2 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4 .\" All rights reserved
6 .\" As far as I am concerned, the code I have written for this software
7 .\" can be used freely for any purpose. Any derived versions of this
8 .\" software must be clearly marked as such, and if the derived work is
9 .\" incompatible with the protocol description in the RFC file, it must be
10 .\" called by a name other than "ssh" or "Secure Shell".
12 .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
13 .\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
14 .\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
16 .\" Redistribution and use in source and binary forms, with or without
17 .\" modification, are permitted provided that the following conditions
19 .\" 1. Redistributions of source code must retain the above copyright
20 .\" notice, this list of conditions and the following disclaimer.
21 .\" 2. Redistributions in binary form must reproduce the above copyright
22 .\" notice, this list of conditions and the following disclaimer in the
23 .\" documentation and/or other materials provided with the distribution.
25 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26 .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27 .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28 .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29 .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30 .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31 .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32 .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 .\" $OpenBSD: sshd_config.5,v 1.220 2016/02/17 08:57:34 djm Exp $
37 .Dd $Mdocdate: February 17 2016 $
42 .Nd OpenSSH SSH daemon configuration file
44 .Nm /etc/ssh/sshd_config
47 reads configuration data from
48 .Pa /etc/ssh/sshd_config
49 (or the file specified with
52 The file contains keyword-argument pairs, one per line.
55 and empty lines are interpreted as comments.
56 Arguments may optionally be enclosed in double quotes
58 in order to represent arguments containing spaces.
61 keywords and their meanings are as follows (note that
62 keywords are case-insensitive and arguments are case-sensitive):
65 Specifies what environment variables sent by the client will be copied into
72 for how to configure the client.
75 environment variable is always sent whenever the client
76 requests a pseudo-terminal as it is required by the protocol.
77 Variables are specified by name, which may contain the wildcard characters
81 Multiple environment variables may be separated by whitespace or spread
85 Be warned that some environment variables could be used to bypass restricted
87 For this reason, care should be taken in the use of this directive.
88 The default is not to accept any environment variables.
90 Specifies which address family should be used by
100 .It Cm AllowAgentForwarding
103 forwarding is permitted.
106 Note that disabling agent forwarding does not improve security
107 unless users are also denied shell access, as they can always install
108 their own forwarders.
110 This keyword can be followed by a list of group name patterns, separated
112 If specified, login is allowed only for users whose primary
113 group or supplementary group list matches one of the patterns.
114 Only group names are valid; a numerical group ID is not recognized.
115 By default, login is allowed for all groups.
116 The allow/deny directives are processed in the following order:
125 for more information on patterns.
126 .It Cm AllowTcpForwarding
127 Specifies whether TCP forwarding is permitted.
128 The available options are
132 to allow TCP forwarding,
134 to prevent all TCP forwarding,
136 to allow local (from the perspective of
140 to allow remote forwarding only.
143 Note that disabling TCP forwarding does not improve security unless
144 users are also denied shell access, as they can always install their
146 .It Cm AllowStreamLocalForwarding
147 Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
148 The available options are
152 to allow StreamLocal forwarding,
154 to prevent all StreamLocal forwarding,
156 to allow local (from the perspective of
160 to allow remote forwarding only.
163 Note that disabling StreamLocal forwarding does not improve security unless
164 users are also denied shell access, as they can always install their
167 This keyword can be followed by a list of user name patterns, separated
169 If specified, login is allowed only for user names that
170 match one of the patterns.
171 Only user names are valid; a numerical user ID is not recognized.
172 By default, login is allowed for all users.
173 If the pattern takes the form USER@HOST then USER and HOST
174 are separately checked, restricting logins to particular
175 users from particular hosts.
176 The allow/deny directives are processed in the following order:
185 for more information on patterns.
186 .It Cm AuthenticationMethods
187 Specifies the authentication methods that must be successfully completed
188 for a user to be granted access.
189 This option must be followed by one or more comma-separated lists of
190 authentication method names.
191 Successful authentication requires completion of every method in at least
194 For example, an argument of
195 .Dq publickey,password publickey,keyboard-interactive
196 would require the user to complete public key authentication, followed by
197 either password or keyboard interactive authentication.
198 Only methods that are next in one or more lists are offered at each stage,
199 so for this example, it would not be possible to attempt password or
200 keyboard-interactive authentication before public key.
202 For keyboard interactive authentication it is also possible to
203 restrict authentication to a specific device by appending a
204 colon followed by the device identifier
209 depending on the server configuration.
211 .Dq keyboard-interactive:bsdauth
212 would restrict keyboard interactive authentication to the
218 method is listed more than once,
220 verifies that keys that have been used successfully are not reused for
221 subsequent authentications.
223 .Cm AuthenticationMethods
225 .Dq publickey,publickey
226 will require successful authentication using two different public keys.
228 This option will yield a fatal
229 error if enabled if protocol 1 is also enabled.
230 Note that each authentication method listed should also be explicitly enabled
231 in the configuration.
232 The default is not to require multiple authentication; successful completion
233 of a single authentication method is sufficient.
234 .It Cm AuthorizedKeysCommand
235 Specifies a program to be used to look up the user's public keys.
236 The program must be owned by root, not writable by group or others and
237 specified by an absolute path.
240 .Cm AuthorizedKeysCommand
241 may be provided using the following tokens, which will be expanded
242 at runtime: %% is replaced by a literal '%', %u is replaced by the
243 username being authenticated, %h is replaced by the home directory
244 of the user being authenticated, %t is replaced with the key type
245 offered for authentication, %f is replaced with the fingerprint of
246 the key, and %k is replaced with the key being offered for authentication.
247 If no arguments are specified then the username of the target user
250 The program should produce on standard output zero or
251 more lines of authorized_keys output (see AUTHORIZED_KEYS in
253 If a key supplied by AuthorizedKeysCommand does not successfully authenticate
254 and authorize the user then public key authentication continues using the usual
255 .Cm AuthorizedKeysFile
257 By default, no AuthorizedKeysCommand is run.
258 .It Cm AuthorizedKeysCommandUser
259 Specifies the user under whose account the AuthorizedKeysCommand is run.
260 It is recommended to use a dedicated user that has no other role on the host
261 than running authorized keys commands.
263 .Cm AuthorizedKeysCommand
265 .Cm AuthorizedKeysCommandUser
268 will refuse to start.
269 .It Cm AuthorizedKeysFile
270 Specifies the file that contains the public keys that can be used
271 for user authentication.
272 The format is described in the
273 AUTHORIZED_KEYS FILE FORMAT
276 .Cm AuthorizedKeysFile
277 may contain tokens of the form %T which are substituted during connection
279 The following tokens are defined: %% is replaced by a literal '%',
280 %h is replaced by the home directory of the user being authenticated, and
281 %u is replaced by the username of that user.
283 .Cm AuthorizedKeysFile
284 is taken to be an absolute path or one relative to the user's home
286 Multiple files may be listed, separated by whitespace.
287 Alternately this option may be set to
289 to skip checking for user keys in files.
291 .Dq .ssh/authorized_keys .ssh/authorized_keys2 .
292 .It Cm AuthorizedPrincipalsCommand
293 Specifies a program to be used to generate the list of allowed
294 certificate principals as per
295 .Cm AuthorizedPrincipalsFile .
296 The program must be owned by root, not writable by group or others and
297 specified by an absolute path.
300 .Cm AuthorizedPrincipalsCommand
301 may be provided using the following tokens, which will be expanded
302 at runtime: %% is replaced by a literal '%', %u is replaced by the
303 username being authenticated and %h is replaced by the home directory
304 of the user being authenticated.
306 The program should produce on standard output zero or
308 .Cm AuthorizedPrincipalsFile
311 .Cm AuthorizedPrincipalsCommand
313 .Cm AuthorizedPrincipalsFile
314 is specified, then certificates offered by the client for authentication
315 must contain a principal that is listed.
316 By default, no AuthorizedPrincipalsCommand is run.
317 .It Cm AuthorizedPrincipalsCommandUser
318 Specifies the user under whose account the AuthorizedPrincipalsCommand is run.
319 It is recommended to use a dedicated user that has no other role on the host
320 than running authorized principals commands.
322 .Cm AuthorizedPrincipalsCommand
324 .Cm AuthorizedPrincipalsCommandUser
327 will refuse to start.
328 .It Cm AuthorizedPrincipalsFile
329 Specifies a file that lists principal names that are accepted for
330 certificate authentication.
331 When using certificates signed by a key listed in
332 .Cm TrustedUserCAKeys ,
333 this file lists names, one of which must appear in the certificate for it
334 to be accepted for authentication.
335 Names are listed one per line preceded by key options (as described
336 in AUTHORIZED_KEYS FILE FORMAT in
338 Empty lines and comments starting with
342 .Cm AuthorizedPrincipalsFile
343 may contain tokens of the form %T which are substituted during connection
345 The following tokens are defined: %% is replaced by a literal '%',
346 %h is replaced by the home directory of the user being authenticated, and
347 %u is replaced by the username of that user.
349 .Cm AuthorizedPrincipalsFile
350 is taken to be an absolute path or one relative to the user's home
355 i.e. not to use a principals file \(en in this case, the username
356 of the user must appear in a certificate's principals list for it to be
359 .Cm AuthorizedPrincipalsFile
360 is only used when authentication proceeds using a CA listed in
361 .Cm TrustedUserCAKeys
362 and is not consulted for certification authorities trusted via
363 .Pa ~/.ssh/authorized_keys ,
366 key option offers a similar facility (see
370 The contents of the specified file are sent to the remote user before
371 authentication is allowed.
374 then no banner is displayed.
375 By default, no banner is displayed.
376 .It Cm ChallengeResponseAuthentication
377 Specifies whether challenge-response authentication is allowed (e.g. via
378 PAM or through authentication styles supported in
382 .It Cm ChrootDirectory
383 Specifies the pathname of a directory to
385 to after authentication.
388 checks that all components of the pathname are root-owned directories
389 which are not writable by any other user or group.
392 changes the working directory to the user's home directory.
394 The pathname may contain the following tokens that are expanded at runtime once
395 the connecting user has been authenticated: %% is replaced by a literal '%',
396 %h is replaced by the home directory of the user being authenticated, and
397 %u is replaced by the username of that user.
401 must contain the necessary files and directories to support the
403 For an interactive session this requires at least a shell, typically
416 For file transfer sessions using
418 no additional configuration of the environment is necessary if the
419 in-process sftp server is used,
420 though sessions which use logging may require
422 inside the chroot directory on some operating systems (see
426 For safety, it is very important that the directory hierarchy be
427 prevented from modification by other processes on the system (especially
428 those outside the jail).
429 Misconfiguration can lead to unsafe environments which
438 Specifies the ciphers allowed.
439 Multiple ciphers must be comma-separated.
440 If the specified value begins with a
442 character, then the specified ciphers will be appended to the default set
443 instead of replacing them.
445 The supported ciphers are:
447 .Bl -item -compact -offset indent
463 aes128-gcm@openssh.com
465 aes256-gcm@openssh.com
477 chacha20-poly1305@openssh.com
481 .Bd -literal -offset indent
482 chacha20-poly1305@openssh.com,
483 aes128-ctr,aes192-ctr,aes256-ctr,
484 aes128-gcm@openssh.com,aes256-gcm@openssh.com
487 The list of available ciphers may also be obtained using the
493 .It Cm ClientAliveCountMax
494 Sets the number of client alive messages (see below) which may be
497 receiving any messages back from the client.
498 If this threshold is reached while client alive messages are being sent,
499 sshd will disconnect the client, terminating the session.
500 It is important to note that the use of client alive messages is very
504 The client alive messages are sent through the encrypted channel
505 and therefore will not be spoofable.
506 The TCP keepalive option enabled by
509 The client alive mechanism is valuable when the client or
510 server depend on knowing when a connection has become inactive.
512 The default value is 3.
514 .Cm ClientAliveInterval
515 (see below) is set to 15, and
516 .Cm ClientAliveCountMax
517 is left at the default, unresponsive SSH clients
518 will be disconnected after approximately 45 seconds.
519 .It Cm ClientAliveInterval
520 Sets a timeout interval in seconds after which if no data has been received
523 will send a message through the encrypted
524 channel to request a response from the client.
526 is 0, indicating that these messages will not be sent to the client.
528 Specifies whether compression is allowed, or delayed until
529 the user has authenticated successfully.
538 This keyword can be followed by a list of group name patterns, separated
540 Login is disallowed for users whose primary group or supplementary
541 group list matches one of the patterns.
542 Only group names are valid; a numerical group ID is not recognized.
543 By default, login is allowed for all groups.
544 The allow/deny directives are processed in the following order:
553 for more information on patterns.
555 This keyword can be followed by a list of user name patterns, separated
557 Login is disallowed for user names that match one of the patterns.
558 Only user names are valid; a numerical user ID is not recognized.
559 By default, login is allowed for all users.
560 If the pattern takes the form USER@HOST then USER and HOST
561 are separately checked, restricting logins to particular
562 users from particular hosts.
563 The allow/deny directives are processed in the following order:
572 for more information on patterns.
573 .It Cm FingerprintHash
574 Specifies the hash algorithm used when logging key fingerprints.
582 Forces the execution of the command specified by
584 ignoring any command supplied by the client and
587 The command is invoked by using the user's login shell with the -c option.
588 This applies to shell, command, or subsystem execution.
589 It is most useful inside a
592 The command originally supplied by the client is available in the
593 .Ev SSH_ORIGINAL_COMMAND
594 environment variable.
595 Specifying a command of
597 will force the use of an in-process sftp server that requires no support
599 .Cm ChrootDirectory .
603 Specifies whether remote hosts are allowed to connect to ports
604 forwarded for the client.
607 binds remote port forwardings to the loopback address.
608 This prevents other remote hosts from connecting to forwarded ports.
610 can be used to specify that sshd
611 should allow remote port forwardings to bind to non-loopback addresses, thus
612 allowing other hosts to connect.
615 to force remote port forwardings to be available to the local host only,
617 to force remote port forwardings to bind to the wildcard address, or
619 to allow the client to select the address to which the forwarding is bound.
622 .It Cm GSSAPIAuthentication
623 Specifies whether user authentication based on GSSAPI is allowed.
626 .It Cm GSSAPICleanupCredentials
627 Specifies whether to automatically destroy the user's credentials cache
631 .It Cm GSSAPIStrictAcceptorCheck
632 Determines whether to be strict about the identity of the GSSAPI acceptor
633 a client authenticates against.
636 then the client must authenticate against the
638 service on the current hostname.
641 then the client may authenticate against any service key stored in the
642 machine's default store.
643 This facility is provided to assist with operation on multi homed machines.
646 .It Cm HostbasedAcceptedKeyTypes
647 Specifies the key types that will be accepted for hostbased authentication
648 as a comma-separated pattern list.
649 Alternately if the specified value begins with a
651 character, then the specified key types will be appended to the default set
652 instead of replacing them.
653 The default for this option is:
654 .Bd -literal -offset 3n
655 ecdsa-sha2-nistp256-cert-v01@openssh.com,
656 ecdsa-sha2-nistp384-cert-v01@openssh.com,
657 ecdsa-sha2-nistp521-cert-v01@openssh.com,
658 ssh-ed25519-cert-v01@openssh.com,
659 ssh-rsa-cert-v01@openssh.com,
660 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
668 may be used to list supported key types.
669 .It Cm HostbasedAuthentication
670 Specifies whether rhosts or /etc/hosts.equiv authentication together
671 with successful public key client host authentication is allowed
672 (host-based authentication).
675 .It Cm HostbasedUsesNameFromPacketOnly
676 Specifies whether or not the server will attempt to perform a reverse
677 name lookup when matching the name in the
683 .Cm HostbasedAuthentication .
688 uses the name supplied by the client rather than
689 attempting to resolve the name from the TCP connection itself.
692 .It Cm HostCertificate
693 Specifies a file containing a public host certificate.
694 The certificate's public key must match a private host key already specified
697 The default behaviour of
699 is not to load any certificates.
701 Specifies a file containing a private host key
704 .Pa /etc/ssh/ssh_host_key
705 for protocol version 1, and
706 .Pa /etc/ssh/ssh_host_dsa_key ,
707 .Pa /etc/ssh/ssh_host_ecdsa_key ,
708 .Pa /etc/ssh/ssh_host_ed25519_key
710 .Pa /etc/ssh/ssh_host_rsa_key
711 for protocol version 2.
715 will refuse to use a file if it is group/world-accessible
717 .Cm HostKeyAlgorithms
718 option restricts which of the keys are actually used by
721 It is possible to have multiple host key files.
723 keys are used for version 1 and
729 are used for version 2 of the SSH protocol.
730 It is also possible to specify public host key files instead.
731 In this case operations on the private key will be delegated
735 Identifies the UNIX-domain socket used to communicate
736 with an agent that has access to the private host keys.
739 is specified, the location of the socket will be read from the
741 environment variable.
742 .It Cm HostKeyAlgorithms
743 Specifies the host key algorithms
744 that the server offers.
745 The default for this option is:
746 .Bd -literal -offset 3n
747 ecdsa-sha2-nistp256-cert-v01@openssh.com,
748 ecdsa-sha2-nistp384-cert-v01@openssh.com,
749 ecdsa-sha2-nistp521-cert-v01@openssh.com,
750 ssh-ed25519-cert-v01@openssh.com,
751 ssh-rsa-cert-v01@openssh.com,
752 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
756 The list of available key types may also be obtained using the
767 files will not be used in
768 .Cm RhostsRSAAuthentication
770 .Cm HostbasedAuthentication .
774 .Pa /etc/shosts.equiv
778 .It Cm IgnoreUserKnownHosts
781 should ignore the user's
782 .Pa ~/.ssh/known_hosts
784 .Cm RhostsRSAAuthentication
786 .Cm HostbasedAuthentication .
790 Specifies the IPv4 type-of-service or DSCP class for the connection.
817 This option may take one or two arguments, separated by whitespace.
818 If one argument is specified, it is used as the packet class unconditionally.
819 If two values are specified, the first is automatically selected for
820 interactive sessions and the second for non-interactive sessions.
823 for interactive sessions and
825 for non-interactive sessions.
826 .It Cm KbdInteractiveAuthentication
827 Specifies whether to allow keyboard-interactive authentication.
828 The argument to this keyword must be
832 The default is to use whatever value
833 .Cm ChallengeResponseAuthentication
837 .It Cm KerberosAuthentication
838 Specifies whether the password provided by the user for
839 .Cm PasswordAuthentication
840 will be validated through the Kerberos KDC.
841 To use this option, the server needs a
842 Kerberos servtab which allows the verification of the KDC's identity.
845 .It Cm KerberosGetAFSToken
846 If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire
847 an AFS token before accessing the user's home directory.
850 .It Cm KerberosOrLocalPasswd
851 If password authentication through Kerberos fails then
852 the password will be validated via any additional local mechanism
857 .It Cm KerberosTicketCleanup
858 Specifies whether to automatically destroy the user's ticket cache
863 Specifies the available KEX (Key Exchange) algorithms.
864 Multiple algorithms must be comma-separated.
865 Alternately if the specified value begins with a
867 character, then the specified methods will be appended to the default set
868 instead of replacing them.
869 The supported algorithms are:
871 .Bl -item -compact -offset indent
873 curve25519-sha256@libssh.org
875 diffie-hellman-group1-sha1
877 diffie-hellman-group14-sha1
879 diffie-hellman-group-exchange-sha1
881 diffie-hellman-group-exchange-sha256
891 .Bd -literal -offset indent
892 curve25519-sha256@libssh.org,
893 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
894 diffie-hellman-group-exchange-sha256,
895 diffie-hellman-group14-sha1
898 The list of available key exchange algorithms may also be obtained using the
904 .It Cm KeyRegenerationInterval
905 In protocol version 1, the ephemeral server key is automatically regenerated
906 after this many seconds (if it has been used).
907 The purpose of regeneration is to prevent
908 decrypting captured sessions by later breaking into the machine and
910 The key is never stored anywhere.
911 If the value is 0, the key is never regenerated.
912 The default is 3600 (seconds).
914 Specifies the local addresses
917 The following forms may be used:
919 .Bl -item -offset indent -compact
923 .Ar host | Ar IPv4_addr | Ar IPv6_addr
928 .Ar host | Ar IPv4_addr : Ar port
934 .Ar host | Ar IPv6_addr Oc : Ar port
941 sshd will listen on the address and all
944 The default is to listen on all local addresses.
947 options are permitted.
948 .It Cm LoginGraceTime
949 The server disconnects after this time if the user has not
950 successfully logged in.
951 If the value is 0, there is no time limit.
952 The default is 120 seconds.
954 Gives the verbosity level that is used when logging messages from
956 The possible values are:
957 QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
959 DEBUG and DEBUG1 are equivalent.
960 DEBUG2 and DEBUG3 each specify higher levels of debugging output.
961 Logging with a DEBUG level violates the privacy of users and is not recommended.
963 Specifies the available MAC (message authentication code) algorithms.
964 The MAC algorithm is used for data integrity protection.
965 Multiple algorithms must be comma-separated.
966 If the specified value begins with a
968 character, then the specified algorithms will be appended to the default set
969 instead of replacing them.
971 The algorithms that contain
973 calculate the MAC after encryption (encrypt-then-mac).
974 These are considered safer and their use recommended.
975 The supported MACs are:
977 .Bl -item -compact -offset indent
997 hmac-md5-etm@openssh.com
999 hmac-md5-96-etm@openssh.com
1001 hmac-ripemd160-etm@openssh.com
1003 hmac-sha1-etm@openssh.com
1005 hmac-sha1-96-etm@openssh.com
1007 hmac-sha2-256-etm@openssh.com
1009 hmac-sha2-512-etm@openssh.com
1011 umac-64-etm@openssh.com
1013 umac-128-etm@openssh.com
1017 .Bd -literal -offset indent
1018 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
1019 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
1020 hmac-sha1-etm@openssh.com,
1021 umac-64@openssh.com,umac-128@openssh.com,
1022 hmac-sha2-256,hmac-sha2-512,hmac-sha1
1025 The list of available MAC algorithms may also be obtained using the
1032 Introduces a conditional block.
1033 If all of the criteria on the
1035 line are satisfied, the keywords on the following lines override those
1036 set in the global section of the config file, until either another
1038 line or the end of the file.
1039 If a keyword appears in multiple
1041 blocks that are satisfied, only the first instance of the keyword is
1046 are one or more criteria-pattern pairs or the single token
1048 which matches all criteria.
1049 The available criteria are
1057 The match patterns may consist of single entries or comma-separated
1058 lists and may use the wildcard and negation operators described in the
1064 criteria may additionally contain addresses to match in CIDR
1065 address/masklen format, e.g.\&
1068 .Dq 3ffe:ffff::/32 .
1069 Note that the mask length provided must be consistent with the address -
1070 it is an error to specify a mask length that is too long for the address
1071 or one with bits set in this host portion of the address.
1078 Only a subset of keywords may be used on the lines following a
1081 Available keywords are
1083 .Cm AllowAgentForwarding ,
1085 .Cm AllowStreamLocalForwarding ,
1086 .Cm AllowTcpForwarding ,
1088 .Cm AuthenticationMethods ,
1089 .Cm AuthorizedKeysCommand ,
1090 .Cm AuthorizedKeysCommandUser ,
1091 .Cm AuthorizedKeysFile ,
1092 .Cm AuthorizedPrincipalsCommand ,
1093 .Cm AuthorizedPrincipalsCommandUser ,
1094 .Cm AuthorizedPrincipalsFile ,
1096 .Cm ChrootDirectory ,
1101 .Cm GSSAPIAuthentication ,
1102 .Cm HostbasedAcceptedKeyTypes ,
1103 .Cm HostbasedAuthentication ,
1104 .Cm HostbasedUsesNameFromPacketOnly ,
1106 .Cm KbdInteractiveAuthentication ,
1107 .Cm KerberosAuthentication ,
1110 .Cm PasswordAuthentication ,
1111 .Cm PermitEmptyPasswords ,
1113 .Cm PermitRootLogin ,
1117 .Cm PubkeyAcceptedKeyTypes ,
1118 .Cm PubkeyAuthentication ,
1121 .Cm RhostsRSAAuthentication ,
1122 .Cm RSAAuthentication ,
1123 .Cm StreamLocalBindMask ,
1124 .Cm StreamLocalBindUnlink ,
1125 .Cm TrustedUserCAKeys ,
1126 .Cm X11DisplayOffset ,
1129 .Cm X11UseLocalHost .
1131 Specifies the maximum number of authentication attempts permitted per
1133 Once the number of failures reaches half this value,
1134 additional failures are logged.
1137 Specifies the maximum number of open shell, login or subsystem (e.g. sftp)
1138 sessions permitted per network connection.
1139 Multiple sessions may be established by clients that support connection
1143 to 1 will effectively disable session multiplexing, whereas setting it to 0
1144 will prevent all shell, login and subsystem sessions while still permitting
1148 Specifies the maximum number of concurrent unauthenticated connections to the
1150 Additional connections will be dropped until authentication succeeds or the
1152 expires for a connection.
1153 The default is 10:30:100.
1155 Alternatively, random early drop can be enabled by specifying
1156 the three colon separated values
1160 will refuse connection attempts with a probability of
1163 if there are currently
1166 unauthenticated connections.
1167 The probability increases linearly and all connection attempts
1168 are refused if the number of unauthenticated connections reaches
1171 .It Cm PasswordAuthentication
1172 Specifies whether password authentication is allowed.
1175 .It Cm PermitEmptyPasswords
1176 When password authentication is allowed, it specifies whether the
1177 server allows login to accounts with empty password strings.
1181 Specifies the destinations to which TCP port forwarding is permitted.
1182 The forwarding specification must be one of the following forms:
1184 .Bl -item -offset indent -compact
1193 .Ar IPv4_addr : port
1198 .Ar \&[ IPv6_addr \&] : port
1202 Multiple forwards may be specified by separating them with whitespace.
1205 can be used to remove all restrictions and permit any forwarding requests.
1208 can be used to prohibit all forwarding requests.
1209 By default all port forwarding requests are permitted.
1210 .It Cm PermitRootLogin
1211 Specifies whether root can log in using
1213 The argument must be
1215 .Dq prohibit-password ,
1216 .Dq without-password ,
1217 .Dq forced-commands-only ,
1221 .Dq prohibit-password .
1223 If this option is set to
1224 .Dq prohibit-password
1226 .Dq without-password ,
1227 password and keyboard-interactive authentication are disabled for root.
1229 If this option is set to
1230 .Dq forced-commands-only ,
1231 root login with public key authentication will be allowed,
1234 option has been specified
1235 (which may be useful for taking remote backups even if root login is
1236 normally not allowed).
1237 All other authentication methods are disabled for root.
1239 If this option is set to
1241 root is not allowed to log in.
1245 device forwarding is allowed.
1246 The argument must be
1262 Independent of this setting, the permissions of the selected
1264 device must allow access to the user.
1268 allocation is permitted.
1271 .It Cm PermitUserEnvironment
1273 .Pa ~/.ssh/environment
1277 .Pa ~/.ssh/authorized_keys
1282 Enabling environment processing may enable users to bypass access
1283 restrictions in some configurations using mechanisms such as
1286 Specifies whether any
1292 Specifies the file that contains the process ID of the
1297 .Pa /var/run/sshd.pid .
1299 Specifies the port number that
1303 Multiple options of this type are permitted.
1309 should print the date and time of the last user login when a user logs
1318 when a user logs in interactively.
1319 (On some systems it is also printed by the shell,
1325 Specifies the protocol versions
1328 The possible values are
1332 Multiple versions must be comma-separated.
1335 Protocol 1 suffers from a number of cryptographic weaknesses and should
1337 It is only offered to support legacy devices.
1339 Note that the order of the protocol list does not indicate preference,
1340 because the client selects among multiple protocol versions offered
1346 .It Cm PubkeyAcceptedKeyTypes
1347 Specifies the key types that will be accepted for public key authentication
1348 as a comma-separated pattern list.
1349 Alternately if the specified value begins with a
1351 character, then the specified key types will be appended to the default set
1352 instead of replacing them.
1353 The default for this option is:
1354 .Bd -literal -offset 3n
1355 ecdsa-sha2-nistp256-cert-v01@openssh.com,
1356 ecdsa-sha2-nistp384-cert-v01@openssh.com,
1357 ecdsa-sha2-nistp521-cert-v01@openssh.com,
1358 ssh-ed25519-cert-v01@openssh.com,
1359 ssh-rsa-cert-v01@openssh.com,
1360 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1368 may be used to list supported key types.
1369 .It Cm PubkeyAuthentication
1370 Specifies whether public key authentication is allowed.
1374 Specifies the maximum amount of data that may be transmitted before the
1375 session key is renegotiated, optionally followed a maximum amount of
1376 time that may pass before the session key is renegotiated.
1377 The first argument is specified in bytes and may have a suffix of
1382 to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
1383 The default is between
1387 depending on the cipher.
1388 The optional second value is specified in seconds and may use any of the
1389 units documented in the
1392 The default value for
1396 which means that rekeying is performed after the cipher's default amount
1397 of data has been sent or received and no time based rekeying is done.
1399 Specifies revoked public keys file, or
1402 Keys listed in this file will be refused for public key authentication.
1403 Note that if this file is not readable, then public key authentication will
1404 be refused for all users.
1405 Keys may be specified as a text file, listing one public key per line, or as
1406 an OpenSSH Key Revocation List (KRL) as generated by
1408 For more information on KRLs, see the KEY REVOCATION LISTS section in
1410 .It Cm RhostsRSAAuthentication
1411 Specifies whether rhosts or /etc/hosts.equiv authentication together
1412 with successful RSA host authentication is allowed.
1415 This option applies to protocol version 1 only.
1416 .It Cm RSAAuthentication
1417 Specifies whether pure RSA authentication is allowed.
1420 This option applies to protocol version 1 only.
1421 .It Cm ServerKeyBits
1422 Defines the number of bits in the ephemeral protocol version 1 server key.
1423 The default and minimum value is 1024.
1424 .It Cm StreamLocalBindMask
1425 Sets the octal file creation mode mask
1427 used when creating a Unix-domain socket file for local or remote
1429 This option is only used for port forwarding to a Unix-domain socket file.
1431 The default value is 0177, which creates a Unix-domain socket file that is
1432 readable and writable only by the owner.
1433 Note that not all operating systems honor the file mode on Unix-domain
1435 .It Cm StreamLocalBindUnlink
1436 Specifies whether to remove an existing Unix-domain socket file for local
1437 or remote port forwarding before creating a new one.
1438 If the socket file already exists and
1439 .Cm StreamLocalBindUnlink
1442 will be unable to forward the port to the Unix-domain socket file.
1443 This option is only used for port forwarding to a Unix-domain socket file.
1445 The argument must be
1454 should check file modes and ownership of the
1455 user's files and home directory before accepting login.
1456 This is normally desirable because novices sometimes accidentally leave their
1457 directory or files world-writable.
1460 Note that this does not apply to
1461 .Cm ChrootDirectory ,
1462 whose permissions and ownership are checked unconditionally.
1464 Configures an external subsystem (e.g. file transfer daemon).
1465 Arguments should be a subsystem name and a command (with optional arguments)
1466 to execute upon subsystem request.
1472 file transfer subsystem.
1474 Alternately the name
1476 implements an in-process
1479 This may simplify configurations using
1481 to force a different filesystem root on clients.
1483 By default no subsystems are defined.
1484 .It Cm SyslogFacility
1485 Gives the facility code that is used when logging messages from
1487 The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
1488 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
1489 The default is AUTH.
1491 Specifies whether the system should send TCP keepalive messages to the
1493 If they are sent, death of the connection or crash of one
1494 of the machines will be properly noticed.
1495 However, this means that
1496 connections will die if the route is down temporarily, and some people
1498 On the other hand, if TCP keepalives are not sent,
1499 sessions may hang indefinitely on the server, leaving
1501 users and consuming server resources.
1505 (to send TCP keepalive messages), and the server will notice
1506 if the network goes down or the client host crashes.
1507 This avoids infinitely hanging sessions.
1509 To disable TCP keepalive messages, the value should be set to
1511 .It Cm TrustedUserCAKeys
1512 Specifies a file containing public keys of certificate authorities that are
1513 trusted to sign user certificates for authentication, or
1516 Keys are listed one per line; empty lines and comments starting with
1519 If a certificate is presented for authentication and has its signing CA key
1520 listed in this file, then it may be used for authentication for any user
1521 listed in the certificate's principals list.
1522 Note that certificates that lack a list of principals will not be permitted
1523 for authentication using
1524 .Cm TrustedUserCAKeys .
1525 For more details on certificates, see the CERTIFICATES section in
1530 should look up the remote host name, and to check that
1531 the resolved host name for the remote IP address maps back to the
1532 very same IP address.
1534 If this option is set to
1536 (the default) then only addresses and not host names may be used in
1537 .Pa ~/.ssh/known_hosts
1547 is used for interactive login sessions.
1552 is never used for remote command execution.
1553 Note also, that if this is enabled,
1555 will be disabled because
1557 does not know how to handle
1561 .Cm UsePrivilegeSeparation
1562 is specified, it will be disabled after authentication.
1564 Enables the Pluggable Authentication Module interface.
1567 this will enable PAM authentication using
1568 .Cm ChallengeResponseAuthentication
1570 .Cm PasswordAuthentication
1571 in addition to PAM account and session module processing for all
1572 authentication types.
1574 Because PAM challenge-response authentication usually serves an equivalent
1575 role to password authentication, you should disable either
1576 .Cm PasswordAuthentication
1578 .Cm ChallengeResponseAuthentication.
1582 is enabled, you will not be able to run
1587 .It Cm UsePrivilegeSeparation
1590 separates privileges by creating an unprivileged child process
1591 to deal with incoming network traffic.
1592 After successful authentication, another process will be created that has
1593 the privilege of the authenticated user.
1594 The goal of privilege separation is to prevent privilege
1595 escalation by containing any corruption within the unprivileged processes.
1596 The argument must be
1602 .Cm UsePrivilegeSeparation
1605 then the pre-authentication unprivileged process is subject to additional
1609 .It Cm VersionAddendum
1610 Optionally specifies additional text to append to the SSH protocol banner
1611 sent by the server upon connection.
1614 .It Cm X11DisplayOffset
1615 Specifies the first display number available for
1618 This prevents sshd from interfering with real X11 servers.
1620 .It Cm X11Forwarding
1621 Specifies whether X11 forwarding is permitted.
1622 The argument must be
1629 When X11 forwarding is enabled, there may be additional exposure to
1630 the server and to client displays if the
1632 proxy display is configured to listen on the wildcard address (see
1634 below), though this is not the default.
1635 Additionally, the authentication spoofing and authentication data
1636 verification and substitution occur on the client side.
1637 The security risk of using X11 forwarding is that the client's X11
1638 display server may be exposed to attack when the SSH client requests
1639 forwarding (see the warnings for
1642 .Xr ssh_config 5 ) .
1643 A system administrator may have a stance in which they want to
1644 protect clients that may expose themselves to attack by unwittingly
1645 requesting X11 forwarding, which can warrant a
1649 Note that disabling X11 forwarding does not prevent users from
1650 forwarding X11 traffic, as users can always install their own forwarders.
1651 X11 forwarding is automatically disabled if
1654 .It Cm X11UseLocalhost
1657 should bind the X11 forwarding server to the loopback address or to
1658 the wildcard address.
1660 sshd binds the forwarding server to the loopback address and sets the
1661 hostname part of the
1663 environment variable to
1665 This prevents remote hosts from connecting to the proxy display.
1666 However, some older X11 clients may not function with this
1671 to specify that the forwarding server should be bound to the wildcard
1673 The argument must be
1679 .It Cm XAuthLocation
1680 Specifies the full pathname of the
1686 .Pa /usr/X11R6/bin/xauth .
1690 command-line arguments and configuration file options that specify time
1691 may be expressed using a sequence of the form:
1693 .Ar time Op Ar qualifier ,
1697 is a positive integer value and
1699 is one of the following:
1701 .Bl -tag -width Ds -compact -offset indent
1716 Each member of the sequence is added together to calculate
1717 the total time value.
1719 Time format examples:
1721 .Bl -tag -width Ds -compact -offset indent
1723 600 seconds (10 minutes)
1727 1 hour 30 minutes (90 minutes)
1731 .It Pa /etc/ssh/sshd_config
1732 Contains configuration data for
1734 This file should be writable by root only, but it is recommended
1735 (though not necessary) that it be world-readable.
1740 OpenSSH is a derivative of the original and free
1741 ssh 1.2.12 release by Tatu Ylonen.
1742 Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
1743 Theo de Raadt and Dug Song
1744 removed many bugs, re-added newer features and
1746 Markus Friedl contributed the support for SSH
1747 protocol versions 1.5 and 2.0.
1748 Niels Provos and Markus Friedl contributed support
1749 for privilege separation.