intended for debugging for the server.
.It Fl f Ar configuration_file
Specifies the name of the configuration file. The default is
-.Pa /etc/sshd_config .
+.Pa /etc/ssh/sshd_config .
.Nm
refuses to start if there is no configuration file.
.It Fl g Ar login_grace_time
indicates no limit.
.It Fl h Ar host_key_file
Specifies the file from which the host key is read (default
-.Pa /etc/ssh_host_key ) .
+.Pa /etc/ssh/ssh_host_key ) .
This option must be given if
.Nm
is not run as root (as the normal
.Sh CONFIGURATION FILE
.Nm
reads configuration data from
-.Pa /etc/sshd_config
+.Pa /etc/ssh/sshd_config
(or the file specified with
.Fl f
on the command line). The file
wildcards in the patterns. Only user names are valid, a numerical user
id isn't recognized. By default login is allowed regardless of
the user name.
-.Pp
-.It Cm FascistLogging
-Specifies whether to use verbose logging. Verbose logging violates
-the privacy of users and is not recommended. The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
.It Cm HostKey
Specifies the file containing the private host key (default
-.Pa /etc/ssh_host_key ) .
+.Pa /etc/ssh/ssh_host_key ) .
Note that
.Nm
does not start if this file is group/world-accessible.
authentication.
.Pa /etc/hosts.equiv
and
-.Pa /etc/shosts.equiv
+.Pa /etc/ssh/shosts.equiv
are still used. The default is
.Dq no .
.It Cm KeepAlive
The server disconnects after this time if the user has not
successfully logged in. If the value is 0, there is no time limit.
The default is 600 (seconds).
+.It Cm LogLevel
+Gives the verbosity level that is used when logging messages from
+.Nm sshd .
+The possible values are:
+QUIET, FATAL, ERROR, INFO, CHAT and DEBUG.
+The default is INFO.
+Logging with level DEBUG violates the privacy of users
+and is not recommended.
.It Cm PasswordAuthentication
Specifies whether password authentication is allowed.
The default is
.Pa /etc/profile ,
or equivalent.) The default is
.Dq yes .
-.It Cm QuietMode
-Specifies whether the system runs in quiet mode. In quiet mode,
-nothing is logged in the system log, except fatal errors. The default
-is
-.Dq no .
.It Cm RandomSeed
Obsolete. Random number generation uses other techniques.
.It Cm RhostsAuthentication
If
.Pa $HOME/.ssh/rc
exists, runs it; else if
-.Pa /etc/sshrc
+.Pa /etc/ssh/sshrc
exists, runs
it; otherwise runs xauth. The
.Dq rc
command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi
.Sh SSH_KNOWN_HOSTS FILE FORMAT
The
-.Pa /etc/ssh_known_hosts
+.Pa /etc/ssh/ssh_known_hosts
and
.Pa $HOME/.ssh/known_hosts
files contain host public keys for all known hosts. The global file should
.Pp
Bits, exponent, and modulus are taken directly from the host key; they
can be obtained, e.g., from
-.Pa /etc/ssh_host_key.pub .
+.Pa /etc/ssh/ssh_host_key.pub .
The optional comment field continues to the end of the line, and is not used.
.Pp
Lines starting with
long, and you definitely don't want to type in the host keys by hand.
Rather, generate them by a script
or by taking
-.Pa /etc/ssh_host_key.pub
+.Pa /etc/ssh/ssh_host_key.pub
and adding the host names at the front.
.Ss Examples
closenet,closenet.hut.fi,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi
.Sh FILES
.Bl -tag -width Ds
-.It Pa /etc/sshd_config
+.It Pa /etc/ssh/sshd_config
Contains configuration data for
.Nm sshd .
This file should be writable by root only, but it is recommended
(though not necessary) that it be world-readable.
-.It Pa /etc/ssh_host_key
+.It Pa /etc/ssh/ssh_host_key
Contains the private part of the host key.
This file should only be owned by root, readable only by root, and not
accessible to others.
Note that
.Nm
does not start if this file is group/world-accessible.
-.It Pa /etc/ssh_host_key.pub
+.It Pa /etc/ssh/ssh_host_key.pub
Contains the public part of the host key.
This file should be world-readable but writable only by
root. Its contents should match the private part. This file is not
it being world-readable if the user's home directory resides on an NFS
volume). It is recommended that it not be accessible by others. The
format of this file is described above.
-.It Pa /etc/ssh_known_hosts
-This file is consulted when using rhosts with RSA host
+.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
+These files are consulted when using rhosts with RSA host
authentication to check the public key of the host. The key must be
-listed in this file to be accepted.
-.It Pa $HOME/.ssh/known_hosts
-The client uses this file
-and
-.Pa /etc/ssh_known_hosts
+listed in one of these files to be accepted.
+The client uses the same files
to verify that the remote host is the one we intended to
connect. These files should be writable only by root/the owner.
-.Pa /etc/ssh_known_hosts
+.Pa /etc/ssh/ssh_known_hosts
should be world-readable, and
.Pa $HOME/.ssh/known_hosts
can but need not be world-readable.
of is in negative entries.
.Pp
Note that this warning also applies to rsh/rlogin.
-.It Pa /etc/shosts.equiv
+.It Pa /etc/ssh/shosts.equiv
This is processed exactly as
.Pa /etc/hosts.equiv .
However, this file may be useful in environments that want to run both
$proto $cookie | xauth -q -; fi".
.Pp
If this file does not exist,
-.Pa /etc/sshrc
+.Pa /etc/ssh/sshrc
is run, and if that
does not exist either, xauth is used to store the cookie.
.Pp
This file should be writable only by the user, and need not be
readable by anyone else.
-.It Pa /etc/sshrc
+.It Pa /etc/ssh/sshrc
Like
.Pa $HOME/.ssh/rc .
This can be used to specify
andersk / openssh.git / blobdiff