1.\" $NetBSD: sshd_config.5,v 1.9 2011/03/29 21:43:17 agc Exp $ 2.\" -*- nroff -*- 3.\" 4.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 5.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 6.\" All rights reserved 7.\" 8.\" As far as I am concerned, the code I have written for this software 9.\" can be used freely for any purpose. Any derived versions of this 10.\" software must be clearly marked as such, and if the derived work is 11.\" incompatible with the protocol description in the RFC file, it must be 12.\" called by a name other than "ssh" or "Secure Shell". 13.\" 14.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 15.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 16.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 17.\" 18.\" Redistribution and use in source and binary forms, with or without 19.\" modification, are permitted provided that the following conditions 20.\" are met: 21.\" 1. Redistributions of source code must retain the above copyright 22.\" notice, this list of conditions and the following disclaimer. 23.\" 2. Redistributions in binary form must reproduce the above copyright 24.\" notice, this list of conditions and the following disclaimer in the 25.\" documentation and/or other materials provided with the distribution. 26.\" 27.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 28.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 29.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 30.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 31.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 32.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 33.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 34.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 37.\" 38.\" $OpenBSD: sshd_config.5,v 1.125 2010/06/30 07:28:34 jmc Exp $ 39.Dd February 3, 2010 40.Dt SSHD_CONFIG 5 41.Os 42.Sh NAME 43.Nm sshd_config 44.Nd OpenSSH SSH daemon configuration file 45.Sh SYNOPSIS 46.Nm /etc/ssh/sshd_config 47.Sh DESCRIPTION 48.Xr sshd 8 49reads configuration data from 50.Pa /etc/ssh/sshd_config 51(or the file specified with 52.Fl f 53on the command line). 54The file contains keyword-argument pairs, one per line. 55Lines starting with 56.Ql # 57and empty lines are interpreted as comments. 58Arguments may optionally be enclosed in double quotes 59.Pq \&" 60in order to represent arguments containing spaces. 61.Pp 62The possible 63keywords and their meanings are as follows (note that 64keywords are case-insensitive and arguments are case-sensitive): 65.Bl -tag -width Ds 66.It Cm AcceptEnv 67Specifies what environment variables sent by the client will be copied into 68the session's 69.Xr environ 7 . 70See 71.Cm SendEnv 72in 73.Xr ssh_config 5 74for how to configure the client. 75Note that environment passing is only supported for protocol 2. 76Variables are specified by name, which may contain the wildcard characters 77.Ql * 78and 79.Ql \&? . 80Multiple environment variables may be separated by whitespace or spread 81across multiple 82.Cm AcceptEnv 83directives. 84Be warned that some environment variables could be used to bypass restricted 85user environments. 86For this reason, care should be taken in the use of this directive. 87The default is not to accept any environment variables. 88.It Cm AddressFamily 89Specifies which address family should be used by 90.Xr sshd 8 . 91Valid arguments are 92.Dq any , 93.Dq inet 94(use IPv4 only), or 95.Dq inet6 96(use IPv6 only). 97The default is 98.Dq any . 99.It Cm AllowAgentForwarding 100Specifies whether 101.Xr ssh-agent 1 102forwarding is permitted. 103The default is 104.Dq yes . 105Note that disabling agent forwarding does not improve security 106unless users are also denied shell access, as they can always install 107their own forwarders. 108.It Cm AllowGroups 109This keyword can be followed by a list of group name patterns, separated 110by spaces. 111If specified, login is allowed only for users whose primary 112group or supplementary group list matches one of the patterns. 113Only group names are valid; a numerical group ID is not recognized. 114By default, login is allowed for all groups. 115The allow/deny directives are processed in the following order: 116.Cm DenyUsers , 117.Cm AllowUsers , 118.Cm DenyGroups , 119and finally 120.Cm AllowGroups . 121.Pp 122See 123.Sx PATTERNS 124in 125.Xr ssh_config 5 126for more information on patterns. 127.It Cm AllowTcpForwarding 128Specifies whether TCP forwarding is permitted. 129The default is 130.Dq yes . 131Note that disabling TCP forwarding does not improve security unless 132users are also denied shell access, as they can always install their 133own forwarders. 134.It Cm AllowUsers 135This keyword can be followed by a list of user name patterns, separated 136by spaces. 137If specified, login is allowed only for user names that 138match one of the patterns. 139Only user names are valid; a numerical user ID is not recognized. 140By default, login is allowed for all users. 141If the pattern takes the form USER@HOST then USER and HOST 142are separately checked, restricting logins to particular 143users from particular hosts. 144The allow/deny directives are processed in the following order: 145.Cm DenyUsers , 146.Cm AllowUsers , 147.Cm DenyGroups , 148and finally 149.Cm AllowGroups . 150.Pp 151See 152.Sx PATTERNS 153in 154.Xr ssh_config 5 155for more information on patterns. 156.It Cm AuthorizedKeysFile 157Specifies the file that contains the public keys that can be used 158for user authentication. 159The format is described in the 160.Sx AUTHORIZED_KEYS FILE FORMAT 161section of 162.Xr sshd 8 . 163.Cm AuthorizedKeysFile 164may contain tokens of the form %T which are substituted during connection 165setup. 166The following tokens are defined: %% is replaced by a literal '%', 167%h is replaced by the home directory of the user being authenticated, and 168%u is replaced by the username of that user. 169After expansion, 170.Cm AuthorizedKeysFile 171is taken to be an absolute path or one relative to the user's home 172directory. 173The default is 174.Dq .ssh/authorized_keys . 175.It Cm AuthorizedPrincipalsFile 176Specifies a file that lists principal names that are accepted for 177certificate authentication. 178When using certificates signed by a key listed in 179.Cm TrustedUserCAKeys , 180this file lists names, one of which must appear in the certificate for it 181to be accepted for authentication. 182Names are listed one per line preceded by key options (as described 183in 184.Sx AUTHORIZED_KEYS FILE FORMAT 185in 186.Xr sshd 8 ) . 187Empty lines and comments starting with 188.Ql # 189are ignored. 190.Pp 191.Cm AuthorizedPrincipalsFile 192may contain tokens of the form %T which are substituted during connection 193setup. 194The following tokens are defined: %% is replaced by a literal '%', 195%h is replaced by the home directory of the user being authenticated, and 196%u is replaced by the username of that user. 197After expansion, 198.Cm AuthorizedPrincipalsFile 199is taken to be an absolute path or one relative to the user's home 200directory. 201.Pp 202The default is not to use a principals file \(en in this case, the username 203of the user must appear in a certificate's principals list for it to be 204accepted. 205Note that 206.Cm AuthorizedPrincipalsFile 207is only used when authentication proceeds using a CA listed in 208.Cm TrustedUserCAKeys 209and is not consulted for certification authorities trusted via 210.Pa ~/.ssh/authorized_keys , 211though the 212.Cm principals= 213key option offers a similar facility (see 214.Xr sshd 8 215for details). 216.It Cm Banner 217The contents of the specified file are sent to the remote user before 218authentication is allowed. 219If the argument is 220.Dq none 221then no banner is displayed. 222This option is only available for protocol version 2. 223By default, no banner is displayed. 224.It Cm ChallengeResponseAuthentication 225Specifies whether challenge-response authentication is allowed. 226All authentication styles from 227.Xr login.conf 5 228are supported. 229The default is 230.Dq yes . 231.It Cm ChrootDirectory 232Specifies the pathname of a directory to 233.Xr chroot 2 234to after authentication. 235All components of the pathname must be root-owned directories that are 236not writable by any other user or group. 237After the chroot, 238.Xr sshd 8 239changes the working directory to the user's home directory. 240.Pp 241The pathname may contain the following tokens that are expanded at runtime once 242the connecting user has been authenticated: %% is replaced by a literal '%', 243%h is replaced by the home directory of the user being authenticated, and 244%u is replaced by the username of that user. 245.Pp 246The 247.Cm ChrootDirectory 248must contain the necessary files and directories to support the 249user's session. 250For an interactive session this requires at least a shell, typically 251.Xr sh 1 , 252and basic 253.Pa /dev 254nodes such as 255.Xr null 4 , 256.Xr zero 4 , 257.Xr stdin 4 , 258.Xr stdout 4 , 259.Xr stderr 4 , 260.Xr arandom 4 261and 262.Xr tty 4 263devices. 264For file transfer sessions using 265.Dq sftp , 266no additional configuration of the environment is necessary if the 267in-process sftp server is used, 268though sessions which use logging do require 269.Pa /dev/log 270inside the chroot directory (see 271.Xr sftp-server 8 272for details). 273.Pp 274The default is not to 275.Xr chroot 2 . 276.It Cm Ciphers 277Specifies the ciphers allowed for protocol version 2. 278Multiple ciphers must be comma-separated. 279The supported ciphers are 280.Dq 3des-cbc , 281.Dq aes128-cbc , 282.Dq aes192-cbc , 283.Dq aes256-cbc , 284.Dq aes128-ctr , 285.Dq aes192-ctr , 286.Dq aes256-ctr , 287.Dq arcfour128 , 288.Dq arcfour256 , 289.Dq arcfour , 290.Dq blowfish-cbc , 291and 292.Dq cast128-cbc . 293The default is: 294.Bd -literal -offset 3n 295aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, 296aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, 297aes256-cbc,arcfour 298.Ed 299.It Cm ClientAliveCountMax 300Sets the number of client alive messages (see below) which may be 301sent without 302.Xr sshd 8 303receiving any messages back from the client. 304If this threshold is reached while client alive messages are being sent, 305sshd will disconnect the client, terminating the session. 306It is important to note that the use of client alive messages is very 307different from 308.Cm TCPKeepAlive 309(below). 310The client alive messages are sent through the encrypted channel 311and therefore will not be spoofable. 312The TCP keepalive option enabled by 313.Cm TCPKeepAlive 314is spoofable. 315The client alive mechanism is valuable when the client or 316server depend on knowing when a connection has become inactive. 317.Pp 318The default value is 3. 319If 320.Cm ClientAliveInterval 321(see below) is set to 15, and 322.Cm ClientAliveCountMax 323is left at the default, unresponsive SSH clients 324will be disconnected after approximately 45 seconds. 325This option applies to protocol version 2 only. 326.It Cm ClientAliveInterval 327Sets a timeout interval in seconds after which if no data has been received 328from the client, 329.Xr sshd 8 330will send a message through the encrypted 331channel to request a response from the client. 332The default 333is 0, indicating that these messages will not be sent to the client. 334This option applies to protocol version 2 only. 335.It Cm Compression 336Specifies whether compression is allowed, or delayed until 337the user has authenticated successfully. 338The argument must be 339.Dq yes , 340.Dq delayed , 341or 342.Dq no . 343The default is 344.Dq delayed . 345.It Cm DenyGroups 346This keyword can be followed by a list of group name patterns, separated 347by spaces. 348Login is disallowed for users whose primary group or supplementary 349group list matches one of the patterns. 350Only group names are valid; a numerical group ID is not recognized. 351By default, login is allowed for all groups. 352The allow/deny directives are processed in the following order: 353.Cm DenyUsers , 354.Cm AllowUsers , 355.Cm DenyGroups , 356and finally 357.Cm AllowGroups . 358.Pp 359See 360.Sx PATTERNS 361in 362.Xr ssh_config 5 363for more information on patterns. 364.It Cm DenyUsers 365This keyword can be followed by a list of user name patterns, separated 366by spaces. 367Login is disallowed for user names that match one of the patterns. 368Only user names are valid; a numerical user ID is not recognized. 369By default, login is allowed for all users. 370If the pattern takes the form USER@HOST then USER and HOST 371are separately checked, restricting logins to particular 372users from particular hosts. 373The allow/deny directives are processed in the following order: 374.Cm DenyUsers , 375.Cm AllowUsers , 376.Cm DenyGroups , 377and finally 378.Cm AllowGroups . 379.Pp 380See 381.Sx PATTERNS 382in 383.Xr ssh_config 5 384for more information on patterns. 385.It Cm ForceCommand 386Forces the execution of the command specified by 387.Cm ForceCommand , 388ignoring any command supplied by the client and 389.Pa ~/.ssh/rc 390if present. 391The command is invoked by using the user's login shell with the -c option. 392This applies to shell, command, or subsystem execution. 393It is most useful inside a 394.Cm Match 395block. 396The command originally supplied by the client is available in the 397.Ev SSH_ORIGINAL_COMMAND 398environment variable. 399Specifying a command of 400.Dq internal-sftp 401will force the use of an in-process sftp server that requires no support 402files when used with 403.Cm ChrootDirectory . 404.It Cm GatewayPorts 405Specifies whether remote hosts are allowed to connect to ports 406forwarded for the client. 407By default, 408.Xr sshd 8 409binds remote port forwardings to the loopback address. 410This prevents other remote hosts from connecting to forwarded ports. 411.Cm GatewayPorts 412can be used to specify that sshd 413should allow remote port forwardings to bind to non-loopback addresses, thus 414allowing other hosts to connect. 415The argument may be 416.Dq no 417to force remote port forwardings to be available to the local host only, 418.Dq yes 419to force remote port forwardings to bind to the wildcard address, or 420.Dq clientspecified 421to allow the client to select the address to which the forwarding is bound. 422The default is 423.Dq no . 424.It Cm GSSAPIAuthentication 425Specifies whether user authentication based on GSSAPI is allowed. 426The default is 427.Dq no . 428Note that this option applies to protocol version 2 only. 429.It Cm GSSAPICleanupCredentials 430Specifies whether to automatically destroy the user's credentials cache 431on logout. 432The default is 433.Dq yes . 434Note that this option applies to protocol version 2 only. 435.It Cm HostbasedAuthentication 436Specifies whether rhosts or /etc/hosts.equiv authentication together 437with successful public key client host authentication is allowed 438(host-based authentication). 439This option is similar to 440.Cm RhostsRSAAuthentication 441and applies to protocol version 2 only. 442The default is 443.Dq no . 444.It Cm HostbasedUsesNameFromPacketOnly 445Specifies whether or not the server will attempt to perform a reverse 446name lookup when matching the name in the 447.Pa ~/.shosts , 448.Pa ~/.rhosts , 449and 450.Pa /etc/hosts.equiv 451files during 452.Cm HostbasedAuthentication . 453A setting of 454.Dq yes 455means that 456.Xr sshd 8 457uses the name supplied by the client rather than 458attempting to resolve the name from the TCP connection itself. 459The default is 460.Dq no . 461.It Cm HostCertificate 462Specifies a file containing a public host certificate. 463The certificate's public key must match a private host key already specified 464by 465.Cm HostKey . 466The default behaviour of 467.Xr sshd 8 468is not to load any certificates. 469.It Cm HostKey 470Specifies a file containing a private host key 471used by SSH. 472The default is 473.Pa /etc/ssh/ssh_host_key 474for protocol version 1, and 475.Pa /etc/ssh/ssh_host_rsa_key 476and 477.Pa /etc/ssh/ssh_host_dsa_key 478for protocol version 2. 479Note that 480.Xr sshd 8 481will refuse to use a file if it is group/world-accessible. 482It is possible to have multiple host key files. 483.Dq rsa1 484keys are used for version 1 and 485.Dq dsa 486or 487.Dq rsa 488are used for version 2 of the SSH protocol. 489.It Cm IgnoreRhosts 490Specifies that 491.Pa .rhosts 492and 493.Pa .shosts 494files will not be used in 495.Cm RhostsRSAAuthentication 496or 497.Cm HostbasedAuthentication . 498.Pp 499.Pa /etc/hosts.equiv 500and 501.Pa /etc/shosts.equiv 502are still used. 503The default is 504.Dq yes . 505.It Cm IgnoreUserKnownHosts 506Specifies whether 507.Xr sshd 8 508should ignore the user's 509.Pa ~/.ssh/known_hosts 510during 511.Cm RhostsRSAAuthentication 512or 513.Cm HostbasedAuthentication . 514The default is 515.Dq no . 516.It Cm KerberosAuthentication 517Specifies whether the password provided by the user for 518.Cm PasswordAuthentication 519will be validated through the Kerberos KDC. 520To use this option, the server needs a 521Kerberos servtab which allows the verification of the KDC's identity. 522The default is 523.Dq no . 524.It Cm KerberosGetAFSToken 525If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire 526an AFS token before accessing the user's home directory. 527The default is 528.Dq no . 529.It Cm KerberosOrLocalPasswd 530If password authentication through Kerberos fails then 531the password will be validated via any additional local mechanism 532such as 533.Pa /etc/passwd . 534The default is 535.Dq yes . 536.It Cm KerberosTicketCleanup 537Specifies whether to automatically destroy the user's ticket cache 538file on logout. 539The default is 540.Dq yes . 541.It Cm KeyRegenerationInterval 542In protocol version 1, the ephemeral server key is automatically regenerated 543after this many seconds (if it has been used). 544The purpose of regeneration is to prevent 545decrypting captured sessions by later breaking into the machine and 546stealing the keys. 547The key is never stored anywhere. 548If the value is 0, the key is never regenerated. 549The default is 3600 (seconds). 550.It Cm ListenAddress 551Specifies the local addresses 552.Xr sshd 8 553should listen on. 554The following forms may be used: 555.Pp 556.Bl -item -offset indent -compact 557.It 558.Cm ListenAddress 559.Sm off 560.Ar host No | Ar IPv4_addr No | Ar IPv6_addr 561.Sm on 562.It 563.Cm ListenAddress 564.Sm off 565.Ar host No | Ar IPv4_addr No : Ar port 566.Sm on 567.It 568.Cm ListenAddress 569.Sm off 570.Oo 571.Ar host No | Ar IPv6_addr Oc : Ar port 572.Sm on 573.El 574.Pp 575If 576.Ar port 577is not specified, 578sshd will listen on the address and all prior 579.Cm Port 580options specified. 581The default is to listen on all local addresses. 582Multiple 583.Cm ListenAddress 584options are permitted. 585Additionally, any 586.Cm Port 587options must precede this option for non-port qualified addresses. 588.It Cm LoginGraceTime 589The server disconnects after this time if the user has not 590successfully logged in. 591If the value is 0, there is no time limit. 592The default is 120 seconds but the default 593.Pa /etc/ssh/sshd_config 594overwrites it to 600 seconds. 595.It Cm LogLevel 596Gives the verbosity level that is used when logging messages from 597.Xr sshd 8 . 598The possible values are: 599QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 600The default is INFO. 601DEBUG and DEBUG1 are equivalent. 602DEBUG2 and DEBUG3 each specify higher levels of debugging output. 603Logging with a DEBUG level violates the privacy of users and is not recommended. 604.It Cm MACs 605Specifies the available MAC (message authentication code) algorithms. 606The MAC algorithm is used in protocol version 2 607for data integrity protection. 608Multiple algorithms must be comma-separated. 609The default is: 610.Bd -literal -offset indent 611hmac-md5,hmac-sha1, 612hmac-ripemd160,hmac-sha1-96,hmac-md5-96 613.Ed 614.It Cm Match 615Introduces a conditional block. 616If all of the criteria on the 617.Cm Match 618line are satisfied, the keywords on the following lines override those 619set in the global section of the config file, until either another 620.Cm Match 621line or the end of the file. 622.Pp 623The arguments to 624.Cm Match 625are one or more criteria-pattern pairs. 626The available criteria are 627.Cm User , 628.Cm Group , 629.Cm Host , 630and 631.Cm Address . 632The match patterns may consist of single entries or comma-separated 633lists and may use the wildcard and negation operators described in the 634.Sx PATTERNS 635section of 636.Xr ssh_config 5 . 637.Pp 638The patterns in an 639.Cm Address 640criteria may additionally contain addresses to match in CIDR 641address/masklen format, e.g.\& 642.Dq 192.0.2.0/24 643or 644.Dq 3ffe:ffff::/32 . 645Note that the mask length provided must be consistent with the address - 646it is an error to specify a mask length that is too long for the address 647or one with bits set in this host portion of the address. 648For example, 649.Dq 192.0.2.0/33 650and 651.Dq 192.0.2.0/8 652respectively. 653.Pp 654Only a subset of keywords may be used on the lines following a 655.Cm Match 656keyword. 657Available keywords are 658.Cm AllowAgentForwarding , 659.Cm AllowTcpForwarding , 660.Cm AuthorizedKeysFile , 661.Cm AuthorizedPrincipalsFile , 662.Cm Banner , 663.Cm ChrootDirectory , 664.Cm ForceCommand , 665.Cm GatewayPorts , 666.Cm GSSAPIAuthentication , 667.Cm HostbasedAuthentication , 668.Cm HostbasedUsesNameFromPacketOnly , 669.Cm KbdInteractiveAuthentication , 670.Cm KerberosAuthentication , 671.Cm MaxAuthTries , 672.Cm MaxSessions , 673.Cm PasswordAuthentication , 674.Cm PermitEmptyPasswords , 675.Cm PermitOpen , 676.Cm PermitRootLogin , 677.Cm PermitTunnel , 678.Cm PubkeyAuthentication , 679.Cm RhostsRSAAuthentication , 680.Cm RSAAuthentication , 681.Cm X11DisplayOffset , 682.Cm X11Forwarding 683and 684.Cm X11UseLocalHost . 685.It Cm MaxAuthTries 686Specifies the maximum number of authentication attempts permitted per 687connection. 688Once the number of failures reaches half this value, 689additional failures are logged. 690The default is 6. 691.It Cm MaxSessions 692Specifies the maximum number of open sessions permitted per network connection. 693The default is 10. 694.It Cm MaxStartups 695Specifies the maximum number of concurrent unauthenticated connections to the 696SSH daemon. 697Additional connections will be dropped until authentication succeeds or the 698.Cm LoginGraceTime 699expires for a connection. 700The default is 10. 701.Pp 702Alternatively, random early drop can be enabled by specifying 703the three colon separated values 704.Dq start:rate:full 705(e.g. "10:30:60"). 706.Xr sshd 8 707will refuse connection attempts with a probability of 708.Dq rate/100 709(30%) 710if there are currently 711.Dq start 712(10) 713unauthenticated connections. 714The probability increases linearly and all connection attempts 715are refused if the number of unauthenticated connections reaches 716.Dq full 717(60). 718.It Cm PasswordAuthentication 719Specifies whether password authentication is allowed. 720The default is 721.Dq yes . 722.It Cm PermitEmptyPasswords 723When password authentication is allowed, it specifies whether the 724server allows login to accounts with empty password strings. 725The default is 726.Dq no . 727.It Cm PermitOpen 728Specifies the destinations to which TCP port forwarding is permitted. 729The forwarding specification must be one of the following forms: 730.Pp 731.Bl -item -offset indent -compact 732.It 733.Cm PermitOpen 734.Sm off 735.Ar host : port 736.Sm on 737.It 738.Cm PermitOpen 739.Sm off 740.Ar IPv4_addr : port 741.Sm on 742.It 743.Cm PermitOpen 744.Sm off 745.Ar \&[ IPv6_addr \&] : port 746.Sm on 747.El 748.Pp 749Multiple forwards may be specified by separating them with whitespace. 750An argument of 751.Dq any 752can be used to remove all restrictions and permit any forwarding requests. 753By default all port forwarding requests are permitted. 754.It Cm PermitRootLogin 755Specifies whether root can log in using 756.Xr ssh 1 . 757The argument must be 758.Dq yes , 759.Dq without-password , 760.Dq forced-commands-only , 761or 762.Dq no . 763The default is 764.Dq no . 765.Pp 766If this option is set to 767.Dq without-password , 768password authentication is disabled for root. 769.Pp 770If this option is set to 771.Dq forced-commands-only , 772root login with public key authentication will be allowed, 773but only if the 774.Ar command 775option has been specified 776(which may be useful for taking remote backups even if root login is 777normally not allowed). 778All other authentication methods are disabled for root. 779.Pp 780If this option is set to 781.Dq no , 782root is not allowed to log in. 783.It Cm PermitTunnel 784Specifies whether 785.Xr tun 4 786device forwarding is allowed. 787The argument must be 788.Dq yes , 789.Dq point-to-point 790(layer 3), 791.Dq ethernet 792(layer 2), or 793.Dq no . 794Specifying 795.Dq yes 796permits both 797.Dq point-to-point 798and 799.Dq ethernet . 800The default is 801.Dq no . 802.It Cm PermitUserEnvironment 803Specifies whether 804.Pa ~/.ssh/environment 805and 806.Cm environment= 807options in 808.Pa ~/.ssh/authorized_keys 809are processed by 810.Xr sshd 8 . 811The default is 812.Dq no . 813Enabling environment processing may enable users to bypass access 814restrictions in some configurations using mechanisms such as 815.Ev LD_PRELOAD . 816.It Cm PidFile 817Specifies the file that contains the process ID of the 818SSH daemon. 819The default is 820.Pa /var/run/sshd.pid . 821.It Cm Port 822Specifies the port number that 823.Xr sshd 8 824listens on. 825The default is 22. 826Multiple options of this type are permitted. 827See also 828.Cm ListenAddress . 829.It Cm PrintLastLog 830Specifies whether 831.Xr sshd 8 832should print the date and time of the last user login when a user logs 833in interactively. 834The default is 835.Dq yes . 836.It Cm PrintMotd 837Specifies whether 838.Xr sshd 8 839should print 840.Pa /etc/motd 841when a user logs in interactively. 842(On some systems it is also printed by the shell, 843.Pa /etc/profile , 844or equivalent.) 845The default is 846.Dq yes . 847.It Cm Protocol 848Specifies the protocol versions 849.Xr sshd 8 850supports. 851The possible values are 852.Sq 1 853and 854.Sq 2 . 855Multiple versions must be comma-separated. 856The default is 857.Sq 2 . 858Note that the order of the protocol list does not indicate preference, 859because the client selects among multiple protocol versions offered 860by the server. 861Specifying 862.Dq 2,1 863is identical to 864.Dq 1,2 . 865.It Cm PubkeyAuthentication 866Specifies whether public key authentication is allowed. 867The default is 868.Dq yes . 869Note that this option applies to protocol version 2 only. 870.It Cm RevokedKeys 871Specifies a list of revoked public keys. 872Keys listed in this file will be refused for public key authentication. 873Note that if this file is not readable, then public key authentication will 874be refused for all users. 875.It Cm RhostsRSAAuthentication 876Specifies whether rhosts or /etc/hosts.equiv authentication together 877with successful RSA host authentication is allowed. 878The default is 879.Dq no . 880This option applies to protocol version 1 only. 881.It Cm RSAAuthentication 882Specifies whether pure RSA authentication is allowed. 883The default is 884.Dq yes . 885This option applies to protocol version 1 only. 886.It Cm ServerKeyBits 887Defines the number of bits in the ephemeral protocol version 1 server key. 888The minimum value is 512, and the default is 1024. 889.It Cm StrictModes 890Specifies whether 891.Xr sshd 8 892should check file modes and ownership of the 893user's files and home directory before accepting login. 894This is normally desirable because novices sometimes accidentally leave their 895directory or files world-writable. 896The default is 897.Dq yes . 898Note that this does not apply to 899.Cm ChrootDirectory , 900whose permissions and ownership are checked unconditionally. 901.It Cm Subsystem 902Configures an external subsystem (e.g. file transfer daemon). 903Arguments should be a subsystem name and a command (with optional arguments) 904to execute upon subsystem request. 905.Pp 906The command 907.Xr sftp-server 8 908implements the 909.Dq sftp 910file transfer subsystem. 911.Pp 912Alternately the name 913.Dq internal-sftp 914implements an in-process 915.Dq sftp 916server. 917This may simplify configurations using 918.Cm ChrootDirectory 919to force a different filesystem root on clients. 920.Pp 921By default no subsystems are defined. 922Note that this option applies to protocol version 2 only. 923.It Cm SyslogFacility 924Gives the facility code that is used when logging messages from 925.Xr sshd 8 . 926The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 927LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 928The default is AUTH. 929.It Cm TCPKeepAlive 930Specifies whether the system should send TCP keepalive messages to the 931other side. 932If they are sent, death of the connection or crash of one 933of the machines will be properly noticed. 934However, this means that 935connections will die if the route is down temporarily, and some people 936find it annoying. 937On the other hand, if TCP keepalives are not sent, 938sessions may hang indefinitely on the server, leaving 939.Dq ghost 940users and consuming server resources. 941.Pp 942The default is 943.Dq yes 944(to send TCP keepalive messages), and the server will notice 945if the network goes down or the client host crashes. 946This avoids infinitely hanging sessions. 947.Pp 948To disable TCP keepalive messages, the value should be set to 949.Dq no . 950.It Cm TrustedUserCAKeys 951Specifies a file containing public keys of certificate authorities that are 952trusted to sign user certificates for authentication. 953Keys are listed one per line; empty lines and comments starting with 954.Ql # 955are allowed. 956If a certificate is presented for authentication and has its signing CA key 957listed in this file, then it may be used for authentication for any user 958listed in the certificate's principals list. 959Note that certificates that lack a list of principals will not be permitted 960for authentication using 961.Cm TrustedUserCAKeys . 962For more details on certificates, see the 963.Sx CERTIFICATES 964section in 965.Xr ssh-keygen 1 . 966.It Cm UseDNS 967Specifies whether 968.Xr sshd 8 969should look up the remote host name and check that 970the resolved host name for the remote IP address maps back to the 971very same IP address. 972The default is 973.Dq yes . 974.It Cm UseLogin 975Specifies whether 976.Xr login 1 977is used for interactive login sessions. 978The default is 979.Dq no . 980Note that 981.Xr login 1 982is never used for remote command execution. 983Note also, that if this is enabled, 984.Cm X11Forwarding 985will be disabled because 986.Xr login 1 987does not know how to handle 988.Xr xauth 1 989cookies. 990If 991.Cm UsePrivilegeSeparation 992is specified, it will be disabled after authentication. 993.It Cm UsePrivilegeSeparation 994Specifies whether 995.Xr sshd 8 996separates privileges by creating an unprivileged child process 997to deal with incoming network traffic. 998After successful authentication, another process will be created that has 999the privilege of the authenticated user. 1000The goal of privilege separation is to prevent privilege 1001escalation by containing any corruption within the unprivileged processes. 1002The default is 1003.Dq yes . 1004.It Cm X11DisplayOffset 1005Specifies the first display number available for 1006.Xr sshd 8 Ns 's 1007X11 forwarding. 1008This prevents sshd from interfering with real X11 servers. 1009The default is 10. 1010.It Cm X11Forwarding 1011Specifies whether X11 forwarding is permitted. 1012The argument must be 1013.Dq yes 1014or 1015.Dq no . 1016The default is 1017.Dq no . 1018.Pp 1019When X11 forwarding is enabled, there may be additional exposure to 1020the server and to client displays if the 1021.Xr sshd 8 1022proxy display is configured to listen on the wildcard address (see 1023.Cm X11UseLocalhost 1024below), though this is not the default. 1025Additionally, the authentication spoofing and authentication data 1026verification and substitution occur on the client side. 1027The security risk of using X11 forwarding is that the client's X11 1028display server may be exposed to attack when the SSH client requests 1029forwarding (see the warnings for 1030.Cm ForwardX11 1031in 1032.Xr ssh_config 5 ) . 1033A system administrator may have a stance in which they want to 1034protect clients that may expose themselves to attack by unwittingly 1035requesting X11 forwarding, which can warrant a 1036.Dq no 1037setting. 1038.Pp 1039Note that disabling X11 forwarding does not prevent users from 1040forwarding X11 traffic, as users can always install their own forwarders. 1041X11 forwarding is automatically disabled if 1042.Cm UseLogin 1043is enabled. 1044.It Cm X11UseLocalhost 1045Specifies whether 1046.Xr sshd 8 1047should bind the X11 forwarding server to the loopback address or to 1048the wildcard address. 1049By default, 1050sshd binds the forwarding server to the loopback address and sets the 1051hostname part of the 1052.Ev DISPLAY 1053environment variable to 1054.Dq localhost . 1055This prevents remote hosts from connecting to the proxy display. 1056However, some older X11 clients may not function with this 1057configuration. 1058.Cm X11UseLocalhost 1059may be set to 1060.Dq no 1061to specify that the forwarding server should be bound to the wildcard 1062address. 1063The argument must be 1064.Dq yes 1065or 1066.Dq no . 1067The default is 1068.Dq yes . 1069.It Cm XAuthLocation 1070Specifies the full pathname of the 1071.Xr xauth 1 1072program. 1073The default is 1074.Pa /usr/X11R6/bin/xauth . 1075.It Cm UseLPK 1076Specifies whether LDAP public key retrieval must be used or not. It allow 1077an easy centralisation of public keys within an LDAP directory. The argument must be 1078.Dq yes 1079or 1080.Dq no . 1081.It Cm LpkLdapConf 1082Specifies whether LDAP Public keys should parse the specified ldap.conf file 1083instead of sshd_config Tokens. The argument must be a valid path to an ldap.conf 1084file like 1085.Pa /etc/ldap.conf 1086.It Cm LpkServers 1087Specifies LDAP one or more [:space:] separated server's url the following form may be used: 1088.Pp 1089LpkServers ldaps://127.0.0.1 ldap://127.0.0.2 ldap://127.0.0.3 1090.It Cm LpkUserDN 1091Specifies the LDAP user DN. 1092.Pp 1093LpkUserDN ou=users,dc=phear,dc=org 1094.It Cm LpkGroupDN 1095Specifies the LDAP groups DN. 1096.Pp 1097LpkGroupDN ou=groups,dc=phear,dc=org 1098.It Cm LpkBindDN 1099Specifies the LDAP bind DN to use if necessary. 1100.Pp 1101LpkBindDN cn=Manager,dc=phear,dc=org 1102.It Cm LpkBindPw 1103Specifies the LDAP bind credential. 1104.Pp 1105LpkBindPw secret 1106.It Cm LpkServerGroup 1107Specifies one or more [:space:] separated group the server is part of. 1108.Pp 1109LpkServerGroup unix mail prod 1110.It Cm LpkFilter 1111Specifies an additional LDAP filter to use for finding SSH keys 1112.Pp 1113LpkFilter (hostAccess=master.phear.org) 1114.It Cm LpkForceTLS 1115Specifies if the LDAP server connection must be tried, forced or not used. The argument must be 1116.Dq yes 1117or 1118.Dq no 1119or 1120.Dq try . 1121.It Cm LpkSearchTimelimit 1122Specifies the search time limit before the search is considered over. value is 1123in seconds. 1124.Pp 1125LpkSearchTimelimit 3 1126.It Cm LpkBindTimelimit 1127Specifies the bind time limit before the connection is considered dead. value is 1128in seconds. 1129.Pp 1130LpkBindTimelimit 3 1131.El 1132.Sh TIME FORMATS 1133.Xr sshd 8 1134command-line arguments and configuration file options that specify time 1135may be expressed using a sequence of the form: 1136.Sm off 1137.Ar time Op Ar qualifier , 1138.Sm on 1139where 1140.Ar time 1141is a positive integer value and 1142.Ar qualifier 1143is one of the following: 1144.Pp 1145.Bl -tag -width Ds -compact -offset indent 1146.It Aq Cm none 1147seconds 1148.It Cm s | Cm S 1149seconds 1150.It Cm m | Cm M 1151minutes 1152.It Cm h | Cm H 1153hours 1154.It Cm d | Cm D 1155days 1156.It Cm w | Cm W 1157weeks 1158.El 1159.Pp 1160Each member of the sequence is added together to calculate 1161the total time value. 1162.Pp 1163Time format examples: 1164.Pp 1165.Bl -tag -width Ds -compact -offset indent 1166.It 600 1167600 seconds (10 minutes) 1168.It 10m 116910 minutes 1170.It 1h30m 11711 hour 30 minutes (90 minutes) 1172.El 1173.Sh FILES 1174.Bl -tag -width Ds 1175.It Pa /etc/ssh/sshd_config 1176Contains configuration data for 1177.Xr sshd 8 . 1178This file should be writable by root only, but it is recommended 1179(though not necessary) that it be world-readable. 1180.El 1181.Sh SEE ALSO 1182.Xr sshd 8 1183.Sh AUTHORS 1184OpenSSH is a derivative of the original and free 1185ssh 1.2.12 release by Tatu Ylonen. 1186Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 1187Theo de Raadt and Dug Song 1188removed many bugs, re-added newer features and 1189created OpenSSH. 1190Markus Friedl contributed the support for SSH 1191protocol versions 1.5 and 2.0. 1192Niels Provos and Markus Friedl contributed support 1193for privilege separation. 1194