1.\" -*- nroff -*-
2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
7.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
12.\"
13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
16.\"
17.\" Redistribution and use in source and binary forms, with or without
18.\" modification, are permitted provided that the following conditions
19.\" are met:
20.\" 1. Redistributions of source code must retain the above copyright
21.\" notice, this list of conditions and the following disclaimer.
22.\" 2. Redistributions in binary form must reproduce the above copyright
23.\" notice, this list of conditions and the following disclaimer in the
24.\" documentation and/or other materials provided with the distribution.
25.\"
26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\"
37.\" $OpenBSD: sshd_config.5,v 1.70 2006/08/21 08:14:01 dtucker Exp $
38.\" $FreeBSD: head/crypto/openssh/sshd_config.5 164149 2006-11-10 16:52:41Z des $
39.Dd September 25, 1999
40.Dt SSHD_CONFIG 5
41.Os
42.Sh NAME
43.Nm sshd_config
44.Nd OpenSSH SSH daemon configuration file
45.Sh SYNOPSIS
46.Bl -tag -width Ds -compact
47.It Pa /etc/ssh/sshd_config
48.El
49.Sh DESCRIPTION
50.Xr sshd 8
51reads configuration data from
52.Pa /etc/ssh/sshd_config
53(or the file specified with
54.Fl f
55on the command line).
56The file contains keyword-argument pairs, one per line.
57Lines starting with
58.Ql #
59and empty lines are interpreted as comments.
60Arguments may optionally be enclosed in double quotes
61.Pq \&"
62in order to represent arguments containing spaces.
63.Pp
64The possible
65keywords and their meanings are as follows (note that
66keywords are case-insensitive and arguments are case-sensitive):
67.Bl -tag -width Ds
68.It Cm AcceptEnv
69Specifies what environment variables sent by the client will be copied into
70the session's
71.Xr environ 7 .
72See
73.Cm SendEnv
74in
75.Xr ssh_config 5
76for how to configure the client.
77Note that environment passing is only supported for protocol 2.
78Variables are specified by name, which may contain the wildcard characters
79.Ql *
80and
81.Ql \&? .
82Multiple environment variables may be separated by whitespace or spread
83across multiple
84.Cm AcceptEnv
85directives.
86Be warned that some environment variables could be used to bypass restricted
87user environments.
88For this reason, care should be taken in the use of this directive.
89The default is not to accept any environment variables.
90.It Cm AddressFamily
91Specifies which address family should be used by
92.Xr sshd 8 .
93Valid arguments are
94.Dq any ,
95.Dq inet
96(use IPv4 only), or
97.Dq inet6
98(use IPv6 only).
99The default is
100.Dq any .
101.It Cm AllowGroups
102This keyword can be followed by a list of group name patterns, separated
103by spaces.
104If specified, login is allowed only for users whose primary
105group or supplementary group list matches one of the patterns.
106Only group names are valid; a numerical group ID is not recognized.
107By default, login is allowed for all groups.
108The allow/deny directives are processed in the following order:
109.Cm DenyUsers ,
110.Cm AllowUsers ,
111.Cm DenyGroups ,
112and finally
113.Cm AllowGroups .
114.Pp
115See
116.Sx PATTERNS
117in
118.Xr ssh_config 5
119for more information on patterns.
120.It Cm AllowTcpForwarding
121Specifies whether TCP forwarding is permitted.
122The default is
123.Dq yes .
124Note that disabling TCP forwarding does not improve security unless
125users are also denied shell access, as they can always install their
126own forwarders.
127.It Cm AllowUsers
128This keyword can be followed by a list of user name patterns, separated
129by spaces.
130If specified, login is allowed only for user names that
131match one of the patterns.
132Only user names are valid; a numerical user ID is not recognized.
133By default, login is allowed for all users.
134If the pattern takes the form USER@HOST then USER and HOST
135are separately checked, restricting logins to particular
136users from particular hosts.
137The allow/deny directives are processed in the following order:
138.Cm DenyUsers ,
139.Cm AllowUsers ,
140.Cm DenyGroups ,
141and finally
142.Cm AllowGroups .
143.Pp
144See
145.Sx PATTERNS
146in
147.Xr ssh_config 5
148for more information on patterns.
149.It Cm AuthorizedKeysFile
150Specifies the file that contains the public keys that can be used
151for user authentication.
152.Cm AuthorizedKeysFile
153may contain tokens of the form %T which are substituted during connection
154setup.
155The following tokens are defined: %% is replaced by a literal '%',
156%h is replaced by the home directory of the user being authenticated, and
157%u is replaced by the username of that user.
158After expansion,
159.Cm AuthorizedKeysFile
160is taken to be an absolute path or one relative to the user's home
161directory.
162The default is
163.Dq .ssh/authorized_keys .
164.It Cm Banner
165In some jurisdictions, sending a warning message before authentication
166may be relevant for getting legal protection.
167The contents of the specified file are sent to the remote user before
168authentication is allowed.
169This option is only available for protocol version 2.
170By default, no banner is displayed.
171.It Cm ChallengeResponseAuthentication
172Specifies whether challenge-response authentication is allowed.
173Specifically, in
174.Fx ,
175this controls the use of PAM (see
176.Xr pam 3 )
177for authentication.
178Note that this affects the effectiveness of the
179.Cm PasswordAuthentication
180and
181.Cm PermitRootLogin
182variables.
183The default is
184.Dq yes .
185.It Cm Ciphers
186Specifies the ciphers allowed for protocol version 2.
187Multiple ciphers must be comma-separated.
188The supported ciphers are
189.Dq 3des-cbc ,
190.Dq aes128-cbc ,
191.Dq aes192-cbc ,
192.Dq aes256-cbc ,
193.Dq aes128-ctr ,
194.Dq aes192-ctr ,
195.Dq aes256-ctr ,
196.Dq arcfour128 ,
197.Dq arcfour256 ,
198.Dq arcfour ,
199.Dq blowfish-cbc ,
200and
201.Dq cast128-cbc .
202The default is:
203.Bd -literal -offset 3n
204aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
205arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
206aes192-ctr,aes256-ctr
207.Ed
208.It Cm ClientAliveCountMax
209Sets the number of client alive messages (see below) which may be
210sent without
211.Xr sshd 8
212receiving any messages back from the client.
213If this threshold is reached while client alive messages are being sent,
214sshd will disconnect the client, terminating the session.
215It is important to note that the use of client alive messages is very
216different from
217.Cm TCPKeepAlive
218(below).
219The client alive messages are sent through the encrypted channel
220and therefore will not be spoofable.
221The TCP keepalive option enabled by
222.Cm TCPKeepAlive
223is spoofable.
224The client alive mechanism is valuable when the client or
225server depend on knowing when a connection has become inactive.
226.Pp
227The default value is 3.
228If
229.Cm ClientAliveInterval
230(see below) is set to 15, and
231.Cm ClientAliveCountMax
232is left at the default, unresponsive SSH clients
233will be disconnected after approximately 45 seconds.
234This option applies to protocol version 2 only.
235.It Cm ClientAliveInterval
236Sets a timeout interval in seconds after which if no data has been received
237from the client,
238.Xr sshd 8
239will send a message through the encrypted
240channel to request a response from the client.
241The default
242is 0, indicating that these messages will not be sent to the client.
243This option applies to protocol version 2 only.
244.It Cm Compression
245Specifies whether compression is allowed, or delayed until
246the user has authenticated successfully.
247The argument must be
248.Dq yes ,
249.Dq delayed ,
250or
251.Dq no .
252The default is
253.Dq delayed .
254.It Cm DenyGroups
255This keyword can be followed by a list of group name patterns, separated
256by spaces.
257Login is disallowed for users whose primary group or supplementary
258group list matches one of the patterns.
259Only group names are valid; a numerical group ID is not recognized.
260By default, login is allowed for all groups.
261The allow/deny directives are processed in the following order:
262.Cm DenyUsers ,
263.Cm AllowUsers ,
264.Cm DenyGroups ,
265and finally
266.Cm AllowGroups .
267.Pp
268See
269.Sx PATTERNS
270in
271.Xr ssh_config 5
272for more information on patterns.
273.It Cm DenyUsers
274This keyword can be followed by a list of user name patterns, separated
275by spaces.
276Login is disallowed for user names that match one of the patterns.
277Only user names are valid; a numerical user ID is not recognized.
278By default, login is allowed for all users.
279If the pattern takes the form USER@HOST then USER and HOST
280are separately checked, restricting logins to particular
281users from particular hosts.
282The allow/deny directives are processed in the following order:
283.Cm DenyUsers ,
284.Cm AllowUsers ,
285.Cm DenyGroups ,
286and finally
287.Cm AllowGroups .
288.Pp
289See
290.Sx PATTERNS
291in
292.Xr ssh_config 5
293for more information on patterns.
294.It Cm ForceCommand
295Forces the execution of the command specified by
296.Cm ForceCommand ,
297ignoring any command supplied by the client.
298The command is invoked by using the user's login shell with the -c option.
299This applies to shell, command, or subsystem execution.
300It is most useful inside a
301.Cm Match
302block.
303The command originally supplied by the client is available in the
304.Ev SSH_ORIGINAL_COMMAND
305environment variable.
306.It Cm GatewayPorts
307Specifies whether remote hosts are allowed to connect to ports
308forwarded for the client.
309By default,
310.Xr sshd 8
311binds remote port forwardings to the loopback address.
312This prevents other remote hosts from connecting to forwarded ports.
313.Cm GatewayPorts
314can be used to specify that sshd
315should allow remote port forwardings to bind to non-loopback addresses, thus
316allowing other hosts to connect.
317The argument may be
318.Dq no
319to force remote port forwardings to be available to the local host only,
320.Dq yes
321to force remote port forwardings to bind to the wildcard address, or
322.Dq clientspecified
323to allow the client to select the address to which the forwarding is bound.
324The default is
325.Dq no .
326.It Cm GSSAPIAuthentication
327Specifies whether user authentication based on GSSAPI is allowed.
328The default is
329.Dq no .
330Note that this option applies to protocol version 2 only.
331.It Cm GSSAPICleanupCredentials
332Specifies whether to automatically destroy the user's credentials cache
333on logout.
334The default is
335.Dq yes .
336Note that this option applies to protocol version 2 only.
337.It Cm HostbasedAuthentication
338Specifies whether rhosts or /etc/hosts.equiv authentication together
339with successful public key client host authentication is allowed
340(host-based authentication).
341This option is similar to
342.Cm RhostsRSAAuthentication
343and applies to protocol version 2 only.
344The default is
345.Dq no .
346.It Cm HostbasedUsesNameFromPacketOnly
347Specifies whether or not the server will attempt to perform a reverse
348name lookup when matching the name in the
349.Pa ~/.shosts ,
350.Pa ~/.rhosts ,
351and
352.Pa /etc/hosts.equiv
353files during
354.Cm HostbasedAuthentication .
355A setting of
356.Dq yes
357means that
358.Xr sshd 8
359uses the name supplied by the client rather than
360attempting to resolve the name from the TCP connection itself.
361The default is
362.Dq no .
363.It Cm HostKey
364Specifies a file containing a private host key
365used by SSH.
366The default is
367.Pa /etc/ssh/ssh_host_key
368for protocol version 1, and
369.Pa /etc/ssh/ssh_host_dsa_key
370for protocol version 2.
371Note that
372.Xr sshd 8
373will refuse to use a file if it is group/world-accessible.
374It is possible to have multiple host key files.
375.Dq rsa1
376keys are used for version 1 and
377.Dq dsa
378or
379.Dq rsa
380are used for version 2 of the SSH protocol.
381.It Cm IgnoreRhosts
382Specifies that
383.Pa .rhosts
384and
385.Pa .shosts
386files will not be used in
387.Cm RhostsRSAAuthentication
388or
389.Cm HostbasedAuthentication .
390.Pp
391.Pa /etc/hosts.equiv
392and
393.Pa /etc/ssh/shosts.equiv
394are still used.
395The default is
396.Dq yes .
397.It Cm IgnoreUserKnownHosts
398Specifies whether
399.Xr sshd 8
400should ignore the user's
401.Pa ~/.ssh/known_hosts
402during
403.Cm RhostsRSAAuthentication
404or
405.Cm HostbasedAuthentication .
406The default is
407.Dq no .
408.It Cm KerberosAuthentication
409Specifies whether the password provided by the user for
410.Cm PasswordAuthentication
411will be validated through the Kerberos KDC.
412To use this option, the server needs a
413Kerberos servtab which allows the verification of the KDC's identity.
414The default is
415.Dq no .
416.It Cm KerberosGetAFSToken
417If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire
418an AFS token before accessing the user's home directory.
419The default is
420.Dq no .
421.It Cm KerberosOrLocalPasswd
422If password authentication through Kerberos fails then
423the password will be validated via any additional local mechanism
424such as
425.Pa /etc/passwd .
426The default is
427.Dq yes .
428.It Cm KerberosTicketCleanup
429Specifies whether to automatically destroy the user's ticket cache
430file on logout.
431The default is
432.Dq yes .
433.It Cm KeyRegenerationInterval
434In protocol version 1, the ephemeral server key is automatically regenerated
435after this many seconds (if it has been used).
436The purpose of regeneration is to prevent
437decrypting captured sessions by later breaking into the machine and
438stealing the keys.
439The key is never stored anywhere.
440If the value is 0, the key is never regenerated.
441The default is 3600 (seconds).
442.It Cm ListenAddress
443Specifies the local addresses
444.Xr sshd 8
445should listen on.
446The following forms may be used:
447.Pp
448.Bl -item -offset indent -compact
449.It
450.Cm ListenAddress
451.Sm off
452.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
453.Sm on
454.It
455.Cm ListenAddress
456.Sm off
457.Ar host No | Ar IPv4_addr No : Ar port
458.Sm on
459.It
460.Cm ListenAddress
461.Sm off
462.Oo
463.Ar host No | Ar IPv6_addr Oc : Ar port
464.Sm on
465.El
466.Pp
467If
468.Ar port
469is not specified,
470sshd will listen on the address and all prior
471.Cm Port
472options specified.
473The default is to listen on all local addresses.
474Multiple
475.Cm ListenAddress
476options are permitted.
477Additionally, any
478.Cm Port
479options must precede this option for non-port qualified addresses.
480.It Cm LoginGraceTime
481The server disconnects after this time if the user has not
482successfully logged in.
483If the value is 0, there is no time limit.
484The default is 120 seconds.
485.It Cm LogLevel
486Gives the verbosity level that is used when logging messages from
487.Xr sshd 8 .
488The possible values are:
489QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
490The default is INFO.
491DEBUG and DEBUG1 are equivalent.
492DEBUG2 and DEBUG3 each specify higher levels of debugging output.
493Logging with a DEBUG level violates the privacy of users and is not recommended.
494.It Cm MACs
495Specifies the available MAC (message authentication code) algorithms.
496The MAC algorithm is used in protocol version 2
497for data integrity protection.
498Multiple algorithms must be comma-separated.
499The default is:
500.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
501.It Cm Match
502Introduces a conditional block.
503If all of the criteria on the
504.Cm Match
505line are satisfied, the keywords on the following lines override those
506set in the global section of the config file, until either another
507.Cm Match
508line or the end of the file.
509The arguments to
510.Cm Match
511are one or more criteria-pattern pairs.
512The available criteria are
513.Cm User ,
514.Cm Group ,
515.Cm Host ,
516and
517.Cm Address .
518Only a subset of keywords may be used on the lines following a
519.Cm Match
520keyword.
521Available keywords are
522.Cm AllowTcpForwarding ,
523.Cm ForceCommand ,
524.Cm GatewayPorts ,
525.Cm PermitOpen ,
526.Cm X11DisplayOffset ,
527.Cm X11Forwarding ,
528and
529.Cm X11UseLocalHost .
530.It Cm MaxAuthTries
531Specifies the maximum number of authentication attempts permitted per
532connection.
533Once the number of failures reaches half this value,
534additional failures are logged.
535The default is 6.
536.It Cm MaxStartups
537Specifies the maximum number of concurrent unauthenticated connections to the
538SSH daemon.
539Additional connections will be dropped until authentication succeeds or the
540.Cm LoginGraceTime
541expires for a connection.
542The default is 10.
543.Pp
544Alternatively, random early drop can be enabled by specifying
545the three colon separated values
546.Dq start:rate:full
547(e.g. "10:30:60").
548.Xr sshd 8
549will refuse connection attempts with a probability of
550.Dq rate/100
551(30%)
552if there are currently
553.Dq start
554(10)
555unauthenticated connections.
556The probability increases linearly and all connection attempts
557are refused if the number of unauthenticated connections reaches
558.Dq full
559(60).
560.It Cm PasswordAuthentication
561Specifies whether password authentication is allowed.
562The default is
563.Dq no ,
564unless
565.Nm sshd
566was built without PAM support, in which case the default is
567.Dq yes .
568Note that if
569.Cm ChallengeResponseAuthentication
570is
571.Dq yes ,
572and the PAM authentication policy for
573.Nm sshd
574includes
575.Xr pam_unix 8 ,
576password authentication will be allowed through the challenge-response
577mechanism regardless of the value of
578.Cm PasswordAuthentication .
579.It Cm PermitEmptyPasswords
580When password authentication is allowed, it specifies whether the
581server allows login to accounts with empty password strings.
582The default is
583.Dq no .
584.It Cm PermitOpen
585Specifies the destinations to which TCP port forwarding is permitted.
586The forwarding specification must be one of the following forms:
587.Pp
588.Bl -item -offset indent -compact
589.It
590.Cm PermitOpen
591.Sm off
592.Ar host : port
593.Sm on
594.It
595.Cm PermitOpen
596.Sm off
597.Ar IPv4_addr : port
598.Sm on
599.It
600.Cm PermitOpen
601.Sm off
602.Ar \&[ IPv6_addr \&] : port
603.Sm on
604.El
605.Pp
606Multiple forwards may be specified by separating them with whitespace.
607An argument of
608.Dq any
609can be used to remove all restrictions and permit any forwarding requests.
610By default all port forwarding requests are permitted.
611.It Cm PermitRootLogin
612Specifies whether root can log in using
613.Xr ssh 1 .
614The argument must be
615.Dq yes ,
616.Dq without-password ,
617.Dq forced-commands-only ,
618or
619.Dq no .
620The default is
621.Dq no .
622Note that if
623.Cm ChallengeResponseAuthentication
624is
625.Dq yes ,
626the root user may be allowed in with its password even if
627.Cm PermitRootLogin is set to
628.Dq without-password .
629.Pp
630If this option is set to
631.Dq without-password ,
632password authentication is disabled for root.
633.Pp
634If this option is set to
635.Dq forced-commands-only ,
636root login with public key authentication will be allowed,
637but only if the
638.Ar command
639option has been specified
640(which may be useful for taking remote backups even if root login is
641normally not allowed).
642All other authentication methods are disabled for root.
643.Pp
644If this option is set to
645.Dq no ,
646root is not allowed to log in.
647.It Cm PermitTunnel
648Specifies whether
649.Xr tun 4
650device forwarding is allowed.
651The argument must be
652.Dq yes ,
653.Dq point-to-point
654(layer 3),
655.Dq ethernet
656(layer 2), or
657.Dq no .
658Specifying
659.Dq yes
660permits both
661.Dq point-to-point
662and
663.Dq ethernet .
664The default is
665.Dq no .
666.It Cm PermitUserEnvironment
667Specifies whether
668.Pa ~/.ssh/environment
669and
670.Cm environment=
671options in
672.Pa ~/.ssh/authorized_keys
673are processed by
674.Xr sshd 8 .
675The default is
676.Dq no .
677Enabling environment processing may enable users to bypass access
678restrictions in some configurations using mechanisms such as
679.Ev LD_PRELOAD .
680.It Cm PidFile
681Specifies the file that contains the process ID of the
682SSH daemon.
683The default is
684.Pa /var/run/sshd.pid .
685.It Cm Port
686Specifies the port number that
687.Xr sshd 8
688listens on.
689The default is 22.
690Multiple options of this type are permitted.
691See also
692.Cm ListenAddress .
693.It Cm PrintLastLog
694Specifies whether
695.Xr sshd 8
696should print the date and time of the last user login when a user logs
697in interactively.
698The default is
699.Dq yes .
700.It Cm PrintMotd
701Specifies whether
702.Xr sshd 8
703should print
704.Pa /etc/motd
705when a user logs in interactively.
706(On some systems it is also printed by the shell,
707.Pa /etc/profile ,
708or equivalent.)
709The default is
710.Dq yes .
711.It Cm Protocol
712Specifies the protocol versions
713.Xr sshd 8
714supports.
715The possible values are
716.Sq 1
717and
718.Sq 2 .
719Multiple versions must be comma-separated.
720The default is
721.Dq 2 .
722Note that the order of the protocol list does not indicate preference,
723because the client selects among multiple protocol versions offered
724by the server.
725Specifying
726.Dq 2,1
727is identical to
728.Dq 1,2 .
729.It Cm PubkeyAuthentication
730Specifies whether public key authentication is allowed.
731The default is
732.Dq yes .
733Note that this option applies to protocol version 2 only.
734.It Cm RhostsRSAAuthentication
735Specifies whether rhosts or
736.Pa /etc/hosts.equiv
737authentication together
738with successful RSA host authentication is allowed.
739The default is
740.Dq no .
741This option applies to protocol version 1 only.
742.It Cm RSAAuthentication
743Specifies whether pure RSA authentication is allowed.
744The default is
745.Dq yes .
746This option applies to protocol version 1 only.
747.It Cm ServerKeyBits
748Defines the number of bits in the ephemeral protocol version 1 server key.
749The minimum value is 512, and the default is 768.
750.It Cm StrictModes
751Specifies whether
752.Xr sshd 8
753should check file modes and ownership of the
754user's files and home directory before accepting login.
755This is normally desirable because novices sometimes accidentally leave their
756directory or files world-writable.
757The default is
758.Dq yes .
759.It Cm Subsystem
760Configures an external subsystem (e.g. file transfer daemon).
761Arguments should be a subsystem name and a command (with optional arguments)
762to execute upon subsystem request.
763The command
764.Xr sftp-server 8
765implements the
766.Dq sftp
767file transfer subsystem.
768By default no subsystems are defined.
769Note that this option applies to protocol version 2 only.
770.It Cm SyslogFacility
771Gives the facility code that is used when logging messages from
772.Xr sshd 8 .
773The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
774LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
775The default is AUTH.
776.It Cm TCPKeepAlive
777Specifies whether the system should send TCP keepalive messages to the
778other side.
779If they are sent, death of the connection or crash of one
780of the machines will be properly noticed.
781However, this means that
782connections will die if the route is down temporarily, and some people
783find it annoying.
784On the other hand, if TCP keepalives are not sent,
785sessions may hang indefinitely on the server, leaving
786.Dq ghost
787users and consuming server resources.
788.Pp
789The default is
790.Dq yes
791(to send TCP keepalive messages), and the server will notice
792if the network goes down or the client host crashes.
793This avoids infinitely hanging sessions.
794.Pp
795To disable TCP keepalive messages, the value should be set to
796.Dq no .
797.It Cm UseDNS
798Specifies whether
799.Xr sshd 8
800should look up the remote host name and check that
801the resolved host name for the remote IP address maps back to the
802very same IP address.
803The default is
804.Dq yes .
805.It Cm UseLogin
806Specifies whether
807.Xr login 1
808is used for interactive login sessions.
809The default is
810.Dq no .
811Note that
812.Xr login 1
813is never used for remote command execution.
814Note also, that if this is enabled,
815.Cm X11Forwarding
816will be disabled because
817.Xr login 1
818does not know how to handle
819.Xr xauth 1
820cookies.
821If
822.Cm UsePrivilegeSeparation
823is specified, it will be disabled after authentication.
824.It Cm UsePAM
825Enables the Pluggable Authentication Module interface.
826If set to
827.Dq yes
828this will enable PAM authentication using
829.Cm ChallengeResponseAuthentication
830and
831.Cm PasswordAuthentication
832in addition to PAM account and session module processing for all
833authentication types.
834.Pp
835Because PAM challenge-response authentication usually serves an equivalent
836role to password authentication, you should disable either
837.Cm PasswordAuthentication
838or
839.Cm ChallengeResponseAuthentication.
840.Pp
841If
842.Cm UsePAM
843is enabled, you will not be able to run
844.Xr sshd 8
845as a non-root user.
846The default is
847.Dq yes .
848.It Cm UsePrivilegeSeparation
849Specifies whether
850.Xr sshd 8
851separates privileges by creating an unprivileged child process
852to deal with incoming network traffic.
853After successful authentication, another process will be created that has
854the privilege of the authenticated user.
855The goal of privilege separation is to prevent privilege
856escalation by containing any corruption within the unprivileged processes.
857The default is
858.Dq yes .
859.It Cm VersionAddendum
860Specifies a string to append to the regular version string to identify
861OS- or site-specific modifications.
862The default is
863.Dq FreeBSD-20061110 .
864.It Cm X11DisplayOffset
865Specifies the first display number available for
866.Xr sshd 8 Ns 's
867X11 forwarding.
868This prevents sshd from interfering with real X11 servers.
869The default is 10.
870.It Cm X11Forwarding
871Specifies whether X11 forwarding is permitted.
872The argument must be
873.Dq yes
874or
875.Dq no .
876The default is
877.Dq yes .
878.Pp
879When X11 forwarding is enabled, there may be additional exposure to
880the server and to client displays if the
881.Xr sshd 8
882proxy display is configured to listen on the wildcard address (see
883.Cm X11UseLocalhost
884below), though this is not the default.
885Additionally, the authentication spoofing and authentication data
886verification and substitution occur on the client side.
887The security risk of using X11 forwarding is that the client's X11
888display server may be exposed to attack when the SSH client requests
889forwarding (see the warnings for
890.Cm ForwardX11
891in
892.Xr ssh_config 5 ) .
893A system administrator may have a stance in which they want to
894protect clients that may expose themselves to attack by unwittingly
895requesting X11 forwarding, which can warrant a
896.Dq no
897setting.
898.Pp
899Note that disabling X11 forwarding does not prevent users from
900forwarding X11 traffic, as users can always install their own forwarders.
901X11 forwarding is automatically disabled if
902.Cm UseLogin
903is enabled.
904.It Cm X11UseLocalhost
905Specifies whether
906.Xr sshd 8
907should bind the X11 forwarding server to the loopback address or to
908the wildcard address.
909By default,
910sshd binds the forwarding server to the loopback address and sets the
911hostname part of the
912.Ev DISPLAY
913environment variable to
914.Dq localhost .
915This prevents remote hosts from connecting to the proxy display.
916However, some older X11 clients may not function with this
917configuration.
918.Cm X11UseLocalhost
919may be set to
920.Dq no
921to specify that the forwarding server should be bound to the wildcard
922address.
923The argument must be
924.Dq yes
925or
926.Dq no .
927The default is
928.Dq yes .
929.It Cm XAuthLocation
930Specifies the full pathname of the
931.Xr xauth 1
932program.
933The default is
934.Pa /usr/X11R6/bin/xauth .
935.El
936.Sh TIME FORMATS
937.Xr sshd 8
938command-line arguments and configuration file options that specify time
939may be expressed using a sequence of the form:
940.Sm off
941.Ar time Op Ar qualifier ,
942.Sm on
943where
944.Ar time
945is a positive integer value and
946.Ar qualifier
947is one of the following:
948.Pp
949.Bl -tag -width Ds -compact -offset indent
950.It Aq Cm none
951seconds
952.It Cm s | Cm S
953seconds
954.It Cm m | Cm M
955minutes
956.It Cm h | Cm H
957hours
958.It Cm d | Cm D
959days
960.It Cm w | Cm W
961weeks
962.El
963.Pp
964Each member of the sequence is added together to calculate
965the total time value.
966.Pp
967Time format examples:
968.Pp
969.Bl -tag -width Ds -compact -offset indent
970.It 600
971600 seconds (10 minutes)
972.It 10m
97310 minutes
974.It 1h30m
9751 hour 30 minutes (90 minutes)
976.El
977.Sh FILES
978.Bl -tag -width Ds
979.It Pa /etc/ssh/sshd_config
980Contains configuration data for
981.Xr sshd 8 .
982This file should be writable by root only, but it is recommended
983(though not necessary) that it be world-readable.
984.El
985.Sh SEE ALSO
986.Xr sshd 8
987.Sh AUTHORS
988OpenSSH is a derivative of the original and free
989ssh 1.2.12 release by Tatu Ylonen.
990Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
991Theo de Raadt and Dug Song
992removed many bugs, re-added newer features and
993created OpenSSH.
994Markus Friedl contributed the support for SSH
995protocol versions 1.5 and 2.0.
996Niels Provos and Markus Friedl contributed support
997for privilege separation.
2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
7.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
12.\"
13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
16.\"
17.\" Redistribution and use in source and binary forms, with or without
18.\" modification, are permitted provided that the following conditions
19.\" are met:
20.\" 1. Redistributions of source code must retain the above copyright
21.\" notice, this list of conditions and the following disclaimer.
22.\" 2. Redistributions in binary form must reproduce the above copyright
23.\" notice, this list of conditions and the following disclaimer in the
24.\" documentation and/or other materials provided with the distribution.
25.\"
26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\"
37.\" $OpenBSD: sshd_config.5,v 1.70 2006/08/21 08:14:01 dtucker Exp $
38.\" $FreeBSD: head/crypto/openssh/sshd_config.5 164149 2006-11-10 16:52:41Z des $
39.Dd September 25, 1999
40.Dt SSHD_CONFIG 5
41.Os
42.Sh NAME
43.Nm sshd_config
44.Nd OpenSSH SSH daemon configuration file
45.Sh SYNOPSIS
46.Bl -tag -width Ds -compact
47.It Pa /etc/ssh/sshd_config
48.El
49.Sh DESCRIPTION
50.Xr sshd 8
51reads configuration data from
52.Pa /etc/ssh/sshd_config
53(or the file specified with
54.Fl f
55on the command line).
56The file contains keyword-argument pairs, one per line.
57Lines starting with
58.Ql #
59and empty lines are interpreted as comments.
60Arguments may optionally be enclosed in double quotes
61.Pq \&"
62in order to represent arguments containing spaces.
63.Pp
64The possible
65keywords and their meanings are as follows (note that
66keywords are case-insensitive and arguments are case-sensitive):
67.Bl -tag -width Ds
68.It Cm AcceptEnv
69Specifies what environment variables sent by the client will be copied into
70the session's
71.Xr environ 7 .
72See
73.Cm SendEnv
74in
75.Xr ssh_config 5
76for how to configure the client.
77Note that environment passing is only supported for protocol 2.
78Variables are specified by name, which may contain the wildcard characters
79.Ql *
80and
81.Ql \&? .
82Multiple environment variables may be separated by whitespace or spread
83across multiple
84.Cm AcceptEnv
85directives.
86Be warned that some environment variables could be used to bypass restricted
87user environments.
88For this reason, care should be taken in the use of this directive.
89The default is not to accept any environment variables.
90.It Cm AddressFamily
91Specifies which address family should be used by
92.Xr sshd 8 .
93Valid arguments are
94.Dq any ,
95.Dq inet
96(use IPv4 only), or
97.Dq inet6
98(use IPv6 only).
99The default is
100.Dq any .
101.It Cm AllowGroups
102This keyword can be followed by a list of group name patterns, separated
103by spaces.
104If specified, login is allowed only for users whose primary
105group or supplementary group list matches one of the patterns.
106Only group names are valid; a numerical group ID is not recognized.
107By default, login is allowed for all groups.
108The allow/deny directives are processed in the following order:
109.Cm DenyUsers ,
110.Cm AllowUsers ,
111.Cm DenyGroups ,
112and finally
113.Cm AllowGroups .
114.Pp
115See
116.Sx PATTERNS
117in
118.Xr ssh_config 5
119for more information on patterns.
120.It Cm AllowTcpForwarding
121Specifies whether TCP forwarding is permitted.
122The default is
123.Dq yes .
124Note that disabling TCP forwarding does not improve security unless
125users are also denied shell access, as they can always install their
126own forwarders.
127.It Cm AllowUsers
128This keyword can be followed by a list of user name patterns, separated
129by spaces.
130If specified, login is allowed only for user names that
131match one of the patterns.
132Only user names are valid; a numerical user ID is not recognized.
133By default, login is allowed for all users.
134If the pattern takes the form USER@HOST then USER and HOST
135are separately checked, restricting logins to particular
136users from particular hosts.
137The allow/deny directives are processed in the following order:
138.Cm DenyUsers ,
139.Cm AllowUsers ,
140.Cm DenyGroups ,
141and finally
142.Cm AllowGroups .
143.Pp
144See
145.Sx PATTERNS
146in
147.Xr ssh_config 5
148for more information on patterns.
149.It Cm AuthorizedKeysFile
150Specifies the file that contains the public keys that can be used
151for user authentication.
152.Cm AuthorizedKeysFile
153may contain tokens of the form %T which are substituted during connection
154setup.
155The following tokens are defined: %% is replaced by a literal '%',
156%h is replaced by the home directory of the user being authenticated, and
157%u is replaced by the username of that user.
158After expansion,
159.Cm AuthorizedKeysFile
160is taken to be an absolute path or one relative to the user's home
161directory.
162The default is
163.Dq .ssh/authorized_keys .
164.It Cm Banner
165In some jurisdictions, sending a warning message before authentication
166may be relevant for getting legal protection.
167The contents of the specified file are sent to the remote user before
168authentication is allowed.
169This option is only available for protocol version 2.
170By default, no banner is displayed.
171.It Cm ChallengeResponseAuthentication
172Specifies whether challenge-response authentication is allowed.
173Specifically, in
174.Fx ,
175this controls the use of PAM (see
176.Xr pam 3 )
177for authentication.
178Note that this affects the effectiveness of the
179.Cm PasswordAuthentication
180and
181.Cm PermitRootLogin
182variables.
183The default is
184.Dq yes .
185.It Cm Ciphers
186Specifies the ciphers allowed for protocol version 2.
187Multiple ciphers must be comma-separated.
188The supported ciphers are
189.Dq 3des-cbc ,
190.Dq aes128-cbc ,
191.Dq aes192-cbc ,
192.Dq aes256-cbc ,
193.Dq aes128-ctr ,
194.Dq aes192-ctr ,
195.Dq aes256-ctr ,
196.Dq arcfour128 ,
197.Dq arcfour256 ,
198.Dq arcfour ,
199.Dq blowfish-cbc ,
200and
201.Dq cast128-cbc .
202The default is:
203.Bd -literal -offset 3n
204aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
205arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
206aes192-ctr,aes256-ctr
207.Ed
208.It Cm ClientAliveCountMax
209Sets the number of client alive messages (see below) which may be
210sent without
211.Xr sshd 8
212receiving any messages back from the client.
213If this threshold is reached while client alive messages are being sent,
214sshd will disconnect the client, terminating the session.
215It is important to note that the use of client alive messages is very
216different from
217.Cm TCPKeepAlive
218(below).
219The client alive messages are sent through the encrypted channel
220and therefore will not be spoofable.
221The TCP keepalive option enabled by
222.Cm TCPKeepAlive
223is spoofable.
224The client alive mechanism is valuable when the client or
225server depend on knowing when a connection has become inactive.
226.Pp
227The default value is 3.
228If
229.Cm ClientAliveInterval
230(see below) is set to 15, and
231.Cm ClientAliveCountMax
232is left at the default, unresponsive SSH clients
233will be disconnected after approximately 45 seconds.
234This option applies to protocol version 2 only.
235.It Cm ClientAliveInterval
236Sets a timeout interval in seconds after which if no data has been received
237from the client,
238.Xr sshd 8
239will send a message through the encrypted
240channel to request a response from the client.
241The default
242is 0, indicating that these messages will not be sent to the client.
243This option applies to protocol version 2 only.
244.It Cm Compression
245Specifies whether compression is allowed, or delayed until
246the user has authenticated successfully.
247The argument must be
248.Dq yes ,
249.Dq delayed ,
250or
251.Dq no .
252The default is
253.Dq delayed .
254.It Cm DenyGroups
255This keyword can be followed by a list of group name patterns, separated
256by spaces.
257Login is disallowed for users whose primary group or supplementary
258group list matches one of the patterns.
259Only group names are valid; a numerical group ID is not recognized.
260By default, login is allowed for all groups.
261The allow/deny directives are processed in the following order:
262.Cm DenyUsers ,
263.Cm AllowUsers ,
264.Cm DenyGroups ,
265and finally
266.Cm AllowGroups .
267.Pp
268See
269.Sx PATTERNS
270in
271.Xr ssh_config 5
272for more information on patterns.
273.It Cm DenyUsers
274This keyword can be followed by a list of user name patterns, separated
275by spaces.
276Login is disallowed for user names that match one of the patterns.
277Only user names are valid; a numerical user ID is not recognized.
278By default, login is allowed for all users.
279If the pattern takes the form USER@HOST then USER and HOST
280are separately checked, restricting logins to particular
281users from particular hosts.
282The allow/deny directives are processed in the following order:
283.Cm DenyUsers ,
284.Cm AllowUsers ,
285.Cm DenyGroups ,
286and finally
287.Cm AllowGroups .
288.Pp
289See
290.Sx PATTERNS
291in
292.Xr ssh_config 5
293for more information on patterns.
294.It Cm ForceCommand
295Forces the execution of the command specified by
296.Cm ForceCommand ,
297ignoring any command supplied by the client.
298The command is invoked by using the user's login shell with the -c option.
299This applies to shell, command, or subsystem execution.
300It is most useful inside a
301.Cm Match
302block.
303The command originally supplied by the client is available in the
304.Ev SSH_ORIGINAL_COMMAND
305environment variable.
306.It Cm GatewayPorts
307Specifies whether remote hosts are allowed to connect to ports
308forwarded for the client.
309By default,
310.Xr sshd 8
311binds remote port forwardings to the loopback address.
312This prevents other remote hosts from connecting to forwarded ports.
313.Cm GatewayPorts
314can be used to specify that sshd
315should allow remote port forwardings to bind to non-loopback addresses, thus
316allowing other hosts to connect.
317The argument may be
318.Dq no
319to force remote port forwardings to be available to the local host only,
320.Dq yes
321to force remote port forwardings to bind to the wildcard address, or
322.Dq clientspecified
323to allow the client to select the address to which the forwarding is bound.
324The default is
325.Dq no .
326.It Cm GSSAPIAuthentication
327Specifies whether user authentication based on GSSAPI is allowed.
328The default is
329.Dq no .
330Note that this option applies to protocol version 2 only.
331.It Cm GSSAPICleanupCredentials
332Specifies whether to automatically destroy the user's credentials cache
333on logout.
334The default is
335.Dq yes .
336Note that this option applies to protocol version 2 only.
337.It Cm HostbasedAuthentication
338Specifies whether rhosts or /etc/hosts.equiv authentication together
339with successful public key client host authentication is allowed
340(host-based authentication).
341This option is similar to
342.Cm RhostsRSAAuthentication
343and applies to protocol version 2 only.
344The default is
345.Dq no .
346.It Cm HostbasedUsesNameFromPacketOnly
347Specifies whether or not the server will attempt to perform a reverse
348name lookup when matching the name in the
349.Pa ~/.shosts ,
350.Pa ~/.rhosts ,
351and
352.Pa /etc/hosts.equiv
353files during
354.Cm HostbasedAuthentication .
355A setting of
356.Dq yes
357means that
358.Xr sshd 8
359uses the name supplied by the client rather than
360attempting to resolve the name from the TCP connection itself.
361The default is
362.Dq no .
363.It Cm HostKey
364Specifies a file containing a private host key
365used by SSH.
366The default is
367.Pa /etc/ssh/ssh_host_key
368for protocol version 1, and
369.Pa /etc/ssh/ssh_host_dsa_key
370for protocol version 2.
371Note that
372.Xr sshd 8
373will refuse to use a file if it is group/world-accessible.
374It is possible to have multiple host key files.
375.Dq rsa1
376keys are used for version 1 and
377.Dq dsa
378or
379.Dq rsa
380are used for version 2 of the SSH protocol.
381.It Cm IgnoreRhosts
382Specifies that
383.Pa .rhosts
384and
385.Pa .shosts
386files will not be used in
387.Cm RhostsRSAAuthentication
388or
389.Cm HostbasedAuthentication .
390.Pp
391.Pa /etc/hosts.equiv
392and
393.Pa /etc/ssh/shosts.equiv
394are still used.
395The default is
396.Dq yes .
397.It Cm IgnoreUserKnownHosts
398Specifies whether
399.Xr sshd 8
400should ignore the user's
401.Pa ~/.ssh/known_hosts
402during
403.Cm RhostsRSAAuthentication
404or
405.Cm HostbasedAuthentication .
406The default is
407.Dq no .
408.It Cm KerberosAuthentication
409Specifies whether the password provided by the user for
410.Cm PasswordAuthentication
411will be validated through the Kerberos KDC.
412To use this option, the server needs a
413Kerberos servtab which allows the verification of the KDC's identity.
414The default is
415.Dq no .
416.It Cm KerberosGetAFSToken
417If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire
418an AFS token before accessing the user's home directory.
419The default is
420.Dq no .
421.It Cm KerberosOrLocalPasswd
422If password authentication through Kerberos fails then
423the password will be validated via any additional local mechanism
424such as
425.Pa /etc/passwd .
426The default is
427.Dq yes .
428.It Cm KerberosTicketCleanup
429Specifies whether to automatically destroy the user's ticket cache
430file on logout.
431The default is
432.Dq yes .
433.It Cm KeyRegenerationInterval
434In protocol version 1, the ephemeral server key is automatically regenerated
435after this many seconds (if it has been used).
436The purpose of regeneration is to prevent
437decrypting captured sessions by later breaking into the machine and
438stealing the keys.
439The key is never stored anywhere.
440If the value is 0, the key is never regenerated.
441The default is 3600 (seconds).
442.It Cm ListenAddress
443Specifies the local addresses
444.Xr sshd 8
445should listen on.
446The following forms may be used:
447.Pp
448.Bl -item -offset indent -compact
449.It
450.Cm ListenAddress
451.Sm off
452.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
453.Sm on
454.It
455.Cm ListenAddress
456.Sm off
457.Ar host No | Ar IPv4_addr No : Ar port
458.Sm on
459.It
460.Cm ListenAddress
461.Sm off
462.Oo
463.Ar host No | Ar IPv6_addr Oc : Ar port
464.Sm on
465.El
466.Pp
467If
468.Ar port
469is not specified,
470sshd will listen on the address and all prior
471.Cm Port
472options specified.
473The default is to listen on all local addresses.
474Multiple
475.Cm ListenAddress
476options are permitted.
477Additionally, any
478.Cm Port
479options must precede this option for non-port qualified addresses.
480.It Cm LoginGraceTime
481The server disconnects after this time if the user has not
482successfully logged in.
483If the value is 0, there is no time limit.
484The default is 120 seconds.
485.It Cm LogLevel
486Gives the verbosity level that is used when logging messages from
487.Xr sshd 8 .
488The possible values are:
489QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
490The default is INFO.
491DEBUG and DEBUG1 are equivalent.
492DEBUG2 and DEBUG3 each specify higher levels of debugging output.
493Logging with a DEBUG level violates the privacy of users and is not recommended.
494.It Cm MACs
495Specifies the available MAC (message authentication code) algorithms.
496The MAC algorithm is used in protocol version 2
497for data integrity protection.
498Multiple algorithms must be comma-separated.
499The default is:
500.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
501.It Cm Match
502Introduces a conditional block.
503If all of the criteria on the
504.Cm Match
505line are satisfied, the keywords on the following lines override those
506set in the global section of the config file, until either another
507.Cm Match
508line or the end of the file.
509The arguments to
510.Cm Match
511are one or more criteria-pattern pairs.
512The available criteria are
513.Cm User ,
514.Cm Group ,
515.Cm Host ,
516and
517.Cm Address .
518Only a subset of keywords may be used on the lines following a
519.Cm Match
520keyword.
521Available keywords are
522.Cm AllowTcpForwarding ,
523.Cm ForceCommand ,
524.Cm GatewayPorts ,
525.Cm PermitOpen ,
526.Cm X11DisplayOffset ,
527.Cm X11Forwarding ,
528and
529.Cm X11UseLocalHost .
530.It Cm MaxAuthTries
531Specifies the maximum number of authentication attempts permitted per
532connection.
533Once the number of failures reaches half this value,
534additional failures are logged.
535The default is 6.
536.It Cm MaxStartups
537Specifies the maximum number of concurrent unauthenticated connections to the
538SSH daemon.
539Additional connections will be dropped until authentication succeeds or the
540.Cm LoginGraceTime
541expires for a connection.
542The default is 10.
543.Pp
544Alternatively, random early drop can be enabled by specifying
545the three colon separated values
546.Dq start:rate:full
547(e.g. "10:30:60").
548.Xr sshd 8
549will refuse connection attempts with a probability of
550.Dq rate/100
551(30%)
552if there are currently
553.Dq start
554(10)
555unauthenticated connections.
556The probability increases linearly and all connection attempts
557are refused if the number of unauthenticated connections reaches
558.Dq full
559(60).
560.It Cm PasswordAuthentication
561Specifies whether password authentication is allowed.
562The default is
563.Dq no ,
564unless
565.Nm sshd
566was built without PAM support, in which case the default is
567.Dq yes .
568Note that if
569.Cm ChallengeResponseAuthentication
570is
571.Dq yes ,
572and the PAM authentication policy for
573.Nm sshd
574includes
575.Xr pam_unix 8 ,
576password authentication will be allowed through the challenge-response
577mechanism regardless of the value of
578.Cm PasswordAuthentication .
579.It Cm PermitEmptyPasswords
580When password authentication is allowed, it specifies whether the
581server allows login to accounts with empty password strings.
582The default is
583.Dq no .
584.It Cm PermitOpen
585Specifies the destinations to which TCP port forwarding is permitted.
586The forwarding specification must be one of the following forms:
587.Pp
588.Bl -item -offset indent -compact
589.It
590.Cm PermitOpen
591.Sm off
592.Ar host : port
593.Sm on
594.It
595.Cm PermitOpen
596.Sm off
597.Ar IPv4_addr : port
598.Sm on
599.It
600.Cm PermitOpen
601.Sm off
602.Ar \&[ IPv6_addr \&] : port
603.Sm on
604.El
605.Pp
606Multiple forwards may be specified by separating them with whitespace.
607An argument of
608.Dq any
609can be used to remove all restrictions and permit any forwarding requests.
610By default all port forwarding requests are permitted.
611.It Cm PermitRootLogin
612Specifies whether root can log in using
613.Xr ssh 1 .
614The argument must be
615.Dq yes ,
616.Dq without-password ,
617.Dq forced-commands-only ,
618or
619.Dq no .
620The default is
621.Dq no .
622Note that if
623.Cm ChallengeResponseAuthentication
624is
625.Dq yes ,
626the root user may be allowed in with its password even if
627.Cm PermitRootLogin is set to
628.Dq without-password .
629.Pp
630If this option is set to
631.Dq without-password ,
632password authentication is disabled for root.
633.Pp
634If this option is set to
635.Dq forced-commands-only ,
636root login with public key authentication will be allowed,
637but only if the
638.Ar command
639option has been specified
640(which may be useful for taking remote backups even if root login is
641normally not allowed).
642All other authentication methods are disabled for root.
643.Pp
644If this option is set to
645.Dq no ,
646root is not allowed to log in.
647.It Cm PermitTunnel
648Specifies whether
649.Xr tun 4
650device forwarding is allowed.
651The argument must be
652.Dq yes ,
653.Dq point-to-point
654(layer 3),
655.Dq ethernet
656(layer 2), or
657.Dq no .
658Specifying
659.Dq yes
660permits both
661.Dq point-to-point
662and
663.Dq ethernet .
664The default is
665.Dq no .
666.It Cm PermitUserEnvironment
667Specifies whether
668.Pa ~/.ssh/environment
669and
670.Cm environment=
671options in
672.Pa ~/.ssh/authorized_keys
673are processed by
674.Xr sshd 8 .
675The default is
676.Dq no .
677Enabling environment processing may enable users to bypass access
678restrictions in some configurations using mechanisms such as
679.Ev LD_PRELOAD .
680.It Cm PidFile
681Specifies the file that contains the process ID of the
682SSH daemon.
683The default is
684.Pa /var/run/sshd.pid .
685.It Cm Port
686Specifies the port number that
687.Xr sshd 8
688listens on.
689The default is 22.
690Multiple options of this type are permitted.
691See also
692.Cm ListenAddress .
693.It Cm PrintLastLog
694Specifies whether
695.Xr sshd 8
696should print the date and time of the last user login when a user logs
697in interactively.
698The default is
699.Dq yes .
700.It Cm PrintMotd
701Specifies whether
702.Xr sshd 8
703should print
704.Pa /etc/motd
705when a user logs in interactively.
706(On some systems it is also printed by the shell,
707.Pa /etc/profile ,
708or equivalent.)
709The default is
710.Dq yes .
711.It Cm Protocol
712Specifies the protocol versions
713.Xr sshd 8
714supports.
715The possible values are
716.Sq 1
717and
718.Sq 2 .
719Multiple versions must be comma-separated.
720The default is
721.Dq 2 .
722Note that the order of the protocol list does not indicate preference,
723because the client selects among multiple protocol versions offered
724by the server.
725Specifying
726.Dq 2,1
727is identical to
728.Dq 1,2 .
729.It Cm PubkeyAuthentication
730Specifies whether public key authentication is allowed.
731The default is
732.Dq yes .
733Note that this option applies to protocol version 2 only.
734.It Cm RhostsRSAAuthentication
735Specifies whether rhosts or
736.Pa /etc/hosts.equiv
737authentication together
738with successful RSA host authentication is allowed.
739The default is
740.Dq no .
741This option applies to protocol version 1 only.
742.It Cm RSAAuthentication
743Specifies whether pure RSA authentication is allowed.
744The default is
745.Dq yes .
746This option applies to protocol version 1 only.
747.It Cm ServerKeyBits
748Defines the number of bits in the ephemeral protocol version 1 server key.
749The minimum value is 512, and the default is 768.
750.It Cm StrictModes
751Specifies whether
752.Xr sshd 8
753should check file modes and ownership of the
754user's files and home directory before accepting login.
755This is normally desirable because novices sometimes accidentally leave their
756directory or files world-writable.
757The default is
758.Dq yes .
759.It Cm Subsystem
760Configures an external subsystem (e.g. file transfer daemon).
761Arguments should be a subsystem name and a command (with optional arguments)
762to execute upon subsystem request.
763The command
764.Xr sftp-server 8
765implements the
766.Dq sftp
767file transfer subsystem.
768By default no subsystems are defined.
769Note that this option applies to protocol version 2 only.
770.It Cm SyslogFacility
771Gives the facility code that is used when logging messages from
772.Xr sshd 8 .
773The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
774LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
775The default is AUTH.
776.It Cm TCPKeepAlive
777Specifies whether the system should send TCP keepalive messages to the
778other side.
779If they are sent, death of the connection or crash of one
780of the machines will be properly noticed.
781However, this means that
782connections will die if the route is down temporarily, and some people
783find it annoying.
784On the other hand, if TCP keepalives are not sent,
785sessions may hang indefinitely on the server, leaving
786.Dq ghost
787users and consuming server resources.
788.Pp
789The default is
790.Dq yes
791(to send TCP keepalive messages), and the server will notice
792if the network goes down or the client host crashes.
793This avoids infinitely hanging sessions.
794.Pp
795To disable TCP keepalive messages, the value should be set to
796.Dq no .
797.It Cm UseDNS
798Specifies whether
799.Xr sshd 8
800should look up the remote host name and check that
801the resolved host name for the remote IP address maps back to the
802very same IP address.
803The default is
804.Dq yes .
805.It Cm UseLogin
806Specifies whether
807.Xr login 1
808is used for interactive login sessions.
809The default is
810.Dq no .
811Note that
812.Xr login 1
813is never used for remote command execution.
814Note also, that if this is enabled,
815.Cm X11Forwarding
816will be disabled because
817.Xr login 1
818does not know how to handle
819.Xr xauth 1
820cookies.
821If
822.Cm UsePrivilegeSeparation
823is specified, it will be disabled after authentication.
824.It Cm UsePAM
825Enables the Pluggable Authentication Module interface.
826If set to
827.Dq yes
828this will enable PAM authentication using
829.Cm ChallengeResponseAuthentication
830and
831.Cm PasswordAuthentication
832in addition to PAM account and session module processing for all
833authentication types.
834.Pp
835Because PAM challenge-response authentication usually serves an equivalent
836role to password authentication, you should disable either
837.Cm PasswordAuthentication
838or
839.Cm ChallengeResponseAuthentication.
840.Pp
841If
842.Cm UsePAM
843is enabled, you will not be able to run
844.Xr sshd 8
845as a non-root user.
846The default is
847.Dq yes .
848.It Cm UsePrivilegeSeparation
849Specifies whether
850.Xr sshd 8
851separates privileges by creating an unprivileged child process
852to deal with incoming network traffic.
853After successful authentication, another process will be created that has
854the privilege of the authenticated user.
855The goal of privilege separation is to prevent privilege
856escalation by containing any corruption within the unprivileged processes.
857The default is
858.Dq yes .
859.It Cm VersionAddendum
860Specifies a string to append to the regular version string to identify
861OS- or site-specific modifications.
862The default is
863.Dq FreeBSD-20061110 .
864.It Cm X11DisplayOffset
865Specifies the first display number available for
866.Xr sshd 8 Ns 's
867X11 forwarding.
868This prevents sshd from interfering with real X11 servers.
869The default is 10.
870.It Cm X11Forwarding
871Specifies whether X11 forwarding is permitted.
872The argument must be
873.Dq yes
874or
875.Dq no .
876The default is
877.Dq yes .
878.Pp
879When X11 forwarding is enabled, there may be additional exposure to
880the server and to client displays if the
881.Xr sshd 8
882proxy display is configured to listen on the wildcard address (see
883.Cm X11UseLocalhost
884below), though this is not the default.
885Additionally, the authentication spoofing and authentication data
886verification and substitution occur on the client side.
887The security risk of using X11 forwarding is that the client's X11
888display server may be exposed to attack when the SSH client requests
889forwarding (see the warnings for
890.Cm ForwardX11
891in
892.Xr ssh_config 5 ) .
893A system administrator may have a stance in which they want to
894protect clients that may expose themselves to attack by unwittingly
895requesting X11 forwarding, which can warrant a
896.Dq no
897setting.
898.Pp
899Note that disabling X11 forwarding does not prevent users from
900forwarding X11 traffic, as users can always install their own forwarders.
901X11 forwarding is automatically disabled if
902.Cm UseLogin
903is enabled.
904.It Cm X11UseLocalhost
905Specifies whether
906.Xr sshd 8
907should bind the X11 forwarding server to the loopback address or to
908the wildcard address.
909By default,
910sshd binds the forwarding server to the loopback address and sets the
911hostname part of the
912.Ev DISPLAY
913environment variable to
914.Dq localhost .
915This prevents remote hosts from connecting to the proxy display.
916However, some older X11 clients may not function with this
917configuration.
918.Cm X11UseLocalhost
919may be set to
920.Dq no
921to specify that the forwarding server should be bound to the wildcard
922address.
923The argument must be
924.Dq yes
925or
926.Dq no .
927The default is
928.Dq yes .
929.It Cm XAuthLocation
930Specifies the full pathname of the
931.Xr xauth 1
932program.
933The default is
934.Pa /usr/X11R6/bin/xauth .
935.El
936.Sh TIME FORMATS
937.Xr sshd 8
938command-line arguments and configuration file options that specify time
939may be expressed using a sequence of the form:
940.Sm off
941.Ar time Op Ar qualifier ,
942.Sm on
943where
944.Ar time
945is a positive integer value and
946.Ar qualifier
947is one of the following:
948.Pp
949.Bl -tag -width Ds -compact -offset indent
950.It Aq Cm none
951seconds
952.It Cm s | Cm S
953seconds
954.It Cm m | Cm M
955minutes
956.It Cm h | Cm H
957hours
958.It Cm d | Cm D
959days
960.It Cm w | Cm W
961weeks
962.El
963.Pp
964Each member of the sequence is added together to calculate
965the total time value.
966.Pp
967Time format examples:
968.Pp
969.Bl -tag -width Ds -compact -offset indent
970.It 600
971600 seconds (10 minutes)
972.It 10m
97310 minutes
974.It 1h30m
9751 hour 30 minutes (90 minutes)
976.El
977.Sh FILES
978.Bl -tag -width Ds
979.It Pa /etc/ssh/sshd_config
980Contains configuration data for
981.Xr sshd 8 .
982This file should be writable by root only, but it is recommended
983(though not necessary) that it be world-readable.
984.El
985.Sh SEE ALSO
986.Xr sshd 8
987.Sh AUTHORS
988OpenSSH is a derivative of the original and free
989ssh 1.2.12 release by Tatu Ylonen.
990Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
991Theo de Raadt and Dug Song
992removed many bugs, re-added newer features and
993created OpenSSH.
994Markus Friedl contributed the support for SSH
995protocol versions 1.5 and 2.0.
996Niels Provos and Markus Friedl contributed support
997for privilege separation.