sshd.0 revision 180750
1180740SdesSSHD(8) OpenBSD System Manager's Manual SSHD(8) 2180740Sdes 3180740SdesNAME 4180740Sdes sshd - OpenSSH SSH daemon 5180740Sdes 6180740SdesSYNOPSIS 7180750Sdes sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-f config_file] 8180750Sdes [-g login_grace_time] [-h host_key_file] [-k key_gen_time] 9180750Sdes [-o option] [-p port] [-u len] 10180740Sdes 11180740SdesDESCRIPTION 12180740Sdes sshd (OpenSSH Daemon) is the daemon program for ssh(1). Together these 13180744Sdes programs replace rlogin(1) and rsh(1), and provide secure encrypted com- 14180744Sdes munications between two untrusted hosts over an insecure network. 15180740Sdes 16180740Sdes sshd listens for connections from clients. It is normally started at 17180740Sdes boot from /etc/rc. It forks a new daemon for each incoming connection. 18180740Sdes The forked daemons handle key exchange, encryption, authentication, com- 19180740Sdes mand execution, and data exchange. 20180740Sdes 21180740Sdes sshd can be configured using command-line options or a configuration file 22180740Sdes (by default sshd_config(5)); command-line options override values speci- 23180740Sdes fied in the configuration file. sshd rereads its configuration file when 24180740Sdes it receives a hangup signal, SIGHUP, by executing itself with the name 25180740Sdes and options it was started with, e.g. /usr/sbin/sshd. 26180740Sdes 27180740Sdes The options are as follows: 28180740Sdes 29180740Sdes -4 Forces sshd to use IPv4 addresses only. 30180740Sdes 31180740Sdes -6 Forces sshd to use IPv6 addresses only. 32180740Sdes 33180740Sdes -b bits 34180740Sdes Specifies the number of bits in the ephemeral protocol version 1 35180750Sdes server key (default 1024). 36180740Sdes 37180750Sdes -C connection_spec 38180750Sdes Specify the connection parameters to use for the -T extended test 39180750Sdes mode. If provided, any Match directives in the configuration 40180750Sdes file that would apply to the specified user, host, and address 41180750Sdes will be set before the configuration is written to standard out- 42180750Sdes put. The connection parameters are supplied as keyword=value 43180750Sdes pairs. The keywords are ``user'', ``host'', and ``addr''. All 44180750Sdes are required and may be supplied in any order, either with multi- 45180750Sdes ple -C options or as a comma-separated list. 46180750Sdes 47180740Sdes -D When this option is specified, sshd will not detach and does not 48180740Sdes become a daemon. This allows easy monitoring of sshd. 49180740Sdes 50180740Sdes -d Debug mode. The server sends verbose debug output to the system 51180740Sdes log, and does not put itself in the background. The server also 52180740Sdes will not fork and will only process one connection. This option 53180740Sdes is only intended for debugging for the server. Multiple -d op- 54180740Sdes tions increase the debugging level. Maximum is 3. 55180740Sdes 56180740Sdes -e When this option is specified, sshd will send the output to the 57180740Sdes standard error instead of the system log. 58180740Sdes 59180744Sdes -f config_file 60180740Sdes Specifies the name of the configuration file. The default is 61180740Sdes /etc/ssh/sshd_config. sshd refuses to start if there is no con- 62180740Sdes figuration file. 63180740Sdes 64180740Sdes -g login_grace_time 65180740Sdes Gives the grace time for clients to authenticate themselves (de- 66180740Sdes fault 120 seconds). If the client fails to authenticate the user 67180740Sdes within this many seconds, the server disconnects and exits. A 68180740Sdes value of zero indicates no limit. 69180740Sdes 70180740Sdes -h host_key_file 71180740Sdes Specifies a file from which a host key is read. This option must 72180740Sdes be given if sshd is not run as root (as the normal host key files 73180740Sdes are normally not readable by anyone but root). The default is 74180740Sdes /etc/ssh/ssh_host_key for protocol version 1, and 75180740Sdes /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for pro- 76180740Sdes tocol version 2. It is possible to have multiple host key files 77180740Sdes for the different protocol versions and host key algorithms. 78180740Sdes 79180740Sdes -i Specifies that sshd is being run from inetd(8). sshd is normally 80180740Sdes not run from inetd because it needs to generate the server key 81180740Sdes before it can respond to the client, and this may take tens of 82180740Sdes seconds. Clients would have to wait too long if the key was re- 83180740Sdes generated every time. However, with small key sizes (e.g. 512) 84180740Sdes using sshd from inetd may be feasible. 85180740Sdes 86180740Sdes -k key_gen_time 87180740Sdes Specifies how often the ephemeral protocol version 1 server key 88180740Sdes is regenerated (default 3600 seconds, or one hour). The motiva- 89180740Sdes tion for regenerating the key fairly often is that the key is not 90180740Sdes stored anywhere, and after about an hour it becomes impossible to 91180740Sdes recover the key for decrypting intercepted communications even if 92180740Sdes the machine is cracked into or physically seized. A value of ze- 93180740Sdes ro indicates that the key will never be regenerated. 94180740Sdes 95180740Sdes -o option 96180740Sdes Can be used to give options in the format used in the configura- 97180740Sdes tion file. This is useful for specifying options for which there 98180740Sdes is no separate command-line flag. For full details of the op- 99180740Sdes tions, and their values, see sshd_config(5). 100180740Sdes 101180740Sdes -p port 102180740Sdes Specifies the port on which the server listens for connections 103180740Sdes (default 22). Multiple port options are permitted. Ports speci- 104180740Sdes fied in the configuration file with the Port option are ignored 105180740Sdes when a command-line port is specified. Ports specified using the 106180740Sdes ListenAddress option override command-line ports. 107180740Sdes 108180740Sdes -q Quiet mode. Nothing is sent to the system log. Normally the be- 109180740Sdes ginning, authentication, and termination of each connection is 110180740Sdes logged. 111180740Sdes 112180750Sdes -T Extended test mode. Check the validity of the configuration 113180750Sdes file, output the effective configuration to stdout and then exit. 114180750Sdes Optionally, Match rules may be applied by specifying the connec- 115180750Sdes tion parameters using one or more -C options. 116180750Sdes 117180740Sdes -t Test mode. Only check the validity of the configuration file and 118180740Sdes sanity of the keys. This is useful for updating sshd reliably as 119180740Sdes configuration options may change. 120180740Sdes 121180740Sdes -u len This option is used to specify the size of the field in the utmp 122180740Sdes structure that holds the remote host name. If the resolved host 123180740Sdes name is longer than len, the dotted decimal value will be used 124180740Sdes instead. This allows hosts with very long host names that over- 125180740Sdes flow this field to still be uniquely identified. Specifying -u0 126180740Sdes indicates that only dotted decimal addresses should be put into 127180740Sdes the utmp file. -u0 may also be used to prevent sshd from making 128180740Sdes DNS requests unless the authentication mechanism or configuration 129180740Sdes requires it. Authentication mechanisms that may require DNS in- 130180740Sdes clude RhostsRSAAuthentication, HostbasedAuthentication, and using 131180740Sdes a from="pattern-list" option in a key file. Configuration op- 132180740Sdes tions that require DNS include using a USER@HOST pattern in 133180740Sdes AllowUsers or DenyUsers. 134180740Sdes 135180740SdesAUTHENTICATION 136180740Sdes The OpenSSH SSH daemon supports SSH protocols 1 and 2. Both protocols 137180740Sdes are supported by default, though this can be changed via the Protocol op- 138180740Sdes tion in sshd_config(5). Protocol 2 supports both RSA and DSA keys; pro- 139180740Sdes tocol 1 only supports RSA keys. For both protocols, each host has a 140180740Sdes host-specific key, normally 2048 bits, used to identify the host. 141180740Sdes 142180740Sdes Forward security for protocol 1 is provided through an additional server 143180740Sdes key, normally 768 bits, generated when the server starts. This key is 144180740Sdes normally regenerated every hour if it has been used, and is never stored 145180740Sdes on disk. Whenever a client connects, the daemon responds with its public 146180740Sdes host and server keys. The client compares the RSA host key against its 147180740Sdes own database to verify that it has not changed. The client then gener- 148180740Sdes ates a 256-bit random number. It encrypts this random number using both 149180740Sdes the host key and the server key, and sends the encrypted number to the 150180740Sdes server. Both sides then use this random number as a session key which is 151180740Sdes used to encrypt all further communications in the session. The rest of 152180740Sdes the session is encrypted using a conventional cipher, currently Blowfish 153180740Sdes or 3DES, with 3DES being used by default. The client selects the encryp- 154180740Sdes tion algorithm to use from those offered by the server. 155180740Sdes 156180740Sdes For protocol 2, forward security is provided through a Diffie-Hellman key 157180740Sdes agreement. This key agreement results in a shared session key. The rest 158180740Sdes of the session is encrypted using a symmetric cipher, currently 128-bit 159180740Sdes AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The 160180740Sdes client selects the encryption algorithm to use from those offered by the 161180740Sdes server. Additionally, session integrity is provided through a crypto- 162180744Sdes graphic message authentication code (hmac-md5, hmac-sha1, umac-64 or 163180744Sdes hmac-ripemd160). 164180740Sdes 165180740Sdes Finally, the server and the client enter an authentication dialog. The 166180740Sdes client tries to authenticate itself using host-based authentication, pub- 167180740Sdes lic key authentication, challenge-response authentication, or password 168180740Sdes authentication. 169180740Sdes 170180740Sdes Regardless of the authentication type, the account is checked to ensure 171180740Sdes that it is accessible. An account is not accessible if it is locked, 172180740Sdes listed in DenyUsers or its group is listed in DenyGroups . The defini- 173180740Sdes tion of a locked account is system dependant. Some platforms have their 174180740Sdes own account database (eg AIX) and some modify the passwd field ( `*LK*' 175180740Sdes on Solaris and UnixWare, `*' on HP-UX, containing `Nologin' on Tru64, a 176180744Sdes leading `*LOCKED*' on FreeBSD and a leading `!' on most Linuxes). If 177180744Sdes there is a requirement to disable password authentication for the account 178180744Sdes while allowing still public-key, then the passwd field should be set to 179180744Sdes something other than these values (eg `NP' or `*NP*' ). 180180740Sdes 181180740Sdes If the client successfully authenticates itself, a dialog for preparing 182180740Sdes the session is entered. At this time the client may request things like 183180740Sdes allocating a pseudo-tty, forwarding X11 connections, forwarding TCP con- 184180740Sdes nections, or forwarding the authentication agent connection over the se- 185180740Sdes cure channel. 186180740Sdes 187180740Sdes After this, the client either requests a shell or execution of a command. 188180740Sdes The sides then enter session mode. In this mode, either side may send 189180740Sdes data at any time, and such data is forwarded to/from the shell or command 190180740Sdes on the server side, and the user terminal in the client side. 191180740Sdes 192180740Sdes When the user program terminates and all forwarded X11 and other connec- 193180740Sdes tions have been closed, the server sends command exit status to the 194180740Sdes client, and both sides exit. 195180740Sdes 196180740SdesLOGIN PROCESS 197180740Sdes When a user successfully logs in, sshd does the following: 198180740Sdes 199180740Sdes 1. If the login is on a tty, and no command has been specified, 200180740Sdes prints last login time and /etc/motd (unless prevented in the 201180740Sdes configuration file or by ~/.hushlogin; see the FILES section). 202180740Sdes 203180740Sdes 2. If the login is on a tty, records login time. 204180740Sdes 205180740Sdes 3. Checks /etc/nologin; if it exists, prints contents and quits 206180740Sdes (unless root). 207180740Sdes 208180740Sdes 4. Changes to run with normal user privileges. 209180740Sdes 210180740Sdes 5. Sets up basic environment. 211180740Sdes 212180740Sdes 6. Reads the file ~/.ssh/environment, if it exists, and users are 213180740Sdes allowed to change their environment. See the 214180740Sdes PermitUserEnvironment option in sshd_config(5). 215180740Sdes 216180740Sdes 7. Changes to user's home directory. 217180740Sdes 218180740Sdes 8. If ~/.ssh/rc exists, runs it; else if /etc/ssh/sshrc exists, 219180740Sdes runs it; otherwise runs xauth. The ``rc'' files are given the 220180740Sdes X11 authentication protocol and cookie in standard input. See 221180740Sdes SSHRC, below. 222180740Sdes 223180740Sdes 9. Runs user's shell or command. 224180740Sdes 225180740SdesSSHRC 226180740Sdes If the file ~/.ssh/rc exists, sh(1) runs it after reading the environment 227180740Sdes files but before starting the user's shell or command. It must not pro- 228180740Sdes duce any output on stdout; stderr must be used instead. If X11 forward- 229180740Sdes ing is in use, it will receive the "proto cookie" pair in its standard 230180740Sdes input (and DISPLAY in its environment). The script must call xauth(1) 231180740Sdes because sshd will not run xauth automatically to add X11 cookies. 232180740Sdes 233180740Sdes The primary purpose of this file is to run any initialization routines 234180740Sdes which may be needed before the user's home directory becomes accessible; 235180740Sdes AFS is a particular example of such an environment. 236180740Sdes 237180740Sdes This file will probably contain some initialization code followed by 238180740Sdes something similar to: 239180740Sdes 240180740Sdes if read proto cookie && [ -n "$DISPLAY" ]; then 241180740Sdes if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then 242180740Sdes # X11UseLocalhost=yes 243180740Sdes echo add unix:`echo $DISPLAY | 244180740Sdes cut -c11-` $proto $cookie 245180740Sdes else 246180740Sdes # X11UseLocalhost=no 247180740Sdes echo add $DISPLAY $proto $cookie 248180740Sdes fi | xauth -q - 249180740Sdes fi 250180740Sdes 251180740Sdes If this file does not exist, /etc/ssh/sshrc is run, and if that does not 252180740Sdes exist either, xauth is used to add the cookie. 253180740Sdes 254180740SdesAUTHORIZED_KEYS FILE FORMAT 255180740Sdes AuthorizedKeysFile specifies the file containing public keys for public 256180740Sdes key authentication; if none is specified, the default is 257180740Sdes ~/.ssh/authorized_keys. Each line of the file contains one key (empty 258180740Sdes lines and lines starting with a `#' are ignored as comments). Protocol 1 259180740Sdes public keys consist of the following space-separated fields: options, 260180740Sdes bits, exponent, modulus, comment. Protocol 2 public key consist of: op- 261180740Sdes tions, keytype, base64-encoded key, comment. The options field is op- 262180740Sdes tional; its presence is determined by whether the line starts with a num- 263180740Sdes ber or not (the options field never starts with a number). The bits, ex- 264180740Sdes ponent, modulus, and comment fields give the RSA key for protocol version 265180740Sdes 1; the comment field is not used for anything (but may be convenient for 266180740Sdes the user to identify the key). For protocol version 2 the keytype is 267180740Sdes ``ssh-dss'' or ``ssh-rsa''. 268180740Sdes 269180740Sdes Note that lines in this file are usually several hundred bytes long (be- 270180740Sdes cause of the size of the public key encoding) up to a limit of 8 kilo- 271180740Sdes bytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16 272180740Sdes kilobits. You don't want to type them in; instead, copy the 273180740Sdes identity.pub, id_dsa.pub, or the id_rsa.pub file and edit it. 274180740Sdes 275180740Sdes sshd enforces a minimum RSA key modulus size for protocol 1 and protocol 276180740Sdes 2 keys of 768 bits. 277180740Sdes 278180740Sdes The options (if present) consist of comma-separated option specifica- 279180740Sdes tions. No spaces are permitted, except within double quotes. The fol- 280180740Sdes lowing option specifications are supported (note that option keywords are 281180740Sdes case-insensitive): 282180740Sdes 283180740Sdes command="command" 284180740Sdes Specifies that the command is executed whenever this key is used 285180740Sdes for authentication. The command supplied by the user (if any) is 286180740Sdes ignored. The command is run on a pty if the client requests a 287180740Sdes pty; otherwise it is run without a tty. If an 8-bit clean chan- 288180740Sdes nel is required, one must not request a pty or should specify no- 289180740Sdes pty. A quote may be included in the command by quoting it with a 290180740Sdes backslash. This option might be useful to restrict certain pub- 291180740Sdes lic keys to perform just a specific operation. An example might 292180740Sdes be a key that permits remote backups but nothing else. Note that 293180740Sdes the client may specify TCP and/or X11 forwarding unless they are 294180740Sdes explicitly prohibited. The command originally supplied by the 295180740Sdes client is available in the SSH_ORIGINAL_COMMAND environment vari- 296180740Sdes able. Note that this option applies to shell, command or subsys- 297180740Sdes tem execution. 298180740Sdes 299180740Sdes environment="NAME=value" 300180740Sdes Specifies that the string is to be added to the environment when 301180740Sdes logging in using this key. Environment variables set this way 302180740Sdes override other default environment values. Multiple options of 303180740Sdes this type are permitted. Environment processing is disabled by 304180740Sdes default and is controlled via the PermitUserEnvironment option. 305180740Sdes This option is automatically disabled if UseLogin is enabled. 306180740Sdes 307180740Sdes from="pattern-list" 308180750Sdes Specifies that in addition to public key authentication, either 309180750Sdes the canonical name of the remote host or its IP address must be 310180750Sdes present in the comma-separated list of patterns. See PATTERNS in 311180750Sdes ssh_config(5) for more information on patterns. 312180740Sdes 313180750Sdes In addition to the wildcard matching that may be applied to host- 314180750Sdes names or addresses, a from stanza may match IP addressess using 315180750Sdes CIDR address/masklen notation. 316180740Sdes 317180750Sdes The purpose of this option is to optionally increase security: 318180750Sdes public key authentication by itself does not trust the network or 319180750Sdes name servers or anything (but the key); however, if somebody 320180750Sdes somehow steals the key, the key permits an intruder to log in 321180750Sdes from anywhere in the world. This additional option makes using a 322180750Sdes stolen key more difficult (name servers and/or routers would have 323180750Sdes to be compromised in addition to just the key). 324180750Sdes 325180740Sdes no-agent-forwarding 326180740Sdes Forbids authentication agent forwarding when this key is used for 327180740Sdes authentication. 328180740Sdes 329180740Sdes no-port-forwarding 330180740Sdes Forbids TCP forwarding when this key is used for authentication. 331180740Sdes Any port forward requests by the client will return an error. 332180740Sdes This might be used, e.g. in connection with the command option. 333180740Sdes 334180740Sdes no-pty Prevents tty allocation (a request to allocate a pty will fail). 335180740Sdes 336180746Sdes no-user-rc 337180746Sdes Disables execution of ~/.ssh/rc. 338180746Sdes 339180740Sdes no-X11-forwarding 340180740Sdes Forbids X11 forwarding when this key is used for authentication. 341180740Sdes Any X11 forward requests by the client will return an error. 342180740Sdes 343180740Sdes permitopen="host:port" 344180740Sdes Limit local ``ssh -L'' port forwarding such that it may only con- 345180740Sdes nect to the specified host and port. IPv6 addresses can be spec- 346180740Sdes ified with an alternative syntax: host/port. Multiple permitopen 347180740Sdes options may be applied separated by commas. No pattern matching 348180740Sdes is performed on the specified hostnames, they must be literal do- 349180740Sdes mains or addresses. 350180740Sdes 351180740Sdes tunnel="n" 352180740Sdes Force a tun(4) device on the server. Without this option, the 353180740Sdes next available device will be used if the client requests a tun- 354180740Sdes nel. 355180740Sdes 356180740Sdes An example authorized_keys file: 357180740Sdes 358180740Sdes # Comments allowed at start of line 359180740Sdes ssh-rsa AAAAB3Nza...LiPk== user@example.net 360180740Sdes from="*.sales.example.net,!pc.sales.example.net" ssh-rsa 361180740Sdes AAAAB2...19Q== john@example.net 362180740Sdes command="dump /home",no-pty,no-port-forwarding ssh-dss 363180740Sdes AAAAC3...51R== example.net 364180740Sdes permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-dss 365180740Sdes AAAAB5...21S== 366180740Sdes tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== 367180740Sdes jane@example.net 368180740Sdes 369180740SdesSSH_KNOWN_HOSTS FILE FORMAT 370180740Sdes The /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts files contain host 371180740Sdes public keys for all known hosts. The global file should be prepared by 372180740Sdes the administrator (optional), and the per-user file is maintained auto- 373180740Sdes matically: whenever the user connects from an unknown host, its key is 374180740Sdes added to the per-user file. 375180740Sdes 376180740Sdes Each line in these files contains the following fields: hostnames, bits, 377180740Sdes exponent, modulus, comment. The fields are separated by spaces. 378180740Sdes 379180740Sdes Hostnames is a comma-separated list of patterns (`*' and `?' act as wild- 380180740Sdes cards); each pattern in turn is matched against the canonical host name 381180740Sdes (when authenticating a client) or against the user-supplied name (when 382180740Sdes authenticating a server). A pattern may also be preceded by `!' to indi- 383180740Sdes cate negation: if the host name matches a negated pattern, it is not ac- 384180740Sdes cepted (by that line) even if it matched another pattern on the line. A 385180740Sdes hostname or address may optionally be enclosed within `[' and `]' brack- 386180740Sdes ets then followed by `:' and a non-standard port number. 387180740Sdes 388180740Sdes Alternately, hostnames may be stored in a hashed form which hides host 389180740Sdes names and addresses should the file's contents be disclosed. Hashed 390180740Sdes hostnames start with a `|' character. Only one hashed hostname may ap- 391180740Sdes pear on a single line and none of the above negation or wildcard opera- 392180740Sdes tors may be applied. 393180740Sdes 394180740Sdes Bits, exponent, and modulus are taken directly from the RSA host key; 395180740Sdes they can be obtained, for example, from /etc/ssh/ssh_host_key.pub. The 396180740Sdes optional comment field continues to the end of the line, and is not used. 397180740Sdes 398180740Sdes Lines starting with `#' and empty lines are ignored as comments. 399180740Sdes 400180740Sdes When performing host authentication, authentication is accepted if any 401180740Sdes matching line has the proper key. It is thus permissible (but not recom- 402180740Sdes mended) to have several lines or different host keys for the same names. 403180740Sdes This will inevitably happen when short forms of host names from different 404180740Sdes domains are put in the file. It is possible that the files contain con- 405180740Sdes flicting information; authentication is accepted if valid information can 406180740Sdes be found from either file. 407180740Sdes 408180740Sdes Note that the lines in these files are typically hundreds of characters 409180740Sdes long, and you definitely don't want to type in the host keys by hand. 410180740Sdes Rather, generate them by a script or by taking /etc/ssh/ssh_host_key.pub 411180740Sdes and adding the host names at the front. 412180740Sdes 413180740Sdes An example ssh_known_hosts file: 414180740Sdes 415180740Sdes # Comments allowed at start of line 416180740Sdes closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net 417180740Sdes cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....= 418180740Sdes # A hashed hostname 419180740Sdes |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa 420180740Sdes AAAA1234.....= 421180740Sdes 422180740SdesFILES 423180740Sdes ~/.hushlogin 424180740Sdes This file is used to suppress printing the last login time and 425180740Sdes /etc/motd, if PrintLastLog and PrintMotd, respectively, are en- 426180740Sdes abled. It does not suppress printing of the banner specified by 427180740Sdes Banner. 428180740Sdes 429180740Sdes ~/.rhosts 430180740Sdes This file is used for host-based authentication (see ssh(1) for 431180740Sdes more information). On some machines this file may need to be 432180740Sdes world-readable if the user's home directory is on an NFS parti- 433180740Sdes tion, because sshd reads it as root. Additionally, this file 434180740Sdes must be owned by the user, and must not have write permissions 435180740Sdes for anyone else. The recommended permission for most machines is 436180740Sdes read/write for the user, and not accessible by others. 437180740Sdes 438180740Sdes ~/.shosts 439180740Sdes This file is used in exactly the same way as .rhosts, but allows 440180740Sdes host-based authentication without permitting login with 441180740Sdes rlogin/rsh. 442180740Sdes 443180746Sdes ~/.ssh/ 444180746Sdes This directory is the default location for all user-specific con- 445180746Sdes figuration and authentication information. There is no general 446180746Sdes requirement to keep the entire contents of this directory secret, 447180746Sdes but the recommended permissions are read/write/execute for the 448180746Sdes user, and not accessible by others. 449180746Sdes 450180740Sdes ~/.ssh/authorized_keys 451180740Sdes Lists the public keys (RSA/DSA) that can be used for logging in 452180740Sdes as this user. The format of this file is described above. The 453180740Sdes content of the file is not highly sensitive, but the recommended 454180740Sdes permissions are read/write for the user, and not accessible by 455180740Sdes others. 456180740Sdes 457180740Sdes If this file, the ~/.ssh directory, or the user's home directory 458180740Sdes are writable by other users, then the file could be modified or 459180740Sdes replaced by unauthorized users. In this case, sshd will not al- 460180740Sdes low it to be used unless the StrictModes option has been set to 461180740Sdes ``no''. The recommended permissions can be set by executing 462180740Sdes ``chmod go-w ~/ ~/.ssh ~/.ssh/authorized_keys''. 463180740Sdes 464180740Sdes ~/.ssh/environment 465180740Sdes This file is read into the environment at login (if it exists). 466180740Sdes It can only contain empty lines, comment lines (that start with 467180740Sdes `#'), and assignment lines of the form name=value. The file 468180740Sdes should be writable only by the user; it need not be readable by 469180740Sdes anyone else. Environment processing is disabled by default and 470180740Sdes is controlled via the PermitUserEnvironment option. 471180740Sdes 472180740Sdes ~/.ssh/known_hosts 473180740Sdes Contains a list of host keys for all hosts the user has logged 474180740Sdes into that are not already in the systemwide list of known host 475180740Sdes keys. The format of this file is described above. This file 476180740Sdes should be writable only by root/the owner and can, but need not 477180740Sdes be, world-readable. 478180740Sdes 479180740Sdes ~/.ssh/rc 480180740Sdes Contains initialization routines to be run before the user's home 481180740Sdes directory becomes accessible. This file should be writable only 482180740Sdes by the user, and need not be readable by anyone else. 483180740Sdes 484180740Sdes /etc/hosts.allow 485180740Sdes /etc/hosts.deny 486180740Sdes Access controls that should be enforced by tcp-wrappers are de- 487180740Sdes fined here. Further details are described in hosts_access(5). 488180740Sdes 489180740Sdes /etc/hosts.equiv 490180740Sdes This file is for host-based authentication (see ssh(1)). It 491180740Sdes should only be writable by root. 492180740Sdes 493180740Sdes /etc/moduli 494180740Sdes Contains Diffie-Hellman groups used for the "Diffie-Hellman Group 495180740Sdes Exchange". The file format is described in moduli(5). 496180740Sdes 497180740Sdes /etc/motd 498180740Sdes See motd(5). 499180740Sdes 500180740Sdes /etc/nologin 501180740Sdes If this file exists, sshd refuses to let anyone except root log 502180740Sdes in. The contents of the file are displayed to anyone trying to 503180740Sdes log in, and non-root connections are refused. The file should be 504180740Sdes world-readable. 505180740Sdes 506180740Sdes /etc/shosts.equiv 507180740Sdes This file is used in exactly the same way as hosts.equiv, but al- 508180740Sdes lows host-based authentication without permitting login with 509180740Sdes rlogin/rsh. 510180740Sdes 511180740Sdes /etc/ssh/ssh_host_key 512180740Sdes /etc/ssh/ssh_host_dsa_key 513180740Sdes /etc/ssh/ssh_host_rsa_key 514180740Sdes These three files contain the private parts of the host keys. 515180740Sdes These files should only be owned by root, readable only by root, 516180740Sdes and not accessible to others. Note that sshd does not start if 517180740Sdes these files are group/world-accessible. 518180740Sdes 519180740Sdes /etc/ssh/ssh_host_key.pub 520180740Sdes /etc/ssh/ssh_host_dsa_key.pub 521180740Sdes /etc/ssh/ssh_host_rsa_key.pub 522180740Sdes These three files contain the public parts of the host keys. 523180740Sdes These files should be world-readable but writable only by root. 524180740Sdes Their contents should match the respective private parts. These 525180740Sdes files are not really used for anything; they are provided for the 526180740Sdes convenience of the user so their contents can be copied to known 527180740Sdes hosts files. These files are created using ssh-keygen(1). 528180740Sdes 529180744Sdes /etc/ssh/ssh_known_hosts 530180744Sdes Systemwide list of known host keys. This file should be prepared 531180744Sdes by the system administrator to contain the public host keys of 532180744Sdes all machines in the organization. The format of this file is de- 533180744Sdes scribed above. This file should be writable only by root/the 534180744Sdes owner and should be world-readable. 535180744Sdes 536180740Sdes /etc/ssh/sshd_config 537180740Sdes Contains configuration data for sshd. The file format and con- 538180740Sdes figuration options are described in sshd_config(5). 539180740Sdes 540180740Sdes /etc/ssh/sshrc 541180740Sdes Similar to ~/.ssh/rc, it can be used to specify machine-specific 542180740Sdes login-time initializations globally. This file should be 543180740Sdes writable only by root, and should be world-readable. 544180740Sdes 545180740Sdes /var/empty 546180740Sdes chroot(2) directory used by sshd during privilege separation in 547180740Sdes the pre-authentication phase. The directory should not contain 548180740Sdes any files and must be owned by root and not group or world- 549180740Sdes writable. 550180740Sdes 551180740Sdes /var/run/sshd.pid 552180740Sdes Contains the process ID of the sshd listening for connections (if 553180740Sdes there are several daemons running concurrently for different 554180740Sdes ports, this contains the process ID of the one started last). 555180740Sdes The content of this file is not sensitive; it can be world-read- 556180740Sdes able. 557180740Sdes 558180740SdesSEE ALSO 559180740Sdes scp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), 560180744Sdes ssh-keyscan(1), chroot(2), hosts_access(5), login.conf(5), moduli(5), 561180744Sdes sshd_config(5), inetd(8), sftp-server(8) 562180740Sdes 563180740SdesAUTHORS 564180740Sdes OpenSSH is a derivative of the original and free ssh 1.2.12 release by 565180740Sdes Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 566180740Sdes de Raadt and Dug Song removed many bugs, re-added newer features and cre- 567180740Sdes ated OpenSSH. Markus Friedl contributed the support for SSH protocol 568180740Sdes versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 569180740Sdes for privilege separation. 570180740Sdes 571180740SdesCAVEATS 572180740Sdes System security is not improved unless rshd, rlogind, and rexecd are dis- 573180740Sdes abled (thus completely disabling rlogin and rsh into the machine). 574180740Sdes 575180750SdesOpenBSD 4.4 July 2, 2008 9 576