1.\" 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" All rights reserved 5.\" 6.\" As far as I am concerned, the code I have written for this software 7.\" can be used freely for any purpose. Any derived versions of this 8.\" software must be clearly marked as such, and if the derived work is 9.\" incompatible with the protocol description in the RFC file, it must be 10.\" called by a name other than "ssh" or "Secure Shell". 11.\" 12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 15.\" 16.\" Redistribution and use in source and binary forms, with or without 17.\" modification, are permitted provided that the following conditions 18.\" are met: 19.\" 1. Redistributions of source code must retain the above copyright 20.\" notice, this list of conditions and the following disclaimer. 21.\" 2. Redistributions in binary form must reproduce the above copyright 22.\" notice, this list of conditions and the following disclaimer in the 23.\" documentation and/or other materials provided with the distribution. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" $OpenBSD: sshd_config.5,v 1.176 2014/07/28 15:40:08 schwarze Exp $ 37.Dd $Mdocdate: July 28 2014 $ 38.Dt SSHD_CONFIG 5 39.Os 40.Sh NAME 41.Nm sshd_config 42.Nd OpenSSH SSH daemon configuration file 43.Sh SYNOPSIS 44.Nm /etc/ssh/sshd_config 45.Sh DESCRIPTION 46.Xr sshd 8 47reads configuration data from 48.Pa /etc/ssh/sshd_config 49(or the file specified with 50.Fl f 51on the command line). 52The file contains keyword-argument pairs, one per line. 53Lines starting with 54.Ql # 55and empty lines are interpreted as comments. 56Arguments may optionally be enclosed in double quotes 57.Pq \&" 58in order to represent arguments containing spaces. 59.Pp 60The possible 61keywords and their meanings are as follows (note that 62keywords are case-insensitive and arguments are case-sensitive): 63.Bl -tag -width Ds 64.It Cm AcceptEnv 65Specifies what environment variables sent by the client will be copied into 66the session's 67.Xr environ 7 . 68See 69.Cm SendEnv 70in 71.Xr ssh_config 5 72for how to configure the client. 73Note that environment passing is only supported for protocol 2. 74Variables are specified by name, which may contain the wildcard characters 75.Ql * 76and 77.Ql \&? . 78Multiple environment variables may be separated by whitespace or spread 79across multiple 80.Cm AcceptEnv 81directives. 82Be warned that some environment variables could be used to bypass restricted 83user environments. 84For this reason, care should be taken in the use of this directive. 85The default is not to accept any environment variables. 86.It Cm AddressFamily 87Specifies which address family should be used by 88.Xr sshd 8 . 89Valid arguments are 90.Dq any , 91.Dq inet 92(use IPv4 only), or 93.Dq inet6 94(use IPv6 only). 95The default is 96.Dq any . 97.It Cm AllowAgentForwarding 98Specifies whether 99.Xr ssh-agent 1 100forwarding is permitted. 101The default is 102.Dq yes . 103Note that disabling agent forwarding does not improve security 104unless users are also denied shell access, as they can always install 105their own forwarders. 106.It Cm AllowGroups 107This keyword can be followed by a list of group name patterns, separated 108by spaces. 109If specified, login is allowed only for users whose primary 110group or supplementary group list matches one of the patterns. 111Only group names are valid; a numerical group ID is not recognized. 112By default, login is allowed for all groups. 113The allow/deny directives are processed in the following order: 114.Cm DenyUsers , 115.Cm AllowUsers , 116.Cm DenyGroups , 117and finally 118.Cm AllowGroups . 119.Pp 120See PATTERNS in 121.Xr ssh_config 5 122for more information on patterns. 123.It Cm AllowTcpForwarding 124Specifies whether TCP forwarding is permitted. 125The available options are 126.Dq yes 127or 128.Dq all 129to allow TCP forwarding, 130.Dq no 131to prevent all TCP forwarding, 132.Dq local 133to allow local (from the perspective of 134.Xr ssh 1 ) 135forwarding only or 136.Dq remote 137to allow remote forwarding only. 138The default is 139.Dq yes . 140Note that disabling TCP forwarding does not improve security unless 141users are also denied shell access, as they can always install their 142own forwarders. 143.It Cm AllowStreamLocalForwarding 144Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. 145The available options are 146.Dq yes 147or 148.Dq all 149to allow StreamLocal forwarding, 150.Dq no 151to prevent all StreamLocal forwarding, 152.Dq local 153to allow local (from the perspective of 154.Xr ssh 1 ) 155forwarding only or 156.Dq remote 157to allow remote forwarding only. 158The default is 159.Dq yes . 160Note that disabling StreamLocal forwarding does not improve security unless 161users are also denied shell access, as they can always install their 162own forwarders. 163.It Cm AllowUsers 164This keyword can be followed by a list of user name patterns, separated 165by spaces. 166If specified, login is allowed only for user names that 167match one of the patterns. 168Only user names are valid; a numerical user ID is not recognized. 169By default, login is allowed for all users. 170If the pattern takes the form USER@HOST then USER and HOST 171are separately checked, restricting logins to particular 172users from particular hosts. 173The allow/deny directives are processed in the following order: 174.Cm DenyUsers , 175.Cm AllowUsers , 176.Cm DenyGroups , 177and finally 178.Cm AllowGroups . 179.Pp 180See PATTERNS in 181.Xr ssh_config 5 182for more information on patterns. 183.It Cm AuthenticationMethods 184Specifies the authentication methods that must be successfully completed 185for a user to be granted access. 186This option must be followed by one or more comma-separated lists of 187authentication method names. 188Successful authentication requires completion of every method in at least 189one of these lists. 190.Pp 191For example, an argument of 192.Dq publickey,password publickey,keyboard-interactive 193would require the user to complete public key authentication, followed by 194either password or keyboard interactive authentication. 195Only methods that are next in one or more lists are offered at each stage, 196so for this example, it would not be possible to attempt password or 197keyboard-interactive authentication before public key. 198.Pp 199For keyboard interactive authentication it is also possible to 200restrict authentication to a specific device by appending a 201colon followed by the device identifier 202.Dq bsdauth , 203.Dq pam , 204or 205.Dq skey , 206depending on the server configuration. 207For example, 208.Dq keyboard-interactive:bsdauth 209would restrict keyboard interactive authentication to the 210.Dq bsdauth 211device. 212.Pp 213This option is only available for SSH protocol 2 and will yield a fatal 214error if enabled if protocol 1 is also enabled. 215Note that each authentication method listed should also be explicitly enabled 216in the configuration. 217The default is not to require multiple authentication; successful completion 218of a single authentication method is sufficient. 219.It Cm AuthorizedKeysCommand 220Specifies a program to be used to look up the user's public keys. 221The program must be owned by root and not writable by group or others. 222It will be invoked with a single argument of the username 223being authenticated, and should produce on standard output zero or 224more lines of authorized_keys output (see AUTHORIZED_KEYS in 225.Xr sshd 8 ) . 226If a key supplied by AuthorizedKeysCommand does not successfully authenticate 227and authorize the user then public key authentication continues using the usual 228.Cm AuthorizedKeysFile 229files. 230By default, no AuthorizedKeysCommand is run. 231.It Cm AuthorizedKeysCommandUser 232Specifies the user under whose account the AuthorizedKeysCommand is run. 233It is recommended to use a dedicated user that has no other role on the host 234than running authorized keys commands. 235.It Cm AuthorizedKeysFile 236Specifies the file that contains the public keys that can be used 237for user authentication. 238The format is described in the 239AUTHORIZED_KEYS FILE FORMAT 240section of 241.Xr sshd 8 . 242.Cm AuthorizedKeysFile 243may contain tokens of the form %T which are substituted during connection 244setup. 245The following tokens are defined: %% is replaced by a literal '%', 246%h is replaced by the home directory of the user being authenticated, and 247%u is replaced by the username of that user. 248After expansion, 249.Cm AuthorizedKeysFile 250is taken to be an absolute path or one relative to the user's home 251directory. 252Multiple files may be listed, separated by whitespace. 253The default is 254.Dq .ssh/authorized_keys .ssh/authorized_keys2 . 255.It Cm AuthorizedPrincipalsFile 256Specifies a file that lists principal names that are accepted for 257certificate authentication. 258When using certificates signed by a key listed in 259.Cm TrustedUserCAKeys , 260this file lists names, one of which must appear in the certificate for it 261to be accepted for authentication. 262Names are listed one per line preceded by key options (as described 263in AUTHORIZED_KEYS FILE FORMAT in 264.Xr sshd 8 ) . 265Empty lines and comments starting with 266.Ql # 267are ignored. 268.Pp 269.Cm AuthorizedPrincipalsFile 270may contain tokens of the form %T which are substituted during connection 271setup. 272The following tokens are defined: %% is replaced by a literal '%', 273%h is replaced by the home directory of the user being authenticated, and 274%u is replaced by the username of that user. 275After expansion, 276.Cm AuthorizedPrincipalsFile 277is taken to be an absolute path or one relative to the user's home 278directory. 279.Pp 280The default is 281.Dq none , 282i.e. not to use a principals file \(en in this case, the username 283of the user must appear in a certificate's principals list for it to be 284accepted. 285Note that 286.Cm AuthorizedPrincipalsFile 287is only used when authentication proceeds using a CA listed in 288.Cm TrustedUserCAKeys 289and is not consulted for certification authorities trusted via 290.Pa ~/.ssh/authorized_keys , 291though the 292.Cm principals= 293key option offers a similar facility (see 294.Xr sshd 8 295for details). 296.It Cm Banner 297The contents of the specified file are sent to the remote user before 298authentication is allowed. 299If the argument is 300.Dq none 301then no banner is displayed. 302This option is only available for protocol version 2. 303By default, no banner is displayed. 304.It Cm ChallengeResponseAuthentication 305Specifies whether challenge-response authentication is allowed (e.g. via 306PAM or through authentication styles supported in 307.Xr login.conf 5 ) 308The default is 309.Dq yes . 310.It Cm ChrootDirectory 311Specifies the pathname of a directory to 312.Xr chroot 2 313to after authentication. 314All components of the pathname must be root-owned directories that are 315not writable by any other user or group. 316After the chroot, 317.Xr sshd 8 318changes the working directory to the user's home directory. 319.Pp 320The pathname may contain the following tokens that are expanded at runtime once 321the connecting user has been authenticated: %% is replaced by a literal '%', 322%h is replaced by the home directory of the user being authenticated, and 323%u is replaced by the username of that user. 324.Pp 325The 326.Cm ChrootDirectory 327must contain the necessary files and directories to support the 328user's session. 329For an interactive session this requires at least a shell, typically 330.Xr sh 1 , 331and basic 332.Pa /dev 333nodes such as 334.Xr null 4 , 335.Xr zero 4 , 336.Xr stdin 4 , 337.Xr stdout 4 , 338.Xr stderr 4 , 339.Xr arandom 4 340and 341.Xr tty 4 342devices. 343For file transfer sessions using 344.Dq sftp , 345no additional configuration of the environment is necessary if the 346in-process sftp server is used, 347though sessions which use logging may require 348.Pa /dev/log 349inside the chroot directory on some operating systems (see 350.Xr sftp-server 8 351for details). 352.Pp 353The default is not to 354.Xr chroot 2 . 355.It Cm Ciphers 356Specifies the ciphers allowed for protocol version 2. 357Multiple ciphers must be comma-separated. 358The supported ciphers are: 359.Pp 360.Bl -item -compact -offset indent 361.It 3623des-cbc 363.It 364aes128-cbc 365.It 366aes192-cbc 367.It 368aes256-cbc 369.It 370aes128-ctr 371.It 372aes192-ctr 373.It 374aes256-ctr 375.It 376aes128-gcm@openssh.com 377.It 378aes256-gcm@openssh.com 379.It 380arcfour 381.It 382arcfour128 383.It 384arcfour256 385.It 386blowfish-cbc 387.It 388cast128-cbc 389.It 390chacha20-poly1305@openssh.com 391.El 392.Pp 393The default is: 394.Bd -literal -offset indent 395aes128-ctr,aes192-ctr,aes256-ctr, 396aes128-gcm@openssh.com,aes256-gcm@openssh.com, 397chacha20-poly1305@openssh.com 398.Ed 399.Pp 400The list of available ciphers may also be obtained using the 401.Fl Q 402option of 403.Xr ssh 1 . 404.It Cm ClientAliveCountMax 405Sets the number of client alive messages (see below) which may be 406sent without 407.Xr sshd 8 408receiving any messages back from the client. 409If this threshold is reached while client alive messages are being sent, 410sshd will disconnect the client, terminating the session. 411It is important to note that the use of client alive messages is very 412different from 413.Cm TCPKeepAlive 414(below). 415The client alive messages are sent through the encrypted channel 416and therefore will not be spoofable. 417The TCP keepalive option enabled by 418.Cm TCPKeepAlive 419is spoofable. 420The client alive mechanism is valuable when the client or 421server depend on knowing when a connection has become inactive. 422.Pp 423The default value is 3. 424If 425.Cm ClientAliveInterval 426(see below) is set to 15, and 427.Cm ClientAliveCountMax 428is left at the default, unresponsive SSH clients 429will be disconnected after approximately 45 seconds. 430This option applies to protocol version 2 only. 431.It Cm ClientAliveInterval 432Sets a timeout interval in seconds after which if no data has been received 433from the client, 434.Xr sshd 8 435will send a message through the encrypted 436channel to request a response from the client. 437The default 438is 0, indicating that these messages will not be sent to the client. 439This option applies to protocol version 2 only. 440.It Cm Compression 441Specifies whether compression is allowed, or delayed until 442the user has authenticated successfully. 443The argument must be 444.Dq yes , 445.Dq delayed , 446or 447.Dq no . 448The default is 449.Dq delayed . 450.It Cm DenyGroups 451This keyword can be followed by a list of group name patterns, separated 452by spaces. 453Login is disallowed for users whose primary group or supplementary 454group list matches one of the patterns. 455Only group names are valid; a numerical group ID is not recognized. 456By default, login is allowed for all groups. 457The allow/deny directives are processed in the following order: 458.Cm DenyUsers , 459.Cm AllowUsers , 460.Cm DenyGroups , 461and finally 462.Cm AllowGroups . 463.Pp 464See PATTERNS in 465.Xr ssh_config 5 466for more information on patterns. 467.It Cm DenyUsers 468This keyword can be followed by a list of user name patterns, separated 469by spaces. 470Login is disallowed for user names that match one of the patterns. 471Only user names are valid; a numerical user ID is not recognized. 472By default, login is allowed for all users. 473If the pattern takes the form USER@HOST then USER and HOST 474are separately checked, restricting logins to particular 475users from particular hosts. 476The allow/deny directives are processed in the following order: 477.Cm DenyUsers , 478.Cm AllowUsers , 479.Cm DenyGroups , 480and finally 481.Cm AllowGroups . 482.Pp 483See PATTERNS in 484.Xr ssh_config 5 485for more information on patterns. 486.It Cm ForceCommand 487Forces the execution of the command specified by 488.Cm ForceCommand , 489ignoring any command supplied by the client and 490.Pa ~/.ssh/rc 491if present. 492The command is invoked by using the user's login shell with the -c option. 493This applies to shell, command, or subsystem execution. 494It is most useful inside a 495.Cm Match 496block. 497The command originally supplied by the client is available in the 498.Ev SSH_ORIGINAL_COMMAND 499environment variable. 500Specifying a command of 501.Dq internal-sftp 502will force the use of an in-process sftp server that requires no support 503files when used with 504.Cm ChrootDirectory . 505.It Cm GatewayPorts 506Specifies whether remote hosts are allowed to connect to ports 507forwarded for the client. 508By default, 509.Xr sshd 8 510binds remote port forwardings to the loopback address. 511This prevents other remote hosts from connecting to forwarded ports. 512.Cm GatewayPorts 513can be used to specify that sshd 514should allow remote port forwardings to bind to non-loopback addresses, thus 515allowing other hosts to connect. 516The argument may be 517.Dq no 518to force remote port forwardings to be available to the local host only, 519.Dq yes 520to force remote port forwardings to bind to the wildcard address, or 521.Dq clientspecified 522to allow the client to select the address to which the forwarding is bound. 523The default is 524.Dq no . 525.It Cm GSSAPIAuthentication 526Specifies whether user authentication based on GSSAPI is allowed. 527The default is 528.Dq no . 529Note that this option applies to protocol version 2 only. 530.It Cm GSSAPICleanupCredentials 531Specifies whether to automatically destroy the user's credentials cache 532on logout. 533The default is 534.Dq yes . 535Note that this option applies to protocol version 2 only. 536.It Cm HostbasedAuthentication 537Specifies whether rhosts or /etc/hosts.equiv authentication together 538with successful public key client host authentication is allowed 539(host-based authentication). 540This option is similar to 541.Cm RhostsRSAAuthentication 542and applies to protocol version 2 only. 543The default is 544.Dq no . 545.It Cm HostbasedUsesNameFromPacketOnly 546Specifies whether or not the server will attempt to perform a reverse 547name lookup when matching the name in the 548.Pa ~/.shosts , 549.Pa ~/.rhosts , 550and 551.Pa /etc/hosts.equiv 552files during 553.Cm HostbasedAuthentication . 554A setting of 555.Dq yes 556means that 557.Xr sshd 8 558uses the name supplied by the client rather than 559attempting to resolve the name from the TCP connection itself. 560The default is 561.Dq no . 562.It Cm HostCertificate 563Specifies a file containing a public host certificate. 564The certificate's public key must match a private host key already specified 565by 566.Cm HostKey . 567The default behaviour of 568.Xr sshd 8 569is not to load any certificates. 570.It Cm HostKey 571Specifies a file containing a private host key 572used by SSH. 573The default is 574.Pa /etc/ssh/ssh_host_key 575for protocol version 1, and 576.Pa /etc/ssh/ssh_host_dsa_key , 577.Pa /etc/ssh/ssh_host_ecdsa_key , 578.Pa /etc/ssh/ssh_host_ed25519_key 579and 580.Pa /etc/ssh/ssh_host_rsa_key 581for protocol version 2. 582Note that 583.Xr sshd 8 584will refuse to use a file if it is group/world-accessible. 585It is possible to have multiple host key files. 586.Dq rsa1 587keys are used for version 1 and 588.Dq dsa , 589.Dq ecdsa , 590.Dq ed25519 591or 592.Dq rsa 593are used for version 2 of the SSH protocol. 594It is also possible to specify public host key files instead. 595In this case operations on the private key will be delegated 596to an 597.Xr ssh-agent 1 . 598.It Cm HostKeyAgent 599Identifies the UNIX-domain socket used to communicate 600with an agent that has access to the private host keys. 601If 602.Dq SSH_AUTH_SOCK 603is specified, the location of the socket will be read from the 604.Ev SSH_AUTH_SOCK 605environment variable. 606.It Cm IgnoreRhosts 607Specifies that 608.Pa .rhosts 609and 610.Pa .shosts 611files will not be used in 612.Cm RhostsRSAAuthentication 613or 614.Cm HostbasedAuthentication . 615.Pp 616.Pa /etc/hosts.equiv 617and 618.Pa /etc/ssh/shosts.equiv 619are still used. 620The default is 621.Dq yes . 622.It Cm IgnoreUserKnownHosts 623Specifies whether 624.Xr sshd 8 625should ignore the user's 626.Pa ~/.ssh/known_hosts 627during 628.Cm RhostsRSAAuthentication 629or 630.Cm HostbasedAuthentication . 631The default is 632.Dq no . 633.It Cm IPQoS 634Specifies the IPv4 type-of-service or DSCP class for the connection. 635Accepted values are 636.Dq af11 , 637.Dq af12 , 638.Dq af13 , 639.Dq af21 , 640.Dq af22 , 641.Dq af23 , 642.Dq af31 , 643.Dq af32 , 644.Dq af33 , 645.Dq af41 , 646.Dq af42 , 647.Dq af43 , 648.Dq cs0 , 649.Dq cs1 , 650.Dq cs2 , 651.Dq cs3 , 652.Dq cs4 , 653.Dq cs5 , 654.Dq cs6 , 655.Dq cs7 , 656.Dq ef , 657.Dq lowdelay , 658.Dq throughput , 659.Dq reliability , 660or a numeric value. 661This option may take one or two arguments, separated by whitespace. 662If one argument is specified, it is used as the packet class unconditionally. 663If two values are specified, the first is automatically selected for 664interactive sessions and the second for non-interactive sessions. 665The default is 666.Dq lowdelay 667for interactive sessions and 668.Dq throughput 669for non-interactive sessions. 670.It Cm KbdInteractiveAuthentication 671Specifies whether to allow keyboard-interactive authentication. 672The argument to this keyword must be 673.Dq yes 674or 675.Dq no . 676The default is to use whatever value 677.Cm ChallengeResponseAuthentication 678is set to 679(by default 680.Dq yes ) . 681.It Cm KerberosAuthentication 682Specifies whether the password provided by the user for 683.Cm PasswordAuthentication 684will be validated through the Kerberos KDC. 685To use this option, the server needs a 686Kerberos servtab which allows the verification of the KDC's identity. 687The default is 688.Dq no . 689.It Cm KerberosGetAFSToken 690If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire 691an AFS token before accessing the user's home directory. 692The default is 693.Dq no . 694.It Cm KerberosOrLocalPasswd 695If password authentication through Kerberos fails then 696the password will be validated via any additional local mechanism 697such as 698.Pa /etc/passwd . 699The default is 700.Dq yes . 701.It Cm KerberosTicketCleanup 702Specifies whether to automatically destroy the user's ticket cache 703file on logout. 704The default is 705.Dq yes . 706.It Cm KexAlgorithms 707Specifies the available KEX (Key Exchange) algorithms. 708Multiple algorithms must be comma-separated. 709The supported algorithms are: 710.Pp 711.Bl -item -compact -offset indent 712.It 713curve25519-sha256@libssh.org 714.It 715diffie-hellman-group1-sha1 716.It 717diffie-hellman-group14-sha1 718.It 719diffie-hellman-group-exchange-sha1 720.It 721diffie-hellman-group-exchange-sha256 722.It 723ecdh-sha2-nistp256 724.It 725ecdh-sha2-nistp384 726.It 727ecdh-sha2-nistp521 728.El 729.Pp 730The default is: 731.Bd -literal -offset indent 732curve25519-sha256@libssh.org, 733ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 734diffie-hellman-group-exchange-sha256, 735diffie-hellman-group14-sha1 736.Ed 737.It Cm KeyRegenerationInterval 738In protocol version 1, the ephemeral server key is automatically regenerated 739after this many seconds (if it has been used). 740The purpose of regeneration is to prevent 741decrypting captured sessions by later breaking into the machine and 742stealing the keys. 743The key is never stored anywhere. 744If the value is 0, the key is never regenerated. 745The default is 3600 (seconds). 746.It Cm ListenAddress 747Specifies the local addresses 748.Xr sshd 8 749should listen on. 750The following forms may be used: 751.Pp 752.Bl -item -offset indent -compact 753.It 754.Cm ListenAddress 755.Sm off 756.Ar host No | Ar IPv4_addr No | Ar IPv6_addr 757.Sm on 758.It 759.Cm ListenAddress 760.Sm off 761.Ar host No | Ar IPv4_addr No : Ar port 762.Sm on 763.It 764.Cm ListenAddress 765.Sm off 766.Oo 767.Ar host No | Ar IPv6_addr Oc : Ar port 768.Sm on 769.El 770.Pp 771If 772.Ar port 773is not specified, 774sshd will listen on the address and all prior 775.Cm Port 776options specified. 777The default is to listen on all local addresses. 778Multiple 779.Cm ListenAddress 780options are permitted. 781Additionally, any 782.Cm Port 783options must precede this option for non-port qualified addresses. 784.It Cm LoginGraceTime 785The server disconnects after this time if the user has not 786successfully logged in. 787If the value is 0, there is no time limit. 788The default is 120 seconds. 789.It Cm LogLevel 790Gives the verbosity level that is used when logging messages from 791.Xr sshd 8 . 792The possible values are: 793QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 794The default is INFO. 795DEBUG and DEBUG1 are equivalent. 796DEBUG2 and DEBUG3 each specify higher levels of debugging output. 797Logging with a DEBUG level violates the privacy of users and is not recommended. 798.It Cm MACs 799Specifies the available MAC (message authentication code) algorithms. 800The MAC algorithm is used in protocol version 2 801for data integrity protection. 802Multiple algorithms must be comma-separated. 803The algorithms that contain 804.Dq -etm 805calculate the MAC after encryption (encrypt-then-mac). 806These are considered safer and their use recommended. 807The supported MACs are: 808.Pp 809.Bl -item -compact -offset indent 810.It 811hmac-md5 812.It 813hmac-md5-96 814.It 815hmac-ripemd160 816.It 817hmac-sha1 818.It 819hmac-sha1-96 820.It 821hmac-sha2-256 822.It 823hmac-sha2-512 824.It 825umac-64@openssh.com 826.It 827umac-128@openssh.com 828.It 829hmac-md5-etm@openssh.com 830.It 831hmac-md5-96-etm@openssh.com 832.It 833hmac-ripemd160-etm@openssh.com 834.It 835hmac-sha1-etm@openssh.com 836.It 837hmac-sha1-96-etm@openssh.com 838.It 839hmac-sha2-256-etm@openssh.com 840.It 841hmac-sha2-512-etm@openssh.com 842.It 843umac-64-etm@openssh.com 844.It 845umac-128-etm@openssh.com 846.El 847.Pp 848The default is: 849.Bd -literal -offset indent 850umac-64-etm@openssh.com,umac-128-etm@openssh.com, 851hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 852umac-64@openssh.com,umac-128@openssh.com, 853hmac-sha2-256,hmac-sha2-512 854.Ed 855.It Cm Match 856Introduces a conditional block. 857If all of the criteria on the 858.Cm Match 859line are satisfied, the keywords on the following lines override those 860set in the global section of the config file, until either another 861.Cm Match 862line or the end of the file. 863If a keyword appears in multiple 864.Cm Match 865blocks that are satisified, only the first instance of the keyword is 866applied. 867.Pp 868The arguments to 869.Cm Match 870are one or more criteria-pattern pairs or the single token 871.Cm All 872which matches all criteria. 873The available criteria are 874.Cm User , 875.Cm Group , 876.Cm Host , 877.Cm LocalAddress , 878.Cm LocalPort , 879and 880.Cm Address . 881The match patterns may consist of single entries or comma-separated 882lists and may use the wildcard and negation operators described in the 883PATTERNS section of 884.Xr ssh_config 5 . 885.Pp 886The patterns in an 887.Cm Address 888criteria may additionally contain addresses to match in CIDR 889address/masklen format, e.g.\& 890.Dq 192.0.2.0/24 891or 892.Dq 3ffe:ffff::/32 . 893Note that the mask length provided must be consistent with the address - 894it is an error to specify a mask length that is too long for the address 895or one with bits set in this host portion of the address. 896For example, 897.Dq 192.0.2.0/33 898and 899.Dq 192.0.2.0/8 900respectively. 901.Pp 902Only a subset of keywords may be used on the lines following a 903.Cm Match 904keyword. 905Available keywords are 906.Cm AcceptEnv , 907.Cm AllowAgentForwarding , 908.Cm AllowGroups , 909.Cm AllowTcpForwarding , 910.Cm AllowUsers , 911.Cm AuthenticationMethods , 912.Cm AuthorizedKeysCommand , 913.Cm AuthorizedKeysCommandUser , 914.Cm AuthorizedKeysFile , 915.Cm AuthorizedPrincipalsFile , 916.Cm Banner , 917.Cm ChrootDirectory , 918.Cm DenyGroups , 919.Cm DenyUsers , 920.Cm ForceCommand , 921.Cm GatewayPorts , 922.Cm GSSAPIAuthentication , 923.Cm HostbasedAuthentication , 924.Cm HostbasedUsesNameFromPacketOnly , 925.Cm KbdInteractiveAuthentication , 926.Cm KerberosAuthentication , 927.Cm MaxAuthTries , 928.Cm MaxSessions , 929.Cm PasswordAuthentication , 930.Cm PermitEmptyPasswords , 931.Cm PermitOpen , 932.Cm PermitRootLogin , 933.Cm PermitTTY , 934.Cm PermitTunnel , 935.Cm PermitUserRC , 936.Cm PubkeyAuthentication , 937.Cm RekeyLimit , 938.Cm RhostsRSAAuthentication , 939.Cm RSAAuthentication , 940.Cm X11DisplayOffset , 941.Cm X11Forwarding 942and 943.Cm X11UseLocalHost . 944.It Cm MaxAuthTries 945Specifies the maximum number of authentication attempts permitted per 946connection. 947Once the number of failures reaches half this value, 948additional failures are logged. 949The default is 6. 950.It Cm MaxSessions 951Specifies the maximum number of open sessions permitted per network connection. 952The default is 10. 953.It Cm MaxStartups 954Specifies the maximum number of concurrent unauthenticated connections to the 955SSH daemon. 956Additional connections will be dropped until authentication succeeds or the 957.Cm LoginGraceTime 958expires for a connection. 959The default is 10:30:100. 960.Pp 961Alternatively, random early drop can be enabled by specifying 962the three colon separated values 963.Dq start:rate:full 964(e.g. "10:30:60"). 965.Xr sshd 8 966will refuse connection attempts with a probability of 967.Dq rate/100 968(30%) 969if there are currently 970.Dq start 971(10) 972unauthenticated connections. 973The probability increases linearly and all connection attempts 974are refused if the number of unauthenticated connections reaches 975.Dq full 976(60). 977.It Cm PasswordAuthentication 978Specifies whether password authentication is allowed. 979The default is 980.Dq yes . 981Note that if 982.Cm ChallengeResponseAuthentication 983is 984.Dq yes , 985.Cm UsePAM 986is 987.Dq yes , 988and the PAM authentication policy for 989.Nm sshd 990includes 991.Xr pam_unix 8 , 992password authentication will be allowed through the challenge-response 993mechanism regardless of the value of 994.Cm PasswordAuthentication . 995.It Cm PermitEmptyPasswords 996When password authentication is allowed, it specifies whether the 997server allows login to accounts with empty password strings. 998The default is 999.Dq no . 1000.It Cm PermitOpen 1001Specifies the destinations to which TCP port forwarding is permitted. 1002The forwarding specification must be one of the following forms: 1003.Pp 1004.Bl -item -offset indent -compact 1005.It 1006.Cm PermitOpen 1007.Sm off 1008.Ar host : port 1009.Sm on 1010.It 1011.Cm PermitOpen 1012.Sm off 1013.Ar IPv4_addr : port 1014.Sm on 1015.It 1016.Cm PermitOpen 1017.Sm off 1018.Ar \&[ IPv6_addr \&] : port 1019.Sm on 1020.El 1021.Pp 1022Multiple forwards may be specified by separating them with whitespace. 1023An argument of 1024.Dq any 1025can be used to remove all restrictions and permit any forwarding requests. 1026An argument of 1027.Dq none 1028can be used to prohibit all forwarding requests. 1029By default all port forwarding requests are permitted. 1030.It Cm PermitRootLogin 1031Specifies whether root can log in using 1032.Xr ssh 1 . 1033The argument must be 1034.Dq yes , 1035.Dq without-password , 1036.Dq forced-commands-only , 1037or 1038.Dq no . 1039The default is 1040.Dq no . 1041Note that if 1042.Cm ChallengeResponseAuthentication 1043is 1044.Dq yes , 1045the root user may be allowed in with its password even if 1046.Cm PermitRootLogin is set to 1047.Dq without-password . 1048.Pp 1049If this option is set to 1050.Dq without-password , 1051password authentication is disabled for root. 1052.Pp 1053If this option is set to 1054.Dq forced-commands-only , 1055root login with public key authentication will be allowed, 1056but only if the 1057.Ar command 1058option has been specified 1059(which may be useful for taking remote backups even if root login is 1060normally not allowed). 1061All other authentication methods are disabled for root. 1062.Pp 1063If this option is set to 1064.Dq no , 1065root is not allowed to log in. 1066.It Cm PermitTunnel 1067Specifies whether 1068.Xr tun 4 1069device forwarding is allowed. 1070The argument must be 1071.Dq yes , 1072.Dq point-to-point 1073(layer 3), 1074.Dq ethernet 1075(layer 2), or 1076.Dq no . 1077Specifying 1078.Dq yes 1079permits both 1080.Dq point-to-point 1081and 1082.Dq ethernet . 1083The default is 1084.Dq no . 1085.It Cm PermitTTY 1086Specifies whether 1087.Xr pty 4 1088allocation is permitted. 1089The default is 1090.Dq yes . 1091.It Cm PermitUserEnvironment 1092Specifies whether 1093.Pa ~/.ssh/environment 1094and 1095.Cm environment= 1096options in 1097.Pa ~/.ssh/authorized_keys 1098are processed by 1099.Xr sshd 8 . 1100The default is 1101.Dq no . 1102Enabling environment processing may enable users to bypass access 1103restrictions in some configurations using mechanisms such as 1104.Ev LD_PRELOAD . 1105.It Cm PermitUserRC 1106Specifies whether any 1107.Pa ~/.ssh/rc 1108file is executed. 1109The default is 1110.Dq yes . 1111.It Cm PidFile 1112Specifies the file that contains the process ID of the 1113SSH daemon. 1114The default is 1115.Pa /var/run/sshd.pid . 1116.It Cm Port 1117Specifies the port number that 1118.Xr sshd 8 1119listens on. 1120The default is 22. 1121Multiple options of this type are permitted. 1122See also 1123.Cm ListenAddress . 1124.It Cm PrintLastLog 1125Specifies whether 1126.Xr sshd 8 1127should print the date and time of the last user login when a user logs 1128in interactively. 1129The default is 1130.Dq yes . 1131.It Cm PrintMotd 1132Specifies whether 1133.Xr sshd 8 1134should print 1135.Pa /etc/motd 1136when a user logs in interactively. 1137(On some systems it is also printed by the shell, 1138.Pa /etc/profile , 1139or equivalent.) 1140The default is 1141.Dq yes . 1142.It Cm Protocol 1143Specifies the protocol versions 1144.Xr sshd 8 1145supports. 1146The possible values are 1147.Sq 1 1148and 1149.Sq 2 . 1150Multiple versions must be comma-separated. 1151The default is 1152.Sq 2 . 1153Note that the order of the protocol list does not indicate preference, 1154because the client selects among multiple protocol versions offered 1155by the server. 1156Specifying 1157.Dq 2,1 1158is identical to 1159.Dq 1,2 . 1160.It Cm PubkeyAuthentication 1161Specifies whether public key authentication is allowed. 1162The default is 1163.Dq yes . 1164Note that this option applies to protocol version 2 only. 1165.It Cm RekeyLimit 1166Specifies the maximum amount of data that may be transmitted before the 1167session key is renegotiated, optionally followed a maximum amount of 1168time that may pass before the session key is renegotiated. 1169The first argument is specified in bytes and may have a suffix of 1170.Sq K , 1171.Sq M , 1172or 1173.Sq G 1174to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 1175The default is between 1176.Sq 1G 1177and 1178.Sq 4G , 1179depending on the cipher. 1180The optional second value is specified in seconds and may use any of the 1181units documented in the 1182.Sx TIME FORMATS 1183section. 1184The default value for 1185.Cm RekeyLimit 1186is 1187.Dq default none , 1188which means that rekeying is performed after the cipher's default amount 1189of data has been sent or received and no time based rekeying is done. 1190This option applies to protocol version 2 only. 1191.It Cm RevokedKeys 1192Specifies revoked public keys. 1193Keys listed in this file will be refused for public key authentication. 1194Note that if this file is not readable, then public key authentication will 1195be refused for all users. 1196Keys may be specified as a text file, listing one public key per line, or as 1197an OpenSSH Key Revocation List (KRL) as generated by 1198.Xr ssh-keygen 1 . 1199For more information on KRLs, see the KEY REVOCATION LISTS section in 1200.Xr ssh-keygen 1 . 1201.It Cm RhostsRSAAuthentication 1202Specifies whether rhosts or 1203.Pa /etc/hosts.equiv 1204authentication together 1205with successful RSA host authentication is allowed. 1206The default is 1207.Dq no . 1208This option applies to protocol version 1 only. 1209.It Cm RSAAuthentication 1210Specifies whether pure RSA authentication is allowed. 1211The default is 1212.Dq yes . 1213This option applies to protocol version 1 only. 1214.It Cm ServerKeyBits 1215Defines the number of bits in the ephemeral protocol version 1 server key. 1216The minimum value is 512, and the default is 1024. 1217.It Cm StreamLocalBindMask 1218Sets the octal file creation mode mask 1219.Pq umask 1220used when creating a Unix-domain socket file for local or remote 1221port forwarding. 1222This option is only used for port forwarding to a Unix-domain socket file. 1223.Pp 1224The default value is 0177, which creates a Unix-domain socket file that is 1225readable and writable only by the owner. 1226Note that not all operating systems honor the file mode on Unix-domain 1227socket files. 1228.It Cm StreamLocalBindUnlink 1229Specifies whether to remove an existing Unix-domain socket file for local 1230or remote port forwarding before creating a new one. 1231If the socket file already exists and 1232.Cm StreamLocalBindUnlink 1233is not enabled, 1234.Nm sshd 1235will be unable to forward the port to the Unix-domain socket file. 1236This option is only used for port forwarding to a Unix-domain socket file. 1237.Pp 1238The argument must be 1239.Dq yes 1240or 1241.Dq no . 1242The default is 1243.Dq no . 1244.It Cm StrictModes 1245Specifies whether 1246.Xr sshd 8 1247should check file modes and ownership of the 1248user's files and home directory before accepting login. 1249This is normally desirable because novices sometimes accidentally leave their 1250directory or files world-writable. 1251The default is 1252.Dq yes . 1253Note that this does not apply to 1254.Cm ChrootDirectory , 1255whose permissions and ownership are checked unconditionally. 1256.It Cm Subsystem 1257Configures an external subsystem (e.g. file transfer daemon). 1258Arguments should be a subsystem name and a command (with optional arguments) 1259to execute upon subsystem request. 1260.Pp 1261The command 1262.Xr sftp-server 8 1263implements the 1264.Dq sftp 1265file transfer subsystem. 1266.Pp 1267Alternately the name 1268.Dq internal-sftp 1269implements an in-process 1270.Dq sftp 1271server. 1272This may simplify configurations using 1273.Cm ChrootDirectory 1274to force a different filesystem root on clients. 1275.Pp 1276By default no subsystems are defined. 1277Note that this option applies to protocol version 2 only. 1278.It Cm SyslogFacility 1279Gives the facility code that is used when logging messages from 1280.Xr sshd 8 . 1281The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 1282LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 1283The default is AUTH. 1284.It Cm TCPKeepAlive 1285Specifies whether the system should send TCP keepalive messages to the 1286other side. 1287If they are sent, death of the connection or crash of one 1288of the machines will be properly noticed. 1289However, this means that 1290connections will die if the route is down temporarily, and some people 1291find it annoying. 1292On the other hand, if TCP keepalives are not sent, 1293sessions may hang indefinitely on the server, leaving 1294.Dq ghost 1295users and consuming server resources. 1296.Pp 1297The default is 1298.Dq yes 1299(to send TCP keepalive messages), and the server will notice 1300if the network goes down or the client host crashes. 1301This avoids infinitely hanging sessions. 1302.Pp 1303To disable TCP keepalive messages, the value should be set to 1304.Dq no . 1305.It Cm TrustedUserCAKeys 1306Specifies a file containing public keys of certificate authorities that are 1307trusted to sign user certificates for authentication. 1308Keys are listed one per line; empty lines and comments starting with 1309.Ql # 1310are allowed. 1311If a certificate is presented for authentication and has its signing CA key 1312listed in this file, then it may be used for authentication for any user 1313listed in the certificate's principals list. 1314Note that certificates that lack a list of principals will not be permitted 1315for authentication using 1316.Cm TrustedUserCAKeys . 1317For more details on certificates, see the CERTIFICATES section in 1318.Xr ssh-keygen 1 . 1319.It Cm UseDNS 1320Specifies whether 1321.Xr sshd 8 1322should look up the remote host name and check that 1323the resolved host name for the remote IP address maps back to the 1324very same IP address. 1325The default is 1326.Dq yes . 1327.It Cm UseLogin 1328Specifies whether 1329.Xr login 1 1330is used for interactive login sessions. 1331The default is 1332.Dq no . 1333Note that 1334.Xr login 1 1335is never used for remote command execution. 1336Note also, that if this is enabled, 1337.Cm X11Forwarding 1338will be disabled because 1339.Xr login 1 1340does not know how to handle 1341.Xr xauth 1 1342cookies. 1343If 1344.Cm UsePrivilegeSeparation 1345is specified, it will be disabled after authentication. 1346.It Cm UsePAM 1347Enables the Pluggable Authentication Module interface. 1348If set to 1349.Dq yes 1350this will enable PAM authentication using 1351.Cm ChallengeResponseAuthentication 1352and 1353.Cm PasswordAuthentication 1354in addition to PAM account and session module processing for all 1355authentication types. 1356.Pp 1357Because PAM challenge-response authentication usually serves an equivalent 1358role to password authentication, you should disable either 1359.Cm PasswordAuthentication 1360or 1361.Cm ChallengeResponseAuthentication. 1362.Pp 1363If 1364.Cm UsePAM 1365is enabled, you will not be able to run 1366.Xr sshd 8 1367as a non-root user. 1368The default is 1369.Dq no . 1370.It Cm UsePrivilegeSeparation 1371Specifies whether 1372.Xr sshd 8 1373separates privileges by creating an unprivileged child process 1374to deal with incoming network traffic. 1375After successful authentication, another process will be created that has 1376the privilege of the authenticated user. 1377The goal of privilege separation is to prevent privilege 1378escalation by containing any corruption within the unprivileged processes. 1379The default is 1380.Dq yes . 1381If 1382.Cm UsePrivilegeSeparation 1383is set to 1384.Dq sandbox 1385then the pre-authentication unprivileged process is subject to additional 1386restrictions. 1387.It Cm VersionAddendum 1388Optionally specifies additional text to append to the SSH protocol banner 1389sent by the server upon connection. 1390The default is 1391.Dq DragonFly-20150122 . 1392.It Cm X11DisplayOffset 1393Specifies the first display number available for 1394.Xr sshd 8 Ns 's 1395X11 forwarding. 1396This prevents sshd from interfering with real X11 servers. 1397The default is 10. 1398.It Cm X11Forwarding 1399Specifies whether X11 forwarding is permitted. 1400The argument must be 1401.Dq yes 1402or 1403.Dq no . 1404The default is 1405.Dq yes . 1406.Pp 1407When X11 forwarding is enabled, there may be additional exposure to 1408the server and to client displays if the 1409.Xr sshd 8 1410proxy display is configured to listen on the wildcard address (see 1411.Cm X11UseLocalhost 1412below), though this is not the default. 1413Additionally, the authentication spoofing and authentication data 1414verification and substitution occur on the client side. 1415The security risk of using X11 forwarding is that the client's X11 1416display server may be exposed to attack when the SSH client requests 1417forwarding (see the warnings for 1418.Cm ForwardX11 1419in 1420.Xr ssh_config 5 ) . 1421A system administrator may have a stance in which they want to 1422protect clients that may expose themselves to attack by unwittingly 1423requesting X11 forwarding, which can warrant a 1424.Dq no 1425setting. 1426.Pp 1427Note that disabling X11 forwarding does not prevent users from 1428forwarding X11 traffic, as users can always install their own forwarders. 1429X11 forwarding is automatically disabled if 1430.Cm UseLogin 1431is enabled. 1432.It Cm X11UseLocalhost 1433Specifies whether 1434.Xr sshd 8 1435should bind the X11 forwarding server to the loopback address or to 1436the wildcard address. 1437By default, 1438sshd binds the forwarding server to the loopback address and sets the 1439hostname part of the 1440.Ev DISPLAY 1441environment variable to 1442.Dq localhost . 1443This prevents remote hosts from connecting to the proxy display. 1444However, some older X11 clients may not function with this 1445configuration. 1446.Cm X11UseLocalhost 1447may be set to 1448.Dq no 1449to specify that the forwarding server should be bound to the wildcard 1450address. 1451The argument must be 1452.Dq yes 1453or 1454.Dq no . 1455The default is 1456.Dq yes . 1457.It Cm XAuthLocation 1458Specifies the full pathname of the 1459.Xr xauth 1 1460program. 1461The default is 1462.Pa /usr/X11R6/bin/xauth . 1463.El 1464.Sh TIME FORMATS 1465.Xr sshd 8 1466command-line arguments and configuration file options that specify time 1467may be expressed using a sequence of the form: 1468.Sm off 1469.Ar time Op Ar qualifier , 1470.Sm on 1471where 1472.Ar time 1473is a positive integer value and 1474.Ar qualifier 1475is one of the following: 1476.Pp 1477.Bl -tag -width Ds -compact -offset indent 1478.It Aq Cm none 1479seconds 1480.It Cm s | Cm S 1481seconds 1482.It Cm m | Cm M 1483minutes 1484.It Cm h | Cm H 1485hours 1486.It Cm d | Cm D 1487days 1488.It Cm w | Cm W 1489weeks 1490.El 1491.Pp 1492Each member of the sequence is added together to calculate 1493the total time value. 1494.Pp 1495Time format examples: 1496.Pp 1497.Bl -tag -width Ds -compact -offset indent 1498.It 600 1499600 seconds (10 minutes) 1500.It 10m 150110 minutes 1502.It 1h30m 15031 hour 30 minutes (90 minutes) 1504.El 1505.Sh FILES 1506.Bl -tag -width Ds 1507.It Pa /etc/ssh/sshd_config 1508Contains configuration data for 1509.Xr sshd 8 . 1510This file should be writable by root only, but it is recommended 1511(though not necessary) that it be world-readable. 1512.El 1513.Sh SEE ALSO 1514.Xr sshd 8 1515.Sh AUTHORS 1516OpenSSH is a derivative of the original and free 1517ssh 1.2.12 release by Tatu Ylonen. 1518Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 1519Theo de Raadt and Dug Song 1520removed many bugs, re-added newer features and 1521created OpenSSH. 1522Markus Friedl contributed the support for SSH 1523protocol versions 1.5 and 2.0. 1524Niels Provos and Markus Friedl contributed support 1525for privilege separation. 1526