1.\" -*- nroff -*- 2.\" 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5.\" All rights reserved 6.\" 7.\" As far as I am concerned, the code I have written for this software 8.\" can be used freely for any purpose. Any derived versions of this 9.\" software must be clearly marked as such, and if the derived work is 10.\" incompatible with the protocol description in the RFC file, it must be 11.\" called by a name other than "ssh" or "Secure Shell". 12.\" 13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 16.\" 17.\" Redistribution and use in source and binary forms, with or without 18.\" modification, are permitted provided that the following conditions 19.\" are met: 20.\" 1. Redistributions of source code must retain the above copyright 21.\" notice, this list of conditions and the following disclaimer. 22.\" 2. Redistributions in binary form must reproduce the above copyright 23.\" notice, this list of conditions and the following disclaimer in the 24.\" documentation and/or other materials provided with the distribution. 25.\" 26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" 37.\" $OpenBSD: sshd_config.5,v 1.125 2010/06/30 07:28:34 jmc Exp $ 38.Dd $Mdocdate: June 30 2010 $ 39.Dt SSHD_CONFIG 5 40.Os 41.Sh NAME 42.Nm sshd_config 43.Nd OpenSSH SSH daemon configuration file 44.Sh SYNOPSIS 45.Nm /etc/ssh/sshd_config 46.Sh DESCRIPTION 47.Xr sshd 8 48reads configuration data from 49.Pa /etc/ssh/sshd_config 50(or the file specified with 51.Fl f 52on the command line). 53The file contains keyword-argument pairs, one per line. 54Lines starting with 55.Ql # 56and empty lines are interpreted as comments. 57Arguments may optionally be enclosed in double quotes 58.Pq \&" 59in order to represent arguments containing spaces. 60.Pp 61The possible 62keywords and their meanings are as follows (note that 63keywords are case-insensitive and arguments are case-sensitive): 64.Bl -tag -width Ds 65.It Cm AcceptEnv 66Specifies what environment variables sent by the client will be copied into 67the session's 68.Xr environ 7 . 69See 70.Cm SendEnv 71in 72.Xr ssh_config 5 73for how to configure the client. 74Note that environment passing is only supported for protocol 2. 75Variables are specified by name, which may contain the wildcard characters 76.Ql * 77and 78.Ql \&? . 79Multiple environment variables may be separated by whitespace or spread 80across multiple 81.Cm AcceptEnv 82directives. 83Be warned that some environment variables could be used to bypass restricted 84user environments. 85For this reason, care should be taken in the use of this directive. 86The default is not to accept any environment variables. 87.It Cm AddressFamily 88Specifies which address family should be used by 89.Xr sshd 8 . 90Valid arguments are 91.Dq any , 92.Dq inet 93(use IPv4 only), or 94.Dq inet6 95(use IPv6 only). 96The default is 97.Dq any . 98.It Cm AllowAgentForwarding 99Specifies whether 100.Xr ssh-agent 1 101forwarding is permitted. 102The default is 103.Dq yes . 104Note that disabling agent forwarding does not improve security 105unless users are also denied shell access, as they can always install 106their own forwarders. 107.It Cm AllowGroups 108This keyword can be followed by a list of group name patterns, separated 109by spaces. 110If specified, login is allowed only for users whose primary 111group or supplementary group list matches one of the patterns. 112Only group names are valid; a numerical group ID is not recognized. 113By default, login is allowed for all groups. 114The allow/deny directives are processed in the following order: 115.Cm DenyUsers , 116.Cm AllowUsers , 117.Cm DenyGroups , 118and finally 119.Cm AllowGroups . 120.Pp 121See 122.Sx PATTERNS 123in 124.Xr ssh_config 5 125for more information on patterns. 126.It Cm AllowTcpForwarding 127Specifies whether TCP forwarding is permitted. 128The default is 129.Dq yes . 130Note that disabling TCP forwarding does not improve security unless 131users are also denied shell access, as they can always install their 132own forwarders. 133.It Cm AllowUsers 134This keyword can be followed by a list of user name patterns, separated 135by spaces. 136If specified, login is allowed only for user names that 137match one of the patterns. 138Only user names are valid; a numerical user ID is not recognized. 139By default, login is allowed for all users. 140If the pattern takes the form USER@HOST then USER and HOST 141are separately checked, restricting logins to particular 142users from particular hosts. 143The allow/deny directives are processed in the following order: 144.Cm DenyUsers , 145.Cm AllowUsers , 146.Cm DenyGroups , 147and finally 148.Cm AllowGroups . 149.Pp 150See 151.Sx PATTERNS 152in 153.Xr ssh_config 5 154for more information on patterns. 155.It Cm AuthorizedKeysFile 156Specifies the file that contains the public keys that can be used 157for user authentication. 158The format is described in the 159.Sx AUTHORIZED_KEYS FILE FORMAT 160section of 161.Xr sshd 8 . 162.Cm AuthorizedKeysFile 163may contain tokens of the form %T which are substituted during connection 164setup. 165The following tokens are defined: %% is replaced by a literal '%', 166%h is replaced by the home directory of the user being authenticated, and 167%u is replaced by the username of that user. 168After expansion, 169.Cm AuthorizedKeysFile 170is taken to be an absolute path or one relative to the user's home 171directory. 172The default is 173.Dq .ssh/authorized_keys . 174.It Cm AuthorizedPrincipalsFile 175Specifies a file that lists principal names that are accepted for 176certificate authentication. 177When using certificates signed by a key listed in 178.Cm TrustedUserCAKeys , 179this file lists names, one of which must appear in the certificate for it 180to be accepted for authentication. 181Names are listed one per line preceded by key options (as described 182in 183.Sx AUTHORIZED_KEYS FILE FORMAT 184in 185.Xr sshd 8 ) . 186Empty lines and comments starting with 187.Ql # 188are ignored. 189.Pp 190.Cm AuthorizedPrincipalsFile 191may contain tokens of the form %T which are substituted during connection 192setup. 193The following tokens are defined: %% is replaced by a literal '%', 194%h is replaced by the home directory of the user being authenticated, and 195%u is replaced by the username of that user. 196After expansion, 197.Cm AuthorizedPrincipalsFile 198is taken to be an absolute path or one relative to the user's home 199directory. 200.Pp 201The default is not to use a principals file \(en in this case, the username 202of the user must appear in a certificate's principals list for it to be 203accepted. 204Note that 205.Cm AuthorizedPrincipalsFile 206is only used when authentication proceeds using a CA listed in 207.Cm TrustedUserCAKeys 208and is not consulted for certification authorities trusted via 209.Pa ~/.ssh/authorized_keys , 210though the 211.Cm principals= 212key option offers a similar facility (see 213.Xr sshd 8 214for details). 215.It Cm Banner 216The contents of the specified file are sent to the remote user before 217authentication is allowed. 218If the argument is 219.Dq none 220then no banner is displayed. 221This option is only available for protocol version 2. 222By default, no banner is displayed. 223.It Cm ChallengeResponseAuthentication 224Specifies whether challenge-response authentication is allowed. 225Specifically, in 226.Dx , 227this controls the use of PAM (see 228.Xr pam 3 ) 229for authentication. 230Note that this affects the effectiveness of the 231.Cm PasswordAuthentication 232and 233.Cm PermitRootLogin 234variables. 235The default is 236.Dq yes . 237.It Cm ChrootDirectory 238Specifies the pathname of a directory to 239.Xr chroot 2 240to after authentication. 241All components of the pathname must be root-owned directories that are 242not writable by any other user or group. 243After the chroot, 244.Xr sshd 8 245changes the working directory to the user's home directory. 246.Pp 247The pathname may contain the following tokens that are expanded at runtime once 248the connecting user has been authenticated: %% is replaced by a literal '%', 249%h is replaced by the home directory of the user being authenticated, and 250%u is replaced by the username of that user. 251.Pp 252The 253.Cm ChrootDirectory 254must contain the necessary files and directories to support the 255user's session. 256For an interactive session this requires at least a shell, typically 257.Xr sh 1 , 258and basic 259.Pa /dev 260nodes such as 261.Xr null 4 , 262.Xr zero 4 , 263.Xr stdin 4 , 264.Xr stdout 4 , 265.Xr stderr 4 , 266.Xr arandom 4 267and 268.Xr tty 4 269devices. 270For file transfer sessions using 271.Dq sftp , 272no additional configuration of the environment is necessary if the 273in-process sftp server is used, 274though sessions which use logging do require 275.Pa /dev/log 276inside the chroot directory (see 277.Xr sftp-server 8 278for details). 279.Pp 280The default is not to 281.Xr chroot 2 . 282.It Cm Ciphers 283Specifies the ciphers allowed for protocol version 2. 284Multiple ciphers must be comma-separated. 285The supported ciphers are 286.Dq 3des-cbc , 287.Dq aes128-cbc , 288.Dq aes192-cbc , 289.Dq aes256-cbc , 290.Dq aes128-ctr , 291.Dq aes192-ctr , 292.Dq aes256-ctr , 293.Dq arcfour128 , 294.Dq arcfour256 , 295.Dq arcfour , 296.Dq blowfish-cbc , 297and 298.Dq cast128-cbc . 299The default is: 300.Bd -literal -offset 3n 301aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, 302aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, 303aes256-cbc,arcfour 304.Ed 305.It Cm ClientAliveCountMax 306Sets the number of client alive messages (see below) which may be 307sent without 308.Xr sshd 8 309receiving any messages back from the client. 310If this threshold is reached while client alive messages are being sent, 311sshd will disconnect the client, terminating the session. 312It is important to note that the use of client alive messages is very 313different from 314.Cm TCPKeepAlive 315(below). 316The client alive messages are sent through the encrypted channel 317and therefore will not be spoofable. 318The TCP keepalive option enabled by 319.Cm TCPKeepAlive 320is spoofable. 321The client alive mechanism is valuable when the client or 322server depend on knowing when a connection has become inactive. 323.Pp 324The default value is 3. 325If 326.Cm ClientAliveInterval 327(see below) is set to 15, and 328.Cm ClientAliveCountMax 329is left at the default, unresponsive SSH clients 330will be disconnected after approximately 45 seconds. 331This option applies to protocol version 2 only. 332.It Cm ClientAliveInterval 333Sets a timeout interval in seconds after which if no data has been received 334from the client, 335.Xr sshd 8 336will send a message through the encrypted 337channel to request a response from the client. 338The default 339is 0, indicating that these messages will not be sent to the client. 340This option applies to protocol version 2 only. 341.It Cm Compression 342Specifies whether compression is allowed, or delayed until 343the user has authenticated successfully. 344The argument must be 345.Dq yes , 346.Dq delayed , 347or 348.Dq no . 349The default is 350.Dq delayed . 351.It Cm DenyGroups 352This keyword can be followed by a list of group name patterns, separated 353by spaces. 354Login is disallowed for users whose primary group or supplementary 355group list matches one of the patterns. 356Only group names are valid; a numerical group ID is not recognized. 357By default, login is allowed for all groups. 358The allow/deny directives are processed in the following order: 359.Cm DenyUsers , 360.Cm AllowUsers , 361.Cm DenyGroups , 362and finally 363.Cm AllowGroups . 364.Pp 365See 366.Sx PATTERNS 367in 368.Xr ssh_config 5 369for more information on patterns. 370.It Cm DenyUsers 371This keyword can be followed by a list of user name patterns, separated 372by spaces. 373Login is disallowed for user names that match one of the patterns. 374Only user names are valid; a numerical user ID is not recognized. 375By default, login is allowed for all users. 376If the pattern takes the form USER@HOST then USER and HOST 377are separately checked, restricting logins to particular 378users from particular hosts. 379The allow/deny directives are processed in the following order: 380.Cm DenyUsers , 381.Cm AllowUsers , 382.Cm DenyGroups , 383and finally 384.Cm AllowGroups . 385.Pp 386See 387.Sx PATTERNS 388in 389.Xr ssh_config 5 390for more information on patterns. 391.It Cm ForceCommand 392Forces the execution of the command specified by 393.Cm ForceCommand , 394ignoring any command supplied by the client and 395.Pa ~/.ssh/rc 396if present. 397The command is invoked by using the user's login shell with the -c option. 398This applies to shell, command, or subsystem execution. 399It is most useful inside a 400.Cm Match 401block. 402The command originally supplied by the client is available in the 403.Ev SSH_ORIGINAL_COMMAND 404environment variable. 405Specifying a command of 406.Dq internal-sftp 407will force the use of an in-process sftp server that requires no support 408files when used with 409.Cm ChrootDirectory . 410.It Cm GatewayPorts 411Specifies whether remote hosts are allowed to connect to ports 412forwarded for the client. 413By default, 414.Xr sshd 8 415binds remote port forwardings to the loopback address. 416This prevents other remote hosts from connecting to forwarded ports. 417.Cm GatewayPorts 418can be used to specify that sshd 419should allow remote port forwardings to bind to non-loopback addresses, thus 420allowing other hosts to connect. 421The argument may be 422.Dq no 423to force remote port forwardings to be available to the local host only, 424.Dq yes 425to force remote port forwardings to bind to the wildcard address, or 426.Dq clientspecified 427to allow the client to select the address to which the forwarding is bound. 428The default is 429.Dq no . 430.It Cm GSSAPIAuthentication 431Specifies whether user authentication based on GSSAPI is allowed. 432The default is 433.Dq no . 434Note that this option applies to protocol version 2 only. 435.It Cm GSSAPICleanupCredentials 436Specifies whether to automatically destroy the user's credentials cache 437on logout. 438The default is 439.Dq yes . 440Note that this option applies to protocol version 2 only. 441.It Cm HostbasedAuthentication 442Specifies whether rhosts or /etc/hosts.equiv authentication together 443with successful public key client host authentication is allowed 444(host-based authentication). 445This option is similar to 446.Cm RhostsRSAAuthentication 447and applies to protocol version 2 only. 448The default is 449.Dq no . 450.It Cm HostbasedUsesNameFromPacketOnly 451Specifies whether or not the server will attempt to perform a reverse 452name lookup when matching the name in the 453.Pa ~/.shosts , 454.Pa ~/.rhosts , 455and 456.Pa /etc/hosts.equiv 457files during 458.Cm HostbasedAuthentication . 459A setting of 460.Dq yes 461means that 462.Xr sshd 8 463uses the name supplied by the client rather than 464attempting to resolve the name from the TCP connection itself. 465The default is 466.Dq no . 467.It Cm HostCertificate 468Specifies a file containing a public host certificate. 469The certificate's public key must match a private host key already specified 470by 471.Cm HostKey . 472The default behaviour of 473.Xr sshd 8 474is not to load any certificates. 475.It Cm HostKey 476Specifies a file containing a private host key 477used by SSH. 478The default is 479.Pa /etc/ssh/ssh_host_key 480for protocol version 1, and 481.Pa /etc/ssh/ssh_host_rsa_key 482and 483.Pa /etc/ssh/ssh_host_dsa_key 484for protocol version 2. 485Note that 486.Xr sshd 8 487will refuse to use a file if it is group/world-accessible. 488It is possible to have multiple host key files. 489.Dq rsa1 490keys are used for version 1 and 491.Dq dsa 492or 493.Dq rsa 494are used for version 2 of the SSH protocol. 495.It Cm IgnoreRhosts 496Specifies that 497.Pa .rhosts 498and 499.Pa .shosts 500files will not be used in 501.Cm RhostsRSAAuthentication 502or 503.Cm HostbasedAuthentication . 504.Pp 505.Pa /etc/hosts.equiv 506and 507.Pa /etc/ssh/shosts.equiv 508are still used. 509The default is 510.Dq yes . 511.It Cm IgnoreUserKnownHosts 512Specifies whether 513.Xr sshd 8 514should ignore the user's 515.Pa ~/.ssh/known_hosts 516during 517.Cm RhostsRSAAuthentication 518or 519.Cm HostbasedAuthentication . 520The default is 521.Dq no . 522.It Cm KerberosAuthentication 523Specifies whether the password provided by the user for 524.Cm PasswordAuthentication 525will be validated through the Kerberos KDC. 526To use this option, the server needs a 527Kerberos servtab which allows the verification of the KDC's identity. 528The default is 529.Dq no . 530.It Cm KerberosGetAFSToken 531If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire 532an AFS token before accessing the user's home directory. 533The default is 534.Dq no . 535.It Cm KerberosOrLocalPasswd 536If password authentication through Kerberos fails then 537the password will be validated via any additional local mechanism 538such as 539.Pa /etc/passwd . 540The default is 541.Dq yes . 542.It Cm KerberosTicketCleanup 543Specifies whether to automatically destroy the user's ticket cache 544file on logout. 545The default is 546.Dq yes . 547.It Cm KeyRegenerationInterval 548In protocol version 1, the ephemeral server key is automatically regenerated 549after this many seconds (if it has been used). 550The purpose of regeneration is to prevent 551decrypting captured sessions by later breaking into the machine and 552stealing the keys. 553The key is never stored anywhere. 554If the value is 0, the key is never regenerated. 555The default is 3600 (seconds). 556.It Cm ListenAddress 557Specifies the local addresses 558.Xr sshd 8 559should listen on. 560The following forms may be used: 561.Pp 562.Bl -item -offset indent -compact 563.It 564.Cm ListenAddress 565.Sm off 566.Ar host No | Ar IPv4_addr No | Ar IPv6_addr 567.Sm on 568.It 569.Cm ListenAddress 570.Sm off 571.Ar host No | Ar IPv4_addr No : Ar port 572.Sm on 573.It 574.Cm ListenAddress 575.Sm off 576.Oo 577.Ar host No | Ar IPv6_addr Oc : Ar port 578.Sm on 579.El 580.Pp 581If 582.Ar port 583is not specified, 584sshd will listen on the address and all prior 585.Cm Port 586options specified. 587The default is to listen on all local addresses. 588Multiple 589.Cm ListenAddress 590options are permitted. 591Additionally, any 592.Cm Port 593options must precede this option for non-port qualified addresses. 594.It Cm LoginGraceTime 595The server disconnects after this time if the user has not 596successfully logged in. 597If the value is 0, there is no time limit. 598The default is 120 seconds. 599.It Cm LogLevel 600Gives the verbosity level that is used when logging messages from 601.Xr sshd 8 . 602The possible values are: 603QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 604The default is INFO. 605DEBUG and DEBUG1 are equivalent. 606DEBUG2 and DEBUG3 each specify higher levels of debugging output. 607Logging with a DEBUG level violates the privacy of users and is not recommended. 608.It Cm MACs 609Specifies the available MAC (message authentication code) algorithms. 610The MAC algorithm is used in protocol version 2 611for data integrity protection. 612Multiple algorithms must be comma-separated. 613The default is: 614.Bd -literal -offset indent 615hmac-md5,hmac-sha1,umac-64@openssh.com, 616hmac-ripemd160,hmac-sha1-96,hmac-md5-96 617.Ed 618.It Cm Match 619Introduces a conditional block. 620If all of the criteria on the 621.Cm Match 622line are satisfied, the keywords on the following lines override those 623set in the global section of the config file, until either another 624.Cm Match 625line or the end of the file. 626.Pp 627The arguments to 628.Cm Match 629are one or more criteria-pattern pairs. 630The available criteria are 631.Cm User , 632.Cm Group , 633.Cm Host , 634and 635.Cm Address . 636The match patterns may consist of single entries or comma-separated 637lists and may use the wildcard and negation operators described in the 638.Sx PATTERNS 639section of 640.Xr ssh_config 5 . 641.Pp 642The patterns in an 643.Cm Address 644criteria may additionally contain addresses to match in CIDR 645address/masklen format, e.g.\& 646.Dq 192.0.2.0/24 647or 648.Dq 3ffe:ffff::/32 . 649Note that the mask length provided must be consistent with the address - 650it is an error to specify a mask length that is too long for the address 651or one with bits set in this host portion of the address. 652For example, 653.Dq 192.0.2.0/33 654and 655.Dq 192.0.2.0/8 656respectively. 657.Pp 658Only a subset of keywords may be used on the lines following a 659.Cm Match 660keyword. 661Available keywords are 662.Cm AllowAgentForwarding , 663.Cm AllowTcpForwarding , 664.Cm AuthorizedKeysFile , 665.Cm AuthorizedPrincipalsFile , 666.Cm Banner , 667.Cm ChrootDirectory , 668.Cm ForceCommand , 669.Cm GatewayPorts , 670.Cm GSSAPIAuthentication , 671.Cm HostbasedAuthentication , 672.Cm HostbasedUsesNameFromPacketOnly , 673.Cm KbdInteractiveAuthentication , 674.Cm KerberosAuthentication , 675.Cm MaxAuthTries , 676.Cm MaxSessions , 677.Cm PasswordAuthentication , 678.Cm PermitEmptyPasswords , 679.Cm PermitOpen , 680.Cm PermitRootLogin , 681.Cm PermitTunnel , 682.Cm PubkeyAuthentication , 683.Cm RhostsRSAAuthentication , 684.Cm RSAAuthentication , 685.Cm X11DisplayOffset , 686.Cm X11Forwarding 687and 688.Cm X11UseLocalHost . 689.It Cm MaxAuthTries 690Specifies the maximum number of authentication attempts permitted per 691connection. 692Once the number of failures reaches half this value, 693additional failures are logged. 694The default is 6. 695.It Cm MaxSessions 696Specifies the maximum number of open sessions permitted per network connection. 697The default is 10. 698.It Cm MaxStartups 699Specifies the maximum number of concurrent unauthenticated connections to the 700SSH daemon. 701Additional connections will be dropped until authentication succeeds or the 702.Cm LoginGraceTime 703expires for a connection. 704The default is 10. 705.Pp 706Alternatively, random early drop can be enabled by specifying 707the three colon separated values 708.Dq start:rate:full 709(e.g. "10:30:60"). 710.Xr sshd 8 711will refuse connection attempts with a probability of 712.Dq rate/100 713(30%) 714if there are currently 715.Dq start 716(10) 717unauthenticated connections. 718The probability increases linearly and all connection attempts 719are refused if the number of unauthenticated connections reaches 720.Dq full 721(60). 722.It Cm PasswordAuthentication 723Specifies whether password authentication is allowed. 724The default is 725.Dq yes . 726Note that if 727.Cm ChallengeResponseAuthentication 728is 729.Dq yes , 730.Cm UsePAM 731is 732.Dq yes , 733and the PAM authentication policy for 734.Nm sshd 735includes 736.Xr pam_unix 8 , 737password authentication will be allowed through the challenge-response 738mechanism regardless of the value of 739.Cm PasswordAuthentication . 740.It Cm PermitEmptyPasswords 741When password authentication is allowed, it specifies whether the 742server allows login to accounts with empty password strings. 743The default is 744.Dq no . 745.It Cm PermitOpen 746Specifies the destinations to which TCP port forwarding is permitted. 747The forwarding specification must be one of the following forms: 748.Pp 749.Bl -item -offset indent -compact 750.It 751.Cm PermitOpen 752.Sm off 753.Ar host : port 754.Sm on 755.It 756.Cm PermitOpen 757.Sm off 758.Ar IPv4_addr : port 759.Sm on 760.It 761.Cm PermitOpen 762.Sm off 763.Ar \&[ IPv6_addr \&] : port 764.Sm on 765.El 766.Pp 767Multiple forwards may be specified by separating them with whitespace. 768An argument of 769.Dq any 770can be used to remove all restrictions and permit any forwarding requests. 771By default all port forwarding requests are permitted. 772.It Cm PermitRootLogin 773Specifies whether root can log in using 774.Xr ssh 1 . 775The argument must be 776.Dq yes , 777.Dq without-password , 778.Dq forced-commands-only , 779or 780.Dq no . 781The default is 782.Dq no . 783Note that if 784.Cm ChallengeResponseAuthentication 785is 786.Dq yes , 787the root user may be allowed in with its password even if 788.Cm PermitRootLogin is set to 789.Dq without-password . 790.Pp 791If this option is set to 792.Dq without-password , 793password authentication is disabled for root. 794.Pp 795If this option is set to 796.Dq forced-commands-only , 797root login with public key authentication will be allowed, 798but only if the 799.Ar command 800option has been specified 801(which may be useful for taking remote backups even if root login is 802normally not allowed). 803All other authentication methods are disabled for root. 804.Pp 805If this option is set to 806.Dq no , 807root is not allowed to log in. 808.It Cm PermitTunnel 809Specifies whether 810.Xr tun 4 811device forwarding is allowed. 812The argument must be 813.Dq yes , 814.Dq point-to-point 815(layer 3), 816.Dq ethernet 817(layer 2), or 818.Dq no . 819Specifying 820.Dq yes 821permits both 822.Dq point-to-point 823and 824.Dq ethernet . 825The default is 826.Dq no . 827.It Cm PermitUserEnvironment 828Specifies whether 829.Pa ~/.ssh/environment 830and 831.Cm environment= 832options in 833.Pa ~/.ssh/authorized_keys 834are processed by 835.Xr sshd 8 . 836The default is 837.Dq no . 838Enabling environment processing may enable users to bypass access 839restrictions in some configurations using mechanisms such as 840.Ev LD_PRELOAD . 841.It Cm PidFile 842Specifies the file that contains the process ID of the 843SSH daemon. 844The default is 845.Pa /var/run/sshd.pid . 846.It Cm Port 847Specifies the port number that 848.Xr sshd 8 849listens on. 850The default is 22. 851Multiple options of this type are permitted. 852See also 853.Cm ListenAddress . 854.It Cm PrintLastLog 855Specifies whether 856.Xr sshd 8 857should print the date and time of the last user login when a user logs 858in interactively. 859The default is 860.Dq yes . 861.It Cm PrintMotd 862Specifies whether 863.Xr sshd 8 864should print 865.Pa /etc/motd 866when a user logs in interactively. 867(On some systems it is also printed by the shell, 868.Pa /etc/profile , 869or equivalent.) 870The default is 871.Dq yes . 872.It Cm Protocol 873Specifies the protocol versions 874.Xr sshd 8 875supports. 876The possible values are 877.Sq 1 878and 879.Sq 2 . 880Multiple versions must be comma-separated. 881The default is 882.Sq 2 . 883Note that the order of the protocol list does not indicate preference, 884because the client selects among multiple protocol versions offered 885by the server. 886Specifying 887.Dq 2,1 888is identical to 889.Dq 1,2 . 890.It Cm PubkeyAuthentication 891Specifies whether public key authentication is allowed. 892The default is 893.Dq yes . 894Note that this option applies to protocol version 2 only. 895.It Cm RevokedKeys 896Specifies a list of revoked public keys. 897Keys listed in this file will be refused for public key authentication. 898Note that if this file is not readable, then public key authentication will 899be refused for all users. 900.It Cm RhostsRSAAuthentication 901Specifies whether rhosts or 902.Pa /etc/hosts.equiv 903authentication together 904with successful RSA host authentication is allowed. 905The default is 906.Dq no . 907This option applies to protocol version 1 only. 908.It Cm RSAAuthentication 909Specifies whether pure RSA authentication is allowed. 910The default is 911.Dq yes . 912This option applies to protocol version 1 only. 913.It Cm ServerKeyBits 914Defines the number of bits in the ephemeral protocol version 1 server key. 915The minimum value is 512, and the default is 1024. 916.It Cm StrictModes 917Specifies whether 918.Xr sshd 8 919should check file modes and ownership of the 920user's files and home directory before accepting login. 921This is normally desirable because novices sometimes accidentally leave their 922directory or files world-writable. 923The default is 924.Dq yes . 925Note that this does not apply to 926.Cm ChrootDirectory , 927whose permissions and ownership are checked unconditionally. 928.It Cm Subsystem 929Configures an external subsystem (e.g. file transfer daemon). 930Arguments should be a subsystem name and a command (with optional arguments) 931to execute upon subsystem request. 932.Pp 933The command 934.Xr sftp-server 8 935implements the 936.Dq sftp 937file transfer subsystem. 938.Pp 939Alternately the name 940.Dq internal-sftp 941implements an in-process 942.Dq sftp 943server. 944This may simplify configurations using 945.Cm ChrootDirectory 946to force a different filesystem root on clients. 947.Pp 948By default no subsystems are defined. 949Note that this option applies to protocol version 2 only. 950.It Cm SyslogFacility 951Gives the facility code that is used when logging messages from 952.Xr sshd 8 . 953The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 954LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 955The default is AUTH. 956.It Cm TCPKeepAlive 957Specifies whether the system should send TCP keepalive messages to the 958other side. 959If they are sent, death of the connection or crash of one 960of the machines will be properly noticed. 961However, this means that 962connections will die if the route is down temporarily, and some people 963find it annoying. 964On the other hand, if TCP keepalives are not sent, 965sessions may hang indefinitely on the server, leaving 966.Dq ghost 967users and consuming server resources. 968.Pp 969The default is 970.Dq yes 971(to send TCP keepalive messages), and the server will notice 972if the network goes down or the client host crashes. 973This avoids infinitely hanging sessions. 974.Pp 975To disable TCP keepalive messages, the value should be set to 976.Dq no . 977.It Cm TrustedUserCAKeys 978Specifies a file containing public keys of certificate authorities that are 979trusted to sign user certificates for authentication. 980Keys are listed one per line; empty lines and comments starting with 981.Ql # 982are allowed. 983If a certificate is presented for authentication and has its signing CA key 984listed in this file, then it may be used for authentication for any user 985listed in the certificate's principals list. 986Note that certificates that lack a list of principals will not be permitted 987for authentication using 988.Cm TrustedUserCAKeys . 989For more details on certificates, see the 990.Sx CERTIFICATES 991section in 992.Xr ssh-keygen 1 . 993.It Cm UseDNS 994Specifies whether 995.Xr sshd 8 996should look up the remote host name and check that 997the resolved host name for the remote IP address maps back to the 998very same IP address. 999The default is 1000.Dq yes . 1001.It Cm UseLogin 1002Specifies whether 1003.Xr login 1 1004is used for interactive login sessions. 1005The default is 1006.Dq no . 1007Note that 1008.Xr login 1 1009is never used for remote command execution. 1010Note also, that if this is enabled, 1011.Cm X11Forwarding 1012will be disabled because 1013.Xr login 1 1014does not know how to handle 1015.Xr xauth 1 1016cookies. 1017If 1018.Cm UsePrivilegeSeparation 1019is specified, it will be disabled after authentication. 1020.It Cm UsePAM 1021Enables the Pluggable Authentication Module interface. 1022If set to 1023.Dq yes 1024this will enable PAM authentication using 1025.Cm ChallengeResponseAuthentication 1026and 1027.Cm PasswordAuthentication 1028in addition to PAM account and session module processing for all 1029authentication types. 1030.Pp 1031Because PAM challenge-response authentication usually serves an equivalent 1032role to password authentication, you should disable either 1033.Cm PasswordAuthentication 1034or 1035.Cm ChallengeResponseAuthentication. 1036.Pp 1037If 1038.Cm UsePAM 1039is enabled, you will not be able to run 1040.Xr sshd 8 1041as a non-root user. 1042The default is 1043.Dq no . 1044.It Cm UsePrivilegeSeparation 1045Specifies whether 1046.Xr sshd 8 1047separates privileges by creating an unprivileged child process 1048to deal with incoming network traffic. 1049After successful authentication, another process will be created that has 1050the privilege of the authenticated user. 1051The goal of privilege separation is to prevent privilege 1052escalation by containing any corruption within the unprivileged processes. 1053The default is 1054.Dq yes . 1055.It Cm VersionAddendum 1056Specifies a string to append to the regular version string to identify 1057OS- or site-specific modifications. 1058The default is 1059.Dq DragonFly-20090620 . 1060.It Cm X11DisplayOffset 1061Specifies the first display number available for 1062.Xr sshd 8 Ns 's 1063X11 forwarding. 1064This prevents sshd from interfering with real X11 servers. 1065The default is 10. 1066.It Cm X11Forwarding 1067Specifies whether X11 forwarding is permitted. 1068The argument must be 1069.Dq yes 1070or 1071.Dq no . 1072The default is 1073.Dq yes . 1074.Pp 1075When X11 forwarding is enabled, there may be additional exposure to 1076the server and to client displays if the 1077.Xr sshd 8 1078proxy display is configured to listen on the wildcard address (see 1079.Cm X11UseLocalhost 1080below), though this is not the default. 1081Additionally, the authentication spoofing and authentication data 1082verification and substitution occur on the client side. 1083The security risk of using X11 forwarding is that the client's X11 1084display server may be exposed to attack when the SSH client requests 1085forwarding (see the warnings for 1086.Cm ForwardX11 1087in 1088.Xr ssh_config 5 ) . 1089A system administrator may have a stance in which they want to 1090protect clients that may expose themselves to attack by unwittingly 1091requesting X11 forwarding, which can warrant a 1092.Dq no 1093setting. 1094.Pp 1095Note that disabling X11 forwarding does not prevent users from 1096forwarding X11 traffic, as users can always install their own forwarders. 1097X11 forwarding is automatically disabled if 1098.Cm UseLogin 1099is enabled. 1100.It Cm X11UseLocalhost 1101Specifies whether 1102.Xr sshd 8 1103should bind the X11 forwarding server to the loopback address or to 1104the wildcard address. 1105By default, 1106sshd binds the forwarding server to the loopback address and sets the 1107hostname part of the 1108.Ev DISPLAY 1109environment variable to 1110.Dq localhost . 1111This prevents remote hosts from connecting to the proxy display. 1112However, some older X11 clients may not function with this 1113configuration. 1114.Cm X11UseLocalhost 1115may be set to 1116.Dq no 1117to specify that the forwarding server should be bound to the wildcard 1118address. 1119The argument must be 1120.Dq yes 1121or 1122.Dq no . 1123The default is 1124.Dq yes . 1125.It Cm XAuthLocation 1126Specifies the full pathname of the 1127.Xr xauth 1 1128program. 1129The default is 1130.Pa /usr/X11R6/bin/xauth . 1131.El 1132.Sh TIME FORMATS 1133.Xr sshd 8 1134command-line arguments and configuration file options that specify time 1135may be expressed using a sequence of the form: 1136.Sm off 1137.Ar time Op Ar qualifier , 1138.Sm on 1139where 1140.Ar time 1141is a positive integer value and 1142.Ar qualifier 1143is one of the following: 1144.Pp 1145.Bl -tag -width Ds -compact -offset indent 1146.It Aq Cm none 1147seconds 1148.It Cm s | Cm S 1149seconds 1150.It Cm m | Cm M 1151minutes 1152.It Cm h | Cm H 1153hours 1154.It Cm d | Cm D 1155days 1156.It Cm w | Cm W 1157weeks 1158.El 1159.Pp 1160Each member of the sequence is added together to calculate 1161the total time value. 1162.Pp 1163Time format examples: 1164.Pp 1165.Bl -tag -width Ds -compact -offset indent 1166.It 600 1167600 seconds (10 minutes) 1168.It 10m 116910 minutes 1170.It 1h30m 11711 hour 30 minutes (90 minutes) 1172.El 1173.Sh FILES 1174.Bl -tag -width Ds 1175.It Pa /etc/ssh/sshd_config 1176Contains configuration data for 1177.Xr sshd 8 . 1178This file should be writable by root only, but it is recommended 1179(though not necessary) that it be world-readable. 1180.El 1181.Sh SEE ALSO 1182.Xr sshd 8 1183.Sh AUTHORS 1184OpenSSH is a derivative of the original and free 1185ssh 1.2.12 release by Tatu Ylonen. 1186Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 1187Theo de Raadt and Dug Song 1188removed many bugs, re-added newer features and 1189created OpenSSH. 1190Markus Friedl contributed the support for SSH 1191protocol versions 1.5 and 2.0. 1192Niels Provos and Markus Friedl contributed support 1193for privilege separation. 1194