1.\" 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" All rights reserved 5.\" 6.\" As far as I am concerned, the code I have written for this software 7.\" can be used freely for any purpose. Any derived versions of this 8.\" software must be clearly marked as such, and if the derived work is 9.\" incompatible with the protocol description in the RFC file, it must be 10.\" called by a name other than "ssh" or "Secure Shell". 11.\" 12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 15.\" 16.\" Redistribution and use in source and binary forms, with or without 17.\" modification, are permitted provided that the following conditions 18.\" are met: 19.\" 1. Redistributions of source code must retain the above copyright 20.\" notice, this list of conditions and the following disclaimer. 21.\" 2. Redistributions in binary form must reproduce the above copyright 22.\" notice, this list of conditions and the following disclaimer in the 23.\" documentation and/or other materials provided with the distribution. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" $OpenBSD: sshd_config.5,v 1.144 2012/06/29 13:57:25 naddy Exp $ 37.Dd $Mdocdate: June 29 2012 $ 38.Dt SSHD_CONFIG 5 39.Os 40.Sh NAME 41.Nm sshd_config 42.Nd OpenSSH SSH daemon configuration file 43.Sh SYNOPSIS 44.Nm /etc/ssh/sshd_config 45.Sh DESCRIPTION 46.Xr sshd 8 47reads configuration data from 48.Pa /etc/ssh/sshd_config 49(or the file specified with 50.Fl f 51on the command line). 52The file contains keyword-argument pairs, one per line. 53Lines starting with 54.Ql # 55and empty lines are interpreted as comments. 56Arguments may optionally be enclosed in double quotes 57.Pq \&" 58in order to represent arguments containing spaces. 59.Pp 60The possible 61keywords and their meanings are as follows (note that 62keywords are case-insensitive and arguments are case-sensitive): 63.Bl -tag -width Ds 64.It Cm AcceptEnv 65Specifies what environment variables sent by the client will be copied into 66the session's 67.Xr environ 7 . 68See 69.Cm SendEnv 70in 71.Xr ssh_config 5 72for how to configure the client. 73Note that environment passing is only supported for protocol 2. 74Variables are specified by name, which may contain the wildcard characters 75.Ql * 76and 77.Ql \&? . 78Multiple environment variables may be separated by whitespace or spread 79across multiple 80.Cm AcceptEnv 81directives. 82Be warned that some environment variables could be used to bypass restricted 83user environments. 84For this reason, care should be taken in the use of this directive. 85The default is not to accept any environment variables. 86.It Cm AddressFamily 87Specifies which address family should be used by 88.Xr sshd 8 . 89Valid arguments are 90.Dq any , 91.Dq inet 92(use IPv4 only), or 93.Dq inet6 94(use IPv6 only). 95The default is 96.Dq any . 97.It Cm AllowAgentForwarding 98Specifies whether 99.Xr ssh-agent 1 100forwarding is permitted. 101The default is 102.Dq yes . 103Note that disabling agent forwarding does not improve security 104unless users are also denied shell access, as they can always install 105their own forwarders. 106.It Cm AllowGroups 107This keyword can be followed by a list of group name patterns, separated 108by spaces. 109If specified, login is allowed only for users whose primary 110group or supplementary group list matches one of the patterns. 111Only group names are valid; a numerical group ID is not recognized. 112By default, login is allowed for all groups. 113The allow/deny directives are processed in the following order: 114.Cm DenyUsers , 115.Cm AllowUsers , 116.Cm DenyGroups , 117and finally 118.Cm AllowGroups . 119.Pp 120See 121.Sx PATTERNS 122in 123.Xr ssh_config 5 124for more information on patterns. 125.It Cm AllowTcpForwarding 126Specifies whether TCP forwarding is permitted. 127The default is 128.Dq yes . 129Note that disabling TCP forwarding does not improve security unless 130users are also denied shell access, as they can always install their 131own forwarders. 132.It Cm AllowUsers 133This keyword can be followed by a list of user name patterns, separated 134by spaces. 135If specified, login is allowed only for user names that 136match one of the patterns. 137Only user names are valid; a numerical user ID is not recognized. 138By default, login is allowed for all users. 139If the pattern takes the form USER@HOST then USER and HOST 140are separately checked, restricting logins to particular 141users from particular hosts. 142The allow/deny directives are processed in the following order: 143.Cm DenyUsers , 144.Cm AllowUsers , 145.Cm DenyGroups , 146and finally 147.Cm AllowGroups . 148.Pp 149See 150.Sx PATTERNS 151in 152.Xr ssh_config 5 153for more information on patterns. 154.It Cm AuthorizedKeysFile 155Specifies the file that contains the public keys that can be used 156for user authentication. 157The format is described in the 158.Sx AUTHORIZED_KEYS FILE FORMAT 159section of 160.Xr sshd 8 . 161.Cm AuthorizedKeysFile 162may contain tokens of the form %T which are substituted during connection 163setup. 164The following tokens are defined: %% is replaced by a literal '%', 165%h is replaced by the home directory of the user being authenticated, and 166%u is replaced by the username of that user. 167After expansion, 168.Cm AuthorizedKeysFile 169is taken to be an absolute path or one relative to the user's home 170directory. 171Multiple files may be listed, separated by whitespace. 172The default is 173.Dq .ssh/authorized_keys .ssh/authorized_keys2 . 174.It Cm AuthorizedPrincipalsFile 175Specifies a file that lists principal names that are accepted for 176certificate authentication. 177When using certificates signed by a key listed in 178.Cm TrustedUserCAKeys , 179this file lists names, one of which must appear in the certificate for it 180to be accepted for authentication. 181Names are listed one per line preceded by key options (as described 182in 183.Sx AUTHORIZED_KEYS FILE FORMAT 184in 185.Xr sshd 8 ) . 186Empty lines and comments starting with 187.Ql # 188are ignored. 189.Pp 190.Cm AuthorizedPrincipalsFile 191may contain tokens of the form %T which are substituted during connection 192setup. 193The following tokens are defined: %% is replaced by a literal '%', 194%h is replaced by the home directory of the user being authenticated, and 195%u is replaced by the username of that user. 196After expansion, 197.Cm AuthorizedPrincipalsFile 198is taken to be an absolute path or one relative to the user's home 199directory. 200.Pp 201The default is 202.Dq none , 203i.e. not to use a principals file \(en in this case, the username 204of the user must appear in a certificate's principals list for it to be 205accepted. 206Note that 207.Cm AuthorizedPrincipalsFile 208is only used when authentication proceeds using a CA listed in 209.Cm TrustedUserCAKeys 210and is not consulted for certification authorities trusted via 211.Pa ~/.ssh/authorized_keys , 212though the 213.Cm principals= 214key option offers a similar facility (see 215.Xr sshd 8 216for details). 217.It Cm Banner 218The contents of the specified file are sent to the remote user before 219authentication is allowed. 220If the argument is 221.Dq none 222then no banner is displayed. 223This option is only available for protocol version 2. 224By default, no banner is displayed. 225.It Cm ChallengeResponseAuthentication 226Specifies whether challenge-response authentication is allowed. 227Specifically, in 228.Dx , 229this controls the use of PAM (see 230.Xr pam 3 ) 231for authentication. 232Note that this affects the effectiveness of the 233.Cm PasswordAuthentication 234and 235.Cm PermitRootLogin 236variables. 237The default is 238.Dq yes . 239.It Cm ChrootDirectory 240Specifies the pathname of a directory to 241.Xr chroot 2 242to after authentication. 243All components of the pathname must be root-owned directories that are 244not writable by any other user or group. 245After the chroot, 246.Xr sshd 8 247changes the working directory to the user's home directory. 248.Pp 249The pathname may contain the following tokens that are expanded at runtime once 250the connecting user has been authenticated: %% is replaced by a literal '%', 251%h is replaced by the home directory of the user being authenticated, and 252%u is replaced by the username of that user. 253.Pp 254The 255.Cm ChrootDirectory 256must contain the necessary files and directories to support the 257user's session. 258For an interactive session this requires at least a shell, typically 259.Xr sh 1 , 260and basic 261.Pa /dev 262nodes such as 263.Xr null 4 , 264.Xr zero 4 , 265.Xr stdin 4 , 266.Xr stdout 4 , 267.Xr stderr 4 , 268.Xr arandom 4 269and 270.Xr tty 4 271devices. 272For file transfer sessions using 273.Dq sftp , 274no additional configuration of the environment is necessary if the 275in-process sftp server is used, 276though sessions which use logging do require 277.Pa /dev/log 278inside the chroot directory (see 279.Xr sftp-server 8 280for details). 281.Pp 282The default is not to 283.Xr chroot 2 . 284.It Cm Ciphers 285Specifies the ciphers allowed for protocol version 2. 286Multiple ciphers must be comma-separated. 287The supported ciphers are 288.Dq 3des-cbc , 289.Dq aes128-cbc , 290.Dq aes192-cbc , 291.Dq aes256-cbc , 292.Dq aes128-ctr , 293.Dq aes192-ctr , 294.Dq aes256-ctr , 295.Dq arcfour128 , 296.Dq arcfour256 , 297.Dq arcfour , 298.Dq blowfish-cbc , 299and 300.Dq cast128-cbc . 301The default is: 302.Bd -literal -offset 3n 303aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, 304aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, 305aes256-cbc,arcfour 306.Ed 307.It Cm ClientAliveCountMax 308Sets the number of client alive messages (see below) which may be 309sent without 310.Xr sshd 8 311receiving any messages back from the client. 312If this threshold is reached while client alive messages are being sent, 313sshd will disconnect the client, terminating the session. 314It is important to note that the use of client alive messages is very 315different from 316.Cm TCPKeepAlive 317(below). 318The client alive messages are sent through the encrypted channel 319and therefore will not be spoofable. 320The TCP keepalive option enabled by 321.Cm TCPKeepAlive 322is spoofable. 323The client alive mechanism is valuable when the client or 324server depend on knowing when a connection has become inactive. 325.Pp 326The default value is 3. 327If 328.Cm ClientAliveInterval 329(see below) is set to 15, and 330.Cm ClientAliveCountMax 331is left at the default, unresponsive SSH clients 332will be disconnected after approximately 45 seconds. 333This option applies to protocol version 2 only. 334.It Cm ClientAliveInterval 335Sets a timeout interval in seconds after which if no data has been received 336from the client, 337.Xr sshd 8 338will send a message through the encrypted 339channel to request a response from the client. 340The default 341is 0, indicating that these messages will not be sent to the client. 342This option applies to protocol version 2 only. 343.It Cm Compression 344Specifies whether compression is allowed, or delayed until 345the user has authenticated successfully. 346The argument must be 347.Dq yes , 348.Dq delayed , 349or 350.Dq no . 351The default is 352.Dq delayed . 353.It Cm DenyGroups 354This keyword can be followed by a list of group name patterns, separated 355by spaces. 356Login is disallowed for users whose primary group or supplementary 357group list matches one of the patterns. 358Only group names are valid; a numerical group ID is not recognized. 359By default, login is allowed for all groups. 360The allow/deny directives are processed in the following order: 361.Cm DenyUsers , 362.Cm AllowUsers , 363.Cm DenyGroups , 364and finally 365.Cm AllowGroups . 366.Pp 367See 368.Sx PATTERNS 369in 370.Xr ssh_config 5 371for more information on patterns. 372.It Cm DenyUsers 373This keyword can be followed by a list of user name patterns, separated 374by spaces. 375Login is disallowed for user names that match one of the patterns. 376Only user names are valid; a numerical user ID is not recognized. 377By default, login is allowed for all users. 378If the pattern takes the form USER@HOST then USER and HOST 379are separately checked, restricting logins to particular 380users from particular hosts. 381The allow/deny directives are processed in the following order: 382.Cm DenyUsers , 383.Cm AllowUsers , 384.Cm DenyGroups , 385and finally 386.Cm AllowGroups . 387.Pp 388See 389.Sx PATTERNS 390in 391.Xr ssh_config 5 392for more information on patterns. 393.It Cm ForceCommand 394Forces the execution of the command specified by 395.Cm ForceCommand , 396ignoring any command supplied by the client and 397.Pa ~/.ssh/rc 398if present. 399The command is invoked by using the user's login shell with the -c option. 400This applies to shell, command, or subsystem execution. 401It is most useful inside a 402.Cm Match 403block. 404The command originally supplied by the client is available in the 405.Ev SSH_ORIGINAL_COMMAND 406environment variable. 407Specifying a command of 408.Dq internal-sftp 409will force the use of an in-process sftp server that requires no support 410files when used with 411.Cm ChrootDirectory . 412.It Cm GatewayPorts 413Specifies whether remote hosts are allowed to connect to ports 414forwarded for the client. 415By default, 416.Xr sshd 8 417binds remote port forwardings to the loopback address. 418This prevents other remote hosts from connecting to forwarded ports. 419.Cm GatewayPorts 420can be used to specify that sshd 421should allow remote port forwardings to bind to non-loopback addresses, thus 422allowing other hosts to connect. 423The argument may be 424.Dq no 425to force remote port forwardings to be available to the local host only, 426.Dq yes 427to force remote port forwardings to bind to the wildcard address, or 428.Dq clientspecified 429to allow the client to select the address to which the forwarding is bound. 430The default is 431.Dq no . 432.It Cm GSSAPIAuthentication 433Specifies whether user authentication based on GSSAPI is allowed. 434The default is 435.Dq no . 436Note that this option applies to protocol version 2 only. 437.It Cm GSSAPICleanupCredentials 438Specifies whether to automatically destroy the user's credentials cache 439on logout. 440The default is 441.Dq yes . 442Note that this option applies to protocol version 2 only. 443.It Cm HostbasedAuthentication 444Specifies whether rhosts or /etc/hosts.equiv authentication together 445with successful public key client host authentication is allowed 446(host-based authentication). 447This option is similar to 448.Cm RhostsRSAAuthentication 449and applies to protocol version 2 only. 450The default is 451.Dq no . 452.It Cm HostbasedUsesNameFromPacketOnly 453Specifies whether or not the server will attempt to perform a reverse 454name lookup when matching the name in the 455.Pa ~/.shosts , 456.Pa ~/.rhosts , 457and 458.Pa /etc/hosts.equiv 459files during 460.Cm HostbasedAuthentication . 461A setting of 462.Dq yes 463means that 464.Xr sshd 8 465uses the name supplied by the client rather than 466attempting to resolve the name from the TCP connection itself. 467The default is 468.Dq no . 469.It Cm HostCertificate 470Specifies a file containing a public host certificate. 471The certificate's public key must match a private host key already specified 472by 473.Cm HostKey . 474The default behaviour of 475.Xr sshd 8 476is not to load any certificates. 477.It Cm HostKey 478Specifies a file containing a private host key 479used by SSH. 480The default is 481.Pa /etc/ssh/ssh_host_key 482for protocol version 1, and 483.Pa /etc/ssh/ssh_host_dsa_key , 484.Pa /etc/ssh/ssh_host_ecdsa_key 485and 486.Pa /etc/ssh/ssh_host_rsa_key 487for protocol version 2. 488Note that 489.Xr sshd 8 490will refuse to use a file if it is group/world-accessible. 491It is possible to have multiple host key files. 492.Dq rsa1 493keys are used for version 1 and 494.Dq dsa , 495.Dq ecdsa 496or 497.Dq rsa 498are used for version 2 of the SSH protocol. 499.It Cm IgnoreRhosts 500Specifies that 501.Pa .rhosts 502and 503.Pa .shosts 504files will not be used in 505.Cm RhostsRSAAuthentication 506or 507.Cm HostbasedAuthentication . 508.Pp 509.Pa /etc/hosts.equiv 510and 511.Pa /etc/ssh/shosts.equiv 512are still used. 513The default is 514.Dq yes . 515.It Cm IgnoreUserKnownHosts 516Specifies whether 517.Xr sshd 8 518should ignore the user's 519.Pa ~/.ssh/known_hosts 520during 521.Cm RhostsRSAAuthentication 522or 523.Cm HostbasedAuthentication . 524The default is 525.Dq no . 526.It Cm IPQoS 527Specifies the IPv4 type-of-service or DSCP class for the connection. 528Accepted values are 529.Dq af11 , 530.Dq af12 , 531.Dq af13 , 532.Dq af21 , 533.Dq af22 , 534.Dq af23 , 535.Dq af31 , 536.Dq af32 , 537.Dq af33 , 538.Dq af41 , 539.Dq af42 , 540.Dq af43 , 541.Dq cs0 , 542.Dq cs1 , 543.Dq cs2 , 544.Dq cs3 , 545.Dq cs4 , 546.Dq cs5 , 547.Dq cs6 , 548.Dq cs7 , 549.Dq ef , 550.Dq lowdelay , 551.Dq throughput , 552.Dq reliability , 553or a numeric value. 554This option may take one or two arguments, separated by whitespace. 555If one argument is specified, it is used as the packet class unconditionally. 556If two values are specified, the first is automatically selected for 557interactive sessions and the second for non-interactive sessions. 558The default is 559.Dq lowdelay 560for interactive sessions and 561.Dq throughput 562for non-interactive sessions. 563.It Cm KerberosAuthentication 564Specifies whether the password provided by the user for 565.Cm PasswordAuthentication 566will be validated through the Kerberos KDC. 567To use this option, the server needs a 568Kerberos servtab which allows the verification of the KDC's identity. 569The default is 570.Dq no . 571.It Cm KerberosGetAFSToken 572If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire 573an AFS token before accessing the user's home directory. 574The default is 575.Dq no . 576.It Cm KerberosOrLocalPasswd 577If password authentication through Kerberos fails then 578the password will be validated via any additional local mechanism 579such as 580.Pa /etc/passwd . 581The default is 582.Dq yes . 583.It Cm KerberosTicketCleanup 584Specifies whether to automatically destroy the user's ticket cache 585file on logout. 586The default is 587.Dq yes . 588.It Cm KexAlgorithms 589Specifies the available KEX (Key Exchange) algorithms. 590Multiple algorithms must be comma-separated. 591The default is 592.Dq ecdh-sha2-nistp256 , 593.Dq ecdh-sha2-nistp384 , 594.Dq ecdh-sha2-nistp521 , 595.Dq diffie-hellman-group-exchange-sha256 , 596.Dq diffie-hellman-group-exchange-sha1 , 597.Dq diffie-hellman-group14-sha1 , 598.Dq diffie-hellman-group1-sha1 . 599.It Cm KeyRegenerationInterval 600In protocol version 1, the ephemeral server key is automatically regenerated 601after this many seconds (if it has been used). 602The purpose of regeneration is to prevent 603decrypting captured sessions by later breaking into the machine and 604stealing the keys. 605The key is never stored anywhere. 606If the value is 0, the key is never regenerated. 607The default is 3600 (seconds). 608.It Cm ListenAddress 609Specifies the local addresses 610.Xr sshd 8 611should listen on. 612The following forms may be used: 613.Pp 614.Bl -item -offset indent -compact 615.It 616.Cm ListenAddress 617.Sm off 618.Ar host No | Ar IPv4_addr No | Ar IPv6_addr 619.Sm on 620.It 621.Cm ListenAddress 622.Sm off 623.Ar host No | Ar IPv4_addr No : Ar port 624.Sm on 625.It 626.Cm ListenAddress 627.Sm off 628.Oo 629.Ar host No | Ar IPv6_addr Oc : Ar port 630.Sm on 631.El 632.Pp 633If 634.Ar port 635is not specified, 636sshd will listen on the address and all prior 637.Cm Port 638options specified. 639The default is to listen on all local addresses. 640Multiple 641.Cm ListenAddress 642options are permitted. 643Additionally, any 644.Cm Port 645options must precede this option for non-port qualified addresses. 646.It Cm LoginGraceTime 647The server disconnects after this time if the user has not 648successfully logged in. 649If the value is 0, there is no time limit. 650The default is 120 seconds. 651.It Cm LogLevel 652Gives the verbosity level that is used when logging messages from 653.Xr sshd 8 . 654The possible values are: 655QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 656The default is INFO. 657DEBUG and DEBUG1 are equivalent. 658DEBUG2 and DEBUG3 each specify higher levels of debugging output. 659Logging with a DEBUG level violates the privacy of users and is not recommended. 660.It Cm MACs 661Specifies the available MAC (message authentication code) algorithms. 662The MAC algorithm is used in protocol version 2 663for data integrity protection. 664Multiple algorithms must be comma-separated. 665The default is: 666.Bd -literal -offset indent 667hmac-md5,hmac-sha1,umac-64@openssh.com, 668hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, 669hmac-sha1-96,hmac-md5-96 670.Ed 671.It Cm Match 672Introduces a conditional block. 673If all of the criteria on the 674.Cm Match 675line are satisfied, the keywords on the following lines override those 676set in the global section of the config file, until either another 677.Cm Match 678line or the end of the file. 679.Pp 680The arguments to 681.Cm Match 682are one or more criteria-pattern pairs. 683The available criteria are 684.Cm User , 685.Cm Group , 686.Cm Host , 687.Cm LocalAddress , 688.Cm LocalPort , 689and 690.Cm Address . 691The match patterns may consist of single entries or comma-separated 692lists and may use the wildcard and negation operators described in the 693.Sx PATTERNS 694section of 695.Xr ssh_config 5 . 696.Pp 697The patterns in an 698.Cm Address 699criteria may additionally contain addresses to match in CIDR 700address/masklen format, e.g.\& 701.Dq 192.0.2.0/24 702or 703.Dq 3ffe:ffff::/32 . 704Note that the mask length provided must be consistent with the address - 705it is an error to specify a mask length that is too long for the address 706or one with bits set in this host portion of the address. 707For example, 708.Dq 192.0.2.0/33 709and 710.Dq 192.0.2.0/8 711respectively. 712.Pp 713Only a subset of keywords may be used on the lines following a 714.Cm Match 715keyword. 716Available keywords are 717.Cm AcceptEnv , 718.Cm AllowAgentForwarding , 719.Cm AllowGroups , 720.Cm AllowTcpForwarding , 721.Cm AllowUsers , 722.Cm AuthorizedKeysFile , 723.Cm AuthorizedPrincipalsFile , 724.Cm Banner , 725.Cm ChrootDirectory , 726.Cm DenyGroups , 727.Cm DenyUsers , 728.Cm ForceCommand , 729.Cm GatewayPorts , 730.Cm GSSAPIAuthentication , 731.Cm HostbasedAuthentication , 732.Cm HostbasedUsesNameFromPacketOnly , 733.Cm KbdInteractiveAuthentication , 734.Cm KerberosAuthentication , 735.Cm MaxAuthTries , 736.Cm MaxSessions , 737.Cm PasswordAuthentication , 738.Cm PermitEmptyPasswords , 739.Cm PermitOpen , 740.Cm PermitRootLogin , 741.Cm PermitTunnel , 742.Cm PubkeyAuthentication , 743.Cm RhostsRSAAuthentication , 744.Cm RSAAuthentication , 745.Cm X11DisplayOffset , 746.Cm X11Forwarding 747and 748.Cm X11UseLocalHost . 749.It Cm MaxAuthTries 750Specifies the maximum number of authentication attempts permitted per 751connection. 752Once the number of failures reaches half this value, 753additional failures are logged. 754The default is 6. 755.It Cm MaxSessions 756Specifies the maximum number of open sessions permitted per network connection. 757The default is 10. 758.It Cm MaxStartups 759Specifies the maximum number of concurrent unauthenticated connections to the 760SSH daemon. 761Additional connections will be dropped until authentication succeeds or the 762.Cm LoginGraceTime 763expires for a connection. 764The default is 10. 765.Pp 766Alternatively, random early drop can be enabled by specifying 767the three colon separated values 768.Dq start:rate:full 769(e.g. "10:30:60"). 770.Xr sshd 8 771will refuse connection attempts with a probability of 772.Dq rate/100 773(30%) 774if there are currently 775.Dq start 776(10) 777unauthenticated connections. 778The probability increases linearly and all connection attempts 779are refused if the number of unauthenticated connections reaches 780.Dq full 781(60). 782.It Cm PasswordAuthentication 783Specifies whether password authentication is allowed. 784The default is 785.Dq yes . 786Note that if 787.Cm ChallengeResponseAuthentication 788is 789.Dq yes , 790.Cm UsePAM 791is 792.Dq yes , 793and the PAM authentication policy for 794.Nm sshd 795includes 796.Xr pam_unix 8 , 797password authentication will be allowed through the challenge-response 798mechanism regardless of the value of 799.Cm PasswordAuthentication . 800.It Cm PermitEmptyPasswords 801When password authentication is allowed, it specifies whether the 802server allows login to accounts with empty password strings. 803The default is 804.Dq no . 805.It Cm PermitOpen 806Specifies the destinations to which TCP port forwarding is permitted. 807The forwarding specification must be one of the following forms: 808.Pp 809.Bl -item -offset indent -compact 810.It 811.Cm PermitOpen 812.Sm off 813.Ar host : port 814.Sm on 815.It 816.Cm PermitOpen 817.Sm off 818.Ar IPv4_addr : port 819.Sm on 820.It 821.Cm PermitOpen 822.Sm off 823.Ar \&[ IPv6_addr \&] : port 824.Sm on 825.El 826.Pp 827Multiple forwards may be specified by separating them with whitespace. 828An argument of 829.Dq any 830can be used to remove all restrictions and permit any forwarding requests. 831An argument of 832.Dq none 833can be used to prohibit all forwarding requests. 834By default all port forwarding requests are permitted. 835.It Cm PermitRootLogin 836Specifies whether root can log in using 837.Xr ssh 1 . 838The argument must be 839.Dq yes , 840.Dq without-password , 841.Dq forced-commands-only , 842or 843.Dq no . 844The default is 845.Dq no . 846Note that if 847.Cm ChallengeResponseAuthentication 848is 849.Dq yes , 850the root user may be allowed in with its password even if 851.Cm PermitRootLogin is set to 852.Dq without-password . 853.Pp 854If this option is set to 855.Dq without-password , 856password authentication is disabled for root. 857.Pp 858If this option is set to 859.Dq forced-commands-only , 860root login with public key authentication will be allowed, 861but only if the 862.Ar command 863option has been specified 864(which may be useful for taking remote backups even if root login is 865normally not allowed). 866All other authentication methods are disabled for root. 867.Pp 868If this option is set to 869.Dq no , 870root is not allowed to log in. 871.It Cm PermitTunnel 872Specifies whether 873.Xr tun 4 874device forwarding is allowed. 875The argument must be 876.Dq yes , 877.Dq point-to-point 878(layer 3), 879.Dq ethernet 880(layer 2), or 881.Dq no . 882Specifying 883.Dq yes 884permits both 885.Dq point-to-point 886and 887.Dq ethernet . 888The default is 889.Dq no . 890.It Cm PermitUserEnvironment 891Specifies whether 892.Pa ~/.ssh/environment 893and 894.Cm environment= 895options in 896.Pa ~/.ssh/authorized_keys 897are processed by 898.Xr sshd 8 . 899The default is 900.Dq no . 901Enabling environment processing may enable users to bypass access 902restrictions in some configurations using mechanisms such as 903.Ev LD_PRELOAD . 904.It Cm PidFile 905Specifies the file that contains the process ID of the 906SSH daemon. 907The default is 908.Pa /var/run/sshd.pid . 909.It Cm Port 910Specifies the port number that 911.Xr sshd 8 912listens on. 913The default is 22. 914Multiple options of this type are permitted. 915See also 916.Cm ListenAddress . 917.It Cm PrintLastLog 918Specifies whether 919.Xr sshd 8 920should print the date and time of the last user login when a user logs 921in interactively. 922The default is 923.Dq yes . 924.It Cm PrintMotd 925Specifies whether 926.Xr sshd 8 927should print 928.Pa /etc/motd 929when a user logs in interactively. 930(On some systems it is also printed by the shell, 931.Pa /etc/profile , 932or equivalent.) 933The default is 934.Dq yes . 935.It Cm Protocol 936Specifies the protocol versions 937.Xr sshd 8 938supports. 939The possible values are 940.Sq 1 941and 942.Sq 2 . 943Multiple versions must be comma-separated. 944The default is 945.Sq 2 . 946Note that the order of the protocol list does not indicate preference, 947because the client selects among multiple protocol versions offered 948by the server. 949Specifying 950.Dq 2,1 951is identical to 952.Dq 1,2 . 953.It Cm PubkeyAuthentication 954Specifies whether public key authentication is allowed. 955The default is 956.Dq yes . 957Note that this option applies to protocol version 2 only. 958.It Cm RevokedKeys 959Specifies a list of revoked public keys. 960Keys listed in this file will be refused for public key authentication. 961Note that if this file is not readable, then public key authentication will 962be refused for all users. 963.It Cm RhostsRSAAuthentication 964Specifies whether rhosts or 965.Pa /etc/hosts.equiv 966authentication together 967with successful RSA host authentication is allowed. 968The default is 969.Dq no . 970This option applies to protocol version 1 only. 971.It Cm RSAAuthentication 972Specifies whether pure RSA authentication is allowed. 973The default is 974.Dq yes . 975This option applies to protocol version 1 only. 976.It Cm ServerKeyBits 977Defines the number of bits in the ephemeral protocol version 1 server key. 978The minimum value is 512, and the default is 1024. 979.It Cm StrictModes 980Specifies whether 981.Xr sshd 8 982should check file modes and ownership of the 983user's files and home directory before accepting login. 984This is normally desirable because novices sometimes accidentally leave their 985directory or files world-writable. 986The default is 987.Dq yes . 988Note that this does not apply to 989.Cm ChrootDirectory , 990whose permissions and ownership are checked unconditionally. 991.It Cm Subsystem 992Configures an external subsystem (e.g. file transfer daemon). 993Arguments should be a subsystem name and a command (with optional arguments) 994to execute upon subsystem request. 995.Pp 996The command 997.Xr sftp-server 8 998implements the 999.Dq sftp 1000file transfer subsystem. 1001.Pp 1002Alternately the name 1003.Dq internal-sftp 1004implements an in-process 1005.Dq sftp 1006server. 1007This may simplify configurations using 1008.Cm ChrootDirectory 1009to force a different filesystem root on clients. 1010.Pp 1011By default no subsystems are defined. 1012Note that this option applies to protocol version 2 only. 1013.It Cm SyslogFacility 1014Gives the facility code that is used when logging messages from 1015.Xr sshd 8 . 1016The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 1017LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 1018The default is AUTH. 1019.It Cm TCPKeepAlive 1020Specifies whether the system should send TCP keepalive messages to the 1021other side. 1022If they are sent, death of the connection or crash of one 1023of the machines will be properly noticed. 1024However, this means that 1025connections will die if the route is down temporarily, and some people 1026find it annoying. 1027On the other hand, if TCP keepalives are not sent, 1028sessions may hang indefinitely on the server, leaving 1029.Dq ghost 1030users and consuming server resources. 1031.Pp 1032The default is 1033.Dq yes 1034(to send TCP keepalive messages), and the server will notice 1035if the network goes down or the client host crashes. 1036This avoids infinitely hanging sessions. 1037.Pp 1038To disable TCP keepalive messages, the value should be set to 1039.Dq no . 1040.It Cm TrustedUserCAKeys 1041Specifies a file containing public keys of certificate authorities that are 1042trusted to sign user certificates for authentication. 1043Keys are listed one per line; empty lines and comments starting with 1044.Ql # 1045are allowed. 1046If a certificate is presented for authentication and has its signing CA key 1047listed in this file, then it may be used for authentication for any user 1048listed in the certificate's principals list. 1049Note that certificates that lack a list of principals will not be permitted 1050for authentication using 1051.Cm TrustedUserCAKeys . 1052For more details on certificates, see the 1053.Sx CERTIFICATES 1054section in 1055.Xr ssh-keygen 1 . 1056.It Cm UseDNS 1057Specifies whether 1058.Xr sshd 8 1059should look up the remote host name and check that 1060the resolved host name for the remote IP address maps back to the 1061very same IP address. 1062The default is 1063.Dq yes . 1064.It Cm UseLogin 1065Specifies whether 1066.Xr login 1 1067is used for interactive login sessions. 1068The default is 1069.Dq no . 1070Note that 1071.Xr login 1 1072is never used for remote command execution. 1073Note also, that if this is enabled, 1074.Cm X11Forwarding 1075will be disabled because 1076.Xr login 1 1077does not know how to handle 1078.Xr xauth 1 1079cookies. 1080If 1081.Cm UsePrivilegeSeparation 1082is specified, it will be disabled after authentication. 1083.It Cm UsePAM 1084Enables the Pluggable Authentication Module interface. 1085If set to 1086.Dq yes 1087this will enable PAM authentication using 1088.Cm ChallengeResponseAuthentication 1089and 1090.Cm PasswordAuthentication 1091in addition to PAM account and session module processing for all 1092authentication types. 1093.Pp 1094Because PAM challenge-response authentication usually serves an equivalent 1095role to password authentication, you should disable either 1096.Cm PasswordAuthentication 1097or 1098.Cm ChallengeResponseAuthentication. 1099.Pp 1100If 1101.Cm UsePAM 1102is enabled, you will not be able to run 1103.Xr sshd 8 1104as a non-root user. 1105The default is 1106.Dq no . 1107.It Cm UsePrivilegeSeparation 1108Specifies whether 1109.Xr sshd 8 1110separates privileges by creating an unprivileged child process 1111to deal with incoming network traffic. 1112After successful authentication, another process will be created that has 1113the privilege of the authenticated user. 1114The goal of privilege separation is to prevent privilege 1115escalation by containing any corruption within the unprivileged processes. 1116The default is 1117.Dq yes . 1118If 1119.Cm UsePrivilegeSeparation 1120is set to 1121.Dq sandbox 1122then the pre-authentication unprivileged process is subject to additional 1123restrictions. 1124.It Cm VersionAddendum 1125Optionally specifies additional text to append to the SSH protocol banner 1126sent by the server upon connection. 1127The default is 1128.Dq DragonFly-20121028 . 1129.It Cm X11DisplayOffset 1130Specifies the first display number available for 1131.Xr sshd 8 Ns 's 1132X11 forwarding. 1133This prevents sshd from interfering with real X11 servers. 1134The default is 10. 1135.It Cm X11Forwarding 1136Specifies whether X11 forwarding is permitted. 1137The argument must be 1138.Dq yes 1139or 1140.Dq no . 1141The default is 1142.Dq yes . 1143.Pp 1144When X11 forwarding is enabled, there may be additional exposure to 1145the server and to client displays if the 1146.Xr sshd 8 1147proxy display is configured to listen on the wildcard address (see 1148.Cm X11UseLocalhost 1149below), though this is not the default. 1150Additionally, the authentication spoofing and authentication data 1151verification and substitution occur on the client side. 1152The security risk of using X11 forwarding is that the client's X11 1153display server may be exposed to attack when the SSH client requests 1154forwarding (see the warnings for 1155.Cm ForwardX11 1156in 1157.Xr ssh_config 5 ) . 1158A system administrator may have a stance in which they want to 1159protect clients that may expose themselves to attack by unwittingly 1160requesting X11 forwarding, which can warrant a 1161.Dq no 1162setting. 1163.Pp 1164Note that disabling X11 forwarding does not prevent users from 1165forwarding X11 traffic, as users can always install their own forwarders. 1166X11 forwarding is automatically disabled if 1167.Cm UseLogin 1168is enabled. 1169.It Cm X11UseLocalhost 1170Specifies whether 1171.Xr sshd 8 1172should bind the X11 forwarding server to the loopback address or to 1173the wildcard address. 1174By default, 1175sshd binds the forwarding server to the loopback address and sets the 1176hostname part of the 1177.Ev DISPLAY 1178environment variable to 1179.Dq localhost . 1180This prevents remote hosts from connecting to the proxy display. 1181However, some older X11 clients may not function with this 1182configuration. 1183.Cm X11UseLocalhost 1184may be set to 1185.Dq no 1186to specify that the forwarding server should be bound to the wildcard 1187address. 1188The argument must be 1189.Dq yes 1190or 1191.Dq no . 1192The default is 1193.Dq yes . 1194.It Cm XAuthLocation 1195Specifies the full pathname of the 1196.Xr xauth 1 1197program. 1198The default is 1199.Pa /usr/X11R6/bin/xauth . 1200.El 1201.Sh TIME FORMATS 1202.Xr sshd 8 1203command-line arguments and configuration file options that specify time 1204may be expressed using a sequence of the form: 1205.Sm off 1206.Ar time Op Ar qualifier , 1207.Sm on 1208where 1209.Ar time 1210is a positive integer value and 1211.Ar qualifier 1212is one of the following: 1213.Pp 1214.Bl -tag -width Ds -compact -offset indent 1215.It Aq Cm none 1216seconds 1217.It Cm s | Cm S 1218seconds 1219.It Cm m | Cm M 1220minutes 1221.It Cm h | Cm H 1222hours 1223.It Cm d | Cm D 1224days 1225.It Cm w | Cm W 1226weeks 1227.El 1228.Pp 1229Each member of the sequence is added together to calculate 1230the total time value. 1231.Pp 1232Time format examples: 1233.Pp 1234.Bl -tag -width Ds -compact -offset indent 1235.It 600 1236600 seconds (10 minutes) 1237.It 10m 123810 minutes 1239.It 1h30m 12401 hour 30 minutes (90 minutes) 1241.El 1242.Sh FILES 1243.Bl -tag -width Ds 1244.It Pa /etc/ssh/sshd_config 1245Contains configuration data for 1246.Xr sshd 8 . 1247This file should be writable by root only, but it is recommended 1248(though not necessary) that it be world-readable. 1249.El 1250.Sh SEE ALSO 1251.Xr sshd 8 1252.Sh AUTHORS 1253OpenSSH is a derivative of the original and free 1254ssh 1.2.12 release by Tatu Ylonen. 1255Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 1256Theo de Raadt and Dug Song 1257removed many bugs, re-added newer features and 1258created OpenSSH. 1259Markus Friedl contributed the support for SSH 1260protocol versions 1.5 and 2.0. 1261Niels Provos and Markus Friedl contributed support 1262for privilege separation. 1263