1.\" -*- nroff -*-
2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
7.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
12.\"
13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
16.\"
17.\" Redistribution and use in source and binary forms, with or without
18.\" modification, are permitted provided that the following conditions
19.\" are met:
20.\" 1. Redistributions of source code must retain the above copyright
21.\" notice, this list of conditions and the following disclaimer.
22.\" 2. Redistributions in binary form must reproduce the above copyright
23.\" notice, this list of conditions and the following disclaimer in the
24.\" documentation and/or other materials provided with the distribution.
25.\"
26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\"
| 1.\" -*- nroff -*-
2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
7.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
12.\"
13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
16.\"
17.\" Redistribution and use in source and binary forms, with or without
18.\" modification, are permitted provided that the following conditions
19.\" are met:
20.\" 1. Redistributions of source code must retain the above copyright
21.\" notice, this list of conditions and the following disclaimer.
22.\" 2. Redistributions in binary form must reproduce the above copyright
23.\" notice, this list of conditions and the following disclaimer in the
24.\" documentation and/or other materials provided with the distribution.
25.\"
26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\"
|
39.Dd September 25, 1999
40.Dt SSHD 8
41.Os
42.Sh NAME
43.Nm sshd
44.Nd OpenSSH SSH daemon
45.Sh SYNOPSIS
46.Nm sshd
47.Bk -words
48.Op Fl 46Ddeiqt
49.Op Fl b Ar bits
50.Op Fl f Ar config_file
51.Op Fl g Ar login_grace_time
52.Op Fl h Ar host_key_file
53.Op Fl k Ar key_gen_time
54.Op Fl o Ar option
55.Op Fl p Ar port
56.Op Fl u Ar len
57.Ek
58.Sh DESCRIPTION
59.Nm
60(SSH Daemon) is the daemon program for
61.Xr ssh 1 .
62Together these programs replace rlogin and rsh, and
63provide secure encrypted communications between two untrusted hosts
64over an insecure network.
65The programs are intended to be as easy to
66install and use as possible.
67.Pp
68.Nm
69is the daemon that listens for connections from clients.
70It is normally started at boot from
71.Pa /etc/rc.d/sshd .
72It forks a new
73daemon for each incoming connection.
74The forked daemons handle
75key exchange, encryption, authentication, command execution,
76and data exchange.
77This implementation of
78.Nm
79supports both SSH protocol version 1 and 2 simultaneously.
80.Nm
81works as follows:
82.Ss SSH protocol version 1
83Each host has a host-specific RSA key
84(normally 1024 bits) used to identify the host.
85Additionally, when
86the daemon starts, it generates a server RSA key (normally 768 bits).
87This key is normally regenerated every hour if it has been used, and
88is never stored on disk.
89.Pp
90Whenever a client connects, the daemon responds with its public
91host and server keys.
92The client compares the
93RSA host key against its own database to verify that it has not changed.
94The client then generates a 256-bit random number.
95It encrypts this
96random number using both the host key and the server key, and sends
97the encrypted number to the server.
98Both sides then use this
99random number as a session key which is used to encrypt all further
100communications in the session.
101The rest of the session is encrypted
102using a conventional cipher, currently Blowfish or 3DES, with 3DES
103being used by default.
104The client selects the encryption algorithm
105to use from those offered by the server.
106.Pp
107Next, the server and the client enter an authentication dialog.
108The client tries to authenticate itself using
109.Em .rhosts
110authentication,
111.Em .rhosts
112authentication combined with RSA host
113authentication, RSA challenge-response authentication, or password
114based authentication.
115.Pp
116Regardless of the authentication type, the account is checked to
117ensure that it is accessible. An account is not accessible if it is
118locked, listed in
119.Cm DenyUsers
120or its group is listed in
121.Cm DenyGroups
122\&. The definition of a locked account is system dependant. Some platforms
123have their own account database (eg AIX) and some modify the passwd field (
124.Ql \&*LK\&*
125on Solaris,
126.Ql \&*
127on HP-UX, containing
128.Ql Nologin
129on Tru64 and a leading
130.Ql \&!!
131on Linux). If there is a requirement to disable password authentication
132for the account while allowing still public-key, then the passwd field
133should be set to something other than these values (eg
134.Ql NP
135or
136.Ql \&*NP\&*
137).
138.Pp
139.Em rhosts
140authentication is normally disabled
141because it is fundamentally insecure, but can be enabled in the server
142configuration file if desired.
143System security is not improved unless
144.Nm rshd ,
145.Nm rlogind ,
146and
147.Nm rexecd
148are disabled (thus completely disabling
149.Xr rlogin
150and
151.Xr rsh
152into the machine).
153.Ss SSH protocol version 2
154Version 2 works similarly:
155Each host has a host-specific key (RSA or DSA) used to identify the host.
156However, when the daemon starts, it does not generate a server key.
157Forward security is provided through a Diffie-Hellman key agreement.
158This key agreement results in a shared session key.
159.Pp
160The rest of the session is encrypted using a symmetric cipher, currently
161128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
162The client selects the encryption algorithm
163to use from those offered by the server.
164Additionally, session integrity is provided
165through a cryptographic message authentication code
166(hmac-sha1 or hmac-md5).
167.Pp
168Protocol version 2 provides a public key based
169user (PubkeyAuthentication) or
170client host (HostbasedAuthentication) authentication method,
171conventional password authentication and challenge response based methods.
172.Ss Command execution and data forwarding
173If the client successfully authenticates itself, a dialog for
174preparing the session is entered.
175At this time the client may request
176things like allocating a pseudo-tty, forwarding X11 connections,
177forwarding TCP/IP connections, or forwarding the authentication agent
178connection over the secure channel.
179.Pp
180Finally, the client either requests a shell or execution of a command.
181The sides then enter session mode.
182In this mode, either side may send
183data at any time, and such data is forwarded to/from the shell or
184command on the server side, and the user terminal in the client side.
185.Pp
186When the user program terminates and all forwarded X11 and other
187connections have been closed, the server sends command exit status to
188the client, and both sides exit.
189.Pp
190.Nm
191can be configured using command-line options or a configuration file
192(by default
193.Xr sshd_config 5 ) .
194Command-line options override values specified in the
195configuration file.
196.Pp
197.Nm
198rereads its configuration file when it receives a hangup signal,
199.Dv SIGHUP ,
| 39.Dd September 25, 1999
40.Dt SSHD 8
41.Os
42.Sh NAME
43.Nm sshd
44.Nd OpenSSH SSH daemon
45.Sh SYNOPSIS
46.Nm sshd
47.Bk -words
48.Op Fl 46Ddeiqt
49.Op Fl b Ar bits
50.Op Fl f Ar config_file
51.Op Fl g Ar login_grace_time
52.Op Fl h Ar host_key_file
53.Op Fl k Ar key_gen_time
54.Op Fl o Ar option
55.Op Fl p Ar port
56.Op Fl u Ar len
57.Ek
58.Sh DESCRIPTION
59.Nm
60(SSH Daemon) is the daemon program for
61.Xr ssh 1 .
62Together these programs replace rlogin and rsh, and
63provide secure encrypted communications between two untrusted hosts
64over an insecure network.
65The programs are intended to be as easy to
66install and use as possible.
67.Pp
68.Nm
69is the daemon that listens for connections from clients.
70It is normally started at boot from
71.Pa /etc/rc.d/sshd .
72It forks a new
73daemon for each incoming connection.
74The forked daemons handle
75key exchange, encryption, authentication, command execution,
76and data exchange.
77This implementation of
78.Nm
79supports both SSH protocol version 1 and 2 simultaneously.
80.Nm
81works as follows:
82.Ss SSH protocol version 1
83Each host has a host-specific RSA key
84(normally 1024 bits) used to identify the host.
85Additionally, when
86the daemon starts, it generates a server RSA key (normally 768 bits).
87This key is normally regenerated every hour if it has been used, and
88is never stored on disk.
89.Pp
90Whenever a client connects, the daemon responds with its public
91host and server keys.
92The client compares the
93RSA host key against its own database to verify that it has not changed.
94The client then generates a 256-bit random number.
95It encrypts this
96random number using both the host key and the server key, and sends
97the encrypted number to the server.
98Both sides then use this
99random number as a session key which is used to encrypt all further
100communications in the session.
101The rest of the session is encrypted
102using a conventional cipher, currently Blowfish or 3DES, with 3DES
103being used by default.
104The client selects the encryption algorithm
105to use from those offered by the server.
106.Pp
107Next, the server and the client enter an authentication dialog.
108The client tries to authenticate itself using
109.Em .rhosts
110authentication,
111.Em .rhosts
112authentication combined with RSA host
113authentication, RSA challenge-response authentication, or password
114based authentication.
115.Pp
116Regardless of the authentication type, the account is checked to
117ensure that it is accessible. An account is not accessible if it is
118locked, listed in
119.Cm DenyUsers
120or its group is listed in
121.Cm DenyGroups
122\&. The definition of a locked account is system dependant. Some platforms
123have their own account database (eg AIX) and some modify the passwd field (
124.Ql \&*LK\&*
125on Solaris,
126.Ql \&*
127on HP-UX, containing
128.Ql Nologin
129on Tru64 and a leading
130.Ql \&!!
131on Linux). If there is a requirement to disable password authentication
132for the account while allowing still public-key, then the passwd field
133should be set to something other than these values (eg
134.Ql NP
135or
136.Ql \&*NP\&*
137).
138.Pp
139.Em rhosts
140authentication is normally disabled
141because it is fundamentally insecure, but can be enabled in the server
142configuration file if desired.
143System security is not improved unless
144.Nm rshd ,
145.Nm rlogind ,
146and
147.Nm rexecd
148are disabled (thus completely disabling
149.Xr rlogin
150and
151.Xr rsh
152into the machine).
153.Ss SSH protocol version 2
154Version 2 works similarly:
155Each host has a host-specific key (RSA or DSA) used to identify the host.
156However, when the daemon starts, it does not generate a server key.
157Forward security is provided through a Diffie-Hellman key agreement.
158This key agreement results in a shared session key.
159.Pp
160The rest of the session is encrypted using a symmetric cipher, currently
161128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES.
162The client selects the encryption algorithm
163to use from those offered by the server.
164Additionally, session integrity is provided
165through a cryptographic message authentication code
166(hmac-sha1 or hmac-md5).
167.Pp
168Protocol version 2 provides a public key based
169user (PubkeyAuthentication) or
170client host (HostbasedAuthentication) authentication method,
171conventional password authentication and challenge response based methods.
172.Ss Command execution and data forwarding
173If the client successfully authenticates itself, a dialog for
174preparing the session is entered.
175At this time the client may request
176things like allocating a pseudo-tty, forwarding X11 connections,
177forwarding TCP/IP connections, or forwarding the authentication agent
178connection over the secure channel.
179.Pp
180Finally, the client either requests a shell or execution of a command.
181The sides then enter session mode.
182In this mode, either side may send
183data at any time, and such data is forwarded to/from the shell or
184command on the server side, and the user terminal in the client side.
185.Pp
186When the user program terminates and all forwarded X11 and other
187connections have been closed, the server sends command exit status to
188the client, and both sides exit.
189.Pp
190.Nm
191can be configured using command-line options or a configuration file
192(by default
193.Xr sshd_config 5 ) .
194Command-line options override values specified in the
195configuration file.
196.Pp
197.Nm
198rereads its configuration file when it receives a hangup signal,
199.Dv SIGHUP ,
|
201.Pa /usr/sbin/sshd .
202.Pp
203The options are as follows:
204.Bl -tag -width Ds
205.It Fl 4
206Forces
207.Nm
208to use IPv4 addresses only.
209.It Fl 6
210Forces
211.Nm
212to use IPv6 addresses only.
213.It Fl b Ar bits
214Specifies the number of bits in the ephemeral protocol version 1
215server key (default 768).
216.It Fl D
217When this option is specified,
218.Nm
219will not detach and does not become a daemon.
220This allows easy monitoring of
221.Nm sshd .
222.It Fl d
223Debug mode.
224The server sends verbose debug output to the system
225log, and does not put itself in the background.
226The server also will not fork and will only process one connection.
227This option is only intended for debugging for the server.
228Multiple
229.Fl d
230options increase the debugging level.
231Maximum is 3.
232.It Fl e
233When this option is specified,
234.Nm
235will send the output to the standard error instead of the system log.
236.It Fl f Ar configuration_file
237Specifies the name of the configuration file.
238The default is
239.Pa /etc/ssh/sshd_config .
240.Nm
241refuses to start if there is no configuration file.
242.It Fl g Ar login_grace_time
243Gives the grace time for clients to authenticate themselves (default
244120 seconds).
245If the client fails to authenticate the user within
246this many seconds, the server disconnects and exits.
247A value of zero indicates no limit.
248.It Fl h Ar host_key_file
249Specifies a file from which a host key is read.
250This option must be given if
251.Nm
252is not run as root (as the normal
253host key files are normally not readable by anyone but root).
254The default is
255.Pa /etc/ssh/ssh_host_key
256for protocol version 1, and
257.Pa /etc/ssh/ssh_host_dsa_key
258for protocol version 2.
259It is possible to have multiple host key files for
260the different protocol versions and host key algorithms.
261.It Fl i
262Specifies that
263.Nm
264is being run from
265.Xr inetd 8 .
266.Nm
267is normally not run
268from inetd because it needs to generate the server key before it can
269respond to the client, and this may take tens of seconds.
270Clients would have to wait too long if the key was regenerated every time.
271However, with small key sizes (e.g., 512) using
272.Nm
273from inetd may
274be feasible.
275.It Fl k Ar key_gen_time
276Specifies how often the ephemeral protocol version 1 server key is
277regenerated (default 3600 seconds, or one hour).
278The motivation for regenerating the key fairly
279often is that the key is not stored anywhere, and after about an hour
280it becomes impossible to recover the key for decrypting intercepted
281communications even if the machine is cracked into or physically
282seized.
283A value of zero indicates that the key will never be regenerated.
284.It Fl o Ar option
285Can be used to give options in the format used in the configuration file.
286This is useful for specifying options for which there is no separate
287command-line flag.
288For full details of the options, and their values, see
289.Xr sshd_config 5 .
290.It Fl p Ar port
291Specifies the port on which the server listens for connections
292(default 22).
293Multiple port options are permitted.
294Ports specified in the configuration file are ignored when a
295command-line port is specified.
296.It Fl q
297Quiet mode.
298Nothing is sent to the system log.
299Normally the beginning,
300authentication, and termination of each connection is logged.
301.It Fl t
302Test mode.
303Only check the validity of the configuration file and sanity of the keys.
304This is useful for updating
305.Nm
306reliably as configuration options may change.
307.It Fl u Ar len
308This option is used to specify the size of the field
309in the
310.Li utmp
311structure that holds the remote host name.
312If the resolved host name is longer than
313.Ar len ,
314the dotted decimal value will be used instead.
315This allows hosts with very long host names that
316overflow this field to still be uniquely identified.
317Specifying
318.Fl u0
319indicates that only dotted decimal addresses
320should be put into the
321.Pa utmp
322file.
323.Fl u0
324may also be used to prevent
325.Nm
326from making DNS requests unless the authentication
327mechanism or configuration requires it.
328Authentication mechanisms that may require DNS include
329.Cm RhostsRSAAuthentication ,
330.Cm HostbasedAuthentication
331and using a
332.Cm from="pattern-list"
333option in a key file.
334Configuration options that require DNS include using a
335USER@HOST pattern in
336.Cm AllowUsers
337or
338.Cm DenyUsers .
339.El
340.Sh CONFIGURATION FILE
341.Nm
342reads configuration data from
343.Pa /etc/ssh/sshd_config
344(or the file specified with
345.Fl f
346on the command line).
347The file format and configuration options are described in
348.Xr sshd_config 5 .
349.Sh LOGIN PROCESS
350When a user successfully logs in,
351.Nm
352does the following:
353.Bl -enum -offset indent
354.It
355If the login is on a tty, and no command has been specified,
356prints last login time and
357.Pa /etc/motd
358(unless prevented in the configuration file or by
359.Pa $HOME/.hushlogin ;
360see the
361.Sx FILES
362section).
363.It
364If the login is on a tty, records login time.
365.It
366Checks
367.Pa /etc/nologin and
368.Pa /var/run/nologin ;
369if one exists, it prints the contents and quits
370(unless root).
371.It
372Changes to run with normal user privileges.
373.It
374Sets up basic environment.
375.It
376Reads the file
377.Pa $HOME/.ssh/environment ,
378if it exists, and users are allowed to change their environment.
379See the
380.Cm PermitUserEnvironment
381option in
382.Xr sshd_config 5 .
383.It
384Changes to user's home directory.
385.It
386If
387.Pa $HOME/.ssh/rc
388exists, runs it; else if
389.Pa /etc/ssh/sshrc
390exists, runs
391it; otherwise runs
392.Xr xauth 1 .
393The
394.Dq rc
395files are given the X11
396authentication protocol and cookie (if applicable) in standard input.
397.It
398Runs user's shell or command.
399.El
400.Sh AUTHORIZED_KEYS FILE FORMAT
401.Pa $HOME/.ssh/authorized_keys
402is the default file that lists the public keys that are
403permitted for RSA authentication in protocol version 1
404and for public key authentication (PubkeyAuthentication)
405in protocol version 2.
406.Cm AuthorizedKeysFile
407may be used to specify an alternative file.
408.Pp
409Each line of the file contains one
410key (empty lines and lines starting with a
411.Ql #
412are ignored as
413comments).
414Each RSA public key consists of the following fields, separated by
415spaces: options, bits, exponent, modulus, comment.
416Each protocol version 2 public key consists of:
417options, keytype, base64 encoded key, comment.
418The options field
419is optional; its presence is determined by whether the line starts
420with a number or not (the options field never starts with a number).
421The bits, exponent, modulus and comment fields give the RSA key for
422protocol version 1; the
423comment field is not used for anything (but may be convenient for the
424user to identify the key).
425For protocol version 2 the keytype is
426.Dq ssh-dss
427or
428.Dq ssh-rsa .
429.Pp
430Note that lines in this file are usually several hundred bytes long
431(because of the size of the public key encoding).
432You don't want to type them in; instead, copy the
433.Pa identity.pub ,
434.Pa id_dsa.pub
435or the
436.Pa id_rsa.pub
437file and edit it.
438.Pp
439.Nm
440enforces a minimum RSA key modulus size for protocol 1
441and protocol 2 keys of 768 bits.
442.Pp
443The options (if present) consist of comma-separated option
444specifications.
445No spaces are permitted, except within double quotes.
446The following option specifications are supported (note
447that option keywords are case-insensitive):
448.Bl -tag -width Ds
449.It Cm from="pattern-list"
450Specifies that in addition to public key authentication, the canonical name
451of the remote host must be present in the comma-separated list of
452patterns
453.Pf ( Ql \&*
454and
455.Ql \&?
456serve as wildcards).
457The list may also contain
458patterns negated by prefixing them with
459.Ql \&! ;
460if the canonical host name matches a negated pattern, the key is not accepted.
461The purpose
462of this option is to optionally increase security: public key authentication
463by itself does not trust the network or name servers or anything (but
464the key); however, if somebody somehow steals the key, the key
465permits an intruder to log in from anywhere in the world.
466This additional option makes using a stolen key more difficult (name
467servers and/or routers would have to be compromised in addition to
468just the key).
469.It Cm command="command"
470Specifies that the command is executed whenever this key is used for
471authentication.
472The command supplied by the user (if any) is ignored.
473The command is run on a pty if the client requests a pty;
474otherwise it is run without a tty.
475If an 8-bit clean channel is required,
476one must not request a pty or should specify
477.Cm no-pty .
478A quote may be included in the command by quoting it with a backslash.
479This option might be useful
480to restrict certain public keys to perform just a specific operation.
481An example might be a key that permits remote backups but nothing else.
482Note that the client may specify TCP/IP and/or X11
483forwarding unless they are explicitly prohibited.
484Note that this option applies to shell, command or subsystem execution.
485.It Cm environment="NAME=value"
486Specifies that the string is to be added to the environment when
487logging in using this key.
488Environment variables set this way
489override other default environment values.
490Multiple options of this type are permitted.
491Environment processing is disabled by default and is
492controlled via the
493.Cm PermitUserEnvironment
494option.
495This option is automatically disabled if
496.Cm UseLogin
497is enabled.
498.It Cm no-port-forwarding
499Forbids TCP/IP forwarding when this key is used for authentication.
500Any port forward requests by the client will return an error.
501This might be used, e.g., in connection with the
502.Cm command
503option.
504.It Cm no-X11-forwarding
505Forbids X11 forwarding when this key is used for authentication.
506Any X11 forward requests by the client will return an error.
507.It Cm no-agent-forwarding
508Forbids authentication agent forwarding when this key is used for
509authentication.
510.It Cm no-pty
511Prevents tty allocation (a request to allocate a pty will fail).
512.It Cm permitopen="host:port"
513Limit local
514.Li ``ssh -L''
515port forwarding such that it may only connect to the specified host and
516port.
517IPv6 addresses can be specified with an alternative syntax:
518.Ar host Ns / Ns Ar port .
519Multiple
520.Cm permitopen
521options may be applied separated by commas.
522No pattern matching is performed on the specified hostnames,
523they must be literal domains or addresses.
524.El
525.Ss Examples
5261024 33 12121...312314325 ylo@foo.bar
527.Pp
528from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula
529.Pp
530command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi
531.Pp
532permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
533.Sh SSH_KNOWN_HOSTS FILE FORMAT
534The
535.Pa /etc/ssh/ssh_known_hosts
536and
537.Pa $HOME/.ssh/known_hosts
538files contain host public keys for all known hosts.
539The global file should
540be prepared by the administrator (optional), and the per-user file is
541maintained automatically: whenever the user connects from an unknown host
542its key is added to the per-user file.
543.Pp
544Each line in these files contains the following fields: hostnames,
545bits, exponent, modulus, comment.
546The fields are separated by spaces.
547.Pp
548Hostnames is a comma-separated list of patterns
549.Pf ( Ql \&*
550and
551.Ql \&?
552act as
553wildcards); each pattern in turn is matched against the canonical host
554name (when authenticating a client) or against the user-supplied
555name (when authenticating a server).
556A pattern may also be preceded by
557.Ql \&!
558to indicate negation: if the host name matches a negated
559pattern, it is not accepted (by that line) even if it matched another
560pattern on the line.
561.Pp
562Bits, exponent, and modulus are taken directly from the RSA host key; they
563can be obtained, e.g., from
564.Pa /etc/ssh/ssh_host_key.pub .
565The optional comment field continues to the end of the line, and is not used.
566.Pp
567Lines starting with
568.Ql #
569and empty lines are ignored as comments.
570.Pp
571When performing host authentication, authentication is accepted if any
572matching line has the proper key.
573It is thus permissible (but not
574recommended) to have several lines or different host keys for the same
575names.
576This will inevitably happen when short forms of host names
577from different domains are put in the file.
578It is possible
579that the files contain conflicting information; authentication is
580accepted if valid information can be found from either file.
581.Pp
582Note that the lines in these files are typically hundreds of characters
583long, and you definitely don't want to type in the host keys by hand.
584Rather, generate them by a script
585or by taking
586.Pa /etc/ssh/ssh_host_key.pub
587and adding the host names at the front.
588.Ss Examples
589.Bd -literal
590closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi
591cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
592.Ed
593.Sh FILES
594.Bl -tag -width Ds
595.It Pa /etc/ssh/sshd_config
596Contains configuration data for
597.Nm sshd .
598The file format and configuration options are described in
599.Xr sshd_config 5 .
600.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key
601These two files contain the private parts of the host keys.
602These files should only be owned by root, readable only by root, and not
603accessible to others.
604Note that
605.Nm
606does not start if this file is group/world-accessible.
607.It Pa /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub
608These two files contain the public parts of the host keys.
609These files should be world-readable but writable only by
610root.
611Their contents should match the respective private parts.
612These files are not
613really used for anything; they are provided for the convenience of
614the user so their contents can be copied to known hosts files.
615These files are created using
616.Xr ssh-keygen 1 .
617.It Pa /etc/ssh/moduli
618Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
619The file format is described in
620.Xr moduli 5 .
621.It Pa /var/empty
622.Xr chroot 2
623directory used by
624.Nm
625during privilege separation in the pre-authentication phase.
626The directory should not contain any files and must be owned by root
627and not group or world-writable.
628.It Pa /var/run/sshd.pid
629Contains the process ID of the
630.Nm
631listening for connections (if there are several daemons running
632concurrently for different ports, this contains the process ID of the one
633started last).
634The content of this file is not sensitive; it can be world-readable.
635.It Pa $HOME/.ssh/authorized_keys
636Lists the public keys (RSA or DSA) that can be used to log into the user's account.
637This file must be readable by root (which may on some machines imply
638it being world-readable if the user's home directory resides on an NFS
639volume).
640It is recommended that it not be accessible by others.
641The format of this file is described above.
642Users will place the contents of their
643.Pa identity.pub ,
644.Pa id_dsa.pub
645and/or
646.Pa id_rsa.pub
647files into this file, as described in
648.Xr ssh-keygen 1 .
649.It Pa "/etc/ssh/ssh_known_hosts", "$HOME/.ssh/known_hosts"
650These files are consulted when using rhosts with RSA host
651authentication or protocol version 2 hostbased authentication
652to check the public key of the host.
653The key must be listed in one of these files to be accepted.
654The client uses the same files
655to verify that it is connecting to the correct remote host.
656These files should be writable only by root/the owner.
657.Pa /etc/ssh/ssh_known_hosts
658should be world-readable, and
659.Pa $HOME/.ssh/known_hosts
660can, but need not be, world-readable.
661.It Pa /etc/nologin
662If this file exists,
663.Nm
664refuses to let anyone except root log in.
665The contents of the file
666are displayed to anyone trying to log in, and non-root connections are
667refused.
668The file should be world-readable.
669.It Pa /etc/hosts.allow, /etc/hosts.deny
670Access controls that should be enforced by tcp-wrappers are defined here.
671Further details are described in
672.Xr hosts_access 5 .
673.It Pa $HOME/.rhosts
674This file contains host-username pairs, separated by a space, one per
675line.
676The given user on the corresponding host is permitted to log in
677without a password.
678The same file is used by rlogind and rshd.
679The file must
680be writable only by the user; it is recommended that it not be
681accessible by others.
682.Pp
683It is also possible to use netgroups in the file.
684Either host or user
685name may be of the form +@groupname to specify all hosts or all users
686in the group.
687.It Pa $HOME/.shosts
688For ssh,
689this file is exactly the same as for
690.Pa .rhosts .
691However, this file is
692not used by rlogin and rshd, so using this permits access using SSH only.
693.It Pa /etc/hosts.equiv
694This file is used during
695.Em rhosts
696authentication.
697In the simplest form, this file contains host names, one per line.
698Users on
699those hosts are permitted to log in without a password, provided they
700have the same user name on both machines.
701The host name may also be
702followed by a user name; such users are permitted to log in as
703.Em any
704user on this machine (except root).
705Additionally, the syntax
706.Dq +@group
707can be used to specify netgroups.
708Negated entries start with
709.Ql \&- .
710.Pp
711If the client host/user is successfully matched in this file, login is
712automatically permitted provided the client and server user names are the
713same.
714Additionally, successful RSA host authentication is normally required.
715This file must be writable only by root; it is recommended
716that it be world-readable.
717.Pp
718.Sy "Warning: It is almost never a good idea to use user names in"
719.Pa hosts.equiv .
720Beware that it really means that the named user(s) can log in as
721.Em anybody ,
722which includes bin, daemon, adm, and other accounts that own critical
723binaries and directories.
724Using a user name practically grants the user root access.
725The only valid use for user names that I can think
726of is in negative entries.
727.Pp
728Note that this warning also applies to rsh/rlogin.
729.It Pa /etc/ssh/shosts.equiv
730This is processed exactly as
731.Pa /etc/hosts.equiv .
732However, this file may be useful in environments that want to run both
733rsh/rlogin and ssh.
734.It Pa $HOME/.ssh/environment
735This file is read into the environment at login (if it exists).
736It can only contain empty lines, comment lines (that start with
737.Ql # ) ,
738and assignment lines of the form name=value.
739The file should be writable
740only by the user; it need not be readable by anyone else.
741Environment processing is disabled by default and is
742controlled via the
743.Cm PermitUserEnvironment
744option.
745.It Pa $HOME/.ssh/rc
746If this file exists, it is run with
747.Pa /bin/sh
748after reading the
749environment files but before starting the user's shell or command.
750It must not produce any output on stdout; stderr must be used
751instead.
752If X11 forwarding is in use, it will receive the "proto cookie" pair in
753its standard input (and
754.Ev DISPLAY
755in its environment).
756The script must call
757.Xr xauth 1
758because
759.Nm
760will not run xauth automatically to add X11 cookies.
761.Pp
762The primary purpose of this file is to run any initialization routines
763which may be needed before the user's home directory becomes
764accessible; AFS is a particular example of such an environment.
765.Pp
766This file will probably contain some initialization code followed by
767something similar to:
768.Bd -literal
769if read proto cookie && [ -n "$DISPLAY" ]; then
770 if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
771 # X11UseLocalhost=yes
772 echo add unix:`echo $DISPLAY |
773 cut -c11-` $proto $cookie
774 else
775 # X11UseLocalhost=no
776 echo add $DISPLAY $proto $cookie
777 fi | xauth -q -
778fi
779.Ed
780.Pp
781If this file does not exist,
782.Pa /etc/ssh/sshrc
783is run, and if that
784does not exist either, xauth is used to add the cookie.
785.Pp
786This file should be writable only by the user, and need not be
787readable by anyone else.
788.It Pa /etc/ssh/sshrc
789Like
790.Pa $HOME/.ssh/rc .
791This can be used to specify
792machine-specific login-time initializations globally.
793This file should be writable only by root, and should be world-readable.
794.El
795.Sh SEE ALSO
796.Xr scp 1 ,
797.Xr sftp 1 ,
798.Xr ssh 1 ,
799.Xr ssh-add 1 ,
800.Xr ssh-agent 1 ,
801.Xr ssh-keygen 1 ,
802.Xr chroot 2 ,
803.Xr hosts_access 5 ,
804.Xr login.conf 5 ,
805.Xr moduli 5 ,
806.Xr sshd_config 5 ,
807.Xr inetd 8 ,
808.Xr sftp-server 8
809.Rs
810.%A T. Ylonen
811.%A T. Kivinen
812.%A M. Saarinen
813.%A T. Rinne
814.%A S. Lehtinen
815.%T "SSH Protocol Architecture"
816.%N draft-ietf-secsh-architecture-12.txt
817.%D January 2002
818.%O work in progress material
819.Re
820.Rs
821.%A M. Friedl
822.%A N. Provos
823.%A W. A. Simpson
824.%T "Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol"
825.%N draft-ietf-secsh-dh-group-exchange-02.txt
826.%D January 2002
827.%O work in progress material
828.Re
829.Sh AUTHORS
830OpenSSH is a derivative of the original and free
831ssh 1.2.12 release by Tatu Ylonen.
832Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
833Theo de Raadt and Dug Song
834removed many bugs, re-added newer features and
835created OpenSSH.
836Markus Friedl contributed the support for SSH
837protocol versions 1.5 and 2.0.
838Niels Provos and Markus Friedl contributed support
839for privilege separation.
| 201.Pa /usr/sbin/sshd .
202.Pp
203The options are as follows:
204.Bl -tag -width Ds
205.It Fl 4
206Forces
207.Nm
208to use IPv4 addresses only.
209.It Fl 6
210Forces
211.Nm
212to use IPv6 addresses only.
213.It Fl b Ar bits
214Specifies the number of bits in the ephemeral protocol version 1
215server key (default 768).
216.It Fl D
217When this option is specified,
218.Nm
219will not detach and does not become a daemon.
220This allows easy monitoring of
221.Nm sshd .
222.It Fl d
223Debug mode.
224The server sends verbose debug output to the system
225log, and does not put itself in the background.
226The server also will not fork and will only process one connection.
227This option is only intended for debugging for the server.
228Multiple
229.Fl d
230options increase the debugging level.
231Maximum is 3.
232.It Fl e
233When this option is specified,
234.Nm
235will send the output to the standard error instead of the system log.
236.It Fl f Ar configuration_file
237Specifies the name of the configuration file.
238The default is
239.Pa /etc/ssh/sshd_config .
240.Nm
241refuses to start if there is no configuration file.
242.It Fl g Ar login_grace_time
243Gives the grace time for clients to authenticate themselves (default
244120 seconds).
245If the client fails to authenticate the user within
246this many seconds, the server disconnects and exits.
247A value of zero indicates no limit.
248.It Fl h Ar host_key_file
249Specifies a file from which a host key is read.
250This option must be given if
251.Nm
252is not run as root (as the normal
253host key files are normally not readable by anyone but root).
254The default is
255.Pa /etc/ssh/ssh_host_key
256for protocol version 1, and
257.Pa /etc/ssh/ssh_host_dsa_key
258for protocol version 2.
259It is possible to have multiple host key files for
260the different protocol versions and host key algorithms.
261.It Fl i
262Specifies that
263.Nm
264is being run from
265.Xr inetd 8 .
266.Nm
267is normally not run
268from inetd because it needs to generate the server key before it can
269respond to the client, and this may take tens of seconds.
270Clients would have to wait too long if the key was regenerated every time.
271However, with small key sizes (e.g., 512) using
272.Nm
273from inetd may
274be feasible.
275.It Fl k Ar key_gen_time
276Specifies how often the ephemeral protocol version 1 server key is
277regenerated (default 3600 seconds, or one hour).
278The motivation for regenerating the key fairly
279often is that the key is not stored anywhere, and after about an hour
280it becomes impossible to recover the key for decrypting intercepted
281communications even if the machine is cracked into or physically
282seized.
283A value of zero indicates that the key will never be regenerated.
284.It Fl o Ar option
285Can be used to give options in the format used in the configuration file.
286This is useful for specifying options for which there is no separate
287command-line flag.
288For full details of the options, and their values, see
289.Xr sshd_config 5 .
290.It Fl p Ar port
291Specifies the port on which the server listens for connections
292(default 22).
293Multiple port options are permitted.
294Ports specified in the configuration file are ignored when a
295command-line port is specified.
296.It Fl q
297Quiet mode.
298Nothing is sent to the system log.
299Normally the beginning,
300authentication, and termination of each connection is logged.
301.It Fl t
302Test mode.
303Only check the validity of the configuration file and sanity of the keys.
304This is useful for updating
305.Nm
306reliably as configuration options may change.
307.It Fl u Ar len
308This option is used to specify the size of the field
309in the
310.Li utmp
311structure that holds the remote host name.
312If the resolved host name is longer than
313.Ar len ,
314the dotted decimal value will be used instead.
315This allows hosts with very long host names that
316overflow this field to still be uniquely identified.
317Specifying
318.Fl u0
319indicates that only dotted decimal addresses
320should be put into the
321.Pa utmp
322file.
323.Fl u0
324may also be used to prevent
325.Nm
326from making DNS requests unless the authentication
327mechanism or configuration requires it.
328Authentication mechanisms that may require DNS include
329.Cm RhostsRSAAuthentication ,
330.Cm HostbasedAuthentication
331and using a
332.Cm from="pattern-list"
333option in a key file.
334Configuration options that require DNS include using a
335USER@HOST pattern in
336.Cm AllowUsers
337or
338.Cm DenyUsers .
339.El
340.Sh CONFIGURATION FILE
341.Nm
342reads configuration data from
343.Pa /etc/ssh/sshd_config
344(or the file specified with
345.Fl f
346on the command line).
347The file format and configuration options are described in
348.Xr sshd_config 5 .
349.Sh LOGIN PROCESS
350When a user successfully logs in,
351.Nm
352does the following:
353.Bl -enum -offset indent
354.It
355If the login is on a tty, and no command has been specified,
356prints last login time and
357.Pa /etc/motd
358(unless prevented in the configuration file or by
359.Pa $HOME/.hushlogin ;
360see the
361.Sx FILES
362section).
363.It
364If the login is on a tty, records login time.
365.It
366Checks
367.Pa /etc/nologin and
368.Pa /var/run/nologin ;
369if one exists, it prints the contents and quits
370(unless root).
371.It
372Changes to run with normal user privileges.
373.It
374Sets up basic environment.
375.It
376Reads the file
377.Pa $HOME/.ssh/environment ,
378if it exists, and users are allowed to change their environment.
379See the
380.Cm PermitUserEnvironment
381option in
382.Xr sshd_config 5 .
383.It
384Changes to user's home directory.
385.It
386If
387.Pa $HOME/.ssh/rc
388exists, runs it; else if
389.Pa /etc/ssh/sshrc
390exists, runs
391it; otherwise runs
392.Xr xauth 1 .
393The
394.Dq rc
395files are given the X11
396authentication protocol and cookie (if applicable) in standard input.
397.It
398Runs user's shell or command.
399.El
400.Sh AUTHORIZED_KEYS FILE FORMAT
401.Pa $HOME/.ssh/authorized_keys
402is the default file that lists the public keys that are
403permitted for RSA authentication in protocol version 1
404and for public key authentication (PubkeyAuthentication)
405in protocol version 2.
406.Cm AuthorizedKeysFile
407may be used to specify an alternative file.
408.Pp
409Each line of the file contains one
410key (empty lines and lines starting with a
411.Ql #
412are ignored as
413comments).
414Each RSA public key consists of the following fields, separated by
415spaces: options, bits, exponent, modulus, comment.
416Each protocol version 2 public key consists of:
417options, keytype, base64 encoded key, comment.
418The options field
419is optional; its presence is determined by whether the line starts
420with a number or not (the options field never starts with a number).
421The bits, exponent, modulus and comment fields give the RSA key for
422protocol version 1; the
423comment field is not used for anything (but may be convenient for the
424user to identify the key).
425For protocol version 2 the keytype is
426.Dq ssh-dss
427or
428.Dq ssh-rsa .
429.Pp
430Note that lines in this file are usually several hundred bytes long
431(because of the size of the public key encoding).
432You don't want to type them in; instead, copy the
433.Pa identity.pub ,
434.Pa id_dsa.pub
435or the
436.Pa id_rsa.pub
437file and edit it.
438.Pp
439.Nm
440enforces a minimum RSA key modulus size for protocol 1
441and protocol 2 keys of 768 bits.
442.Pp
443The options (if present) consist of comma-separated option
444specifications.
445No spaces are permitted, except within double quotes.
446The following option specifications are supported (note
447that option keywords are case-insensitive):
448.Bl -tag -width Ds
449.It Cm from="pattern-list"
450Specifies that in addition to public key authentication, the canonical name
451of the remote host must be present in the comma-separated list of
452patterns
453.Pf ( Ql \&*
454and
455.Ql \&?
456serve as wildcards).
457The list may also contain
458patterns negated by prefixing them with
459.Ql \&! ;
460if the canonical host name matches a negated pattern, the key is not accepted.
461The purpose
462of this option is to optionally increase security: public key authentication
463by itself does not trust the network or name servers or anything (but
464the key); however, if somebody somehow steals the key, the key
465permits an intruder to log in from anywhere in the world.
466This additional option makes using a stolen key more difficult (name
467servers and/or routers would have to be compromised in addition to
468just the key).
469.It Cm command="command"
470Specifies that the command is executed whenever this key is used for
471authentication.
472The command supplied by the user (if any) is ignored.
473The command is run on a pty if the client requests a pty;
474otherwise it is run without a tty.
475If an 8-bit clean channel is required,
476one must not request a pty or should specify
477.Cm no-pty .
478A quote may be included in the command by quoting it with a backslash.
479This option might be useful
480to restrict certain public keys to perform just a specific operation.
481An example might be a key that permits remote backups but nothing else.
482Note that the client may specify TCP/IP and/or X11
483forwarding unless they are explicitly prohibited.
484Note that this option applies to shell, command or subsystem execution.
485.It Cm environment="NAME=value"
486Specifies that the string is to be added to the environment when
487logging in using this key.
488Environment variables set this way
489override other default environment values.
490Multiple options of this type are permitted.
491Environment processing is disabled by default and is
492controlled via the
493.Cm PermitUserEnvironment
494option.
495This option is automatically disabled if
496.Cm UseLogin
497is enabled.
498.It Cm no-port-forwarding
499Forbids TCP/IP forwarding when this key is used for authentication.
500Any port forward requests by the client will return an error.
501This might be used, e.g., in connection with the
502.Cm command
503option.
504.It Cm no-X11-forwarding
505Forbids X11 forwarding when this key is used for authentication.
506Any X11 forward requests by the client will return an error.
507.It Cm no-agent-forwarding
508Forbids authentication agent forwarding when this key is used for
509authentication.
510.It Cm no-pty
511Prevents tty allocation (a request to allocate a pty will fail).
512.It Cm permitopen="host:port"
513Limit local
514.Li ``ssh -L''
515port forwarding such that it may only connect to the specified host and
516port.
517IPv6 addresses can be specified with an alternative syntax:
518.Ar host Ns / Ns Ar port .
519Multiple
520.Cm permitopen
521options may be applied separated by commas.
522No pattern matching is performed on the specified hostnames,
523they must be literal domains or addresses.
524.El
525.Ss Examples
5261024 33 12121...312314325 ylo@foo.bar
527.Pp
528from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula
529.Pp
530command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi
531.Pp
532permitopen="10.2.1.55:80",permitopen="10.2.1.56:25" 1024 33 23...2323
533.Sh SSH_KNOWN_HOSTS FILE FORMAT
534The
535.Pa /etc/ssh/ssh_known_hosts
536and
537.Pa $HOME/.ssh/known_hosts
538files contain host public keys for all known hosts.
539The global file should
540be prepared by the administrator (optional), and the per-user file is
541maintained automatically: whenever the user connects from an unknown host
542its key is added to the per-user file.
543.Pp
544Each line in these files contains the following fields: hostnames,
545bits, exponent, modulus, comment.
546The fields are separated by spaces.
547.Pp
548Hostnames is a comma-separated list of patterns
549.Pf ( Ql \&*
550and
551.Ql \&?
552act as
553wildcards); each pattern in turn is matched against the canonical host
554name (when authenticating a client) or against the user-supplied
555name (when authenticating a server).
556A pattern may also be preceded by
557.Ql \&!
558to indicate negation: if the host name matches a negated
559pattern, it is not accepted (by that line) even if it matched another
560pattern on the line.
561.Pp
562Bits, exponent, and modulus are taken directly from the RSA host key; they
563can be obtained, e.g., from
564.Pa /etc/ssh/ssh_host_key.pub .
565The optional comment field continues to the end of the line, and is not used.
566.Pp
567Lines starting with
568.Ql #
569and empty lines are ignored as comments.
570.Pp
571When performing host authentication, authentication is accepted if any
572matching line has the proper key.
573It is thus permissible (but not
574recommended) to have several lines or different host keys for the same
575names.
576This will inevitably happen when short forms of host names
577from different domains are put in the file.
578It is possible
579that the files contain conflicting information; authentication is
580accepted if valid information can be found from either file.
581.Pp
582Note that the lines in these files are typically hundreds of characters
583long, and you definitely don't want to type in the host keys by hand.
584Rather, generate them by a script
585or by taking
586.Pa /etc/ssh/ssh_host_key.pub
587and adding the host names at the front.
588.Ss Examples
589.Bd -literal
590closenet,...,130.233.208.41 1024 37 159...93 closenet.hut.fi
591cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
592.Ed
593.Sh FILES
594.Bl -tag -width Ds
595.It Pa /etc/ssh/sshd_config
596Contains configuration data for
597.Nm sshd .
598The file format and configuration options are described in
599.Xr sshd_config 5 .
600.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key
601These two files contain the private parts of the host keys.
602These files should only be owned by root, readable only by root, and not
603accessible to others.
604Note that
605.Nm
606does not start if this file is group/world-accessible.
607.It Pa /etc/ssh/ssh_host_key.pub, /etc/ssh/ssh_host_dsa_key.pub
608These two files contain the public parts of the host keys.
609These files should be world-readable but writable only by
610root.
611Their contents should match the respective private parts.
612These files are not
613really used for anything; they are provided for the convenience of
614the user so their contents can be copied to known hosts files.
615These files are created using
616.Xr ssh-keygen 1 .
617.It Pa /etc/ssh/moduli
618Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
619The file format is described in
620.Xr moduli 5 .
621.It Pa /var/empty
622.Xr chroot 2
623directory used by
624.Nm
625during privilege separation in the pre-authentication phase.
626The directory should not contain any files and must be owned by root
627and not group or world-writable.
628.It Pa /var/run/sshd.pid
629Contains the process ID of the
630.Nm
631listening for connections (if there are several daemons running
632concurrently for different ports, this contains the process ID of the one
633started last).
634The content of this file is not sensitive; it can be world-readable.
635.It Pa $HOME/.ssh/authorized_keys
636Lists the public keys (RSA or DSA) that can be used to log into the user's account.
637This file must be readable by root (which may on some machines imply
638it being world-readable if the user's home directory resides on an NFS
639volume).
640It is recommended that it not be accessible by others.
641The format of this file is described above.
642Users will place the contents of their
643.Pa identity.pub ,
644.Pa id_dsa.pub
645and/or
646.Pa id_rsa.pub
647files into this file, as described in
648.Xr ssh-keygen 1 .
649.It Pa "/etc/ssh/ssh_known_hosts", "$HOME/.ssh/known_hosts"
650These files are consulted when using rhosts with RSA host
651authentication or protocol version 2 hostbased authentication
652to check the public key of the host.
653The key must be listed in one of these files to be accepted.
654The client uses the same files
655to verify that it is connecting to the correct remote host.
656These files should be writable only by root/the owner.
657.Pa /etc/ssh/ssh_known_hosts
658should be world-readable, and
659.Pa $HOME/.ssh/known_hosts
660can, but need not be, world-readable.
661.It Pa /etc/nologin
662If this file exists,
663.Nm
664refuses to let anyone except root log in.
665The contents of the file
666are displayed to anyone trying to log in, and non-root connections are
667refused.
668The file should be world-readable.
669.It Pa /etc/hosts.allow, /etc/hosts.deny
670Access controls that should be enforced by tcp-wrappers are defined here.
671Further details are described in
672.Xr hosts_access 5 .
673.It Pa $HOME/.rhosts
674This file contains host-username pairs, separated by a space, one per
675line.
676The given user on the corresponding host is permitted to log in
677without a password.
678The same file is used by rlogind and rshd.
679The file must
680be writable only by the user; it is recommended that it not be
681accessible by others.
682.Pp
683It is also possible to use netgroups in the file.
684Either host or user
685name may be of the form +@groupname to specify all hosts or all users
686in the group.
687.It Pa $HOME/.shosts
688For ssh,
689this file is exactly the same as for
690.Pa .rhosts .
691However, this file is
692not used by rlogin and rshd, so using this permits access using SSH only.
693.It Pa /etc/hosts.equiv
694This file is used during
695.Em rhosts
696authentication.
697In the simplest form, this file contains host names, one per line.
698Users on
699those hosts are permitted to log in without a password, provided they
700have the same user name on both machines.
701The host name may also be
702followed by a user name; such users are permitted to log in as
703.Em any
704user on this machine (except root).
705Additionally, the syntax
706.Dq +@group
707can be used to specify netgroups.
708Negated entries start with
709.Ql \&- .
710.Pp
711If the client host/user is successfully matched in this file, login is
712automatically permitted provided the client and server user names are the
713same.
714Additionally, successful RSA host authentication is normally required.
715This file must be writable only by root; it is recommended
716that it be world-readable.
717.Pp
718.Sy "Warning: It is almost never a good idea to use user names in"
719.Pa hosts.equiv .
720Beware that it really means that the named user(s) can log in as
721.Em anybody ,
722which includes bin, daemon, adm, and other accounts that own critical
723binaries and directories.
724Using a user name practically grants the user root access.
725The only valid use for user names that I can think
726of is in negative entries.
727.Pp
728Note that this warning also applies to rsh/rlogin.
729.It Pa /etc/ssh/shosts.equiv
730This is processed exactly as
731.Pa /etc/hosts.equiv .
732However, this file may be useful in environments that want to run both
733rsh/rlogin and ssh.
734.It Pa $HOME/.ssh/environment
735This file is read into the environment at login (if it exists).
736It can only contain empty lines, comment lines (that start with
737.Ql # ) ,
738and assignment lines of the form name=value.
739The file should be writable
740only by the user; it need not be readable by anyone else.
741Environment processing is disabled by default and is
742controlled via the
743.Cm PermitUserEnvironment
744option.
745.It Pa $HOME/.ssh/rc
746If this file exists, it is run with
747.Pa /bin/sh
748after reading the
749environment files but before starting the user's shell or command.
750It must not produce any output on stdout; stderr must be used
751instead.
752If X11 forwarding is in use, it will receive the "proto cookie" pair in
753its standard input (and
754.Ev DISPLAY
755in its environment).
756The script must call
757.Xr xauth 1
758because
759.Nm
760will not run xauth automatically to add X11 cookies.
761.Pp
762The primary purpose of this file is to run any initialization routines
763which may be needed before the user's home directory becomes
764accessible; AFS is a particular example of such an environment.
765.Pp
766This file will probably contain some initialization code followed by
767something similar to:
768.Bd -literal
769if read proto cookie && [ -n "$DISPLAY" ]; then
770 if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
771 # X11UseLocalhost=yes
772 echo add unix:`echo $DISPLAY |
773 cut -c11-` $proto $cookie
774 else
775 # X11UseLocalhost=no
776 echo add $DISPLAY $proto $cookie
777 fi | xauth -q -
778fi
779.Ed
780.Pp
781If this file does not exist,
782.Pa /etc/ssh/sshrc
783is run, and if that
784does not exist either, xauth is used to add the cookie.
785.Pp
786This file should be writable only by the user, and need not be
787readable by anyone else.
788.It Pa /etc/ssh/sshrc
789Like
790.Pa $HOME/.ssh/rc .
791This can be used to specify
792machine-specific login-time initializations globally.
793This file should be writable only by root, and should be world-readable.
794.El
795.Sh SEE ALSO
796.Xr scp 1 ,
797.Xr sftp 1 ,
798.Xr ssh 1 ,
799.Xr ssh-add 1 ,
800.Xr ssh-agent 1 ,
801.Xr ssh-keygen 1 ,
802.Xr chroot 2 ,
803.Xr hosts_access 5 ,
804.Xr login.conf 5 ,
805.Xr moduli 5 ,
806.Xr sshd_config 5 ,
807.Xr inetd 8 ,
808.Xr sftp-server 8
809.Rs
810.%A T. Ylonen
811.%A T. Kivinen
812.%A M. Saarinen
813.%A T. Rinne
814.%A S. Lehtinen
815.%T "SSH Protocol Architecture"
816.%N draft-ietf-secsh-architecture-12.txt
817.%D January 2002
818.%O work in progress material
819.Re
820.Rs
821.%A M. Friedl
822.%A N. Provos
823.%A W. A. Simpson
824.%T "Diffie-Hellman Group Exchange for the SSH Transport Layer Protocol"
825.%N draft-ietf-secsh-dh-group-exchange-02.txt
826.%D January 2002
827.%O work in progress material
828.Re
829.Sh AUTHORS
830OpenSSH is a derivative of the original and free
831ssh 1.2.12 release by Tatu Ylonen.
832Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
833Theo de Raadt and Dug Song
834removed many bugs, re-added newer features and
835created OpenSSH.
836Markus Friedl contributed the support for SSH
837protocol versions 1.5 and 2.0.
838Niels Provos and Markus Friedl contributed support
839for privilege separation.
|