2002-06-21 02:59:05 +02:00
|
|
|
.\"
|
|
|
|
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
|
|
|
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
|
|
|
.\" All rights reserved
|
|
|
|
.\"
|
|
|
|
.\" As far as I am concerned, the code I have written for this software
|
|
|
|
.\" can be used freely for any purpose. Any derived versions of this
|
|
|
|
.\" software must be clearly marked as such, and if the derived work is
|
|
|
|
.\" incompatible with the protocol description in the RFC file, it must be
|
|
|
|
.\" called by a name other than "ssh" or "Secure Shell".
|
|
|
|
.\"
|
|
|
|
.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
|
|
|
|
.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
|
|
|
|
.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
|
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
|
|
.\"
|
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
.\"
|
2019-06-12 07:53:21 +02:00
|
|
|
.\" $OpenBSD: sshd_config.5,v 1.286 2019/06/12 05:53:21 jmc Exp $
|
|
|
|
.Dd $Mdocdate: June 12 2019 $
|
2002-06-21 02:59:05 +02:00
|
|
|
.Dt SSHD_CONFIG 5
|
|
|
|
.Os
|
|
|
|
.Sh NAME
|
|
|
|
.Nm sshd_config
|
|
|
|
.Nd OpenSSH SSH daemon configuration file
|
|
|
|
.Sh DESCRIPTION
|
2006-03-15 01:57:25 +01:00
|
|
|
.Xr sshd 8
|
2002-06-21 02:59:05 +02:00
|
|
|
reads configuration data from
|
|
|
|
.Pa /etc/ssh/sshd_config
|
|
|
|
(or the file specified with
|
|
|
|
.Fl f
|
|
|
|
on the command line).
|
|
|
|
The file contains keyword-argument pairs, one per line.
|
2017-10-09 22:12:51 +02:00
|
|
|
For each keyword, the first obtained value will be used.
|
2002-06-21 02:59:05 +02:00
|
|
|
Lines starting with
|
|
|
|
.Ql #
|
|
|
|
and empty lines are interpreted as comments.
|
2006-03-15 02:05:59 +01:00
|
|
|
Arguments may optionally be enclosed in double quotes
|
|
|
|
.Pq \&"
|
|
|
|
in order to represent arguments containing spaces.
|
2002-06-21 02:59:05 +02:00
|
|
|
.Pp
|
|
|
|
The possible
|
|
|
|
keywords and their meanings are as follows (note that
|
|
|
|
keywords are case-insensitive and arguments are case-sensitive):
|
|
|
|
.Bl -tag -width Ds
|
2004-05-02 14:11:30 +02:00
|
|
|
.It Cm AcceptEnv
|
|
|
|
Specifies what environment variables sent by the client will be copied into
|
|
|
|
the session's
|
|
|
|
.Xr environ 7 .
|
|
|
|
See
|
|
|
|
.Cm SendEnv
|
2018-06-09 05:01:12 +02:00
|
|
|
and
|
|
|
|
.Cm SetEnv
|
2004-05-02 14:11:30 +02:00
|
|
|
in
|
|
|
|
.Xr ssh_config 5
|
|
|
|
for how to configure the client.
|
2016-02-17 08:38:19 +01:00
|
|
|
The
|
2015-04-28 12:17:58 +02:00
|
|
|
.Ev TERM
|
2018-06-09 05:18:11 +02:00
|
|
|
environment variable is always accepted whenever the client
|
2015-06-05 05:44:14 +02:00
|
|
|
requests a pseudo-terminal as it is required by the protocol.
|
2004-05-02 14:11:30 +02:00
|
|
|
Variables are specified by name, which may contain the wildcard characters
|
2006-03-15 01:56:03 +01:00
|
|
|
.Ql *
|
2004-05-02 14:11:30 +02:00
|
|
|
and
|
|
|
|
.Ql \&? .
|
2004-05-02 14:12:48 +02:00
|
|
|
Multiple environment variables may be separated by whitespace or spread
|
2004-05-02 14:11:30 +02:00
|
|
|
across multiple
|
|
|
|
.Cm AcceptEnv
|
|
|
|
directives.
|
2004-05-02 14:12:48 +02:00
|
|
|
Be warned that some environment variables could be used to bypass restricted
|
2004-05-02 14:11:30 +02:00
|
|
|
user environments.
|
|
|
|
For this reason, care should be taken in the use of this directive.
|
|
|
|
The default is not to accept any environment variables.
|
2005-01-20 00:57:56 +01:00
|
|
|
.It Cm AddressFamily
|
|
|
|
Specifies which address family should be used by
|
2006-03-15 01:57:25 +01:00
|
|
|
.Xr sshd 8 .
|
2005-01-20 00:57:56 +01:00
|
|
|
Valid arguments are
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm any
|
|
|
|
(the default),
|
|
|
|
.Cm inet
|
2006-03-15 01:56:56 +01:00
|
|
|
(use IPv4 only), or
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm inet6
|
2005-01-20 00:57:56 +01:00
|
|
|
(use IPv6 only).
|
2008-05-19 06:59:02 +02:00
|
|
|
.It Cm AllowAgentForwarding
|
|
|
|
Specifies whether
|
|
|
|
.Xr ssh-agent 1
|
|
|
|
forwarding is permitted.
|
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes .
|
2008-05-19 06:59:02 +02:00
|
|
|
Note that disabling agent forwarding does not improve security
|
|
|
|
unless users are also denied shell access, as they can always install
|
|
|
|
their own forwarders.
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm AllowGroups
|
|
|
|
This keyword can be followed by a list of group name patterns, separated
|
|
|
|
by spaces.
|
|
|
|
If specified, login is allowed only for users whose primary
|
|
|
|
group or supplementary group list matches one of the patterns.
|
|
|
|
Only group names are valid; a numerical group ID is not recognized.
|
|
|
|
By default, login is allowed for all groups.
|
2006-03-15 01:58:49 +01:00
|
|
|
The allow/deny directives are processed in the following order:
|
|
|
|
.Cm DenyUsers ,
|
|
|
|
.Cm AllowUsers ,
|
|
|
|
.Cm DenyGroups ,
|
|
|
|
and finally
|
|
|
|
.Cm AllowGroups .
|
2006-03-15 01:54:21 +01:00
|
|
|
.Pp
|
2013-07-18 08:11:50 +02:00
|
|
|
See PATTERNS in
|
2006-03-15 01:54:21 +01:00
|
|
|
.Xr ssh_config 5
|
|
|
|
for more information on patterns.
|
2016-09-07 20:39:24 +02:00
|
|
|
.It Cm AllowStreamLocalForwarding
|
|
|
|
Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
|
2012-12-02 23:50:54 +01:00
|
|
|
The available options are
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes
|
|
|
|
(the default)
|
2012-12-02 23:50:54 +01:00
|
|
|
or
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm all
|
2016-09-07 20:39:24 +02:00
|
|
|
to allow StreamLocal forwarding,
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no
|
2016-09-07 20:39:24 +02:00
|
|
|
to prevent all StreamLocal forwarding,
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm local
|
2012-12-02 23:50:54 +01:00
|
|
|
to allow local (from the perspective of
|
2012-12-07 03:06:13 +01:00
|
|
|
.Xr ssh 1 )
|
|
|
|
forwarding only or
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm remote
|
2012-12-02 23:50:54 +01:00
|
|
|
to allow remote forwarding only.
|
2016-09-07 20:39:24 +02:00
|
|
|
Note that disabling StreamLocal forwarding does not improve security unless
|
2002-06-21 02:59:05 +02:00
|
|
|
users are also denied shell access, as they can always install their
|
|
|
|
own forwarders.
|
2016-09-07 20:39:24 +02:00
|
|
|
.It Cm AllowTcpForwarding
|
|
|
|
Specifies whether TCP forwarding is permitted.
|
2014-07-18 06:11:24 +02:00
|
|
|
The available options are
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes
|
|
|
|
(the default)
|
2014-07-18 06:11:24 +02:00
|
|
|
or
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm all
|
2016-09-07 20:39:24 +02:00
|
|
|
to allow TCP forwarding,
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no
|
2016-09-07 20:39:24 +02:00
|
|
|
to prevent all TCP forwarding,
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm local
|
2014-07-18 06:11:24 +02:00
|
|
|
to allow local (from the perspective of
|
|
|
|
.Xr ssh 1 )
|
|
|
|
forwarding only or
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm remote
|
2014-07-18 06:11:24 +02:00
|
|
|
to allow remote forwarding only.
|
2016-09-07 20:39:24 +02:00
|
|
|
Note that disabling TCP forwarding does not improve security unless
|
2014-07-18 06:11:24 +02:00
|
|
|
users are also denied shell access, as they can always install their
|
|
|
|
own forwarders.
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm AllowUsers
|
|
|
|
This keyword can be followed by a list of user name patterns, separated
|
|
|
|
by spaces.
|
2003-01-24 01:34:52 +01:00
|
|
|
If specified, login is allowed only for user names that
|
2002-06-21 02:59:05 +02:00
|
|
|
match one of the patterns.
|
|
|
|
Only user names are valid; a numerical user ID is not recognized.
|
|
|
|
By default, login is allowed for all users.
|
|
|
|
If the pattern takes the form USER@HOST then USER and HOST
|
|
|
|
are separately checked, restricting logins to particular
|
|
|
|
users from particular hosts.
|
2016-04-27 15:53:48 +02:00
|
|
|
HOST criteria may additionally contain addresses to match in CIDR
|
|
|
|
address/masklen format.
|
2006-03-15 01:58:49 +01:00
|
|
|
The allow/deny directives are processed in the following order:
|
|
|
|
.Cm DenyUsers ,
|
|
|
|
.Cm AllowUsers ,
|
|
|
|
.Cm DenyGroups ,
|
|
|
|
and finally
|
|
|
|
.Cm AllowGroups .
|
2006-03-15 01:54:21 +01:00
|
|
|
.Pp
|
2013-07-18 08:11:50 +02:00
|
|
|
See PATTERNS in
|
2006-03-15 01:54:21 +01:00
|
|
|
.Xr ssh_config 5
|
|
|
|
for more information on patterns.
|
2012-11-04 13:21:40 +01:00
|
|
|
.It Cm AuthenticationMethods
|
|
|
|
Specifies the authentication methods that must be successfully completed
|
|
|
|
for a user to be granted access.
|
2018-07-20 07:01:10 +02:00
|
|
|
This option must be followed by one or more lists of comma-separated
|
2016-06-17 07:03:40 +02:00
|
|
|
authentication method names, or by the single string
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm any
|
2016-06-17 07:03:40 +02:00
|
|
|
to indicate the default behaviour of accepting any single authentication
|
2016-06-17 08:33:30 +02:00
|
|
|
method.
|
2016-10-07 16:41:52 +02:00
|
|
|
If the default is overridden, then successful authentication requires
|
2016-06-17 07:03:40 +02:00
|
|
|
completion of every method in at least one of these lists.
|
2012-11-04 13:21:40 +01:00
|
|
|
.Pp
|
2016-10-07 16:41:52 +02:00
|
|
|
For example,
|
|
|
|
.Qq publickey,password publickey,keyboard-interactive
|
2012-11-04 13:21:40 +01:00
|
|
|
would require the user to complete public key authentication, followed by
|
|
|
|
either password or keyboard interactive authentication.
|
|
|
|
Only methods that are next in one or more lists are offered at each stage,
|
2016-10-07 16:41:52 +02:00
|
|
|
so for this example it would not be possible to attempt password or
|
2012-11-04 13:21:40 +01:00
|
|
|
keyboard-interactive authentication before public key.
|
|
|
|
.Pp
|
2013-04-23 07:18:10 +02:00
|
|
|
For keyboard interactive authentication it is also possible to
|
|
|
|
restrict authentication to a specific device by appending a
|
|
|
|
colon followed by the device identifier
|
2018-07-20 05:18:28 +02:00
|
|
|
.Cm bsdauth
|
2013-04-23 07:18:10 +02:00
|
|
|
or
|
2018-07-20 05:18:28 +02:00
|
|
|
.Cm pam .
|
2013-04-23 07:18:10 +02:00
|
|
|
depending on the server configuration.
|
|
|
|
For example,
|
2016-10-07 16:41:52 +02:00
|
|
|
.Qq keyboard-interactive:bsdauth
|
2013-04-23 07:18:10 +02:00
|
|
|
would restrict keyboard interactive authentication to the
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm bsdauth
|
2013-04-23 07:18:10 +02:00
|
|
|
device.
|
|
|
|
.Pp
|
2016-10-07 16:41:52 +02:00
|
|
|
If the publickey method is listed more than once,
|
2014-12-22 08:51:30 +01:00
|
|
|
.Xr sshd 8
|
|
|
|
verifies that keys that have been used successfully are not reused for
|
|
|
|
subsequent authentications.
|
2016-10-07 16:41:52 +02:00
|
|
|
For example,
|
|
|
|
.Qq publickey,publickey
|
|
|
|
requires successful authentication using two different public keys.
|
2014-12-22 08:51:30 +01:00
|
|
|
.Pp
|
2012-11-04 13:21:40 +01:00
|
|
|
Note that each authentication method listed should also be explicitly enabled
|
|
|
|
in the configuration.
|
2017-09-01 07:50:48 +02:00
|
|
|
.Pp
|
|
|
|
The available authentication methods are:
|
|
|
|
.Qq gssapi-with-mic ,
|
|
|
|
.Qq hostbased ,
|
|
|
|
.Qq keyboard-interactive ,
|
|
|
|
.Qq none
|
|
|
|
(used for access to password-less accounts when
|
2018-05-15 07:40:11 +02:00
|
|
|
.Cm PermitEmptyPasswords
|
2017-09-01 07:50:48 +02:00
|
|
|
is enabled),
|
|
|
|
.Qq password
|
|
|
|
and
|
|
|
|
.Qq publickey .
|
2012-10-30 22:58:58 +01:00
|
|
|
.It Cm AuthorizedKeysCommand
|
2012-11-04 12:22:52 +01:00
|
|
|
Specifies a program to be used to look up the user's public keys.
|
2015-05-21 08:38:35 +02:00
|
|
|
The program must be owned by root, not writable by group or others and
|
|
|
|
specified by an absolute path.
|
|
|
|
Arguments to
|
|
|
|
.Cm AuthorizedKeysCommand
|
2016-09-22 21:19:01 +02:00
|
|
|
accept the tokens described in the
|
|
|
|
.Sx TOKENS
|
|
|
|
section.
|
|
|
|
If no arguments are specified then the username of the target user is used.
|
2015-05-21 08:38:35 +02:00
|
|
|
.Pp
|
|
|
|
The program should produce on standard output zero or
|
2016-09-22 21:19:01 +02:00
|
|
|
more lines of authorized_keys output (see
|
|
|
|
.Sx AUTHORIZED_KEYS
|
|
|
|
in
|
2012-11-04 12:22:52 +01:00
|
|
|
.Xr sshd 8 ) .
|
2016-09-22 21:19:01 +02:00
|
|
|
If a key supplied by
|
|
|
|
.Cm AuthorizedKeysCommand
|
|
|
|
does not successfully authenticate
|
2012-10-30 22:58:58 +01:00
|
|
|
and authorize the user then public key authentication continues using the usual
|
|
|
|
.Cm AuthorizedKeysFile
|
|
|
|
files.
|
2016-10-07 16:41:52 +02:00
|
|
|
By default, no
|
|
|
|
.Cm AuthorizedKeysCommand
|
|
|
|
is run.
|
2012-10-30 22:58:58 +01:00
|
|
|
.It Cm AuthorizedKeysCommandUser
|
2016-10-07 16:41:52 +02:00
|
|
|
Specifies the user under whose account the
|
|
|
|
.Cm AuthorizedKeysCommand
|
|
|
|
is run.
|
2012-10-30 22:58:58 +01:00
|
|
|
It is recommended to use a dedicated user that has no other role on the host
|
|
|
|
than running authorized keys commands.
|
2014-12-22 09:04:23 +01:00
|
|
|
If
|
2014-12-11 06:25:06 +01:00
|
|
|
.Cm AuthorizedKeysCommand
|
2014-12-22 09:04:23 +01:00
|
|
|
is specified but
|
|
|
|
.Cm AuthorizedKeysCommandUser
|
|
|
|
is not, then
|
|
|
|
.Xr sshd 8
|
|
|
|
will refuse to start.
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm AuthorizedKeysFile
|
2016-09-22 21:19:01 +02:00
|
|
|
Specifies the file that contains the public keys used for user authentication.
|
2019-05-14 14:47:17 +02:00
|
|
|
The format is described in the AUTHORIZED_KEYS FILE FORMAT section of
|
2010-07-02 05:35:19 +02:00
|
|
|
.Xr sshd 8 .
|
2016-09-22 21:19:01 +02:00
|
|
|
Arguments to
|
2002-06-21 02:59:05 +02:00
|
|
|
.Cm AuthorizedKeysFile
|
2016-09-22 21:19:01 +02:00
|
|
|
accept the tokens described in the
|
|
|
|
.Sx TOKENS
|
|
|
|
section.
|
2002-06-21 02:59:05 +02:00
|
|
|
After expansion,
|
|
|
|
.Cm AuthorizedKeysFile
|
|
|
|
is taken to be an absolute path or one relative to the user's home
|
|
|
|
directory.
|
2011-05-29 13:41:40 +02:00
|
|
|
Multiple files may be listed, separated by whitespace.
|
2015-09-11 05:13:36 +02:00
|
|
|
Alternately this option may be set to
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm none
|
2015-09-11 05:13:36 +02:00
|
|
|
to skip checking for user keys in files.
|
2011-05-29 13:41:40 +02:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Qq .ssh/authorized_keys .ssh/authorized_keys2 .
|
2015-05-21 08:43:30 +02:00
|
|
|
.It Cm AuthorizedPrincipalsCommand
|
|
|
|
Specifies a program to be used to generate the list of allowed
|
|
|
|
certificate principals as per
|
|
|
|
.Cm AuthorizedPrincipalsFile .
|
|
|
|
The program must be owned by root, not writable by group or others and
|
|
|
|
specified by an absolute path.
|
|
|
|
Arguments to
|
|
|
|
.Cm AuthorizedPrincipalsCommand
|
2016-09-22 21:19:01 +02:00
|
|
|
accept the tokens described in the
|
|
|
|
.Sx TOKENS
|
|
|
|
section.
|
|
|
|
If no arguments are specified then the username of the target user is used.
|
2015-05-21 08:43:30 +02:00
|
|
|
.Pp
|
|
|
|
The program should produce on standard output zero or
|
|
|
|
more lines of
|
|
|
|
.Cm AuthorizedPrincipalsFile
|
|
|
|
output.
|
|
|
|
If either
|
|
|
|
.Cm AuthorizedPrincipalsCommand
|
|
|
|
or
|
|
|
|
.Cm AuthorizedPrincipalsFile
|
|
|
|
is specified, then certificates offered by the client for authentication
|
|
|
|
must contain a principal that is listed.
|
2016-09-22 21:19:01 +02:00
|
|
|
By default, no
|
|
|
|
.Cm AuthorizedPrincipalsCommand
|
|
|
|
is run.
|
2015-05-21 08:43:30 +02:00
|
|
|
.It Cm AuthorizedPrincipalsCommandUser
|
2016-09-22 21:19:01 +02:00
|
|
|
Specifies the user under whose account the
|
|
|
|
.Cm AuthorizedPrincipalsCommand
|
|
|
|
is run.
|
2015-05-21 08:43:30 +02:00
|
|
|
It is recommended to use a dedicated user that has no other role on the host
|
|
|
|
than running authorized principals commands.
|
|
|
|
If
|
|
|
|
.Cm AuthorizedPrincipalsCommand
|
|
|
|
is specified but
|
|
|
|
.Cm AuthorizedPrincipalsCommandUser
|
|
|
|
is not, then
|
|
|
|
.Xr sshd 8
|
|
|
|
will refuse to start.
|
2010-05-10 03:58:03 +02:00
|
|
|
.It Cm AuthorizedPrincipalsFile
|
|
|
|
Specifies a file that lists principal names that are accepted for
|
|
|
|
certificate authentication.
|
|
|
|
When using certificates signed by a key listed in
|
|
|
|
.Cm TrustedUserCAKeys ,
|
|
|
|
this file lists names, one of which must appear in the certificate for it
|
|
|
|
to be accepted for authentication.
|
2016-09-22 21:19:01 +02:00
|
|
|
Names are listed one per line preceded by key options (as described in
|
|
|
|
.Sx AUTHORIZED_KEYS FILE FORMAT
|
|
|
|
in
|
2010-07-02 05:37:17 +02:00
|
|
|
.Xr sshd 8 ) .
|
2010-07-02 05:35:19 +02:00
|
|
|
Empty lines and comments starting with
|
2010-05-10 03:58:03 +02:00
|
|
|
.Ql #
|
|
|
|
are ignored.
|
|
|
|
.Pp
|
2016-09-22 21:19:01 +02:00
|
|
|
Arguments to
|
2010-05-10 03:58:03 +02:00
|
|
|
.Cm AuthorizedPrincipalsFile
|
2016-09-22 21:19:01 +02:00
|
|
|
accept the tokens described in the
|
|
|
|
.Sx TOKENS
|
|
|
|
section.
|
2010-05-10 03:58:03 +02:00
|
|
|
After expansion,
|
|
|
|
.Cm AuthorizedPrincipalsFile
|
2016-09-22 21:19:01 +02:00
|
|
|
is taken to be an absolute path or one relative to the user's home directory.
|
2012-04-22 03:25:10 +02:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm none ,
|
2012-04-22 03:25:10 +02:00
|
|
|
i.e. not to use a principals file \(en in this case, the username
|
2010-05-10 03:58:03 +02:00
|
|
|
of the user must appear in a certificate's principals list for it to be
|
|
|
|
accepted.
|
2016-09-22 21:19:01 +02:00
|
|
|
.Pp
|
2010-05-10 03:58:03 +02:00
|
|
|
Note that
|
|
|
|
.Cm AuthorizedPrincipalsFile
|
|
|
|
is only used when authentication proceeds using a CA listed in
|
|
|
|
.Cm TrustedUserCAKeys
|
|
|
|
and is not consulted for certification authorities trusted via
|
|
|
|
.Pa ~/.ssh/authorized_keys ,
|
|
|
|
though the
|
|
|
|
.Cm principals=
|
|
|
|
key option offers a similar facility (see
|
|
|
|
.Xr sshd 8
|
|
|
|
for details).
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm Banner
|
|
|
|
The contents of the specified file are sent to the remote user before
|
|
|
|
authentication is allowed.
|
2007-09-17 03:57:38 +02:00
|
|
|
If the argument is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm none
|
2007-09-17 03:57:38 +02:00
|
|
|
then no banner is displayed.
|
2002-06-21 02:59:05 +02:00
|
|
|
By default, no banner is displayed.
|
2018-09-20 05:28:06 +02:00
|
|
|
.It Cm CASignatureAlgorithms
|
|
|
|
Specifies which algorithms are allowed for signing of certificates
|
|
|
|
by certificate authorities (CAs).
|
|
|
|
The default is:
|
|
|
|
.Bd -literal -offset indent
|
|
|
|
ecdsa-sha2-nistp256.ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
|
|
|
|
ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
|
|
|
|
.Ed
|
|
|
|
.Pp
|
|
|
|
Certificates signed using other algorithms will not be accepted for
|
|
|
|
public key or host-based authentication.
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm ChallengeResponseAuthentication
|
2009-08-28 02:27:08 +02:00
|
|
|
Specifies whether challenge-response authentication is allowed (e.g. via
|
2014-10-03 01:24:56 +02:00
|
|
|
PAM or through authentication styles supported in
|
2009-08-28 02:27:08 +02:00
|
|
|
.Xr login.conf 5 )
|
2002-06-21 02:59:05 +02:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes .
|
2008-02-10 12:40:12 +01:00
|
|
|
.It Cm ChrootDirectory
|
2010-01-08 08:53:43 +01:00
|
|
|
Specifies the pathname of a directory to
|
2008-02-10 12:40:12 +01:00
|
|
|
.Xr chroot 2
|
|
|
|
to after authentication.
|
2015-01-22 21:24:41 +01:00
|
|
|
At session startup
|
|
|
|
.Xr sshd 8
|
|
|
|
checks that all components of the pathname are root-owned directories
|
|
|
|
which are not writable by any other user or group.
|
2009-06-21 09:56:51 +02:00
|
|
|
After the chroot,
|
|
|
|
.Xr sshd 8
|
|
|
|
changes the working directory to the user's home directory.
|
2016-09-22 21:19:01 +02:00
|
|
|
Arguments to
|
|
|
|
.Cm ChrootDirectory
|
|
|
|
accept the tokens described in the
|
|
|
|
.Sx TOKENS
|
|
|
|
section.
|
2008-02-10 12:40:12 +01:00
|
|
|
.Pp
|
|
|
|
The
|
|
|
|
.Cm ChrootDirectory
|
|
|
|
must contain the necessary files and directories to support the
|
2009-06-21 09:53:04 +02:00
|
|
|
user's session.
|
2008-02-10 12:40:12 +01:00
|
|
|
For an interactive session this requires at least a shell, typically
|
|
|
|
.Xr sh 1 ,
|
|
|
|
and basic
|
|
|
|
.Pa /dev
|
|
|
|
nodes such as
|
|
|
|
.Xr null 4 ,
|
|
|
|
.Xr zero 4 ,
|
|
|
|
.Xr stdin 4 ,
|
|
|
|
.Xr stdout 4 ,
|
|
|
|
.Xr stderr 4 ,
|
2014-11-22 20:21:03 +01:00
|
|
|
and
|
2008-02-10 12:40:12 +01:00
|
|
|
.Xr tty 4
|
|
|
|
devices.
|
2016-10-07 16:41:52 +02:00
|
|
|
For file transfer sessions using SFTP
|
|
|
|
no additional configuration of the environment is necessary if the in-process
|
|
|
|
sftp-server is used,
|
2014-07-30 04:33:20 +02:00
|
|
|
though sessions which use logging may require
|
2009-06-21 09:56:00 +02:00
|
|
|
.Pa /dev/log
|
2014-07-30 04:33:20 +02:00
|
|
|
inside the chroot directory on some operating systems (see
|
2009-06-21 09:56:00 +02:00
|
|
|
.Xr sftp-server 8
|
|
|
|
for details).
|
2008-02-10 12:40:12 +01:00
|
|
|
.Pp
|
2015-01-22 22:00:42 +01:00
|
|
|
For safety, it is very important that the directory hierarchy be
|
2015-01-22 21:24:41 +01:00
|
|
|
prevented from modification by other processes on the system (especially
|
|
|
|
those outside the jail).
|
|
|
|
Misconfiguration can lead to unsafe environments which
|
|
|
|
.Xr sshd 8
|
|
|
|
cannot detect.
|
|
|
|
.Pp
|
2015-11-13 05:38:06 +01:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm none ,
|
2015-11-13 05:38:06 +01:00
|
|
|
indicating not to
|
2008-02-10 12:40:12 +01:00
|
|
|
.Xr chroot 2 .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm Ciphers
|
2016-02-17 08:38:19 +01:00
|
|
|
Specifies the ciphers allowed.
|
2002-06-21 02:59:05 +02:00
|
|
|
Multiple ciphers must be comma-separated.
|
2015-07-30 02:01:34 +02:00
|
|
|
If the specified value begins with a
|
|
|
|
.Sq +
|
|
|
|
character, then the specified ciphers will be appended to the default set
|
|
|
|
instead of replacing them.
|
2017-02-04 00:01:19 +01:00
|
|
|
If the specified value begins with a
|
|
|
|
.Sq -
|
|
|
|
character, then the specified ciphers (including wildcards) will be removed
|
|
|
|
from the default set instead of replacing them.
|
2015-07-30 02:01:34 +02:00
|
|
|
.Pp
|
2013-11-21 04:12:23 +01:00
|
|
|
The supported ciphers are:
|
|
|
|
.Pp
|
2014-04-20 05:22:46 +02:00
|
|
|
.Bl -item -compact -offset indent
|
|
|
|
.It
|
|
|
|
3des-cbc
|
|
|
|
.It
|
|
|
|
aes128-cbc
|
|
|
|
.It
|
|
|
|
aes192-cbc
|
|
|
|
.It
|
|
|
|
aes256-cbc
|
|
|
|
.It
|
|
|
|
aes128-ctr
|
|
|
|
.It
|
|
|
|
aes192-ctr
|
|
|
|
.It
|
|
|
|
aes256-ctr
|
|
|
|
.It
|
|
|
|
aes128-gcm@openssh.com
|
|
|
|
.It
|
|
|
|
aes256-gcm@openssh.com
|
|
|
|
.It
|
|
|
|
chacha20-poly1305@openssh.com
|
|
|
|
.El
|
2013-11-21 04:12:23 +01:00
|
|
|
.Pp
|
2006-03-15 01:56:56 +01:00
|
|
|
The default is:
|
2014-04-20 05:22:46 +02:00
|
|
|
.Bd -literal -offset indent
|
2015-08-14 17:32:41 +02:00
|
|
|
chacha20-poly1305@openssh.com,
|
2014-04-20 05:22:46 +02:00
|
|
|
aes128-ctr,aes192-ctr,aes256-ctr,
|
2015-08-14 17:32:41 +02:00
|
|
|
aes128-gcm@openssh.com,aes256-gcm@openssh.com
|
2002-06-21 02:59:05 +02:00
|
|
|
.Ed
|
2013-11-21 04:12:23 +01:00
|
|
|
.Pp
|
2016-10-07 16:41:52 +02:00
|
|
|
The list of available ciphers may also be obtained using
|
|
|
|
.Qq ssh -Q cipher .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm ClientAliveCountMax
|
2016-10-07 16:41:52 +02:00
|
|
|
Sets the number of client alive messages which may be sent without
|
2006-03-15 01:56:56 +01:00
|
|
|
.Xr sshd 8
|
2003-05-23 10:44:23 +02:00
|
|
|
receiving any messages back from the client.
|
|
|
|
If this threshold is reached while client alive messages are being sent,
|
2006-03-15 01:56:56 +01:00
|
|
|
sshd will disconnect the client, terminating the session.
|
2003-05-23 10:44:23 +02:00
|
|
|
It is important to note that the use of client alive messages is very
|
|
|
|
different from
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm TCPKeepAlive .
|
2003-05-23 10:44:23 +02:00
|
|
|
The client alive messages are sent through the encrypted channel
|
|
|
|
and therefore will not be spoofable.
|
|
|
|
The TCP keepalive option enabled by
|
2003-12-17 06:31:10 +01:00
|
|
|
.Cm TCPKeepAlive
|
2003-05-23 10:44:23 +02:00
|
|
|
is spoofable.
|
|
|
|
The client alive mechanism is valuable when the client or
|
2002-06-21 02:59:05 +02:00
|
|
|
server depend on knowing when a connection has become inactive.
|
|
|
|
.Pp
|
2003-05-23 10:44:23 +02:00
|
|
|
The default value is 3.
|
|
|
|
If
|
2002-06-21 02:59:05 +02:00
|
|
|
.Cm ClientAliveInterval
|
2016-10-07 16:41:52 +02:00
|
|
|
is set to 15, and
|
2002-06-21 02:59:05 +02:00
|
|
|
.Cm ClientAliveCountMax
|
2006-03-15 01:56:56 +01:00
|
|
|
is left at the default, unresponsive SSH clients
|
2002-06-21 02:59:05 +02:00
|
|
|
will be disconnected after approximately 45 seconds.
|
2005-05-26 04:12:19 +02:00
|
|
|
.It Cm ClientAliveInterval
|
|
|
|
Sets a timeout interval in seconds after which if no data has been received
|
|
|
|
from the client,
|
2006-03-15 01:56:56 +01:00
|
|
|
.Xr sshd 8
|
2005-05-26 04:12:19 +02:00
|
|
|
will send a message through the encrypted
|
|
|
|
channel to request a response from the client.
|
|
|
|
The default
|
|
|
|
is 0, indicating that these messages will not be sent to the client.
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm Compression
|
2016-09-28 22:32:42 +02:00
|
|
|
Specifies whether compression is enabled after
|
2005-07-26 13:54:56 +02:00
|
|
|
the user has authenticated successfully.
|
2002-06-21 02:59:05 +02:00
|
|
|
The argument must be
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes ,
|
|
|
|
.Cm delayed
|
2016-09-28 22:32:42 +02:00
|
|
|
(a legacy synonym for
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes )
|
2002-06-21 02:59:05 +02:00
|
|
|
or
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2002-06-21 02:59:05 +02:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm DenyGroups
|
|
|
|
This keyword can be followed by a list of group name patterns, separated
|
|
|
|
by spaces.
|
|
|
|
Login is disallowed for users whose primary group or supplementary
|
|
|
|
group list matches one of the patterns.
|
|
|
|
Only group names are valid; a numerical group ID is not recognized.
|
|
|
|
By default, login is allowed for all groups.
|
2006-03-15 01:58:49 +01:00
|
|
|
The allow/deny directives are processed in the following order:
|
|
|
|
.Cm DenyUsers ,
|
|
|
|
.Cm AllowUsers ,
|
|
|
|
.Cm DenyGroups ,
|
|
|
|
and finally
|
|
|
|
.Cm AllowGroups .
|
2006-03-15 01:54:21 +01:00
|
|
|
.Pp
|
2013-07-18 08:11:50 +02:00
|
|
|
See PATTERNS in
|
2006-03-15 01:54:21 +01:00
|
|
|
.Xr ssh_config 5
|
|
|
|
for more information on patterns.
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm DenyUsers
|
|
|
|
This keyword can be followed by a list of user name patterns, separated
|
|
|
|
by spaces.
|
|
|
|
Login is disallowed for user names that match one of the patterns.
|
|
|
|
Only user names are valid; a numerical user ID is not recognized.
|
|
|
|
By default, login is allowed for all users.
|
|
|
|
If the pattern takes the form USER@HOST then USER and HOST
|
|
|
|
are separately checked, restricting logins to particular
|
|
|
|
users from particular hosts.
|
2016-04-27 15:53:48 +02:00
|
|
|
HOST criteria may additionally contain addresses to match in CIDR
|
|
|
|
address/masklen format.
|
2006-03-15 01:58:49 +01:00
|
|
|
The allow/deny directives are processed in the following order:
|
|
|
|
.Cm DenyUsers ,
|
|
|
|
.Cm AllowUsers ,
|
|
|
|
.Cm DenyGroups ,
|
|
|
|
and finally
|
|
|
|
.Cm AllowGroups .
|
2006-03-15 01:54:21 +01:00
|
|
|
.Pp
|
2013-07-18 08:11:50 +02:00
|
|
|
See PATTERNS in
|
2006-03-15 01:54:21 +01:00
|
|
|
.Xr ssh_config 5
|
|
|
|
for more information on patterns.
|
2016-11-30 04:00:05 +01:00
|
|
|
.It Cm DisableForwarding
|
|
|
|
Disables all forwarding features, including X11,
|
|
|
|
.Xr ssh-agent 1 ,
|
|
|
|
TCP and StreamLocal.
|
|
|
|
This option overrides all other forwarding-related options and may
|
|
|
|
simplify restricted configurations.
|
2017-06-24 08:34:38 +02:00
|
|
|
.It Cm ExposeAuthInfo
|
2017-09-27 08:45:53 +02:00
|
|
|
Writes a temporary file containing a list of authentication methods and
|
2017-06-24 08:34:38 +02:00
|
|
|
public credentials (e.g. keys) used to authenticate the user.
|
2017-06-24 08:57:04 +02:00
|
|
|
The location of the file is exposed to the user session through the
|
2017-06-24 09:08:57 +02:00
|
|
|
.Ev SSH_USER_AUTH
|
2017-06-24 08:57:04 +02:00
|
|
|
environment variable.
|
2017-09-27 08:45:53 +02:00
|
|
|
The default is
|
|
|
|
.Cm no .
|
2014-12-21 23:27:55 +01:00
|
|
|
.It Cm FingerprintHash
|
|
|
|
Specifies the hash algorithm used when logging key fingerprints.
|
|
|
|
Valid options are:
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm md5
|
2014-12-21 23:27:55 +01:00
|
|
|
and
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm sha256 .
|
2014-12-21 23:27:55 +01:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm sha256 .
|
2006-07-24 06:06:47 +02:00
|
|
|
.It Cm ForceCommand
|
|
|
|
Forces the execution of the command specified by
|
|
|
|
.Cm ForceCommand ,
|
2008-03-27 01:02:02 +01:00
|
|
|
ignoring any command supplied by the client and
|
|
|
|
.Pa ~/.ssh/rc
|
|
|
|
if present.
|
2006-07-24 06:06:47 +02:00
|
|
|
The command is invoked by using the user's login shell with the -c option.
|
|
|
|
This applies to shell, command, or subsystem execution.
|
|
|
|
It is most useful inside a
|
|
|
|
.Cm Match
|
|
|
|
block.
|
|
|
|
The command originally supplied by the client is available in the
|
|
|
|
.Ev SSH_ORIGINAL_COMMAND
|
|
|
|
environment variable.
|
2008-02-10 12:47:24 +01:00
|
|
|
Specifying a command of
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm internal-sftp
|
|
|
|
will force the use of an in-process SFTP server that requires no support
|
2008-02-10 12:47:24 +01:00
|
|
|
files when used with
|
|
|
|
.Cm ChrootDirectory .
|
2015-11-13 05:38:06 +01:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm none .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm GatewayPorts
|
|
|
|
Specifies whether remote hosts are allowed to connect to ports
|
|
|
|
forwarded for the client.
|
|
|
|
By default,
|
2006-03-15 01:56:56 +01:00
|
|
|
.Xr sshd 8
|
2003-04-01 13:42:14 +02:00
|
|
|
binds remote port forwardings to the loopback address.
|
|
|
|
This prevents other remote hosts from connecting to forwarded ports.
|
2002-06-21 02:59:05 +02:00
|
|
|
.Cm GatewayPorts
|
2006-03-15 01:56:56 +01:00
|
|
|
can be used to specify that sshd
|
2005-03-01 11:24:33 +01:00
|
|
|
should allow remote port forwardings to bind to non-loopback addresses, thus
|
|
|
|
allowing other hosts to connect.
|
|
|
|
The argument may be
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no
|
2005-03-01 11:24:33 +01:00
|
|
|
to force remote port forwardings to be available to the local host only,
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes
|
2005-03-01 11:24:33 +01:00
|
|
|
to force remote port forwardings to bind to the wildcard address, or
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm clientspecified
|
2005-03-01 11:24:33 +01:00
|
|
|
to allow the client to select the address to which the forwarding is bound.
|
2002-06-21 02:59:05 +02:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2003-08-26 03:49:55 +02:00
|
|
|
.It Cm GSSAPIAuthentication
|
2003-09-02 14:57:05 +02:00
|
|
|
Specifies whether user authentication based on GSSAPI is allowed.
|
2003-11-21 13:48:55 +01:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2003-08-26 03:49:55 +02:00
|
|
|
.It Cm GSSAPICleanupCredentials
|
|
|
|
Specifies whether to automatically destroy the user's credentials cache
|
|
|
|
on logout.
|
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes .
|
2015-05-22 05:50:02 +02:00
|
|
|
.It Cm GSSAPIStrictAcceptorCheck
|
|
|
|
Determines whether to be strict about the identity of the GSSAPI acceptor
|
|
|
|
a client authenticates against.
|
|
|
|
If set to
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes
|
|
|
|
then the client must authenticate against the host
|
2015-05-22 05:50:02 +02:00
|
|
|
service on the current hostname.
|
|
|
|
If set to
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no
|
2015-05-22 05:50:02 +02:00
|
|
|
then the client may authenticate against any service key stored in the
|
|
|
|
machine's default store.
|
|
|
|
This facility is provided to assist with operation on multi homed machines.
|
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes .
|
2015-01-13 08:39:19 +01:00
|
|
|
.It Cm HostbasedAcceptedKeyTypes
|
|
|
|
Specifies the key types that will be accepted for hostbased authentication
|
2018-07-04 15:49:31 +02:00
|
|
|
as a list of comma-separated patterns.
|
2015-07-30 02:01:34 +02:00
|
|
|
Alternately if the specified value begins with a
|
|
|
|
.Sq +
|
|
|
|
character, then the specified key types will be appended to the default set
|
|
|
|
instead of replacing them.
|
2017-02-04 00:01:19 +01:00
|
|
|
If the specified value begins with a
|
|
|
|
.Sq -
|
|
|
|
character, then the specified key types (including wildcards) will be removed
|
|
|
|
from the default set instead of replacing them.
|
2015-07-10 08:21:53 +02:00
|
|
|
The default for this option is:
|
|
|
|
.Bd -literal -offset 3n
|
|
|
|
ecdsa-sha2-nistp256-cert-v01@openssh.com,
|
|
|
|
ecdsa-sha2-nistp384-cert-v01@openssh.com,
|
|
|
|
ecdsa-sha2-nistp521-cert-v01@openssh.com,
|
|
|
|
ssh-ed25519-cert-v01@openssh.com,
|
2018-07-03 13:39:54 +02:00
|
|
|
rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
|
2015-07-10 08:21:53 +02:00
|
|
|
ssh-rsa-cert-v01@openssh.com,
|
|
|
|
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
|
2018-07-03 13:39:54 +02:00
|
|
|
ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
|
2015-07-10 08:21:53 +02:00
|
|
|
.Ed
|
|
|
|
.Pp
|
2016-10-07 16:41:52 +02:00
|
|
|
The list of available key types may also be obtained using
|
|
|
|
.Qq ssh -Q key .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm HostbasedAuthentication
|
|
|
|
Specifies whether rhosts or /etc/hosts.equiv authentication together
|
|
|
|
with successful public key client host authentication is allowed
|
2006-03-15 01:55:31 +01:00
|
|
|
(host-based authentication).
|
2002-06-21 02:59:05 +02:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2006-08-30 03:06:34 +02:00
|
|
|
.It Cm HostbasedUsesNameFromPacketOnly
|
|
|
|
Specifies whether or not the server will attempt to perform a reverse
|
|
|
|
name lookup when matching the name in the
|
|
|
|
.Pa ~/.shosts ,
|
|
|
|
.Pa ~/.rhosts ,
|
|
|
|
and
|
|
|
|
.Pa /etc/hosts.equiv
|
|
|
|
files during
|
|
|
|
.Cm HostbasedAuthentication .
|
|
|
|
A setting of
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes
|
2006-08-30 03:06:34 +02:00
|
|
|
means that
|
|
|
|
.Xr sshd 8
|
|
|
|
uses the name supplied by the client rather than
|
|
|
|
attempting to resolve the name from the TCP connection itself.
|
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2010-02-26 21:55:05 +01:00
|
|
|
.It Cm HostCertificate
|
|
|
|
Specifies a file containing a public host certificate.
|
|
|
|
The certificate's public key must match a private host key already specified
|
|
|
|
by
|
|
|
|
.Cm HostKey .
|
|
|
|
The default behaviour of
|
|
|
|
.Xr sshd 8
|
|
|
|
is not to load any certificates.
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm HostKey
|
|
|
|
Specifies a file containing a private host key
|
|
|
|
used by SSH.
|
2016-08-15 14:32:04 +02:00
|
|
|
The defaults are
|
2013-12-18 07:46:27 +01:00
|
|
|
.Pa /etc/ssh/ssh_host_ecdsa_key ,
|
|
|
|
.Pa /etc/ssh/ssh_host_ed25519_key
|
2002-06-21 02:59:05 +02:00
|
|
|
and
|
2016-08-15 14:32:04 +02:00
|
|
|
.Pa /etc/ssh/ssh_host_rsa_key .
|
2015-07-10 08:21:53 +02:00
|
|
|
.Pp
|
2002-06-21 02:59:05 +02:00
|
|
|
Note that
|
2006-03-15 01:56:56 +01:00
|
|
|
.Xr sshd 8
|
2015-07-10 08:21:53 +02:00
|
|
|
will refuse to use a file if it is group/world-accessible
|
|
|
|
and that the
|
|
|
|
.Cm HostKeyAlgorithms
|
|
|
|
option restricts which of the keys are actually used by
|
|
|
|
.Xr sshd 8 .
|
|
|
|
.Pp
|
2002-06-21 02:59:05 +02:00
|
|
|
It is possible to have multiple host key files.
|
2013-07-20 05:21:52 +02:00
|
|
|
It is also possible to specify public host key files instead.
|
|
|
|
In this case operations on the private key will be delegated
|
|
|
|
to an
|
|
|
|
.Xr ssh-agent 1 .
|
|
|
|
.It Cm HostKeyAgent
|
|
|
|
Identifies the UNIX-domain socket used to communicate
|
|
|
|
with an agent that has access to the private host keys.
|
2016-05-04 16:29:58 +02:00
|
|
|
If the string
|
2016-10-07 16:41:52 +02:00
|
|
|
.Qq SSH_AUTH_SOCK
|
2013-07-20 05:21:52 +02:00
|
|
|
is specified, the location of the socket will be read from the
|
|
|
|
.Ev SSH_AUTH_SOCK
|
|
|
|
environment variable.
|
2015-07-10 08:21:53 +02:00
|
|
|
.It Cm HostKeyAlgorithms
|
2016-02-17 08:38:19 +01:00
|
|
|
Specifies the host key algorithms
|
2015-07-10 08:21:53 +02:00
|
|
|
that the server offers.
|
|
|
|
The default for this option is:
|
|
|
|
.Bd -literal -offset 3n
|
|
|
|
ecdsa-sha2-nistp256-cert-v01@openssh.com,
|
|
|
|
ecdsa-sha2-nistp384-cert-v01@openssh.com,
|
|
|
|
ecdsa-sha2-nistp521-cert-v01@openssh.com,
|
|
|
|
ssh-ed25519-cert-v01@openssh.com,
|
2018-07-03 13:39:54 +02:00
|
|
|
rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
|
2015-07-10 08:21:53 +02:00
|
|
|
ssh-rsa-cert-v01@openssh.com,
|
|
|
|
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
|
2018-07-03 13:39:54 +02:00
|
|
|
ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
|
2015-07-10 08:21:53 +02:00
|
|
|
.Ed
|
|
|
|
.Pp
|
2016-10-07 16:41:52 +02:00
|
|
|
The list of available key types may also be obtained using
|
|
|
|
.Qq ssh -Q key .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm IgnoreRhosts
|
|
|
|
Specifies that
|
|
|
|
.Pa .rhosts
|
|
|
|
and
|
|
|
|
.Pa .shosts
|
|
|
|
files will not be used in
|
|
|
|
.Cm HostbasedAuthentication .
|
|
|
|
.Pp
|
|
|
|
.Pa /etc/hosts.equiv
|
|
|
|
and
|
|
|
|
.Pa /etc/shosts.equiv
|
|
|
|
are still used.
|
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm IgnoreUserKnownHosts
|
|
|
|
Specifies whether
|
2006-03-15 01:56:56 +01:00
|
|
|
.Xr sshd 8
|
2002-06-21 02:59:05 +02:00
|
|
|
should ignore the user's
|
2005-05-26 04:04:02 +02:00
|
|
|
.Pa ~/.ssh/known_hosts
|
2002-06-21 02:59:05 +02:00
|
|
|
during
|
2018-02-10 07:54:38 +01:00
|
|
|
.Cm HostbasedAuthentication
|
|
|
|
and use only the system-wide known hosts file
|
|
|
|
.Pa /etc/ssh/known_hosts .
|
2002-06-21 02:59:05 +02:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2010-11-20 05:19:38 +01:00
|
|
|
.It Cm IPQoS
|
|
|
|
Specifies the IPv4 type-of-service or DSCP class for the connection.
|
|
|
|
Accepted values are
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm af11 ,
|
|
|
|
.Cm af12 ,
|
|
|
|
.Cm af13 ,
|
|
|
|
.Cm af21 ,
|
|
|
|
.Cm af22 ,
|
|
|
|
.Cm af23 ,
|
|
|
|
.Cm af31 ,
|
|
|
|
.Cm af32 ,
|
|
|
|
.Cm af33 ,
|
|
|
|
.Cm af41 ,
|
|
|
|
.Cm af42 ,
|
|
|
|
.Cm af43 ,
|
|
|
|
.Cm cs0 ,
|
|
|
|
.Cm cs1 ,
|
|
|
|
.Cm cs2 ,
|
|
|
|
.Cm cs3 ,
|
|
|
|
.Cm cs4 ,
|
|
|
|
.Cm cs5 ,
|
|
|
|
.Cm cs6 ,
|
|
|
|
.Cm cs7 ,
|
|
|
|
.Cm ef ,
|
|
|
|
.Cm lowdelay ,
|
|
|
|
.Cm throughput ,
|
|
|
|
.Cm reliability ,
|
2017-07-24 01:37:02 +02:00
|
|
|
a numeric value, or
|
|
|
|
.Cm none
|
|
|
|
to use the operating system default.
|
2010-12-26 04:26:45 +01:00
|
|
|
This option may take one or two arguments, separated by whitespace.
|
2010-11-20 05:19:38 +01:00
|
|
|
If one argument is specified, it is used as the packet class unconditionally.
|
|
|
|
If two values are specified, the first is automatically selected for
|
|
|
|
interactive sessions and the second for non-interactive sessions.
|
|
|
|
The default is
|
upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for
interactive and CS1 for bulk
AF21 was selected as this is the highest priority within the low-latency
service class (and it is higher than what we have today). SSH is elastic
and time-sensitive data, where a user is waiting for a response via the
network in order to continue with a task at hand. As such, these flows
should be considered foreground traffic, with delays or drops to such
traffic directly impacting user-productivity.
For bulk SSH traffic, the CS1 "Lower Effort" marker was chosen to enable
networks implementing a scavanger/lower-than-best effort class to
discriminate scp(1) below normal activities, such as web surfing. In
general this type of bulk SSH traffic is a background activity.
An advantage of using "AF21" for interactive SSH and "CS1" for bulk SSH
is that they are recognisable values on all common platforms (IANA
https://www.iana.org/assignments/dscp-registry/dscp-registry.xml), and
for AF21 specifically a definition of the intended behavior exists
https://tools.ietf.org/html/rfc4594#section-4.7 in addition to the definition
of the Assured Forwarding PHB group https://tools.ietf.org/html/rfc2597, and
for CS1 (Lower Effort) there is https://tools.ietf.org/html/rfc3662
The first three bits of "AF21" map to the equivalent IEEEE 802.1D PCP, IEEE
802.11e, MPLS EXP/CoS and IP Precedence value of 2 (also known as "Immediate",
or "AC_BE"), and CS1's first 3 bits map to IEEEE 802.1D PCP, IEEE 802.11e,
MPLS/CoS and IP Precedence value 1 ("Background" or "AC_BK").
OK deraadt@, "no objection" djm@
OpenBSD-Commit-ID: d11d2a4484f461524ef0c20870523dfcdeb52181
2018-04-04 17:12:17 +02:00
|
|
|
.Cm af21
|
2018-04-08 09:36:02 +02:00
|
|
|
(Low-Latency Data)
|
2010-11-20 05:19:38 +01:00
|
|
|
for interactive sessions and
|
upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP AF21 for
interactive and CS1 for bulk
AF21 was selected as this is the highest priority within the low-latency
service class (and it is higher than what we have today). SSH is elastic
and time-sensitive data, where a user is waiting for a response via the
network in order to continue with a task at hand. As such, these flows
should be considered foreground traffic, with delays or drops to such
traffic directly impacting user-productivity.
For bulk SSH traffic, the CS1 "Lower Effort" marker was chosen to enable
networks implementing a scavanger/lower-than-best effort class to
discriminate scp(1) below normal activities, such as web surfing. In
general this type of bulk SSH traffic is a background activity.
An advantage of using "AF21" for interactive SSH and "CS1" for bulk SSH
is that they are recognisable values on all common platforms (IANA
https://www.iana.org/assignments/dscp-registry/dscp-registry.xml), and
for AF21 specifically a definition of the intended behavior exists
https://tools.ietf.org/html/rfc4594#section-4.7 in addition to the definition
of the Assured Forwarding PHB group https://tools.ietf.org/html/rfc2597, and
for CS1 (Lower Effort) there is https://tools.ietf.org/html/rfc3662
The first three bits of "AF21" map to the equivalent IEEEE 802.1D PCP, IEEE
802.11e, MPLS EXP/CoS and IP Precedence value of 2 (also known as "Immediate",
or "AC_BE"), and CS1's first 3 bits map to IEEEE 802.1D PCP, IEEE 802.11e,
MPLS/CoS and IP Precedence value 1 ("Background" or "AC_BK").
OK deraadt@, "no objection" djm@
OpenBSD-Commit-ID: d11d2a4484f461524ef0c20870523dfcdeb52181
2018-04-04 17:12:17 +02:00
|
|
|
.Cm cs1
|
2018-04-08 09:36:02 +02:00
|
|
|
(Lower Effort)
|
2010-11-20 05:19:38 +01:00
|
|
|
for non-interactive sessions.
|
2014-02-04 01:13:17 +01:00
|
|
|
.It Cm KbdInteractiveAuthentication
|
|
|
|
Specifies whether to allow keyboard-interactive authentication.
|
|
|
|
The argument to this keyword must be
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes
|
2014-02-04 01:13:17 +01:00
|
|
|
or
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2014-02-04 01:13:17 +01:00
|
|
|
The default is to use whatever value
|
|
|
|
.Cm ChallengeResponseAuthentication
|
|
|
|
is set to
|
|
|
|
(by default
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes ) .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm KerberosAuthentication
|
2003-09-02 14:51:17 +02:00
|
|
|
Specifies whether the password provided by the user for
|
2002-06-21 02:59:05 +02:00
|
|
|
.Cm PasswordAuthentication
|
2003-09-02 14:51:17 +02:00
|
|
|
will be validated through the Kerberos KDC.
|
2002-06-21 02:59:05 +02:00
|
|
|
To use this option, the server needs a
|
|
|
|
Kerberos servtab which allows the verification of the KDC's identity.
|
2006-03-15 01:56:56 +01:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2004-03-08 13:13:15 +01:00
|
|
|
.It Cm KerberosGetAFSToken
|
2005-10-03 10:19:06 +02:00
|
|
|
If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire
|
2004-03-08 13:13:15 +01:00
|
|
|
an AFS token before accessing the user's home directory.
|
2006-03-15 01:56:56 +01:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm KerberosOrLocalPasswd
|
2006-03-15 01:56:56 +01:00
|
|
|
If password authentication through Kerberos fails then
|
2002-06-21 02:59:05 +02:00
|
|
|
the password will be validated via any additional local mechanism
|
|
|
|
such as
|
|
|
|
.Pa /etc/passwd .
|
2006-03-15 01:56:56 +01:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm KerberosTicketCleanup
|
|
|
|
Specifies whether to automatically destroy the user's ticket cache
|
|
|
|
file on logout.
|
2006-03-15 01:56:56 +01:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes .
|
2010-09-24 14:11:14 +02:00
|
|
|
.It Cm KexAlgorithms
|
|
|
|
Specifies the available KEX (Key Exchange) algorithms.
|
|
|
|
Multiple algorithms must be comma-separated.
|
2015-07-30 02:01:34 +02:00
|
|
|
Alternately if the specified value begins with a
|
|
|
|
.Sq +
|
|
|
|
character, then the specified methods will be appended to the default set
|
|
|
|
instead of replacing them.
|
2017-02-04 00:01:19 +01:00
|
|
|
If the specified value begins with a
|
|
|
|
.Sq -
|
|
|
|
character, then the specified methods (including wildcards) will be removed
|
|
|
|
from the default set instead of replacing them.
|
2014-04-20 05:22:46 +02:00
|
|
|
The supported algorithms are:
|
|
|
|
.Pp
|
|
|
|
.Bl -item -compact -offset indent
|
|
|
|
.It
|
2016-09-22 19:55:13 +02:00
|
|
|
curve25519-sha256
|
|
|
|
.It
|
2014-04-20 05:22:46 +02:00
|
|
|
curve25519-sha256@libssh.org
|
|
|
|
.It
|
|
|
|
diffie-hellman-group1-sha1
|
|
|
|
.It
|
|
|
|
diffie-hellman-group14-sha1
|
|
|
|
.It
|
2018-02-16 03:40:45 +01:00
|
|
|
diffie-hellman-group14-sha256
|
|
|
|
.It
|
|
|
|
diffie-hellman-group16-sha512
|
|
|
|
.It
|
|
|
|
diffie-hellman-group18-sha512
|
|
|
|
.It
|
2014-04-20 05:22:46 +02:00
|
|
|
diffie-hellman-group-exchange-sha1
|
|
|
|
.It
|
|
|
|
diffie-hellman-group-exchange-sha256
|
|
|
|
.It
|
|
|
|
ecdh-sha2-nistp256
|
|
|
|
.It
|
|
|
|
ecdh-sha2-nistp384
|
|
|
|
.It
|
|
|
|
ecdh-sha2-nistp521
|
|
|
|
.El
|
|
|
|
.Pp
|
|
|
|
The default is:
|
2013-12-18 07:47:02 +01:00
|
|
|
.Bd -literal -offset indent
|
2016-09-22 19:55:13 +02:00
|
|
|
curve25519-sha256,curve25519-sha256@libssh.org,
|
2013-12-18 07:47:02 +01:00
|
|
|
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
|
|
|
|
diffie-hellman-group-exchange-sha256,
|
2018-02-16 03:40:45 +01:00
|
|
|
diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
|
|
|
|
diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
|
2013-12-18 07:47:02 +01:00
|
|
|
.Ed
|
2014-12-22 10:05:17 +01:00
|
|
|
.Pp
|
2016-10-07 16:41:52 +02:00
|
|
|
The list of available key exchange algorithms may also be obtained using
|
|
|
|
.Qq ssh -Q kex .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm ListenAddress
|
|
|
|
Specifies the local addresses
|
2006-03-15 01:56:56 +01:00
|
|
|
.Xr sshd 8
|
2002-06-21 02:59:05 +02:00
|
|
|
should listen on.
|
|
|
|
The following forms may be used:
|
|
|
|
.Pp
|
|
|
|
.Bl -item -offset indent -compact
|
|
|
|
.It
|
|
|
|
.Cm ListenAddress
|
|
|
|
.Sm off
|
2017-10-25 08:18:06 +02:00
|
|
|
.Ar hostname | address
|
2002-06-21 02:59:05 +02:00
|
|
|
.Sm on
|
2017-10-26 08:44:01 +02:00
|
|
|
.Op Cm rdomain Ar domain
|
2002-06-21 02:59:05 +02:00
|
|
|
.It
|
|
|
|
.Cm ListenAddress
|
|
|
|
.Sm off
|
2017-10-25 08:18:06 +02:00
|
|
|
.Ar hostname : port
|
2002-06-21 02:59:05 +02:00
|
|
|
.Sm on
|
2017-10-26 08:44:01 +02:00
|
|
|
.Op Cm rdomain Ar domain
|
2017-10-25 02:15:35 +02:00
|
|
|
.It
|
|
|
|
.Cm ListenAddress
|
|
|
|
.Sm off
|
2017-10-25 08:18:06 +02:00
|
|
|
.Ar IPv4_address : port
|
2017-10-25 02:15:35 +02:00
|
|
|
.Sm on
|
2017-10-26 08:44:01 +02:00
|
|
|
.Op Cm rdomain Ar domain
|
2002-06-21 02:59:05 +02:00
|
|
|
.It
|
|
|
|
.Cm ListenAddress
|
|
|
|
.Sm off
|
2017-10-25 08:18:06 +02:00
|
|
|
.Oo Ar hostname | address Oc : Ar port
|
2002-06-21 02:59:05 +02:00
|
|
|
.Sm on
|
2017-10-26 08:44:01 +02:00
|
|
|
.Op Cm rdomain Ar domain
|
2002-06-21 02:59:05 +02:00
|
|
|
.El
|
|
|
|
.Pp
|
2017-10-25 02:15:35 +02:00
|
|
|
The optional
|
|
|
|
.Cm rdomain
|
|
|
|
qualifier requests
|
|
|
|
.Xr sshd 8
|
|
|
|
listen in an explicit routing domain.
|
2002-06-21 02:59:05 +02:00
|
|
|
If
|
|
|
|
.Ar port
|
|
|
|
is not specified,
|
2015-04-29 05:48:56 +02:00
|
|
|
sshd will listen on the address and all
|
2002-06-21 02:59:05 +02:00
|
|
|
.Cm Port
|
2003-05-23 10:44:23 +02:00
|
|
|
options specified.
|
2017-10-25 02:15:35 +02:00
|
|
|
The default is to listen on all local addresses on the current default
|
|
|
|
routing domain.
|
2003-04-01 13:42:14 +02:00
|
|
|
Multiple
|
2002-06-21 02:59:05 +02:00
|
|
|
.Cm ListenAddress
|
2003-05-23 10:44:23 +02:00
|
|
|
options are permitted.
|
2017-10-25 02:15:35 +02:00
|
|
|
For more information on routing domains, see
|
2017-10-25 08:18:06 +02:00
|
|
|
.Xr rdomain 4 .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm LoginGraceTime
|
|
|
|
The server disconnects after this time if the user has not
|
|
|
|
successfully logged in.
|
|
|
|
If the value is 0, there is no time limit.
|
2002-09-05 06:35:14 +02:00
|
|
|
The default is 120 seconds.
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm LogLevel
|
|
|
|
Gives the verbosity level that is used when logging messages from
|
2006-03-15 01:57:25 +01:00
|
|
|
.Xr sshd 8 .
|
2002-06-21 02:59:05 +02:00
|
|
|
The possible values are:
|
2006-03-15 01:56:56 +01:00
|
|
|
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
|
2003-04-01 13:42:14 +02:00
|
|
|
The default is INFO.
|
|
|
|
DEBUG and DEBUG1 are equivalent.
|
|
|
|
DEBUG2 and DEBUG3 each specify higher levels of debugging output.
|
|
|
|
Logging with a DEBUG level violates the privacy of users and is not recommended.
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm MACs
|
|
|
|
Specifies the available MAC (message authentication code) algorithms.
|
2016-02-17 08:38:19 +01:00
|
|
|
The MAC algorithm is used for data integrity protection.
|
2002-06-21 02:59:05 +02:00
|
|
|
Multiple algorithms must be comma-separated.
|
2015-07-30 02:01:34 +02:00
|
|
|
If the specified value begins with a
|
|
|
|
.Sq +
|
|
|
|
character, then the specified algorithms will be appended to the default set
|
|
|
|
instead of replacing them.
|
2017-02-04 00:01:19 +01:00
|
|
|
If the specified value begins with a
|
|
|
|
.Sq -
|
|
|
|
character, then the specified algorithms (including wildcards) will be removed
|
|
|
|
from the default set instead of replacing them.
|
2015-07-30 02:01:34 +02:00
|
|
|
.Pp
|
2012-12-12 00:46:31 +01:00
|
|
|
The algorithms that contain
|
2016-10-07 16:41:52 +02:00
|
|
|
.Qq -etm
|
2012-12-12 00:46:31 +01:00
|
|
|
calculate the MAC after encryption (encrypt-then-mac).
|
|
|
|
These are considered safer and their use recommended.
|
2014-04-20 05:22:46 +02:00
|
|
|
The supported MACs are:
|
|
|
|
.Pp
|
|
|
|
.Bl -item -compact -offset indent
|
|
|
|
.It
|
|
|
|
hmac-md5
|
|
|
|
.It
|
|
|
|
hmac-md5-96
|
|
|
|
.It
|
|
|
|
hmac-sha1
|
|
|
|
.It
|
|
|
|
hmac-sha1-96
|
|
|
|
.It
|
|
|
|
hmac-sha2-256
|
|
|
|
.It
|
|
|
|
hmac-sha2-512
|
|
|
|
.It
|
|
|
|
umac-64@openssh.com
|
|
|
|
.It
|
|
|
|
umac-128@openssh.com
|
|
|
|
.It
|
|
|
|
hmac-md5-etm@openssh.com
|
|
|
|
.It
|
|
|
|
hmac-md5-96-etm@openssh.com
|
|
|
|
.It
|
|
|
|
hmac-sha1-etm@openssh.com
|
|
|
|
.It
|
|
|
|
hmac-sha1-96-etm@openssh.com
|
|
|
|
.It
|
|
|
|
hmac-sha2-256-etm@openssh.com
|
|
|
|
.It
|
|
|
|
hmac-sha2-512-etm@openssh.com
|
|
|
|
.It
|
|
|
|
umac-64-etm@openssh.com
|
|
|
|
.It
|
|
|
|
umac-128-etm@openssh.com
|
|
|
|
.El
|
|
|
|
.Pp
|
2006-03-15 01:56:56 +01:00
|
|
|
The default is:
|
2007-06-11 06:07:12 +02:00
|
|
|
.Bd -literal -offset indent
|
2012-12-12 00:46:31 +01:00
|
|
|
umac-64-etm@openssh.com,umac-128-etm@openssh.com,
|
|
|
|
hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
|
2016-02-11 03:56:32 +01:00
|
|
|
hmac-sha1-etm@openssh.com,
|
2014-04-20 05:22:46 +02:00
|
|
|
umac-64@openssh.com,umac-128@openssh.com,
|
2016-02-11 03:56:32 +01:00
|
|
|
hmac-sha2-256,hmac-sha2-512,hmac-sha1
|
2007-06-11 06:07:12 +02:00
|
|
|
.Ed
|
2014-12-22 10:05:17 +01:00
|
|
|
.Pp
|
2016-10-07 16:41:52 +02:00
|
|
|
The list of available MAC algorithms may also be obtained using
|
|
|
|
.Qq ssh -Q mac .
|
2006-07-12 14:34:17 +02:00
|
|
|
.It Cm Match
|
2006-07-24 05:46:50 +02:00
|
|
|
Introduces a conditional block.
|
2006-07-24 06:05:08 +02:00
|
|
|
If all of the criteria on the
|
2006-07-12 14:34:17 +02:00
|
|
|
.Cm Match
|
2006-07-24 06:05:08 +02:00
|
|
|
line are satisfied, the keywords on the following lines override those
|
|
|
|
set in the global section of the config file, until either another
|
2006-07-12 14:34:17 +02:00
|
|
|
.Cm Match
|
2006-07-24 06:05:08 +02:00
|
|
|
line or the end of the file.
|
2014-02-28 00:01:28 +01:00
|
|
|
If a keyword appears in multiple
|
|
|
|
.Cm Match
|
2014-08-30 18:32:25 +02:00
|
|
|
blocks that are satisfied, only the first instance of the keyword is
|
2014-02-28 00:01:28 +01:00
|
|
|
applied.
|
2008-06-10 14:59:10 +02:00
|
|
|
.Pp
|
2006-07-24 05:46:50 +02:00
|
|
|
The arguments to
|
2006-07-12 14:34:17 +02:00
|
|
|
.Cm Match
|
2013-10-24 12:02:56 +02:00
|
|
|
are one or more criteria-pattern pairs or the single token
|
|
|
|
.Cm All
|
|
|
|
which matches all criteria.
|
2006-07-12 14:34:17 +02:00
|
|
|
The available criteria are
|
|
|
|
.Cm User ,
|
2006-08-18 16:23:15 +02:00
|
|
|
.Cm Group ,
|
2006-07-12 14:34:17 +02:00
|
|
|
.Cm Host ,
|
2012-05-19 11:37:01 +02:00
|
|
|
.Cm LocalAddress ,
|
|
|
|
.Cm LocalPort ,
|
2017-10-25 02:19:47 +02:00
|
|
|
.Cm RDomain ,
|
2006-07-12 14:34:17 +02:00
|
|
|
and
|
2017-10-25 02:19:47 +02:00
|
|
|
.Cm Address
|
|
|
|
(with
|
|
|
|
.Cm RDomain
|
|
|
|
representing the
|
|
|
|
.Xr rdomain 4
|
2019-03-22 21:58:34 +01:00
|
|
|
on which the connection was received).
|
2017-10-25 02:19:47 +02:00
|
|
|
.Pp
|
2008-06-10 14:59:10 +02:00
|
|
|
The match patterns may consist of single entries or comma-separated
|
|
|
|
lists and may use the wildcard and negation operators described in the
|
2016-10-07 16:41:52 +02:00
|
|
|
.Sx PATTERNS
|
|
|
|
section of
|
2008-06-10 14:59:53 +02:00
|
|
|
.Xr ssh_config 5 .
|
2008-06-10 14:59:10 +02:00
|
|
|
.Pp
|
|
|
|
The patterns in an
|
|
|
|
.Cm Address
|
|
|
|
criteria may additionally contain addresses to match in CIDR
|
2016-10-07 16:41:52 +02:00
|
|
|
address/masklen format,
|
|
|
|
such as 192.0.2.0/24 or 2001:db8::/32.
|
2008-06-10 14:59:10 +02:00
|
|
|
Note that the mask length provided must be consistent with the address -
|
|
|
|
it is an error to specify a mask length that is too long for the address
|
2008-06-10 15:03:04 +02:00
|
|
|
or one with bits set in this host portion of the address.
|
2016-10-07 16:41:52 +02:00
|
|
|
For example, 192.0.2.0/33 and 192.0.2.0/8, respectively.
|
2008-06-10 14:59:10 +02:00
|
|
|
.Pp
|
2006-07-12 14:34:17 +02:00
|
|
|
Only a subset of keywords may be used on the lines following a
|
|
|
|
.Cm Match
|
|
|
|
keyword.
|
|
|
|
Available keywords are
|
2012-06-20 13:54:15 +02:00
|
|
|
.Cm AcceptEnv ,
|
2009-01-28 06:20:17 +01:00
|
|
|
.Cm AllowAgentForwarding ,
|
2012-06-20 13:54:15 +02:00
|
|
|
.Cm AllowGroups ,
|
2015-02-20 23:40:32 +01:00
|
|
|
.Cm AllowStreamLocalForwarding ,
|
2006-07-24 06:04:00 +02:00
|
|
|
.Cm AllowTcpForwarding ,
|
2012-06-20 13:53:58 +02:00
|
|
|
.Cm AllowUsers ,
|
2012-11-04 13:21:40 +01:00
|
|
|
.Cm AuthenticationMethods ,
|
2012-10-30 22:58:58 +01:00
|
|
|
.Cm AuthorizedKeysCommand ,
|
|
|
|
.Cm AuthorizedKeysCommandUser ,
|
2012-11-04 12:22:52 +01:00
|
|
|
.Cm AuthorizedKeysFile ,
|
2015-11-13 03:57:46 +01:00
|
|
|
.Cm AuthorizedPrincipalsCommand ,
|
|
|
|
.Cm AuthorizedPrincipalsCommandUser ,
|
2010-06-26 01:38:45 +02:00
|
|
|
.Cm AuthorizedPrincipalsFile ,
|
2007-02-19 12:25:37 +01:00
|
|
|
.Cm Banner ,
|
2008-05-19 06:27:42 +02:00
|
|
|
.Cm ChrootDirectory ,
|
2016-11-24 00:14:15 +01:00
|
|
|
.Cm ClientAliveCountMax ,
|
|
|
|
.Cm ClientAliveInterval ,
|
2012-06-20 13:53:58 +02:00
|
|
|
.Cm DenyGroups ,
|
|
|
|
.Cm DenyUsers ,
|
2006-07-24 06:06:47 +02:00
|
|
|
.Cm ForceCommand ,
|
2015-02-20 23:40:32 +01:00
|
|
|
.Cm GatewayPorts ,
|
2015-02-21 00:46:01 +01:00
|
|
|
.Cm GSSAPIAuthentication ,
|
2015-01-13 08:39:19 +01:00
|
|
|
.Cm HostbasedAcceptedKeyTypes ,
|
2008-05-19 06:29:08 +02:00
|
|
|
.Cm HostbasedAuthentication ,
|
2010-06-26 01:38:45 +02:00
|
|
|
.Cm HostbasedUsesNameFromPacketOnly ,
|
2015-02-20 23:40:32 +01:00
|
|
|
.Cm IPQoS ,
|
2007-03-01 11:31:28 +01:00
|
|
|
.Cm KbdInteractiveAuthentication ,
|
2007-03-06 11:21:18 +01:00
|
|
|
.Cm KerberosAuthentication ,
|
2017-05-17 03:24:17 +02:00
|
|
|
.Cm LogLevel ,
|
2008-06-15 23:56:20 +02:00
|
|
|
.Cm MaxAuthTries ,
|
2008-06-15 23:55:46 +02:00
|
|
|
.Cm MaxSessions ,
|
2007-02-19 12:25:37 +01:00
|
|
|
.Cm PasswordAuthentication ,
|
2008-11-03 09:23:10 +01:00
|
|
|
.Cm PermitEmptyPasswords ,
|
2018-06-06 20:24:00 +02:00
|
|
|
.Cm PermitListen ,
|
2006-07-24 06:05:48 +02:00
|
|
|
.Cm PermitOpen ,
|
2008-01-01 10:36:56 +01:00
|
|
|
.Cm PermitRootLogin ,
|
2013-10-30 12:21:50 +01:00
|
|
|
.Cm PermitTTY ,
|
2010-06-26 01:38:45 +02:00
|
|
|
.Cm PermitTunnel ,
|
2014-07-04 01:00:04 +02:00
|
|
|
.Cm PermitUserRC ,
|
2015-01-13 08:39:19 +01:00
|
|
|
.Cm PubkeyAcceptedKeyTypes ,
|
2009-10-06 23:36:05 +02:00
|
|
|
.Cm PubkeyAuthentication ,
|
2013-05-16 12:29:28 +02:00
|
|
|
.Cm RekeyLimit ,
|
2015-02-20 23:40:32 +01:00
|
|
|
.Cm RevokedKeys ,
|
2017-10-25 02:17:08 +02:00
|
|
|
.Cm RDomain ,
|
2018-06-09 05:03:10 +02:00
|
|
|
.Cm SetEnv ,
|
2015-02-20 23:40:32 +01:00
|
|
|
.Cm StreamLocalBindMask ,
|
|
|
|
.Cm StreamLocalBindUnlink ,
|
|
|
|
.Cm TrustedUserCAKeys ,
|
2006-07-24 06:05:48 +02:00
|
|
|
.Cm X11DisplayOffset ,
|
2009-02-23 00:53:58 +01:00
|
|
|
.Cm X11Forwarding
|
2006-07-12 14:34:17 +02:00
|
|
|
and
|
2019-06-12 07:53:21 +02:00
|
|
|
.Cm X11UseLocalhost .
|
2004-05-24 02:36:23 +02:00
|
|
|
.It Cm MaxAuthTries
|
|
|
|
Specifies the maximum number of authentication attempts permitted per
|
2004-06-30 14:39:34 +02:00
|
|
|
connection.
|
|
|
|
Once the number of failures reaches half this value,
|
|
|
|
additional failures are logged.
|
|
|
|
The default is 6.
|
2008-05-19 07:34:50 +02:00
|
|
|
.It Cm MaxSessions
|
2016-02-05 03:37:56 +01:00
|
|
|
Specifies the maximum number of open shell, login or subsystem (e.g. sftp)
|
|
|
|
sessions permitted per network connection.
|
|
|
|
Multiple sessions may be established by clients that support connection
|
|
|
|
multiplexing.
|
|
|
|
Setting
|
|
|
|
.Cm MaxSessions
|
|
|
|
to 1 will effectively disable session multiplexing, whereas setting it to 0
|
|
|
|
will prevent all shell, login and subsystem sessions while still permitting
|
|
|
|
forwarding.
|
2008-05-19 07:34:50 +02:00
|
|
|
The default is 10.
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm MaxStartups
|
|
|
|
Specifies the maximum number of concurrent unauthenticated connections to the
|
2006-03-15 01:56:56 +01:00
|
|
|
SSH daemon.
|
2002-06-21 02:59:05 +02:00
|
|
|
Additional connections will be dropped until authentication succeeds or the
|
|
|
|
.Cm LoginGraceTime
|
|
|
|
expires for a connection.
|
2013-02-12 01:02:08 +01:00
|
|
|
The default is 10:30:100.
|
2002-06-21 02:59:05 +02:00
|
|
|
.Pp
|
|
|
|
Alternatively, random early drop can be enabled by specifying
|
|
|
|
the three colon separated values
|
2016-10-07 16:41:52 +02:00
|
|
|
start:rate:full (e.g. "10:30:60").
|
2006-03-15 01:57:25 +01:00
|
|
|
.Xr sshd 8
|
2016-10-07 16:41:52 +02:00
|
|
|
will refuse connection attempts with a probability of rate/100 (30%)
|
|
|
|
if there are currently start (10) unauthenticated connections.
|
2002-06-21 02:59:05 +02:00
|
|
|
The probability increases linearly and all connection attempts
|
2016-10-07 16:41:52 +02:00
|
|
|
are refused if the number of unauthenticated connections reaches full (60).
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm PasswordAuthentication
|
|
|
|
Specifies whether password authentication is allowed.
|
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm PermitEmptyPasswords
|
|
|
|
When password authentication is allowed, it specifies whether the
|
|
|
|
server allows login to accounts with empty password strings.
|
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2018-06-06 20:24:00 +02:00
|
|
|
.It Cm PermitListen
|
|
|
|
Specifies the addresses/ports on which a remote TCP port forwarding may listen.
|
|
|
|
The listen specification must be one of the following forms:
|
|
|
|
.Pp
|
|
|
|
.Bl -item -offset indent -compact
|
|
|
|
.It
|
|
|
|
.Cm PermitListen
|
|
|
|
.Sm off
|
2018-06-19 04:59:41 +02:00
|
|
|
.Ar port
|
2018-06-06 20:24:00 +02:00
|
|
|
.Sm on
|
|
|
|
.It
|
|
|
|
.Cm PermitListen
|
|
|
|
.Sm off
|
2018-06-19 04:59:41 +02:00
|
|
|
.Ar host : port
|
2018-06-06 20:24:00 +02:00
|
|
|
.Sm on
|
|
|
|
.El
|
|
|
|
.Pp
|
|
|
|
Multiple permissions may be specified by separating them with whitespace.
|
|
|
|
An argument of
|
|
|
|
.Cm any
|
|
|
|
can be used to remove all restrictions and permit any listen requests.
|
|
|
|
An argument of
|
|
|
|
.Cm none
|
|
|
|
can be used to prohibit all listen requests.
|
|
|
|
The host name may contain wildcards as described in the PATTERNS section in
|
|
|
|
.Xr ssh_config 5 .
|
|
|
|
The wildcard
|
|
|
|
.Sq *
|
|
|
|
can also be used in place of a port number to allow all ports.
|
|
|
|
By default all port forwarding listen requests are permitted.
|
2018-06-07 13:26:14 +02:00
|
|
|
Note that the
|
2018-06-06 20:24:00 +02:00
|
|
|
.Cm GatewayPorts
|
|
|
|
option may further restrict which addresses may be listened on.
|
2018-06-19 04:59:41 +02:00
|
|
|
Note also that
|
|
|
|
.Xr ssh 1
|
|
|
|
will request a listen host of
|
|
|
|
.Dq localhost
|
2019-01-23 21:48:52 +01:00
|
|
|
if no listen host was specifically requested, and this name is
|
2018-06-19 07:36:57 +02:00
|
|
|
treated differently to explicit localhost addresses of
|
2018-06-19 04:59:41 +02:00
|
|
|
.Dq 127.0.0.1
|
|
|
|
and
|
|
|
|
.Dq ::1 .
|
2006-07-24 06:04:00 +02:00
|
|
|
.It Cm PermitOpen
|
|
|
|
Specifies the destinations to which TCP port forwarding is permitted.
|
|
|
|
The forwarding specification must be one of the following forms:
|
|
|
|
.Pp
|
|
|
|
.Bl -item -offset indent -compact
|
|
|
|
.It
|
|
|
|
.Cm PermitOpen
|
|
|
|
.Sm off
|
|
|
|
.Ar host : port
|
|
|
|
.Sm on
|
|
|
|
.It
|
|
|
|
.Cm PermitOpen
|
|
|
|
.Sm off
|
|
|
|
.Ar IPv4_addr : port
|
|
|
|
.Sm on
|
|
|
|
.It
|
|
|
|
.Cm PermitOpen
|
|
|
|
.Sm off
|
|
|
|
.Ar \&[ IPv6_addr \&] : port
|
|
|
|
.Sm on
|
|
|
|
.El
|
|
|
|
.Pp
|
2006-07-24 06:08:13 +02:00
|
|
|
Multiple forwards may be specified by separating them with whitespace.
|
2006-07-24 06:04:00 +02:00
|
|
|
An argument of
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm any
|
2006-07-24 06:04:00 +02:00
|
|
|
can be used to remove all restrictions and permit any forwarding requests.
|
2012-05-19 11:37:33 +02:00
|
|
|
An argument of
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm none
|
2012-05-19 11:37:33 +02:00
|
|
|
can be used to prohibit all forwarding requests.
|
2016-07-19 14:59:16 +02:00
|
|
|
The wildcard
|
2016-10-07 16:41:52 +02:00
|
|
|
.Sq *
|
2016-07-19 14:59:16 +02:00
|
|
|
can be used for host or port to allow all hosts or ports, respectively.
|
2006-07-24 06:04:16 +02:00
|
|
|
By default all port forwarding requests are permitted.
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm PermitRootLogin
|
2005-01-20 01:01:46 +01:00
|
|
|
Specifies whether root can log in using
|
2002-06-21 02:59:05 +02:00
|
|
|
.Xr ssh 1 .
|
|
|
|
The argument must be
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes ,
|
|
|
|
.Cm prohibit-password ,
|
|
|
|
.Cm forced-commands-only ,
|
2002-06-21 02:59:05 +02:00
|
|
|
or
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2002-06-21 02:59:05 +02:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm prohibit-password .
|
2002-06-21 02:59:05 +02:00
|
|
|
.Pp
|
|
|
|
If this option is set to
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm prohibit-password
|
2017-10-13 18:50:45 +02:00
|
|
|
(or its deprecated alias,
|
|
|
|
.Cm without-password ) ,
|
2015-08-06 16:53:21 +02:00
|
|
|
password and keyboard-interactive authentication are disabled for root.
|
2002-06-21 02:59:05 +02:00
|
|
|
.Pp
|
|
|
|
If this option is set to
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm forced-commands-only ,
|
2002-06-21 02:59:05 +02:00
|
|
|
root login with public key authentication will be allowed,
|
|
|
|
but only if the
|
|
|
|
.Ar command
|
|
|
|
option has been specified
|
|
|
|
(which may be useful for taking remote backups even if root login is
|
2003-05-23 10:44:23 +02:00
|
|
|
normally not allowed).
|
|
|
|
All other authentication methods are disabled for root.
|
2002-06-21 02:59:05 +02:00
|
|
|
.Pp
|
|
|
|
If this option is set to
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no ,
|
2005-01-20 01:01:46 +01:00
|
|
|
root is not allowed to log in.
|
2016-09-07 20:39:24 +02:00
|
|
|
.It Cm PermitTTY
|
|
|
|
Specifies whether
|
|
|
|
.Xr pty 4
|
|
|
|
allocation is permitted.
|
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes .
|
2005-12-13 09:29:02 +01:00
|
|
|
.It Cm PermitTunnel
|
|
|
|
Specifies whether
|
|
|
|
.Xr tun 4
|
|
|
|
device forwarding is allowed.
|
2005-12-13 09:33:19 +01:00
|
|
|
The argument must be
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes ,
|
|
|
|
.Cm point-to-point
|
2006-07-10 12:16:27 +02:00
|
|
|
(layer 3),
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm ethernet
|
2006-07-10 12:16:27 +02:00
|
|
|
(layer 2), or
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2006-07-10 12:16:27 +02:00
|
|
|
Specifying
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes
|
2006-07-10 12:16:27 +02:00
|
|
|
permits both
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm point-to-point
|
2006-07-10 12:16:27 +02:00
|
|
|
and
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm ethernet .
|
2005-12-13 09:29:02 +01:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2014-09-09 11:45:36 +02:00
|
|
|
.Pp
|
|
|
|
Independent of this setting, the permissions of the selected
|
|
|
|
.Xr tun 4
|
|
|
|
device must allow access to the user.
|
2002-08-01 03:28:38 +02:00
|
|
|
.It Cm PermitUserEnvironment
|
|
|
|
Specifies whether
|
|
|
|
.Pa ~/.ssh/environment
|
2002-08-20 20:54:20 +02:00
|
|
|
and
|
2002-08-01 03:28:38 +02:00
|
|
|
.Cm environment=
|
|
|
|
options in
|
|
|
|
.Pa ~/.ssh/authorized_keys
|
2002-08-20 20:54:20 +02:00
|
|
|
are processed by
|
2006-03-15 01:56:56 +01:00
|
|
|
.Xr sshd 8 .
|
2018-07-03 12:59:35 +02:00
|
|
|
Valid options are
|
|
|
|
.Cm yes ,
|
|
|
|
.Cm no
|
|
|
|
or a pattern-list specifying which environment variable names to accept
|
|
|
|
(for example
|
|
|
|
.Qq LANG,LC_* ) .
|
2002-08-01 03:28:38 +02:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2002-08-20 20:54:20 +02:00
|
|
|
Enabling environment processing may enable users to bypass access
|
|
|
|
restrictions in some configurations using mechanisms such as
|
|
|
|
.Ev LD_PRELOAD .
|
2014-07-04 01:00:04 +02:00
|
|
|
.It Cm PermitUserRC
|
|
|
|
Specifies whether any
|
|
|
|
.Pa ~/.ssh/rc
|
|
|
|
file is executed.
|
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm PidFile
|
2002-06-23 02:35:25 +02:00
|
|
|
Specifies the file that contains the process ID of the
|
2015-04-17 01:25:50 +02:00
|
|
|
SSH daemon, or
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm none
|
2015-04-17 01:25:50 +02:00
|
|
|
to not write one.
|
2002-06-21 02:59:05 +02:00
|
|
|
The default is
|
|
|
|
.Pa /var/run/sshd.pid .
|
|
|
|
.It Cm Port
|
|
|
|
Specifies the port number that
|
2006-03-15 01:56:56 +01:00
|
|
|
.Xr sshd 8
|
2002-06-21 02:59:05 +02:00
|
|
|
listens on.
|
|
|
|
The default is 22.
|
|
|
|
Multiple options of this type are permitted.
|
|
|
|
See also
|
|
|
|
.Cm ListenAddress .
|
|
|
|
.It Cm PrintLastLog
|
|
|
|
Specifies whether
|
2006-03-15 01:56:56 +01:00
|
|
|
.Xr sshd 8
|
2004-11-05 10:06:59 +01:00
|
|
|
should print the date and time of the last user login when a user logs
|
|
|
|
in interactively.
|
2002-06-21 02:59:05 +02:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm PrintMotd
|
|
|
|
Specifies whether
|
2006-03-15 01:56:56 +01:00
|
|
|
.Xr sshd 8
|
2002-06-21 02:59:05 +02:00
|
|
|
should print
|
|
|
|
.Pa /etc/motd
|
|
|
|
when a user logs in interactively.
|
|
|
|
(On some systems it is also printed by the shell,
|
|
|
|
.Pa /etc/profile ,
|
|
|
|
or equivalent.)
|
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes .
|
2015-01-13 08:39:19 +01:00
|
|
|
.It Cm PubkeyAcceptedKeyTypes
|
|
|
|
Specifies the key types that will be accepted for public key authentication
|
2018-07-04 15:49:31 +02:00
|
|
|
as a list of comma-separated patterns.
|
2015-07-30 02:01:34 +02:00
|
|
|
Alternately if the specified value begins with a
|
|
|
|
.Sq +
|
|
|
|
character, then the specified key types will be appended to the default set
|
|
|
|
instead of replacing them.
|
2017-02-04 00:01:19 +01:00
|
|
|
If the specified value begins with a
|
|
|
|
.Sq -
|
|
|
|
character, then the specified key types (including wildcards) will be removed
|
|
|
|
from the default set instead of replacing them.
|
2015-07-10 08:21:53 +02:00
|
|
|
The default for this option is:
|
|
|
|
.Bd -literal -offset 3n
|
|
|
|
ecdsa-sha2-nistp256-cert-v01@openssh.com,
|
|
|
|
ecdsa-sha2-nistp384-cert-v01@openssh.com,
|
|
|
|
ecdsa-sha2-nistp521-cert-v01@openssh.com,
|
|
|
|
ssh-ed25519-cert-v01@openssh.com,
|
2018-07-03 13:39:54 +02:00
|
|
|
rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
|
2015-07-10 08:21:53 +02:00
|
|
|
ssh-rsa-cert-v01@openssh.com,
|
|
|
|
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
|
2018-07-03 13:39:54 +02:00
|
|
|
ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
|
2015-07-10 08:21:53 +02:00
|
|
|
.Ed
|
|
|
|
.Pp
|
2016-10-07 16:41:52 +02:00
|
|
|
The list of available key types may also be obtained using
|
|
|
|
.Qq ssh -Q key .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm PubkeyAuthentication
|
|
|
|
Specifies whether public key authentication is allowed.
|
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes .
|
2013-05-16 12:29:28 +02:00
|
|
|
.It Cm RekeyLimit
|
|
|
|
Specifies the maximum amount of data that may be transmitted before the
|
|
|
|
session key is renegotiated, optionally followed a maximum amount of
|
|
|
|
time that may pass before the session key is renegotiated.
|
|
|
|
The first argument is specified in bytes and may have a suffix of
|
|
|
|
.Sq K ,
|
|
|
|
.Sq M ,
|
|
|
|
or
|
|
|
|
.Sq G
|
|
|
|
to indicate Kilobytes, Megabytes, or Gigabytes, respectively.
|
|
|
|
The default is between
|
|
|
|
.Sq 1G
|
|
|
|
and
|
|
|
|
.Sq 4G ,
|
|
|
|
depending on the cipher.
|
|
|
|
The optional second value is specified in seconds and may use any of the
|
|
|
|
units documented in the
|
|
|
|
.Sx TIME FORMATS
|
2013-05-16 12:31:29 +02:00
|
|
|
section.
|
2013-05-16 12:29:28 +02:00
|
|
|
The default value for
|
|
|
|
.Cm RekeyLimit
|
|
|
|
is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm default none ,
|
2013-05-16 12:29:28 +02:00
|
|
|
which means that rekeying is performed after the cipher's default amount
|
|
|
|
of data has been sent or received and no time based rekeying is done.
|
2010-03-04 11:53:35 +01:00
|
|
|
.It Cm RevokedKeys
|
2015-04-17 01:25:50 +02:00
|
|
|
Specifies revoked public keys file, or
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm none
|
2015-04-17 01:25:50 +02:00
|
|
|
to not use one.
|
2010-03-04 11:53:35 +01:00
|
|
|
Keys listed in this file will be refused for public key authentication.
|
|
|
|
Note that if this file is not readable, then public key authentication will
|
|
|
|
be refused for all users.
|
2013-01-18 01:44:04 +01:00
|
|
|
Keys may be specified as a text file, listing one public key per line, or as
|
|
|
|
an OpenSSH Key Revocation List (KRL) as generated by
|
2013-01-20 12:33:44 +01:00
|
|
|
.Xr ssh-keygen 1 .
|
2013-07-18 08:11:50 +02:00
|
|
|
For more information on KRLs, see the KEY REVOCATION LISTS section in
|
2013-01-18 01:44:04 +01:00
|
|
|
.Xr ssh-keygen 1 .
|
2017-10-25 02:17:08 +02:00
|
|
|
.It Cm RDomain
|
|
|
|
Specifies an explicit routing domain that is applied after authentication
|
|
|
|
has completed.
|
2017-10-25 08:18:06 +02:00
|
|
|
The user session, as well and any forwarded or listening IP sockets,
|
|
|
|
will be bound to this
|
2017-10-25 02:17:08 +02:00
|
|
|
.Xr rdomain 4 .
|
|
|
|
If the routing domain is set to
|
|
|
|
.Cm \&%D ,
|
2017-10-25 08:18:06 +02:00
|
|
|
then the domain in which the incoming connection was received will be applied.
|
2018-06-09 05:03:10 +02:00
|
|
|
.It Cm SetEnv
|
|
|
|
Specifies one or more environment variables to set in child sessions started
|
|
|
|
by
|
|
|
|
.Xr sshd 8
|
|
|
|
as
|
|
|
|
.Dq NAME=VALUE .
|
|
|
|
The environment value may be quoted (e.g. if it contains whitespace
|
|
|
|
characters).
|
|
|
|
Environment variables set by
|
|
|
|
.Cm SetEnv
|
|
|
|
override the default environment and any variables specified by the user
|
|
|
|
via
|
|
|
|
.Cm AcceptEnv
|
|
|
|
or
|
|
|
|
.Cm PermitUserEnvironment .
|
2014-07-18 06:11:24 +02:00
|
|
|
.It Cm StreamLocalBindMask
|
|
|
|
Sets the octal file creation mode mask
|
|
|
|
.Pq umask
|
|
|
|
used when creating a Unix-domain socket file for local or remote
|
|
|
|
port forwarding.
|
|
|
|
This option is only used for port forwarding to a Unix-domain socket file.
|
|
|
|
.Pp
|
|
|
|
The default value is 0177, which creates a Unix-domain socket file that is
|
|
|
|
readable and writable only by the owner.
|
|
|
|
Note that not all operating systems honor the file mode on Unix-domain
|
|
|
|
socket files.
|
|
|
|
.It Cm StreamLocalBindUnlink
|
|
|
|
Specifies whether to remove an existing Unix-domain socket file for local
|
|
|
|
or remote port forwarding before creating a new one.
|
|
|
|
If the socket file already exists and
|
|
|
|
.Cm StreamLocalBindUnlink
|
|
|
|
is not enabled,
|
|
|
|
.Nm sshd
|
|
|
|
will be unable to forward the port to the Unix-domain socket file.
|
|
|
|
This option is only used for port forwarding to a Unix-domain socket file.
|
|
|
|
.Pp
|
|
|
|
The argument must be
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes
|
2014-07-18 06:11:24 +02:00
|
|
|
or
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2014-07-18 06:11:24 +02:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm StrictModes
|
|
|
|
Specifies whether
|
2006-03-15 01:56:56 +01:00
|
|
|
.Xr sshd 8
|
2002-06-21 02:59:05 +02:00
|
|
|
should check file modes and ownership of the
|
|
|
|
user's files and home directory before accepting login.
|
|
|
|
This is normally desirable because novices sometimes accidentally leave their
|
|
|
|
directory or files world-writable.
|
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes .
|
2010-01-08 07:06:47 +01:00
|
|
|
Note that this does not apply to
|
|
|
|
.Cm ChrootDirectory ,
|
|
|
|
whose permissions and ownership are checked unconditionally.
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm Subsystem
|
2006-03-15 01:56:03 +01:00
|
|
|
Configures an external subsystem (e.g. file transfer daemon).
|
2006-07-10 12:36:47 +02:00
|
|
|
Arguments should be a subsystem name and a command (with optional arguments)
|
|
|
|
to execute upon subsystem request.
|
2008-02-10 12:40:12 +01:00
|
|
|
.Pp
|
2002-06-21 02:59:05 +02:00
|
|
|
The command
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm sftp-server
|
|
|
|
implements the SFTP file transfer subsystem.
|
2008-02-10 12:40:12 +01:00
|
|
|
.Pp
|
|
|
|
Alternately the name
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm internal-sftp
|
|
|
|
implements an in-process SFTP server.
|
2008-02-10 12:40:12 +01:00
|
|
|
This may simplify configurations using
|
|
|
|
.Cm ChrootDirectory
|
|
|
|
to force a different filesystem root on clients.
|
|
|
|
.Pp
|
2002-06-21 02:59:05 +02:00
|
|
|
By default no subsystems are defined.
|
|
|
|
.It Cm SyslogFacility
|
|
|
|
Gives the facility code that is used when logging messages from
|
2006-03-15 01:57:25 +01:00
|
|
|
.Xr sshd 8 .
|
2002-06-21 02:59:05 +02:00
|
|
|
The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
|
|
|
|
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
|
|
|
|
The default is AUTH.
|
2003-12-17 06:31:10 +01:00
|
|
|
.It Cm TCPKeepAlive
|
|
|
|
Specifies whether the system should send TCP keepalive messages to the
|
|
|
|
other side.
|
|
|
|
If they are sent, death of the connection or crash of one
|
|
|
|
of the machines will be properly noticed.
|
|
|
|
However, this means that
|
|
|
|
connections will die if the route is down temporarily, and some people
|
|
|
|
find it annoying.
|
|
|
|
On the other hand, if TCP keepalives are not sent,
|
|
|
|
sessions may hang indefinitely on the server, leaving
|
2016-10-07 16:41:52 +02:00
|
|
|
.Qq ghost
|
2003-12-17 06:31:10 +01:00
|
|
|
users and consuming server resources.
|
|
|
|
.Pp
|
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes
|
2003-12-17 06:31:10 +01:00
|
|
|
(to send TCP keepalive messages), and the server will notice
|
|
|
|
if the network goes down or the client host crashes.
|
|
|
|
This avoids infinitely hanging sessions.
|
|
|
|
.Pp
|
|
|
|
To disable TCP keepalive messages, the value should be set to
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2010-03-04 11:53:35 +01:00
|
|
|
.It Cm TrustedUserCAKeys
|
|
|
|
Specifies a file containing public keys of certificate authorities that are
|
2015-04-17 01:25:50 +02:00
|
|
|
trusted to sign user certificates for authentication, or
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm none
|
2015-04-17 01:25:50 +02:00
|
|
|
to not use one.
|
2010-03-04 21:39:01 +01:00
|
|
|
Keys are listed one per line; empty lines and comments starting with
|
2010-03-04 11:53:35 +01:00
|
|
|
.Ql #
|
|
|
|
are allowed.
|
|
|
|
If a certificate is presented for authentication and has its signing CA key
|
|
|
|
listed in this file, then it may be used for authentication for any user
|
|
|
|
listed in the certificate's principals list.
|
|
|
|
Note that certificates that lack a list of principals will not be permitted
|
|
|
|
for authentication using
|
|
|
|
.Cm TrustedUserCAKeys .
|
2013-07-18 08:11:50 +02:00
|
|
|
For more details on certificates, see the CERTIFICATES section in
|
2010-03-04 11:53:35 +01:00
|
|
|
.Xr ssh-keygen 1 .
|
2003-06-03 02:25:48 +02:00
|
|
|
.It Cm UseDNS
|
|
|
|
Specifies whether
|
2006-03-15 01:56:56 +01:00
|
|
|
.Xr sshd 8
|
2015-07-20 02:30:01 +02:00
|
|
|
should look up the remote host name, and to check that
|
2003-06-03 02:25:48 +02:00
|
|
|
the resolved host name for the remote IP address maps back to the
|
|
|
|
very same IP address.
|
2015-07-20 02:30:01 +02:00
|
|
|
.Pp
|
|
|
|
If this option is set to
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no
|
2015-07-20 02:30:01 +02:00
|
|
|
(the default) then only addresses and not host names may be used in
|
2016-03-17 18:19:43 +01:00
|
|
|
.Pa ~/.ssh/authorized_keys
|
2015-07-20 02:30:01 +02:00
|
|
|
.Cm from
|
|
|
|
and
|
2015-08-14 17:32:41 +02:00
|
|
|
.Nm
|
2015-07-20 02:30:01 +02:00
|
|
|
.Cm Match
|
|
|
|
.Cm Host
|
|
|
|
directives.
|
2003-05-14 07:13:03 +02:00
|
|
|
.It Cm UsePAM
|
2004-05-13 08:51:40 +02:00
|
|
|
Enables the Pluggable Authentication Module interface.
|
|
|
|
If set to
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes
|
2004-05-13 08:51:40 +02:00
|
|
|
this will enable PAM authentication using
|
|
|
|
.Cm ChallengeResponseAuthentication
|
2006-02-23 11:35:30 +01:00
|
|
|
and
|
|
|
|
.Cm PasswordAuthentication
|
|
|
|
in addition to PAM account and session module processing for all
|
|
|
|
authentication types.
|
2004-05-13 08:51:40 +02:00
|
|
|
.Pp
|
|
|
|
Because PAM challenge-response authentication usually serves an equivalent
|
|
|
|
role to password authentication, you should disable either
|
|
|
|
.Cm PasswordAuthentication
|
|
|
|
or
|
|
|
|
.Cm ChallengeResponseAuthentication.
|
|
|
|
.Pp
|
|
|
|
If
|
|
|
|
.Cm UsePAM
|
|
|
|
is enabled, you will not be able to run
|
|
|
|
.Xr sshd 8
|
|
|
|
as a non-root user.
|
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2012-04-22 03:24:43 +02:00
|
|
|
.It Cm VersionAddendum
|
|
|
|
Optionally specifies additional text to append to the SSH protocol banner
|
|
|
|
sent by the server upon connection.
|
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm none .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm X11DisplayOffset
|
|
|
|
Specifies the first display number available for
|
2006-03-15 01:56:56 +01:00
|
|
|
.Xr sshd 8 Ns 's
|
2002-06-21 02:59:05 +02:00
|
|
|
X11 forwarding.
|
2006-03-15 01:56:56 +01:00
|
|
|
This prevents sshd from interfering with real X11 servers.
|
2002-06-21 02:59:05 +02:00
|
|
|
The default is 10.
|
|
|
|
.It Cm X11Forwarding
|
|
|
|
Specifies whether X11 forwarding is permitted.
|
2002-09-19 03:51:21 +02:00
|
|
|
The argument must be
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes
|
2002-09-19 03:51:21 +02:00
|
|
|
or
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2002-06-21 02:59:05 +02:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2002-09-19 03:51:21 +02:00
|
|
|
.Pp
|
|
|
|
When X11 forwarding is enabled, there may be additional exposure to
|
|
|
|
the server and to client displays if the
|
2006-03-15 01:56:56 +01:00
|
|
|
.Xr sshd 8
|
2002-09-19 03:51:21 +02:00
|
|
|
proxy display is configured to listen on the wildcard address (see
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm X11UseLocalhost ) ,
|
|
|
|
though this is not the default.
|
2002-09-19 03:51:21 +02:00
|
|
|
Additionally, the authentication spoofing and authentication data
|
|
|
|
verification and substitution occur on the client side.
|
|
|
|
The security risk of using X11 forwarding is that the client's X11
|
2006-03-15 01:56:56 +01:00
|
|
|
display server may be exposed to attack when the SSH client requests
|
2002-09-19 03:51:21 +02:00
|
|
|
forwarding (see the warnings for
|
|
|
|
.Cm ForwardX11
|
|
|
|
in
|
2003-06-11 14:04:39 +02:00
|
|
|
.Xr ssh_config 5 ) .
|
2002-09-19 03:51:21 +02:00
|
|
|
A system administrator may have a stance in which they want to
|
|
|
|
protect clients that may expose themselves to attack by unwittingly
|
|
|
|
requesting X11 forwarding, which can warrant a
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no
|
2002-09-19 03:51:21 +02:00
|
|
|
setting.
|
|
|
|
.Pp
|
|
|
|
Note that disabling X11 forwarding does not prevent users from
|
|
|
|
forwarding X11 traffic, as users can always install their own forwarders.
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm X11UseLocalhost
|
|
|
|
Specifies whether
|
2006-03-15 01:56:56 +01:00
|
|
|
.Xr sshd 8
|
2002-06-21 02:59:05 +02:00
|
|
|
should bind the X11 forwarding server to the loopback address or to
|
2003-04-01 13:42:14 +02:00
|
|
|
the wildcard address.
|
|
|
|
By default,
|
2006-03-15 01:56:56 +01:00
|
|
|
sshd binds the forwarding server to the loopback address and sets the
|
2002-06-21 02:59:05 +02:00
|
|
|
hostname part of the
|
|
|
|
.Ev DISPLAY
|
|
|
|
environment variable to
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm localhost .
|
2002-08-20 20:44:24 +02:00
|
|
|
This prevents remote hosts from connecting to the proxy display.
|
2002-06-21 02:59:05 +02:00
|
|
|
However, some older X11 clients may not function with this
|
|
|
|
configuration.
|
|
|
|
.Cm X11UseLocalhost
|
|
|
|
may be set to
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no
|
2002-06-21 02:59:05 +02:00
|
|
|
to specify that the forwarding server should be bound to the wildcard
|
|
|
|
address.
|
|
|
|
The argument must be
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes
|
2002-06-21 02:59:05 +02:00
|
|
|
or
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm no .
|
2002-06-21 02:59:05 +02:00
|
|
|
The default is
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm yes .
|
2002-06-21 02:59:05 +02:00
|
|
|
.It Cm XAuthLocation
|
2002-09-04 08:51:03 +02:00
|
|
|
Specifies the full pathname of the
|
2002-06-21 02:59:05 +02:00
|
|
|
.Xr xauth 1
|
2015-04-17 01:25:50 +02:00
|
|
|
program, or
|
2016-10-07 16:41:52 +02:00
|
|
|
.Cm none
|
2015-04-17 01:25:50 +02:00
|
|
|
to not use one.
|
2002-06-21 02:59:05 +02:00
|
|
|
The default is
|
|
|
|
.Pa /usr/X11R6/bin/xauth .
|
|
|
|
.El
|
2006-03-15 01:59:25 +01:00
|
|
|
.Sh TIME FORMATS
|
2006-03-15 01:57:25 +01:00
|
|
|
.Xr sshd 8
|
2002-06-21 02:59:05 +02:00
|
|
|
command-line arguments and configuration file options that specify time
|
|
|
|
may be expressed using a sequence of the form:
|
|
|
|
.Sm off
|
2002-08-20 20:43:27 +02:00
|
|
|
.Ar time Op Ar qualifier ,
|
2002-06-21 02:59:05 +02:00
|
|
|
.Sm on
|
|
|
|
where
|
|
|
|
.Ar time
|
|
|
|
is a positive integer value and
|
|
|
|
.Ar qualifier
|
|
|
|
is one of the following:
|
|
|
|
.Pp
|
|
|
|
.Bl -tag -width Ds -compact -offset indent
|
2006-07-24 06:04:53 +02:00
|
|
|
.It Aq Cm none
|
2002-06-21 02:59:05 +02:00
|
|
|
seconds
|
|
|
|
.It Cm s | Cm S
|
|
|
|
seconds
|
|
|
|
.It Cm m | Cm M
|
|
|
|
minutes
|
|
|
|
.It Cm h | Cm H
|
|
|
|
hours
|
|
|
|
.It Cm d | Cm D
|
|
|
|
days
|
|
|
|
.It Cm w | Cm W
|
|
|
|
weeks
|
|
|
|
.El
|
|
|
|
.Pp
|
|
|
|
Each member of the sequence is added together to calculate
|
|
|
|
the total time value.
|
|
|
|
.Pp
|
|
|
|
Time format examples:
|
|
|
|
.Pp
|
|
|
|
.Bl -tag -width Ds -compact -offset indent
|
|
|
|
.It 600
|
|
|
|
600 seconds (10 minutes)
|
|
|
|
.It 10m
|
|
|
|
10 minutes
|
|
|
|
.It 1h30m
|
|
|
|
1 hour 30 minutes (90 minutes)
|
|
|
|
.El
|
2016-09-22 21:19:01 +02:00
|
|
|
.Sh TOKENS
|
|
|
|
Arguments to some keywords can make use of tokens,
|
|
|
|
which are expanded at runtime:
|
|
|
|
.Pp
|
|
|
|
.Bl -tag -width XXXX -offset indent -compact
|
|
|
|
.It %%
|
|
|
|
A literal
|
|
|
|
.Sq % .
|
2017-10-25 02:17:08 +02:00
|
|
|
.It \&%D
|
|
|
|
The routing domain in which the incoming connection was received.
|
2016-09-22 21:19:01 +02:00
|
|
|
.It %F
|
|
|
|
The fingerprint of the CA key.
|
|
|
|
.It %f
|
|
|
|
The fingerprint of the key or certificate.
|
|
|
|
.It %h
|
|
|
|
The home directory of the user.
|
|
|
|
.It %i
|
|
|
|
The key ID in the certificate.
|
|
|
|
.It %K
|
|
|
|
The base64-encoded CA key.
|
|
|
|
.It %k
|
|
|
|
The base64-encoded key or certificate for authentication.
|
|
|
|
.It %s
|
|
|
|
The serial number of the certificate.
|
|
|
|
.It \&%T
|
|
|
|
The type of the CA key.
|
|
|
|
.It %t
|
|
|
|
The key or certificate type.
|
2018-06-01 07:50:18 +02:00
|
|
|
.It \&%U
|
|
|
|
The numeric user ID of the target user.
|
2016-09-22 21:19:01 +02:00
|
|
|
.It %u
|
|
|
|
The username.
|
|
|
|
.El
|
|
|
|
.Pp
|
|
|
|
.Cm AuthorizedKeysCommand
|
2018-06-01 08:23:10 +02:00
|
|
|
accepts the tokens %%, %f, %h, %k, %t, %U, and %u.
|
2016-09-22 21:19:01 +02:00
|
|
|
.Pp
|
|
|
|
.Cm AuthorizedKeysFile
|
2018-06-01 08:23:10 +02:00
|
|
|
accepts the tokens %%, %h, %U, and %u.
|
2016-09-22 21:19:01 +02:00
|
|
|
.Pp
|
|
|
|
.Cm AuthorizedPrincipalsCommand
|
2018-06-01 08:23:10 +02:00
|
|
|
accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, %U, and %u.
|
2016-09-22 21:19:01 +02:00
|
|
|
.Pp
|
|
|
|
.Cm AuthorizedPrincipalsFile
|
2018-06-01 08:23:10 +02:00
|
|
|
accepts the tokens %%, %h, %U, and %u.
|
2016-09-22 21:19:01 +02:00
|
|
|
.Pp
|
|
|
|
.Cm ChrootDirectory
|
2018-06-01 08:23:10 +02:00
|
|
|
accepts the tokens %%, %h, %U, and %u.
|
2017-10-25 02:17:08 +02:00
|
|
|
.Pp
|
|
|
|
.Cm RoutingDomain
|
|
|
|
accepts the token %D.
|
2002-06-21 02:59:05 +02:00
|
|
|
.Sh FILES
|
|
|
|
.Bl -tag -width Ds
|
|
|
|
.It Pa /etc/ssh/sshd_config
|
|
|
|
Contains configuration data for
|
2006-03-15 01:57:25 +01:00
|
|
|
.Xr sshd 8 .
|
2002-06-21 02:59:05 +02:00
|
|
|
This file should be writable by root only, but it is recommended
|
|
|
|
(though not necessary) that it be world-readable.
|
|
|
|
.El
|
2003-06-11 14:04:39 +02:00
|
|
|
.Sh SEE ALSO
|
2016-10-07 16:41:52 +02:00
|
|
|
.Xr sftp-server 8 ,
|
2003-06-11 14:04:39 +02:00
|
|
|
.Xr sshd 8
|
2002-06-21 02:59:05 +02:00
|
|
|
.Sh AUTHORS
|
2016-10-07 16:41:52 +02:00
|
|
|
.An -nosplit
|
2002-06-21 02:59:05 +02:00
|
|
|
OpenSSH is a derivative of the original and free
|
2016-10-07 16:41:52 +02:00
|
|
|
ssh 1.2.12 release by
|
|
|
|
.An Tatu Ylonen .
|
|
|
|
.An Aaron Campbell , Bob Beck , Markus Friedl , Niels Provos ,
|
|
|
|
.An Theo de Raadt
|
|
|
|
and
|
|
|
|
.An Dug Song
|
2002-06-21 02:59:05 +02:00
|
|
|
removed many bugs, re-added newer features and
|
|
|
|
created OpenSSH.
|
2016-10-07 16:41:52 +02:00
|
|
|
.An Markus Friedl
|
|
|
|
contributed the support for SSH protocol versions 1.5 and 2.0.
|
|
|
|
.An Niels Provos
|
|
|
|
and
|
|
|
|
.An Markus Friedl
|
|
|
|
contributed support for privilege separation.
|