1.\" 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" All rights reserved 5.\" 6.\" As far as I am concerned, the code I have written for this software 7.\" can be used freely for any purpose. Any derived versions of this 8.\" software must be clearly marked as such, and if the derived work is 9.\" incompatible with the protocol description in the RFC file, it must be 10.\" called by a name other than "ssh" or "Secure Shell". 11.\" 12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 15.\" 16.\" Redistribution and use in source and binary forms, with or without 17.\" modification, are permitted provided that the following conditions 18.\" are met: 19.\" 1. Redistributions of source code must retain the above copyright 20.\" notice, this list of conditions and the following disclaimer. 21.\" 2. Redistributions in binary form must reproduce the above copyright 22.\" notice, this list of conditions and the following disclaimer in the 23.\" documentation and/or other materials provided with the distribution. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" $OpenBSD: sshd_config.5,v 1.253 2017/09/27 06:45:53 jmc Exp $ 37.Dd $Mdocdate: September 27 2017 $ 38.Dt SSHD_CONFIG 5 39.Os 40.Sh NAME 41.Nm sshd_config 42.Nd OpenSSH SSH daemon configuration file 43.Sh DESCRIPTION 44.Xr sshd 8 45reads configuration data from 46.Pa /etc/ssh/sshd_config 47(or the file specified with 48.Fl f 49on the command line). 50The file contains keyword-argument pairs, one per line. 51Lines starting with 52.Ql # 53and empty lines are interpreted as comments. 54Arguments may optionally be enclosed in double quotes 55.Pq \&" 56in order to represent arguments containing spaces. 57.Pp 58The possible 59keywords and their meanings are as follows (note that 60keywords are case-insensitive and arguments are case-sensitive): 61.Bl -tag -width Ds 62.It Cm AcceptEnv 63Specifies what environment variables sent by the client will be copied into 64the session's 65.Xr environ 7 . 66See 67.Cm SendEnv 68in 69.Xr ssh_config 5 70for how to configure the client. 71The 72.Ev TERM 73environment variable is always sent whenever the client 74requests a pseudo-terminal as it is required by the protocol. 75Variables are specified by name, which may contain the wildcard characters 76.Ql * 77and 78.Ql \&? . 79Multiple environment variables may be separated by whitespace or spread 80across multiple 81.Cm AcceptEnv 82directives. 83Be warned that some environment variables could be used to bypass restricted 84user environments. 85For this reason, care should be taken in the use of this directive. 86The default is not to accept any environment variables. 87.It Cm AddressFamily 88Specifies which address family should be used by 89.Xr sshd 8 . 90Valid arguments are 91.Cm any 92(the default), 93.Cm inet 94(use IPv4 only), or 95.Cm inet6 96(use IPv6 only). 97.It Cm AllowAgentForwarding 98Specifies whether 99.Xr ssh-agent 1 100forwarding is permitted. 101The default is 102.Cm yes . 103Note that disabling agent forwarding does not improve security 104unless users are also denied shell access, as they can always install 105their own forwarders. 106.It Cm AllowGroups 107This keyword can be followed by a list of group name patterns, separated 108by spaces. 109If specified, login is allowed only for users whose primary 110group or supplementary group list matches one of the patterns. 111Only group names are valid; a numerical group ID is not recognized. 112By default, login is allowed for all groups. 113The allow/deny directives are processed in the following order: 114.Cm DenyUsers , 115.Cm AllowUsers , 116.Cm DenyGroups , 117and finally 118.Cm AllowGroups . 119.Pp 120See PATTERNS in 121.Xr ssh_config 5 122for more information on patterns. 123.It Cm AllowStreamLocalForwarding 124Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. 125The available options are 126.Cm yes 127(the default) 128or 129.Cm all 130to allow StreamLocal forwarding, 131.Cm no 132to prevent all StreamLocal forwarding, 133.Cm local 134to allow local (from the perspective of 135.Xr ssh 1 ) 136forwarding only or 137.Cm remote 138to allow remote forwarding only. 139Note that disabling StreamLocal forwarding does not improve security unless 140users are also denied shell access, as they can always install their 141own forwarders. 142.It Cm AllowTcpForwarding 143Specifies whether TCP forwarding is permitted. 144The available options are 145.Cm yes 146(the default) 147or 148.Cm all 149to allow TCP forwarding, 150.Cm no 151to prevent all TCP forwarding, 152.Cm local 153to allow local (from the perspective of 154.Xr ssh 1 ) 155forwarding only or 156.Cm remote 157to allow remote forwarding only. 158Note that disabling TCP forwarding does not improve security unless 159users are also denied shell access, as they can always install their 160own forwarders. 161.It Cm AllowUsers 162This keyword can be followed by a list of user name patterns, separated 163by spaces. 164If specified, login is allowed only for user names that 165match one of the patterns. 166Only user names are valid; a numerical user ID is not recognized. 167By default, login is allowed for all users. 168If the pattern takes the form USER@HOST then USER and HOST 169are separately checked, restricting logins to particular 170users from particular hosts. 171HOST criteria may additionally contain addresses to match in CIDR 172address/masklen format. 173The allow/deny directives are processed in the following order: 174.Cm DenyUsers , 175.Cm AllowUsers , 176.Cm DenyGroups , 177and finally 178.Cm AllowGroups . 179.Pp 180See PATTERNS in 181.Xr ssh_config 5 182for more information on patterns. 183.It Cm AuthenticationMethods 184Specifies the authentication methods that must be successfully completed 185for a user to be granted access. 186This option must be followed by one or more comma-separated lists of 187authentication method names, or by the single string 188.Cm any 189to indicate the default behaviour of accepting any single authentication 190method. 191If the default is overridden, then successful authentication requires 192completion of every method in at least one of these lists. 193.Pp 194For example, 195.Qq publickey,password publickey,keyboard-interactive 196would require the user to complete public key authentication, followed by 197either password or keyboard interactive authentication. 198Only methods that are next in one or more lists are offered at each stage, 199so for this example it would not be possible to attempt password or 200keyboard-interactive authentication before public key. 201.Pp 202For keyboard interactive authentication it is also possible to 203restrict authentication to a specific device by appending a 204colon followed by the device identifier 205.Cm bsdauth , 206.Cm pam , 207or 208.Cm skey , 209depending on the server configuration. 210For example, 211.Qq keyboard-interactive:bsdauth 212would restrict keyboard interactive authentication to the 213.Cm bsdauth 214device. 215.Pp 216If the publickey method is listed more than once, 217.Xr sshd 8 218verifies that keys that have been used successfully are not reused for 219subsequent authentications. 220For example, 221.Qq publickey,publickey 222requires successful authentication using two different public keys. 223.Pp 224Note that each authentication method listed should also be explicitly enabled 225in the configuration. 226.Pp 227The available authentication methods are: 228.Qq gssapi-with-mic , 229.Qq hostbased , 230.Qq keyboard-interactive , 231.Qq none 232(used for access to password-less accounts when 233.Cm PermitEmptyPassword 234is enabled), 235.Qq password 236and 237.Qq publickey . 238.It Cm AuthorizedKeysCommand 239Specifies a program to be used to look up the user's public keys. 240The program must be owned by root, not writable by group or others and 241specified by an absolute path. 242Arguments to 243.Cm AuthorizedKeysCommand 244accept the tokens described in the 245.Sx TOKENS 246section. 247If no arguments are specified then the username of the target user is used. 248.Pp 249The program should produce on standard output zero or 250more lines of authorized_keys output (see 251.Sx AUTHORIZED_KEYS 252in 253.Xr sshd 8 ) . 254If a key supplied by 255.Cm AuthorizedKeysCommand 256does not successfully authenticate 257and authorize the user then public key authentication continues using the usual 258.Cm AuthorizedKeysFile 259files. 260By default, no 261.Cm AuthorizedKeysCommand 262is run. 263.It Cm AuthorizedKeysCommandUser 264Specifies the user under whose account the 265.Cm AuthorizedKeysCommand 266is run. 267It is recommended to use a dedicated user that has no other role on the host 268than running authorized keys commands. 269If 270.Cm AuthorizedKeysCommand 271is specified but 272.Cm AuthorizedKeysCommandUser 273is not, then 274.Xr sshd 8 275will refuse to start. 276.It Cm AuthorizedKeysFile 277Specifies the file that contains the public keys used for user authentication. 278The format is described in the 279.Sx AUTHORIZED_KEYS FILE FORMAT 280section of 281.Xr sshd 8 . 282Arguments to 283.Cm AuthorizedKeysFile 284accept the tokens described in the 285.Sx TOKENS 286section. 287After expansion, 288.Cm AuthorizedKeysFile 289is taken to be an absolute path or one relative to the user's home 290directory. 291Multiple files may be listed, separated by whitespace. 292Alternately this option may be set to 293.Cm none 294to skip checking for user keys in files. 295The default is 296.Qq .ssh/authorized_keys .ssh/authorized_keys2 . 297.It Cm AuthorizedPrincipalsCommand 298Specifies a program to be used to generate the list of allowed 299certificate principals as per 300.Cm AuthorizedPrincipalsFile . 301The program must be owned by root, not writable by group or others and 302specified by an absolute path. 303Arguments to 304.Cm AuthorizedPrincipalsCommand 305accept the tokens described in the 306.Sx TOKENS 307section. 308If no arguments are specified then the username of the target user is used. 309.Pp 310The program should produce on standard output zero or 311more lines of 312.Cm AuthorizedPrincipalsFile 313output. 314If either 315.Cm AuthorizedPrincipalsCommand 316or 317.Cm AuthorizedPrincipalsFile 318is specified, then certificates offered by the client for authentication 319must contain a principal that is listed. 320By default, no 321.Cm AuthorizedPrincipalsCommand 322is run. 323.It Cm AuthorizedPrincipalsCommandUser 324Specifies the user under whose account the 325.Cm AuthorizedPrincipalsCommand 326is run. 327It is recommended to use a dedicated user that has no other role on the host 328than running authorized principals commands. 329If 330.Cm AuthorizedPrincipalsCommand 331is specified but 332.Cm AuthorizedPrincipalsCommandUser 333is not, then 334.Xr sshd 8 335will refuse to start. 336.It Cm AuthorizedPrincipalsFile 337Specifies a file that lists principal names that are accepted for 338certificate authentication. 339When using certificates signed by a key listed in 340.Cm TrustedUserCAKeys , 341this file lists names, one of which must appear in the certificate for it 342to be accepted for authentication. 343Names are listed one per line preceded by key options (as described in 344.Sx AUTHORIZED_KEYS FILE FORMAT 345in 346.Xr sshd 8 ) . 347Empty lines and comments starting with 348.Ql # 349are ignored. 350.Pp 351Arguments to 352.Cm AuthorizedPrincipalsFile 353accept the tokens described in the 354.Sx TOKENS 355section. 356After expansion, 357.Cm AuthorizedPrincipalsFile 358is taken to be an absolute path or one relative to the user's home directory. 359The default is 360.Cm none , 361i.e. not to use a principals file \(en in this case, the username 362of the user must appear in a certificate's principals list for it to be 363accepted. 364.Pp 365Note that 366.Cm AuthorizedPrincipalsFile 367is only used when authentication proceeds using a CA listed in 368.Cm TrustedUserCAKeys 369and is not consulted for certification authorities trusted via 370.Pa ~/.ssh/authorized_keys , 371though the 372.Cm principals= 373key option offers a similar facility (see 374.Xr sshd 8 375for details). 376.It Cm Banner 377The contents of the specified file are sent to the remote user before 378authentication is allowed. 379If the argument is 380.Cm none 381then no banner is displayed. 382By default, no banner is displayed. 383.It Cm ChallengeResponseAuthentication 384Specifies whether challenge-response authentication is allowed (e.g. via 385PAM or through authentication styles supported in 386.Xr login.conf 5 ) 387The default is 388.Cm yes . 389.It Cm ChrootDirectory 390Specifies the pathname of a directory to 391.Xr chroot 2 392to after authentication. 393At session startup 394.Xr sshd 8 395checks that all components of the pathname are root-owned directories 396which are not writable by any other user or group. 397After the chroot, 398.Xr sshd 8 399changes the working directory to the user's home directory. 400Arguments to 401.Cm ChrootDirectory 402accept the tokens described in the 403.Sx TOKENS 404section. 405.Pp 406The 407.Cm ChrootDirectory 408must contain the necessary files and directories to support the 409user's session. 410For an interactive session this requires at least a shell, typically 411.Xr sh 1 , 412and basic 413.Pa /dev 414nodes such as 415.Xr null 4 , 416.Xr zero 4 , 417.Xr stdin 4 , 418.Xr stdout 4 , 419.Xr stderr 4 , 420and 421.Xr tty 4 422devices. 423For file transfer sessions using SFTP 424no additional configuration of the environment is necessary if the in-process 425sftp-server is used, 426though sessions which use logging may require 427.Pa /dev/log 428inside the chroot directory on some operating systems (see 429.Xr sftp-server 8 430for details). 431.Pp 432For safety, it is very important that the directory hierarchy be 433prevented from modification by other processes on the system (especially 434those outside the jail). 435Misconfiguration can lead to unsafe environments which 436.Xr sshd 8 437cannot detect. 438.Pp 439The default is 440.Cm none , 441indicating not to 442.Xr chroot 2 . 443.It Cm Ciphers 444Specifies the ciphers allowed. 445Multiple ciphers must be comma-separated. 446If the specified value begins with a 447.Sq + 448character, then the specified ciphers will be appended to the default set 449instead of replacing them. 450If the specified value begins with a 451.Sq - 452character, then the specified ciphers (including wildcards) will be removed 453from the default set instead of replacing them. 454.Pp 455The supported ciphers are: 456.Pp 457.Bl -item -compact -offset indent 458.It 4593des-cbc 460.It 461aes128-cbc 462.It 463aes192-cbc 464.It 465aes256-cbc 466.It 467aes128-ctr 468.It 469aes192-ctr 470.It 471aes256-ctr 472.It 473aes128-gcm@openssh.com 474.It 475aes256-gcm@openssh.com 476.It 477chacha20-poly1305@openssh.com 478.El 479.Pp 480The default is: 481.Bd -literal -offset indent 482chacha20-poly1305@openssh.com, 483aes128-ctr,aes192-ctr,aes256-ctr, 484aes128-gcm@openssh.com,aes256-gcm@openssh.com 485.Ed 486.Pp 487The list of available ciphers may also be obtained using 488.Qq ssh -Q cipher . 489.It Cm ClientAliveCountMax 490Sets the number of client alive messages which may be sent without 491.Xr sshd 8 492receiving any messages back from the client. 493If this threshold is reached while client alive messages are being sent, 494sshd will disconnect the client, terminating the session. 495It is important to note that the use of client alive messages is very 496different from 497.Cm TCPKeepAlive . 498The client alive messages are sent through the encrypted channel 499and therefore will not be spoofable. 500The TCP keepalive option enabled by 501.Cm TCPKeepAlive 502is spoofable. 503The client alive mechanism is valuable when the client or 504server depend on knowing when a connection has become inactive. 505.Pp 506The default value is 3. 507If 508.Cm ClientAliveInterval 509is set to 15, and 510.Cm ClientAliveCountMax 511is left at the default, unresponsive SSH clients 512will be disconnected after approximately 45 seconds. 513.It Cm ClientAliveInterval 514Sets a timeout interval in seconds after which if no data has been received 515from the client, 516.Xr sshd 8 517will send a message through the encrypted 518channel to request a response from the client. 519The default 520is 0, indicating that these messages will not be sent to the client. 521.It Cm Compression 522Specifies whether compression is enabled after 523the user has authenticated successfully. 524The argument must be 525.Cm yes , 526.Cm delayed 527(a legacy synonym for 528.Cm yes ) 529or 530.Cm no . 531The default is 532.Cm yes . 533.It Cm DenyGroups 534This keyword can be followed by a list of group name patterns, separated 535by spaces. 536Login is disallowed for users whose primary group or supplementary 537group list matches one of the patterns. 538Only group names are valid; a numerical group ID is not recognized. 539By default, login is allowed for all groups. 540The allow/deny directives are processed in the following order: 541.Cm DenyUsers , 542.Cm AllowUsers , 543.Cm DenyGroups , 544and finally 545.Cm AllowGroups . 546.Pp 547See PATTERNS in 548.Xr ssh_config 5 549for more information on patterns. 550.It Cm DenyUsers 551This keyword can be followed by a list of user name patterns, separated 552by spaces. 553Login is disallowed for user names that match one of the patterns. 554Only user names are valid; a numerical user ID is not recognized. 555By default, login is allowed for all users. 556If the pattern takes the form USER@HOST then USER and HOST 557are separately checked, restricting logins to particular 558users from particular hosts. 559HOST criteria may additionally contain addresses to match in CIDR 560address/masklen format. 561The allow/deny directives are processed in the following order: 562.Cm DenyUsers , 563.Cm AllowUsers , 564.Cm DenyGroups , 565and finally 566.Cm AllowGroups . 567.Pp 568See PATTERNS in 569.Xr ssh_config 5 570for more information on patterns. 571.It Cm DisableForwarding 572Disables all forwarding features, including X11, 573.Xr ssh-agent 1 , 574TCP and StreamLocal. 575This option overrides all other forwarding-related options and may 576simplify restricted configurations. 577.It Cm ExposeAuthInfo 578Writes a temporary file containing a list of authentication methods and 579public credentials (e.g. keys) used to authenticate the user. 580The location of the file is exposed to the user session through the 581.Ev SSH_USER_AUTH 582environment variable. 583The default is 584.Cm no . 585.It Cm FingerprintHash 586Specifies the hash algorithm used when logging key fingerprints. 587Valid options are: 588.Cm md5 589and 590.Cm sha256 . 591The default is 592.Cm sha256 . 593.It Cm ForceCommand 594Forces the execution of the command specified by 595.Cm ForceCommand , 596ignoring any command supplied by the client and 597.Pa ~/.ssh/rc 598if present. 599The command is invoked by using the user's login shell with the -c option. 600This applies to shell, command, or subsystem execution. 601It is most useful inside a 602.Cm Match 603block. 604The command originally supplied by the client is available in the 605.Ev SSH_ORIGINAL_COMMAND 606environment variable. 607Specifying a command of 608.Cm internal-sftp 609will force the use of an in-process SFTP server that requires no support 610files when used with 611.Cm ChrootDirectory . 612The default is 613.Cm none . 614.It Cm GatewayPorts 615Specifies whether remote hosts are allowed to connect to ports 616forwarded for the client. 617By default, 618.Xr sshd 8 619binds remote port forwardings to the loopback address. 620This prevents other remote hosts from connecting to forwarded ports. 621.Cm GatewayPorts 622can be used to specify that sshd 623should allow remote port forwardings to bind to non-loopback addresses, thus 624allowing other hosts to connect. 625The argument may be 626.Cm no 627to force remote port forwardings to be available to the local host only, 628.Cm yes 629to force remote port forwardings to bind to the wildcard address, or 630.Cm clientspecified 631to allow the client to select the address to which the forwarding is bound. 632The default is 633.Cm no . 634.It Cm GSSAPIAuthentication 635Specifies whether user authentication based on GSSAPI is allowed. 636The default is 637.Cm no . 638.It Cm GSSAPICleanupCredentials 639Specifies whether to automatically destroy the user's credentials cache 640on logout. 641The default is 642.Cm yes . 643.It Cm GSSAPIStrictAcceptorCheck 644Determines whether to be strict about the identity of the GSSAPI acceptor 645a client authenticates against. 646If set to 647.Cm yes 648then the client must authenticate against the host 649service on the current hostname. 650If set to 651.Cm no 652then the client may authenticate against any service key stored in the 653machine's default store. 654This facility is provided to assist with operation on multi homed machines. 655The default is 656.Cm yes . 657.It Cm HostbasedAcceptedKeyTypes 658Specifies the key types that will be accepted for hostbased authentication 659as a comma-separated pattern list. 660Alternately if the specified value begins with a 661.Sq + 662character, then the specified key types will be appended to the default set 663instead of replacing them. 664If the specified value begins with a 665.Sq - 666character, then the specified key types (including wildcards) will be removed 667from the default set instead of replacing them. 668The default for this option is: 669.Bd -literal -offset 3n 670ecdsa-sha2-nistp256-cert-v01@openssh.com, 671ecdsa-sha2-nistp384-cert-v01@openssh.com, 672ecdsa-sha2-nistp521-cert-v01@openssh.com, 673ssh-ed25519-cert-v01@openssh.com, 674ssh-rsa-cert-v01@openssh.com, 675ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 676ssh-ed25519,ssh-rsa 677.Ed 678.Pp 679The list of available key types may also be obtained using 680.Qq ssh -Q key . 681.It Cm HostbasedAuthentication 682Specifies whether rhosts or /etc/hosts.equiv authentication together 683with successful public key client host authentication is allowed 684(host-based authentication). 685The default is 686.Cm no . 687.It Cm HostbasedUsesNameFromPacketOnly 688Specifies whether or not the server will attempt to perform a reverse 689name lookup when matching the name in the 690.Pa ~/.shosts , 691.Pa ~/.rhosts , 692and 693.Pa /etc/hosts.equiv 694files during 695.Cm HostbasedAuthentication . 696A setting of 697.Cm yes 698means that 699.Xr sshd 8 700uses the name supplied by the client rather than 701attempting to resolve the name from the TCP connection itself. 702The default is 703.Cm no . 704.It Cm HostCertificate 705Specifies a file containing a public host certificate. 706The certificate's public key must match a private host key already specified 707by 708.Cm HostKey . 709The default behaviour of 710.Xr sshd 8 711is not to load any certificates. 712.It Cm HostKey 713Specifies a file containing a private host key 714used by SSH. 715The defaults are 716.Pa /etc/ssh/ssh_host_dsa_key , 717.Pa /etc/ssh/ssh_host_ecdsa_key , 718.Pa /etc/ssh/ssh_host_ed25519_key 719and 720.Pa /etc/ssh/ssh_host_rsa_key . 721.Pp 722Note that 723.Xr sshd 8 724will refuse to use a file if it is group/world-accessible 725and that the 726.Cm HostKeyAlgorithms 727option restricts which of the keys are actually used by 728.Xr sshd 8 . 729.Pp 730It is possible to have multiple host key files. 731It is also possible to specify public host key files instead. 732In this case operations on the private key will be delegated 733to an 734.Xr ssh-agent 1 . 735.It Cm HostKeyAgent 736Identifies the UNIX-domain socket used to communicate 737with an agent that has access to the private host keys. 738If the string 739.Qq SSH_AUTH_SOCK 740is specified, the location of the socket will be read from the 741.Ev SSH_AUTH_SOCK 742environment variable. 743.It Cm HostKeyAlgorithms 744Specifies the host key algorithms 745that the server offers. 746The default for this option is: 747.Bd -literal -offset 3n 748ecdsa-sha2-nistp256-cert-v01@openssh.com, 749ecdsa-sha2-nistp384-cert-v01@openssh.com, 750ecdsa-sha2-nistp521-cert-v01@openssh.com, 751ssh-ed25519-cert-v01@openssh.com, 752ssh-rsa-cert-v01@openssh.com, 753ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 754ssh-ed25519,ssh-rsa 755.Ed 756.Pp 757The list of available key types may also be obtained using 758.Qq ssh -Q key . 759.It Cm IgnoreRhosts 760Specifies that 761.Pa .rhosts 762and 763.Pa .shosts 764files will not be used in 765.Cm HostbasedAuthentication . 766.Pp 767.Pa /etc/hosts.equiv 768and 769.Pa /etc/shosts.equiv 770are still used. 771The default is 772.Cm yes . 773.It Cm IgnoreUserKnownHosts 774Specifies whether 775.Xr sshd 8 776should ignore the user's 777.Pa ~/.ssh/known_hosts 778during 779.Cm HostbasedAuthentication . 780The default is 781.Cm no . 782.It Cm IPQoS 783Specifies the IPv4 type-of-service or DSCP class for the connection. 784Accepted values are 785.Cm af11 , 786.Cm af12 , 787.Cm af13 , 788.Cm af21 , 789.Cm af22 , 790.Cm af23 , 791.Cm af31 , 792.Cm af32 , 793.Cm af33 , 794.Cm af41 , 795.Cm af42 , 796.Cm af43 , 797.Cm cs0 , 798.Cm cs1 , 799.Cm cs2 , 800.Cm cs3 , 801.Cm cs4 , 802.Cm cs5 , 803.Cm cs6 , 804.Cm cs7 , 805.Cm ef , 806.Cm lowdelay , 807.Cm throughput , 808.Cm reliability , 809a numeric value, or 810.Cm none 811to use the operating system default. 812This option may take one or two arguments, separated by whitespace. 813If one argument is specified, it is used as the packet class unconditionally. 814If two values are specified, the first is automatically selected for 815interactive sessions and the second for non-interactive sessions. 816The default is 817.Cm lowdelay 818for interactive sessions and 819.Cm throughput 820for non-interactive sessions. 821.It Cm KbdInteractiveAuthentication 822Specifies whether to allow keyboard-interactive authentication. 823The argument to this keyword must be 824.Cm yes 825or 826.Cm no . 827The default is to use whatever value 828.Cm ChallengeResponseAuthentication 829is set to 830(by default 831.Cm yes ) . 832.It Cm KerberosAuthentication 833Specifies whether the password provided by the user for 834.Cm PasswordAuthentication 835will be validated through the Kerberos KDC. 836To use this option, the server needs a 837Kerberos servtab which allows the verification of the KDC's identity. 838The default is 839.Cm no . 840.It Cm KerberosGetAFSToken 841If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire 842an AFS token before accessing the user's home directory. 843The default is 844.Cm no . 845.It Cm KerberosOrLocalPasswd 846If password authentication through Kerberos fails then 847the password will be validated via any additional local mechanism 848such as 849.Pa /etc/passwd . 850The default is 851.Cm yes . 852.It Cm KerberosTicketCleanup 853Specifies whether to automatically destroy the user's ticket cache 854file on logout. 855The default is 856.Cm yes . 857.It Cm KexAlgorithms 858Specifies the available KEX (Key Exchange) algorithms. 859Multiple algorithms must be comma-separated. 860Alternately if the specified value begins with a 861.Sq + 862character, then the specified methods will be appended to the default set 863instead of replacing them. 864If the specified value begins with a 865.Sq - 866character, then the specified methods (including wildcards) will be removed 867from the default set instead of replacing them. 868The supported algorithms are: 869.Pp 870.Bl -item -compact -offset indent 871.It 872curve25519-sha256 873.It 874curve25519-sha256@libssh.org 875.It 876diffie-hellman-group1-sha1 877.It 878diffie-hellman-group14-sha1 879.It 880diffie-hellman-group-exchange-sha1 881.It 882diffie-hellman-group-exchange-sha256 883.It 884ecdh-sha2-nistp256 885.It 886ecdh-sha2-nistp384 887.It 888ecdh-sha2-nistp521 889.El 890.Pp 891The default is: 892.Bd -literal -offset indent 893curve25519-sha256,curve25519-sha256@libssh.org, 894ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 895diffie-hellman-group-exchange-sha256, 896diffie-hellman-group14-sha1 897.Ed 898.Pp 899The list of available key exchange algorithms may also be obtained using 900.Qq ssh -Q kex . 901.It Cm ListenAddress 902Specifies the local addresses 903.Xr sshd 8 904should listen on. 905The following forms may be used: 906.Pp 907.Bl -item -offset indent -compact 908.It 909.Cm ListenAddress 910.Sm off 911.Ar host | Ar IPv4_addr | Ar IPv6_addr 912.Sm on 913.It 914.Cm ListenAddress 915.Sm off 916.Ar host | Ar IPv4_addr : Ar port 917.Sm on 918.It 919.Cm ListenAddress 920.Sm off 921.Oo 922.Ar host | Ar IPv6_addr Oc : Ar port 923.Sm on 924.El 925.Pp 926If 927.Ar port 928is not specified, 929sshd will listen on the address and all 930.Cm Port 931options specified. 932The default is to listen on all local addresses. 933Multiple 934.Cm ListenAddress 935options are permitted. 936.It Cm LoginGraceTime 937The server disconnects after this time if the user has not 938successfully logged in. 939If the value is 0, there is no time limit. 940The default is 120 seconds. 941.It Cm LogLevel 942Gives the verbosity level that is used when logging messages from 943.Xr sshd 8 . 944The possible values are: 945QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 946The default is INFO. 947DEBUG and DEBUG1 are equivalent. 948DEBUG2 and DEBUG3 each specify higher levels of debugging output. 949Logging with a DEBUG level violates the privacy of users and is not recommended. 950.It Cm MACs 951Specifies the available MAC (message authentication code) algorithms. 952The MAC algorithm is used for data integrity protection. 953Multiple algorithms must be comma-separated. 954If the specified value begins with a 955.Sq + 956character, then the specified algorithms will be appended to the default set 957instead of replacing them. 958If the specified value begins with a 959.Sq - 960character, then the specified algorithms (including wildcards) will be removed 961from the default set instead of replacing them. 962.Pp 963The algorithms that contain 964.Qq -etm 965calculate the MAC after encryption (encrypt-then-mac). 966These are considered safer and their use recommended. 967The supported MACs are: 968.Pp 969.Bl -item -compact -offset indent 970.It 971hmac-md5 972.It 973hmac-md5-96 974.It 975hmac-sha1 976.It 977hmac-sha1-96 978.It 979hmac-sha2-256 980.It 981hmac-sha2-512 982.It 983umac-64@openssh.com 984.It 985umac-128@openssh.com 986.It 987hmac-md5-etm@openssh.com 988.It 989hmac-md5-96-etm@openssh.com 990.It 991hmac-sha1-etm@openssh.com 992.It 993hmac-sha1-96-etm@openssh.com 994.It 995hmac-sha2-256-etm@openssh.com 996.It 997hmac-sha2-512-etm@openssh.com 998.It 999umac-64-etm@openssh.com 1000.It 1001umac-128-etm@openssh.com 1002.El 1003.Pp 1004The default is: 1005.Bd -literal -offset indent 1006umac-64-etm@openssh.com,umac-128-etm@openssh.com, 1007hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 1008hmac-sha1-etm@openssh.com, 1009umac-64@openssh.com,umac-128@openssh.com, 1010hmac-sha2-256,hmac-sha2-512,hmac-sha1 1011.Ed 1012.Pp 1013The list of available MAC algorithms may also be obtained using 1014.Qq ssh -Q mac . 1015.It Cm Match 1016Introduces a conditional block. 1017If all of the criteria on the 1018.Cm Match 1019line are satisfied, the keywords on the following lines override those 1020set in the global section of the config file, until either another 1021.Cm Match 1022line or the end of the file. 1023If a keyword appears in multiple 1024.Cm Match 1025blocks that are satisfied, only the first instance of the keyword is 1026applied. 1027.Pp 1028The arguments to 1029.Cm Match 1030are one or more criteria-pattern pairs or the single token 1031.Cm All 1032which matches all criteria. 1033The available criteria are 1034.Cm User , 1035.Cm Group , 1036.Cm Host , 1037.Cm LocalAddress , 1038.Cm LocalPort , 1039and 1040.Cm Address . 1041The match patterns may consist of single entries or comma-separated 1042lists and may use the wildcard and negation operators described in the 1043.Sx PATTERNS 1044section of 1045.Xr ssh_config 5 . 1046.Pp 1047The patterns in an 1048.Cm Address 1049criteria may additionally contain addresses to match in CIDR 1050address/masklen format, 1051such as 192.0.2.0/24 or 2001:db8::/32. 1052Note that the mask length provided must be consistent with the address - 1053it is an error to specify a mask length that is too long for the address 1054or one with bits set in this host portion of the address. 1055For example, 192.0.2.0/33 and 192.0.2.0/8, respectively. 1056.Pp 1057Only a subset of keywords may be used on the lines following a 1058.Cm Match 1059keyword. 1060Available keywords are 1061.Cm AcceptEnv , 1062.Cm AllowAgentForwarding , 1063.Cm AllowGroups , 1064.Cm AllowStreamLocalForwarding , 1065.Cm AllowTcpForwarding , 1066.Cm AllowUsers , 1067.Cm AuthenticationMethods , 1068.Cm AuthorizedKeysCommand , 1069.Cm AuthorizedKeysCommandUser , 1070.Cm AuthorizedKeysFile , 1071.Cm AuthorizedPrincipalsCommand , 1072.Cm AuthorizedPrincipalsCommandUser , 1073.Cm AuthorizedPrincipalsFile , 1074.Cm Banner , 1075.Cm ChrootDirectory , 1076.Cm ClientAliveCountMax , 1077.Cm ClientAliveInterval , 1078.Cm DenyGroups , 1079.Cm DenyUsers , 1080.Cm ForceCommand , 1081.Cm GatewayPorts , 1082.Cm GSSAPIAuthentication , 1083.Cm HostbasedAcceptedKeyTypes , 1084.Cm HostbasedAuthentication , 1085.Cm HostbasedUsesNameFromPacketOnly , 1086.Cm IPQoS , 1087.Cm KbdInteractiveAuthentication , 1088.Cm KerberosAuthentication , 1089.Cm LogLevel , 1090.Cm MaxAuthTries , 1091.Cm MaxSessions , 1092.Cm PasswordAuthentication , 1093.Cm PermitEmptyPasswords , 1094.Cm PermitOpen , 1095.Cm PermitRootLogin , 1096.Cm PermitTTY , 1097.Cm PermitTunnel , 1098.Cm PermitUserRC , 1099.Cm PubkeyAcceptedKeyTypes , 1100.Cm PubkeyAuthentication , 1101.Cm RekeyLimit , 1102.Cm RevokedKeys , 1103.Cm StreamLocalBindMask , 1104.Cm StreamLocalBindUnlink , 1105.Cm TrustedUserCAKeys , 1106.Cm X11DisplayOffset , 1107.Cm X11Forwarding 1108and 1109.Cm X11UseLocalHost . 1110.It Cm MaxAuthTries 1111Specifies the maximum number of authentication attempts permitted per 1112connection. 1113Once the number of failures reaches half this value, 1114additional failures are logged. 1115The default is 6. 1116.It Cm MaxSessions 1117Specifies the maximum number of open shell, login or subsystem (e.g. sftp) 1118sessions permitted per network connection. 1119Multiple sessions may be established by clients that support connection 1120multiplexing. 1121Setting 1122.Cm MaxSessions 1123to 1 will effectively disable session multiplexing, whereas setting it to 0 1124will prevent all shell, login and subsystem sessions while still permitting 1125forwarding. 1126The default is 10. 1127.It Cm MaxStartups 1128Specifies the maximum number of concurrent unauthenticated connections to the 1129SSH daemon. 1130Additional connections will be dropped until authentication succeeds or the 1131.Cm LoginGraceTime 1132expires for a connection. 1133The default is 10:30:100. 1134.Pp 1135Alternatively, random early drop can be enabled by specifying 1136the three colon separated values 1137start:rate:full (e.g. "10:30:60"). 1138.Xr sshd 8 1139will refuse connection attempts with a probability of rate/100 (30%) 1140if there are currently start (10) unauthenticated connections. 1141The probability increases linearly and all connection attempts 1142are refused if the number of unauthenticated connections reaches full (60). 1143.It Cm PasswordAuthentication 1144Specifies whether password authentication is allowed. 1145The default is 1146.Cm yes . 1147.It Cm PermitEmptyPasswords 1148When password authentication is allowed, it specifies whether the 1149server allows login to accounts with empty password strings. 1150The default is 1151.Cm no . 1152.It Cm PermitOpen 1153Specifies the destinations to which TCP port forwarding is permitted. 1154The forwarding specification must be one of the following forms: 1155.Pp 1156.Bl -item -offset indent -compact 1157.It 1158.Cm PermitOpen 1159.Sm off 1160.Ar host : port 1161.Sm on 1162.It 1163.Cm PermitOpen 1164.Sm off 1165.Ar IPv4_addr : port 1166.Sm on 1167.It 1168.Cm PermitOpen 1169.Sm off 1170.Ar \&[ IPv6_addr \&] : port 1171.Sm on 1172.El 1173.Pp 1174Multiple forwards may be specified by separating them with whitespace. 1175An argument of 1176.Cm any 1177can be used to remove all restrictions and permit any forwarding requests. 1178An argument of 1179.Cm none 1180can be used to prohibit all forwarding requests. 1181The wildcard 1182.Sq * 1183can be used for host or port to allow all hosts or ports, respectively. 1184By default all port forwarding requests are permitted. 1185.It Cm PermitRootLogin 1186Specifies whether root can log in using 1187.Xr ssh 1 . 1188The argument must be 1189.Cm yes , 1190.Cm prohibit-password , 1191.Cm without-password , 1192.Cm forced-commands-only , 1193or 1194.Cm no . 1195The default is 1196.Cm prohibit-password . 1197.Pp 1198If this option is set to 1199.Cm prohibit-password 1200or 1201.Cm without-password , 1202password and keyboard-interactive authentication are disabled for root. 1203.Pp 1204If this option is set to 1205.Cm forced-commands-only , 1206root login with public key authentication will be allowed, 1207but only if the 1208.Ar command 1209option has been specified 1210(which may be useful for taking remote backups even if root login is 1211normally not allowed). 1212All other authentication methods are disabled for root. 1213.Pp 1214If this option is set to 1215.Cm no , 1216root is not allowed to log in. 1217.It Cm PermitTTY 1218Specifies whether 1219.Xr pty 4 1220allocation is permitted. 1221The default is 1222.Cm yes . 1223.It Cm PermitTunnel 1224Specifies whether 1225.Xr tun 4 1226device forwarding is allowed. 1227The argument must be 1228.Cm yes , 1229.Cm point-to-point 1230(layer 3), 1231.Cm ethernet 1232(layer 2), or 1233.Cm no . 1234Specifying 1235.Cm yes 1236permits both 1237.Cm point-to-point 1238and 1239.Cm ethernet . 1240The default is 1241.Cm no . 1242.Pp 1243Independent of this setting, the permissions of the selected 1244.Xr tun 4 1245device must allow access to the user. 1246.It Cm PermitUserEnvironment 1247Specifies whether 1248.Pa ~/.ssh/environment 1249and 1250.Cm environment= 1251options in 1252.Pa ~/.ssh/authorized_keys 1253are processed by 1254.Xr sshd 8 . 1255The default is 1256.Cm no . 1257Enabling environment processing may enable users to bypass access 1258restrictions in some configurations using mechanisms such as 1259.Ev LD_PRELOAD . 1260.It Cm PermitUserRC 1261Specifies whether any 1262.Pa ~/.ssh/rc 1263file is executed. 1264The default is 1265.Cm yes . 1266.It Cm PidFile 1267Specifies the file that contains the process ID of the 1268SSH daemon, or 1269.Cm none 1270to not write one. 1271The default is 1272.Pa /var/run/sshd.pid . 1273.It Cm Port 1274Specifies the port number that 1275.Xr sshd 8 1276listens on. 1277The default is 22. 1278Multiple options of this type are permitted. 1279See also 1280.Cm ListenAddress . 1281.It Cm PrintLastLog 1282Specifies whether 1283.Xr sshd 8 1284should print the date and time of the last user login when a user logs 1285in interactively. 1286The default is 1287.Cm yes . 1288.It Cm PrintMotd 1289Specifies whether 1290.Xr sshd 8 1291should print 1292.Pa /etc/motd 1293when a user logs in interactively. 1294(On some systems it is also printed by the shell, 1295.Pa /etc/profile , 1296or equivalent.) 1297The default is 1298.Cm yes . 1299.It Cm PubkeyAcceptedKeyTypes 1300Specifies the key types that will be accepted for public key authentication 1301as a comma-separated pattern list. 1302Alternately if the specified value begins with a 1303.Sq + 1304character, then the specified key types will be appended to the default set 1305instead of replacing them. 1306If the specified value begins with a 1307.Sq - 1308character, then the specified key types (including wildcards) will be removed 1309from the default set instead of replacing them. 1310The default for this option is: 1311.Bd -literal -offset 3n 1312ecdsa-sha2-nistp256-cert-v01@openssh.com, 1313ecdsa-sha2-nistp384-cert-v01@openssh.com, 1314ecdsa-sha2-nistp521-cert-v01@openssh.com, 1315ssh-ed25519-cert-v01@openssh.com, 1316ssh-rsa-cert-v01@openssh.com, 1317ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 1318ssh-ed25519,ssh-rsa 1319.Ed 1320.Pp 1321The list of available key types may also be obtained using 1322.Qq ssh -Q key . 1323.It Cm PubkeyAuthentication 1324Specifies whether public key authentication is allowed. 1325The default is 1326.Cm yes . 1327.It Cm RekeyLimit 1328Specifies the maximum amount of data that may be transmitted before the 1329session key is renegotiated, optionally followed a maximum amount of 1330time that may pass before the session key is renegotiated. 1331The first argument is specified in bytes and may have a suffix of 1332.Sq K , 1333.Sq M , 1334or 1335.Sq G 1336to indicate Kilobytes, Megabytes, or Gigabytes, respectively. 1337The default is between 1338.Sq 1G 1339and 1340.Sq 4G , 1341depending on the cipher. 1342The optional second value is specified in seconds and may use any of the 1343units documented in the 1344.Sx TIME FORMATS 1345section. 1346The default value for 1347.Cm RekeyLimit 1348is 1349.Cm default none , 1350which means that rekeying is performed after the cipher's default amount 1351of data has been sent or received and no time based rekeying is done. 1352.It Cm RevokedKeys 1353Specifies revoked public keys file, or 1354.Cm none 1355to not use one. 1356Keys listed in this file will be refused for public key authentication. 1357Note that if this file is not readable, then public key authentication will 1358be refused for all users. 1359Keys may be specified as a text file, listing one public key per line, or as 1360an OpenSSH Key Revocation List (KRL) as generated by 1361.Xr ssh-keygen 1 . 1362For more information on KRLs, see the KEY REVOCATION LISTS section in 1363.Xr ssh-keygen 1 . 1364.It Cm StreamLocalBindMask 1365Sets the octal file creation mode mask 1366.Pq umask 1367used when creating a Unix-domain socket file for local or remote 1368port forwarding. 1369This option is only used for port forwarding to a Unix-domain socket file. 1370.Pp 1371The default value is 0177, which creates a Unix-domain socket file that is 1372readable and writable only by the owner. 1373Note that not all operating systems honor the file mode on Unix-domain 1374socket files. 1375.It Cm StreamLocalBindUnlink 1376Specifies whether to remove an existing Unix-domain socket file for local 1377or remote port forwarding before creating a new one. 1378If the socket file already exists and 1379.Cm StreamLocalBindUnlink 1380is not enabled, 1381.Nm sshd 1382will be unable to forward the port to the Unix-domain socket file. 1383This option is only used for port forwarding to a Unix-domain socket file. 1384.Pp 1385The argument must be 1386.Cm yes 1387or 1388.Cm no . 1389The default is 1390.Cm no . 1391.It Cm StrictModes 1392Specifies whether 1393.Xr sshd 8 1394should check file modes and ownership of the 1395user's files and home directory before accepting login. 1396This is normally desirable because novices sometimes accidentally leave their 1397directory or files world-writable. 1398The default is 1399.Cm yes . 1400Note that this does not apply to 1401.Cm ChrootDirectory , 1402whose permissions and ownership are checked unconditionally. 1403.It Cm Subsystem 1404Configures an external subsystem (e.g. file transfer daemon). 1405Arguments should be a subsystem name and a command (with optional arguments) 1406to execute upon subsystem request. 1407.Pp 1408The command 1409.Cm sftp-server 1410implements the SFTP file transfer subsystem. 1411.Pp 1412Alternately the name 1413.Cm internal-sftp 1414implements an in-process SFTP server. 1415This may simplify configurations using 1416.Cm ChrootDirectory 1417to force a different filesystem root on clients. 1418.Pp 1419By default no subsystems are defined. 1420.It Cm SyslogFacility 1421Gives the facility code that is used when logging messages from 1422.Xr sshd 8 . 1423The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 1424LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 1425The default is AUTH. 1426.It Cm TCPKeepAlive 1427Specifies whether the system should send TCP keepalive messages to the 1428other side. 1429If they are sent, death of the connection or crash of one 1430of the machines will be properly noticed. 1431However, this means that 1432connections will die if the route is down temporarily, and some people 1433find it annoying. 1434On the other hand, if TCP keepalives are not sent, 1435sessions may hang indefinitely on the server, leaving 1436.Qq ghost 1437users and consuming server resources. 1438.Pp 1439The default is 1440.Cm yes 1441(to send TCP keepalive messages), and the server will notice 1442if the network goes down or the client host crashes. 1443This avoids infinitely hanging sessions. 1444.Pp 1445To disable TCP keepalive messages, the value should be set to 1446.Cm no . 1447.It Cm TrustedUserCAKeys 1448Specifies a file containing public keys of certificate authorities that are 1449trusted to sign user certificates for authentication, or 1450.Cm none 1451to not use one. 1452Keys are listed one per line; empty lines and comments starting with 1453.Ql # 1454are allowed. 1455If a certificate is presented for authentication and has its signing CA key 1456listed in this file, then it may be used for authentication for any user 1457listed in the certificate's principals list. 1458Note that certificates that lack a list of principals will not be permitted 1459for authentication using 1460.Cm TrustedUserCAKeys . 1461For more details on certificates, see the CERTIFICATES section in 1462.Xr ssh-keygen 1 . 1463.It Cm UseDNS 1464Specifies whether 1465.Xr sshd 8 1466should look up the remote host name, and to check that 1467the resolved host name for the remote IP address maps back to the 1468very same IP address. 1469.Pp 1470If this option is set to 1471.Cm no 1472(the default) then only addresses and not host names may be used in 1473.Pa ~/.ssh/authorized_keys 1474.Cm from 1475and 1476.Nm 1477.Cm Match 1478.Cm Host 1479directives. 1480.It Cm UsePAM 1481Enables the Pluggable Authentication Module interface. 1482If set to 1483.Cm yes 1484this will enable PAM authentication using 1485.Cm ChallengeResponseAuthentication 1486and 1487.Cm PasswordAuthentication 1488in addition to PAM account and session module processing for all 1489authentication types. 1490.Pp 1491Because PAM challenge-response authentication usually serves an equivalent 1492role to password authentication, you should disable either 1493.Cm PasswordAuthentication 1494or 1495.Cm ChallengeResponseAuthentication. 1496.Pp 1497If 1498.Cm UsePAM 1499is enabled, you will not be able to run 1500.Xr sshd 8 1501as a non-root user. 1502The default is 1503.Cm no . 1504.It Cm VersionAddendum 1505Optionally specifies additional text to append to the SSH protocol banner 1506sent by the server upon connection. 1507The default is 1508.Cm none . 1509.It Cm X11DisplayOffset 1510Specifies the first display number available for 1511.Xr sshd 8 Ns 's 1512X11 forwarding. 1513This prevents sshd from interfering with real X11 servers. 1514The default is 10. 1515.It Cm X11Forwarding 1516Specifies whether X11 forwarding is permitted. 1517The argument must be 1518.Cm yes 1519or 1520.Cm no . 1521The default is 1522.Cm no . 1523.Pp 1524When X11 forwarding is enabled, there may be additional exposure to 1525the server and to client displays if the 1526.Xr sshd 8 1527proxy display is configured to listen on the wildcard address (see 1528.Cm X11UseLocalhost ) , 1529though this is not the default. 1530Additionally, the authentication spoofing and authentication data 1531verification and substitution occur on the client side. 1532The security risk of using X11 forwarding is that the client's X11 1533display server may be exposed to attack when the SSH client requests 1534forwarding (see the warnings for 1535.Cm ForwardX11 1536in 1537.Xr ssh_config 5 ) . 1538A system administrator may have a stance in which they want to 1539protect clients that may expose themselves to attack by unwittingly 1540requesting X11 forwarding, which can warrant a 1541.Cm no 1542setting. 1543.Pp 1544Note that disabling X11 forwarding does not prevent users from 1545forwarding X11 traffic, as users can always install their own forwarders. 1546.It Cm X11UseLocalhost 1547Specifies whether 1548.Xr sshd 8 1549should bind the X11 forwarding server to the loopback address or to 1550the wildcard address. 1551By default, 1552sshd binds the forwarding server to the loopback address and sets the 1553hostname part of the 1554.Ev DISPLAY 1555environment variable to 1556.Cm localhost . 1557This prevents remote hosts from connecting to the proxy display. 1558However, some older X11 clients may not function with this 1559configuration. 1560.Cm X11UseLocalhost 1561may be set to 1562.Cm no 1563to specify that the forwarding server should be bound to the wildcard 1564address. 1565The argument must be 1566.Cm yes 1567or 1568.Cm no . 1569The default is 1570.Cm yes . 1571.It Cm XAuthLocation 1572Specifies the full pathname of the 1573.Xr xauth 1 1574program, or 1575.Cm none 1576to not use one. 1577The default is 1578.Pa /usr/X11R6/bin/xauth . 1579.El 1580.Sh TIME FORMATS 1581.Xr sshd 8 1582command-line arguments and configuration file options that specify time 1583may be expressed using a sequence of the form: 1584.Sm off 1585.Ar time Op Ar qualifier , 1586.Sm on 1587where 1588.Ar time 1589is a positive integer value and 1590.Ar qualifier 1591is one of the following: 1592.Pp 1593.Bl -tag -width Ds -compact -offset indent 1594.It Aq Cm none 1595seconds 1596.It Cm s | Cm S 1597seconds 1598.It Cm m | Cm M 1599minutes 1600.It Cm h | Cm H 1601hours 1602.It Cm d | Cm D 1603days 1604.It Cm w | Cm W 1605weeks 1606.El 1607.Pp 1608Each member of the sequence is added together to calculate 1609the total time value. 1610.Pp 1611Time format examples: 1612.Pp 1613.Bl -tag -width Ds -compact -offset indent 1614.It 600 1615600 seconds (10 minutes) 1616.It 10m 161710 minutes 1618.It 1h30m 16191 hour 30 minutes (90 minutes) 1620.El 1621.Sh TOKENS 1622Arguments to some keywords can make use of tokens, 1623which are expanded at runtime: 1624.Pp 1625.Bl -tag -width XXXX -offset indent -compact 1626.It %% 1627A literal 1628.Sq % . 1629.It %F 1630The fingerprint of the CA key. 1631.It %f 1632The fingerprint of the key or certificate. 1633.It %h 1634The home directory of the user. 1635.It %i 1636The key ID in the certificate. 1637.It %K 1638The base64-encoded CA key. 1639.It %k 1640The base64-encoded key or certificate for authentication. 1641.It %s 1642The serial number of the certificate. 1643.It \&%T 1644The type of the CA key. 1645.It %t 1646The key or certificate type. 1647.It %u 1648The username. 1649.El 1650.Pp 1651.Cm AuthorizedKeysCommand 1652accepts the tokens %%, %f, %h, %k, %t, and %u. 1653.Pp 1654.Cm AuthorizedKeysFile 1655accepts the tokens %%, %h, and %u. 1656.Pp 1657.Cm AuthorizedPrincipalsCommand 1658accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, and %u. 1659.Pp 1660.Cm AuthorizedPrincipalsFile 1661accepts the tokens %%, %h, and %u. 1662.Pp 1663.Cm ChrootDirectory 1664accepts the tokens %%, %h, and %u. 1665.Sh FILES 1666.Bl -tag -width Ds 1667.It Pa /etc/ssh/sshd_config 1668Contains configuration data for 1669.Xr sshd 8 . 1670This file should be writable by root only, but it is recommended 1671(though not necessary) that it be world-readable. 1672.El 1673.Sh SEE ALSO 1674.Xr sftp-server 8 , 1675.Xr sshd 8 1676.Sh AUTHORS 1677.An -nosplit 1678OpenSSH is a derivative of the original and free 1679ssh 1.2.12 release by 1680.An Tatu Ylonen . 1681.An Aaron Campbell , Bob Beck , Markus Friedl , Niels Provos , 1682.An Theo de Raadt 1683and 1684.An Dug Song 1685removed many bugs, re-added newer features and 1686created OpenSSH. 1687.An Markus Friedl 1688contributed the support for SSH protocol versions 1.5 and 2.0. 1689.An Niels Provos 1690and 1691.An Markus Friedl 1692contributed support for privilege separation. 1693