1.\" 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" All rights reserved 5.\" 6.\" As far as I am concerned, the code I have written for this software 7.\" can be used freely for any purpose. Any derived versions of this 8.\" software must be clearly marked as such, and if the derived work is 9.\" incompatible with the protocol description in the RFC file, it must be 10.\" called by a name other than "ssh" or "Secure Shell". 11.\" 12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 15.\" 16.\" Redistribution and use in source and binary forms, with or without 17.\" modification, are permitted provided that the following conditions 18.\" are met: 19.\" 1. Redistributions of source code must retain the above copyright 20.\" notice, this list of conditions and the following disclaimer. 21.\" 2. Redistributions in binary form must reproduce the above copyright 22.\" notice, this list of conditions and the following disclaimer in the 23.\" documentation and/or other materials provided with the distribution. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" $OpenBSD: sshd_config.5,v 1.135 2011/08/02 01:22:11 djm Exp $ 37.Dd $Mdocdate: August 2 2011 $ 38.Dt SSHD_CONFIG 5 39.Os 40.Sh NAME 41.Nm sshd_config 42.Nd OpenSSH SSH daemon configuration file 43.Sh SYNOPSIS 44.Nm /etc/ssh/sshd_config 45.Sh DESCRIPTION 46.Xr sshd 8 47reads configuration data from 48.Pa /etc/ssh/sshd_config 49(or the file specified with 50.Fl f 51on the command line). 52The file contains keyword-argument pairs, one per line. 53Lines starting with 54.Ql # 55and empty lines are interpreted as comments. 56Arguments may optionally be enclosed in double quotes 57.Pq \&" 58in order to represent arguments containing spaces. 59.Pp 60The possible 61keywords and their meanings are as follows (note that 62keywords are case-insensitive and arguments are case-sensitive): 63.Bl -tag -width Ds 64.It Cm AcceptEnv 65Specifies what environment variables sent by the client will be copied into 66the session's 67.Xr environ 7 . 68See 69.Cm SendEnv 70in 71.Xr ssh_config 5 72for how to configure the client. 73Note that environment passing is only supported for protocol 2. 74Variables are specified by name, which may contain the wildcard characters 75.Ql * 76and 77.Ql \&? . 78Multiple environment variables may be separated by whitespace or spread 79across multiple 80.Cm AcceptEnv 81directives. 82Be warned that some environment variables could be used to bypass restricted 83user environments. 84For this reason, care should be taken in the use of this directive. 85The default is not to accept any environment variables. 86.It Cm AddressFamily 87Specifies which address family should be used by 88.Xr sshd 8 . 89Valid arguments are 90.Dq any , 91.Dq inet 92(use IPv4 only), or 93.Dq inet6 94(use IPv6 only). 95The default is 96.Dq any . 97.It Cm AllowAgentForwarding 98Specifies whether 99.Xr ssh-agent 1 100forwarding is permitted. 101The default is 102.Dq yes . 103Note that disabling agent forwarding does not improve security 104unless users are also denied shell access, as they can always install 105their own forwarders. 106.It Cm AllowGroups 107This keyword can be followed by a list of group name patterns, separated 108by spaces. 109If specified, login is allowed only for users whose primary 110group or supplementary group list matches one of the patterns. 111Only group names are valid; a numerical group ID is not recognized. 112By default, login is allowed for all groups. 113The allow/deny directives are processed in the following order: 114.Cm DenyUsers , 115.Cm AllowUsers , 116.Cm DenyGroups , 117and finally 118.Cm AllowGroups . 119.Pp 120See 121.Sx PATTERNS 122in 123.Xr ssh_config 5 124for more information on patterns. 125.It Cm AllowTcpForwarding 126Specifies whether TCP forwarding is permitted. 127The default is 128.Dq yes . 129Note that disabling TCP forwarding does not improve security unless 130users are also denied shell access, as they can always install their 131own forwarders. 132.It Cm AllowUsers 133This keyword can be followed by a list of user name patterns, separated 134by spaces. 135If specified, login is allowed only for user names that 136match one of the patterns. 137Only user names are valid; a numerical user ID is not recognized. 138By default, login is allowed for all users. 139If the pattern takes the form USER@HOST then USER and HOST 140are separately checked, restricting logins to particular 141users from particular hosts. 142The allow/deny directives are processed in the following order: 143.Cm DenyUsers , 144.Cm AllowUsers , 145.Cm DenyGroups , 146and finally 147.Cm AllowGroups . 148.Pp 149See 150.Sx PATTERNS 151in 152.Xr ssh_config 5 153for more information on patterns. 154.It Cm AuthorizedKeysFile 155Specifies the file that contains the public keys that can be used 156for user authentication. 157The format is described in the 158.Sx AUTHORIZED_KEYS FILE FORMAT 159section of 160.Xr sshd 8 . 161.Cm AuthorizedKeysFile 162may contain tokens of the form %T which are substituted during connection 163setup. 164The following tokens are defined: %% is replaced by a literal '%', 165%h is replaced by the home directory of the user being authenticated, and 166%u is replaced by the username of that user. 167After expansion, 168.Cm AuthorizedKeysFile 169is taken to be an absolute path or one relative to the user's home 170directory. 171Multiple files may be listed, separated by whitespace. 172The default is 173.Dq .ssh/authorized_keys .ssh/authorized_keys2 . 174.It Cm AuthorizedPrincipalsFile 175Specifies a file that lists principal names that are accepted for 176certificate authentication. 177When using certificates signed by a key listed in 178.Cm TrustedUserCAKeys , 179this file lists names, one of which must appear in the certificate for it 180to be accepted for authentication. 181Names are listed one per line preceded by key options (as described 182in 183.Sx AUTHORIZED_KEYS FILE FORMAT 184in 185.Xr sshd 8 ) . 186Empty lines and comments starting with 187.Ql # 188are ignored. 189.Pp 190.Cm AuthorizedPrincipalsFile 191may contain tokens of the form %T which are substituted during connection 192setup. 193The following tokens are defined: %% is replaced by a literal '%', 194%h is replaced by the home directory of the user being authenticated, and 195%u is replaced by the username of that user. 196After expansion, 197.Cm AuthorizedPrincipalsFile 198is taken to be an absolute path or one relative to the user's home 199directory. 200.Pp 201The default is not to use a principals file \(en in this case, the username 202of the user must appear in a certificate's principals list for it to be 203accepted. 204Note that 205.Cm AuthorizedPrincipalsFile 206is only used when authentication proceeds using a CA listed in 207.Cm TrustedUserCAKeys 208and is not consulted for certification authorities trusted via 209.Pa ~/.ssh/authorized_keys , 210though the 211.Cm principals= 212key option offers a similar facility (see 213.Xr sshd 8 214for details). 215.It Cm Banner 216The contents of the specified file are sent to the remote user before 217authentication is allowed. 218If the argument is 219.Dq none 220then no banner is displayed. 221This option is only available for protocol version 2. 222By default, no banner is displayed. 223.It Cm ChallengeResponseAuthentication 224Specifies whether challenge-response authentication is allowed. 225Specifically, in 226.Dx , 227this controls the use of PAM (see 228.Xr pam 3 ) 229for authentication. 230Note that this affects the effectiveness of the 231.Cm PasswordAuthentication 232and 233.Cm PermitRootLogin 234variables. 235The default is 236.Dq yes . 237.It Cm ChrootDirectory 238Specifies the pathname of a directory to 239.Xr chroot 2 240to after authentication. 241All components of the pathname must be root-owned directories that are 242not writable by any other user or group. 243After the chroot, 244.Xr sshd 8 245changes the working directory to the user's home directory. 246.Pp 247The pathname may contain the following tokens that are expanded at runtime once 248the connecting user has been authenticated: %% is replaced by a literal '%', 249%h is replaced by the home directory of the user being authenticated, and 250%u is replaced by the username of that user. 251.Pp 252The 253.Cm ChrootDirectory 254must contain the necessary files and directories to support the 255user's session. 256For an interactive session this requires at least a shell, typically 257.Xr sh 1 , 258and basic 259.Pa /dev 260nodes such as 261.Xr null 4 , 262.Xr zero 4 , 263.Xr stdin 4 , 264.Xr stdout 4 , 265.Xr stderr 4 , 266.Xr arandom 4 267and 268.Xr tty 4 269devices. 270For file transfer sessions using 271.Dq sftp , 272no additional configuration of the environment is necessary if the 273in-process sftp server is used, 274though sessions which use logging do require 275.Pa /dev/log 276inside the chroot directory (see 277.Xr sftp-server 8 278for details). 279.Pp 280The default is not to 281.Xr chroot 2 . 282.It Cm Ciphers 283Specifies the ciphers allowed for protocol version 2. 284Multiple ciphers must be comma-separated. 285The supported ciphers are 286.Dq 3des-cbc , 287.Dq aes128-cbc , 288.Dq aes192-cbc , 289.Dq aes256-cbc , 290.Dq aes128-ctr , 291.Dq aes192-ctr , 292.Dq aes256-ctr , 293.Dq arcfour128 , 294.Dq arcfour256 , 295.Dq arcfour , 296.Dq blowfish-cbc , 297and 298.Dq cast128-cbc . 299The default is: 300.Bd -literal -offset 3n 301aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, 302aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, 303aes256-cbc,arcfour 304.Ed 305.It Cm ClientAliveCountMax 306Sets the number of client alive messages (see below) which may be 307sent without 308.Xr sshd 8 309receiving any messages back from the client. 310If this threshold is reached while client alive messages are being sent, 311sshd will disconnect the client, terminating the session. 312It is important to note that the use of client alive messages is very 313different from 314.Cm TCPKeepAlive 315(below). 316The client alive messages are sent through the encrypted channel 317and therefore will not be spoofable. 318The TCP keepalive option enabled by 319.Cm TCPKeepAlive 320is spoofable. 321The client alive mechanism is valuable when the client or 322server depend on knowing when a connection has become inactive. 323.Pp 324The default value is 3. 325If 326.Cm ClientAliveInterval 327(see below) is set to 15, and 328.Cm ClientAliveCountMax 329is left at the default, unresponsive SSH clients 330will be disconnected after approximately 45 seconds. 331This option applies to protocol version 2 only. 332.It Cm ClientAliveInterval 333Sets a timeout interval in seconds after which if no data has been received 334from the client, 335.Xr sshd 8 336will send a message through the encrypted 337channel to request a response from the client. 338The default 339is 0, indicating that these messages will not be sent to the client. 340This option applies to protocol version 2 only. 341.It Cm Compression 342Specifies whether compression is allowed, or delayed until 343the user has authenticated successfully. 344The argument must be 345.Dq yes , 346.Dq delayed , 347or 348.Dq no . 349The default is 350.Dq delayed . 351.It Cm DenyGroups 352This keyword can be followed by a list of group name patterns, separated 353by spaces. 354Login is disallowed for users whose primary group or supplementary 355group list matches one of the patterns. 356Only group names are valid; a numerical group ID is not recognized. 357By default, login is allowed for all groups. 358The allow/deny directives are processed in the following order: 359.Cm DenyUsers , 360.Cm AllowUsers , 361.Cm DenyGroups , 362and finally 363.Cm AllowGroups . 364.Pp 365See 366.Sx PATTERNS 367in 368.Xr ssh_config 5 369for more information on patterns. 370.It Cm DenyUsers 371This keyword can be followed by a list of user name patterns, separated 372by spaces. 373Login is disallowed for user names that match one of the patterns. 374Only user names are valid; a numerical user ID is not recognized. 375By default, login is allowed for all users. 376If the pattern takes the form USER@HOST then USER and HOST 377are separately checked, restricting logins to particular 378users from particular hosts. 379The allow/deny directives are processed in the following order: 380.Cm DenyUsers , 381.Cm AllowUsers , 382.Cm DenyGroups , 383and finally 384.Cm AllowGroups . 385.Pp 386See 387.Sx PATTERNS 388in 389.Xr ssh_config 5 390for more information on patterns. 391.It Cm ForceCommand 392Forces the execution of the command specified by 393.Cm ForceCommand , 394ignoring any command supplied by the client and 395.Pa ~/.ssh/rc 396if present. 397The command is invoked by using the user's login shell with the -c option. 398This applies to shell, command, or subsystem execution. 399It is most useful inside a 400.Cm Match 401block. 402The command originally supplied by the client is available in the 403.Ev SSH_ORIGINAL_COMMAND 404environment variable. 405Specifying a command of 406.Dq internal-sftp 407will force the use of an in-process sftp server that requires no support 408files when used with 409.Cm ChrootDirectory . 410.It Cm GatewayPorts 411Specifies whether remote hosts are allowed to connect to ports 412forwarded for the client. 413By default, 414.Xr sshd 8 415binds remote port forwardings to the loopback address. 416This prevents other remote hosts from connecting to forwarded ports. 417.Cm GatewayPorts 418can be used to specify that sshd 419should allow remote port forwardings to bind to non-loopback addresses, thus 420allowing other hosts to connect. 421The argument may be 422.Dq no 423to force remote port forwardings to be available to the local host only, 424.Dq yes 425to force remote port forwardings to bind to the wildcard address, or 426.Dq clientspecified 427to allow the client to select the address to which the forwarding is bound. 428The default is 429.Dq no . 430.It Cm GSSAPIAuthentication 431Specifies whether user authentication based on GSSAPI is allowed. 432The default is 433.Dq no . 434Note that this option applies to protocol version 2 only. 435.It Cm GSSAPICleanupCredentials 436Specifies whether to automatically destroy the user's credentials cache 437on logout. 438The default is 439.Dq yes . 440Note that this option applies to protocol version 2 only. 441.It Cm HostbasedAuthentication 442Specifies whether rhosts or /etc/hosts.equiv authentication together 443with successful public key client host authentication is allowed 444(host-based authentication). 445This option is similar to 446.Cm RhostsRSAAuthentication 447and applies to protocol version 2 only. 448The default is 449.Dq no . 450.It Cm HostbasedUsesNameFromPacketOnly 451Specifies whether or not the server will attempt to perform a reverse 452name lookup when matching the name in the 453.Pa ~/.shosts , 454.Pa ~/.rhosts , 455and 456.Pa /etc/hosts.equiv 457files during 458.Cm HostbasedAuthentication . 459A setting of 460.Dq yes 461means that 462.Xr sshd 8 463uses the name supplied by the client rather than 464attempting to resolve the name from the TCP connection itself. 465The default is 466.Dq no . 467.It Cm HostCertificate 468Specifies a file containing a public host certificate. 469The certificate's public key must match a private host key already specified 470by 471.Cm HostKey . 472The default behaviour of 473.Xr sshd 8 474is not to load any certificates. 475.It Cm HostKey 476Specifies a file containing a private host key 477used by SSH. 478The default is 479.Pa /etc/ssh/ssh_host_key 480for protocol version 1, and 481.Pa /etc/ssh/ssh_host_dsa_key , 482.Pa /etc/ssh/ssh_host_ecdsa_key 483and 484.Pa /etc/ssh/ssh_host_rsa_key 485for protocol version 2. 486Note that 487.Xr sshd 8 488will refuse to use a file if it is group/world-accessible. 489It is possible to have multiple host key files. 490.Dq rsa1 491keys are used for version 1 and 492.Dq dsa , 493.Dq ecdsa 494or 495.Dq rsa 496are used for version 2 of the SSH protocol. 497.It Cm IgnoreRhosts 498Specifies that 499.Pa .rhosts 500and 501.Pa .shosts 502files will not be used in 503.Cm RhostsRSAAuthentication 504or 505.Cm HostbasedAuthentication . 506.Pp 507.Pa /etc/hosts.equiv 508and 509.Pa /etc/ssh/shosts.equiv 510are still used. 511The default is 512.Dq yes . 513.It Cm IgnoreUserKnownHosts 514Specifies whether 515.Xr sshd 8 516should ignore the user's 517.Pa ~/.ssh/known_hosts 518during 519.Cm RhostsRSAAuthentication 520or 521.Cm HostbasedAuthentication . 522The default is 523.Dq no . 524.It Cm IPQoS 525Specifies the IPv4 type-of-service or DSCP class for the connection. 526Accepted values are 527.Dq af11 , 528.Dq af12 , 529.Dq af13 , 530.Dq af14 , 531.Dq af22 , 532.Dq af23 , 533.Dq af31 , 534.Dq af32 , 535.Dq af33 , 536.Dq af41 , 537.Dq af42 , 538.Dq af43 , 539.Dq cs0 , 540.Dq cs1 , 541.Dq cs2 , 542.Dq cs3 , 543.Dq cs4 , 544.Dq cs5 , 545.Dq cs6 , 546.Dq cs7 , 547.Dq ef , 548.Dq lowdelay , 549.Dq throughput , 550.Dq reliability , 551or a numeric value. 552This option may take one or two arguments, separated by whitespace. 553If one argument is specified, it is used as the packet class unconditionally. 554If two values are specified, the first is automatically selected for 555interactive sessions and the second for non-interactive sessions. 556The default is 557.Dq lowdelay 558for interactive sessions and 559.Dq throughput 560for non-interactive sessions. 561.It Cm KerberosAuthentication 562Specifies whether the password provided by the user for 563.Cm PasswordAuthentication 564will be validated through the Kerberos KDC. 565To use this option, the server needs a 566Kerberos servtab which allows the verification of the KDC's identity. 567The default is 568.Dq no . 569.It Cm KerberosGetAFSToken 570If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire 571an AFS token before accessing the user's home directory. 572The default is 573.Dq no . 574.It Cm KerberosOrLocalPasswd 575If password authentication through Kerberos fails then 576the password will be validated via any additional local mechanism 577such as 578.Pa /etc/passwd . 579The default is 580.Dq yes . 581.It Cm KerberosTicketCleanup 582Specifies whether to automatically destroy the user's ticket cache 583file on logout. 584The default is 585.Dq yes . 586.It Cm KexAlgorithms 587Specifies the available KEX (Key Exchange) algorithms. 588Multiple algorithms must be comma-separated. 589The default is 590.Dq ecdh-sha2-nistp256 , 591.Dq ecdh-sha2-nistp384 , 592.Dq ecdh-sha2-nistp521 , 593.Dq diffie-hellman-group-exchange-sha256 , 594.Dq diffie-hellman-group-exchange-sha1 , 595.Dq diffie-hellman-group14-sha1 , 596.Dq diffie-hellman-group1-sha1 . 597.It Cm KeyRegenerationInterval 598In protocol version 1, the ephemeral server key is automatically regenerated 599after this many seconds (if it has been used). 600The purpose of regeneration is to prevent 601decrypting captured sessions by later breaking into the machine and 602stealing the keys. 603The key is never stored anywhere. 604If the value is 0, the key is never regenerated. 605The default is 3600 (seconds). 606.It Cm ListenAddress 607Specifies the local addresses 608.Xr sshd 8 609should listen on. 610The following forms may be used: 611.Pp 612.Bl -item -offset indent -compact 613.It 614.Cm ListenAddress 615.Sm off 616.Ar host No | Ar IPv4_addr No | Ar IPv6_addr 617.Sm on 618.It 619.Cm ListenAddress 620.Sm off 621.Ar host No | Ar IPv4_addr No : Ar port 622.Sm on 623.It 624.Cm ListenAddress 625.Sm off 626.Oo 627.Ar host No | Ar IPv6_addr Oc : Ar port 628.Sm on 629.El 630.Pp 631If 632.Ar port 633is not specified, 634sshd will listen on the address and all prior 635.Cm Port 636options specified. 637The default is to listen on all local addresses. 638Multiple 639.Cm ListenAddress 640options are permitted. 641Additionally, any 642.Cm Port 643options must precede this option for non-port qualified addresses. 644.It Cm LoginGraceTime 645The server disconnects after this time if the user has not 646successfully logged in. 647If the value is 0, there is no time limit. 648The default is 120 seconds. 649.It Cm LogLevel 650Gives the verbosity level that is used when logging messages from 651.Xr sshd 8 . 652The possible values are: 653QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 654The default is INFO. 655DEBUG and DEBUG1 are equivalent. 656DEBUG2 and DEBUG3 each specify higher levels of debugging output. 657Logging with a DEBUG level violates the privacy of users and is not recommended. 658.It Cm MACs 659Specifies the available MAC (message authentication code) algorithms. 660The MAC algorithm is used in protocol version 2 661for data integrity protection. 662Multiple algorithms must be comma-separated. 663The default is: 664.Bd -literal -offset indent 665hmac-md5,hmac-sha1,umac-64@openssh.com, 666hmac-ripemd160,hmac-sha1-96,hmac-md5-96, 667hmac-sha2-256,hmac-sha256-96,hmac-sha2-512, 668hmac-sha2-512-96 669.Ed 670.It Cm Match 671Introduces a conditional block. 672If all of the criteria on the 673.Cm Match 674line are satisfied, the keywords on the following lines override those 675set in the global section of the config file, until either another 676.Cm Match 677line or the end of the file. 678.Pp 679The arguments to 680.Cm Match 681are one or more criteria-pattern pairs. 682The available criteria are 683.Cm User , 684.Cm Group , 685.Cm Host , 686and 687.Cm Address . 688The match patterns may consist of single entries or comma-separated 689lists and may use the wildcard and negation operators described in the 690.Sx PATTERNS 691section of 692.Xr ssh_config 5 . 693.Pp 694The patterns in an 695.Cm Address 696criteria may additionally contain addresses to match in CIDR 697address/masklen format, e.g.\& 698.Dq 192.0.2.0/24 699or 700.Dq 3ffe:ffff::/32 . 701Note that the mask length provided must be consistent with the address - 702it is an error to specify a mask length that is too long for the address 703or one with bits set in this host portion of the address. 704For example, 705.Dq 192.0.2.0/33 706and 707.Dq 192.0.2.0/8 708respectively. 709.Pp 710Only a subset of keywords may be used on the lines following a 711.Cm Match 712keyword. 713Available keywords are 714.Cm AllowAgentForwarding , 715.Cm AllowTcpForwarding , 716.Cm AuthorizedKeysFile , 717.Cm AuthorizedPrincipalsFile , 718.Cm Banner , 719.Cm ChrootDirectory , 720.Cm ForceCommand , 721.Cm GatewayPorts , 722.Cm GSSAPIAuthentication , 723.Cm HostbasedAuthentication , 724.Cm HostbasedUsesNameFromPacketOnly , 725.Cm KbdInteractiveAuthentication , 726.Cm KerberosAuthentication , 727.Cm MaxAuthTries , 728.Cm MaxSessions , 729.Cm PasswordAuthentication , 730.Cm PermitEmptyPasswords , 731.Cm PermitOpen , 732.Cm PermitRootLogin , 733.Cm PermitTunnel , 734.Cm PubkeyAuthentication , 735.Cm RhostsRSAAuthentication , 736.Cm RSAAuthentication , 737.Cm X11DisplayOffset , 738.Cm X11Forwarding 739and 740.Cm X11UseLocalHost . 741.It Cm MaxAuthTries 742Specifies the maximum number of authentication attempts permitted per 743connection. 744Once the number of failures reaches half this value, 745additional failures are logged. 746The default is 6. 747.It Cm MaxSessions 748Specifies the maximum number of open sessions permitted per network connection. 749The default is 10. 750.It Cm MaxStartups 751Specifies the maximum number of concurrent unauthenticated connections to the 752SSH daemon. 753Additional connections will be dropped until authentication succeeds or the 754.Cm LoginGraceTime 755expires for a connection. 756The default is 10. 757.Pp 758Alternatively, random early drop can be enabled by specifying 759the three colon separated values 760.Dq start:rate:full 761(e.g. "10:30:60"). 762.Xr sshd 8 763will refuse connection attempts with a probability of 764.Dq rate/100 765(30%) 766if there are currently 767.Dq start 768(10) 769unauthenticated connections. 770The probability increases linearly and all connection attempts 771are refused if the number of unauthenticated connections reaches 772.Dq full 773(60). 774.It Cm PasswordAuthentication 775Specifies whether password authentication is allowed. 776The default is 777.Dq yes . 778Note that if 779.Cm ChallengeResponseAuthentication 780is 781.Dq yes , 782.Cm UsePAM 783is 784.Dq yes , 785and the PAM authentication policy for 786.Nm sshd 787includes 788.Xr pam_unix 8 , 789password authentication will be allowed through the challenge-response 790mechanism regardless of the value of 791.Cm PasswordAuthentication . 792.It Cm PermitEmptyPasswords 793When password authentication is allowed, it specifies whether the 794server allows login to accounts with empty password strings. 795The default is 796.Dq no . 797.It Cm PermitOpen 798Specifies the destinations to which TCP port forwarding is permitted. 799The forwarding specification must be one of the following forms: 800.Pp 801.Bl -item -offset indent -compact 802.It 803.Cm PermitOpen 804.Sm off 805.Ar host : port 806.Sm on 807.It 808.Cm PermitOpen 809.Sm off 810.Ar IPv4_addr : port 811.Sm on 812.It 813.Cm PermitOpen 814.Sm off 815.Ar \&[ IPv6_addr \&] : port 816.Sm on 817.El 818.Pp 819Multiple forwards may be specified by separating them with whitespace. 820An argument of 821.Dq any 822can be used to remove all restrictions and permit any forwarding requests. 823By default all port forwarding requests are permitted. 824.It Cm PermitRootLogin 825Specifies whether root can log in using 826.Xr ssh 1 . 827The argument must be 828.Dq yes , 829.Dq without-password , 830.Dq forced-commands-only , 831or 832.Dq no . 833The default is 834.Dq no . 835Note that if 836.Cm ChallengeResponseAuthentication 837is 838.Dq yes , 839the root user may be allowed in with its password even if 840.Cm PermitRootLogin is set to 841.Dq without-password . 842.Pp 843If this option is set to 844.Dq without-password , 845password authentication is disabled for root. 846.Pp 847If this option is set to 848.Dq forced-commands-only , 849root login with public key authentication will be allowed, 850but only if the 851.Ar command 852option has been specified 853(which may be useful for taking remote backups even if root login is 854normally not allowed). 855All other authentication methods are disabled for root. 856.Pp 857If this option is set to 858.Dq no , 859root is not allowed to log in. 860.It Cm PermitTunnel 861Specifies whether 862.Xr tun 4 863device forwarding is allowed. 864The argument must be 865.Dq yes , 866.Dq point-to-point 867(layer 3), 868.Dq ethernet 869(layer 2), or 870.Dq no . 871Specifying 872.Dq yes 873permits both 874.Dq point-to-point 875and 876.Dq ethernet . 877The default is 878.Dq no . 879.It Cm PermitUserEnvironment 880Specifies whether 881.Pa ~/.ssh/environment 882and 883.Cm environment= 884options in 885.Pa ~/.ssh/authorized_keys 886are processed by 887.Xr sshd 8 . 888The default is 889.Dq no . 890Enabling environment processing may enable users to bypass access 891restrictions in some configurations using mechanisms such as 892.Ev LD_PRELOAD . 893.It Cm PidFile 894Specifies the file that contains the process ID of the 895SSH daemon. 896The default is 897.Pa /var/run/sshd.pid . 898.It Cm Port 899Specifies the port number that 900.Xr sshd 8 901listens on. 902The default is 22. 903Multiple options of this type are permitted. 904See also 905.Cm ListenAddress . 906.It Cm PrintLastLog 907Specifies whether 908.Xr sshd 8 909should print the date and time of the last user login when a user logs 910in interactively. 911The default is 912.Dq yes . 913.It Cm PrintMotd 914Specifies whether 915.Xr sshd 8 916should print 917.Pa /etc/motd 918when a user logs in interactively. 919(On some systems it is also printed by the shell, 920.Pa /etc/profile , 921or equivalent.) 922The default is 923.Dq yes . 924.It Cm Protocol 925Specifies the protocol versions 926.Xr sshd 8 927supports. 928The possible values are 929.Sq 1 930and 931.Sq 2 . 932Multiple versions must be comma-separated. 933The default is 934.Sq 2 . 935Note that the order of the protocol list does not indicate preference, 936because the client selects among multiple protocol versions offered 937by the server. 938Specifying 939.Dq 2,1 940is identical to 941.Dq 1,2 . 942.It Cm PubkeyAuthentication 943Specifies whether public key authentication is allowed. 944The default is 945.Dq yes . 946Note that this option applies to protocol version 2 only. 947.It Cm RevokedKeys 948Specifies a list of revoked public keys. 949Keys listed in this file will be refused for public key authentication. 950Note that if this file is not readable, then public key authentication will 951be refused for all users. 952.It Cm RhostsRSAAuthentication 953Specifies whether rhosts or 954.Pa /etc/hosts.equiv 955authentication together 956with successful RSA host authentication is allowed. 957The default is 958.Dq no . 959This option applies to protocol version 1 only. 960.It Cm RSAAuthentication 961Specifies whether pure RSA authentication is allowed. 962The default is 963.Dq yes . 964This option applies to protocol version 1 only. 965.It Cm ServerKeyBits 966Defines the number of bits in the ephemeral protocol version 1 server key. 967The minimum value is 512, and the default is 1024. 968.It Cm StrictModes 969Specifies whether 970.Xr sshd 8 971should check file modes and ownership of the 972user's files and home directory before accepting login. 973This is normally desirable because novices sometimes accidentally leave their 974directory or files world-writable. 975The default is 976.Dq yes . 977Note that this does not apply to 978.Cm ChrootDirectory , 979whose permissions and ownership are checked unconditionally. 980.It Cm Subsystem 981Configures an external subsystem (e.g. file transfer daemon). 982Arguments should be a subsystem name and a command (with optional arguments) 983to execute upon subsystem request. 984.Pp 985The command 986.Xr sftp-server 8 987implements the 988.Dq sftp 989file transfer subsystem. 990.Pp 991Alternately the name 992.Dq internal-sftp 993implements an in-process 994.Dq sftp 995server. 996This may simplify configurations using 997.Cm ChrootDirectory 998to force a different filesystem root on clients. 999.Pp 1000By default no subsystems are defined. 1001Note that this option applies to protocol version 2 only. 1002.It Cm SyslogFacility 1003Gives the facility code that is used when logging messages from 1004.Xr sshd 8 . 1005The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 1006LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 1007The default is AUTH. 1008.It Cm TCPKeepAlive 1009Specifies whether the system should send TCP keepalive messages to the 1010other side. 1011If they are sent, death of the connection or crash of one 1012of the machines will be properly noticed. 1013However, this means that 1014connections will die if the route is down temporarily, and some people 1015find it annoying. 1016On the other hand, if TCP keepalives are not sent, 1017sessions may hang indefinitely on the server, leaving 1018.Dq ghost 1019users and consuming server resources. 1020.Pp 1021The default is 1022.Dq yes 1023(to send TCP keepalive messages), and the server will notice 1024if the network goes down or the client host crashes. 1025This avoids infinitely hanging sessions. 1026.Pp 1027To disable TCP keepalive messages, the value should be set to 1028.Dq no . 1029.It Cm TrustedUserCAKeys 1030Specifies a file containing public keys of certificate authorities that are 1031trusted to sign user certificates for authentication. 1032Keys are listed one per line; empty lines and comments starting with 1033.Ql # 1034are allowed. 1035If a certificate is presented for authentication and has its signing CA key 1036listed in this file, then it may be used for authentication for any user 1037listed in the certificate's principals list. 1038Note that certificates that lack a list of principals will not be permitted 1039for authentication using 1040.Cm TrustedUserCAKeys . 1041For more details on certificates, see the 1042.Sx CERTIFICATES 1043section in 1044.Xr ssh-keygen 1 . 1045.It Cm UseDNS 1046Specifies whether 1047.Xr sshd 8 1048should look up the remote host name and check that 1049the resolved host name for the remote IP address maps back to the 1050very same IP address. 1051The default is 1052.Dq yes . 1053.It Cm UseLogin 1054Specifies whether 1055.Xr login 1 1056is used for interactive login sessions. 1057The default is 1058.Dq no . 1059Note that 1060.Xr login 1 1061is never used for remote command execution. 1062Note also, that if this is enabled, 1063.Cm X11Forwarding 1064will be disabled because 1065.Xr login 1 1066does not know how to handle 1067.Xr xauth 1 1068cookies. 1069If 1070.Cm UsePrivilegeSeparation 1071is specified, it will be disabled after authentication. 1072.It Cm UsePAM 1073Enables the Pluggable Authentication Module interface. 1074If set to 1075.Dq yes 1076this will enable PAM authentication using 1077.Cm ChallengeResponseAuthentication 1078and 1079.Cm PasswordAuthentication 1080in addition to PAM account and session module processing for all 1081authentication types. 1082.Pp 1083Because PAM challenge-response authentication usually serves an equivalent 1084role to password authentication, you should disable either 1085.Cm PasswordAuthentication 1086or 1087.Cm ChallengeResponseAuthentication. 1088.Pp 1089If 1090.Cm UsePAM 1091is enabled, you will not be able to run 1092.Xr sshd 8 1093as a non-root user. 1094The default is 1095.Dq no . 1096.It Cm UsePrivilegeSeparation 1097Specifies whether 1098.Xr sshd 8 1099separates privileges by creating an unprivileged child process 1100to deal with incoming network traffic. 1101After successful authentication, another process will be created that has 1102the privilege of the authenticated user. 1103The goal of privilege separation is to prevent privilege 1104escalation by containing any corruption within the unprivileged processes. 1105The default is 1106.Dq yes . 1107If 1108.Cm UsePrivilegeSeparation 1109is set to 1110.Dq sandbox 1111then the pre-authentication unprivileged process is subject to additional 1112restrictions. 1113.It Cm VersionAddendum 1114Specifies a string to append to the regular version string to identify 1115OS- or site-specific modifications. 1116The default is 1117.Dq DragonFly-20110920 . 1118.It Cm X11DisplayOffset 1119Specifies the first display number available for 1120.Xr sshd 8 Ns 's 1121X11 forwarding. 1122This prevents sshd from interfering with real X11 servers. 1123The default is 10. 1124.It Cm X11Forwarding 1125Specifies whether X11 forwarding is permitted. 1126The argument must be 1127.Dq yes 1128or 1129.Dq no . 1130The default is 1131.Dq yes . 1132.Pp 1133When X11 forwarding is enabled, there may be additional exposure to 1134the server and to client displays if the 1135.Xr sshd 8 1136proxy display is configured to listen on the wildcard address (see 1137.Cm X11UseLocalhost 1138below), though this is not the default. 1139Additionally, the authentication spoofing and authentication data 1140verification and substitution occur on the client side. 1141The security risk of using X11 forwarding is that the client's X11 1142display server may be exposed to attack when the SSH client requests 1143forwarding (see the warnings for 1144.Cm ForwardX11 1145in 1146.Xr ssh_config 5 ) . 1147A system administrator may have a stance in which they want to 1148protect clients that may expose themselves to attack by unwittingly 1149requesting X11 forwarding, which can warrant a 1150.Dq no 1151setting. 1152.Pp 1153Note that disabling X11 forwarding does not prevent users from 1154forwarding X11 traffic, as users can always install their own forwarders. 1155X11 forwarding is automatically disabled if 1156.Cm UseLogin 1157is enabled. 1158.It Cm X11UseLocalhost 1159Specifies whether 1160.Xr sshd 8 1161should bind the X11 forwarding server to the loopback address or to 1162the wildcard address. 1163By default, 1164sshd binds the forwarding server to the loopback address and sets the 1165hostname part of the 1166.Ev DISPLAY 1167environment variable to 1168.Dq localhost . 1169This prevents remote hosts from connecting to the proxy display. 1170However, some older X11 clients may not function with this 1171configuration. 1172.Cm X11UseLocalhost 1173may be set to 1174.Dq no 1175to specify that the forwarding server should be bound to the wildcard 1176address. 1177The argument must be 1178.Dq yes 1179or 1180.Dq no . 1181The default is 1182.Dq yes . 1183.It Cm XAuthLocation 1184Specifies the full pathname of the 1185.Xr xauth 1 1186program. 1187The default is 1188.Pa /usr/X11R6/bin/xauth . 1189.El 1190.Sh TIME FORMATS 1191.Xr sshd 8 1192command-line arguments and configuration file options that specify time 1193may be expressed using a sequence of the form: 1194.Sm off 1195.Ar time Op Ar qualifier , 1196.Sm on 1197where 1198.Ar time 1199is a positive integer value and 1200.Ar qualifier 1201is one of the following: 1202.Pp 1203.Bl -tag -width Ds -compact -offset indent 1204.It Aq Cm none 1205seconds 1206.It Cm s | Cm S 1207seconds 1208.It Cm m | Cm M 1209minutes 1210.It Cm h | Cm H 1211hours 1212.It Cm d | Cm D 1213days 1214.It Cm w | Cm W 1215weeks 1216.El 1217.Pp 1218Each member of the sequence is added together to calculate 1219the total time value. 1220.Pp 1221Time format examples: 1222.Pp 1223.Bl -tag -width Ds -compact -offset indent 1224.It 600 1225600 seconds (10 minutes) 1226.It 10m 122710 minutes 1228.It 1h30m 12291 hour 30 minutes (90 minutes) 1230.El 1231.Sh FILES 1232.Bl -tag -width Ds 1233.It Pa /etc/ssh/sshd_config 1234Contains configuration data for 1235.Xr sshd 8 . 1236This file should be writable by root only, but it is recommended 1237(though not necessary) that it be world-readable. 1238.El 1239.Sh SEE ALSO 1240.Xr sshd 8 1241.Sh AUTHORS 1242OpenSSH is a derivative of the original and free 1243ssh 1.2.12 release by Tatu Ylonen. 1244Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 1245Theo de Raadt and Dug Song 1246removed many bugs, re-added newer features and 1247created OpenSSH. 1248Markus Friedl contributed the support for SSH 1249protocol versions 1.5 and 2.0. 1250Niels Provos and Markus Friedl contributed support 1251for privilege separation. 1252