1180740SdesSSHD(8) OpenBSD System Manager's Manual SSHD(8) 2180740Sdes 3180740SdesNAME 4180740Sdes sshd - OpenSSH SSH daemon 5180740Sdes 6180740SdesSYNOPSIS 7204861Sdes sshd [-46DdeiqTt] [-b bits] [-C connection_spec] 8255670Sdes [-c host_certificate_file] [-E log_file] [-f config_file] 9255670Sdes [-g login_grace_time] [-h host_key_file] [-k key_gen_time] 10255670Sdes [-o option] [-p port] [-u len] 11180740Sdes 12180740SdesDESCRIPTION 13180740Sdes sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these 14214979Sdes programs replace rlogin(1) and rsh(1), and provide secure encrypted 15214979Sdes communications between two untrusted hosts over an insecure network. 16180740Sdes 17180740Sdes sshd listens for connections from clients. It is normally started at 18180740Sdes boot from /etc/rc. It forks a new daemon for each incoming connection. 19214979Sdes The forked daemons handle key exchange, encryption, authentication, 20214979Sdes command execution, and data exchange. 21180740Sdes 22180740Sdes sshd can be configured using command-line options or a configuration file 23214979Sdes (by default sshd_config(5)); command-line options override values 24214979Sdes specified in the configuration file. sshd rereads its configuration file 25214979Sdes when it receives a hangup signal, SIGHUP, by executing itself with the 26214979Sdes name and options it was started with, e.g. /usr/sbin/sshd. 27180740Sdes 28180740Sdes The options are as follows: 29180740Sdes 30180740Sdes -4 Forces sshd to use IPv4 addresses only. 31180740Sdes 32180740Sdes -6 Forces sshd to use IPv6 addresses only. 33180740Sdes 34180740Sdes -b bits 35180740Sdes Specifies the number of bits in the ephemeral protocol version 1 36180750Sdes server key (default 1024). 37180740Sdes 38180750Sdes -C connection_spec 39180750Sdes Specify the connection parameters to use for the -T extended test 40180750Sdes mode. If provided, any Match directives in the configuration 41180750Sdes file that would apply to the specified user, host, and address 42214979Sdes will be set before the configuration is written to standard 43214979Sdes output. The connection parameters are supplied as keyword=value 44239849Sdes pairs. The keywords are ``user'', ``host'', ``laddr'', 45239849Sdes ``lport'', and ``addr''. All are required and may be supplied in 46239849Sdes any order, either with multiple -C options or as a comma- 47239849Sdes separated list. 48180750Sdes 49204861Sdes -c host_certificate_file 50204861Sdes Specifies a path to a certificate file to identify sshd during 51204861Sdes key exchange. The certificate file must match a host key file 52214979Sdes specified using the -h option or the HostKey configuration 53214979Sdes directive. 54204861Sdes 55180740Sdes -D When this option is specified, sshd will not detach and does not 56180740Sdes become a daemon. This allows easy monitoring of sshd. 57180740Sdes 58204861Sdes -d Debug mode. The server sends verbose debug output to standard 59214979Sdes error, and does not put itself in the background. The server 60214979Sdes also will not fork and will only process one connection. This 61214979Sdes option is only intended for debugging for the server. Multiple 62214979Sdes -d options increase the debugging level. Maximum is 3. 63180740Sdes 64255670Sdes -E log_file 65255670Sdes Append debug logs to log_file instead of the system log. 66180740Sdes 67255670Sdes -e Write debug logs to standard error instead of the system log. 68255670Sdes 69180744Sdes -f config_file 70180740Sdes Specifies the name of the configuration file. The default is 71214979Sdes /etc/ssh/sshd_config. sshd refuses to start if there is no 72214979Sdes configuration file. 73180740Sdes 74180740Sdes -g login_grace_time 75214979Sdes Gives the grace time for clients to authenticate themselves 76214979Sdes (default 120 seconds). If the client fails to authenticate the 77214979Sdes user within this many seconds, the server disconnects and exits. 78214979Sdes A value of zero indicates no limit. 79180740Sdes 80180740Sdes -h host_key_file 81180740Sdes Specifies a file from which a host key is read. This option must 82180740Sdes be given if sshd is not run as root (as the normal host key files 83180740Sdes are normally not readable by anyone but root). The default is 84180740Sdes /etc/ssh/ssh_host_key for protocol version 1, and 85262566Sdes /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key. 86262566Sdes /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for 87262566Sdes protocol version 2. It is possible to have multiple host key 88262566Sdes files for the different protocol versions and host key 89262566Sdes algorithms. 90180740Sdes 91180740Sdes -i Specifies that sshd is being run from inetd(8). sshd is normally 92180740Sdes not run from inetd because it needs to generate the server key 93180740Sdes before it can respond to the client, and this may take tens of 94214979Sdes seconds. Clients would have to wait too long if the key was 95214979Sdes regenerated every time. However, with small key sizes (e.g. 512) 96180740Sdes using sshd from inetd may be feasible. 97180740Sdes 98180740Sdes -k key_gen_time 99180740Sdes Specifies how often the ephemeral protocol version 1 server key 100214979Sdes is regenerated (default 3600 seconds, or one hour). The 101214979Sdes motivation for regenerating the key fairly often is that the key 102214979Sdes is not stored anywhere, and after about an hour it becomes 103214979Sdes impossible to recover the key for decrypting intercepted 104214979Sdes communications even if the machine is cracked into or physically 105214979Sdes seized. A value of zero indicates that the key will never be 106214979Sdes regenerated. 107180740Sdes 108180740Sdes -o option 109214979Sdes Can be used to give options in the format used in the 110214979Sdes configuration file. This is useful for specifying options for 111214979Sdes which there is no separate command-line flag. For full details 112214979Sdes of the options, and their values, see sshd_config(5). 113180740Sdes 114180740Sdes -p port 115180740Sdes Specifies the port on which the server listens for connections 116214979Sdes (default 22). Multiple port options are permitted. Ports 117214979Sdes specified in the configuration file with the Port option are 118214979Sdes ignored when a command-line port is specified. Ports specified 119214979Sdes using the ListenAddress option override command-line ports. 120180740Sdes 121214979Sdes -q Quiet mode. Nothing is sent to the system log. Normally the 122214979Sdes beginning, authentication, and termination of each connection is 123180740Sdes logged. 124180740Sdes 125180750Sdes -T Extended test mode. Check the validity of the configuration 126180750Sdes file, output the effective configuration to stdout and then exit. 127214979Sdes Optionally, Match rules may be applied by specifying the 128214979Sdes connection parameters using one or more -C options. 129180750Sdes 130180740Sdes -t Test mode. Only check the validity of the configuration file and 131180740Sdes sanity of the keys. This is useful for updating sshd reliably as 132180740Sdes configuration options may change. 133180740Sdes 134180740Sdes -u len This option is used to specify the size of the field in the utmp 135180740Sdes structure that holds the remote host name. If the resolved host 136180740Sdes name is longer than len, the dotted decimal value will be used 137214979Sdes instead. This allows hosts with very long host names that 138214979Sdes overflow this field to still be uniquely identified. Specifying 139214979Sdes -u0 indicates that only dotted decimal addresses should be put 140214979Sdes into the utmp file. -u0 may also be used to prevent sshd from 141214979Sdes making DNS requests unless the authentication mechanism or 142214979Sdes configuration requires it. Authentication mechanisms that may 143214979Sdes require DNS include RhostsRSAAuthentication, 144214979Sdes HostbasedAuthentication, and using a from="pattern-list" option 145214979Sdes in a key file. Configuration options that require DNS include 146214979Sdes using a USER@HOST pattern in AllowUsers or DenyUsers. 147180740Sdes 148180740SdesAUTHENTICATION 149204861Sdes The OpenSSH SSH daemon supports SSH protocols 1 and 2. The default is to 150204861Sdes use protocol 2 only, though this can be changed via the Protocol option 151262566Sdes in sshd_config(5). Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys; 152262566Sdes protocol 1 only supports RSA keys. For both protocols, each host has a 153262566Sdes host-specific key, normally 2048 bits, used to identify the host. 154180740Sdes 155180740Sdes Forward security for protocol 1 is provided through an additional server 156180740Sdes key, normally 768 bits, generated when the server starts. This key is 157180740Sdes normally regenerated every hour if it has been used, and is never stored 158180740Sdes on disk. Whenever a client connects, the daemon responds with its public 159180740Sdes host and server keys. The client compares the RSA host key against its 160214979Sdes own database to verify that it has not changed. The client then 161214979Sdes generates a 256-bit random number. It encrypts this random number using 162214979Sdes both the host key and the server key, and sends the encrypted number to 163214979Sdes the server. Both sides then use this random number as a session key 164214979Sdes which is used to encrypt all further communications in the session. The 165214979Sdes rest of the session is encrypted using a conventional cipher, currently 166214979Sdes Blowfish or 3DES, with 3DES being used by default. The client selects 167214979Sdes the encryption algorithm to use from those offered by the server. 168180740Sdes 169180740Sdes For protocol 2, forward security is provided through a Diffie-Hellman key 170180740Sdes agreement. This key agreement results in a shared session key. The rest 171180740Sdes of the session is encrypted using a symmetric cipher, currently 128-bit 172180740Sdes AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The 173180740Sdes client selects the encryption algorithm to use from those offered by the 174214979Sdes server. Additionally, session integrity is provided through a 175225825Sdes cryptographic message authentication code (hmac-md5, hmac-sha1, umac-64, 176248613Sdes umac-128, hmac-ripemd160, hmac-sha2-256 or hmac-sha2-512). 177180740Sdes 178180740Sdes Finally, the server and the client enter an authentication dialog. The 179214979Sdes client tries to authenticate itself using host-based authentication, 180214979Sdes public key authentication, challenge-response authentication, or password 181180740Sdes authentication. 182180740Sdes 183180740Sdes Regardless of the authentication type, the account is checked to ensure 184180740Sdes that it is accessible. An account is not accessible if it is locked, 185214979Sdes listed in DenyUsers or its group is listed in DenyGroups . The 186214979Sdes definition of a locked account is system dependant. Some platforms have 187214979Sdes their own account database (eg AIX) and some modify the passwd field ( 188214979Sdes `*LK*' on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on 189214979Sdes Tru64, a leading `*LOCKED*' on FreeBSD and a leading `!' on most 190214979Sdes Linuxes). If there is a requirement to disable password authentication 191214979Sdes for the account while allowing still public-key, then the passwd field 192214979Sdes should be set to something other than these values (eg `NP' or `*NP*' ). 193180740Sdes 194180740Sdes If the client successfully authenticates itself, a dialog for preparing 195180740Sdes the session is entered. At this time the client may request things like 196214979Sdes allocating a pseudo-tty, forwarding X11 connections, forwarding TCP 197214979Sdes connections, or forwarding the authentication agent connection over the 198214979Sdes secure channel. 199180740Sdes 200180740Sdes After this, the client either requests a shell or execution of a command. 201180740Sdes The sides then enter session mode. In this mode, either side may send 202180740Sdes data at any time, and such data is forwarded to/from the shell or command 203180740Sdes on the server side, and the user terminal in the client side. 204180740Sdes 205214979Sdes When the user program terminates and all forwarded X11 and other 206214979Sdes connections have been closed, the server sends command exit status to the 207180740Sdes client, and both sides exit. 208180740Sdes 209180740SdesLOGIN PROCESS 210180740Sdes When a user successfully logs in, sshd does the following: 211180740Sdes 212180740Sdes 1. If the login is on a tty, and no command has been specified, 213180740Sdes prints last login time and /etc/motd (unless prevented in the 214180740Sdes configuration file or by ~/.hushlogin; see the FILES section). 215180740Sdes 216180740Sdes 2. If the login is on a tty, records login time. 217180740Sdes 218180740Sdes 3. Checks /etc/nologin; if it exists, prints contents and quits 219180740Sdes (unless root). 220180740Sdes 221180740Sdes 4. Changes to run with normal user privileges. 222180740Sdes 223180740Sdes 5. Sets up basic environment. 224180740Sdes 225180740Sdes 6. Reads the file ~/.ssh/environment, if it exists, and users are 226180740Sdes allowed to change their environment. See the 227180740Sdes PermitUserEnvironment option in sshd_config(5). 228180740Sdes 229180740Sdes 7. Changes to user's home directory. 230180740Sdes 231180740Sdes 8. If ~/.ssh/rc exists, runs it; else if /etc/ssh/sshrc exists, 232180740Sdes runs it; otherwise runs xauth. The ``rc'' files are given the 233180740Sdes X11 authentication protocol and cookie in standard input. See 234180740Sdes SSHRC, below. 235180740Sdes 236180740Sdes 9. Runs user's shell or command. 237180740Sdes 238180740SdesSSHRC 239180740Sdes If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment 240214979Sdes files but before starting the user's shell or command. It must not 241214979Sdes produce any output on stdout; stderr must be used instead. If X11 242214979Sdes forwarding is in use, it will receive the "proto cookie" pair in its 243214979Sdes standard input (and DISPLAY in its environment). The script must call 244214979Sdes xauth(1) because sshd will not run xauth automatically to add X11 245214979Sdes cookies. 246180740Sdes 247180740Sdes The primary purpose of this file is to run any initialization routines 248180740Sdes which may be needed before the user's home directory becomes accessible; 249180740Sdes AFS is a particular example of such an environment. 250180740Sdes 251180740Sdes This file will probably contain some initialization code followed by 252180740Sdes something similar to: 253180740Sdes 254180740Sdes if read proto cookie && [ -n "$DISPLAY" ]; then 255180740Sdes if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then 256180740Sdes # X11UseLocalhost=yes 257180740Sdes echo add unix:`echo $DISPLAY | 258180740Sdes cut -c11-` $proto $cookie 259180740Sdes else 260180740Sdes # X11UseLocalhost=no 261180740Sdes echo add $DISPLAY $proto $cookie 262180740Sdes fi | xauth -q - 263180740Sdes fi 264180740Sdes 265180740Sdes If this file does not exist, /etc/ssh/sshrc is run, and if that does not 266180740Sdes exist either, xauth is used to add the cookie. 267180740Sdes 268180740SdesAUTHORIZED_KEYS FILE FORMAT 269225825Sdes AuthorizedKeysFile specifies the files containing public keys for public 270180740Sdes key authentication; if none is specified, the default is 271225825Sdes ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. Each line of the 272225825Sdes file contains one key (empty lines and lines starting with a `#' are 273225825Sdes ignored as comments). Protocol 1 public keys consist of the following 274225825Sdes space-separated fields: options, bits, exponent, modulus, comment. 275225825Sdes Protocol 2 public key consist of: options, keytype, base64-encoded key, 276225825Sdes comment. The options field is optional; its presence is determined by 277225825Sdes whether the line starts with a number or not (the options field never 278225825Sdes starts with a number). The bits, exponent, modulus, and comment fields 279225825Sdes give the RSA key for protocol version 1; the comment field is not used 280225825Sdes for anything (but may be convenient for the user to identify the key). 281225825Sdes For protocol version 2 the keytype is ``ecdsa-sha2-nistp256'', 282262566Sdes ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-ed25519'', 283262566Sdes ``ssh-dss'' or ``ssh-rsa''. 284180740Sdes 285214979Sdes Note that lines in this file are usually several hundred bytes long 286214979Sdes (because of the size of the public key encoding) up to a limit of 8 287214979Sdes kilobytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 288180740Sdes kilobits. You don't want to type them in; instead, copy the 289262566Sdes identity.pub, id_dsa.pub, id_ecdsa.pub, id_ed25519.pub, or the id_rsa.pub 290262566Sdes file and edit it. 291180740Sdes 292180740Sdes sshd enforces a minimum RSA key modulus size for protocol 1 and protocol 293180740Sdes 2 keys of 768 bits. 294180740Sdes 295214979Sdes The options (if present) consist of comma-separated option 296214979Sdes specifications. No spaces are permitted, except within double quotes. 297214979Sdes The following option specifications are supported (note that option 298214979Sdes keywords are case-insensitive): 299180740Sdes 300204861Sdes cert-authority 301204861Sdes Specifies that the listed key is a certification authority (CA) 302214979Sdes that is trusted to validate signed certificates for user 303214979Sdes authentication. 304204861Sdes 305204861Sdes Certificates may encode access restrictions similar to these key 306204861Sdes options. If both certificate restrictions and key options are 307204861Sdes present, the most restrictive union of the two is applied. 308204861Sdes 309180740Sdes command="command" 310180740Sdes Specifies that the command is executed whenever this key is used 311180740Sdes for authentication. The command supplied by the user (if any) is 312180740Sdes ignored. The command is run on a pty if the client requests a 313214979Sdes pty; otherwise it is run without a tty. If an 8-bit clean 314214979Sdes channel is required, one must not request a pty or should specify 315214979Sdes no-pty. A quote may be included in the command by quoting it 316214979Sdes with a backslash. This option might be useful to restrict 317214979Sdes certain public keys to perform just a specific operation. An 318214979Sdes example might be a key that permits remote backups but nothing 319214979Sdes else. Note that the client may specify TCP and/or X11 forwarding 320214979Sdes unless they are explicitly prohibited. The command originally 321214979Sdes supplied by the client is available in the SSH_ORIGINAL_COMMAND 322214979Sdes environment variable. Note that this option applies to shell, 323214979Sdes command or subsystem execution. Also note that this command may 324214979Sdes be superseded by either a sshd_config(5) ForceCommand directive 325214979Sdes or a command embedded in a certificate. 326180740Sdes 327180740Sdes environment="NAME=value" 328180740Sdes Specifies that the string is to be added to the environment when 329180740Sdes logging in using this key. Environment variables set this way 330180740Sdes override other default environment values. Multiple options of 331180740Sdes this type are permitted. Environment processing is disabled by 332180740Sdes default and is controlled via the PermitUserEnvironment option. 333180740Sdes This option is automatically disabled if UseLogin is enabled. 334180740Sdes 335180740Sdes from="pattern-list" 336180750Sdes Specifies that in addition to public key authentication, either 337180750Sdes the canonical name of the remote host or its IP address must be 338180750Sdes present in the comma-separated list of patterns. See PATTERNS in 339180750Sdes ssh_config(5) for more information on patterns. 340180740Sdes 341214979Sdes In addition to the wildcard matching that may be applied to 342214979Sdes hostnames or addresses, a from stanza may match IP addresses 343214979Sdes using CIDR address/masklen notation. 344180740Sdes 345180750Sdes The purpose of this option is to optionally increase security: 346180750Sdes public key authentication by itself does not trust the network or 347180750Sdes name servers or anything (but the key); however, if somebody 348180750Sdes somehow steals the key, the key permits an intruder to log in 349180750Sdes from anywhere in the world. This additional option makes using a 350180750Sdes stolen key more difficult (name servers and/or routers would have 351180750Sdes to be compromised in addition to just the key). 352180750Sdes 353180740Sdes no-agent-forwarding 354180740Sdes Forbids authentication agent forwarding when this key is used for 355180740Sdes authentication. 356180740Sdes 357180740Sdes no-port-forwarding 358180740Sdes Forbids TCP forwarding when this key is used for authentication. 359180740Sdes Any port forward requests by the client will return an error. 360180740Sdes This might be used, e.g. in connection with the command option. 361180740Sdes 362180740Sdes no-pty Prevents tty allocation (a request to allocate a pty will fail). 363180740Sdes 364180746Sdes no-user-rc 365180746Sdes Disables execution of ~/.ssh/rc. 366180746Sdes 367180740Sdes no-X11-forwarding 368180740Sdes Forbids X11 forwarding when this key is used for authentication. 369180740Sdes Any X11 forward requests by the client will return an error. 370180740Sdes 371180740Sdes permitopen="host:port" 372214979Sdes Limit local ``ssh -L'' port forwarding such that it may only 373214979Sdes connect to the specified host and port. IPv6 addresses can be 374214979Sdes specified by enclosing the address in square brackets. Multiple 375214979Sdes permitopen options may be applied separated by commas. No 376214979Sdes pattern matching is performed on the specified hostnames, they 377239844Sdes must be literal domains or addresses. A port specification of * 378239844Sdes matches any port. 379180740Sdes 380214979Sdes principals="principals" 381214979Sdes On a cert-authority line, specifies allowed principals for 382214979Sdes certificate authentication as a comma-separated list. At least 383214979Sdes one name from the list must appear in the certificate's list of 384214979Sdes principals for the certificate to be accepted. This option is 385214979Sdes ignored for keys that are not marked as trusted certificate 386214979Sdes signers using the cert-authority option. 387214979Sdes 388180740Sdes tunnel="n" 389180740Sdes Force a tun(4) device on the server. Without this option, the 390214979Sdes next available device will be used if the client requests a 391214979Sdes tunnel. 392180740Sdes 393180740Sdes An example authorized_keys file: 394180740Sdes 395180740Sdes # Comments allowed at start of line 396180740Sdes ssh-rsa AAAAB3Nza...LiPk== user@example.net 397180740Sdes from="*.sales.example.net,!pc.sales.example.net" ssh-rsa 398180740Sdes AAAAB2...19Q== john@example.net 399180740Sdes command="dump /home",no-pty,no-port-forwarding ssh-dss 400180740Sdes AAAAC3...51R== example.net 401180740Sdes permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss 402180740Sdes AAAAB5...21S== 403180740Sdes tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== 404180740Sdes jane@example.net 405180740Sdes 406180740SdesSSH_KNOWN_HOSTS FILE FORMAT 407180740Sdes The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host 408180740Sdes public keys for all known hosts. The global file should be prepared by 409214979Sdes the administrator (optional), and the per-user file is maintained 410214979Sdes automatically: whenever the user connects from an unknown host, its key 411214979Sdes is added to the per-user file. 412180740Sdes 413214979Sdes Each line in these files contains the following fields: markers 414214979Sdes (optional), hostnames, bits, exponent, modulus, comment. The fields are 415214979Sdes separated by spaces. 416180740Sdes 417204861Sdes The marker is optional, but if it is present then it must be one of 418204861Sdes ``@cert-authority'', to indicate that the line contains a certification 419204861Sdes authority (CA) key, or ``@revoked'', to indicate that the key contained 420204861Sdes on the line is revoked and must not ever be accepted. Only one marker 421204861Sdes should be used on a key line. 422204861Sdes 423214979Sdes Hostnames is a comma-separated list of patterns (`*' and `?' act as 424214979Sdes wildcards); each pattern in turn is matched against the canonical host 425214979Sdes name (when authenticating a client) or against the user-supplied name 426214979Sdes (when authenticating a server). A pattern may also be preceded by `!' to 427214979Sdes indicate negation: if the host name matches a negated pattern, it is not 428214979Sdes accepted (by that line) even if it matched another pattern on the line. 429214979Sdes A hostname or address may optionally be enclosed within `[' and `]' 430214979Sdes brackets then followed by `:' and a non-standard port number. 431180740Sdes 432180740Sdes Alternately, hostnames may be stored in a hashed form which hides host 433180740Sdes names and addresses should the file's contents be disclosed. Hashed 434214979Sdes hostnames start with a `|' character. Only one hashed hostname may 435214979Sdes appear on a single line and none of the above negation or wildcard 436214979Sdes operators may be applied. 437180740Sdes 438180740Sdes Bits, exponent, and modulus are taken directly from the RSA host key; 439180740Sdes they can be obtained, for example, from /etc/ssh/ssh_host_key.pub. The 440180740Sdes optional comment field continues to the end of the line, and is not used. 441180740Sdes 442180740Sdes Lines starting with `#' and empty lines are ignored as comments. 443180740Sdes 444180740Sdes When performing host authentication, authentication is accepted if any 445204861Sdes matching line has the proper key; either one that matches exactly or, if 446204861Sdes the server has presented a certificate for authentication, the key of the 447204861Sdes certification authority that signed the certificate. For a key to be 448204861Sdes trusted as a certification authority, it must use the ``@cert-authority'' 449204861Sdes marker described above. 450180740Sdes 451204861Sdes The known hosts file also provides a facility to mark keys as revoked, 452204861Sdes for example when it is known that the associated private key has been 453204861Sdes stolen. Revoked keys are specified by including the ``@revoked'' marker 454214979Sdes at the beginning of the key line, and are never accepted for 455214979Sdes authentication or as certification authorities, but instead will produce 456214979Sdes a warning from ssh(1) when they are encountered. 457204861Sdes 458214979Sdes It is permissible (but not recommended) to have several lines or 459214979Sdes different host keys for the same names. This will inevitably happen when 460214979Sdes short forms of host names from different domains are put in the file. It 461214979Sdes is possible that the files contain conflicting information; 462214979Sdes authentication is accepted if valid information can be found from either 463214979Sdes file. 464204861Sdes 465180740Sdes Note that the lines in these files are typically hundreds of characters 466180740Sdes long, and you definitely don't want to type in the host keys by hand. 467204861Sdes Rather, generate them by a script, ssh-keyscan(1) or by taking 468204861Sdes /etc/ssh/ssh_host_key.pub and adding the host names at the front. 469204861Sdes ssh-keygen(1) also offers some basic automated editing for 470214979Sdes ~/.ssh/known_hosts including removing hosts matching a host name and 471214979Sdes converting all host names to their hashed representations. 472180740Sdes 473180740Sdes An example ssh_known_hosts file: 474180740Sdes 475180740Sdes # Comments allowed at start of line 476180740Sdes closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net 477180740Sdes cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= 478180740Sdes # A hashed hostname 479180740Sdes |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa 480180740Sdes AAAA1234.....= 481204861Sdes # A revoked key 482204861Sdes @revoked * ssh-rsa AAAAB5W... 483204861Sdes # A CA key, accepted for any host in *.mydomain.com or *.mydomain.org 484204861Sdes @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... 485180740Sdes 486180740SdesFILES 487180740Sdes ~/.hushlogin 488180740Sdes This file is used to suppress printing the last login time and 489214979Sdes /etc/motd, if PrintLastLog and PrintMotd, respectively, are 490214979Sdes enabled. It does not suppress printing of the banner specified 491214979Sdes by Banner. 492180740Sdes 493180740Sdes ~/.rhosts 494180740Sdes This file is used for host-based authentication (see ssh(1) for 495180740Sdes more information). On some machines this file may need to be 496214979Sdes world-readable if the user's home directory is on an NFS 497214979Sdes partition, because sshd reads it as root. Additionally, this 498214979Sdes file must be owned by the user, and must not have write 499214979Sdes permissions for anyone else. The recommended permission for most 500214979Sdes machines is read/write for the user, and not accessible by 501214979Sdes others. 502180740Sdes 503180740Sdes ~/.shosts 504180740Sdes This file is used in exactly the same way as .rhosts, but allows 505180740Sdes host-based authentication without permitting login with 506180740Sdes rlogin/rsh. 507180740Sdes 508180746Sdes ~/.ssh/ 509214979Sdes This directory is the default location for all user-specific 510214979Sdes configuration and authentication information. There is no 511214979Sdes general requirement to keep the entire contents of this directory 512214979Sdes secret, but the recommended permissions are read/write/execute 513214979Sdes for the user, and not accessible by others. 514180746Sdes 515180740Sdes ~/.ssh/authorized_keys 516262566Sdes Lists the public keys (DSA, ECDSA, ED25519, RSA) that can be used 517262566Sdes for logging in as this user. The format of this file is 518262566Sdes described above. The content of the file is not highly 519262566Sdes sensitive, but the recommended permissions are read/write for the 520262566Sdes user, and not accessible by others. 521180740Sdes 522180740Sdes If this file, the ~/.ssh directory, or the user's home directory 523180740Sdes are writable by other users, then the file could be modified or 524214979Sdes replaced by unauthorized users. In this case, sshd will not 525214979Sdes allow it to be used unless the StrictModes option has been set to 526189006Sdes ``no''. 527180740Sdes 528180740Sdes ~/.ssh/environment 529180740Sdes This file is read into the environment at login (if it exists). 530180740Sdes It can only contain empty lines, comment lines (that start with 531180740Sdes `#'), and assignment lines of the form name=value. The file 532180740Sdes should be writable only by the user; it need not be readable by 533180740Sdes anyone else. Environment processing is disabled by default and 534180740Sdes is controlled via the PermitUserEnvironment option. 535180740Sdes 536180740Sdes ~/.ssh/known_hosts 537180740Sdes Contains a list of host keys for all hosts the user has logged 538180740Sdes into that are not already in the systemwide list of known host 539180740Sdes keys. The format of this file is described above. This file 540180740Sdes should be writable only by root/the owner and can, but need not 541180740Sdes be, world-readable. 542180740Sdes 543180740Sdes ~/.ssh/rc 544180740Sdes Contains initialization routines to be run before the user's home 545180740Sdes directory becomes accessible. This file should be writable only 546180740Sdes by the user, and need not be readable by anyone else. 547180740Sdes 548180740Sdes /etc/hosts.allow 549180740Sdes /etc/hosts.deny 550214979Sdes Access controls that should be enforced by tcp-wrappers are 551214979Sdes defined here. Further details are described in hosts_access(5). 552180740Sdes 553180740Sdes /etc/hosts.equiv 554180740Sdes This file is for host-based authentication (see ssh(1)). It 555180740Sdes should only be writable by root. 556180740Sdes 557180740Sdes /etc/moduli 558180740Sdes Contains Diffie-Hellman groups used for the "Diffie-Hellman Group 559180740Sdes Exchange". The file format is described in moduli(5). 560180740Sdes 561180740Sdes /etc/motd 562180740Sdes See motd(5). 563180740Sdes 564180740Sdes /etc/nologin 565180740Sdes If this file exists, sshd refuses to let anyone except root log 566180740Sdes in. The contents of the file are displayed to anyone trying to 567180740Sdes log in, and non-root connections are refused. The file should be 568180740Sdes world-readable. 569180740Sdes 570180740Sdes /etc/shosts.equiv 571214979Sdes This file is used in exactly the same way as hosts.equiv, but 572214979Sdes allows host-based authentication without permitting login with 573180740Sdes rlogin/rsh. 574180740Sdes 575180740Sdes /etc/ssh/ssh_host_key 576180740Sdes /etc/ssh/ssh_host_dsa_key 577218767Sdes /etc/ssh/ssh_host_ecdsa_key 578262566Sdes /etc/ssh/ssh_host_ed25519_key 579180740Sdes /etc/ssh/ssh_host_rsa_key 580239849Sdes These files contain the private parts of the host keys. These 581239849Sdes files should only be owned by root, readable only by root, and 582239849Sdes not accessible to others. Note that sshd does not start if these 583239849Sdes files are group/world-accessible. 584180740Sdes 585180740Sdes /etc/ssh/ssh_host_key.pub 586180740Sdes /etc/ssh/ssh_host_dsa_key.pub 587218767Sdes /etc/ssh/ssh_host_ecdsa_key.pub 588262566Sdes /etc/ssh/ssh_host_ed25519_key.pub 589180740Sdes /etc/ssh/ssh_host_rsa_key.pub 590239849Sdes These files contain the public parts of the host keys. These 591239849Sdes files should be world-readable but writable only by root. Their 592239849Sdes contents should match the respective private parts. These files 593239849Sdes are not really used for anything; they are provided for the 594180740Sdes convenience of the user so their contents can be copied to known 595180740Sdes hosts files. These files are created using ssh-keygen(1). 596180740Sdes 597180744Sdes /etc/ssh/ssh_known_hosts 598180744Sdes Systemwide list of known host keys. This file should be prepared 599180744Sdes by the system administrator to contain the public host keys of 600214979Sdes all machines in the organization. The format of this file is 601214979Sdes described above. This file should be writable only by root/the 602180744Sdes owner and should be world-readable. 603180744Sdes 604180740Sdes /etc/ssh/sshd_config 605214979Sdes Contains configuration data for sshd. The file format and 606214979Sdes configuration options are described in sshd_config(5). 607180740Sdes 608180740Sdes /etc/ssh/sshrc 609180740Sdes Similar to ~/.ssh/rc, it can be used to specify machine-specific 610180740Sdes login-time initializations globally. This file should be 611180740Sdes writable only by root, and should be world-readable. 612180740Sdes 613180740Sdes /var/empty 614180740Sdes chroot(2) directory used by sshd during privilege separation in 615180740Sdes the pre-authentication phase. The directory should not contain 616180740Sdes any files and must be owned by root and not group or world- 617180740Sdes writable. 618180740Sdes 619180740Sdes /var/run/sshd.pid 620180740Sdes Contains the process ID of the sshd listening for connections (if 621180740Sdes there are several daemons running concurrently for different 622180740Sdes ports, this contains the process ID of the one started last). 623214979Sdes The content of this file is not sensitive; it can be world- 624214979Sdes readable. 625180740Sdes 626180740SdesSEE ALSO 627180740Sdes scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), 628180744Sdes ssh-keyscan(1), chroot(2), hosts_access(5), login.conf(5), moduli(5), 629180744Sdes sshd_config(5), inetd(8), sftp-server(8) 630180740Sdes 631180740SdesAUTHORS 632180740Sdes OpenSSH is a derivative of the original and free ssh 1.2.12 release by 633180740Sdes Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 634214979Sdes de Raadt and Dug Song removed many bugs, re-added newer features and 635214979Sdes created OpenSSH. Markus Friedl contributed the support for SSH protocol 636180740Sdes versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 637180740Sdes for privilege separation. 638180740Sdes 639180740SdesCAVEATS 640214979Sdes System security is not improved unless rshd, rlogind, and rexecd are 641214979Sdes disabled (thus completely disabling rlogin and rsh into the machine). 642180740Sdes 643264377SdesOpenBSD 5.5 December 7, 2013 OpenBSD 5.5 644