1.\" 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" All rights reserved 5.\" 6.\" As far as I am concerned, the code I have written for this software 7.\" can be used freely for any purpose. Any derived versions of this 8.\" software must be clearly marked as such, and if the derived work is 9.\" incompatible with the protocol description in the RFC file, it must be 10.\" called by a name other than "ssh" or "Secure Shell". 11.\" 12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 15.\" 16.\" Redistribution and use in source and binary forms, with or without 17.\" modification, are permitted provided that the following conditions 18.\" are met: 19.\" 1. Redistributions of source code must retain the above copyright 20.\" notice, this list of conditions and the following disclaimer. 21.\" 2. Redistributions in binary form must reproduce the above copyright 22.\" notice, this list of conditions and the following disclaimer in the 23.\" documentation and/or other materials provided with the distribution. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" $OpenBSD: sshd_config.5,v 1.131 2010/12/08 04:02:47 djm Exp $ 37.Dd $Mdocdate: December 8 2010 $ 38.Dt SSHD_CONFIG 5 39.Os 40.Sh NAME 41.Nm sshd_config 42.Nd OpenSSH SSH daemon configuration file 43.Sh SYNOPSIS 44.Nm /etc/ssh/sshd_config 45.Sh DESCRIPTION 46.Xr sshd 8 47reads configuration data from 48.Pa /etc/ssh/sshd_config 49(or the file specified with 50.Fl f 51on the command line). 52The file contains keyword-argument pairs, one per line. 53Lines starting with 54.Ql # 55and empty lines are interpreted as comments. 56Arguments may optionally be enclosed in double quotes 57.Pq \&" 58in order to represent arguments containing spaces. 59.Pp 60The possible 61keywords and their meanings are as follows (note that 62keywords are case-insensitive and arguments are case-sensitive): 63.Bl -tag -width Ds 64.It Cm AcceptEnv 65Specifies what environment variables sent by the client will be copied into 66the session's 67.Xr environ 7 . 68See 69.Cm SendEnv 70in 71.Xr ssh_config 5 72for how to configure the client. 73Note that environment passing is only supported for protocol 2. 74Variables are specified by name, which may contain the wildcard characters 75.Ql * 76and 77.Ql \&? . 78Multiple environment variables may be separated by whitespace or spread 79across multiple 80.Cm AcceptEnv 81directives. 82Be warned that some environment variables could be used to bypass restricted 83user environments. 84For this reason, care should be taken in the use of this directive. 85The default is not to accept any environment variables. 86.It Cm AddressFamily 87Specifies which address family should be used by 88.Xr sshd 8 . 89Valid arguments are 90.Dq any , 91.Dq inet 92(use IPv4 only), or 93.Dq inet6 94(use IPv6 only). 95The default is 96.Dq any . 97.It Cm AllowAgentForwarding 98Specifies whether 99.Xr ssh-agent 1 100forwarding is permitted. 101The default is 102.Dq yes . 103Note that disabling agent forwarding does not improve security 104unless users are also denied shell access, as they can always install 105their own forwarders. 106.It Cm AllowGroups 107This keyword can be followed by a list of group name patterns, separated 108by spaces. 109If specified, login is allowed only for users whose primary 110group or supplementary group list matches one of the patterns. 111Only group names are valid; a numerical group ID is not recognized. 112By default, login is allowed for all groups. 113The allow/deny directives are processed in the following order: 114.Cm DenyUsers , 115.Cm AllowUsers , 116.Cm DenyGroups , 117and finally 118.Cm AllowGroups . 119.Pp 120See 121.Sx PATTERNS 122in 123.Xr ssh_config 5 124for more information on patterns. 125.It Cm AllowTcpForwarding 126Specifies whether TCP forwarding is permitted. 127The default is 128.Dq yes . 129Note that disabling TCP forwarding does not improve security unless 130users are also denied shell access, as they can always install their 131own forwarders. 132.It Cm AllowUsers 133This keyword can be followed by a list of user name patterns, separated 134by spaces. 135If specified, login is allowed only for user names that 136match one of the patterns. 137Only user names are valid; a numerical user ID is not recognized. 138By default, login is allowed for all users. 139If the pattern takes the form USER@HOST then USER and HOST 140are separately checked, restricting logins to particular 141users from particular hosts. 142The allow/deny directives are processed in the following order: 143.Cm DenyUsers , 144.Cm AllowUsers , 145.Cm DenyGroups , 146and finally 147.Cm AllowGroups . 148.Pp 149See 150.Sx PATTERNS 151in 152.Xr ssh_config 5 153for more information on patterns. 154.It Cm AuthorizedKeysFile 155Specifies the file that contains the public keys that can be used 156for user authentication. 157The format is described in the 158.Sx AUTHORIZED_KEYS FILE FORMAT 159section of 160.Xr sshd 8 . 161.Cm AuthorizedKeysFile 162may contain tokens of the form %T which are substituted during connection 163setup. 164The following tokens are defined: %% is replaced by a literal '%', 165%h is replaced by the home directory of the user being authenticated, and 166%u is replaced by the username of that user. 167After expansion, 168.Cm AuthorizedKeysFile 169is taken to be an absolute path or one relative to the user's home 170directory. 171The default is 172.Dq .ssh/authorized_keys . 173.It Cm AuthorizedPrincipalsFile 174Specifies a file that lists principal names that are accepted for 175certificate authentication. 176When using certificates signed by a key listed in 177.Cm TrustedUserCAKeys , 178this file lists names, one of which must appear in the certificate for it 179to be accepted for authentication. 180Names are listed one per line preceded by key options (as described 181in 182.Sx AUTHORIZED_KEYS FILE FORMAT 183in 184.Xr sshd 8 ) . 185Empty lines and comments starting with 186.Ql # 187are ignored. 188.Pp 189.Cm AuthorizedPrincipalsFile 190may contain tokens of the form %T which are substituted during connection 191setup. 192The following tokens are defined: %% is replaced by a literal '%', 193%h is replaced by the home directory of the user being authenticated, and 194%u is replaced by the username of that user. 195After expansion, 196.Cm AuthorizedPrincipalsFile 197is taken to be an absolute path or one relative to the user's home 198directory. 199.Pp 200The default is not to use a principals file \(en in this case, the username 201of the user must appear in a certificate's principals list for it to be 202accepted. 203Note that 204.Cm AuthorizedPrincipalsFile 205is only used when authentication proceeds using a CA listed in 206.Cm TrustedUserCAKeys 207and is not consulted for certification authorities trusted via 208.Pa ~/.ssh/authorized_keys , 209though the 210.Cm principals= 211key option offers a similar facility (see 212.Xr sshd 8 213for details). 214.It Cm Banner 215The contents of the specified file are sent to the remote user before 216authentication is allowed. 217If the argument is 218.Dq none 219then no banner is displayed. 220This option is only available for protocol version 2. 221By default, no banner is displayed. 222.It Cm ChallengeResponseAuthentication 223Specifies whether challenge-response authentication is allowed. 224Specifically, in 225.Dx , 226this controls the use of PAM (see 227.Xr pam 3 ) 228for authentication. 229Note that this affects the effectiveness of the 230.Cm PasswordAuthentication 231and 232.Cm PermitRootLogin 233variables. 234The default is 235.Dq yes . 236.It Cm ChrootDirectory 237Specifies the pathname of a directory to 238.Xr chroot 2 239to after authentication. 240All components of the pathname must be root-owned directories that are 241not writable by any other user or group. 242After the chroot, 243.Xr sshd 8 244changes the working directory to the user's home directory. 245.Pp 246The pathname may contain the following tokens that are expanded at runtime once 247the connecting user has been authenticated: %% is replaced by a literal '%', 248%h is replaced by the home directory of the user being authenticated, and 249%u is replaced by the username of that user. 250.Pp 251The 252.Cm ChrootDirectory 253must contain the necessary files and directories to support the 254user's session. 255For an interactive session this requires at least a shell, typically 256.Xr sh 1 , 257and basic 258.Pa /dev 259nodes such as 260.Xr null 4 , 261.Xr zero 4 , 262.Xr stdin 4 , 263.Xr stdout 4 , 264.Xr stderr 4 , 265.Xr arandom 4 266and 267.Xr tty 4 268devices. 269For file transfer sessions using 270.Dq sftp , 271no additional configuration of the environment is necessary if the 272in-process sftp server is used, 273though sessions which use logging do require 274.Pa /dev/log 275inside the chroot directory (see 276.Xr sftp-server 8 277for details). 278.Pp 279The default is not to 280.Xr chroot 2 . 281.It Cm Ciphers 282Specifies the ciphers allowed for protocol version 2. 283Multiple ciphers must be comma-separated. 284The supported ciphers are 285.Dq 3des-cbc , 286.Dq aes128-cbc , 287.Dq aes192-cbc , 288.Dq aes256-cbc , 289.Dq aes128-ctr , 290.Dq aes192-ctr , 291.Dq aes256-ctr , 292.Dq arcfour128 , 293.Dq arcfour256 , 294.Dq arcfour , 295.Dq blowfish-cbc , 296and 297.Dq cast128-cbc . 298The default is: 299.Bd -literal -offset 3n 300aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, 301aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, 302aes256-cbc,arcfour 303.Ed 304.It Cm ClientAliveCountMax 305Sets the number of client alive messages (see below) which may be 306sent without 307.Xr sshd 8 308receiving any messages back from the client. 309If this threshold is reached while client alive messages are being sent, 310sshd will disconnect the client, terminating the session. 311It is important to note that the use of client alive messages is very 312different from 313.Cm TCPKeepAlive 314(below). 315The client alive messages are sent through the encrypted channel 316and therefore will not be spoofable. 317The TCP keepalive option enabled by 318.Cm TCPKeepAlive 319is spoofable. 320The client alive mechanism is valuable when the client or 321server depend on knowing when a connection has become inactive. 322.Pp 323The default value is 3. 324If 325.Cm ClientAliveInterval 326(see below) is set to 15, and 327.Cm ClientAliveCountMax 328is left at the default, unresponsive SSH clients 329will be disconnected after approximately 45 seconds. 330This option applies to protocol version 2 only. 331.It Cm ClientAliveInterval 332Sets a timeout interval in seconds after which if no data has been received 333from the client, 334.Xr sshd 8 335will send a message through the encrypted 336channel to request a response from the client. 337The default 338is 0, indicating that these messages will not be sent to the client. 339This option applies to protocol version 2 only. 340.It Cm Compression 341Specifies whether compression is allowed, or delayed until 342the user has authenticated successfully. 343The argument must be 344.Dq yes , 345.Dq delayed , 346or 347.Dq no . 348The default is 349.Dq delayed . 350.It Cm DenyGroups 351This keyword can be followed by a list of group name patterns, separated 352by spaces. 353Login is disallowed for users whose primary group or supplementary 354group list matches one of the patterns. 355Only group names are valid; a numerical group ID is not recognized. 356By default, login is allowed for all groups. 357The allow/deny directives are processed in the following order: 358.Cm DenyUsers , 359.Cm AllowUsers , 360.Cm DenyGroups , 361and finally 362.Cm AllowGroups . 363.Pp 364See 365.Sx PATTERNS 366in 367.Xr ssh_config 5 368for more information on patterns. 369.It Cm DenyUsers 370This keyword can be followed by a list of user name patterns, separated 371by spaces. 372Login is disallowed for user names that match one of the patterns. 373Only user names are valid; a numerical user ID is not recognized. 374By default, login is allowed for all users. 375If the pattern takes the form USER@HOST then USER and HOST 376are separately checked, restricting logins to particular 377users from particular hosts. 378The allow/deny directives are processed in the following order: 379.Cm DenyUsers , 380.Cm AllowUsers , 381.Cm DenyGroups , 382and finally 383.Cm AllowGroups . 384.Pp 385See 386.Sx PATTERNS 387in 388.Xr ssh_config 5 389for more information on patterns. 390.It Cm ForceCommand 391Forces the execution of the command specified by 392.Cm ForceCommand , 393ignoring any command supplied by the client and 394.Pa ~/.ssh/rc 395if present. 396The command is invoked by using the user's login shell with the -c option. 397This applies to shell, command, or subsystem execution. 398It is most useful inside a 399.Cm Match 400block. 401The command originally supplied by the client is available in the 402.Ev SSH_ORIGINAL_COMMAND 403environment variable. 404Specifying a command of 405.Dq internal-sftp 406will force the use of an in-process sftp server that requires no support 407files when used with 408.Cm ChrootDirectory . 409.It Cm GatewayPorts 410Specifies whether remote hosts are allowed to connect to ports 411forwarded for the client. 412By default, 413.Xr sshd 8 414binds remote port forwardings to the loopback address. 415This prevents other remote hosts from connecting to forwarded ports. 416.Cm GatewayPorts 417can be used to specify that sshd 418should allow remote port forwardings to bind to non-loopback addresses, thus 419allowing other hosts to connect. 420The argument may be 421.Dq no 422to force remote port forwardings to be available to the local host only, 423.Dq yes 424to force remote port forwardings to bind to the wildcard address, or 425.Dq clientspecified 426to allow the client to select the address to which the forwarding is bound. 427The default is 428.Dq no . 429.It Cm GSSAPIAuthentication 430Specifies whether user authentication based on GSSAPI is allowed. 431The default is 432.Dq no . 433Note that this option applies to protocol version 2 only. 434.It Cm GSSAPICleanupCredentials 435Specifies whether to automatically destroy the user's credentials cache 436on logout. 437The default is 438.Dq yes . 439Note that this option applies to protocol version 2 only. 440.It Cm HostbasedAuthentication 441Specifies whether rhosts or /etc/hosts.equiv authentication together 442with successful public key client host authentication is allowed 443(host-based authentication). 444This option is similar to 445.Cm RhostsRSAAuthentication 446and applies to protocol version 2 only. 447The default is 448.Dq no . 449.It Cm HostbasedUsesNameFromPacketOnly 450Specifies whether or not the server will attempt to perform a reverse 451name lookup when matching the name in the 452.Pa ~/.shosts , 453.Pa ~/.rhosts , 454and 455.Pa /etc/hosts.equiv 456files during 457.Cm HostbasedAuthentication . 458A setting of 459.Dq yes 460means that 461.Xr sshd 8 462uses the name supplied by the client rather than 463attempting to resolve the name from the TCP connection itself. 464The default is 465.Dq no . 466.It Cm HostCertificate 467Specifies a file containing a public host certificate. 468The certificate's public key must match a private host key already specified 469by 470.Cm HostKey . 471The default behaviour of 472.Xr sshd 8 473is not to load any certificates. 474.It Cm HostKey 475Specifies a file containing a private host key 476used by SSH. 477The default is 478.Pa /etc/ssh/ssh_host_key 479for protocol version 1, and 480.Pa /etc/ssh/ssh_host_dsa_key , 481.Pa /etc/ssh/ssh_host_ecdsa_key 482and 483.Pa /etc/ssh/ssh_host_rsa_key 484for protocol version 2. 485Note that 486.Xr sshd 8 487will refuse to use a file if it is group/world-accessible. 488It is possible to have multiple host key files. 489.Dq rsa1 490keys are used for version 1 and 491.Dq dsa , 492.Dq ecdsa 493or 494.Dq rsa 495are used for version 2 of the SSH protocol. 496.It Cm IgnoreRhosts 497Specifies that 498.Pa .rhosts 499and 500.Pa .shosts 501files will not be used in 502.Cm RhostsRSAAuthentication 503or 504.Cm HostbasedAuthentication . 505.Pp 506.Pa /etc/hosts.equiv 507and 508.Pa /etc/ssh/shosts.equiv 509are still used. 510The default is 511.Dq yes . 512.It Cm IgnoreUserKnownHosts 513Specifies whether 514.Xr sshd 8 515should ignore the user's 516.Pa ~/.ssh/known_hosts 517during 518.Cm RhostsRSAAuthentication 519or 520.Cm HostbasedAuthentication . 521The default is 522.Dq no . 523.It Cm IPQoS 524Specifies the IPv4 type-of-service or DSCP class for the connection. 525Accepted values are 526.Dq af11 , 527.Dq af12 , 528.Dq af13 , 529.Dq af14 , 530.Dq af22 , 531.Dq af23 , 532.Dq af31 , 533.Dq af32 , 534.Dq af33 , 535.Dq af41 , 536.Dq af42 , 537.Dq af43 , 538.Dq cs0 , 539.Dq cs1 , 540.Dq cs2 , 541.Dq cs3 , 542.Dq cs4 , 543.Dq cs5 , 544.Dq cs6 , 545.Dq cs7 , 546.Dq ef , 547.Dq lowdelay , 548.Dq throughput , 549.Dq reliability , 550or a numeric value. 551This option may take one or two arguments, separated by whitespace. 552If one argument is specified, it is used as the packet class unconditionally. 553If two values are specified, the first is automatically selected for 554interactive sessions and the second for non-interactive sessions. 555The default is 556.Dq lowdelay 557for interactive sessions and 558.Dq throughput 559for non-interactive sessions. 560.It Cm KerberosAuthentication 561Specifies whether the password provided by the user for 562.Cm PasswordAuthentication 563will be validated through the Kerberos KDC. 564To use this option, the server needs a 565Kerberos servtab which allows the verification of the KDC's identity. 566The default is 567.Dq no . 568.It Cm KerberosGetAFSToken 569If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire 570an AFS token before accessing the user's home directory. 571The default is 572.Dq no . 573.It Cm KerberosOrLocalPasswd 574If password authentication through Kerberos fails then 575the password will be validated via any additional local mechanism 576such as 577.Pa /etc/passwd . 578The default is 579.Dq yes . 580.It Cm KerberosTicketCleanup 581Specifies whether to automatically destroy the user's ticket cache 582file on logout. 583The default is 584.Dq yes . 585.It Cm KexAlgorithms 586Specifies the available KEX (Key Exchange) algorithms. 587Multiple algorithms must be comma-separated. 588The default is 589.Dq ecdh-sha2-nistp256 , 590.Dq ecdh-sha2-nistp384 , 591.Dq ecdh-sha2-nistp521 , 592.Dq diffie-hellman-group-exchange-sha256 , 593.Dq diffie-hellman-group-exchange-sha1 , 594.Dq diffie-hellman-group14-sha1 , 595.Dq diffie-hellman-group1-sha1 . 596.It Cm KeyRegenerationInterval 597In protocol version 1, the ephemeral server key is automatically regenerated 598after this many seconds (if it has been used). 599The purpose of regeneration is to prevent 600decrypting captured sessions by later breaking into the machine and 601stealing the keys. 602The key is never stored anywhere. 603If the value is 0, the key is never regenerated. 604The default is 3600 (seconds). 605.It Cm ListenAddress 606Specifies the local addresses 607.Xr sshd 8 608should listen on. 609The following forms may be used: 610.Pp 611.Bl -item -offset indent -compact 612.It 613.Cm ListenAddress 614.Sm off 615.Ar host No | Ar IPv4_addr No | Ar IPv6_addr 616.Sm on 617.It 618.Cm ListenAddress 619.Sm off 620.Ar host No | Ar IPv4_addr No : Ar port 621.Sm on 622.It 623.Cm ListenAddress 624.Sm off 625.Oo 626.Ar host No | Ar IPv6_addr Oc : Ar port 627.Sm on 628.El 629.Pp 630If 631.Ar port 632is not specified, 633sshd will listen on the address and all prior 634.Cm Port 635options specified. 636The default is to listen on all local addresses. 637Multiple 638.Cm ListenAddress 639options are permitted. 640Additionally, any 641.Cm Port 642options must precede this option for non-port qualified addresses. 643.It Cm LoginGraceTime 644The server disconnects after this time if the user has not 645successfully logged in. 646If the value is 0, there is no time limit. 647The default is 120 seconds. 648.It Cm LogLevel 649Gives the verbosity level that is used when logging messages from 650.Xr sshd 8 . 651The possible values are: 652QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 653The default is INFO. 654DEBUG and DEBUG1 are equivalent. 655DEBUG2 and DEBUG3 each specify higher levels of debugging output. 656Logging with a DEBUG level violates the privacy of users and is not recommended. 657.It Cm MACs 658Specifies the available MAC (message authentication code) algorithms. 659The MAC algorithm is used in protocol version 2 660for data integrity protection. 661Multiple algorithms must be comma-separated. 662The default is: 663.Bd -literal -offset indent 664hmac-md5,hmac-sha1,umac-64@openssh.com, 665hmac-ripemd160,hmac-sha1-96,hmac-md5-96 666.Ed 667.It Cm Match 668Introduces a conditional block. 669If all of the criteria on the 670.Cm Match 671line are satisfied, the keywords on the following lines override those 672set in the global section of the config file, until either another 673.Cm Match 674line or the end of the file. 675.Pp 676The arguments to 677.Cm Match 678are one or more criteria-pattern pairs. 679The available criteria are 680.Cm User , 681.Cm Group , 682.Cm Host , 683and 684.Cm Address . 685The match patterns may consist of single entries or comma-separated 686lists and may use the wildcard and negation operators described in the 687.Sx PATTERNS 688section of 689.Xr ssh_config 5 . 690.Pp 691The patterns in an 692.Cm Address 693criteria may additionally contain addresses to match in CIDR 694address/masklen format, e.g.\& 695.Dq 192.0.2.0/24 696or 697.Dq 3ffe:ffff::/32 . 698Note that the mask length provided must be consistent with the address - 699it is an error to specify a mask length that is too long for the address 700or one with bits set in this host portion of the address. 701For example, 702.Dq 192.0.2.0/33 703and 704.Dq 192.0.2.0/8 705respectively. 706.Pp 707Only a subset of keywords may be used on the lines following a 708.Cm Match 709keyword. 710Available keywords are 711.Cm AllowAgentForwarding , 712.Cm AllowTcpForwarding , 713.Cm AuthorizedKeysFile , 714.Cm AuthorizedPrincipalsFile , 715.Cm Banner , 716.Cm ChrootDirectory , 717.Cm ForceCommand , 718.Cm GatewayPorts , 719.Cm GSSAPIAuthentication , 720.Cm HostbasedAuthentication , 721.Cm HostbasedUsesNameFromPacketOnly , 722.Cm KbdInteractiveAuthentication , 723.Cm KerberosAuthentication , 724.Cm MaxAuthTries , 725.Cm MaxSessions , 726.Cm PasswordAuthentication , 727.Cm PermitEmptyPasswords , 728.Cm PermitOpen , 729.Cm PermitRootLogin , 730.Cm PermitTunnel , 731.Cm PubkeyAuthentication , 732.Cm RhostsRSAAuthentication , 733.Cm RSAAuthentication , 734.Cm X11DisplayOffset , 735.Cm X11Forwarding 736and 737.Cm X11UseLocalHost . 738.It Cm MaxAuthTries 739Specifies the maximum number of authentication attempts permitted per 740connection. 741Once the number of failures reaches half this value, 742additional failures are logged. 743The default is 6. 744.It Cm MaxSessions 745Specifies the maximum number of open sessions permitted per network connection. 746The default is 10. 747.It Cm MaxStartups 748Specifies the maximum number of concurrent unauthenticated connections to the 749SSH daemon. 750Additional connections will be dropped until authentication succeeds or the 751.Cm LoginGraceTime 752expires for a connection. 753The default is 10. 754.Pp 755Alternatively, random early drop can be enabled by specifying 756the three colon separated values 757.Dq start:rate:full 758(e.g. "10:30:60"). 759.Xr sshd 8 760will refuse connection attempts with a probability of 761.Dq rate/100 762(30%) 763if there are currently 764.Dq start 765(10) 766unauthenticated connections. 767The probability increases linearly and all connection attempts 768are refused if the number of unauthenticated connections reaches 769.Dq full 770(60). 771.It Cm PasswordAuthentication 772Specifies whether password authentication is allowed. 773The default is 774.Dq yes . 775Note that if 776.Cm ChallengeResponseAuthentication 777is 778.Dq yes , 779.Cm UsePAM 780is 781.Dq yes , 782and the PAM authentication policy for 783.Nm sshd 784includes 785.Xr pam_unix 8 , 786password authentication will be allowed through the challenge-response 787mechanism regardless of the value of 788.Cm PasswordAuthentication . 789.It Cm PermitEmptyPasswords 790When password authentication is allowed, it specifies whether the 791server allows login to accounts with empty password strings. 792The default is 793.Dq no . 794.It Cm PermitOpen 795Specifies the destinations to which TCP port forwarding is permitted. 796The forwarding specification must be one of the following forms: 797.Pp 798.Bl -item -offset indent -compact 799.It 800.Cm PermitOpen 801.Sm off 802.Ar host : port 803.Sm on 804.It 805.Cm PermitOpen 806.Sm off 807.Ar IPv4_addr : port 808.Sm on 809.It 810.Cm PermitOpen 811.Sm off 812.Ar \&[ IPv6_addr \&] : port 813.Sm on 814.El 815.Pp 816Multiple forwards may be specified by separating them with whitespace. 817An argument of 818.Dq any 819can be used to remove all restrictions and permit any forwarding requests. 820By default all port forwarding requests are permitted. 821.It Cm PermitRootLogin 822Specifies whether root can log in using 823.Xr ssh 1 . 824The argument must be 825.Dq yes , 826.Dq without-password , 827.Dq forced-commands-only , 828or 829.Dq no . 830The default is 831.Dq no . 832Note that if 833.Cm ChallengeResponseAuthentication 834is 835.Dq yes , 836the root user may be allowed in with its password even if 837.Cm PermitRootLogin is set to 838.Dq without-password . 839.Pp 840If this option is set to 841.Dq without-password , 842password authentication is disabled for root. 843.Pp 844If this option is set to 845.Dq forced-commands-only , 846root login with public key authentication will be allowed, 847but only if the 848.Ar command 849option has been specified 850(which may be useful for taking remote backups even if root login is 851normally not allowed). 852All other authentication methods are disabled for root. 853.Pp 854If this option is set to 855.Dq no , 856root is not allowed to log in. 857.It Cm PermitTunnel 858Specifies whether 859.Xr tun 4 860device forwarding is allowed. 861The argument must be 862.Dq yes , 863.Dq point-to-point 864(layer 3), 865.Dq ethernet 866(layer 2), or 867.Dq no . 868Specifying 869.Dq yes 870permits both 871.Dq point-to-point 872and 873.Dq ethernet . 874The default is 875.Dq no . 876.It Cm PermitUserEnvironment 877Specifies whether 878.Pa ~/.ssh/environment 879and 880.Cm environment= 881options in 882.Pa ~/.ssh/authorized_keys 883are processed by 884.Xr sshd 8 . 885The default is 886.Dq no . 887Enabling environment processing may enable users to bypass access 888restrictions in some configurations using mechanisms such as 889.Ev LD_PRELOAD . 890.It Cm PidFile 891Specifies the file that contains the process ID of the 892SSH daemon. 893The default is 894.Pa /var/run/sshd.pid . 895.It Cm Port 896Specifies the port number that 897.Xr sshd 8 898listens on. 899The default is 22. 900Multiple options of this type are permitted. 901See also 902.Cm ListenAddress . 903.It Cm PrintLastLog 904Specifies whether 905.Xr sshd 8 906should print the date and time of the last user login when a user logs 907in interactively. 908The default is 909.Dq yes . 910.It Cm PrintMotd 911Specifies whether 912.Xr sshd 8 913should print 914.Pa /etc/motd 915when a user logs in interactively. 916(On some systems it is also printed by the shell, 917.Pa /etc/profile , 918or equivalent.) 919The default is 920.Dq yes . 921.It Cm Protocol 922Specifies the protocol versions 923.Xr sshd 8 924supports. 925The possible values are 926.Sq 1 927and 928.Sq 2 . 929Multiple versions must be comma-separated. 930The default is 931.Sq 2 . 932Note that the order of the protocol list does not indicate preference, 933because the client selects among multiple protocol versions offered 934by the server. 935Specifying 936.Dq 2,1 937is identical to 938.Dq 1,2 . 939.It Cm PubkeyAuthentication 940Specifies whether public key authentication is allowed. 941The default is 942.Dq yes . 943Note that this option applies to protocol version 2 only. 944.It Cm RevokedKeys 945Specifies a list of revoked public keys. 946Keys listed in this file will be refused for public key authentication. 947Note that if this file is not readable, then public key authentication will 948be refused for all users. 949.It Cm RhostsRSAAuthentication 950Specifies whether rhosts or 951.Pa /etc/hosts.equiv 952authentication together 953with successful RSA host authentication is allowed. 954The default is 955.Dq no . 956This option applies to protocol version 1 only. 957.It Cm RSAAuthentication 958Specifies whether pure RSA authentication is allowed. 959The default is 960.Dq yes . 961This option applies to protocol version 1 only. 962.It Cm ServerKeyBits 963Defines the number of bits in the ephemeral protocol version 1 server key. 964The minimum value is 512, and the default is 1024. 965.It Cm StrictModes 966Specifies whether 967.Xr sshd 8 968should check file modes and ownership of the 969user's files and home directory before accepting login. 970This is normally desirable because novices sometimes accidentally leave their 971directory or files world-writable. 972The default is 973.Dq yes . 974Note that this does not apply to 975.Cm ChrootDirectory , 976whose permissions and ownership are checked unconditionally. 977.It Cm Subsystem 978Configures an external subsystem (e.g. file transfer daemon). 979Arguments should be a subsystem name and a command (with optional arguments) 980to execute upon subsystem request. 981.Pp 982The command 983.Xr sftp-server 8 984implements the 985.Dq sftp 986file transfer subsystem. 987.Pp 988Alternately the name 989.Dq internal-sftp 990implements an in-process 991.Dq sftp 992server. 993This may simplify configurations using 994.Cm ChrootDirectory 995to force a different filesystem root on clients. 996.Pp 997By default no subsystems are defined. 998Note that this option applies to protocol version 2 only. 999.It Cm SyslogFacility 1000Gives the facility code that is used when logging messages from 1001.Xr sshd 8 . 1002The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 1003LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 1004The default is AUTH. 1005.It Cm TCPKeepAlive 1006Specifies whether the system should send TCP keepalive messages to the 1007other side. 1008If they are sent, death of the connection or crash of one 1009of the machines will be properly noticed. 1010However, this means that 1011connections will die if the route is down temporarily, and some people 1012find it annoying. 1013On the other hand, if TCP keepalives are not sent, 1014sessions may hang indefinitely on the server, leaving 1015.Dq ghost 1016users and consuming server resources. 1017.Pp 1018The default is 1019.Dq yes 1020(to send TCP keepalive messages), and the server will notice 1021if the network goes down or the client host crashes. 1022This avoids infinitely hanging sessions. 1023.Pp 1024To disable TCP keepalive messages, the value should be set to 1025.Dq no . 1026.It Cm TrustedUserCAKeys 1027Specifies a file containing public keys of certificate authorities that are 1028trusted to sign user certificates for authentication. 1029Keys are listed one per line; empty lines and comments starting with 1030.Ql # 1031are allowed. 1032If a certificate is presented for authentication and has its signing CA key 1033listed in this file, then it may be used for authentication for any user 1034listed in the certificate's principals list. 1035Note that certificates that lack a list of principals will not be permitted 1036for authentication using 1037.Cm TrustedUserCAKeys . 1038For more details on certificates, see the 1039.Sx CERTIFICATES 1040section in 1041.Xr ssh-keygen 1 . 1042.It Cm UseDNS 1043Specifies whether 1044.Xr sshd 8 1045should look up the remote host name and check that 1046the resolved host name for the remote IP address maps back to the 1047very same IP address. 1048The default is 1049.Dq yes . 1050.It Cm UseLogin 1051Specifies whether 1052.Xr login 1 1053is used for interactive login sessions. 1054The default is 1055.Dq no . 1056Note that 1057.Xr login 1 1058is never used for remote command execution. 1059Note also, that if this is enabled, 1060.Cm X11Forwarding 1061will be disabled because 1062.Xr login 1 1063does not know how to handle 1064.Xr xauth 1 1065cookies. 1066If 1067.Cm UsePrivilegeSeparation 1068is specified, it will be disabled after authentication. 1069.It Cm UsePAM 1070Enables the Pluggable Authentication Module interface. 1071If set to 1072.Dq yes 1073this will enable PAM authentication using 1074.Cm ChallengeResponseAuthentication 1075and 1076.Cm PasswordAuthentication 1077in addition to PAM account and session module processing for all 1078authentication types. 1079.Pp 1080Because PAM challenge-response authentication usually serves an equivalent 1081role to password authentication, you should disable either 1082.Cm PasswordAuthentication 1083or 1084.Cm ChallengeResponseAuthentication. 1085.Pp 1086If 1087.Cm UsePAM 1088is enabled, you will not be able to run 1089.Xr sshd 8 1090as a non-root user. 1091The default is 1092.Dq no . 1093.It Cm UsePrivilegeSeparation 1094Specifies whether 1095.Xr sshd 8 1096separates privileges by creating an unprivileged child process 1097to deal with incoming network traffic. 1098After successful authentication, another process will be created that has 1099the privilege of the authenticated user. 1100The goal of privilege separation is to prevent privilege 1101escalation by containing any corruption within the unprivileged processes. 1102The default is 1103.Dq yes . 1104.It Cm VersionAddendum 1105Specifies a string to append to the regular version string to identify 1106OS- or site-specific modifications. 1107The default is 1108.Dq DragonFly-20110408 . 1109.It Cm X11DisplayOffset 1110Specifies the first display number available for 1111.Xr sshd 8 Ns 's 1112X11 forwarding. 1113This prevents sshd from interfering with real X11 servers. 1114The default is 10. 1115.It Cm X11Forwarding 1116Specifies whether X11 forwarding is permitted. 1117The argument must be 1118.Dq yes 1119or 1120.Dq no . 1121The default is 1122.Dq yes . 1123.Pp 1124When X11 forwarding is enabled, there may be additional exposure to 1125the server and to client displays if the 1126.Xr sshd 8 1127proxy display is configured to listen on the wildcard address (see 1128.Cm X11UseLocalhost 1129below), though this is not the default. 1130Additionally, the authentication spoofing and authentication data 1131verification and substitution occur on the client side. 1132The security risk of using X11 forwarding is that the client's X11 1133display server may be exposed to attack when the SSH client requests 1134forwarding (see the warnings for 1135.Cm ForwardX11 1136in 1137.Xr ssh_config 5 ) . 1138A system administrator may have a stance in which they want to 1139protect clients that may expose themselves to attack by unwittingly 1140requesting X11 forwarding, which can warrant a 1141.Dq no 1142setting. 1143.Pp 1144Note that disabling X11 forwarding does not prevent users from 1145forwarding X11 traffic, as users can always install their own forwarders. 1146X11 forwarding is automatically disabled if 1147.Cm UseLogin 1148is enabled. 1149.It Cm X11UseLocalhost 1150Specifies whether 1151.Xr sshd 8 1152should bind the X11 forwarding server to the loopback address or to 1153the wildcard address. 1154By default, 1155sshd binds the forwarding server to the loopback address and sets the 1156hostname part of the 1157.Ev DISPLAY 1158environment variable to 1159.Dq localhost . 1160This prevents remote hosts from connecting to the proxy display. 1161However, some older X11 clients may not function with this 1162configuration. 1163.Cm X11UseLocalhost 1164may be set to 1165.Dq no 1166to specify that the forwarding server should be bound to the wildcard 1167address. 1168The argument must be 1169.Dq yes 1170or 1171.Dq no . 1172The default is 1173.Dq yes . 1174.It Cm XAuthLocation 1175Specifies the full pathname of the 1176.Xr xauth 1 1177program. 1178The default is 1179.Pa /usr/X11R6/bin/xauth . 1180.El 1181.Sh TIME FORMATS 1182.Xr sshd 8 1183command-line arguments and configuration file options that specify time 1184may be expressed using a sequence of the form: 1185.Sm off 1186.Ar time Op Ar qualifier , 1187.Sm on 1188where 1189.Ar time 1190is a positive integer value and 1191.Ar qualifier 1192is one of the following: 1193.Pp 1194.Bl -tag -width Ds -compact -offset indent 1195.It Aq Cm none 1196seconds 1197.It Cm s | Cm S 1198seconds 1199.It Cm m | Cm M 1200minutes 1201.It Cm h | Cm H 1202hours 1203.It Cm d | Cm D 1204days 1205.It Cm w | Cm W 1206weeks 1207.El 1208.Pp 1209Each member of the sequence is added together to calculate 1210the total time value. 1211.Pp 1212Time format examples: 1213.Pp 1214.Bl -tag -width Ds -compact -offset indent 1215.It 600 1216600 seconds (10 minutes) 1217.It 10m 121810 minutes 1219.It 1h30m 12201 hour 30 minutes (90 minutes) 1221.El 1222.Sh FILES 1223.Bl -tag -width Ds 1224.It Pa /etc/ssh/sshd_config 1225Contains configuration data for 1226.Xr sshd 8 . 1227This file should be writable by root only, but it is recommended 1228(though not necessary) that it be world-readable. 1229.El 1230.Sh SEE ALSO 1231.Xr sshd 8 1232.Sh AUTHORS 1233OpenSSH is a derivative of the original and free 1234ssh 1.2.12 release by Tatu Ylonen. 1235Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 1236Theo de Raadt and Dug Song 1237removed many bugs, re-added newer features and 1238created OpenSSH. 1239Markus Friedl contributed the support for SSH 1240protocol versions 1.5 and 2.0. 1241Niels Provos and Markus Friedl contributed support 1242for privilege separation. 1243