sshd.0 revision 180740
1180740SdesSSHD(8) OpenBSD System Manager's Manual SSHD(8) 2180740Sdes 3180740SdesNAME 4180740Sdes sshd - OpenSSH SSH daemon 5180740Sdes 6180740SdesSYNOPSIS 7180740Sdes sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time] 8180740Sdes [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] 9180740Sdes 10180740SdesDESCRIPTION 11180740Sdes sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these 12180740Sdes programs replace rlogin and rsh, and provide secure encrypted communica- 13180740Sdes tions between two untrusted hosts over an insecure network. 14180740Sdes 15180740Sdes sshd listens for connections from clients. It is normally started at 16180740Sdes boot from /etc/rc. It forks a new daemon for each incoming connection. 17180740Sdes The forked daemons handle key exchange, encryption, authentication, com- 18180740Sdes mand execution, and data exchange. 19180740Sdes 20180740Sdes sshd can be configured using command-line options or a configuration file 21180740Sdes (by default sshd_config(5)); command-line options override values speci- 22180740Sdes fied in the configuration file. sshd rereads its configuration file when 23180740Sdes it receives a hangup signal, SIGHUP, by executing itself with the name 24180740Sdes and options it was started with, e.g. /usr/sbin/sshd. 25180740Sdes 26180740Sdes The options are as follows: 27180740Sdes 28180740Sdes -4 Forces sshd to use IPv4 addresses only. 29180740Sdes 30180740Sdes -6 Forces sshd to use IPv6 addresses only. 31180740Sdes 32180740Sdes -b bits 33180740Sdes Specifies the number of bits in the ephemeral protocol version 1 34180740Sdes server key (default 768). 35180740Sdes 36180740Sdes -D When this option is specified, sshd will not detach and does not 37180740Sdes become a daemon. This allows easy monitoring of sshd. 38180740Sdes 39180740Sdes -d Debug mode. The server sends verbose debug output to the system 40180740Sdes log, and does not put itself in the background. The server also 41180740Sdes will not fork and will only process one connection. This option 42180740Sdes is only intended for debugging for the server. Multiple -d op- 43180740Sdes tions increase the debugging level. Maximum is 3. 44180740Sdes 45180740Sdes -e When this option is specified, sshd will send the output to the 46180740Sdes standard error instead of the system log. 47180740Sdes 48180740Sdes -f configuration_file 49180740Sdes Specifies the name of the configuration file. The default is 50180740Sdes /etc/ssh/sshd_config. sshd refuses to start if there is no con- 51180740Sdes figuration file. 52180740Sdes 53180740Sdes -g login_grace_time 54180740Sdes Gives the grace time for clients to authenticate themselves (de- 55180740Sdes fault 120 seconds). If the client fails to authenticate the user 56180740Sdes within this many seconds, the server disconnects and exits. A 57180740Sdes value of zero indicates no limit. 58180740Sdes 59180740Sdes -h host_key_file 60180740Sdes Specifies a file from which a host key is read. This option must 61180740Sdes be given if sshd is not run as root (as the normal host key files 62180740Sdes are normally not readable by anyone but root). The default is 63180740Sdes /etc/ssh/ssh_host_key for protocol version 1, and 64180740Sdes /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for pro- 65180740Sdes tocol version 2. It is possible to have multiple host key files 66180740Sdes for the different protocol versions and host key algorithms. 67180740Sdes 68180740Sdes -i Specifies that sshd is being run from inetd(8). sshd is normally 69180740Sdes not run from inetd because it needs to generate the server key 70180740Sdes before it can respond to the client, and this may take tens of 71180740Sdes seconds. Clients would have to wait too long if the key was re- 72180740Sdes generated every time. However, with small key sizes (e.g. 512) 73180740Sdes using sshd from inetd may be feasible. 74180740Sdes 75180740Sdes -k key_gen_time 76180740Sdes Specifies how often the ephemeral protocol version 1 server key 77180740Sdes is regenerated (default 3600 seconds, or one hour). The motiva- 78180740Sdes tion for regenerating the key fairly often is that the key is not 79180740Sdes stored anywhere, and after about an hour it becomes impossible to 80180740Sdes recover the key for decrypting intercepted communications even if 81180740Sdes the machine is cracked into or physically seized. A value of ze- 82180740Sdes ro indicates that the key will never be regenerated. 83180740Sdes 84180740Sdes -o option 85180740Sdes Can be used to give options in the format used in the configura- 86180740Sdes tion file. This is useful for specifying options for which there 87180740Sdes is no separate command-line flag. For full details of the op- 88180740Sdes tions, and their values, see sshd_config(5). 89180740Sdes 90180740Sdes -p port 91180740Sdes Specifies the port on which the server listens for connections 92180740Sdes (default 22). Multiple port options are permitted. Ports speci- 93180740Sdes fied in the configuration file with the Port option are ignored 94180740Sdes when a command-line port is specified. Ports specified using the 95180740Sdes ListenAddress option override command-line ports. 96180740Sdes 97180740Sdes -q Quiet mode. Nothing is sent to the system log. Normally the be- 98180740Sdes ginning, authentication, and termination of each connection is 99180740Sdes logged. 100180740Sdes 101180740Sdes -t Test mode. Only check the validity of the configuration file and 102180740Sdes sanity of the keys. This is useful for updating sshd reliably as 103180740Sdes configuration options may change. 104180740Sdes 105180740Sdes -u len This option is used to specify the size of the field in the utmp 106180740Sdes structure that holds the remote host name. If the resolved host 107180740Sdes name is longer than len, the dotted decimal value will be used 108180740Sdes instead. This allows hosts with very long host names that over- 109180740Sdes flow this field to still be uniquely identified. Specifying -u0 110180740Sdes indicates that only dotted decimal addresses should be put into 111180740Sdes the utmp file. -u0 may also be used to prevent sshd from making 112180740Sdes DNS requests unless the authentication mechanism or configuration 113180740Sdes requires it. Authentication mechanisms that may require DNS in- 114180740Sdes clude RhostsRSAAuthentication, HostbasedAuthentication, and using 115180740Sdes a from="pattern-list" option in a key file. Configuration op- 116180740Sdes tions that require DNS include using a USER@HOST pattern in 117180740Sdes AllowUsers or DenyUsers. 118180740Sdes 119180740SdesAUTHENTICATION 120180740Sdes The OpenSSH SSH daemon supports SSH protocols 1 and 2. Both protocols 121180740Sdes are supported by default, though this can be changed via the Protocol op- 122180740Sdes tion in sshd_config(5). Protocol 2 supports both RSA and DSA keys; pro- 123180740Sdes tocol 1 only supports RSA keys. For both protocols, each host has a 124180740Sdes host-specific key, normally 2048 bits, used to identify the host. 125180740Sdes 126180740Sdes Forward security for protocol 1 is provided through an additional server 127180740Sdes key, normally 768 bits, generated when the server starts. This key is 128180740Sdes normally regenerated every hour if it has been used, and is never stored 129180740Sdes on disk. Whenever a client connects, the daemon responds with its public 130180740Sdes host and server keys. The client compares the RSA host key against its 131180740Sdes own database to verify that it has not changed. The client then gener- 132180740Sdes ates a 256-bit random number. It encrypts this random number using both 133180740Sdes the host key and the server key, and sends the encrypted number to the 134180740Sdes server. Both sides then use this random number as a session key which is 135180740Sdes used to encrypt all further communications in the session. The rest of 136180740Sdes the session is encrypted using a conventional cipher, currently Blowfish 137180740Sdes or 3DES, with 3DES being used by default. The client selects the encryp- 138180740Sdes tion algorithm to use from those offered by the server. 139180740Sdes 140180740Sdes For protocol 2, forward security is provided through a Diffie-Hellman key 141180740Sdes agreement. This key agreement results in a shared session key. The rest 142180740Sdes of the session is encrypted using a symmetric cipher, currently 128-bit 143180740Sdes AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The 144180740Sdes client selects the encryption algorithm to use from those offered by the 145180740Sdes server. Additionally, session integrity is provided through a crypto- 146180740Sdes graphic message authentication code (hmac-sha1 or hmac-md5). 147180740Sdes 148180740Sdes Finally, the server and the client enter an authentication dialog. The 149180740Sdes client tries to authenticate itself using host-based authentication, pub- 150180740Sdes lic key authentication, challenge-response authentication, or password 151180740Sdes authentication. 152180740Sdes 153180740Sdes Regardless of the authentication type, the account is checked to ensure 154180740Sdes that it is accessible. An account is not accessible if it is locked, 155180740Sdes listed in DenyUsers or its group is listed in DenyGroups . The defini- 156180740Sdes tion of a locked account is system dependant. Some platforms have their 157180740Sdes own account database (eg AIX) and some modify the passwd field ( `*LK*' 158180740Sdes on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on Tru64, a 159180740Sdes leading `*LOCKED*' on FreeBSD and a leading `!!' on Linux). If there is 160180740Sdes a requirement to disable password authentication for the account while 161180740Sdes allowing still public-key, then the passwd field should be set to some- 162180740Sdes thing other than these values (eg `NP' or `*NP*' ). 163180740Sdes 164180740Sdes If the client successfully authenticates itself, a dialog for preparing 165180740Sdes the session is entered. At this time the client may request things like 166180740Sdes allocating a pseudo-tty, forwarding X11 connections, forwarding TCP con- 167180740Sdes nections, or forwarding the authentication agent connection over the se- 168180740Sdes cure channel. 169180740Sdes 170180740Sdes After this, the client either requests a shell or execution of a command. 171180740Sdes The sides then enter session mode. In this mode, either side may send 172180740Sdes data at any time, and such data is forwarded to/from the shell or command 173180740Sdes on the server side, and the user terminal in the client side. 174180740Sdes 175180740Sdes When the user program terminates and all forwarded X11 and other connec- 176180740Sdes tions have been closed, the server sends command exit status to the 177180740Sdes client, and both sides exit. 178180740Sdes 179180740SdesLOGIN PROCESS 180180740Sdes When a user successfully logs in, sshd does the following: 181180740Sdes 182180740Sdes 1. If the login is on a tty, and no command has been specified, 183180740Sdes prints last login time and /etc/motd (unless prevented in the 184180740Sdes configuration file or by ~/.hushlogin; see the FILES section). 185180740Sdes 186180740Sdes 2. If the login is on a tty, records login time. 187180740Sdes 188180740Sdes 3. Checks /etc/nologin; if it exists, prints contents and quits 189180740Sdes (unless root). 190180740Sdes 191180740Sdes 4. Changes to run with normal user privileges. 192180740Sdes 193180740Sdes 5. Sets up basic environment. 194180740Sdes 195180740Sdes 6. Reads the file ~/.ssh/environment, if it exists, and users are 196180740Sdes allowed to change their environment. See the 197180740Sdes PermitUserEnvironment option in sshd_config(5). 198180740Sdes 199180740Sdes 7. Changes to user's home directory. 200180740Sdes 201180740Sdes 8. If ~/.ssh/rc exists, runs it; else if /etc/ssh/sshrc exists, 202180740Sdes runs it; otherwise runs xauth. The ``rc'' files are given the 203180740Sdes X11 authentication protocol and cookie in standard input. See 204180740Sdes SSHRC, below. 205180740Sdes 206180740Sdes 9. Runs user's shell or command. 207180740Sdes 208180740SdesSSHRC 209180740Sdes If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment 210180740Sdes files but before starting the user's shell or command. It must not pro- 211180740Sdes duce any output on stdout; stderr must be used instead. If X11 forward- 212180740Sdes ing is in use, it will receive the "proto cookie" pair in its standard 213180740Sdes input (and DISPLAY in its environment). The script must call xauth(1) 214180740Sdes because sshd will not run xauth automatically to add X11 cookies. 215180740Sdes 216180740Sdes The primary purpose of this file is to run any initialization routines 217180740Sdes which may be needed before the user's home directory becomes accessible; 218180740Sdes AFS is a particular example of such an environment. 219180740Sdes 220180740Sdes This file will probably contain some initialization code followed by 221180740Sdes something similar to: 222180740Sdes 223180740Sdes if read proto cookie && [ -n "$DISPLAY" ]; then 224180740Sdes if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then 225180740Sdes # X11UseLocalhost=yes 226180740Sdes echo add unix:`echo $DISPLAY | 227180740Sdes cut -c11-` $proto $cookie 228180740Sdes else 229180740Sdes # X11UseLocalhost=no 230180740Sdes echo add $DISPLAY $proto $cookie 231180740Sdes fi | xauth -q - 232180740Sdes fi 233180740Sdes 234180740Sdes If this file does not exist, /etc/ssh/sshrc is run, and if that does not 235180740Sdes exist either, xauth is used to add the cookie. 236180740Sdes 237180740SdesAUTHORIZED_KEYS FILE FORMAT 238180740Sdes AuthorizedKeysFile specifies the file containing public keys for public 239180740Sdes key authentication; if none is specified, the default is 240180740Sdes ~/.ssh/authorized_keys. Each line of the file contains one key (empty 241180740Sdes lines and lines starting with a `#' are ignored as comments). Protocol 1 242180740Sdes public keys consist of the following space-separated fields: options, 243180740Sdes bits, exponent, modulus, comment. Protocol 2 public key consist of: op- 244180740Sdes tions, keytype, base64-encoded key, comment. The options field is op- 245180740Sdes tional; its presence is determined by whether the line starts with a num- 246180740Sdes ber or not (the options field never starts with a number). The bits, ex- 247180740Sdes ponent, modulus, and comment fields give the RSA key for protocol version 248180740Sdes 1; the comment field is not used for anything (but may be convenient for 249180740Sdes the user to identify the key). For protocol version 2 the keytype is 250180740Sdes ``ssh-dss'' or ``ssh-rsa''. 251180740Sdes 252180740Sdes Note that lines in this file are usually several hundred bytes long (be- 253180740Sdes cause of the size of the public key encoding) up to a limit of 8 kilo- 254180740Sdes bytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 255180740Sdes kilobits. You don't want to type them in; instead, copy the 256180740Sdes identity.pub, id_dsa.pub, or the id_rsa.pub file and edit it. 257180740Sdes 258180740Sdes sshd enforces a minimum RSA key modulus size for protocol 1 and protocol 259180740Sdes 2 keys of 768 bits. 260180740Sdes 261180740Sdes The options (if present) consist of comma-separated option specifica- 262180740Sdes tions. No spaces are permitted, except within double quotes. The fol- 263180740Sdes lowing option specifications are supported (note that option keywords are 264180740Sdes case-insensitive): 265180740Sdes 266180740Sdes command="command" 267180740Sdes Specifies that the command is executed whenever this key is used 268180740Sdes for authentication. The command supplied by the user (if any) is 269180740Sdes ignored. The command is run on a pty if the client requests a 270180740Sdes pty; otherwise it is run without a tty. If an 8-bit clean chan- 271180740Sdes nel is required, one must not request a pty or should specify no- 272180740Sdes pty. A quote may be included in the command by quoting it with a 273180740Sdes backslash. This option might be useful to restrict certain pub- 274180740Sdes lic keys to perform just a specific operation. An example might 275180740Sdes be a key that permits remote backups but nothing else. Note that 276180740Sdes the client may specify TCP and/or X11 forwarding unless they are 277180740Sdes explicitly prohibited. The command originally supplied by the 278180740Sdes client is available in the SSH_ORIGINAL_COMMAND environment vari- 279180740Sdes able. Note that this option applies to shell, command or subsys- 280180740Sdes tem execution. 281180740Sdes 282180740Sdes environment="NAME=value" 283180740Sdes Specifies that the string is to be added to the environment when 284180740Sdes logging in using this key. Environment variables set this way 285180740Sdes override other default environment values. Multiple options of 286180740Sdes this type are permitted. Environment processing is disabled by 287180740Sdes default and is controlled via the PermitUserEnvironment option. 288180740Sdes This option is automatically disabled if UseLogin is enabled. 289180740Sdes 290180740Sdes from="pattern-list" 291180740Sdes Specifies that in addition to public key authentication, the 292180740Sdes canonical name of the remote host must be present in the comma- 293180740Sdes separated list of patterns. The purpose of this option is to op- 294180740Sdes tionally increase security: public key authentication by itself 295180740Sdes does not trust the network or name servers or anything (but the 296180740Sdes key); however, if somebody somehow steals the key, the key per- 297180740Sdes mits an intruder to log in from anywhere in the world. This ad- 298180740Sdes ditional option makes using a stolen key more difficult (name 299180740Sdes servers and/or routers would have to be compromised in addition 300180740Sdes to just the key). 301180740Sdes 302180740Sdes See PATTERNS in ssh_config(5) for more information on patterns. 303180740Sdes 304180740Sdes no-agent-forwarding 305180740Sdes Forbids authentication agent forwarding when this key is used for 306180740Sdes authentication. 307180740Sdes 308180740Sdes no-port-forwarding 309180740Sdes Forbids TCP forwarding when this key is used for authentication. 310180740Sdes Any port forward requests by the client will return an error. 311180740Sdes This might be used, e.g. in connection with the command option. 312180740Sdes 313180740Sdes no-pty Prevents tty allocation (a request to allocate a pty will fail). 314180740Sdes 315180740Sdes no-X11-forwarding 316180740Sdes Forbids X11 forwarding when this key is used for authentication. 317180740Sdes Any X11 forward requests by the client will return an error. 318180740Sdes 319180740Sdes permitopen="host:port" 320180740Sdes Limit local ``ssh -L'' port forwarding such that it may only con- 321180740Sdes nect to the specified host and port. IPv6 addresses can be spec- 322180740Sdes ified with an alternative syntax: host/port. Multiple permitopen 323180740Sdes options may be applied separated by commas. No pattern matching 324180740Sdes is performed on the specified hostnames, they must be literal do- 325180740Sdes mains or addresses. 326180740Sdes 327180740Sdes tunnel="n" 328180740Sdes Force a tun(4) device on the server. Without this option, the 329180740Sdes next available device will be used if the client requests a tun- 330180740Sdes nel. 331180740Sdes 332180740Sdes An example authorized_keys file: 333180740Sdes 334180740Sdes # Comments allowed at start of line 335180740Sdes ssh-rsa AAAAB3Nza...LiPk== user@example.net 336180740Sdes from="*.sales.example.net,!pc.sales.example.net" ssh-rsa 337180740Sdes AAAAB2...19Q== john@example.net 338180740Sdes command="dump /home",no-pty,no-port-forwarding ssh-dss 339180740Sdes AAAAC3...51R== example.net 340180740Sdes permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss 341180740Sdes AAAAB5...21S== 342180740Sdes tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== 343180740Sdes jane@example.net 344180740Sdes 345180740SdesSSH_KNOWN_HOSTS FILE FORMAT 346180740Sdes The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host 347180740Sdes public keys for all known hosts. The global file should be prepared by 348180740Sdes the administrator (optional), and the per-user file is maintained auto- 349180740Sdes matically: whenever the user connects from an unknown host, its key is 350180740Sdes added to the per-user file. 351180740Sdes 352180740Sdes Each line in these files contains the following fields: hostnames, bits, 353180740Sdes exponent, modulus, comment. The fields are separated by spaces. 354180740Sdes 355180740Sdes Hostnames is a comma-separated list of patterns (`*' and `?' act as wild- 356180740Sdes cards); each pattern in turn is matched against the canonical host name 357180740Sdes (when authenticating a client) or against the user-supplied name (when 358180740Sdes authenticating a server). A pattern may also be preceded by `!' to indi- 359180740Sdes cate negation: if the host name matches a negated pattern, it is not ac- 360180740Sdes cepted (by that line) even if it matched another pattern on the line. A 361180740Sdes hostname or address may optionally be enclosed within `[' and `]' brack- 362180740Sdes ets then followed by `:' and a non-standard port number. 363180740Sdes 364180740Sdes Alternately, hostnames may be stored in a hashed form which hides host 365180740Sdes names and addresses should the file's contents be disclosed. Hashed 366180740Sdes hostnames start with a `|' character. Only one hashed hostname may ap- 367180740Sdes pear on a single line and none of the above negation or wildcard opera- 368180740Sdes tors may be applied. 369180740Sdes 370180740Sdes Bits, exponent, and modulus are taken directly from the RSA host key; 371180740Sdes they can be obtained, for example, from /etc/ssh/ssh_host_key.pub. The 372180740Sdes optional comment field continues to the end of the line, and is not used. 373180740Sdes 374180740Sdes Lines starting with `#' and empty lines are ignored as comments. 375180740Sdes 376180740Sdes When performing host authentication, authentication is accepted if any 377180740Sdes matching line has the proper key. It is thus permissible (but not recom- 378180740Sdes mended) to have several lines or different host keys for the same names. 379180740Sdes This will inevitably happen when short forms of host names from different 380180740Sdes domains are put in the file. It is possible that the files contain con- 381180740Sdes flicting information; authentication is accepted if valid information can 382180740Sdes be found from either file. 383180740Sdes 384180740Sdes Note that the lines in these files are typically hundreds of characters 385180740Sdes long, and you definitely don't want to type in the host keys by hand. 386180740Sdes Rather, generate them by a script or by taking /etc/ssh/ssh_host_key.pub 387180740Sdes and adding the host names at the front. 388180740Sdes 389180740Sdes An example ssh_known_hosts file: 390180740Sdes 391180740Sdes # Comments allowed at start of line 392180740Sdes closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net 393180740Sdes cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= 394180740Sdes # A hashed hostname 395180740Sdes |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa 396180740Sdes AAAA1234.....= 397180740Sdes 398180740SdesFILES 399180740Sdes ~/.hushlogin 400180740Sdes This file is used to suppress printing the last login time and 401180740Sdes /etc/motd, if PrintLastLog and PrintMotd, respectively, are en- 402180740Sdes abled. It does not suppress printing of the banner specified by 403180740Sdes Banner. 404180740Sdes 405180740Sdes ~/.rhosts 406180740Sdes This file is used for host-based authentication (see ssh(1) for 407180740Sdes more information). On some machines this file may need to be 408180740Sdes world-readable if the user's home directory is on an NFS parti- 409180740Sdes tion, because sshd reads it as root. Additionally, this file 410180740Sdes must be owned by the user, and must not have write permissions 411180740Sdes for anyone else. The recommended permission for most machines is 412180740Sdes read/write for the user, and not accessible by others. 413180740Sdes 414180740Sdes ~/.shosts 415180740Sdes This file is used in exactly the same way as .rhosts, but allows 416180740Sdes host-based authentication without permitting login with 417180740Sdes rlogin/rsh. 418180740Sdes 419180740Sdes ~/.ssh/authorized_keys 420180740Sdes Lists the public keys (RSA/DSA) that can be used for logging in 421180740Sdes as this user. The format of this file is described above. The 422180740Sdes content of the file is not highly sensitive, but the recommended 423180740Sdes permissions are read/write for the user, and not accessible by 424180740Sdes others. 425180740Sdes 426180740Sdes If this file, the ~/.ssh directory, or the user's home directory 427180740Sdes are writable by other users, then the file could be modified or 428180740Sdes replaced by unauthorized users. In this case, sshd will not al- 429180740Sdes low it to be used unless the StrictModes option has been set to 430180740Sdes ``no''. The recommended permissions can be set by executing 431180740Sdes ``chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys''. 432180740Sdes 433180740Sdes ~/.ssh/environment 434180740Sdes This file is read into the environment at login (if it exists). 435180740Sdes It can only contain empty lines, comment lines (that start with 436180740Sdes `#'), and assignment lines of the form name=value. The file 437180740Sdes should be writable only by the user; it need not be readable by 438180740Sdes anyone else. Environment processing is disabled by default and 439180740Sdes is controlled via the PermitUserEnvironment option. 440180740Sdes 441180740Sdes ~/.ssh/known_hosts 442180740Sdes Contains a list of host keys for all hosts the user has logged 443180740Sdes into that are not already in the systemwide list of known host 444180740Sdes keys. The format of this file is described above. This file 445180740Sdes should be writable only by root/the owner and can, but need not 446180740Sdes be, world-readable. 447180740Sdes 448180740Sdes ~/.ssh/rc 449180740Sdes Contains initialization routines to be run before the user's home 450180740Sdes directory becomes accessible. This file should be writable only 451180740Sdes by the user, and need not be readable by anyone else. 452180740Sdes 453180740Sdes /etc/hosts.allow 454180740Sdes /etc/hosts.deny 455180740Sdes Access controls that should be enforced by tcp-wrappers are de- 456180740Sdes fined here. Further details are described in hosts_access(5). 457180740Sdes 458180740Sdes /etc/hosts.equiv 459180740Sdes This file is for host-based authentication (see ssh(1)). It 460180740Sdes should only be writable by root. 461180740Sdes 462180740Sdes /etc/moduli 463180740Sdes Contains Diffie-Hellman groups used for the "Diffie-Hellman Group 464180740Sdes Exchange". The file format is described in moduli(5). 465180740Sdes 466180740Sdes /etc/motd 467180740Sdes See motd(5). 468180740Sdes 469180740Sdes /etc/nologin 470180740Sdes If this file exists, sshd refuses to let anyone except root log 471180740Sdes in. The contents of the file are displayed to anyone trying to 472180740Sdes log in, and non-root connections are refused. The file should be 473180740Sdes world-readable. 474180740Sdes 475180740Sdes /etc/shosts.equiv 476180740Sdes This file is used in exactly the same way as hosts.equiv, but al- 477180740Sdes lows host-based authentication without permitting login with 478180740Sdes rlogin/rsh. 479180740Sdes 480180740Sdes /etc/ssh/ssh_known_hosts 481180740Sdes Systemwide list of known host keys. This file should be prepared 482180740Sdes by the system administrator to contain the public host keys of 483180740Sdes all machines in the organization. The format of this file is de- 484180740Sdes scribed above. This file should be writable only by root/the 485180740Sdes owner and should be world-readable. 486180740Sdes 487180740Sdes /etc/ssh/ssh_host_key 488180740Sdes /etc/ssh/ssh_host_dsa_key 489180740Sdes /etc/ssh/ssh_host_rsa_key 490180740Sdes These three files contain the private parts of the host keys. 491180740Sdes These files should only be owned by root, readable only by root, 492180740Sdes and not accessible to others. Note that sshd does not start if 493180740Sdes these files are group/world-accessible. 494180740Sdes 495180740Sdes /etc/ssh/ssh_host_key.pub 496180740Sdes /etc/ssh/ssh_host_dsa_key.pub 497180740Sdes /etc/ssh/ssh_host_rsa_key.pub 498180740Sdes These three files contain the public parts of the host keys. 499180740Sdes These files should be world-readable but writable only by root. 500180740Sdes Their contents should match the respective private parts. These 501180740Sdes files are not really used for anything; they are provided for the 502180740Sdes convenience of the user so their contents can be copied to known 503180740Sdes hosts files. These files are created using ssh-keygen(1). 504180740Sdes 505180740Sdes /etc/ssh/sshd_config 506180740Sdes Contains configuration data for sshd. The file format and con- 507180740Sdes figuration options are described in sshd_config(5). 508180740Sdes 509180740Sdes /etc/ssh/sshrc 510180740Sdes Similar to ~/.ssh/rc, it can be used to specify machine-specific 511180740Sdes login-time initializations globally. This file should be 512180740Sdes writable only by root, and should be world-readable. 513180740Sdes 514180740Sdes /var/empty 515180740Sdes chroot(2) directory used by sshd during privilege separation in 516180740Sdes the pre-authentication phase. The directory should not contain 517180740Sdes any files and must be owned by root and not group or world- 518180740Sdes writable. 519180740Sdes 520180740Sdes /var/run/sshd.pid 521180740Sdes Contains the process ID of the sshd listening for connections (if 522180740Sdes there are several daemons running concurrently for different 523180740Sdes ports, this contains the process ID of the one started last). 524180740Sdes The content of this file is not sensitive; it can be world-read- 525180740Sdes able. 526180740Sdes 527180740SdesSEE ALSO 528180740Sdes scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), 529180740Sdes chroot(2), hosts_access(5), login.conf(5), moduli(5), sshd_config(5), 530180740Sdes inetd(8), sftp-server(8) 531180740Sdes 532180740SdesAUTHORS 533180740Sdes OpenSSH is a derivative of the original and free ssh 1.2.12 release by 534180740Sdes Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 535180740Sdes de Raadt and Dug Song removed many bugs, re-added newer features and cre- 536180740Sdes ated OpenSSH. Markus Friedl contributed the support for SSH protocol 537180740Sdes versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 538180740Sdes for privilege separation. 539180740Sdes 540180740SdesCAVEATS 541180740Sdes System security is not improved unless rshd, rlogind, and rexecd are dis- 542180740Sdes abled (thus completely disabling rlogin and rsh into the machine). 543180740Sdes 544180740SdesOpenBSD 4.1 September 25, 1999 9 545