sshd.0 revision 180744
1180740SdesSSHD(8) OpenBSD System Manager's Manual SSHD(8) 2180740Sdes 3180740SdesNAME 4180740Sdes sshd - OpenSSH SSH daemon 5180740Sdes 6180740SdesSYNOPSIS 7180740Sdes sshd [-46Ddeiqt] [-b bits] [-f config_file] [-g login_grace_time] 8180740Sdes [-h host_key_file] [-k key_gen_time] [-o option] [-p port] [-u len] 9180740Sdes 10180740SdesDESCRIPTION 11180740Sdes sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these 12180744Sdes programs replace rlogin(1) and rsh(1), and provide secure encrypted com- 13180744Sdes munications between two untrusted hosts over an insecure network. 14180740Sdes 15180740Sdes sshd listens for connections from clients. It is normally started at 16180740Sdes boot from /etc/rc. It forks a new daemon for each incoming connection. 17180740Sdes The forked daemons handle key exchange, encryption, authentication, com- 18180740Sdes mand execution, and data exchange. 19180740Sdes 20180740Sdes sshd can be configured using command-line options or a configuration file 21180740Sdes (by default sshd_config(5)); command-line options override values speci- 22180740Sdes fied in the configuration file. sshd rereads its configuration file when 23180740Sdes it receives a hangup signal, SIGHUP, by executing itself with the name 24180740Sdes and options it was started with, e.g. /usr/sbin/sshd. 25180740Sdes 26180740Sdes The options are as follows: 27180740Sdes 28180740Sdes -4 Forces sshd to use IPv4 addresses only. 29180740Sdes 30180740Sdes -6 Forces sshd to use IPv6 addresses only. 31180740Sdes 32180740Sdes -b bits 33180740Sdes Specifies the number of bits in the ephemeral protocol version 1 34180740Sdes server key (default 768). 35180740Sdes 36180740Sdes -D When this option is specified, sshd will not detach and does not 37180740Sdes become a daemon. This allows easy monitoring of sshd. 38180740Sdes 39180740Sdes -d Debug mode. The server sends verbose debug output to the system 40180740Sdes log, and does not put itself in the background. The server also 41180740Sdes will not fork and will only process one connection. This option 42180740Sdes is only intended for debugging for the server. Multiple -d op- 43180740Sdes tions increase the debugging level. Maximum is 3. 44180740Sdes 45180740Sdes -e When this option is specified, sshd will send the output to the 46180740Sdes standard error instead of the system log. 47180740Sdes 48180744Sdes -f config_file 49180740Sdes Specifies the name of the configuration file. The default is 50180740Sdes /etc/ssh/sshd_config. sshd refuses to start if there is no con- 51180740Sdes figuration file. 52180740Sdes 53180740Sdes -g login_grace_time 54180740Sdes Gives the grace time for clients to authenticate themselves (de- 55180740Sdes fault 120 seconds). If the client fails to authenticate the user 56180740Sdes within this many seconds, the server disconnects and exits. A 57180740Sdes value of zero indicates no limit. 58180740Sdes 59180740Sdes -h host_key_file 60180740Sdes Specifies a file from which a host key is read. This option must 61180740Sdes be given if sshd is not run as root (as the normal host key files 62180740Sdes are normally not readable by anyone but root). The default is 63180740Sdes /etc/ssh/ssh_host_key for protocol version 1, and 64180740Sdes /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for pro- 65180740Sdes tocol version 2. It is possible to have multiple host key files 66180740Sdes for the different protocol versions and host key algorithms. 67180740Sdes 68180740Sdes -i Specifies that sshd is being run from inetd(8). sshd is normally 69180740Sdes not run from inetd because it needs to generate the server key 70180740Sdes before it can respond to the client, and this may take tens of 71180740Sdes seconds. Clients would have to wait too long if the key was re- 72180740Sdes generated every time. However, with small key sizes (e.g. 512) 73180740Sdes using sshd from inetd may be feasible. 74180740Sdes 75180740Sdes -k key_gen_time 76180740Sdes Specifies how often the ephemeral protocol version 1 server key 77180740Sdes is regenerated (default 3600 seconds, or one hour). The motiva- 78180740Sdes tion for regenerating the key fairly often is that the key is not 79180740Sdes stored anywhere, and after about an hour it becomes impossible to 80180740Sdes recover the key for decrypting intercepted communications even if 81180740Sdes the machine is cracked into or physically seized. A value of ze- 82180740Sdes ro indicates that the key will never be regenerated. 83180740Sdes 84180740Sdes -o option 85180740Sdes Can be used to give options in the format used in the configura- 86180740Sdes tion file. This is useful for specifying options for which there 87180740Sdes is no separate command-line flag. For full details of the op- 88180740Sdes tions, and their values, see sshd_config(5). 89180740Sdes 90180740Sdes -p port 91180740Sdes Specifies the port on which the server listens for connections 92180740Sdes (default 22). Multiple port options are permitted. Ports speci- 93180740Sdes fied in the configuration file with the Port option are ignored 94180740Sdes when a command-line port is specified. Ports specified using the 95180740Sdes ListenAddress option override command-line ports. 96180740Sdes 97180740Sdes -q Quiet mode. Nothing is sent to the system log. Normally the be- 98180740Sdes ginning, authentication, and termination of each connection is 99180740Sdes logged. 100180740Sdes 101180740Sdes -t Test mode. Only check the validity of the configuration file and 102180740Sdes sanity of the keys. This is useful for updating sshd reliably as 103180740Sdes configuration options may change. 104180740Sdes 105180740Sdes -u len This option is used to specify the size of the field in the utmp 106180740Sdes structure that holds the remote host name. If the resolved host 107180740Sdes name is longer than len, the dotted decimal value will be used 108180740Sdes instead. This allows hosts with very long host names that over- 109180740Sdes flow this field to still be uniquely identified. Specifying -u0 110180740Sdes indicates that only dotted decimal addresses should be put into 111180740Sdes the utmp file. -u0 may also be used to prevent sshd from making 112180740Sdes DNS requests unless the authentication mechanism or configuration 113180740Sdes requires it. Authentication mechanisms that may require DNS in- 114180740Sdes clude RhostsRSAAuthentication, HostbasedAuthentication, and using 115180740Sdes a from="pattern-list" option in a key file. Configuration op- 116180740Sdes tions that require DNS include using a USER@HOST pattern in 117180740Sdes AllowUsers or DenyUsers. 118180740Sdes 119180740SdesAUTHENTICATION 120180740Sdes The OpenSSH SSH daemon supports SSH protocols 1 and 2. Both protocols 121180740Sdes are supported by default, though this can be changed via the Protocol op- 122180740Sdes tion in sshd_config(5). Protocol 2 supports both RSA and DSA keys; pro- 123180740Sdes tocol 1 only supports RSA keys. For both protocols, each host has a 124180740Sdes host-specific key, normally 2048 bits, used to identify the host. 125180740Sdes 126180740Sdes Forward security for protocol 1 is provided through an additional server 127180740Sdes key, normally 768 bits, generated when the server starts. This key is 128180740Sdes normally regenerated every hour if it has been used, and is never stored 129180740Sdes on disk. Whenever a client connects, the daemon responds with its public 130180740Sdes host and server keys. The client compares the RSA host key against its 131180740Sdes own database to verify that it has not changed. The client then gener- 132180740Sdes ates a 256-bit random number. It encrypts this random number using both 133180740Sdes the host key and the server key, and sends the encrypted number to the 134180740Sdes server. Both sides then use this random number as a session key which is 135180740Sdes used to encrypt all further communications in the session. The rest of 136180740Sdes the session is encrypted using a conventional cipher, currently Blowfish 137180740Sdes or 3DES, with 3DES being used by default. The client selects the encryp- 138180740Sdes tion algorithm to use from those offered by the server. 139180740Sdes 140180740Sdes For protocol 2, forward security is provided through a Diffie-Hellman key 141180740Sdes agreement. This key agreement results in a shared session key. The rest 142180740Sdes of the session is encrypted using a symmetric cipher, currently 128-bit 143180740Sdes AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The 144180740Sdes client selects the encryption algorithm to use from those offered by the 145180740Sdes server. Additionally, session integrity is provided through a crypto- 146180744Sdes graphic message authentication code (hmac-md5, hmac-sha1, umac-64 or 147180744Sdes hmac-ripemd160). 148180740Sdes 149180740Sdes Finally, the server and the client enter an authentication dialog. The 150180740Sdes client tries to authenticate itself using host-based authentication, pub- 151180740Sdes lic key authentication, challenge-response authentication, or password 152180740Sdes authentication. 153180740Sdes 154180740Sdes Regardless of the authentication type, the account is checked to ensure 155180740Sdes that it is accessible. An account is not accessible if it is locked, 156180740Sdes listed in DenyUsers or its group is listed in DenyGroups . The defini- 157180740Sdes tion of a locked account is system dependant. Some platforms have their 158180740Sdes own account database (eg AIX) and some modify the passwd field ( `*LK*' 159180740Sdes on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on Tru64, a 160180744Sdes leading `*LOCKED*' on FreeBSD and a leading `!' on most Linuxes). If 161180744Sdes there is a requirement to disable password authentication for the account 162180744Sdes while allowing still public-key, then the passwd field should be set to 163180744Sdes something other than these values (eg `NP' or `*NP*' ). 164180740Sdes 165180740Sdes If the client successfully authenticates itself, a dialog for preparing 166180740Sdes the session is entered. At this time the client may request things like 167180740Sdes allocating a pseudo-tty, forwarding X11 connections, forwarding TCP con- 168180740Sdes nections, or forwarding the authentication agent connection over the se- 169180740Sdes cure channel. 170180740Sdes 171180740Sdes After this, the client either requests a shell or execution of a command. 172180740Sdes The sides then enter session mode. In this mode, either side may send 173180740Sdes data at any time, and such data is forwarded to/from the shell or command 174180740Sdes on the server side, and the user terminal in the client side. 175180740Sdes 176180740Sdes When the user program terminates and all forwarded X11 and other connec- 177180740Sdes tions have been closed, the server sends command exit status to the 178180740Sdes client, and both sides exit. 179180740Sdes 180180740SdesLOGIN PROCESS 181180740Sdes When a user successfully logs in, sshd does the following: 182180740Sdes 183180740Sdes 1. If the login is on a tty, and no command has been specified, 184180740Sdes prints last login time and /etc/motd (unless prevented in the 185180740Sdes configuration file or by ~/.hushlogin; see the FILES section). 186180740Sdes 187180740Sdes 2. If the login is on a tty, records login time. 188180740Sdes 189180740Sdes 3. Checks /etc/nologin; if it exists, prints contents and quits 190180740Sdes (unless root). 191180740Sdes 192180740Sdes 4. Changes to run with normal user privileges. 193180740Sdes 194180740Sdes 5. Sets up basic environment. 195180740Sdes 196180740Sdes 6. Reads the file ~/.ssh/environment, if it exists, and users are 197180740Sdes allowed to change their environment. See the 198180740Sdes PermitUserEnvironment option in sshd_config(5). 199180740Sdes 200180740Sdes 7. Changes to user's home directory. 201180740Sdes 202180740Sdes 8. If ~/.ssh/rc exists, runs it; else if /etc/ssh/sshrc exists, 203180740Sdes runs it; otherwise runs xauth. The ``rc'' files are given the 204180740Sdes X11 authentication protocol and cookie in standard input. See 205180740Sdes SSHRC, below. 206180740Sdes 207180740Sdes 9. Runs user's shell or command. 208180740Sdes 209180740SdesSSHRC 210180740Sdes If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment 211180740Sdes files but before starting the user's shell or command. It must not pro- 212180740Sdes duce any output on stdout; stderr must be used instead. If X11 forward- 213180740Sdes ing is in use, it will receive the "proto cookie" pair in its standard 214180740Sdes input (and DISPLAY in its environment). The script must call xauth(1) 215180740Sdes because sshd will not run xauth automatically to add X11 cookies. 216180740Sdes 217180740Sdes The primary purpose of this file is to run any initialization routines 218180740Sdes which may be needed before the user's home directory becomes accessible; 219180740Sdes AFS is a particular example of such an environment. 220180740Sdes 221180740Sdes This file will probably contain some initialization code followed by 222180740Sdes something similar to: 223180740Sdes 224180740Sdes if read proto cookie && [ -n "$DISPLAY" ]; then 225180740Sdes if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then 226180740Sdes # X11UseLocalhost=yes 227180740Sdes echo add unix:`echo $DISPLAY | 228180740Sdes cut -c11-` $proto $cookie 229180740Sdes else 230180740Sdes # X11UseLocalhost=no 231180740Sdes echo add $DISPLAY $proto $cookie 232180740Sdes fi | xauth -q - 233180740Sdes fi 234180740Sdes 235180740Sdes If this file does not exist, /etc/ssh/sshrc is run, and if that does not 236180740Sdes exist either, xauth is used to add the cookie. 237180740Sdes 238180740SdesAUTHORIZED_KEYS FILE FORMAT 239180740Sdes AuthorizedKeysFile specifies the file containing public keys for public 240180740Sdes key authentication; if none is specified, the default is 241180740Sdes ~/.ssh/authorized_keys. Each line of the file contains one key (empty 242180740Sdes lines and lines starting with a `#' are ignored as comments). Protocol 1 243180740Sdes public keys consist of the following space-separated fields: options, 244180740Sdes bits, exponent, modulus, comment. Protocol 2 public key consist of: op- 245180740Sdes tions, keytype, base64-encoded key, comment. The options field is op- 246180740Sdes tional; its presence is determined by whether the line starts with a num- 247180740Sdes ber or not (the options field never starts with a number). The bits, ex- 248180740Sdes ponent, modulus, and comment fields give the RSA key for protocol version 249180740Sdes 1; the comment field is not used for anything (but may be convenient for 250180740Sdes the user to identify the key). For protocol version 2 the keytype is 251180740Sdes ``ssh-dss'' or ``ssh-rsa''. 252180740Sdes 253180740Sdes Note that lines in this file are usually several hundred bytes long (be- 254180740Sdes cause of the size of the public key encoding) up to a limit of 8 kilo- 255180740Sdes bytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 256180740Sdes kilobits. You don't want to type them in; instead, copy the 257180740Sdes identity.pub, id_dsa.pub, or the id_rsa.pub file and edit it. 258180740Sdes 259180740Sdes sshd enforces a minimum RSA key modulus size for protocol 1 and protocol 260180740Sdes 2 keys of 768 bits. 261180740Sdes 262180740Sdes The options (if present) consist of comma-separated option specifica- 263180740Sdes tions. No spaces are permitted, except within double quotes. The fol- 264180740Sdes lowing option specifications are supported (note that option keywords are 265180740Sdes case-insensitive): 266180740Sdes 267180740Sdes command="command" 268180740Sdes Specifies that the command is executed whenever this key is used 269180740Sdes for authentication. The command supplied by the user (if any) is 270180740Sdes ignored. The command is run on a pty if the client requests a 271180740Sdes pty; otherwise it is run without a tty. If an 8-bit clean chan- 272180740Sdes nel is required, one must not request a pty or should specify no- 273180740Sdes pty. A quote may be included in the command by quoting it with a 274180740Sdes backslash. This option might be useful to restrict certain pub- 275180740Sdes lic keys to perform just a specific operation. An example might 276180740Sdes be a key that permits remote backups but nothing else. Note that 277180740Sdes the client may specify TCP and/or X11 forwarding unless they are 278180740Sdes explicitly prohibited. The command originally supplied by the 279180740Sdes client is available in the SSH_ORIGINAL_COMMAND environment vari- 280180740Sdes able. Note that this option applies to shell, command or subsys- 281180740Sdes tem execution. 282180740Sdes 283180740Sdes environment="NAME=value" 284180740Sdes Specifies that the string is to be added to the environment when 285180740Sdes logging in using this key. Environment variables set this way 286180740Sdes override other default environment values. Multiple options of 287180740Sdes this type are permitted. Environment processing is disabled by 288180740Sdes default and is controlled via the PermitUserEnvironment option. 289180740Sdes This option is automatically disabled if UseLogin is enabled. 290180740Sdes 291180740Sdes from="pattern-list" 292180740Sdes Specifies that in addition to public key authentication, the 293180740Sdes canonical name of the remote host must be present in the comma- 294180740Sdes separated list of patterns. The purpose of this option is to op- 295180740Sdes tionally increase security: public key authentication by itself 296180740Sdes does not trust the network or name servers or anything (but the 297180740Sdes key); however, if somebody somehow steals the key, the key per- 298180740Sdes mits an intruder to log in from anywhere in the world. This ad- 299180740Sdes ditional option makes using a stolen key more difficult (name 300180740Sdes servers and/or routers would have to be compromised in addition 301180740Sdes to just the key). 302180740Sdes 303180740Sdes See PATTERNS in ssh_config(5) for more information on patterns. 304180740Sdes 305180740Sdes no-agent-forwarding 306180740Sdes Forbids authentication agent forwarding when this key is used for 307180740Sdes authentication. 308180740Sdes 309180740Sdes no-port-forwarding 310180740Sdes Forbids TCP forwarding when this key is used for authentication. 311180740Sdes Any port forward requests by the client will return an error. 312180740Sdes This might be used, e.g. in connection with the command option. 313180740Sdes 314180740Sdes no-pty Prevents tty allocation (a request to allocate a pty will fail). 315180740Sdes 316180740Sdes no-X11-forwarding 317180740Sdes Forbids X11 forwarding when this key is used for authentication. 318180740Sdes Any X11 forward requests by the client will return an error. 319180740Sdes 320180740Sdes permitopen="host:port" 321180740Sdes Limit local ``ssh -L'' port forwarding such that it may only con- 322180740Sdes nect to the specified host and port. IPv6 addresses can be spec- 323180740Sdes ified with an alternative syntax: host/port. Multiple permitopen 324180740Sdes options may be applied separated by commas. No pattern matching 325180740Sdes is performed on the specified hostnames, they must be literal do- 326180740Sdes mains or addresses. 327180740Sdes 328180740Sdes tunnel="n" 329180740Sdes Force a tun(4) device on the server. Without this option, the 330180740Sdes next available device will be used if the client requests a tun- 331180740Sdes nel. 332180740Sdes 333180740Sdes An example authorized_keys file: 334180740Sdes 335180740Sdes # Comments allowed at start of line 336180740Sdes ssh-rsa AAAAB3Nza...LiPk== user@example.net 337180740Sdes from="*.sales.example.net,!pc.sales.example.net" ssh-rsa 338180740Sdes AAAAB2...19Q== john@example.net 339180740Sdes command="dump /home",no-pty,no-port-forwarding ssh-dss 340180740Sdes AAAAC3...51R== example.net 341180740Sdes permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss 342180740Sdes AAAAB5...21S== 343180740Sdes tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== 344180740Sdes jane@example.net 345180740Sdes 346180740SdesSSH_KNOWN_HOSTS FILE FORMAT 347180740Sdes The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host 348180740Sdes public keys for all known hosts. The global file should be prepared by 349180740Sdes the administrator (optional), and the per-user file is maintained auto- 350180740Sdes matically: whenever the user connects from an unknown host, its key is 351180740Sdes added to the per-user file. 352180740Sdes 353180740Sdes Each line in these files contains the following fields: hostnames, bits, 354180740Sdes exponent, modulus, comment. The fields are separated by spaces. 355180740Sdes 356180740Sdes Hostnames is a comma-separated list of patterns (`*' and `?' act as wild- 357180740Sdes cards); each pattern in turn is matched against the canonical host name 358180740Sdes (when authenticating a client) or against the user-supplied name (when 359180740Sdes authenticating a server). A pattern may also be preceded by `!' to indi- 360180740Sdes cate negation: if the host name matches a negated pattern, it is not ac- 361180740Sdes cepted (by that line) even if it matched another pattern on the line. A 362180740Sdes hostname or address may optionally be enclosed within `[' and `]' brack- 363180740Sdes ets then followed by `:' and a non-standard port number. 364180740Sdes 365180740Sdes Alternately, hostnames may be stored in a hashed form which hides host 366180740Sdes names and addresses should the file's contents be disclosed. Hashed 367180740Sdes hostnames start with a `|' character. Only one hashed hostname may ap- 368180740Sdes pear on a single line and none of the above negation or wildcard opera- 369180740Sdes tors may be applied. 370180740Sdes 371180740Sdes Bits, exponent, and modulus are taken directly from the RSA host key; 372180740Sdes they can be obtained, for example, from /etc/ssh/ssh_host_key.pub. The 373180740Sdes optional comment field continues to the end of the line, and is not used. 374180740Sdes 375180740Sdes Lines starting with `#' and empty lines are ignored as comments. 376180740Sdes 377180740Sdes When performing host authentication, authentication is accepted if any 378180740Sdes matching line has the proper key. It is thus permissible (but not recom- 379180740Sdes mended) to have several lines or different host keys for the same names. 380180740Sdes This will inevitably happen when short forms of host names from different 381180740Sdes domains are put in the file. It is possible that the files contain con- 382180740Sdes flicting information; authentication is accepted if valid information can 383180740Sdes be found from either file. 384180740Sdes 385180740Sdes Note that the lines in these files are typically hundreds of characters 386180740Sdes long, and you definitely don't want to type in the host keys by hand. 387180740Sdes Rather, generate them by a script or by taking /etc/ssh/ssh_host_key.pub 388180740Sdes and adding the host names at the front. 389180740Sdes 390180740Sdes An example ssh_known_hosts file: 391180740Sdes 392180740Sdes # Comments allowed at start of line 393180740Sdes closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net 394180740Sdes cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= 395180740Sdes # A hashed hostname 396180740Sdes |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa 397180740Sdes AAAA1234.....= 398180740Sdes 399180740SdesFILES 400180740Sdes ~/.hushlogin 401180740Sdes This file is used to suppress printing the last login time and 402180740Sdes /etc/motd, if PrintLastLog and PrintMotd, respectively, are en- 403180740Sdes abled. It does not suppress printing of the banner specified by 404180740Sdes Banner. 405180740Sdes 406180740Sdes ~/.rhosts 407180740Sdes This file is used for host-based authentication (see ssh(1) for 408180740Sdes more information). On some machines this file may need to be 409180740Sdes world-readable if the user's home directory is on an NFS parti- 410180740Sdes tion, because sshd reads it as root. Additionally, this file 411180740Sdes must be owned by the user, and must not have write permissions 412180740Sdes for anyone else. The recommended permission for most machines is 413180740Sdes read/write for the user, and not accessible by others. 414180740Sdes 415180740Sdes ~/.shosts 416180740Sdes This file is used in exactly the same way as .rhosts, but allows 417180740Sdes host-based authentication without permitting login with 418180740Sdes rlogin/rsh. 419180740Sdes 420180740Sdes ~/.ssh/authorized_keys 421180740Sdes Lists the public keys (RSA/DSA) that can be used for logging in 422180740Sdes as this user. The format of this file is described above. The 423180740Sdes content of the file is not highly sensitive, but the recommended 424180740Sdes permissions are read/write for the user, and not accessible by 425180740Sdes others. 426180740Sdes 427180740Sdes If this file, the ~/.ssh directory, or the user's home directory 428180740Sdes are writable by other users, then the file could be modified or 429180740Sdes replaced by unauthorized users. In this case, sshd will not al- 430180740Sdes low it to be used unless the StrictModes option has been set to 431180740Sdes ``no''. The recommended permissions can be set by executing 432180740Sdes ``chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys''. 433180740Sdes 434180740Sdes ~/.ssh/environment 435180740Sdes This file is read into the environment at login (if it exists). 436180740Sdes It can only contain empty lines, comment lines (that start with 437180740Sdes `#'), and assignment lines of the form name=value. The file 438180740Sdes should be writable only by the user; it need not be readable by 439180740Sdes anyone else. Environment processing is disabled by default and 440180740Sdes is controlled via the PermitUserEnvironment option. 441180740Sdes 442180740Sdes ~/.ssh/known_hosts 443180740Sdes Contains a list of host keys for all hosts the user has logged 444180740Sdes into that are not already in the systemwide list of known host 445180740Sdes keys. The format of this file is described above. This file 446180740Sdes should be writable only by root/the owner and can, but need not 447180740Sdes be, world-readable. 448180740Sdes 449180740Sdes ~/.ssh/rc 450180740Sdes Contains initialization routines to be run before the user's home 451180740Sdes directory becomes accessible. This file should be writable only 452180740Sdes by the user, and need not be readable by anyone else. 453180740Sdes 454180740Sdes /etc/hosts.allow 455180740Sdes /etc/hosts.deny 456180740Sdes Access controls that should be enforced by tcp-wrappers are de- 457180740Sdes fined here. Further details are described in hosts_access(5). 458180740Sdes 459180740Sdes /etc/hosts.equiv 460180740Sdes This file is for host-based authentication (see ssh(1)). It 461180740Sdes should only be writable by root. 462180740Sdes 463180740Sdes /etc/moduli 464180740Sdes Contains Diffie-Hellman groups used for the "Diffie-Hellman Group 465180740Sdes Exchange". The file format is described in moduli(5). 466180740Sdes 467180740Sdes /etc/motd 468180740Sdes See motd(5). 469180740Sdes 470180740Sdes /etc/nologin 471180740Sdes If this file exists, sshd refuses to let anyone except root log 472180740Sdes in. The contents of the file are displayed to anyone trying to 473180740Sdes log in, and non-root connections are refused. The file should be 474180740Sdes world-readable. 475180740Sdes 476180740Sdes /etc/shosts.equiv 477180740Sdes This file is used in exactly the same way as hosts.equiv, but al- 478180740Sdes lows host-based authentication without permitting login with 479180740Sdes rlogin/rsh. 480180740Sdes 481180740Sdes /etc/ssh/ssh_host_key 482180740Sdes /etc/ssh/ssh_host_dsa_key 483180740Sdes /etc/ssh/ssh_host_rsa_key 484180740Sdes These three files contain the private parts of the host keys. 485180740Sdes These files should only be owned by root, readable only by root, 486180740Sdes and not accessible to others. Note that sshd does not start if 487180740Sdes these files are group/world-accessible. 488180740Sdes 489180740Sdes /etc/ssh/ssh_host_key.pub 490180740Sdes /etc/ssh/ssh_host_dsa_key.pub 491180740Sdes /etc/ssh/ssh_host_rsa_key.pub 492180740Sdes These three files contain the public parts of the host keys. 493180740Sdes These files should be world-readable but writable only by root. 494180740Sdes Their contents should match the respective private parts. These 495180740Sdes files are not really used for anything; they are provided for the 496180740Sdes convenience of the user so their contents can be copied to known 497180740Sdes hosts files. These files are created using ssh-keygen(1). 498180740Sdes 499180744Sdes /etc/ssh/ssh_known_hosts 500180744Sdes Systemwide list of known host keys. This file should be prepared 501180744Sdes by the system administrator to contain the public host keys of 502180744Sdes all machines in the organization. The format of this file is de- 503180744Sdes scribed above. This file should be writable only by root/the 504180744Sdes owner and should be world-readable. 505180744Sdes 506180740Sdes /etc/ssh/sshd_config 507180740Sdes Contains configuration data for sshd. The file format and con- 508180740Sdes figuration options are described in sshd_config(5). 509180740Sdes 510180740Sdes /etc/ssh/sshrc 511180740Sdes Similar to ~/.ssh/rc, it can be used to specify machine-specific 512180740Sdes login-time initializations globally. This file should be 513180740Sdes writable only by root, and should be world-readable. 514180740Sdes 515180740Sdes /var/empty 516180740Sdes chroot(2) directory used by sshd during privilege separation in 517180740Sdes the pre-authentication phase. The directory should not contain 518180740Sdes any files and must be owned by root and not group or world- 519180740Sdes writable. 520180740Sdes 521180740Sdes /var/run/sshd.pid 522180740Sdes Contains the process ID of the sshd listening for connections (if 523180740Sdes there are several daemons running concurrently for different 524180740Sdes ports, this contains the process ID of the one started last). 525180740Sdes The content of this file is not sensitive; it can be world-read- 526180740Sdes able. 527180740Sdes 528180740SdesSEE ALSO 529180740Sdes scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), 530180744Sdes ssh-keyscan(1), chroot(2), hosts_access(5), login.conf(5), moduli(5), 531180744Sdes sshd_config(5), inetd(8), sftp-server(8) 532180740Sdes 533180740SdesAUTHORS 534180740Sdes OpenSSH is a derivative of the original and free ssh 1.2.12 release by 535180740Sdes Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 536180740Sdes de Raadt and Dug Song removed many bugs, re-added newer features and cre- 537180740Sdes ated OpenSSH. Markus Friedl contributed the support for SSH protocol 538180740Sdes versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 539180740Sdes for privilege separation. 540180740Sdes 541180740SdesCAVEATS 542180740Sdes System security is not improved unless rshd, rlogind, and rexecd are dis- 543180740Sdes abled (thus completely disabling rlogin and rsh into the machine). 544180740Sdes 545180744SdesOpenBSD 4.2 August 16, 2007 9 546