3 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5 .\" All rights reserved
7 .\" As far as I am concerned, the code I have written for this software
8 .\" can be used freely for any purpose. Any derived versions of this
9 .\" software must be clearly marked as such, and if the derived work is
10 .\" incompatible with the protocol description in the RFC file, it must be
11 .\" called by a name other than "ssh" or "Secure Shell".
13 .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
14 .\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
15 .\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
17 .\" Redistribution and use in source and binary forms, with or without
18 .\" modification, are permitted provided that the following conditions
20 .\" 1. Redistributions of source code must retain the above copyright
21 .\" notice, this list of conditions and the following disclaimer.
22 .\" 2. Redistributions in binary form must reproduce the above copyright
23 .\" notice, this list of conditions and the following disclaimer in the
24 .\" documentation and/or other materials provided with the distribution.
26 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27 .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28 .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29 .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30 .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31 .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32 .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33 .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37 .\" $OpenBSD: sshd.8,v 1.133 2001/06/23 17:48:19 itojun Exp $
38 .Dd September 25, 1999
43 .Nd OpenSSH SSH daemon
48 .Op Fl f Ar config_file
49 .Op Fl g Ar login_grace_time
50 .Op Fl h Ar host_key_file
51 .Op Fl k Ar key_gen_time
54 .Op Fl V Ar client_protocol_id
57 (SSH Daemon) is the daemon program for
59 Together these programs replace rlogin and rsh, and
60 provide secure encrypted communications between two untrusted hosts
61 over an insecure network.
62 The programs are intended to be as easy to
63 install and use as possible.
66 is the daemon that listens for connections from clients.
67 It is normally started at boot from
70 daemon for each incoming connection.
71 The forked daemons handle
72 key exchange, encryption, authentication, command execution,
74 This implementation of
76 supports both SSH protocol version 1 and 2 simultaneously.
80 .Ss SSH protocol version 1
82 Each host has a host-specific RSA key
83 (normally 1024 bits) used to identify the host.
85 the daemon starts, it generates a server RSA key (normally 768 bits).
86 This key is normally regenerated every hour if it has been used, and
87 is never stored on disk.
89 Whenever a client connects the daemon responds with its public
91 The client compares the
92 RSA host key against its own database to verify that it has not changed.
93 The client then generates a 256 bit random number.
95 random number using both the host key and the server key, and sends
96 the encrypted number to the server.
97 Both sides then use this
98 random number as a session key which is used to encrypt all further
99 communications in the session.
100 The rest of the session is encrypted
101 using a conventional cipher, currently Blowfish or 3DES, with 3DES
102 being used by default.
103 The client selects the encryption algorithm
104 to use from those offered by the server.
106 Next, the server and the client enter an authentication dialog.
107 The client tries to authenticate itself using
111 authentication combined with RSA host
112 authentication, RSA challenge-response authentication, or password
113 based authentication.
115 Rhosts authentication is normally disabled
116 because it is fundamentally insecure, but can be enabled in the server
117 configuration file if desired.
118 System security is not improved unless
124 are disabled (thus completely disabling
130 .Ss SSH protocol version 2
132 Version 2 works similarly:
133 Each host has a host-specific DSA key used to identify the host.
134 However, when the daemon starts, it does not generate a server key.
135 Forward security is provided through a Diffie-Hellman key agreement.
136 This key agreement results in a shared session key.
138 The rest of the session is encrypted using a symmetric cipher, currently
139 128 bit AES, Blowfish, 3DES, CAST128, Arcfour, 192 bit AES, or 256 bit AES.
140 The client selects the encryption algorithm
141 to use from those offered by the server.
142 Additionally, session integrity is provided
143 through a cryptographic message authentication code
144 (hmac-sha1 or hmac-md5).
146 Protocol version 2 provides a public key based
147 user (PubkeyAuthentication) or
148 client host (HostbasedAuthentication) authentication method,
149 conventional password authentication and challenge response based methods.
151 .Ss Command execution and data forwarding
153 If the client successfully authenticates itself, a dialog for
154 preparing the session is entered.
155 At this time the client may request
156 things like allocating a pseudo-tty, forwarding X11 connections,
157 forwarding TCP/IP connections, or forwarding the authentication agent
158 connection over the secure channel.
160 Finally, the client either requests a shell or execution of a command.
161 The sides then enter session mode.
162 In this mode, either side may send
163 data at any time, and such data is forwarded to/from the shell or
164 command on the server side, and the user terminal in the client side.
166 When the user program terminates and all forwarded X11 and other
167 connections have been closed, the server sends command exit status to
168 the client, and both sides exit.
171 can be configured using command-line options or a configuration
173 Command-line options override values specified in the
177 rereads its configuration file when it receives a hangup signal,
179 by executing itself with the name it was started as, i.e.,
182 The options are as follows:
185 Specifies the number of bits in the ephemeral protocol version 1
186 server key (default 768).
190 The server sends verbose debug output to the system
191 log, and does not put itself in the background.
192 The server also will not fork and will only process one connection.
193 This option is only intended for debugging for the server.
194 Multiple -d options increase the debugging level.
197 When this option is specified,
199 will send the output to the standard error instead of the system log.
200 .It Fl f Ar configuration_file
201 Specifies the name of the configuration file.
203 .Pa /etc/sshd_config .
205 refuses to start if there is no configuration file.
206 .It Fl g Ar login_grace_time
207 Gives the grace time for clients to authenticate themselves (default
209 If the client fails to authenticate the user within
210 this many seconds, the server disconnects and exits.
211 A value of zero indicates no limit.
212 .It Fl h Ar host_key_file
213 Specifies the file from which the host key is read (default
214 .Pa /etc/ssh_host_key ) .
215 This option must be given if
217 is not run as root (as the normal
218 host file is normally not readable by anyone but root).
219 It is possible to have multiple host key files for
220 the different protocol versions and host key algorithms.
224 is being run from inetd.
227 from inetd because it needs to generate the server key before it can
228 respond to the client, and this may take tens of seconds.
229 Clients would have to wait too long if the key was regenerated every time.
230 However, with small key sizes (e.g., 512) using
234 .It Fl k Ar key_gen_time
235 Specifies how often the ephemeral protocol version 1 server key is
236 regenerated (default 3600 seconds, or one hour).
237 The motivation for regenerating the key fairly
238 often is that the key is not stored anywhere, and after about an hour,
239 it becomes impossible to recover the key for decrypting intercepted
240 communications even if the machine is cracked into or physically
242 A value of zero indicates that the key will never be regenerated.
244 Specifies the port on which the server listens for connections
248 Nothing is sent to the system log.
249 Normally the beginning,
250 authentication, and termination of each connection is logged.
252 This option is used to specify the size of the field
255 structure that holds the remote host name.
256 If the resolved host name is longer than
258 the dotted decimal value will be used instead.
259 This allows hosts with very long host names that
260 overflow this field to still be uniquely identified.
263 indicates that only dotted decimal addresses
264 should be put into the
268 When this option is specified
270 will not detach and does not become a daemon.
271 This allows easy monitoring of
276 to use IPv4 addresses only.
280 to use IPv6 addresses only.
282 .Sh CONFIGURATION FILE
284 reads configuration data from
286 (or the file specified with
288 on the command line).
289 The file contains keyword-value pairs, one per line.
292 and empty lines are interpreted as comments.
294 The following keywords are possible.
296 .It Cm AFSTokenPassing
297 Specifies whether an AFS token may be forwarded to the server.
301 This keyword can be followed by a list of group names, separated
303 If specified, login is allowed only for users whose primary
304 group or supplementary group list matches one of the patterns.
309 wildcards in the patterns.
310 Only group names are valid; a numerical group ID isn't recognized.
311 By default login is allowed regardless of the group list.
313 .It Cm AllowTcpForwarding
314 Specifies whether TCP forwarding is permitted.
317 Note that disabling TCP forwarding does not improve security unless
318 users are also denied shell access, as they can always install their
322 This keyword can be followed by a list of user names, separated
324 If specified, login is allowed only for users names that
325 match one of the patterns.
330 wildcards in the patterns.
331 Only user names are valid; a numerical user ID isn't recognized.
332 By default login is allowed regardless of the user name.
334 .It Cm AuthorizedKeysFile
335 Specifies the file that contains the public RSA keys that can be used
336 for RSA authentication in protocol version 1.
337 .Cm AuthorizedKeysFile
338 may contain tokens of the form %T which are substituted during connection
339 set-up. The following tokens are defined; %% is replaces by a literal '%',
340 %h is replaced by the home directory of the user being authenticated and
341 %u is replaced by the username of that user.
343 .Cm AuthorizedKeysFile
344 is taken to be an absolute path or one relative to the user's home
347 .Dq .ssh/authorized_keys
349 In some jurisdictions, sending a warning message before authentication
350 may be relevant for getting legal protection.
351 The contents of the specified file are sent to the remote user before
352 authentication is allowed.
353 This option is only available for protocol version 2.
355 .It Cm ChallengeResponseAuthentication
358 authentication is allowed.
359 Currently there is only support for
367 should check for new mail for interactive logins.
371 Specifies the ciphers allowed for protocol version 2.
372 Multiple ciphers must be comma-separated.
374 .Dq aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour.
375 .It Cm ClientAliveInterval
376 Sets a timeout interval in seconds after which if no data has been received
379 will send a message through the encrypted
380 channel to request a response from the client.
382 is 0, indicating that these messages will not be sent to the client.
383 This option applies to protocol version 2 only.
384 .It Cm ClientAliveCountMax
385 Sets the number of client alive messages (see above) which may be
388 receiving any messages back from the client. If this threshold is
389 reached while client alive messages are being sent,
391 will disconnect the client, terminating the session. It is important
392 to note that the use of client alive messages is very different from
394 (below). The client alive messages are sent through the
395 encrypted channel and therefore will not be spoofable. The TCP keepalive
398 is spoofable. You want to use the client
399 alive mechanism when you are basing something important on
400 clients having an active connection to the server.
402 The default value is 3. If you set
403 .Cm ClientAliveInterval
404 (above) to 15, and leave this value at the default, unresponsive ssh clients
405 will be disconnected after approximately 45 seconds.
407 This keyword can be followed by a number of group names, separated
409 Users whose primary group or supplementary group list matches
410 one of the patterns aren't allowed to log in.
415 wildcards in the patterns.
416 Only group names are valid; a numerical group ID isn't recognized.
417 By default login is allowed regardless of the group list.
420 This keyword can be followed by a number of user names, separated
422 Login is disallowed for user names that match one of the patterns.
426 can be used as wildcards in the patterns.
427 Only user names are valid; a numerical user ID isn't recognized.
428 By default login is allowed regardless of the user name.
430 Specifies whether remote hosts are allowed to connect to ports
431 forwarded for the client.
438 .It Cm HostbasedAuthentication
439 Specifies whether rhosts or /etc/hosts.equiv authentication together
440 with successful public key client host authentication is allowed
441 (hostbased authentication).
442 This option is similar to
443 .Cm RhostsRSAAuthentication
444 and applies to protocol version 2 only.
448 Specifies the file containing the private host keys (default
449 .Pa /etc/ssh_host_key )
450 used by SSH protocol versions 1 and 2.
453 will refuse to use a file if it is group/world-accessible.
454 It is possible to have multiple host key files.
456 keys are used for version 1 and
460 are used for version 2 of the SSH protocol.
466 files will not be used in
467 .Cm RhostsAuthentication ,
468 .Cm RhostsRSAAuthentication
470 .Cm HostbasedAuthentication .
474 .Pa /etc/shosts.equiv
478 .It Cm IgnoreUserKnownHosts
481 should ignore the user's
482 .Pa $HOME/.ssh/known_hosts
484 .Cm RhostsRSAAuthentication
486 .Cm HostbasedAuthentication .
490 Specifies whether the system should send keepalive messages to the
492 If they are sent, death of the connection or crash of one
493 of the machines will be properly noticed.
494 However, this means that
495 connections will die if the route is down temporarily, and some people
497 On the other hand, if keepalives are not sent,
498 sessions may hang indefinitely on the server, leaving
500 users and consuming server resources.
504 (to send keepalives), and the server will notice
505 if the network goes down or the client host reboots.
506 This avoids infinitely hanging sessions.
508 To disable keepalives, the value should be set to
510 in both the server and the client configuration files.
511 .It Cm KerberosAuthentication
512 Specifies whether Kerberos authentication is allowed.
513 This can be in the form of a Kerberos ticket, or if
514 .Cm PasswordAuthentication
515 is yes, the password provided by the user will be validated through
517 To use this option, the server needs a
518 Kerberos servtab which allows the verification of the KDC's identity.
521 .It Cm KerberosOrLocalPasswd
522 If set then if password authentication through Kerberos fails then
523 the password will be validated via any additional local mechanism
528 .It Cm KerberosTgtPassing
529 Specifies whether a Kerberos TGT may be forwarded to the server.
532 as this only works when the Kerberos KDC is actually an AFS kaserver.
533 .It Cm KerberosTicketCleanup
534 Specifies whether to automatically destroy the user's ticket cache
538 .It Cm KeyRegenerationInterval
539 In protocol version 1, the ephemeral server key is automatically regenerated
540 after this many seconds (if it has been used).
541 The purpose of regeneration is to prevent
542 decrypting captured sessions by later breaking into the machine and
544 The key is never stored anywhere.
545 If the value is 0, the key is never regenerated.
546 The default is 3600 (seconds).
548 Specifies the local addresses
551 The following forms may be used:
553 .Bl -item -offset indent -compact
557 .Ar host No | Ar IPv4_addr No | Ar IPv6_addr
562 .Ar host No | Ar IPv4_addr No : Ar port
568 .Ar host No | Ar IPv6_addr Oc : Ar port
576 will listen on the address and all prior
578 options specified. The default is to listen on all local
581 options are permitted. Additionally, any
583 options must precede this option for non port qualified addresses.
584 .It Cm LoginGraceTime
585 The server disconnects after this time if the user has not
586 successfully logged in.
587 If the value is 0, there is no time limit.
588 The default is 600 (seconds).
590 Gives the verbosity level that is used when logging messages from
592 The possible values are:
593 QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
595 Logging with level DEBUG violates the privacy of users
596 and is not recommended.
598 Specifies the available MAC (message authentication code) algorithms.
599 The MAC algorithm is used in protocol version 2
600 for data integrity protection.
601 Multiple algorithms must be comma-separated.
603 .Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
605 Specifies the maximum number of concurrent unauthenticated connections to the
608 Additional connections will be dropped until authentication succeeds or the
610 expires for a connection.
613 Alternatively, random early drop can be enabled by specifying
614 the three colon separated values
618 will refuse connection attempts with a probability of
621 if there are currently
624 unauthenticated connections.
625 The probability increases linearly and all connection attempts
626 are refused if the number of unauthenticated connections reaches
629 .It Cm PAMAuthenticationViaKbdInt
630 Specifies whether PAM challenge response authentication is allowed. This
631 allows the use of most PAM challenge response authentication modules, but
632 it will allow password authentication regardless of whether
633 .Cm PasswordAuthentication
637 .It Cm PasswordAuthentication
638 Specifies whether password authentication is allowed.
641 .It Cm PermitEmptyPasswords
642 When password authentication is allowed, it specifies whether the
643 server allows login to accounts with empty password strings.
646 .It Cm PermitRootLogin
647 Specifies whether root can login using
651 .Dq without-password ,
652 .Dq forced-commands-only
658 If this option is set to
660 password authentication is disabled for root.
662 If this option is set to
663 .Dq forced-commands-only
664 root login with public key authentication will be allowed,
667 option has been specified
668 (which may be useful for taking remote backups even if root login is
669 normally not allowed). All other authentication methods are disabled
672 If this option is set to
674 root is not allowed to login.
676 Specifies the file that contains the process identifier of the
680 .Pa /var/run/sshd.pid .
682 Specifies the port number that
686 Multiple options of this type are permitted.
692 should print the date and time when the user last logged in.
700 when a user logs in interactively.
701 (On some systems it is also printed by the shell,
707 Specifies the protocol versions
710 The possible values are
714 Multiple versions must be comma-separated.
717 .It Cm PubkeyAuthentication
718 Specifies whether public key authentication is allowed.
721 Note that this option applies to protocol version 2 only.
722 .It Cm ReverseMappingCheck
725 should try to verify the remote host name and check that
726 the resolved host name for the remote IP address maps back to the
727 very same IP address.
730 .It Cm RhostsAuthentication
731 Specifies whether authentication using rhosts or /etc/hosts.equiv
733 Normally, this method should not be permitted because it is insecure.
734 .Cm RhostsRSAAuthentication
736 instead, because it performs RSA-based host authentication in addition
737 to normal rhosts or /etc/hosts.equiv authentication.
740 This option applies to protocol version 1 only.
741 .It Cm RhostsRSAAuthentication
742 Specifies whether rhosts or /etc/hosts.equiv authentication together
743 with successful RSA host authentication is allowed.
746 This option applies to protocol version 1 only.
747 .It Cm RSAAuthentication
748 Specifies whether pure RSA authentication is allowed.
751 This option applies to protocol version 1 only.
753 Defines the number of bits in the ephemeral protocol version 1 server key.
754 The minimum value is 512, and the default is 768.
758 should check file modes and ownership of the
759 user's files and home directory before accepting login.
760 This is normally desirable because novices sometimes accidentally leave their
761 directory or files world-writable.
765 Configures an external subsystem (e.g., file transfer daemon).
766 Arguments should be a subsystem name and a command to execute upon subsystem
772 file transfer subsystem.
773 By default no subsystems are defined.
774 Note that this option applies to protocol version 2 only.
775 .It Cm SyslogFacility
776 Gives the facility code that is used when logging messages from
778 The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
779 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
784 is used for interactive login sessions.
789 is never used for remote command execution.
790 Note also, that if this is enabled,
792 will be disabled because
794 does not know how to handle
797 .It Cm X11DisplayOffset
798 Specifies the first display number available for
803 from interfering with real X11 servers.
806 Specifies whether X11 forwarding is permitted.
809 Note that disabling X11 forwarding does not improve security in any
810 way, as users can always install their own forwarders.
811 X11 forwarding is automatically disabled if
815 Specifies the location of the
819 .Pa /usr/X11R6/bin/xauth .
824 command-line arguments and configuration file options that specify time
825 may be expressed using a sequence of the form:
827 .Ar time Oo Ar qualifier Oc ,
831 is a positive integer value and
833 is one of the following:
835 .Bl -tag -width Ds -compact -offset indent
850 Each member of the sequence is added together to calculate
851 the total time value.
853 Time format examples:
855 .Bl -tag -width Ds -compact -offset indent
857 600 seconds (10 minutes)
861 1 hour 30 minutes (90 minutes)
864 When a user successfully logs in,
867 .Bl -enum -offset indent
869 If the login is on a tty, and no command has been specified,
870 prints last login time and
872 (unless prevented in the configuration file or by
873 .Pa $HOME/.hushlogin ;
878 If the login is on a tty, records login time.
882 if it exists, prints contents and quits
885 Changes to run with normal user privileges.
887 Sets up basic environment.
890 .Pa $HOME/.ssh/environment
893 Changes to user's home directory.
897 exists, runs it; else if
900 it; otherwise runs xauth.
903 files are given the X11
904 authentication protocol and cookie in standard input.
906 Runs user's shell or command.
908 .Sh AUTHORIZED_KEYS FILE FORMAT
909 .Pa $HOME/.ssh/authorized_keys
910 is the default file that lists the public keys that are
911 permitted for RSA authentication in protocol version 1
912 and for public key authentication (PubkeyAuthentication)
913 in protocol version 2.
914 .Cm AuthorizedKeysFile
915 may be used to specify an alternative file.
917 Each line of the file contains one
918 key (empty lines and lines starting with a
922 Each RSA public key consists of the following fields, separated by
923 spaces: options, bits, exponent, modulus, comment.
924 Each protocol version 2 public key consists of:
925 options, keytype, base64 encoded key, comment.
927 are optional; its presence is determined by whether the line starts
928 with a number or not (the option field never starts with a number).
929 The bits, exponent, modulus and comment fields give the RSA key for
930 protocol version 1; the
931 comment field is not used for anything (but may be convenient for the
932 user to identify the key).
933 For protocol version 2 the keytype is
938 Note that lines in this file are usually several hundred bytes long
939 (because of the size of the RSA key modulus).
940 You don't want to type them in; instead, copy the
947 The options (if present) consist of comma-separated option
949 No spaces are permitted, except within double quotes.
950 The following option specifications are supported:
952 .It Cm from="pattern-list"
953 Specifies that in addition to RSA authentication, the canonical name
954 of the remote host must be present in the comma-separated list of
960 The list may also contain
961 patterns negated by prefixing them with
963 if the canonical host name matches a negated pattern, the key is not accepted.
965 of this option is to optionally increase security: RSA authentication
966 by itself does not trust the network or name servers or anything (but
967 the key); however, if somebody somehow steals the key, the key
968 permits an intruder to log in from anywhere in the world.
969 This additional option makes using a stolen key more difficult (name
970 servers and/or routers would have to be compromised in addition to
972 .It Cm command="command"
973 Specifies that the command is executed whenever this key is used for
975 The command supplied by the user (if any) is ignored.
976 The command is run on a pty if the connection requests a pty;
977 otherwise it is run without a tty.
978 Note that if you want a 8-bit clean channel,
979 you must not request a pty or should specify
981 A quote may be included in the command by quoting it with a backslash.
982 This option might be useful
983 to restrict certain RSA keys to perform just a specific operation.
984 An example might be a key that permits remote backups but nothing else.
985 Note that the client may specify TCP/IP and/or X11
986 forwarding unless they are explicitly prohibited.
987 .It Cm environment="NAME=value"
988 Specifies that the string is to be added to the environment when
989 logging in using this key.
990 Environment variables set this way
991 override other default environment values.
992 Multiple options of this type are permitted.
993 .It Cm no-port-forwarding
994 Forbids TCP/IP forwarding when this key is used for authentication.
995 Any port forward requests by the client will return an error.
996 This might be used, e.g., in connection with the
999 .It Cm no-X11-forwarding
1000 Forbids X11 forwarding when this key is used for authentication.
1001 Any X11 forward requests by the client will return an error.
1002 .It Cm no-agent-forwarding
1003 Forbids authentication agent forwarding when this key is used for
1006 Prevents tty allocation (a request to allocate a pty will fail).
1007 .It Cm permitopen="host:port"
1010 port forwarding such that it may only connect to the specified host and
1013 options may be applied separated by commas. No pattern matching is
1014 performed on the specified hostnames, they must be literal domains or
1018 1024 33 12121.\|.\|.\|312314325 ylo@foo.bar
1020 from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula
1022 command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi
1024 permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23.\|.\|.\|2323
1025 .Sh SSH_KNOWN_HOSTS FILE FORMAT
1027 .Pa /etc/ssh_known_hosts ,
1029 .Pa $HOME/.ssh/known_hosts
1030 files contain host public keys for all known hosts.
1031 The global file should
1032 be prepared by the administrator (optional), and the per-user file is
1033 maintained automatically: whenever the user connects from an unknown host
1034 its key is added to the per-user file.
1036 Each line in these files contains the following fields: hostnames,
1037 bits, exponent, modulus, comment.
1038 The fields are separated by spaces.
1040 Hostnames is a comma-separated list of patterns ('*' and '?' act as
1041 wildcards); each pattern in turn is matched against the canonical host
1042 name (when authenticating a client) or against the user-supplied
1043 name (when authenticating a server).
1044 A pattern may also be preceded by
1046 to indicate negation: if the host name matches a negated
1047 pattern, it is not accepted (by that line) even if it matched another
1048 pattern on the line.
1050 Bits, exponent, and modulus are taken directly from the RSA host key; they
1051 can be obtained, e.g., from
1052 .Pa /etc/ssh_host_key.pub .
1053 The optional comment field continues to the end of the line, and is not used.
1057 and empty lines are ignored as comments.
1059 When performing host authentication, authentication is accepted if any
1060 matching line has the proper key.
1061 It is thus permissible (but not
1062 recommended) to have several lines or different host keys for the same
1064 This will inevitably happen when short forms of host names
1065 from different domains are put in the file.
1067 that the files contain conflicting information; authentication is
1068 accepted if valid information can be found from either file.
1070 Note that the lines in these files are typically hundreds of characters
1071 long, and you definitely don't want to type in the host keys by hand.
1072 Rather, generate them by a script
1074 .Pa /etc/ssh_host_key.pub
1075 and adding the host names at the front.
1078 closenet,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi
1079 cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
1083 .It Pa /etc/sshd_config
1084 Contains configuration data for
1086 This file should be writable by root only, but it is recommended
1087 (though not necessary) that it be world-readable.
1088 .It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key
1089 These three files contain the private parts of the host keys.
1090 These files should only be owned by root, readable only by root, and not
1091 accessible to others.
1094 does not start if this file is group/world-accessible.
1095 .It Pa /etc/ssh_host_key.pub, /etc/ssh_host_dsa_key.pub, /etc/ssh_host_rsa_key.pub
1096 These three files contain the public parts of the host keys.
1097 These files should be world-readable but writable only by
1099 Their contents should match the respective private parts.
1101 really used for anything; they are provided for the convenience of
1102 the user so their contents can be copied to known hosts files.
1103 These files are created using
1106 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
1107 .It Pa /var/run/sshd.pid
1108 Contains the process ID of the
1110 listening for connections (if there are several daemons running
1111 concurrently for different ports, this contains the pid of the one
1113 The content of this file is not sensitive; it can be world-readable.
1114 .It Pa $HOME/.ssh/authorized_keys
1115 Lists the public keys (RSA or DSA) that can be used to log into the user's account.
1116 This file must be readable by root (which may on some machines imply
1117 it being world-readable if the user's home directory resides on an NFS
1119 It is recommended that it not be accessible by others.
1120 The format of this file is described above.
1121 Users will place the contents of their
1126 files into this file, as described in
1128 .It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
1129 These files are consulted when using rhosts with RSA host
1130 authentication or protocol version 2 hostbased authentication
1131 to check the public key of the host.
1132 The key must be listed in one of these files to be accepted.
1133 The client uses the same files
1134 to verify that it is connecting to the correct remote host.
1135 These files should be writable only by root/the owner.
1136 .Pa /etc/ssh_known_hosts
1137 should be world-readable, and
1138 .Pa $HOME/.ssh/known_hosts
1139 can but need not be world-readable.
1141 If this file exists,
1143 refuses to let anyone except root log in.
1144 The contents of the file
1145 are displayed to anyone trying to log in, and non-root connections are
1147 The file should be world-readable.
1148 .It Pa /etc/hosts.allow, /etc/hosts.deny
1151 support, tcp-wrappers access controls may be defined here as described in
1152 .Xr hosts_access 5 .
1153 .It Pa $HOME/.rhosts
1154 This file contains host-username pairs, separated by a space, one per
1156 The given user on the corresponding host is permitted to log in
1158 The same file is used by rlogind and rshd.
1160 be writable only by the user; it is recommended that it not be
1161 accessible by others.
1163 If is also possible to use netgroups in the file.
1165 name may be of the form +@groupname to specify all hosts or all users
1167 .It Pa $HOME/.shosts
1169 this file is exactly the same as for
1171 However, this file is
1172 not used by rlogin and rshd, so using this permits access using SSH only.
1173 .It Pa /etc/hosts.equiv
1174 This file is used during
1177 In the simplest form, this file contains host names, one per line.
1179 those hosts are permitted to log in without a password, provided they
1180 have the same user name on both machines.
1181 The host name may also be
1182 followed by a user name; such users are permitted to log in as
1184 user on this machine (except root).
1185 Additionally, the syntax
1187 can be used to specify netgroups.
1188 Negated entries start with
1191 If the client host/user is successfully matched in this file, login is
1192 automatically permitted provided the client and server user names are the
1194 Additionally, successful RSA host authentication is normally required.
1195 This file must be writable only by root; it is recommended
1196 that it be world-readable.
1198 .Sy "Warning: It is almost never a good idea to use user names in"
1200 Beware that it really means that the named user(s) can log in as
1202 which includes bin, daemon, adm, and other accounts that own critical
1203 binaries and directories.
1204 Using a user name practically grants the user root access.
1205 The only valid use for user names that I can think
1206 of is in negative entries.
1208 Note that this warning also applies to rsh/rlogin.
1209 .It Pa /etc/shosts.equiv
1210 This is processed exactly as
1211 .Pa /etc/hosts.equiv .
1212 However, this file may be useful in environments that want to run both
1214 .It Pa $HOME/.ssh/environment
1215 This file is read into the environment at login (if it exists).
1216 It can only contain empty lines, comment lines (that start with
1218 and assignment lines of the form name=value.
1219 The file should be writable
1220 only by the user; it need not be readable by anyone else.
1221 .It Pa $HOME/.ssh/rc
1222 If this file exists, it is run with /bin/sh after reading the
1223 environment files but before starting the user's shell or command.
1224 If X11 spoofing is in use, this will receive the "proto cookie" pair in
1232 The primary purpose of this file is to run any initialization routines
1233 which may be needed before the user's home directory becomes
1234 accessible; AFS is a particular example of such an environment.
1236 This file will probably contain some initialization code followed by
1237 something similar to:
1239 if read proto cookie; then
1240 echo add $DISPLAY $proto $cookie | xauth -q -
1244 If this file does not exist,
1247 does not exist either, xauth is used to store the cookie.
1249 This file should be writable only by the user, and need not be
1250 readable by anyone else.
1254 This can be used to specify
1255 machine-specific login-time initializations globally.
1256 This file should be writable only by root, and should be world-readable.
1259 OpenSSH is a derivative of the original and free
1260 ssh 1.2.12 release by Tatu Ylonen.
1261 Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
1262 Theo de Raadt and Dug Song
1263 removed many bugs, re-added newer features and
1265 Markus Friedl contributed the support for SSH
1266 protocol versions 1.5 and 2.0.
1284 .%T "SSH Protocol Architecture"
1285 .%N draft-ietf-secsh-architecture-07.txt
1287 .%O work in progress material
1293 .%T "Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol"
1294 .%N draft-ietf-secsh-dh-group-exchange-01.txt
1296 .%O work in progress material