2 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 .\" All rights reserved
6 .\" As far as I am concerned, the code I have written for this software
7 .\" can be used freely for any purpose. Any derived versions of this
8 .\" software must be clearly marked as such, and if the derived work is
9 .\" incompatible with the protocol description in the RFC file, it must be
10 .\" called by a name other than "ssh" or "Secure Shell".
12 .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
13 .\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
14 .\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
16 .\" Redistribution and use in source and binary forms, with or without
17 .\" modification, are permitted provided that the following conditions
19 .\" 1. Redistributions of source code must retain the above copyright
20 .\" notice, this list of conditions and the following disclaimer.
21 .\" 2. Redistributions in binary form must reproduce the above copyright
22 .\" notice, this list of conditions and the following disclaimer in the
23 .\" documentation and/or other materials provided with the distribution.
25 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26 .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27 .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28 .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29 .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30 .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31 .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32 .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 .\" $OpenBSD: sshd_config.5,v 1.282 2018/09/20 03:28:06 djm Exp $
38 .Dd $Mdocdate: July 28 2020 $
43 .Nd OpenSSH SSH daemon configuration file
46 reads configuration data from
47 .Pa /etc/ssh/sshd_config
48 (or the file specified with
51 The file contains keyword-argument pairs, one per line.
52 For each keyword, the first obtained value will be used.
55 and empty lines are interpreted as comments.
56 Arguments may optionally be enclosed in double quotes
58 in order to represent arguments containing spaces.
61 keywords and their meanings are as follows (note that
62 keywords are case-insensitive and arguments are case-sensitive):
65 Specifies what environment variables sent by the client will be copied into
74 for how to configure the client.
77 environment variable is always accepted whenever the client
78 requests a pseudo-terminal as it is required by the protocol.
79 Variables are specified by name, which may contain the wildcard characters
83 Multiple environment variables may be separated by whitespace or spread
87 Be warned that some environment variables could be used to bypass restricted
89 For this reason, care should be taken in the use of this directive.
90 The default is not to accept any environment variables.
92 Specifies which address family should be used by
101 .It Cm AllowAgentForwarding
104 forwarding is permitted.
107 Note that disabling agent forwarding does not improve security
108 unless users are also denied shell access, as they can always install
109 their own forwarders.
111 This keyword can be followed by a list of group name patterns, separated
113 If specified, login is allowed only for users whose primary
114 group or supplementary group list matches one of the patterns.
115 Only group names are valid; a numerical group ID is not recognized.
116 By default, login is allowed for all groups.
117 The allow/deny directives are processed in the following order:
126 for more information on patterns.
127 .It Cm AllowStreamLocalForwarding
128 Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
129 The available options are
134 to allow StreamLocal forwarding,
136 to prevent all StreamLocal forwarding,
138 to allow local (from the perspective of
142 to allow remote forwarding only.
143 Note that disabling StreamLocal forwarding does not improve security unless
144 users are also denied shell access, as they can always install their
146 .It Cm AllowTcpForwarding
147 Specifies whether TCP forwarding is permitted.
148 The available options are
153 to allow TCP forwarding,
155 to prevent all TCP forwarding,
157 to allow local (from the perspective of
161 to allow remote forwarding only.
162 Note that disabling TCP forwarding does not improve security unless
163 users are also denied shell access, as they can always install their
166 This keyword can be followed by a list of user name patterns, separated
168 If specified, login is allowed only for user names that
169 match one of the patterns.
170 Only user names are valid; a numerical user ID is not recognized.
171 By default, login is allowed for all users.
172 If the pattern takes the form USER@HOST then USER and HOST
173 are separately checked, restricting logins to particular
174 users from particular hosts.
175 HOST criteria may additionally contain addresses to match in CIDR
176 address/masklen format.
177 The allow/deny directives are processed in the following order:
186 for more information on patterns.
187 .It Cm AuthenticationMethods
188 Specifies the authentication methods that must be successfully completed
189 for a user to be granted access.
190 This option must be followed by one or more lists of comma-separated
191 authentication method names, or by the single string
193 to indicate the default behaviour of accepting any single authentication
195 If the default is overridden, then successful authentication requires
196 completion of every method in at least one of these lists.
199 .Qq publickey,password publickey,keyboard-interactive
200 would require the user to complete public key authentication, followed by
201 either password or keyboard interactive authentication.
202 Only methods that are next in one or more lists are offered at each stage,
203 so for this example it would not be possible to attempt password or
204 keyboard-interactive authentication before public key.
206 For keyboard interactive authentication it is also possible to
207 restrict authentication to a specific device by appending a
208 colon followed by the device identifier
212 depending on the server configuration.
214 .Qq keyboard-interactive:bsdauth
215 would restrict keyboard interactive authentication to the
219 If the publickey method is listed more than once,
221 verifies that keys that have been used successfully are not reused for
222 subsequent authentications.
224 .Qq publickey,publickey
225 requires successful authentication using two different public keys.
227 Note that each authentication method listed should also be explicitly enabled
228 in the configuration.
230 The available authentication methods are:
231 .Qq gssapi-with-mic ,
233 .Qq keyboard-interactive ,
235 (used for access to password-less accounts when
236 .Cm PermitEmptyPasswords
241 .It Cm AuthorizedKeysCommand
242 Specifies a program to be used to look up the user's public keys.
243 The program must be owned by root, not writable by group or others and
244 specified by an absolute path.
246 .Cm AuthorizedKeysCommand
247 accept the tokens described in the
250 If no arguments are specified then the username of the target user is used.
252 The program should produce on standard output zero or
253 more lines of authorized_keys output (see
258 .Cm AuthorizedKeysCommand
259 does not successfully authenticate
260 and authorize the user then public key authentication continues using the usual
261 .Cm AuthorizedKeysFile
264 .Cm AuthorizedKeysCommand
266 .It Cm AuthorizedKeysCommandUser
267 Specifies the user under whose account the
268 .Cm AuthorizedKeysCommand
270 It is recommended to use a dedicated user that has no other role on the host
271 than running authorized keys commands.
273 .Cm AuthorizedKeysCommand
275 .Cm AuthorizedKeysCommandUser
278 will refuse to start.
279 .It Cm AuthorizedKeysFile
280 Specifies the file that contains the public keys used for user authentication.
281 The format is described in the
282 .Sx AUTHORIZED_KEYS FILE FORMAT
286 .Cm AuthorizedKeysFile
287 accept the tokens described in the
291 .Cm AuthorizedKeysFile
292 is taken to be an absolute path or one relative to the user's home
294 Multiple files may be listed, separated by whitespace.
295 Alternately this option may be set to
297 to skip checking for user keys in files.
299 .Qq .ssh/authorized_keys .ssh/authorized_keys2 .
300 .It Cm AuthorizedPrincipalsCommand
301 Specifies a program to be used to generate the list of allowed
302 certificate principals as per
303 .Cm AuthorizedPrincipalsFile .
304 The program must be owned by root, not writable by group or others and
305 specified by an absolute path.
307 .Cm AuthorizedPrincipalsCommand
308 accept the tokens described in the
311 If no arguments are specified then the username of the target user is used.
313 The program should produce on standard output zero or
315 .Cm AuthorizedPrincipalsFile
318 .Cm AuthorizedPrincipalsCommand
320 .Cm AuthorizedPrincipalsFile
321 is specified, then certificates offered by the client for authentication
322 must contain a principal that is listed.
324 .Cm AuthorizedPrincipalsCommand
326 .It Cm AuthorizedPrincipalsCommandUser
327 Specifies the user under whose account the
328 .Cm AuthorizedPrincipalsCommand
330 It is recommended to use a dedicated user that has no other role on the host
331 than running authorized principals commands.
333 .Cm AuthorizedPrincipalsCommand
335 .Cm AuthorizedPrincipalsCommandUser
338 will refuse to start.
339 .It Cm AuthorizedPrincipalsFile
340 Specifies a file that lists principal names that are accepted for
341 certificate authentication.
342 When using certificates signed by a key listed in
343 .Cm TrustedUserCAKeys ,
344 this file lists names, one of which must appear in the certificate for it
345 to be accepted for authentication.
346 Names are listed one per line preceded by key options (as described in
347 .Sx AUTHORIZED_KEYS FILE FORMAT
350 Empty lines and comments starting with
355 .Cm AuthorizedPrincipalsFile
356 accept the tokens described in the
360 .Cm AuthorizedPrincipalsFile
361 is taken to be an absolute path or one relative to the user's home directory.
364 i.e. not to use a principals file \(en in this case, the username
365 of the user must appear in a certificate's principals list for it to be
369 .Cm AuthorizedPrincipalsFile
370 is only used when authentication proceeds using a CA listed in
371 .Cm TrustedUserCAKeys
372 and is not consulted for certification authorities trusted via
373 .Pa ~/.ssh/authorized_keys ,
376 key option offers a similar facility (see
380 The contents of the specified file are sent to the remote user before
381 authentication is allowed.
384 then no banner is displayed.
385 By default, no banner is displayed.
386 .It Cm CASignatureAlgorithms
387 Specifies which algorithms are allowed for signing of certificates
388 by certificate authorities (CAs).
390 .Bd -literal -offset indent
391 ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
392 ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
395 Certificates signed using other algorithms will not be accepted for
396 public key or host-based authentication.
397 .It Cm ChallengeResponseAuthentication
398 Specifies whether challenge-response authentication is allowed (e.g. via
399 PAM or through authentication styles supported in
403 .It Cm ChrootDirectory
404 Specifies the pathname of a directory to
406 to after authentication.
409 checks that all components of the pathname are root-owned directories
410 which are not writable by any other user or group.
413 changes the working directory to the user's home directory.
416 accept the tokens described in the
422 must contain the necessary files and directories to support the
424 For an interactive session this requires at least a shell, typically
437 For file transfer sessions using SFTP
438 no additional configuration of the environment is necessary if the in-process
440 though sessions which use logging may require
442 inside the chroot directory on some operating systems (see
446 For safety, it is very important that the directory hierarchy be
447 prevented from modification by other processes on the system (especially
448 those outside the jail).
449 Misconfiguration can lead to unsafe environments which
458 Specifies the ciphers allowed.
459 Multiple ciphers must be comma-separated.
460 If the specified value begins with a
462 character, then the specified ciphers will be appended to the default set
463 instead of replacing them.
464 If the specified value begins with a
466 character, then the specified ciphers (including wildcards) will be removed
467 from the default set instead of replacing them.
469 The supported ciphers are:
471 .Bl -item -compact -offset indent
487 aes128-gcm@openssh.com
489 aes256-gcm@openssh.com
491 chacha20-poly1305@openssh.com
495 .Bd -literal -offset indent
496 chacha20-poly1305@openssh.com,
497 aes128-ctr,aes192-ctr,aes256-ctr,
498 aes128-gcm@openssh.com,aes256-gcm@openssh.com
501 The list of available ciphers may also be obtained using
503 .It Cm ClientAliveCountMax
504 Sets the number of client alive messages which may be sent without
506 receiving any messages back from the client.
507 If this threshold is reached while client alive messages are being sent,
508 sshd will disconnect the client, terminating the session.
509 It is important to note that the use of client alive messages is very
512 The client alive messages are sent through the encrypted channel
513 and therefore will not be spoofable.
514 The TCP keepalive option enabled by
517 The client alive mechanism is valuable when the client or
518 server depend on knowing when a connection has become inactive.
520 The default value is 3.
522 .Cm ClientAliveInterval
524 .Cm ClientAliveCountMax
525 is left at the default, unresponsive SSH clients
526 will be disconnected after approximately 45 seconds.
527 .It Cm ClientAliveInterval
528 Sets a timeout interval in seconds after which if no data has been received
531 will send a message through the encrypted
532 channel to request a response from the client.
534 is 0, indicating that these messages will not be sent to the client.
536 Specifies whether compression is enabled after
537 the user has authenticated successfully.
541 (a legacy synonym for
548 This keyword can be followed by a list of group name patterns, separated
550 Login is disallowed for users whose primary group or supplementary
551 group list matches one of the patterns.
552 Only group names are valid; a numerical group ID is not recognized.
553 By default, login is allowed for all groups.
554 The allow/deny directives are processed in the following order:
563 for more information on patterns.
565 This keyword can be followed by a list of user name patterns, separated
567 Login is disallowed for user names that match one of the patterns.
568 Only user names are valid; a numerical user ID is not recognized.
569 By default, login is allowed for all users.
570 If the pattern takes the form USER@HOST then USER and HOST
571 are separately checked, restricting logins to particular
572 users from particular hosts.
573 HOST criteria may additionally contain addresses to match in CIDR
574 address/masklen format.
575 The allow/deny directives are processed in the following order:
584 for more information on patterns.
585 .It Cm DisableForwarding
586 Disables all forwarding features, including X11,
589 This option overrides all other forwarding-related options and may
590 simplify restricted configurations.
591 .It Cm ExposeAuthInfo
592 Writes a temporary file containing a list of authentication methods and
593 public credentials (e.g. keys) used to authenticate the user.
594 The location of the file is exposed to the user session through the
596 environment variable.
599 .It Cm FingerprintHash
600 Specifies the hash algorithm used when logging key fingerprints.
608 Forces the execution of the command specified by
610 ignoring any command supplied by the client and
613 The command is invoked by using the user's login shell with the -c option.
614 This applies to shell, command, or subsystem execution.
615 It is most useful inside a
618 The command originally supplied by the client is available in the
619 .Ev SSH_ORIGINAL_COMMAND
620 environment variable.
621 Specifying a command of
623 will force the use of an in-process SFTP server that requires no support
625 .Cm ChrootDirectory .
629 Specifies whether remote hosts are allowed to connect to ports
630 forwarded for the client.
633 binds remote port forwardings to the loopback address.
634 This prevents other remote hosts from connecting to forwarded ports.
636 can be used to specify that sshd
637 should allow remote port forwardings to bind to non-loopback addresses, thus
638 allowing other hosts to connect.
641 to force remote port forwardings to be available to the local host only,
643 to force remote port forwardings to bind to the wildcard address, or
645 to allow the client to select the address to which the forwarding is bound.
648 .It Cm GSSAPIAuthentication
649 Specifies whether user authentication based on GSSAPI is allowed.
652 .It Cm GSSAPICleanupCredentials
653 Specifies whether to automatically destroy the user's credentials cache
657 .It Cm GSSAPIStrictAcceptorCheck
658 Determines whether to be strict about the identity of the GSSAPI acceptor
659 a client authenticates against.
662 then the client must authenticate against the host
663 service on the current hostname.
666 then the client may authenticate against any service key stored in the
667 machine's default store.
668 This facility is provided to assist with operation on multi homed machines.
671 .It Cm HostbasedAcceptedKeyTypes
672 Specifies the key types that will be accepted for hostbased authentication
673 as a list of comma-separated patterns.
674 Alternately if the specified value begins with a
676 character, then the specified key types will be appended to the default set
677 instead of replacing them.
678 If the specified value begins with a
680 character, then the specified key types (including wildcards) will be removed
681 from the default set instead of replacing them.
682 The default for this option is:
683 .Bd -literal -offset 3n
684 ecdsa-sha2-nistp256-cert-v01@openssh.com,
685 ecdsa-sha2-nistp384-cert-v01@openssh.com,
686 ecdsa-sha2-nistp521-cert-v01@openssh.com,
687 ssh-ed25519-cert-v01@openssh.com,
688 rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
689 ssh-rsa-cert-v01@openssh.com,
690 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
691 ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
694 The list of available key types may also be obtained using
696 .It Cm HostbasedAuthentication
697 Specifies whether rhosts or /etc/hosts.equiv authentication together
698 with successful public key client host authentication is allowed
699 (host-based authentication).
702 .It Cm HostbasedUsesNameFromPacketOnly
703 Specifies whether or not the server will attempt to perform a reverse
704 name lookup when matching the name in the
710 .Cm HostbasedAuthentication .
715 uses the name supplied by the client rather than
716 attempting to resolve the name from the TCP connection itself.
719 .It Cm HostCertificate
720 Specifies a file containing a public host certificate.
721 The certificate's public key must match a private host key already specified
724 The default behaviour of
726 is not to load any certificates.
728 Specifies a file containing a private host key
731 .Pa /etc/ssh/ssh_host_ecdsa_key ,
732 .Pa /etc/ssh/ssh_host_ed25519_key
734 .Pa /etc/ssh/ssh_host_rsa_key .
738 will refuse to use a file if it is group/world-accessible
740 .Cm HostKeyAlgorithms
741 option restricts which of the keys are actually used by
744 It is possible to have multiple host key files.
745 It is also possible to specify public host key files instead.
746 In this case operations on the private key will be delegated
750 Identifies the UNIX-domain socket used to communicate
751 with an agent that has access to the private host keys.
754 is specified, the location of the socket will be read from the
756 environment variable.
757 .It Cm HostKeyAlgorithms
758 Specifies the host key algorithms
759 that the server offers.
760 The default for this option is:
761 .Bd -literal -offset 3n
762 ecdsa-sha2-nistp256-cert-v01@openssh.com,
763 ecdsa-sha2-nistp384-cert-v01@openssh.com,
764 ecdsa-sha2-nistp521-cert-v01@openssh.com,
765 ssh-ed25519-cert-v01@openssh.com,
766 rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
767 ssh-rsa-cert-v01@openssh.com,
768 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
769 ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
772 The list of available key types may also be obtained using
779 files will not be used in
780 .Cm HostbasedAuthentication .
784 .Pa /etc/ssh/shosts.equiv
788 .It Cm IgnoreUserKnownHosts
791 should ignore the user's
792 .Pa ~/.ssh/known_hosts
794 .Cm HostbasedAuthentication
795 and use only the system-wide known hosts file
796 .Pa /etc/ssh/known_hosts .
800 Specifies the IPv4 type-of-service or DSCP class for the connection.
828 to use the operating system default.
829 This option may take one or two arguments, separated by whitespace.
830 If one argument is specified, it is used as the packet class unconditionally.
831 If two values are specified, the first is automatically selected for
832 interactive sessions and the second for non-interactive sessions.
836 for interactive sessions and
839 for non-interactive sessions.
840 .It Cm KbdInteractiveAuthentication
841 Specifies whether to allow keyboard-interactive authentication.
842 The argument to this keyword must be
846 The default is to use whatever value
847 .Cm ChallengeResponseAuthentication
851 .It Cm KerberosAuthentication
852 Specifies whether the password provided by the user for
853 .Cm PasswordAuthentication
854 will be validated through the Kerberos KDC.
855 To use this option, the server needs a
856 Kerberos servtab which allows the verification of the KDC's identity.
859 .It Cm KerberosGetAFSToken
860 If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire
861 an AFS token before accessing the user's home directory.
864 .It Cm KerberosOrLocalPasswd
865 If password authentication through Kerberos fails then
866 the password will be validated via any additional local mechanism
871 .It Cm KerberosTicketCleanup
872 Specifies whether to automatically destroy the user's ticket cache
877 Specifies the available KEX (Key Exchange) algorithms.
878 Multiple algorithms must be comma-separated.
879 Alternately if the specified value begins with a
881 character, then the specified methods will be appended to the default set
882 instead of replacing them.
883 If the specified value begins with a
885 character, then the specified methods (including wildcards) will be removed
886 from the default set instead of replacing them.
887 The supported algorithms are:
889 .Bl -item -compact -offset indent
893 curve25519-sha256@libssh.org
895 diffie-hellman-group1-sha1
897 diffie-hellman-group14-sha1
899 diffie-hellman-group14-sha256
901 diffie-hellman-group16-sha512
903 diffie-hellman-group18-sha512
905 diffie-hellman-group-exchange-sha1
907 diffie-hellman-group-exchange-sha256
917 .Bd -literal -offset indent
918 curve25519-sha256,curve25519-sha256@libssh.org,
919 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
920 diffie-hellman-group-exchange-sha256,
921 diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
922 diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
925 The list of available key exchange algorithms may also be obtained using
928 Specifies the local addresses
931 The following forms may be used:
933 .Bl -item -offset indent -compact
937 .Ar hostname | address
939 .Op Cm rdomain Ar domain
945 .Op Cm rdomain Ar domain
949 .Ar IPv4_address : port
951 .Op Cm rdomain Ar domain
955 .Oo Ar hostname | address Oc : Ar port
957 .Op Cm rdomain Ar domain
964 listen in an explicit routing domain.
968 sshd will listen on the address and all
971 The default is to listen on all local addresses on the current default
975 options are permitted.
976 For more information on routing domains, see
978 .It Cm LoginGraceTime
979 The server disconnects after this time if the user has not
980 successfully logged in.
981 If the value is 0, there is no time limit.
982 The default is 120 seconds.
984 Gives the verbosity level that is used when logging messages from
986 The possible values are:
987 QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
989 DEBUG and DEBUG1 are equivalent.
990 DEBUG2 and DEBUG3 each specify higher levels of debugging output.
991 Logging with a DEBUG level violates the privacy of users and is not recommended.
993 Specifies the available MAC (message authentication code) algorithms.
994 The MAC algorithm is used for data integrity protection.
995 Multiple algorithms must be comma-separated.
996 If the specified value begins with a
998 character, then the specified algorithms will be appended to the default set
999 instead of replacing them.
1000 If the specified value begins with a
1002 character, then the specified algorithms (including wildcards) will be removed
1003 from the default set instead of replacing them.
1005 The algorithms that contain
1007 calculate the MAC after encryption (encrypt-then-mac).
1008 These are considered safer and their use recommended.
1009 The supported MACs are:
1011 .Bl -item -compact -offset indent
1027 umac-128@openssh.com
1029 hmac-md5-etm@openssh.com
1031 hmac-md5-96-etm@openssh.com
1033 hmac-sha1-etm@openssh.com
1035 hmac-sha1-96-etm@openssh.com
1037 hmac-sha2-256-etm@openssh.com
1039 hmac-sha2-512-etm@openssh.com
1041 umac-64-etm@openssh.com
1043 umac-128-etm@openssh.com
1047 .Bd -literal -offset indent
1048 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1049 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1050 hmac-sha1-etm@openssh.com,
1051 umac-64@openssh.com,umac-128@openssh.com,
1052 hmac-sha2-256,hmac-sha2-512,hmac-sha1
1055 The list of available MAC algorithms may also be obtained using
1058 Introduces a conditional block.
1059 If all of the criteria on the
1061 line are satisfied, the keywords on the following lines override those
1062 set in the global section of the config file, until either another
1064 line or the end of the file.
1065 If a keyword appears in multiple
1067 blocks that are satisfied, only the first instance of the keyword is
1072 are one or more criteria-pattern pairs or the single token
1074 which matches all criteria.
1075 The available criteria are
1088 on which the connection was received.)
1090 The match patterns may consist of single entries or comma-separated
1091 lists and may use the wildcard and negation operators described in the
1098 criteria may additionally contain addresses to match in CIDR
1099 address/masklen format,
1100 such as 192.0.2.0/24 or 2001:db8::/32.
1101 Note that the mask length provided must be consistent with the address -
1102 it is an error to specify a mask length that is too long for the address
1103 or one with bits set in this host portion of the address.
1104 For example, 192.0.2.0/33 and 192.0.2.0/8, respectively.
1106 Only a subset of keywords may be used on the lines following a
1109 Available keywords are
1111 .Cm AllowAgentForwarding ,
1113 .Cm AllowStreamLocalForwarding ,
1114 .Cm AllowTcpForwarding ,
1116 .Cm AuthenticationMethods ,
1117 .Cm AuthorizedKeysCommand ,
1118 .Cm AuthorizedKeysCommandUser ,
1119 .Cm AuthorizedKeysFile ,
1120 .Cm AuthorizedPrincipalsCommand ,
1121 .Cm AuthorizedPrincipalsCommandUser ,
1122 .Cm AuthorizedPrincipalsFile ,
1124 .Cm ChrootDirectory ,
1125 .Cm ClientAliveCountMax ,
1126 .Cm ClientAliveInterval ,
1131 .Cm GSSAPIAuthentication ,
1132 .Cm HostbasedAcceptedKeyTypes ,
1133 .Cm HostbasedAuthentication ,
1134 .Cm HostbasedUsesNameFromPacketOnly ,
1136 .Cm KbdInteractiveAuthentication ,
1137 .Cm KerberosAuthentication ,
1141 .Cm PasswordAuthentication ,
1142 .Cm PermitEmptyPasswords ,
1145 .Cm PermitRootLogin ,
1149 .Cm PubkeyAcceptedKeyTypes ,
1150 .Cm PubkeyAuthentication ,
1155 .Cm StreamLocalBindMask ,
1156 .Cm StreamLocalBindUnlink ,
1157 .Cm TrustedUserCAKeys ,
1158 .Cm X11DisplayOffset ,
1161 .Cm X11UseLocalHost .
1163 Specifies the maximum number of authentication attempts permitted per
1165 Once the number of failures reaches half this value,
1166 additional failures are logged.
1169 Specifies the maximum number of open shell, login or subsystem (e.g. sftp)
1170 sessions permitted per network connection.
1171 Multiple sessions may be established by clients that support connection
1175 to 1 will effectively disable session multiplexing, whereas setting it to 0
1176 will prevent all shell, login and subsystem sessions while still permitting
1180 Specifies the maximum number of concurrent unauthenticated connections to the
1182 Additional connections will be dropped until authentication succeeds or the
1184 expires for a connection.
1185 The default is 10:30:100.
1187 Alternatively, random early drop can be enabled by specifying
1188 the three colon separated values
1189 start:rate:full (e.g. "10:30:60").
1191 will refuse connection attempts with a probability of rate/100 (30%)
1192 if there are currently start (10) unauthenticated connections.
1193 The probability increases linearly and all connection attempts
1194 are refused if the number of unauthenticated connections reaches full (60).
1195 .It Cm PasswordAuthentication
1196 Specifies whether password authentication is allowed.
1201 .It Cm PermitEmptyPasswords
1202 When password authentication is allowed, it specifies whether the
1203 server allows login to accounts with empty password strings.
1207 Specifies the addresses/ports on which a remote TCP port forwarding may listen.
1208 The listen specification must be one of the following forms:
1210 .Bl -item -offset indent -compact
1223 Multiple permissions may be specified by separating them with whitespace.
1226 can be used to remove all restrictions and permit any listen requests.
1229 can be used to prohibit all listen requests.
1230 The host name may contain wildcards as described in the PATTERNS section in
1234 can also be used in place of a port number to allow all ports.
1235 By default all port forwarding listen requests are permitted.
1238 option may further restrict which addresses may be listened on.
1241 will request a listen host of
1243 if no listen host was specifically requested, and this this name is
1244 treated differently to explicit localhost addresses of
1249 Specifies the destinations to which TCP port forwarding is permitted.
1250 The forwarding specification must be one of the following forms:
1252 .Bl -item -offset indent -compact
1261 .Ar IPv4_addr : port
1266 .Ar \&[ IPv6_addr \&] : port
1270 Multiple forwards may be specified by separating them with whitespace.
1273 can be used to remove all restrictions and permit any forwarding requests.
1276 can be used to prohibit all forwarding requests.
1279 can be used for host or port to allow all hosts or ports, respectively.
1280 By default all port forwarding requests are permitted.
1281 .It Cm PermitRootLogin
1282 Specifies whether root can log in using
1284 The argument must be
1286 .Cm prohibit-password ,
1287 .Cm forced-commands-only ,
1293 .Cm ChallengeResponseAuthentication
1298 this setting may be overridden by the PAM policy.
1300 If this option is set to
1301 .Cm prohibit-password
1302 (or its deprecated alias,
1303 .Cm without-password ) ,
1304 password and keyboard-interactive authentication are disabled for root.
1306 If this option is set to
1307 .Cm forced-commands-only ,
1308 root login with public key authentication will be allowed,
1311 option has been specified
1312 (which may be useful for taking remote backups even if root login is
1313 normally not allowed).
1314 All other authentication methods are disabled for root.
1316 If this option is set to
1318 root is not allowed to log in.
1322 allocation is permitted.
1328 device forwarding is allowed.
1329 The argument must be
1345 Independent of this setting, the permissions of the selected
1347 device must allow access to the user.
1348 .It Cm PermitUserEnvironment
1350 .Pa ~/.ssh/environment
1354 .Pa ~/.ssh/authorized_keys
1360 or a pattern-list specifying which environment variable names to accept
1365 Enabling environment processing may enable users to bypass access
1366 restrictions in some configurations using mechanisms such as
1369 Specifies whether any
1375 Specifies the file that contains the process ID of the
1380 .Pa /var/run/sshd.pid .
1382 Specifies the port number that
1386 Multiple options of this type are permitted.
1392 should print the date and time of the last user login when a user logs
1401 when a user logs in interactively.
1402 (On some systems it is also printed by the shell,
1407 .It Cm PubkeyAcceptedKeyTypes
1408 Specifies the key types that will be accepted for public key authentication
1409 as a list of comma-separated patterns.
1410 Alternately if the specified value begins with a
1412 character, then the specified key types will be appended to the default set
1413 instead of replacing them.
1414 If the specified value begins with a
1416 character, then the specified key types (including wildcards) will be removed
1417 from the default set instead of replacing them.
1418 The default for this option is:
1419 .Bd -literal -offset 3n
1420 ecdsa-sha2-nistp256-cert-v01@openssh.com,
1421 ecdsa-sha2-nistp384-cert-v01@openssh.com,
1422 ecdsa-sha2-nistp521-cert-v01@openssh.com,
1423 ssh-ed25519-cert-v01@openssh.com,
1424 rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
1425 ssh-rsa-cert-v01@openssh.com,
1426 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1427 ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
1430 The list of available key types may also be obtained using
1432 .It Cm PubkeyAuthentication
1433 Specifies whether public key authentication is allowed.
1437 Specifies the maximum amount of data that may be transmitted before the
1438 session key is renegotiated, optionally followed a maximum amount of
1439 time that may pass before the session key is renegotiated.
1440 The first argument is specified in bytes and may have a suffix of
1445 to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
1446 The default is between
1450 depending on the cipher.
1451 The optional second value is specified in seconds and may use any of the
1452 units documented in the
1455 The default value for
1459 which means that rekeying is performed after the cipher's default amount
1460 of data has been sent or received and no time based rekeying is done.
1462 Specifies revoked public keys file, or
1465 Keys listed in this file will be refused for public key authentication.
1466 Note that if this file is not readable, then public key authentication will
1467 be refused for all users.
1468 Keys may be specified as a text file, listing one public key per line, or as
1469 an OpenSSH Key Revocation List (KRL) as generated by
1471 For more information on KRLs, see the KEY REVOCATION LISTS section in
1474 Specifies an explicit routing domain that is applied after authentication
1476 The user session, as well and any forwarded or listening IP sockets,
1477 will be bound to this
1479 If the routing domain is set to
1481 then the domain in which the incoming connection was received will be applied.
1483 Specifies one or more environment variables to set in child sessions started
1488 The environment value may be quoted (e.g. if it contains whitespace
1490 Environment variables set by
1492 override the default environment and any variables specified by the user
1496 .Cm PermitUserEnvironment .
1497 .It Cm StreamLocalBindMask
1498 Sets the octal file creation mode mask
1500 used when creating a Unix-domain socket file for local or remote
1502 This option is only used for port forwarding to a Unix-domain socket file.
1504 The default value is 0177, which creates a Unix-domain socket file that is
1505 readable and writable only by the owner.
1506 Note that not all operating systems honor the file mode on Unix-domain
1508 .It Cm StreamLocalBindUnlink
1509 Specifies whether to remove an existing Unix-domain socket file for local
1510 or remote port forwarding before creating a new one.
1511 If the socket file already exists and
1512 .Cm StreamLocalBindUnlink
1515 will be unable to forward the port to the Unix-domain socket file.
1516 This option is only used for port forwarding to a Unix-domain socket file.
1518 The argument must be
1527 should check file modes and ownership of the
1528 user's files and home directory before accepting login.
1529 This is normally desirable because novices sometimes accidentally leave their
1530 directory or files world-writable.
1533 Note that this does not apply to
1534 .Cm ChrootDirectory ,
1535 whose permissions and ownership are checked unconditionally.
1537 Configures an external subsystem (e.g. file transfer daemon).
1538 Arguments should be a subsystem name and a command (with optional arguments)
1539 to execute upon subsystem request.
1543 implements the SFTP file transfer subsystem.
1545 Alternately the name
1547 implements an in-process SFTP server.
1548 This may simplify configurations using
1550 to force a different filesystem root on clients.
1552 By default no subsystems are defined.
1553 .It Cm SyslogFacility
1554 Gives the facility code that is used when logging messages from
1556 The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
1557 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
1558 The default is AUTH.
1560 Specifies whether the system should send TCP keepalive messages to the
1562 If they are sent, death of the connection or crash of one
1563 of the machines will be properly noticed.
1564 However, this means that
1565 connections will die if the route is down temporarily, and some people
1567 On the other hand, if TCP keepalives are not sent,
1568 sessions may hang indefinitely on the server, leaving
1570 users and consuming server resources.
1574 (to send TCP keepalive messages), and the server will notice
1575 if the network goes down or the client host crashes.
1576 This avoids infinitely hanging sessions.
1578 To disable TCP keepalive messages, the value should be set to
1580 .It Cm TrustedUserCAKeys
1581 Specifies a file containing public keys of certificate authorities that are
1582 trusted to sign user certificates for authentication, or
1585 Keys are listed one per line; empty lines and comments starting with
1588 If a certificate is presented for authentication and has its signing CA key
1589 listed in this file, then it may be used for authentication for any user
1590 listed in the certificate's principals list.
1591 Note that certificates that lack a list of principals will not be permitted
1592 for authentication using
1593 .Cm TrustedUserCAKeys .
1594 For more details on certificates, see the CERTIFICATES section in
1599 attempts to send authentication success and failure messages
1605 For forward compatibility with an upcoming
1609 alias can be used instead.
1613 should look up the remote host name, and to check that
1614 the resolved host name for the remote IP address maps back to the
1615 very same IP address.
1617 If this option is set to
1619 then only addresses and not host names may be used in
1620 .Pa ~/.ssh/authorized_keys
1630 Enables the Pluggable Authentication Module interface.
1633 this will enable PAM authentication using
1634 .Cm ChallengeResponseAuthentication
1636 .Cm PasswordAuthentication
1637 in addition to PAM account and session module processing for all
1638 authentication types.
1640 Because PAM challenge-response authentication usually serves an equivalent
1641 role to password authentication, you should disable either
1642 .Cm PasswordAuthentication
1644 .Cm ChallengeResponseAuthentication.
1648 is enabled, you will not be able to run
1653 .It Cm VersionAddendum
1654 Optionally specifies additional text to append to the SSH protocol banner
1655 sent by the server upon connection.
1657 .Qq FreeBSD-20180909 .
1660 may be used to disable this.
1661 .It Cm X11DisplayOffset
1662 Specifies the first display number available for
1665 This prevents sshd from interfering with real X11 servers.
1667 .It Cm X11Forwarding
1668 Specifies whether X11 forwarding is permitted.
1669 The argument must be
1676 When X11 forwarding is enabled, there may be additional exposure to
1677 the server and to client displays if the
1679 proxy display is configured to listen on the wildcard address (see
1680 .Cm X11UseLocalhost ) ,
1681 though this is not the default.
1682 Additionally, the authentication spoofing and authentication data
1683 verification and substitution occur on the client side.
1684 The security risk of using X11 forwarding is that the client's X11
1685 display server may be exposed to attack when the SSH client requests
1686 forwarding (see the warnings for
1689 .Xr ssh_config 5 ) .
1690 A system administrator may have a stance in which they want to
1691 protect clients that may expose themselves to attack by unwittingly
1692 requesting X11 forwarding, which can warrant a
1696 Note that disabling X11 forwarding does not prevent users from
1697 forwarding X11 traffic, as users can always install their own forwarders.
1698 .It Cm X11UseLocalhost
1701 should bind the X11 forwarding server to the loopback address or to
1702 the wildcard address.
1704 sshd binds the forwarding server to the loopback address and sets the
1705 hostname part of the
1707 environment variable to
1709 This prevents remote hosts from connecting to the proxy display.
1710 However, some older X11 clients may not function with this
1715 to specify that the forwarding server should be bound to the wildcard
1717 The argument must be
1723 .It Cm XAuthLocation
1724 Specifies the full pathname of the
1730 .Pa /usr/local/bin/xauth .
1734 command-line arguments and configuration file options that specify time
1735 may be expressed using a sequence of the form:
1737 .Ar time Op Ar qualifier ,
1741 is a positive integer value and
1743 is one of the following:
1745 .Bl -tag -width Ds -compact -offset indent
1760 Each member of the sequence is added together to calculate
1761 the total time value.
1763 Time format examples:
1765 .Bl -tag -width Ds -compact -offset indent
1767 600 seconds (10 minutes)
1771 1 hour 30 minutes (90 minutes)
1774 Arguments to some keywords can make use of tokens,
1775 which are expanded at runtime:
1777 .Bl -tag -width XXXX -offset indent -compact
1782 The routing domain in which the incoming connection was received.
1784 The fingerprint of the CA key.
1786 The fingerprint of the key or certificate.
1788 The home directory of the user.
1790 The key ID in the certificate.
1792 The base64-encoded CA key.
1794 The base64-encoded key or certificate for authentication.
1796 The serial number of the certificate.
1798 The type of the CA key.
1800 The key or certificate type.
1802 The numeric user ID of the target user.
1807 .Cm AuthorizedKeysCommand
1808 accepts the tokens %%, %f, %h, %k, %t, %U, and %u.
1810 .Cm AuthorizedKeysFile
1811 accepts the tokens %%, %h, %U, and %u.
1813 .Cm AuthorizedPrincipalsCommand
1814 accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, %U, and %u.
1816 .Cm AuthorizedPrincipalsFile
1817 accepts the tokens %%, %h, %U, and %u.
1820 accepts the tokens %%, %h, %U, and %u.
1823 accepts the token %D.
1826 .It Pa /etc/ssh/sshd_config
1827 Contains configuration data for
1829 This file should be writable by root only, but it is recommended
1830 (though not necessary) that it be world-readable.
1837 OpenSSH is a derivative of the original and free
1838 ssh 1.2.12 release by
1840 .An Aaron Campbell , Bob Beck , Markus Friedl , Niels Provos ,
1844 removed many bugs, re-added newer features and
1847 contributed the support for SSH protocol versions 1.5 and 2.0.
1851 contributed support for privilege separation.