1.\" -*- nroff -*- 2.\" 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5.\" All rights reserved 6.\" 7.\" As far as I am concerned, the code I have written for this software 8.\" can be used freely for any purpose. Any derived versions of this 9.\" software must be clearly marked as such, and if the derived work is 10.\" incompatible with the protocol description in the RFC file, it must be 11.\" called by a name other than "ssh" or "Secure Shell". 12.\" 13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 16.\" 17.\" Redistribution and use in source and binary forms, with or without 18.\" modification, are permitted provided that the following conditions 19.\" are met: 20.\" 1. Redistributions of source code must retain the above copyright 21.\" notice, this list of conditions and the following disclaimer. 22.\" 2. Redistributions in binary form must reproduce the above copyright 23.\" notice, this list of conditions and the following disclaimer in the 24.\" documentation and/or other materials provided with the distribution. 25.\" 26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" 37.\" $OpenBSD: sshd.8,v 1.247 2008/10/03 13:08:12 jmc Exp $ 38.Dd $Mdocdate: October 3 2008 $ 39.Dt SSHD 8 40.Os 41.Sh NAME 42.Nm sshd 43.Nd OpenSSH SSH daemon 44.Sh SYNOPSIS 45.Nm sshd 46.Bk -words 47.Op Fl 46DdeiqTt 48.Op Fl b Ar bits 49.Op Fl C Ar connection_spec 50.Op Fl f Ar config_file 51.Op Fl g Ar login_grace_time 52.Op Fl h Ar host_key_file 53.Op Fl k Ar key_gen_time 54.Op Fl o Ar option 55.Op Fl p Ar port 56.Op Fl u Ar len 57.Ek 58.Sh DESCRIPTION 59.Nm 60(OpenSSH Daemon) is the daemon program for 61.Xr ssh 1 . 62Together these programs replace 63.Xr rlogin 1 64and 65.Xr rsh 1 , 66and provide secure encrypted communications between two untrusted hosts 67over an insecure network. 68.Pp 69.Nm 70listens for connections from clients. 71It is normally started at boot from 72.Pa /etc/rc.d/sshd . 73It forks a new 74daemon for each incoming connection. 75The forked daemons handle 76key exchange, encryption, authentication, command execution, 77and data exchange. 78.Pp 79.Nm 80can be configured using command-line options or a configuration file 81(by default 82.Xr sshd_config 5 ) ; 83command-line options override values specified in the 84configuration file. 85.Nm 86rereads its configuration file when it receives a hangup signal, 87.Dv SIGHUP , 88by executing itself with the name and options it was started with, e.g.\& 89.Pa /usr/sbin/sshd . 90.Pp 91The options are as follows: 92.Bl -tag -width Ds 93.It Fl 4 94Forces 95.Nm 96to use IPv4 addresses only. 97.It Fl 6 98Forces 99.Nm 100to use IPv6 addresses only. 101.It Fl b Ar bits 102Specifies the number of bits in the ephemeral protocol version 1 103server key (default 1024). 104.It Fl C Ar connection_spec 105Specify the connection parameters to use for the 106.Fl T 107extended test mode. 108If provided, any 109.Cm Match 110directives in the configuration file 111that would apply to the specified user, host, and address will be set before 112the configuration is written to standard output. 113The connection parameters are supplied as keyword=value pairs. 114The keywords are 115.Dq user , 116.Dq host , 117and 118.Dq addr . 119All are required and may be supplied in any order, either with multiple 120.Fl C 121options or as a comma-separated list. 122.It Fl D 123When this option is specified, 124.Nm 125will not detach and does not become a daemon. 126This allows easy monitoring of 127.Nm sshd . 128.It Fl d 129Debug mode. 130The server sends verbose debug output to the system 131log, and does not put itself in the background. 132The server also will not fork and will only process one connection. 133This option is only intended for debugging for the server. 134Multiple 135.Fl d 136options increase the debugging level. 137Maximum is 3. 138.It Fl e 139When this option is specified, 140.Nm 141will send the output to the standard error instead of the system log. 142.It Fl f Ar config_file 143Specifies the name of the configuration file. 144The default is 145.Pa /etc/ssh/sshd_config . 146.Nm 147refuses to start if there is no configuration file. 148.It Fl g Ar login_grace_time 149Gives the grace time for clients to authenticate themselves (default 150120 seconds). 151If the client fails to authenticate the user within 152this many seconds, the server disconnects and exits. 153A value of zero indicates no limit. 154.It Fl h Ar host_key_file 155Specifies a file from which a host key is read. 156This option must be given if 157.Nm 158is not run as root (as the normal 159host key files are normally not readable by anyone but root). 160The default is 161.Pa /etc/ssh/ssh_host_key 162for protocol version 1, and 163.Pa /etc/ssh/ssh_host_rsa_key 164and 165.Pa /etc/ssh/ssh_host_dsa_key 166for protocol version 2. 167It is possible to have multiple host key files for 168the different protocol versions and host key algorithms. 169.It Fl i 170Specifies that 171.Nm 172is being run from 173.Xr inetd 8 . 174.Nm 175is normally not run 176from inetd because it needs to generate the server key before it can 177respond to the client, and this may take tens of seconds. 178Clients would have to wait too long if the key was regenerated every time. 179However, with small key sizes (e.g. 512) using 180.Nm 181from inetd may 182be feasible. 183.It Fl k Ar key_gen_time 184Specifies how often the ephemeral protocol version 1 server key is 185regenerated (default 3600 seconds, or one hour). 186The motivation for regenerating the key fairly 187often is that the key is not stored anywhere, and after about an hour 188it becomes impossible to recover the key for decrypting intercepted 189communications even if the machine is cracked into or physically 190seized. 191A value of zero indicates that the key will never be regenerated. 192.It Fl o Ar option 193Can be used to give options in the format used in the configuration file. 194This is useful for specifying options for which there is no separate 195command-line flag. 196For full details of the options, and their values, see 197.Xr sshd_config 5 . 198.It Fl p Ar port 199Specifies the port on which the server listens for connections 200(default 22). 201Multiple port options are permitted. 202Ports specified in the configuration file with the 203.Cm Port 204option are ignored when a command-line port is specified. 205Ports specified using the 206.Cm ListenAddress 207option override command-line ports. 208.It Fl q 209Quiet mode. 210Nothing is sent to the system log. 211Normally the beginning, 212authentication, and termination of each connection is logged. 213.It Fl T 214Extended test mode. 215Check the validity of the configuration file, output the effective configuration 216to stdout and then exit. 217Optionally, 218.Cm Match 219rules may be applied by specifying the connection parameters using one or more 220.Fl C 221options. 222.It Fl t 223Test mode. 224Only check the validity of the configuration file and sanity of the keys. 225This is useful for updating 226.Nm 227reliably as configuration options may change. 228.It Fl u Ar len 229This option is used to specify the size of the field 230in the 231.Li utmp 232structure that holds the remote host name. 233If the resolved host name is longer than 234.Ar len , 235the dotted decimal value will be used instead. 236This allows hosts with very long host names that 237overflow this field to still be uniquely identified. 238Specifying 239.Fl u0 240indicates that only dotted decimal addresses 241should be put into the 242.Pa utmp 243file. 244.Fl u0 245may also be used to prevent 246.Nm 247from making DNS requests unless the authentication 248mechanism or configuration requires it. 249Authentication mechanisms that may require DNS include 250.Cm RhostsRSAAuthentication , 251.Cm HostbasedAuthentication , 252and using a 253.Cm from="pattern-list" 254option in a key file. 255Configuration options that require DNS include using a 256USER@HOST pattern in 257.Cm AllowUsers 258or 259.Cm DenyUsers . 260.El 261.Sh AUTHENTICATION 262The OpenSSH SSH daemon supports SSH protocols 1 and 2. 263Both protocols are supported by default, 264though this can be changed via the 265.Cm Protocol 266option in 267.Xr sshd_config 5 . 268Protocol 2 supports both RSA and DSA keys; 269protocol 1 only supports RSA keys. 270For both protocols, 271each host has a host-specific key, 272normally 2048 bits, 273used to identify the host. 274.Pp 275Forward security for protocol 1 is provided through 276an additional server key, 277normally 768 bits, 278generated when the server starts. 279This key is normally regenerated every hour if it has been used, and 280is never stored on disk. 281Whenever a client connects, the daemon responds with its public 282host and server keys. 283The client compares the 284RSA host key against its own database to verify that it has not changed. 285The client then generates a 256-bit random number. 286It encrypts this 287random number using both the host key and the server key, and sends 288the encrypted number to the server. 289Both sides then use this 290random number as a session key which is used to encrypt all further 291communications in the session. 292The rest of the session is encrypted 293using a conventional cipher, currently Blowfish or 3DES, with 3DES 294being used by default. 295The client selects the encryption algorithm 296to use from those offered by the server. 297.Pp 298For protocol 2, 299forward security is provided through a Diffie-Hellman key agreement. 300This key agreement results in a shared session key. 301The rest of the session is encrypted using a symmetric cipher, currently 302128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. 303The client selects the encryption algorithm 304to use from those offered by the server. 305Additionally, session integrity is provided 306through a cryptographic message authentication code 307(hmac-md5, hmac-sha1, umac-64 or hmac-ripemd160). 308.Pp 309Finally, the server and the client enter an authentication dialog. 310The client tries to authenticate itself using 311host-based authentication, 312public key authentication, 313challenge-response authentication, 314or password authentication. 315.Pp 316Regardless of the authentication type, the account is checked to 317ensure that it is accessible. An account is not accessible if it is 318locked, listed in 319.Cm DenyUsers 320or its group is listed in 321.Cm DenyGroups 322\&. The definition of a locked account is system dependant. Some platforms 323have their own account database (eg AIX) and some modify the passwd field ( 324.Ql \&*LK\&* 325on Solaris and UnixWare, 326.Ql \&* 327on HP-UX, containing 328.Ql Nologin 329on Tru64, 330a leading 331.Ql \&*LOCKED\&* 332on FreeBSD and a leading 333.Ql \&! 334on most Linuxes). 335If there is a requirement to disable password authentication 336for the account while allowing still public-key, then the passwd field 337should be set to something other than these values (eg 338.Ql NP 339or 340.Ql \&*NP\&* 341). 342.Pp 343If the client successfully authenticates itself, a dialog for 344preparing the session is entered. 345At this time the client may request 346things like allocating a pseudo-tty, forwarding X11 connections, 347forwarding TCP connections, or forwarding the authentication agent 348connection over the secure channel. 349.Pp 350After this, the client either requests a shell or execution of a command. 351The sides then enter session mode. 352In this mode, either side may send 353data at any time, and such data is forwarded to/from the shell or 354command on the server side, and the user terminal in the client side. 355.Pp 356When the user program terminates and all forwarded X11 and other 357connections have been closed, the server sends command exit status to 358the client, and both sides exit. 359.Sh LOGIN PROCESS 360When a user successfully logs in, 361.Nm 362does the following: 363.Bl -enum -offset indent 364.It 365If the login is on a tty, and no command has been specified, 366prints last login time and 367.Pa /etc/motd 368(unless prevented in the configuration file or by 369.Pa ~/.hushlogin ; 370see the 371.Sx FILES 372section). 373.It 374If the login is on a tty, records login time. 375.It 376Checks 377.Pa /etc/nologin and 378.Pa /var/run/nologin ; 379if one exists, it prints the contents and quits 380(unless root). 381.It 382Changes to run with normal user privileges. 383.It 384Sets up basic environment. 385.It 386Reads the file 387.Pa ~/.ssh/environment , 388if it exists, and users are allowed to change their environment. 389See the 390.Cm PermitUserEnvironment 391option in 392.Xr sshd_config 5 . 393.It 394Changes to user's home directory. 395.It 396If 397.Pa ~/.ssh/rc 398exists, runs it; else if 399.Pa /etc/ssh/sshrc 400exists, runs 401it; otherwise runs 402.Xr xauth 1 . 403The 404.Dq rc 405files are given the X11 406authentication protocol and cookie (if applicable) in standard input. 407See 408.Sx SSHRC , 409below. 410.It 411Runs user's shell or command. 412.El 413.Sh SSHRC 414If the file 415.Pa ~/.ssh/rc 416exists, 417.Xr sh 1 418runs it after reading the 419environment files but before starting the user's shell or command. 420It must not produce any output on stdout; stderr must be used 421instead. 422If X11 forwarding is in use, it will receive the "proto cookie" pair in 423its standard input (and 424.Ev DISPLAY 425in its environment). 426The script must call 427.Xr xauth 1 428because 429.Nm 430will not run xauth automatically to add X11 cookies. 431.Pp 432The primary purpose of this file is to run any initialization routines 433which may be needed before the user's home directory becomes 434accessible; AFS is a particular example of such an environment. 435.Pp 436This file will probably contain some initialization code followed by 437something similar to: 438.Bd -literal -offset 3n 439if read proto cookie && [ -n "$DISPLAY" ]; then 440 if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then 441 # X11UseLocalhost=yes 442 echo add unix:`echo $DISPLAY | 443 cut -c11-` $proto $cookie 444 else 445 # X11UseLocalhost=no 446 echo add $DISPLAY $proto $cookie 447 fi | xauth -q - 448fi 449.Ed 450.Pp 451If this file does not exist, 452.Pa /etc/ssh/sshrc 453is run, and if that 454does not exist either, xauth is used to add the cookie. 455.Sh AUTHORIZED_KEYS FILE FORMAT 456.Cm AuthorizedKeysFile 457specifies the file containing public keys for 458public key authentication; 459if none is specified, the default is 460.Pa ~/.ssh/authorized_keys . 461Each line of the file contains one 462key (empty lines and lines starting with a 463.Ql # 464are ignored as 465comments). 466Protocol 1 public keys consist of the following space-separated fields: 467options, bits, exponent, modulus, comment. 468Protocol 2 public key consist of: 469options, keytype, base64-encoded key, comment. 470The options field is optional; 471its presence is determined by whether the line starts 472with a number or not (the options field never starts with a number). 473The bits, exponent, modulus, and comment fields give the RSA key for 474protocol version 1; the 475comment field is not used for anything (but may be convenient for the 476user to identify the key). 477For protocol version 2 the keytype is 478.Dq ssh-dss 479or 480.Dq ssh-rsa . 481.Pp 482Note that lines in this file are usually several hundred bytes long 483(because of the size of the public key encoding) up to a limit of 4848 kilobytes, which permits DSA keys up to 8 kilobits and RSA 485keys up to 16 kilobits. 486You don't want to type them in; instead, copy the 487.Pa identity.pub , 488.Pa id_dsa.pub , 489or the 490.Pa id_rsa.pub 491file and edit it. 492.Pp 493.Nm 494enforces a minimum RSA key modulus size for protocol 1 495and protocol 2 keys of 768 bits. 496.Pp 497The options (if present) consist of comma-separated option 498specifications. 499No spaces are permitted, except within double quotes. 500The following option specifications are supported (note 501that option keywords are case-insensitive): 502.Bl -tag -width Ds 503.It Cm command="command" 504Specifies that the command is executed whenever this key is used for 505authentication. 506The command supplied by the user (if any) is ignored. 507The command is run on a pty if the client requests a pty; 508otherwise it is run without a tty. 509If an 8-bit clean channel is required, 510one must not request a pty or should specify 511.Cm no-pty . 512A quote may be included in the command by quoting it with a backslash. 513This option might be useful 514to restrict certain public keys to perform just a specific operation. 515An example might be a key that permits remote backups but nothing else. 516Note that the client may specify TCP and/or X11 517forwarding unless they are explicitly prohibited. 518The command originally supplied by the client is available in the 519.Ev SSH_ORIGINAL_COMMAND 520environment variable. 521Note that this option applies to shell, command or subsystem execution. 522.It Cm environment="NAME=value" 523Specifies that the string is to be added to the environment when 524logging in using this key. 525Environment variables set this way 526override other default environment values. 527Multiple options of this type are permitted. 528Environment processing is disabled by default and is 529controlled via the 530.Cm PermitUserEnvironment 531option. 532This option is automatically disabled if 533.Cm UseLogin 534is enabled. 535.It Cm from="pattern-list" 536Specifies that in addition to public key authentication, either the canonical 537name of the remote host or its IP address must be present in the 538comma-separated list of patterns. 539See 540.Sx PATTERNS 541in 542.Xr ssh_config 5 543for more information on patterns. 544.Pp 545In addition to the wildcard matching that may be applied to hostnames or 546addresses, a 547.Cm from 548stanza may match IP addressess using CIDR address/masklen notation. 549.Pp 550The purpose of this option is to optionally increase security: public key 551authentication by itself does not trust the network or name servers or 552anything (but the key); however, if somebody somehow steals the key, the key 553permits an intruder to log in from anywhere in the world. 554This additional option makes using a stolen key more difficult (name 555servers and/or routers would have to be compromised in addition to 556just the key). 557.It Cm no-agent-forwarding 558Forbids authentication agent forwarding when this key is used for 559authentication. 560.It Cm no-port-forwarding 561Forbids TCP forwarding when this key is used for authentication. 562Any port forward requests by the client will return an error. 563This might be used, e.g. in connection with the 564.Cm command 565option. 566.It Cm no-pty 567Prevents tty allocation (a request to allocate a pty will fail). 568.It Cm no-user-rc 569Disables execution of 570.Pa ~/.ssh/rc . 571.It Cm no-X11-forwarding 572Forbids X11 forwarding when this key is used for authentication. 573Any X11 forward requests by the client will return an error. 574.It Cm permitopen="host:port" 575Limit local 576.Li ``ssh -L'' 577port forwarding such that it may only connect to the specified host and 578port. 579IPv6 addresses can be specified with an alternative syntax: 580.Ar host Ns / Ns Ar port . 581Multiple 582.Cm permitopen 583options may be applied separated by commas. 584No pattern matching is performed on the specified hostnames, 585they must be literal domains or addresses. 586.It Cm tunnel="n" 587Force a 588.Xr tun 4 589device on the server. 590Without this option, the next available device will be used if 591the client requests a tunnel. 592.El 593.Pp 594An example authorized_keys file: 595.Bd -literal -offset 3n 596# Comments allowed at start of line 597ssh-rsa AAAAB3Nza...LiPk== user@example.net 598from="*.sales.example.net,!pc.sales.example.net" ssh-rsa 599AAAAB2...19Q== john@example.net 600command="dump /home",no-pty,no-port-forwarding ssh-dss 601AAAAC3...51R== example.net 602permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss 603AAAAB5...21S== 604tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== 605jane@example.net 606.Ed 607.Sh SSH_KNOWN_HOSTS FILE FORMAT 608The 609.Pa /etc/ssh/ssh_known_hosts 610and 611.Pa ~/.ssh/known_hosts 612files contain host public keys for all known hosts. 613The global file should 614be prepared by the administrator (optional), and the per-user file is 615maintained automatically: whenever the user connects from an unknown host, 616its key is added to the per-user file. 617.Pp 618Each line in these files contains the following fields: hostnames, 619bits, exponent, modulus, comment. 620The fields are separated by spaces. 621.Pp 622Hostnames is a comma-separated list of patterns 623.Pf ( Ql * 624and 625.Ql \&? 626act as 627wildcards); each pattern in turn is matched against the canonical host 628name (when authenticating a client) or against the user-supplied 629name (when authenticating a server). 630A pattern may also be preceded by 631.Ql \&! 632to indicate negation: if the host name matches a negated 633pattern, it is not accepted (by that line) even if it matched another 634pattern on the line. 635A hostname or address may optionally be enclosed within 636.Ql \&[ 637and 638.Ql \&] 639brackets then followed by 640.Ql \&: 641and a non-standard port number. 642.Pp 643Alternately, hostnames may be stored in a hashed form which hides host names 644and addresses should the file's contents be disclosed. 645Hashed hostnames start with a 646.Ql | 647character. 648Only one hashed hostname may appear on a single line and none of the above 649negation or wildcard operators may be applied. 650.Pp 651Bits, exponent, and modulus are taken directly from the RSA host key; they 652can be obtained, for example, from 653.Pa /etc/ssh/ssh_host_key.pub . 654The optional comment field continues to the end of the line, and is not used. 655.Pp 656Lines starting with 657.Ql # 658and empty lines are ignored as comments. 659.Pp 660When performing host authentication, authentication is accepted if any 661matching line has the proper key. 662It is thus permissible (but not 663recommended) to have several lines or different host keys for the same 664names. 665This will inevitably happen when short forms of host names 666from different domains are put in the file. 667It is possible 668that the files contain conflicting information; authentication is 669accepted if valid information can be found from either file. 670.Pp 671Note that the lines in these files are typically hundreds of characters 672long, and you definitely don't want to type in the host keys by hand. 673Rather, generate them by a script 674or by taking 675.Pa /etc/ssh/ssh_host_key.pub 676and adding the host names at the front. 677.Pp 678An example ssh_known_hosts file: 679.Bd -literal -offset 3n 680# Comments allowed at start of line 681closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net 682cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= 683# A hashed hostname 684|1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa 685AAAA1234.....= 686.Ed 687.Sh FILES 688.Bl -tag -width Ds -compact 689.It ~/.hushlogin 690This file is used to suppress printing the last login time and 691.Pa /etc/motd , 692if 693.Cm PrintLastLog 694and 695.Cm PrintMotd , 696respectively, 697are enabled. 698It does not suppress printing of the banner specified by 699.Cm Banner . 700.Pp 701.It ~/.rhosts 702This file is used for host-based authentication (see 703.Xr ssh 1 704for more information). 705On some machines this file may need to be 706world-readable if the user's home directory is on an NFS partition, 707because 708.Nm 709reads it as root. 710Additionally, this file must be owned by the user, 711and must not have write permissions for anyone else. 712The recommended 713permission for most machines is read/write for the user, and not 714accessible by others. 715.Pp 716.It ~/.shosts 717This file is used in exactly the same way as 718.Pa .rhosts , 719but allows host-based authentication without permitting login with 720rlogin/rsh. 721.Pp 722.It ~/.ssh/ 723This directory is the default location for all user-specific configuration 724and authentication information. 725There is no general requirement to keep the entire contents of this directory 726secret, but the recommended permissions are read/write/execute for the user, 727and not accessible by others. 728.Pp 729.It ~/.ssh/authorized_keys 730Lists the public keys (RSA/DSA) that can be used for logging in as this user. 731The format of this file is described above. 732The content of the file is not highly sensitive, but the recommended 733permissions are read/write for the user, and not accessible by others. 734.Pp 735If this file, the 736.Pa ~/.ssh 737directory, or the user's home directory are writable 738by other users, then the file could be modified or replaced by unauthorized 739users. 740In this case, 741.Nm 742will not allow it to be used unless the 743.Cm StrictModes 744option has been set to 745.Dq no . 746.Pp 747.It ~/.ssh/environment 748This file is read into the environment at login (if it exists). 749It can only contain empty lines, comment lines (that start with 750.Ql # ) , 751and assignment lines of the form name=value. 752The file should be writable 753only by the user; it need not be readable by anyone else. 754Environment processing is disabled by default and is 755controlled via the 756.Cm PermitUserEnvironment 757option. 758.Pp 759.It ~/.ssh/known_hosts 760Contains a list of host keys for all hosts the user has logged into 761that are not already in the systemwide list of known host keys. 762The format of this file is described above. 763This file should be writable only by root/the owner and 764can, but need not be, world-readable. 765.Pp 766.It ~/.ssh/rc 767Contains initialization routines to be run before 768the user's home directory becomes accessible. 769This file should be writable only by the user, and need not be 770readable by anyone else. 771.Pp 772.It /etc/hosts.allow 773.It /etc/hosts.deny 774Access controls that should be enforced by tcp-wrappers are defined here. 775Further details are described in 776.Xr hosts_access 5 . 777.Pp 778.It /etc/hosts.equiv 779This file is for host-based authentication (see 780.Xr ssh 1 ) . 781It should only be writable by root. 782.Pp 783.It /etc/ssh/moduli 784Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". 785The file format is described in 786.Xr moduli 5 . 787.Pp 788.It /etc/motd 789See 790.Xr motd 5 . 791.Pp 792.It /etc/nologin 793If this file exists, 794.Nm 795refuses to let anyone except root log in. 796The contents of the file 797are displayed to anyone trying to log in, and non-root connections are 798refused. 799The file should be world-readable. 800.Pp 801.It /etc/ssh/shosts.equiv 802This file is used in exactly the same way as 803.Pa hosts.equiv , 804but allows host-based authentication without permitting login with 805rlogin/rsh. 806.Pp 807.It /etc/ssh/ssh_host_key 808.It /etc/ssh/ssh_host_dsa_key 809.It /etc/ssh/ssh_host_rsa_key 810These three files contain the private parts of the host keys. 811These files should only be owned by root, readable only by root, and not 812accessible to others. 813Note that 814.Nm 815does not start if these files are group/world-accessible. 816.Pp 817.It /etc/ssh/ssh_host_key.pub 818.It /etc/ssh/ssh_host_dsa_key.pub 819.It /etc/ssh/ssh_host_rsa_key.pub 820These three files contain the public parts of the host keys. 821These files should be world-readable but writable only by 822root. 823Their contents should match the respective private parts. 824These files are not 825really used for anything; they are provided for the convenience of 826the user so their contents can be copied to known hosts files. 827These files are created using 828.Xr ssh-keygen 1 . 829.Pp 830.It /etc/ssh/ssh_known_hosts 831Systemwide list of known host keys. 832This file should be prepared by the 833system administrator to contain the public host keys of all machines in the 834organization. 835The format of this file is described above. 836This file should be writable only by root/the owner and 837should be world-readable. 838.Pp 839.It /etc/ssh/sshd_config 840Contains configuration data for 841.Nm sshd . 842The file format and configuration options are described in 843.Xr sshd_config 5 . 844.Pp 845.It /etc/ssh/sshrc 846Similar to 847.Pa ~/.ssh/rc , 848it can be used to specify 849machine-specific login-time initializations globally. 850This file should be writable only by root, and should be world-readable. 851.Pp 852.It /var/empty 853.Xr chroot 2 854directory used by 855.Nm 856during privilege separation in the pre-authentication phase. 857The directory should not contain any files and must be owned by root 858and not group or world-writable. 859.Pp 860.It /var/run/sshd.pid 861Contains the process ID of the 862.Nm 863listening for connections (if there are several daemons running 864concurrently for different ports, this contains the process ID of the one 865started last). 866The content of this file is not sensitive; it can be world-readable. 867.El 868.Sh SEE ALSO 869.Xr scp 1 , 870.Xr sftp 1 , 871.Xr ssh 1 , 872.Xr ssh-add 1 , 873.Xr ssh-agent 1 , 874.Xr ssh-keygen 1 , 875.Xr ssh-keyscan 1 , 876.Xr chroot 2 , 877.Xr hosts_access 5 , 878.Xr login.conf 5 , 879.Xr moduli 5 , 880.Xr sshd_config 5 , 881.Xr inetd 8 , 882.Xr sftp-server 8 883.Sh AUTHORS 884OpenSSH is a derivative of the original and free 885ssh 1.2.12 release by Tatu Ylonen. 886Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 887Theo de Raadt and Dug Song 888removed many bugs, re-added newer features and 889created OpenSSH. 890Markus Friedl contributed the support for SSH 891protocol versions 1.5 and 2.0. 892Niels Provos and Markus Friedl contributed support 893for privilege separation. 894.Sh CAVEATS 895System security is not improved unless 896.Nm rshd , 897.Nm rlogind , 898and 899.Nm rexecd 900are disabled (thus completely disabling 901.Xr rlogin 902and 903.Xr rsh 904into the machine). 905