1.\" -*- nroff -*- 2.\" 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5.\" All rights reserved 6.\" 7.\" As far as I am concerned, the code I have written for this software 8.\" can be used freely for any purpose. Any derived versions of this 9.\" software must be clearly marked as such, and if the derived work is 10.\" incompatible with the protocol description in the RFC file, it must be 11.\" called by a name other than "ssh" or "Secure Shell". 12.\" 13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 16.\" 17.\" Redistribution and use in source and binary forms, with or without 18.\" modification, are permitted provided that the following conditions 19.\" are met: 20.\" 1. Redistributions of source code must retain the above copyright 21.\" notice, this list of conditions and the following disclaimer. 22.\" 2. Redistributions in binary form must reproduce the above copyright 23.\" notice, this list of conditions and the following disclaimer in the 24.\" documentation and/or other materials provided with the distribution. 25.\" 26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" 37.\" $OpenBSD: sshd_config.5,v 1.125 2010/06/30 07:28:34 jmc Exp $ 38.\" $FreeBSD$ 39.Dd June 30, 2010 40.Dt SSHD_CONFIG 5 41.Os 42.Sh NAME 43.Nm sshd_config 44.Nd OpenSSH SSH daemon configuration file 45.Sh SYNOPSIS 46.Nm /etc/ssh/sshd_config 47.Sh DESCRIPTION 48.Xr sshd 8 49reads configuration data from 50.Pa /etc/ssh/sshd_config 51(or the file specified with 52.Fl f 53on the command line). 54The file contains keyword-argument pairs, one per line. 55Lines starting with 56.Ql # 57and empty lines are interpreted as comments. 58Arguments may optionally be enclosed in double quotes 59.Pq \&" 60in order to represent arguments containing spaces. 61.Pp 62The possible 63keywords and their meanings are as follows (note that 64keywords are case-insensitive and arguments are case-sensitive): 65.Bl -tag -width Ds 66.It Cm AcceptEnv 67Specifies what environment variables sent by the client will be copied into 68the session's 69.Xr environ 7 . 70See 71.Cm SendEnv 72in 73.Xr ssh_config 5 74for how to configure the client. 75Note that environment passing is only supported for protocol 2. 76Variables are specified by name, which may contain the wildcard characters 77.Ql * 78and 79.Ql \&? . 80Multiple environment variables may be separated by whitespace or spread 81across multiple 82.Cm AcceptEnv 83directives. 84Be warned that some environment variables could be used to bypass restricted 85user environments. 86For this reason, care should be taken in the use of this directive. 87The default is not to accept any environment variables. 88.It Cm AddressFamily 89Specifies which address family should be used by 90.Xr sshd 8 . 91Valid arguments are 92.Dq any , 93.Dq inet 94(use IPv4 only), or 95.Dq inet6 96(use IPv6 only). 97The default is 98.Dq any . 99.It Cm AllowAgentForwarding 100Specifies whether 101.Xr ssh-agent 1 102forwarding is permitted. 103The default is 104.Dq yes . 105Note that disabling agent forwarding does not improve security 106unless users are also denied shell access, as they can always install 107their own forwarders. 108.It Cm AllowGroups 109This keyword can be followed by a list of group name patterns, separated 110by spaces. 111If specified, login is allowed only for users whose primary 112group or supplementary group list matches one of the patterns. 113Only group names are valid; a numerical group ID is not recognized. 114By default, login is allowed for all groups. 115The allow/deny directives are processed in the following order: 116.Cm DenyUsers , 117.Cm AllowUsers , 118.Cm DenyGroups , 119and finally 120.Cm AllowGroups . 121.Pp 122See 123.Sx PATTERNS 124in 125.Xr ssh_config 5 126for more information on patterns. 127.It Cm AllowTcpForwarding 128Specifies whether TCP forwarding is permitted. 129The default is 130.Dq yes . 131Note that disabling TCP forwarding does not improve security unless 132users are also denied shell access, as they can always install their 133own forwarders. 134.It Cm AllowUsers 135This keyword can be followed by a list of user name patterns, separated 136by spaces. 137If specified, login is allowed only for user names that 138match one of the patterns. 139Only user names are valid; a numerical user ID is not recognized. 140By default, login is allowed for all users. 141If the pattern takes the form USER@HOST then USER and HOST 142are separately checked, restricting logins to particular 143users from particular hosts. 144The allow/deny directives are processed in the following order: 145.Cm DenyUsers , 146.Cm AllowUsers , 147.Cm DenyGroups , 148and finally 149.Cm AllowGroups . 150.Pp 151See 152.Sx PATTERNS 153in 154.Xr ssh_config 5 155for more information on patterns. 156.It Cm AuthorizedKeysFile 157Specifies the file that contains the public keys that can be used 158for user authentication. 159The format is described in the 160.Sx AUTHORIZED_KEYS FILE FORMAT 161section of 162.Xr sshd 8 . 163.Cm AuthorizedKeysFile 164may contain tokens of the form %T which are substituted during connection 165setup. 166The following tokens are defined: %% is replaced by a literal '%', 167%h is replaced by the home directory of the user being authenticated, and 168%u is replaced by the username of that user. 169After expansion, 170.Cm AuthorizedKeysFile 171is taken to be an absolute path or one relative to the user's home 172directory. 173The default is 174.Dq .ssh/authorized_keys . 175.It Cm AuthorizedPrincipalsFile 176Specifies a file that lists principal names that are accepted for 177certificate authentication. 178When using certificates signed by a key listed in 179.Cm TrustedUserCAKeys , 180this file lists names, one of which must appear in the certificate for it 181to be accepted for authentication. 182Names are listed one per line preceded by key options (as described 183in 184.Sx AUTHORIZED_KEYS FILE FORMAT 185in 186.Xr sshd 8 ) . 187Empty lines and comments starting with 188.Ql # 189are ignored. 190.Pp 191.Cm AuthorizedPrincipalsFile 192may contain tokens of the form %T which are substituted during connection 193setup. 194The following tokens are defined: %% is replaced by a literal '%', 195%h is replaced by the home directory of the user being authenticated, and 196%u is replaced by the username of that user. 197After expansion, 198.Cm AuthorizedPrincipalsFile 199is taken to be an absolute path or one relative to the user's home 200directory. 201.Pp 202The default is not to use a principals file \(en in this case, the username 203of the user must appear in a certificate's principals list for it to be 204accepted. 205Note that 206.Cm AuthorizedPrincipalsFile 207is only used when authentication proceeds using a CA listed in 208.Cm TrustedUserCAKeys 209and is not consulted for certification authorities trusted via 210.Pa ~/.ssh/authorized_keys , 211though the 212.Cm principals= 213key option offers a similar facility (see 214.Xr sshd 8 215for details). 216.It Cm Banner 217The contents of the specified file are sent to the remote user before 218authentication is allowed. 219If the argument is 220.Dq none 221then no banner is displayed. 222This option is only available for protocol version 2. 223By default, no banner is displayed. 224.It Cm ChallengeResponseAuthentication 225Specifies whether challenge-response authentication is allowed (e.g. via 226PAM or though authentication styles supported in 227.Xr login.conf 5 ) 228The default is 229.Dq yes . 230.It Cm ChrootDirectory 231Specifies the pathname of a directory to 232.Xr chroot 2 233to after authentication. 234All components of the pathname must be root-owned directories that are 235not writable by any other user or group. 236After the chroot, 237.Xr sshd 8 238changes the working directory to the user's home directory. 239.Pp 240The pathname may contain the following tokens that are expanded at runtime once 241the connecting user has been authenticated: %% is replaced by a literal '%', 242%h is replaced by the home directory of the user being authenticated, and 243%u is replaced by the username of that user. 244.Pp 245The 246.Cm ChrootDirectory 247must contain the necessary files and directories to support the 248user's session. 249For an interactive session this requires at least a shell, typically 250.Xr sh 1 , 251and basic 252.Pa /dev 253nodes such as 254.Xr null 4 , 255.Xr zero 4 , 256.Xr stdin 4 , 257.Xr stdout 4 , 258.Xr stderr 4 , 259.Xr arandom 4 260and 261.Xr tty 4 262devices. 263For file transfer sessions using 264.Dq sftp , 265no additional configuration of the environment is necessary if the 266in-process sftp server is used, 267though sessions which use logging do require 268.Pa /dev/log 269inside the chroot directory (see 270.Xr sftp-server 8 271for details). 272.Pp 273The default is not to 274.Xr chroot 2 . 275.It Cm Ciphers 276Specifies the ciphers allowed for protocol version 2. 277Multiple ciphers must be comma-separated. 278The supported ciphers are 279.Dq 3des-cbc , 280.Dq aes128-cbc , 281.Dq aes192-cbc , 282.Dq aes256-cbc , 283.Dq aes128-ctr , 284.Dq aes192-ctr , 285.Dq aes256-ctr , 286.Dq arcfour128 , 287.Dq arcfour256 , 288.Dq arcfour , 289.Dq blowfish-cbc , 290and 291.Dq cast128-cbc . 292The default is: 293.Bd -literal -offset 3n 294aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, 295aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, 296aes256-cbc,arcfour 297.Ed 298.It Cm ClientAliveCountMax 299Sets the number of client alive messages (see below) which may be 300sent without 301.Xr sshd 8 302receiving any messages back from the client. 303If this threshold is reached while client alive messages are being sent, 304sshd will disconnect the client, terminating the session. 305It is important to note that the use of client alive messages is very 306different from 307.Cm TCPKeepAlive 308(below). 309The client alive messages are sent through the encrypted channel 310and therefore will not be spoofable. 311The TCP keepalive option enabled by 312.Cm TCPKeepAlive 313is spoofable. 314The client alive mechanism is valuable when the client or 315server depend on knowing when a connection has become inactive. 316.Pp 317The default value is 3. 318If 319.Cm ClientAliveInterval 320(see below) is set to 15, and 321.Cm ClientAliveCountMax 322is left at the default, unresponsive SSH clients 323will be disconnected after approximately 45 seconds. 324This option applies to protocol version 2 only. 325.It Cm ClientAliveInterval 326Sets a timeout interval in seconds after which if no data has been received 327from the client, 328.Xr sshd 8 329will send a message through the encrypted 330channel to request a response from the client. 331The default 332is 0, indicating that these messages will not be sent to the client. 333This option applies to protocol version 2 only. 334.It Cm Compression 335Specifies whether compression is allowed, or delayed until 336the user has authenticated successfully. 337The argument must be 338.Dq yes , 339.Dq delayed , 340or 341.Dq no . 342The default is 343.Dq delayed . 344.It Cm DenyGroups 345This keyword can be followed by a list of group name patterns, separated 346by spaces. 347Login is disallowed for users whose primary group or supplementary 348group list matches one of the patterns. 349Only group names are valid; a numerical group ID is not recognized. 350By default, login is allowed for all groups. 351The allow/deny directives are processed in the following order: 352.Cm DenyUsers , 353.Cm AllowUsers , 354.Cm DenyGroups , 355and finally 356.Cm AllowGroups . 357.Pp 358See 359.Sx PATTERNS 360in 361.Xr ssh_config 5 362for more information on patterns. 363.It Cm DenyUsers 364This keyword can be followed by a list of user name patterns, separated 365by spaces. 366Login is disallowed for user names that match one of the patterns. 367Only user names are valid; a numerical user ID is not recognized. 368By default, login is allowed for all users. 369If the pattern takes the form USER@HOST then USER and HOST 370are separately checked, restricting logins to particular 371users from particular hosts. 372The allow/deny directives are processed in the following order: 373.Cm DenyUsers , 374.Cm AllowUsers , 375.Cm DenyGroups , 376and finally 377.Cm AllowGroups . 378.Pp 379See 380.Sx PATTERNS 381in 382.Xr ssh_config 5 383for more information on patterns. 384.It Cm ForceCommand 385Forces the execution of the command specified by 386.Cm ForceCommand , 387ignoring any command supplied by the client and 388.Pa ~/.ssh/rc 389if present. 390The command is invoked by using the user's login shell with the -c option. 391This applies to shell, command, or subsystem execution. 392It is most useful inside a 393.Cm Match 394block. 395The command originally supplied by the client is available in the 396.Ev SSH_ORIGINAL_COMMAND 397environment variable. 398Specifying a command of 399.Dq internal-sftp 400will force the use of an in-process sftp server that requires no support 401files when used with 402.Cm ChrootDirectory . 403.It Cm GatewayPorts 404Specifies whether remote hosts are allowed to connect to ports 405forwarded for the client. 406By default, 407.Xr sshd 8 408binds remote port forwardings to the loopback address. 409This prevents other remote hosts from connecting to forwarded ports. 410.Cm GatewayPorts 411can be used to specify that sshd 412should allow remote port forwardings to bind to non-loopback addresses, thus 413allowing other hosts to connect. 414The argument may be 415.Dq no 416to force remote port forwardings to be available to the local host only, 417.Dq yes 418to force remote port forwardings to bind to the wildcard address, or 419.Dq clientspecified 420to allow the client to select the address to which the forwarding is bound. 421The default is 422.Dq no . 423.It Cm GSSAPIAuthentication 424Specifies whether user authentication based on GSSAPI is allowed. 425The default is 426.Dq no . 427Note that this option applies to protocol version 2 only. 428.It Cm GSSAPICleanupCredentials 429Specifies whether to automatically destroy the user's credentials cache 430on logout. 431The default is 432.Dq yes . 433Note that this option applies to protocol version 2 only. 434.It Cm HostbasedAuthentication 435Specifies whether rhosts or /etc/hosts.equiv authentication together 436with successful public key client host authentication is allowed 437(host-based authentication). 438This option is similar to 439.Cm RhostsRSAAuthentication 440and applies to protocol version 2 only. 441The default is 442.Dq no . 443.It Cm HostbasedUsesNameFromPacketOnly 444Specifies whether or not the server will attempt to perform a reverse 445name lookup when matching the name in the 446.Pa ~/.shosts , 447.Pa ~/.rhosts , 448and 449.Pa /etc/hosts.equiv 450files during 451.Cm HostbasedAuthentication . 452A setting of 453.Dq yes 454means that 455.Xr sshd 8 456uses the name supplied by the client rather than 457attempting to resolve the name from the TCP connection itself. 458The default is 459.Dq no . 460.It Cm HostCertificate 461Specifies a file containing a public host certificate. 462The certificate's public key must match a private host key already specified 463by 464.Cm HostKey . 465The default behaviour of 466.Xr sshd 8 467is not to load any certificates. 468.It Cm HostKey 469Specifies a file containing a private host key 470used by SSH. 471The default is 472.Pa /etc/ssh/ssh_host_key 473for protocol version 1, and 474.Pa /etc/ssh/ssh_host_rsa_key 475and 476.Pa /etc/ssh/ssh_host_dsa_key 477for protocol version 2. 478Note that 479.Xr sshd 8 480will refuse to use a file if it is group/world-accessible. 481It is possible to have multiple host key files. 482.Dq rsa1 483keys are used for version 1 and 484.Dq dsa 485or 486.Dq rsa 487are used for version 2 of the SSH protocol. 488.It Cm IgnoreRhosts 489Specifies that 490.Pa .rhosts 491and 492.Pa .shosts 493files will not be used in 494.Cm RhostsRSAAuthentication 495or 496.Cm HostbasedAuthentication . 497.Pp 498.Pa /etc/hosts.equiv 499and 500.Pa /etc/ssh/shosts.equiv 501are still used. 502The default is 503.Dq yes . 504.It Cm IgnoreUserKnownHosts 505Specifies whether 506.Xr sshd 8 507should ignore the user's 508.Pa ~/.ssh/known_hosts 509during 510.Cm RhostsRSAAuthentication 511or 512.Cm HostbasedAuthentication . 513The default is 514.Dq no . 515.It Cm KerberosAuthentication 516Specifies whether the password provided by the user for 517.Cm PasswordAuthentication 518will be validated through the Kerberos KDC. 519To use this option, the server needs a 520Kerberos servtab which allows the verification of the KDC's identity. 521The default is 522.Dq no . 523.It Cm KerberosGetAFSToken 524If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire 525an AFS token before accessing the user's home directory. 526The default is 527.Dq no . 528.It Cm KerberosOrLocalPasswd 529If password authentication through Kerberos fails then 530the password will be validated via any additional local mechanism 531such as 532.Pa /etc/passwd . 533The default is 534.Dq yes . 535.It Cm KerberosTicketCleanup 536Specifies whether to automatically destroy the user's ticket cache 537file on logout. 538The default is 539.Dq yes . 540.It Cm KeyRegenerationInterval 541In protocol version 1, the ephemeral server key is automatically regenerated 542after this many seconds (if it has been used). 543The purpose of regeneration is to prevent 544decrypting captured sessions by later breaking into the machine and 545stealing the keys. 546The key is never stored anywhere. 547If the value is 0, the key is never regenerated. 548The default is 3600 (seconds). 549.It Cm ListenAddress 550Specifies the local addresses 551.Xr sshd 8 552should listen on. 553The following forms may be used: 554.Pp 555.Bl -item -offset indent -compact 556.It 557.Cm ListenAddress 558.Sm off 559.Ar host No | Ar IPv4_addr No | Ar IPv6_addr 560.Sm on 561.It 562.Cm ListenAddress 563.Sm off 564.Ar host No | Ar IPv4_addr No : Ar port 565.Sm on 566.It 567.Cm ListenAddress 568.Sm off 569.Oo 570.Ar host No | Ar IPv6_addr Oc : Ar port 571.Sm on 572.El 573.Pp 574If 575.Ar port 576is not specified, 577sshd will listen on the address and all prior 578.Cm Port 579options specified. 580The default is to listen on all local addresses. 581Multiple 582.Cm ListenAddress 583options are permitted. 584Additionally, any 585.Cm Port 586options must precede this option for non-port qualified addresses. 587.It Cm LoginGraceTime 588The server disconnects after this time if the user has not 589successfully logged in. 590If the value is 0, there is no time limit. 591The default is 120 seconds. 592.It Cm LogLevel 593Gives the verbosity level that is used when logging messages from 594.Xr sshd 8 . 595The possible values are: 596QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. 597The default is INFO. 598DEBUG and DEBUG1 are equivalent. 599DEBUG2 and DEBUG3 each specify higher levels of debugging output. 600Logging with a DEBUG level violates the privacy of users and is not recommended. 601.It Cm MACs 602Specifies the available MAC (message authentication code) algorithms. 603The MAC algorithm is used in protocol version 2 604for data integrity protection. 605Multiple algorithms must be comma-separated. 606The default is: 607.Bd -literal -offset indent 608hmac-md5,hmac-sha1,umac-64@openssh.com, 609hmac-ripemd160,hmac-sha1-96,hmac-md5-96 610.Ed 611.It Cm Match 612Introduces a conditional block. 613If all of the criteria on the 614.Cm Match 615line are satisfied, the keywords on the following lines override those 616set in the global section of the config file, until either another 617.Cm Match 618line or the end of the file. 619.Pp 620The arguments to 621.Cm Match 622are one or more criteria-pattern pairs. 623The available criteria are 624.Cm User , 625.Cm Group , 626.Cm Host , 627and 628.Cm Address . 629The match patterns may consist of single entries or comma-separated 630lists and may use the wildcard and negation operators described in the 631.Sx PATTERNS 632section of 633.Xr ssh_config 5 . 634.Pp 635The patterns in an 636.Cm Address 637criteria may additionally contain addresses to match in CIDR 638address/masklen format, e.g.\& 639.Dq 192.0.2.0/24 640or 641.Dq 3ffe:ffff::/32 . 642Note that the mask length provided must be consistent with the address - 643it is an error to specify a mask length that is too long for the address 644or one with bits set in this host portion of the address. 645For example, 646.Dq 192.0.2.0/33 647and 648.Dq 192.0.2.0/8 649respectively. 650.Pp 651Only a subset of keywords may be used on the lines following a 652.Cm Match 653keyword. 654Available keywords are 655.Cm AllowAgentForwarding , 656.Cm AllowTcpForwarding , 657.Cm AuthorizedKeysFile , 658.Cm AuthorizedPrincipalsFile , 659.Cm Banner , 660.Cm ChrootDirectory , 661.Cm ForceCommand , 662.Cm GatewayPorts , 663.Cm GSSAPIAuthentication , 664.Cm HostbasedAuthentication , 665.Cm HostbasedUsesNameFromPacketOnly , 666.Cm KbdInteractiveAuthentication , 667.Cm KerberosAuthentication , 668.Cm MaxAuthTries , 669.Cm MaxSessions , 670.Cm PasswordAuthentication , 671.Cm PermitEmptyPasswords , 672.Cm PermitOpen , 673.Cm PermitRootLogin , 674.Cm PermitTunnel , 675.Cm PubkeyAuthentication , 676.Cm RhostsRSAAuthentication , 677.Cm RSAAuthentication , 678.Cm X11DisplayOffset , 679.Cm X11Forwarding 680and 681.Cm X11UseLocalHost . 682.It Cm MaxAuthTries 683Specifies the maximum number of authentication attempts permitted per 684connection. 685Once the number of failures reaches half this value, 686additional failures are logged. 687The default is 6. 688.It Cm MaxSessions 689Specifies the maximum number of open sessions permitted per network connection. 690The default is 10. 691.It Cm MaxStartups 692Specifies the maximum number of concurrent unauthenticated connections to the 693SSH daemon. 694Additional connections will be dropped until authentication succeeds or the 695.Cm LoginGraceTime 696expires for a connection. 697The default is 10. 698.Pp 699Alternatively, random early drop can be enabled by specifying 700the three colon separated values 701.Dq start:rate:full 702(e.g. "10:30:60"). 703.Xr sshd 8 704will refuse connection attempts with a probability of 705.Dq rate/100 706(30%) 707if there are currently 708.Dq start 709(10) 710unauthenticated connections. 711The probability increases linearly and all connection attempts 712are refused if the number of unauthenticated connections reaches 713.Dq full 714(60). 715.It Cm PasswordAuthentication 716Specifies whether password authentication is allowed. 717See also 718.Cm UsePAM . 719The default is 720.Dq no . 721.It Cm PermitEmptyPasswords 722When password authentication is allowed, it specifies whether the 723server allows login to accounts with empty password strings. 724The default is 725.Dq no . 726.It Cm PermitOpen 727Specifies the destinations to which TCP port forwarding is permitted. 728The forwarding specification must be one of the following forms: 729.Pp 730.Bl -item -offset indent -compact 731.It 732.Cm PermitOpen 733.Sm off 734.Ar host : port 735.Sm on 736.It 737.Cm PermitOpen 738.Sm off 739.Ar IPv4_addr : port 740.Sm on 741.It 742.Cm PermitOpen 743.Sm off 744.Ar \&[ IPv6_addr \&] : port 745.Sm on 746.El 747.Pp 748Multiple forwards may be specified by separating them with whitespace. 749An argument of 750.Dq any 751can be used to remove all restrictions and permit any forwarding requests. 752By default all port forwarding requests are permitted. 753.It Cm PermitRootLogin 754Specifies whether root can log in using 755.Xr ssh 1 . 756The argument must be 757.Dq yes , 758.Dq without-password , 759.Dq forced-commands-only , 760or 761.Dq no . 762The default is 763.Dq no . 764Note that if 765.Cm ChallengeResponseAuthentication 766is 767.Dq yes , 768the root user may be allowed in with its password even if 769.Cm PermitRootLogin is set to 770.Dq without-password . 771.Pp 772If this option is set to 773.Dq without-password , 774password authentication is disabled for root. 775.Pp 776If this option is set to 777.Dq forced-commands-only , 778root login with public key authentication will be allowed, 779but only if the 780.Ar command 781option has been specified 782(which may be useful for taking remote backups even if root login is 783normally not allowed). 784All other authentication methods are disabled for root. 785.Pp 786If this option is set to 787.Dq no , 788root is not allowed to log in. 789.It Cm PermitTunnel 790Specifies whether 791.Xr tun 4 792device forwarding is allowed. 793The argument must be 794.Dq yes , 795.Dq point-to-point 796(layer 3), 797.Dq ethernet 798(layer 2), or 799.Dq no . 800Specifying 801.Dq yes 802permits both 803.Dq point-to-point 804and 805.Dq ethernet . 806The default is 807.Dq no . 808.It Cm PermitUserEnvironment 809Specifies whether 810.Pa ~/.ssh/environment 811and 812.Cm environment= 813options in 814.Pa ~/.ssh/authorized_keys 815are processed by 816.Xr sshd 8 . 817The default is 818.Dq no . 819Enabling environment processing may enable users to bypass access 820restrictions in some configurations using mechanisms such as 821.Ev LD_PRELOAD . 822.It Cm PidFile 823Specifies the file that contains the process ID of the 824SSH daemon. 825The default is 826.Pa /var/run/sshd.pid . 827.It Cm Port 828Specifies the port number that 829.Xr sshd 8 830listens on. 831The default is 22. 832Multiple options of this type are permitted. 833See also 834.Cm ListenAddress . 835.It Cm PrintLastLog 836Specifies whether 837.Xr sshd 8 838should print the date and time of the last user login when a user logs 839in interactively. 840The default is 841.Dq yes . 842.It Cm PrintMotd 843Specifies whether 844.Xr sshd 8 845should print 846.Pa /etc/motd 847when a user logs in interactively. 848(On some systems it is also printed by the shell, 849.Pa /etc/profile , 850or equivalent.) 851The default is 852.Dq yes . 853.It Cm Protocol 854Specifies the protocol versions 855.Xr sshd 8 856supports. 857The possible values are 858.Sq 1 859and 860.Sq 2 . 861Multiple versions must be comma-separated. 862The default is 863.Sq 2 . 864Note that the order of the protocol list does not indicate preference, 865because the client selects among multiple protocol versions offered 866by the server. 867Specifying 868.Dq 2,1 869is identical to 870.Dq 1,2 . 871.It Cm PubkeyAuthentication 872Specifies whether public key authentication is allowed. 873The default is 874.Dq yes . 875Note that this option applies to protocol version 2 only. 876.It Cm RevokedKeys 877Specifies a list of revoked public keys. 878Keys listed in this file will be refused for public key authentication. 879Note that if this file is not readable, then public key authentication will 880be refused for all users. 881.It Cm RhostsRSAAuthentication 882Specifies whether rhosts or 883.Pa /etc/hosts.equiv 884authentication together 885with successful RSA host authentication is allowed. 886The default is 887.Dq no . 888This option applies to protocol version 1 only. 889.It Cm RSAAuthentication 890Specifies whether pure RSA authentication is allowed. 891The default is 892.Dq yes . 893This option applies to protocol version 1 only. 894.It Cm ServerKeyBits 895Defines the number of bits in the ephemeral protocol version 1 server key. 896The minimum value is 512, and the default is 1024. 897.It Cm StrictModes 898Specifies whether 899.Xr sshd 8 900should check file modes and ownership of the 901user's files and home directory before accepting login. 902This is normally desirable because novices sometimes accidentally leave their 903directory or files world-writable. 904The default is 905.Dq yes . 906Note that this does not apply to 907.Cm ChrootDirectory , 908whose permissions and ownership are checked unconditionally. 909.It Cm Subsystem 910Configures an external subsystem (e.g. file transfer daemon). 911Arguments should be a subsystem name and a command (with optional arguments) 912to execute upon subsystem request. 913.Pp 914The command 915.Xr sftp-server 8 916implements the 917.Dq sftp 918file transfer subsystem. 919.Pp 920Alternately the name 921.Dq internal-sftp 922implements an in-process 923.Dq sftp 924server. 925This may simplify configurations using 926.Cm ChrootDirectory 927to force a different filesystem root on clients. 928.Pp 929By default no subsystems are defined. 930Note that this option applies to protocol version 2 only. 931.It Cm SyslogFacility 932Gives the facility code that is used when logging messages from 933.Xr sshd 8 . 934The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, 935LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. 936The default is AUTH. 937.It Cm TCPKeepAlive 938Specifies whether the system should send TCP keepalive messages to the 939other side. 940If they are sent, death of the connection or crash of one 941of the machines will be properly noticed. 942However, this means that 943connections will die if the route is down temporarily, and some people 944find it annoying. 945On the other hand, if TCP keepalives are not sent, 946sessions may hang indefinitely on the server, leaving 947.Dq ghost 948users and consuming server resources. 949.Pp 950The default is 951.Dq yes 952(to send TCP keepalive messages), and the server will notice 953if the network goes down or the client host crashes. 954This avoids infinitely hanging sessions. 955.Pp 956To disable TCP keepalive messages, the value should be set to 957.Dq no . 958.It Cm TrustedUserCAKeys 959Specifies a file containing public keys of certificate authorities that are 960trusted to sign user certificates for authentication. 961Keys are listed one per line; empty lines and comments starting with 962.Ql # 963are allowed. 964If a certificate is presented for authentication and has its signing CA key 965listed in this file, then it may be used for authentication for any user 966listed in the certificate's principals list. 967Note that certificates that lack a list of principals will not be permitted 968for authentication using 969.Cm TrustedUserCAKeys . 970For more details on certificates, see the 971.Sx CERTIFICATES 972section in 973.Xr ssh-keygen 1 . 974.It Cm UseDNS 975Specifies whether 976.Xr sshd 8 977should look up the remote host name and check that 978the resolved host name for the remote IP address maps back to the 979very same IP address. 980The default is 981.Dq yes . 982.It Cm UseLogin 983Specifies whether 984.Xr login 1 985is used for interactive login sessions. 986The default is 987.Dq no . 988Note that 989.Xr login 1 990is never used for remote command execution. 991Note also, that if this is enabled, 992.Cm X11Forwarding 993will be disabled because 994.Xr login 1 995does not know how to handle 996.Xr xauth 1 997cookies. 998If 999.Cm UsePrivilegeSeparation 1000is specified, it will be disabled after authentication. 1001.It Cm UsePAM 1002Enables the Pluggable Authentication Module interface. 1003If set to 1004.Dq yes 1005this will enable PAM authentication using 1006.Cm ChallengeResponseAuthentication 1007and 1008.Cm PasswordAuthentication 1009in addition to PAM account and session module processing for all 1010authentication types. 1011.Pp 1012Because PAM challenge-response authentication usually serves an equivalent 1013role to password authentication, you should disable either 1014.Cm PasswordAuthentication 1015or 1016.Cm ChallengeResponseAuthentication. 1017.Pp 1018If 1019.Cm UsePAM 1020is enabled, you will not be able to run 1021.Xr sshd 8 1022as a non-root user. 1023The default is 1024.Dq yes . 1025.It Cm UsePrivilegeSeparation 1026Specifies whether 1027.Xr sshd 8 1028separates privileges by creating an unprivileged child process 1029to deal with incoming network traffic. 1030After successful authentication, another process will be created that has 1031the privilege of the authenticated user. 1032The goal of privilege separation is to prevent privilege 1033escalation by containing any corruption within the unprivileged processes. 1034The default is 1035.Dq yes . 1036.It Cm VersionAddendum 1037Specifies a string to append to the regular version string to identify 1038OS- or site-specific modifications. 1039The default is 1040.Dq FreeBSD-20101111 . 1041.It Cm X11DisplayOffset 1042Specifies the first display number available for 1043.Xr sshd 8 Ns 's 1044X11 forwarding. 1045This prevents sshd from interfering with real X11 servers. 1046The default is 10. 1047.It Cm X11Forwarding 1048Specifies whether X11 forwarding is permitted. 1049The argument must be 1050.Dq yes 1051or 1052.Dq no . 1053The default is 1054.Dq yes . 1055.Pp 1056When X11 forwarding is enabled, there may be additional exposure to 1057the server and to client displays if the 1058.Xr sshd 8 1059proxy display is configured to listen on the wildcard address (see 1060.Cm X11UseLocalhost 1061below), though this is not the default. 1062Additionally, the authentication spoofing and authentication data 1063verification and substitution occur on the client side. 1064The security risk of using X11 forwarding is that the client's X11 1065display server may be exposed to attack when the SSH client requests 1066forwarding (see the warnings for 1067.Cm ForwardX11 1068in 1069.Xr ssh_config 5 ) . 1070A system administrator may have a stance in which they want to 1071protect clients that may expose themselves to attack by unwittingly 1072requesting X11 forwarding, which can warrant a 1073.Dq no 1074setting. 1075.Pp 1076Note that disabling X11 forwarding does not prevent users from 1077forwarding X11 traffic, as users can always install their own forwarders. 1078X11 forwarding is automatically disabled if 1079.Cm UseLogin 1080is enabled. 1081.It Cm X11UseLocalhost 1082Specifies whether 1083.Xr sshd 8 1084should bind the X11 forwarding server to the loopback address or to 1085the wildcard address. 1086By default, 1087sshd binds the forwarding server to the loopback address and sets the 1088hostname part of the 1089.Ev DISPLAY 1090environment variable to 1091.Dq localhost . 1092This prevents remote hosts from connecting to the proxy display. 1093However, some older X11 clients may not function with this 1094configuration. 1095.Cm X11UseLocalhost 1096may be set to 1097.Dq no 1098to specify that the forwarding server should be bound to the wildcard 1099address. 1100The argument must be 1101.Dq yes 1102or 1103.Dq no . 1104The default is 1105.Dq yes . 1106.It Cm XAuthLocation 1107Specifies the full pathname of the 1108.Xr xauth 1 1109program. 1110The default is 1111.Pa /usr/local/bin/xauth . 1112.El 1113.Sh TIME FORMATS 1114.Xr sshd 8 1115command-line arguments and configuration file options that specify time 1116may be expressed using a sequence of the form: 1117.Sm off 1118.Ar time Op Ar qualifier , 1119.Sm on 1120where 1121.Ar time 1122is a positive integer value and 1123.Ar qualifier 1124is one of the following: 1125.Pp 1126.Bl -tag -width Ds -compact -offset indent 1127.It Aq Cm none 1128seconds 1129.It Cm s | Cm S 1130seconds 1131.It Cm m | Cm M 1132minutes 1133.It Cm h | Cm H 1134hours 1135.It Cm d | Cm D 1136days 1137.It Cm w | Cm W 1138weeks 1139.El 1140.Pp 1141Each member of the sequence is added together to calculate 1142the total time value. 1143.Pp 1144Time format examples: 1145.Pp 1146.Bl -tag -width Ds -compact -offset indent 1147.It 600 1148600 seconds (10 minutes) 1149.It 10m 115010 minutes 1151.It 1h30m 11521 hour 30 minutes (90 minutes) 1153.El 1154.Sh FILES 1155.Bl -tag -width Ds 1156.It Pa /etc/ssh/sshd_config 1157Contains configuration data for 1158.Xr sshd 8 . 1159This file should be writable by root only, but it is recommended 1160(though not necessary) that it be world-readable. 1161.El 1162.Sh SEE ALSO 1163.Xr sshd 8 1164.Sh AUTHORS 1165OpenSSH is a derivative of the original and free 1166ssh 1.2.12 release by Tatu Ylonen. 1167Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 1168Theo de Raadt and Dug Song 1169removed many bugs, re-added newer features and 1170created OpenSSH. 1171Markus Friedl contributed the support for SSH 1172protocol versions 1.5 and 2.0. 1173Niels Provos and Markus Friedl contributed support 1174for privilege separation. 1175