 Specifies a file containing a public host certificate.
522 The certificate's public key must match a private host key already specified
525 The default behaviour of
527 is not to load any certificates.
529 Specifies a file containing a private host key
532 .Pa /etc/ssh/ssh_host_key
533 for protocol version 1, and
534 .Pa /etc/ssh/ssh_host_dsa_key ,
535 .Pa /etc/ssh/ssh_host_ecdsa_key
537 .Pa /etc/ssh/ssh_host_rsa_key
538 for protocol version 2.
541 will refuse to use a file if it is group/world-accessible.
542 It is possible to have multiple host key files.
544 keys are used for version 1 and
549 are used for version 2 of the SSH protocol.
550 It is also possible to specify public host key files instead.
551 In this case operations on the private key will be delegated
555 Identifies the UNIX-domain socket used to communicate
556 with an agent that has access to the private host keys.
559 is specified, the location of the socket will be read from the
561 environment variable.
567 files will not be used in
568 .Cm RhostsRSAAuthentication
570 .Cm HostbasedAuthentication .
574 .Pa /etc/ssh/shosts.equiv
578 .It Cm IgnoreUserKnownHosts
581 should ignore the user's
582 .Pa ~/.ssh/known_hosts
584 .Cm RhostsRSAAuthentication
586 .Cm HostbasedAuthentication .
590 Specifies the IPv4 type-of-service or DSCP class for the connection.
617 This option may take one or two arguments, separated by whitespace.
618 If one argument is specified, it is used as the packet class unconditionally.
619 If two values are specified, the first is automatically selected for
620 interactive sessions and the second for non-interactive sessions.
623 for interactive sessions and
625 for non-interactive sessions.
626 .It Cm KerberosAuthentication
627 Specifies whether the password provided by the user for
628 .Cm PasswordAuthentication
629 will be validated through the Kerberos KDC.
630 To use this option, the server needs a
631 Kerberos servtab which allows the verification of the KDC's identity.
634 .It Cm KerberosGetAFSToken
635 If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire
636 an AFS token before accessing the user's home directory.
639 .It Cm KerberosOrLocalPasswd
640 If password authentication through Kerberos fails then
641 the password will be validated via any additional local mechanism
646 .It Cm KerberosTicketCleanup
647 Specifies whether to automatically destroy the user's ticket cache
652 Specifies the available KEX (Key Exchange) algorithms.
653 Multiple algorithms must be comma-separated.
655 .Dq ecdh-sha2-nistp256 ,
656 .Dq ecdh-sha2-nistp384 ,
657 .Dq ecdh-sha2-nistp521 ,
658 .Dq diffie-hellman-group-exchange-sha256 ,
659 .Dq diffie-hellman-group-exchange-sha1 ,
660 .Dq diffie-hellman-group14-sha1 ,
661 .Dq diffie-hellman-group1-sha1 .
662 .It Cm KeyRegenerationInterval
663 In protocol version 1, the ephemeral server key is automatically regenerated
664 after this many seconds (if it has been used).
665 The purpose of regeneration is to prevent
666 decrypting captured sessions by later breaking into the machine and
668 The key is never stored anywhere.
669 If the value is 0, the key is never regenerated.
670 The default is 3600 (seconds).
672 Specifies the local addresses
675 The following forms may be used:
677 .Bl -item -offset indent -compact
681 .Ar host No | Ar IPv4_addr No | Ar IPv6_addr
686 .Ar host No | Ar IPv4_addr No : Ar port
692 .Ar host No | Ar IPv6_addr Oc : Ar port
699 sshd will listen on the address and all prior
702 The default is to listen on all local addresses.
705 options are permitted.
708 options must precede this option for non-port qualified addresses.
709 .It Cm LoginGraceTime
710 The server disconnects after this time if the user has not
711 successfully logged in.
712 If the value is 0, there is no time limit.
713 The default is 120 seconds.
715 Gives the verbosity level that is used when logging messages from
717 The possible values are:
718 QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
720 DEBUG and DEBUG1 are equivalent.
721 DEBUG2 and DEBUG3 each specify higher levels of debugging output.
722 Logging with a DEBUG level violates the privacy of users and is not recommended.
724 Specifies the available MAC (message authentication code) algorithms.
725 The MAC algorithm is used in protocol version 2
726 for data integrity protection.
727 Multiple algorithms must be comma-separated.
728 The algorithms that contain
730 calculate the MAC after encryption (encrypt-then-mac).
731 These are considered safer and their use recommended.
733 .Bd -literal -offset indent
734 hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,
735 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
736 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
737 hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,
738 hmac-md5-96-etm@openssh.com,
739 hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,
740 hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,
741 hmac-sha1-96,hmac-md5-96
744 Introduces a conditional block.
745 If all of the criteria on the
747 line are satisfied, the keywords on the following lines override those
748 set in the global section of the config file, until either another
750 line or the end of the file.
754 are one or more criteria-pattern pairs.
755 The available criteria are
763 The match patterns may consist of single entries or comma-separated
764 lists and may use the wildcard and negation operators described in the
770 criteria may additionally contain addresses to match in CIDR
771 address/masklen format, e.g.\&
775 Note that the mask length provided must be consistent with the address -
776 it is an error to specify a mask length that is too long for the address
777 or one with bits set in this host portion of the address.
784 Only a subset of keywords may be used on the lines following a
787 Available keywords are
789 .Cm AllowAgentForwarding ,
791 .Cm AllowTcpForwarding ,
793 .Cm AuthenticationMethods ,
794 .Cm AuthorizedKeysCommand ,
795 .Cm AuthorizedKeysCommandUser ,
796 .Cm AuthorizedKeysFile ,
797 .Cm AuthorizedPrincipalsFile ,
799 .Cm ChrootDirectory ,
804 .Cm GSSAPIAuthentication ,
805 .Cm HostbasedAuthentication ,
806 .Cm HostbasedUsesNameFromPacketOnly ,
807 .Cm KbdInteractiveAuthentication ,
808 .Cm KerberosAuthentication ,
811 .Cm PasswordAuthentication ,
812 .Cm PermitEmptyPasswords ,
814 .Cm PermitRootLogin ,
816 .Cm PubkeyAuthentication ,
818 .Cm RhostsRSAAuthentication ,
819 .Cm RSAAuthentication ,
820 .Cm X11DisplayOffset ,
823 .Cm X11UseLocalHost .
825 Specifies the maximum number of authentication attempts permitted per
827 Once the number of failures reaches half this value,
828 additional failures are logged.
831 Specifies the maximum number of open sessions permitted per network connection.
834 Specifies the maximum number of concurrent unauthenticated connections to the
836 Additional connections will be dropped until authentication succeeds or the
838 expires for a connection.
839 The default is 10:30:100.
841 Alternatively, random early drop can be enabled by specifying
842 the three colon separated values
846 will refuse connection attempts with a probability of
849 if there are currently
852 unauthenticated connections.
853 The probability increases linearly and all connection attempts
854 are refused if the number of unauthenticated connections reaches
857 .It Cm PasswordAuthentication
858 Specifies whether password authentication is allowed.
863 .It Cm PermitEmptyPasswords
864 When password authentication is allowed, it specifies whether the
865 server allows login to accounts with empty password strings.
869 Specifies the destinations to which TCP port forwarding is permitted.
870 The forwarding specification must be one of the following forms:
872 .Bl -item -offset indent -compact
886 .Ar \&[ IPv6_addr \&] : port
890 Multiple forwards may be specified by separating them with whitespace.
893 can be used to remove all restrictions and permit any forwarding requests.
896 can be used to prohibit all forwarding requests.
897 By default all port forwarding requests are permitted.
898 .It Cm PermitRootLogin
899 Specifies whether root can log in using
903 .Dq without-password ,
904 .Dq forced-commands-only ,
910 .Cm ChallengeResponseAuthentication
913 the root user may be allowed in with its password even if
914 .Cm PermitRootLogin is set to
915 .Dq without-password .
917 If this option is set to
918 .Dq without-password ,
919 password authentication is disabled for root.
921 If this option is set to
922 .Dq forced-commands-only ,
923 root login with public key authentication will be allowed,
926 option has been specified
927 (which may be useful for taking remote backups even if root login is
928 normally not allowed).
929 All other authentication methods are disabled for root.
931 If this option is set to
933 root is not allowed to log in.
937 device forwarding is allowed.
953 .It Cm PermitUserEnvironment
955 .Pa ~/.ssh/environment
959 .Pa ~/.ssh/authorized_keys
964 Enabling environment processing may enable users to bypass access
965 restrictions in some configurations using mechanisms such as
968 Specifies the file that contains the process ID of the
971 .Pa /var/run/sshd.pid .
973 Specifies the port number that
977 Multiple options of this type are permitted.
983 should print the date and time of the last user login when a user logs
992 when a user logs in interactively.
993 (On some systems it is also printed by the shell,
999 Specifies the protocol versions
1002 The possible values are
1006 Multiple versions must be comma-separated.
1009 Note that the order of the protocol list does not indicate preference,
1010 because the client selects among multiple protocol versions offered
1016 .It Cm PubkeyAuthentication
1017 Specifies whether public key authentication is allowed.
1020 Note that this option applies to protocol version 2 only.
1022 Specifies the maximum amount of data that may be transmitted before the
1023 session key is renegotiated, optionally followed a maximum amount of
1024 time that may pass before the session key is renegotiated.
1025 The first argument is specified in bytes and may have a suffix of
1030 to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
1031 The default is between
1035 depending on the cipher.
1036 The optional second value is specified in seconds and may use any of the
1037 units documented in the
1040 The default value for
1044 which means that rekeying is performed after the cipher's default amount
1045 of data has been sent or received and no time based rekeying is done.
1046 This option applies to protocol version 2 only.
1048 Specifies revoked public keys.
1049 Keys listed in this file will be refused for public key authentication.
1050 Note that if this file is not readable, then public key authentication will
1051 be refused for all users.
1052 Keys may be specified as a text file, listing one public key per line, or as
1053 an OpenSSH Key Revocation List (KRL) as generated by
1055 For more information on KRLs, see the KEY REVOCATION LISTS section in
1057 .It Cm RhostsRSAAuthentication
1058 Specifies whether rhosts or
1059 .Pa /etc/hosts.equiv
1060 authentication together
1061 with successful RSA host authentication is allowed.
1064 This option applies to protocol version 1 only.
1065 .It Cm RSAAuthentication
1066 Specifies whether pure RSA authentication is allowed.
1069 This option applies to protocol version 1 only.
1070 .It Cm ServerKeyBits
1071 Defines the number of bits in the ephemeral protocol version 1 server key.
1072 The minimum value is 512, and the default is 1024.
1076 should check file modes and ownership of the
1077 user's files and home directory before accepting login.
1078 This is normally desirable because novices sometimes accidentally leave their
1079 directory or files world-writable.
1082 Note that this does not apply to
1083 .Cm ChrootDirectory ,
1084 whose permissions and ownership are checked unconditionally.
1086 Configures an external subsystem (e.g. file transfer daemon).
1087 Arguments should be a subsystem name and a command (with optional arguments)
1088 to execute upon subsystem request.
1094 file transfer subsystem.
1096 Alternately the name
1098 implements an in-process
1101 This may simplify configurations using
1103 to force a different filesystem root on clients.
1105 By default no subsystems are defined.
1106 Note that this option applies to protocol version 2 only.
1107 .It Cm SyslogFacility
1108 Gives the facility code that is used when logging messages from
1110 The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
1111 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
1112 The default is AUTH.
1114 Specifies whether the system should send TCP keepalive messages to the
1116 If they are sent, death of the connection or crash of one
1117 of the machines will be properly noticed.
1118 However, this means that
1119 connections will die if the route is down temporarily, and some people
1121 On the other hand, if TCP keepalives are not sent,
1122 sessions may hang indefinitely on the server, leaving
1124 users and consuming server resources.
1128 (to send TCP keepalive messages), and the server will notice
1129 if the network goes down or the client host crashes.
1130 This avoids infinitely hanging sessions.
1132 To disable TCP keepalive messages, the value should be set to
1134 .It Cm TrustedUserCAKeys
1135 Specifies a file containing public keys of certificate authorities that are
1136 trusted to sign user certificates for authentication.
1137 Keys are listed one per line; empty lines and comments starting with
1140 If a certificate is presented for authentication and has its signing CA key
1141 listed in this file, then it may be used for authentication for any user
1142 listed in the certificate's principals list.
1143 Note that certificates that lack a list of principals will not be permitted
1144 for authentication using
1145 .Cm TrustedUserCAKeys .
1146 For more details on certificates, see the CERTIFICATES section in
1151 should look up the remote host name and check that
1152 the resolved host name for the remote IP address maps back to the
1153 very same IP address.
1159 is used for interactive login sessions.
1164 is never used for remote command execution.
1165 Note also, that if this is enabled,
1167 will be disabled because
1169 does not know how to handle
1173 .Cm UsePrivilegeSeparation
1174 is specified, it will be disabled after authentication.
1176 Enables the Pluggable Authentication Module interface.
1179 this will enable PAM authentication using
1180 .Cm ChallengeResponseAuthentication
1182 .Cm PasswordAuthentication
1183 in addition to PAM account and session module processing for all
1184 authentication types.
1186 Because PAM challenge-response authentication usually serves an equivalent
1187 role to password authentication, you should disable either
1188 .Cm PasswordAuthentication
1190 .Cm ChallengeResponseAuthentication.
1194 is enabled, you will not be able to run
1199 .It Cm UsePrivilegeSeparation
1202 separates privileges by creating an unprivileged child process
1203 to deal with incoming network traffic.
1204 After successful authentication, another process will be created that has
1205 the privilege of the authenticated user.
1206 The goal of privilege separation is to prevent privilege
1207 escalation by containing any corruption within the unprivileged processes.
1211 .Cm UsePrivilegeSeparation
1214 then the pre-authentication unprivileged process is subject to additional
1216 .It Cm VersionAddendum
1217 Optionally specifies additional text to append to the SSH protocol banner
1218 sent by the server upon connection.
1220 .Dq FreeBSD-20131111 .
1221 .It Cm X11DisplayOffset
1222 Specifies the first display number available for
1225 This prevents sshd from interfering with real X11 servers.
1227 .It Cm X11Forwarding
1228 Specifies whether X11 forwarding is permitted.
1229 The argument must be
1236 When X11 forwarding is enabled, there may be additional exposure to
1237 the server and to client displays if the
1239 proxy display is configured to listen on the wildcard address (see
1241 below), though this is not the default.
1242 Additionally, the authentication spoofing and authentication data
1243 verification and substitution occur on the client side.
1244 The security risk of using X11 forwarding is that the client's X11
1245 display server may be exposed to attack when the SSH client requests
1246 forwarding (see the warnings for
1249 .Xr ssh_config 5 ) .
1250 A system administrator may have a stance in which they want to
1251 protect clients that may expose themselves to attack by unwittingly
1252 requesting X11 forwarding, which can warrant a
1256 Note that disabling X11 forwarding does not prevent users from
1257 forwarding X11 traffic, as users can always install their own forwarders.
1258 X11 forwarding is automatically disabled if
1261 .It Cm X11UseLocalhost
1264 should bind the X11 forwarding server to the loopback address or to
1265 the wildcard address.
1267 sshd binds the forwarding server to the loopback address and sets the
1268 hostname part of the
1270 environment variable to
1272 This prevents remote hosts from connecting to the proxy display.
1273 However, some older X11 clients may not function with this
1278 to specify that the forwarding server should be bound to the wildcard
1280 The argument must be
1286 .It Cm XAuthLocation
1287 Specifies the full pathname of the
1291 .Pa /usr/local/bin/xauth .
1295 command-line arguments and configuration file options that specify time
1296 may be expressed using a sequence of the form:
1298 .Ar time Op Ar qualifier ,
1302 is a positive integer value and
1304 is one of the following:
1306 .Bl -tag -width Ds -compact -offset indent
1321 Each member of the sequence is added together to calculate
1322 the total time value.
1324 Time format examples:
1326 .Bl -tag -width Ds -compact -offset indent
1328 600 seconds (10 minutes)
1332 1 hour 30 minutes (90 minutes)
1336 .It Pa /etc/ssh/sshd_config
1337 Contains configuration data for
1339 This file should be writable by root only, but it is recommended
1340 (though not necessary) that it be world-readable.
1345 OpenSSH is a derivative of the original and free
1346 ssh 1.2.12 release by Tatu Ylonen.
1347 Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
1348 Theo de Raadt and Dug Song
1349 removed many bugs, re-added newer features and
1351 Markus Friedl contributed the support for SSH
1352 protocol versions 1.5 and 2.0.
1353 Niels Provos and Markus Friedl contributed support
1354 for privilege separation.