sshd_config.0 revision 262566
1180740SdesSSHD_CONFIG(5) OpenBSD Programmer's Manual SSHD_CONFIG(5) 2180740Sdes 3180740SdesNAME 4180740Sdes sshd_config - OpenSSH SSH daemon configuration file 5180740Sdes 6180740SdesSYNOPSIS 7180740Sdes /etc/ssh/sshd_config 8180740Sdes 9180740SdesDESCRIPTION 10180740Sdes sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file 11214979Sdes specified with -f on the command line). The file contains keyword- 12214979Sdes argument pairs, one per line. Lines starting with `#' and empty lines 13214979Sdes are interpreted as comments. Arguments may optionally be enclosed in 14214979Sdes double quotes (") in order to represent arguments containing spaces. 15180740Sdes 16214979Sdes The possible keywords and their meanings are as follows (note that 17214979Sdes keywords are case-insensitive and arguments are case-sensitive): 18180740Sdes 19180740Sdes AcceptEnv 20180740Sdes Specifies what environment variables sent by the client will be 21180740Sdes copied into the session's environ(7). See SendEnv in 22214979Sdes ssh_config(5) for how to configure the client. Note that 23214979Sdes environment passing is only supported for protocol 2. Variables 24214979Sdes are specified by name, which may contain the wildcard characters 25214979Sdes `*' and `?'. Multiple environment variables may be separated by 26180740Sdes whitespace or spread across multiple AcceptEnv directives. Be 27180740Sdes warned that some environment variables could be used to bypass 28180740Sdes restricted user environments. For this reason, care should be 29180740Sdes taken in the use of this directive. The default is not to accept 30180740Sdes any environment variables. 31180740Sdes 32180740Sdes AddressFamily 33180740Sdes Specifies which address family should be used by sshd(8). Valid 34180740Sdes arguments are ``any'', ``inet'' (use IPv4 only), or ``inet6'' 35180740Sdes (use IPv6 only). The default is ``any''. 36180740Sdes 37180750Sdes AllowAgentForwarding 38214979Sdes Specifies whether ssh-agent(1) forwarding is permitted. The 39214979Sdes default is ``yes''. Note that disabling agent forwarding does 40214979Sdes not improve security unless users are also denied shell access, 41214979Sdes as they can always install their own forwarders. 42180750Sdes 43180740Sdes AllowGroups 44180740Sdes This keyword can be followed by a list of group name patterns, 45180740Sdes separated by spaces. If specified, login is allowed only for 46180740Sdes users whose primary group or supplementary group list matches one 47180740Sdes of the patterns. Only group names are valid; a numerical group 48180740Sdes ID is not recognized. By default, login is allowed for all 49180740Sdes groups. The allow/deny directives are processed in the following 50180740Sdes order: DenyUsers, AllowUsers, DenyGroups, and finally 51180740Sdes AllowGroups. 52180740Sdes 53180740Sdes See PATTERNS in ssh_config(5) for more information on patterns. 54180740Sdes 55180740Sdes AllowTcpForwarding 56180740Sdes Specifies whether TCP forwarding is permitted. The available 57214979Sdes options are ``yes'' or ``all'' to allow TCP forwarding, ``no'' to 58214979Sdes prevent all TCP forwarding, ``local'' to allow local (from the 59214979Sdes perspective of ssh(1)) forwarding only or ``remote'' to allow 60180740Sdes remote forwarding only. The default is ``yes''. Note that 61180740Sdes disabling TCP forwarding does not improve security unless users 62180740Sdes are also denied shell access, as they can always install their 63214979Sdes own forwarders. 64214979Sdes 65180740Sdes AllowUsers 66214979Sdes This keyword can be followed by a list of user name patterns, 67214979Sdes separated by spaces. If specified, login is allowed only for 68180740Sdes user names that match one of the patterns. Only user names are 69180740Sdes valid; a numerical user ID is not recognized. By default, login 70180740Sdes is allowed for all users. If the pattern takes the form 71180740Sdes USER@HOST then USER and HOST are separately checked, restricting 72180740Sdes logins to particular users from particular hosts. The allow/deny 73180740Sdes directives are processed in the following order: DenyUsers, 74180740Sdes AllowUsers, DenyGroups, and finally AllowGroups. 75180740Sdes 76214979Sdes See PATTERNS in ssh_config(5) for more information on patterns. 77214979Sdes 78214979Sdes AuthenticationMethods 79214979Sdes Specifies the authentication methods that must be successfully 80214979Sdes completed for a user to be granted access. This option must be 81214979Sdes followed by one or more comma-separated lists of authentication 82214979Sdes method names. Successful authentication requires completion of 83214979Sdes every method in at least one of these lists. 84225825Sdes 85225825Sdes For example, an argument of ``publickey,password 86225825Sdes publickey,keyboard-interactive'' would require the user to 87180740Sdes complete public key authentication, followed by either password 88214979Sdes or keyboard interactive authentication. Only methods that are 89214979Sdes next in one or more lists are offered at each stage, so for this 90214979Sdes example, it would not be possible to attempt password or 91214979Sdes keyboard-interactive authentication before public key. 92214979Sdes 93214979Sdes For keyboard interactive authentication it is also possible to 94214979Sdes restrict authentication to a specific device by appending a colon 95214979Sdes followed by the device identifier ``bsdauth'', ``pam'', or 96214979Sdes ``skey'', depending on the server configuration. For example, 97214979Sdes ``keyboard-interactive:bsdauth'' would restrict keyboard 98214979Sdes interactive authentication to the ``bsdauth'' device. 99214979Sdes 100214979Sdes This option is only available for SSH protocol 2 and will yield a 101214979Sdes fatal error if enabled if protocol 1 is also enabled. Note that 102214979Sdes each authentication method listed should also be explicitly 103214979Sdes enabled in the configuration. The default is not to require 104214979Sdes multiple authentication; successful completion of a single 105214979Sdes authentication method is sufficient. 106214979Sdes 107214979Sdes AuthorizedKeysCommand 108214979Sdes Specifies a program to be used to look up the user's public keys. 109214979Sdes The program must be owned by root and not writable by group or 110214979Sdes others. It will be invoked with a single argument of the 111214979Sdes username being authenticated, and should produce on standard 112214979Sdes output zero or more lines of authorized_keys output (see 113214979Sdes AUTHORIZED_KEYS in sshd(8)). If a key supplied by 114180746Sdes AuthorizedKeysCommand does not successfully authenticate and 115180746Sdes authorize the user then public key authentication continues using 116180746Sdes the usual AuthorizedKeysFile files. By default, no 117180740Sdes AuthorizedKeysCommand is run. 118180740Sdes 119180740Sdes AuthorizedKeysCommandUser 120197670Sdes Specifies the user under whose account the AuthorizedKeysCommand 121197670Sdes is run. It is recommended to use a dedicated user that has no 122197670Sdes other role on the host than running authorized keys commands. 123180740Sdes 124180746Sdes AuthorizedKeysFile 125214979Sdes Specifies the file that contains the public keys that can be used 126214979Sdes for user authentication. The format is described in the 127214979Sdes AUTHORIZED_KEYS FILE FORMAT section of sshd(8). 128214979Sdes AuthorizedKeysFile may contain tokens of the form %T which are 129214979Sdes substituted during connection setup. The following tokens are 130180746Sdes defined: %% is replaced by a literal '%', %h is replaced by the 131204861Sdes home directory of the user being authenticated, and %u is 132204861Sdes replaced by the username of that user. After expansion, 133180746Sdes AuthorizedKeysFile is taken to be an absolute path or one 134214979Sdes relative to the user's home directory. Multiple files may be 135214979Sdes listed, separated by whitespace. The default is 136180746Sdes ``.ssh/authorized_keys .ssh/authorized_keys2''. 137214979Sdes 138214979Sdes AuthorizedPrincipalsFile 139214979Sdes Specifies a file that lists principal names that are accepted for 140214979Sdes certificate authentication. When using certificates signed by a 141214979Sdes key listed in TrustedUserCAKeys, this file lists names, one of 142214979Sdes which must appear in the certificate for it to be accepted for 143214979Sdes authentication. Names are listed one per line preceded by key 144214979Sdes options (as described in AUTHORIZED_KEYS FILE FORMAT in sshd(8)). 145214979Sdes Empty lines and comments starting with `#' are ignored. 146180746Sdes 147180746Sdes AuthorizedPrincipalsFile may contain tokens of the form %T which 148180746Sdes are substituted during connection setup. The following tokens 149180740Sdes are defined: %% is replaced by a literal '%', %h is replaced by 150180740Sdes the home directory of the user being authenticated, and %u is 151180740Sdes replaced by the username of that user. After expansion, 152180740Sdes AuthorizedPrincipalsFile is taken to be an absolute path or one 153180740Sdes relative to the user's home directory. 154180740Sdes 155180740Sdes The default is ``none'', i.e. not to use a principals file - in 156180740Sdes this case, the username of the user must appear in a 157189006Sdes certificate's principals list for it to be accepted. Note that 158189006Sdes AuthorizedPrincipalsFile is only used when authentication 159189006Sdes proceeds using a CA listed in TrustedUserCAKeys and is not 160180740Sdes consulted for certification authorities trusted via 161180740Sdes ~/.ssh/authorized_keys, though the principals= key option offers 162180740Sdes a similar facility (see sshd(8) for details). 163180740Sdes 164214979Sdes Banner The contents of the specified file are sent to the remote user 165214979Sdes before authentication is allowed. If the argument is ``none'' 166214979Sdes then no banner is displayed. This option is only available for 167214979Sdes protocol version 2. By default, no banner is displayed. 168214979Sdes 169214979Sdes ChallengeResponseAuthentication 170214979Sdes Specifies whether challenge-response authentication is allowed 171214979Sdes (e.g. via PAM or though authentication styles supported in 172214979Sdes login.conf(5)) The default is ``yes''. 173180740Sdes 174180740Sdes ChrootDirectory 175214979Sdes Specifies the pathname of a directory to chroot(2) to after 176214979Sdes authentication. All components of the pathname must be root- 177214979Sdes owned directories that are not writable by any other user or 178180740Sdes group. After the chroot, sshd(8) changes the working directory 179180740Sdes to the user's home directory. 180180740Sdes 181180740Sdes The pathname may contain the following tokens that are expanded 182180740Sdes at runtime once the connecting user has been authenticated: %% is 183180740Sdes replaced by a literal '%', %h is replaced by the home directory 184214979Sdes of the user being authenticated, and %u is replaced by the 185214979Sdes username of that user. 186180740Sdes 187180740Sdes The ChrootDirectory must contain the necessary files and 188180740Sdes directories to support the user's session. For an interactive 189180740Sdes session this requires at least a shell, typically sh(1), and 190180740Sdes basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4), 191180740Sdes stderr(4), arandom(4) and tty(4) devices. For file transfer 192180740Sdes sessions using ``sftp'', no additional configuration of the 193180740Sdes environment is necessary if the in-process sftp server is used, 194180740Sdes though sessions which use logging do require /dev/log inside the 195180740Sdes chroot directory (see sftp-server(8) for details). 196214979Sdes 197214979Sdes The default is not to chroot(2). 198214979Sdes 199180740Sdes Ciphers 200180740Sdes Specifies the ciphers allowed for protocol version 2. Multiple 201180740Sdes ciphers must be comma-separated. The supported ciphers are: 202180740Sdes 203180740Sdes ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'', 204180740Sdes ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', 205180740Sdes ``aes128-gcm@openssh.com'', ``aes256-gcm@openssh.com'', 206214979Sdes ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'', 207214979Sdes ``cast128-cbc'', and ``chacha20-poly1305@openssh.com''. 208214979Sdes 209214979Sdes The default is: 210214979Sdes 211214979Sdes aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, 212214979Sdes aes128-gcm@openssh.com,aes256-gcm@openssh.com, 213180740Sdes chacha20-poly1305@openssh.com, 214180740Sdes aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, 215180740Sdes aes256-cbc,arcfour 216180740Sdes 217180740Sdes The list of available ciphers may also be obtained using the -Q 218214979Sdes option of ssh(1). 219214979Sdes 220180746Sdes ClientAliveCountMax 221180746Sdes Sets the number of client alive messages (see below) which may be 222180746Sdes sent without sshd(8) receiving any messages back from the client. 223180746Sdes If this threshold is reached while client alive messages are 224180746Sdes being sent, sshd will disconnect the client, terminating the 225180746Sdes session. It is important to note that the use of client alive 226180746Sdes messages is very different from TCPKeepAlive (below). The client 227180740Sdes alive messages are sent through the encrypted channel and 228180740Sdes therefore will not be spoofable. The TCP keepalive option 229180740Sdes enabled by TCPKeepAlive is spoofable. The client alive mechanism 230180740Sdes is valuable when the client or server depend on knowing when a 231180740Sdes connection has become inactive. 232180740Sdes 233180740Sdes The default value is 3. If ClientAliveInterval (see below) is 234214979Sdes set to 15, and ClientAliveCountMax is left at the default, 235214979Sdes unresponsive SSH clients will be disconnected after approximately 236214979Sdes 45 seconds. This option applies to protocol version 2 only. 237214979Sdes 238180740Sdes ClientAliveInterval 239180740Sdes Sets a timeout interval in seconds after which if no data has 240180740Sdes been received from the client, sshd(8) will send a message 241180740Sdes through the encrypted channel to request a response from the 242180740Sdes client. The default is 0, indicating that these messages will 243180740Sdes not be sent to the client. This option applies to protocol 244180740Sdes version 2 only. 245180740Sdes 246180740Sdes Compression 247180740Sdes Specifies whether compression is allowed, or delayed until the 248180740Sdes user has authenticated successfully. The argument must be 249180740Sdes ``yes'', ``delayed'', or ``no''. The default is ``delayed''. 250180740Sdes 251180740Sdes DenyGroups 252214979Sdes This keyword can be followed by a list of group name patterns, 253214979Sdes separated by spaces. Login is disallowed for users whose primary 254180740Sdes group or supplementary group list matches one of the patterns. 255180740Sdes Only group names are valid; a numerical group ID is not 256180740Sdes recognized. By default, login is allowed for all groups. The 257180740Sdes allow/deny directives are processed in the following order: 258180740Sdes DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. 259214979Sdes 260214979Sdes See PATTERNS in ssh_config(5) for more information on patterns. 261180740Sdes 262180740Sdes DenyUsers 263180740Sdes This keyword can be followed by a list of user name patterns, 264180740Sdes separated by spaces. Login is disallowed for user names that 265180740Sdes match one of the patterns. Only user names are valid; a 266180740Sdes numerical user ID is not recognized. By default, login is 267204861Sdes allowed for all users. If the pattern takes the form USER@HOST 268214979Sdes then USER and HOST are separately checked, restricting logins to 269214979Sdes particular users from particular hosts. The allow/deny 270214979Sdes directives are processed in the following order: DenyUsers, 271204861Sdes AllowUsers, DenyGroups, and finally AllowGroups. 272204861Sdes 273180740Sdes See PATTERNS in ssh_config(5) for more information on patterns. 274180740Sdes 275180740Sdes ForceCommand 276218767Sdes Forces the execution of the command specified by ForceCommand, 277218767Sdes ignoring any command supplied by the client and ~/.ssh/rc if 278218767Sdes present. The command is invoked by using the user's login shell 279218767Sdes with the -c option. This applies to shell, command, or subsystem 280218767Sdes execution. It is most useful inside a Match block. The command 281218767Sdes originally supplied by the client is available in the 282180740Sdes SSH_ORIGINAL_COMMAND environment variable. Specifying a command 283180740Sdes of ``internal-sftp'' will force the use of an in-process sftp 284180740Sdes server that requires no support files when used with 285180740Sdes ChrootDirectory. 286180740Sdes 287214979Sdes GatewayPorts 288214979Sdes Specifies whether remote hosts are allowed to connect to ports 289180740Sdes forwarded for the client. By default, sshd(8) binds remote port 290180740Sdes forwardings to the loopback address. This prevents other remote 291180740Sdes hosts from connecting to forwarded ports. GatewayPorts can be 292180740Sdes used to specify that sshd should allow remote port forwardings to 293180740Sdes bind to non-loopback addresses, thus allowing other hosts to 294180740Sdes connect. The argument may be ``no'' to force remote port 295218767Sdes forwardings to be available to the local host only, ``yes'' to 296218767Sdes force remote port forwardings to bind to the wildcard address, or 297218767Sdes ``clientspecified'' to allow the client to select the address to 298218767Sdes which the forwarding is bound. The default is ``no''. 299218767Sdes 300218767Sdes GSSAPIAuthentication 301218767Sdes Specifies whether user authentication based on GSSAPI is allowed. 302218767Sdes The default is ``no''. Note that this option applies to protocol 303218767Sdes version 2 only. 304218767Sdes 305218767Sdes GSSAPICleanupCredentials 306218767Sdes Specifies whether to automatically destroy the user's credentials 307218767Sdes cache on logout. The default is ``yes''. Note that this option 308218767Sdes applies to protocol version 2 only. 309180740Sdes 310180740Sdes HostbasedAuthentication 311180740Sdes Specifies whether rhosts or /etc/hosts.equiv authentication 312180740Sdes together with successful public key client host authentication is 313180740Sdes allowed (host-based authentication). This option is similar to 314180740Sdes RhostsRSAAuthentication and applies to protocol version 2 only. 315180740Sdes The default is ``no''. 316180740Sdes 317180740Sdes HostbasedUsesNameFromPacketOnly 318180740Sdes Specifies whether or not the server will attempt to perform a 319180740Sdes reverse name lookup when matching the name in the ~/.shosts, 320180740Sdes ~/.rhosts, and /etc/hosts.equiv files during 321180740Sdes HostbasedAuthentication. A setting of ``yes'' means that sshd(8) 322214979Sdes uses the name supplied by the client rather than attempting to 323214979Sdes resolve the name from the TCP connection itself. The default is 324214979Sdes ``no''. 325180740Sdes 326180740Sdes HostCertificate 327180740Sdes Specifies a file containing a public host certificate. The 328180740Sdes certificate's public key must match a private host key already 329180740Sdes specified by HostKey. The default behaviour of sshd(8) is not to 330218767Sdes load any certificates. 331218767Sdes 332218767Sdes HostKey 333218767Sdes Specifies a file containing a private host key used by SSH. The 334218767Sdes default is /etc/ssh/ssh_host_key for protocol version 1, and 335218767Sdes /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key, 336218767Sdes /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for 337218767Sdes protocol version 2. Note that sshd(8) will refuse to use a file 338180740Sdes if it is group/world-accessible. It is possible to have multiple 339180740Sdes host key files. ``rsa1'' keys are used for version 1 and 340180740Sdes ``dsa'', ``ecdsa'', ``ed25519'' or ``rsa'' are used for version 2 341214979Sdes of the SSH protocol. It is also possible to specify public host 342214979Sdes key files instead. In this case operations on the private key 343214979Sdes will be delegated to an ssh-agent(1). 344214979Sdes 345180740Sdes HostKeyAgent 346180740Sdes Identifies the UNIX-domain socket used to communicate with an 347214979Sdes agent that has access to the private host keys. If 348214979Sdes ``SSH_AUTH_SOCK'' is specified, the location of the socket will 349180740Sdes be read from the SSH_AUTH_SOCK environment variable. 350218767Sdes 351218767Sdes IgnoreRhosts 352180740Sdes Specifies that .rhosts and .shosts files will not be used in 353180740Sdes RhostsRSAAuthentication or HostbasedAuthentication. 354180740Sdes 355180740Sdes /etc/hosts.equiv and /etc/shosts.equiv are still used. The 356180740Sdes default is ``yes''. 357180740Sdes 358180740Sdes IgnoreUserKnownHosts 359180740Sdes Specifies whether sshd(8) should ignore the user's 360180740Sdes ~/.ssh/known_hosts during RhostsRSAAuthentication or 361214979Sdes HostbasedAuthentication. The default is ``no''. 362214979Sdes 363214979Sdes IPQoS Specifies the IPv4 type-of-service or DSCP class for the 364180740Sdes connection. Accepted values are ``af11'', ``af12'', ``af13'', 365180740Sdes ``af21'', ``af22'', ``af23'', ``af31'', ``af32'', ``af33'', 366180740Sdes ``af41'', ``af42'', ``af43'', ``cs0'', ``cs1'', ``cs2'', ``cs3'', 367180740Sdes ``cs4'', ``cs5'', ``cs6'', ``cs7'', ``ef'', ``lowdelay'', 368180740Sdes ``throughput'', ``reliability'', or a numeric value. This option 369180740Sdes may take one or two arguments, separated by whitespace. If one 370180740Sdes argument is specified, it is used as the packet class 371180740Sdes unconditionally. If two values are specified, the first is 372180740Sdes automatically selected for interactive sessions and the second 373214979Sdes for non-interactive sessions. The default is ``lowdelay'' for 374214979Sdes interactive sessions and ``throughput'' for non-interactive 375214979Sdes sessions. 376214979Sdes 377180740Sdes KerberosAuthentication 378180744Sdes Specifies whether the password provided by the user for 379225825Sdes PasswordAuthentication will be validated through the Kerberos 380225825Sdes KDC. To use this option, the server needs a Kerberos servtab 381225825Sdes which allows the verification of the KDC's identity. The default 382180744Sdes is ``no''. 383180740Sdes 384180740Sdes KerberosGetAFSToken 385214979Sdes If AFS is active and the user has a Kerberos 5 TGT, attempt to 386214979Sdes acquire an AFS token before accessing the user's home directory. 387180750Sdes The default is ``no''. 388180750Sdes 389180750Sdes KerberosOrLocalPasswd 390180750Sdes If password authentication through Kerberos fails then the 391180750Sdes password will be validated via any additional local mechanism 392180750Sdes such as /etc/passwd. The default is ``yes''. 393180750Sdes 394214979Sdes KerberosTicketCleanup 395214979Sdes Specifies whether to automatically destroy the user's ticket 396180750Sdes cache file on logout. The default is ``yes''. 397180750Sdes 398180750Sdes KexAlgorithms 399180750Sdes Specifies the available KEX (Key Exchange) algorithms. Multiple 400180750Sdes algorithms must be comma-separated. The default is 401180750Sdes 402180750Sdes curve25519-sha256@libssh.org, 403189006Sdes ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 404214979Sdes diffie-hellman-group-exchange-sha256, 405214979Sdes diffie-hellman-group-exchange-sha1, 406214979Sdes diffie-hellman-group14-sha1, 407214979Sdes diffie-hellman-group1-sha1 408214979Sdes 409214979Sdes KeyRegenerationInterval 410214979Sdes In protocol version 1, the ephemeral server key is automatically 411214979Sdes regenerated after this many seconds (if it has been used). The 412214979Sdes purpose of regeneration is to prevent decrypting captured 413180740Sdes sessions by later breaking into the machine and stealing the 414180740Sdes keys. The key is never stored anywhere. If the value is 0, the 415180740Sdes key is never regenerated. The default is 3600 (seconds). 416180740Sdes 417180740Sdes ListenAddress 418180740Sdes Specifies the local addresses sshd(8) should listen on. The 419180750Sdes following forms may be used: 420214979Sdes 421214979Sdes ListenAddress host|IPv4_addr|IPv6_addr 422180750Sdes ListenAddress host|IPv4_addr:port 423180740Sdes ListenAddress [host|IPv6_addr]:port 424214979Sdes 425214979Sdes If port is not specified, sshd will listen on the address and all 426214979Sdes prior Port options specified. The default is to listen on all 427214979Sdes local addresses. Multiple ListenAddress options are permitted. 428180740Sdes Additionally, any Port options must precede this option for non- 429180740Sdes port qualified addresses. 430180740Sdes 431180740Sdes LoginGraceTime 432180740Sdes The server disconnects after this time if the user has not 433214979Sdes successfully logged in. If the value is 0, there is no time 434214979Sdes limit. The default is 120 seconds. 435180740Sdes 436180740Sdes LogLevel 437180740Sdes Gives the verbosity level that is used when logging messages from 438214979Sdes sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO, 439214979Sdes VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. 440180740Sdes DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify 441180740Sdes higher levels of debugging output. Logging with a DEBUG level 442180740Sdes violates the privacy of users and is not recommended. 443180740Sdes 444180740Sdes MACs Specifies the available MAC (message authentication code) 445180740Sdes algorithms. The MAC algorithm is used in protocol version 2 for 446180740Sdes data integrity protection. Multiple algorithms must be comma- 447214979Sdes separated. The algorithms that contain ``-etm'' calculate the 448214979Sdes MAC after encryption (encrypt-then-mac). These are considered 449214979Sdes safer and their use recommended. The default is: 450180740Sdes 451180740Sdes hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com, 452180740Sdes umac-64-etm@openssh.com,umac-128-etm@openssh.com, 453218767Sdes hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 454180740Sdes hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com, 455180740Sdes hmac-md5-96-etm@openssh.com, 456214979Sdes hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com, 457214979Sdes hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, 458180740Sdes hmac-sha1-96,hmac-md5-96 459180740Sdes 460180740Sdes Match Introduces a conditional block. If all of the criteria on the 461180740Sdes Match line are satisfied, the keywords on the following lines 462180740Sdes override those set in the global section of the config file, 463180740Sdes until either another Match line or the end of the file. 464180740Sdes 465214979Sdes The arguments to Match are one or more criteria-pattern pairs or 466214979Sdes the single token All which matches all criteria. The available 467180740Sdes criteria are User, Group, Host, LocalAddress, LocalPort, and 468180740Sdes Address. The match patterns may consist of single entries or 469180740Sdes comma-separated lists and may use the wildcard and negation 470180740Sdes operators described in the PATTERNS section of ssh_config(5). 471180740Sdes 472180740Sdes The patterns in an Address criteria may additionally contain 473180740Sdes addresses to match in CIDR address/masklen format, e.g. 474180740Sdes ``192.0.2.0/24'' or ``3ffe:ffff::/32''. Note that the mask 475180740Sdes length provided must be consistent with the address - it is an 476180740Sdes error to specify a mask length that is too long for the address 477214979Sdes or one with bits set in this host portion of the address. For 478214979Sdes example, ``192.0.2.0/33'' and ``192.0.2.0/8'' respectively. 479214979Sdes 480214979Sdes Only a subset of keywords may be used on the lines following a 481180740Sdes Match keyword. Available keywords are AcceptEnv, 482180740Sdes AllowAgentForwarding, AllowGroups, AllowTcpForwarding, 483180740Sdes AllowUsers, AuthenticationMethods, AuthorizedKeysCommand, 484180740Sdes AuthorizedKeysCommandUser, AuthorizedKeysFile, 485214979Sdes AuthorizedPrincipalsFile, Banner, ChrootDirectory, DenyGroups, 486214979Sdes DenyUsers, ForceCommand, GatewayPorts, GSSAPIAuthentication, 487214979Sdes HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, 488180740Sdes KbdInteractiveAuthentication, KerberosAuthentication, 489180740Sdes MaxAuthTries, MaxSessions, PasswordAuthentication, 490214979Sdes PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTTY, 491214979Sdes PermitTunnel, PubkeyAuthentication, RekeyLimit, 492180740Sdes RhostsRSAAuthentication, RSAAuthentication, X11DisplayOffset, 493180740Sdes X11Forwarding and X11UseLocalHost. 494180740Sdes 495180740Sdes MaxAuthTries 496180740Sdes Specifies the maximum number of authentication attempts permitted 497180740Sdes per connection. Once the number of failures reaches half this 498180740Sdes value, additional failures are logged. The default is 6. 499180740Sdes 500180740Sdes MaxSessions 501180740Sdes Specifies the maximum number of open sessions permitted per 502180740Sdes network connection. The default is 10. 503180740Sdes 504180740Sdes MaxStartups 505180740Sdes Specifies the maximum number of concurrent unauthenticated 506180740Sdes connections to the SSH daemon. Additional connections will be 507180740Sdes dropped until authentication succeeds or the LoginGraceTime 508180740Sdes expires for a connection. The default is 10:30:100. 509214979Sdes 510214979Sdes Alternatively, random early drop can be enabled by specifying the 511214979Sdes three colon separated values ``start:rate:full'' (e.g. 512214979Sdes "10:30:60"). sshd(8) will refuse connection attempts with a 513214979Sdes probability of ``rate/100'' (30%) if there are currently 514180740Sdes ``start'' (10) unauthenticated connections. The probability 515180740Sdes increases linearly and all connection attempts are refused if the 516214979Sdes number of unauthenticated connections reaches ``full'' (60). 517214979Sdes 518214979Sdes PasswordAuthentication 519180740Sdes Specifies whether password authentication is allowed. The 520204861Sdes default is ``yes''. 521204861Sdes 522204861Sdes PermitEmptyPasswords 523204861Sdes When password authentication is allowed, it specifies whether the 524204861Sdes server allows login to accounts with empty password strings. The 525204861Sdes default is ``no''. 526180740Sdes 527214979Sdes PermitOpen 528214979Sdes Specifies the destinations to which TCP port forwarding is 529214979Sdes permitted. The forwarding specification must be one of the 530214979Sdes following forms: 531180740Sdes 532180740Sdes PermitOpen host:port 533214979Sdes PermitOpen IPv4_addr:port 534214979Sdes PermitOpen [IPv6_addr]:port 535214979Sdes 536180740Sdes Multiple forwards may be specified by separating them with 537180740Sdes whitespace. An argument of ``any'' can be used to remove all 538180740Sdes restrictions and permit any forwarding requests. An argument of 539180750Sdes ``none'' can be used to prohibit all forwarding requests. By 540180740Sdes default all port forwarding requests are permitted. 541180740Sdes 542180740Sdes PermitRootLogin 543180740Sdes Specifies whether root can log in using ssh(1). The argument 544180740Sdes must be ``yes'', ``without-password'', ``forced-commands-only'', 545180740Sdes or ``no''. The default is ``yes''. 546204861Sdes 547204861Sdes If this option is set to ``without-password'', password 548180740Sdes authentication is disabled for root. 549180740Sdes 550180740Sdes If this option is set to ``forced-commands-only'', root login 551180740Sdes with public key authentication will be allowed, but only if the 552180746Sdes command option has been specified (which may be useful for taking 553180746Sdes remote backups even if root login is normally not allowed). All 554180746Sdes other authentication methods are disabled for root. 555180746Sdes 556180746Sdes If this option is set to ``no'', root is not allowed to log in. 557180746Sdes 558180746Sdes PermitTunnel 559180746Sdes Specifies whether tun(4) device forwarding is allowed. The 560180746Sdes argument must be ``yes'', ``point-to-point'' (layer 3), 561214979Sdes ``ethernet'' (layer 2), or ``no''. Specifying ``yes'' permits 562214979Sdes both ``point-to-point'' and ``ethernet''. The default is ``no''. 563180740Sdes 564180740Sdes PermitTTY 565180740Sdes Specifies whether pty(4) allocation is permitted. The default is 566180740Sdes ``yes''. 567214979Sdes 568214979Sdes PermitUserEnvironment 569180740Sdes Specifies whether ~/.ssh/environment and environment= options in 570180740Sdes ~/.ssh/authorized_keys are processed by sshd(8). The default is 571180740Sdes ``no''. Enabling environment processing may enable users to 572180740Sdes bypass access restrictions in some configurations using 573180740Sdes mechanisms such as LD_PRELOAD. 574214979Sdes 575214979Sdes PidFile 576214979Sdes Specifies the file that contains the process ID of the SSH 577214979Sdes daemon. The default is /var/run/sshd.pid. 578214979Sdes 579180740Sdes Port Specifies the port number that sshd(8) listens on. The default 580180740Sdes is 22. Multiple options of this type are permitted. See also 581180740Sdes ListenAddress. 582180740Sdes 583180740Sdes PrintLastLog 584180740Sdes Specifies whether sshd(8) should print the date and time of the 585180740Sdes last user login when a user logs in interactively. The default 586180740Sdes is ``yes''. 587204861Sdes 588214979Sdes PrintMotd 589214979Sdes Specifies whether sshd(8) should print /etc/motd when a user logs 590214979Sdes in interactively. (On some systems it is also printed by the 591214979Sdes shell, /etc/profile, or equivalent.) The default is ``yes''. 592214979Sdes 593214979Sdes Protocol 594214979Sdes Specifies the protocol versions sshd(8) supports. The possible 595214979Sdes values are `1' and `2'. Multiple versions must be comma- 596214979Sdes separated. The default is `2'. Note that the order of the 597214979Sdes protocol list does not indicate preference, because the client 598204861Sdes selects among multiple protocol versions offered by the server. 599180740Sdes Specifying ``2,1'' is identical to ``1,2''. 600180740Sdes 601180740Sdes PubkeyAuthentication 602180740Sdes Specifies whether public key authentication is allowed. The 603180740Sdes default is ``yes''. Note that this option applies to protocol 604214979Sdes version 2 only. 605214979Sdes 606214979Sdes RekeyLimit 607214979Sdes Specifies the maximum amount of data that may be transmitted 608180740Sdes before the session key is renegotiated, optionally followed a 609180740Sdes maximum amount of time that may pass before the session key is 610180740Sdes renegotiated. The first argument is specified in bytes and may 611180740Sdes have a suffix of `K', `M', or `G' to indicate Kilobytes, 612180740Sdes Megabytes, or Gigabytes, respectively. The default is between 613214979Sdes `1G' and `4G', depending on the cipher. The optional second 614214979Sdes value is specified in seconds and may use any of the units 615214979Sdes documented in the TIME FORMATS section. The default value for 616180740Sdes RekeyLimit is ``default none'', which means that rekeying is 617180740Sdes performed after the cipher's default amount of data has been sent 618180740Sdes or received and no time based rekeying is done. This option 619180740Sdes applies to protocol version 2 only. 620180740Sdes 621180740Sdes RevokedKeys 622180740Sdes Specifies revoked public keys. Keys listed in this file will be 623180740Sdes refused for public key authentication. Note that if this file is 624180740Sdes not readable, then public key authentication will be refused for 625214979Sdes all users. Keys may be specified as a text file, listing one 626214979Sdes public key per line, or as an OpenSSH Key Revocation List (KRL) 627180740Sdes as generated by ssh-keygen(1). For more information on KRLs, see 628180740Sdes the KEY REVOCATION LISTS section in ssh-keygen(1). 629214979Sdes 630214979Sdes RhostsRSAAuthentication 631225825Sdes Specifies whether rhosts or /etc/hosts.equiv authentication 632225825Sdes together with successful RSA host authentication is allowed. The 633225825Sdes default is ``no''. This option applies to protocol version 1 634180740Sdes only. 635180740Sdes 636180740Sdes RSAAuthentication 637180740Sdes Specifies whether pure RSA authentication is allowed. The 638180740Sdes default is ``yes''. This option applies to protocol version 1 639180740Sdes only. 640180740Sdes 641180740Sdes ServerKeyBits 642180740Sdes Defines the number of bits in the ephemeral protocol version 1 643180740Sdes server key. The minimum value is 512, and the default is 1024. 644180740Sdes 645180740Sdes StrictModes 646180740Sdes Specifies whether sshd(8) should check file modes and ownership 647214979Sdes of the user's files and home directory before accepting login. 648214979Sdes This is normally desirable because novices sometimes accidentally 649214979Sdes leave their directory or files world-writable. The default is 650214979Sdes ``yes''. Note that this does not apply to ChrootDirectory, whose 651214979Sdes permissions and ownership are checked unconditionally. 652214979Sdes 653214979Sdes Subsystem 654214979Sdes Configures an external subsystem (e.g. file transfer daemon). 655214979Sdes Arguments should be a subsystem name and a command (with optional 656214979Sdes arguments) to execute upon subsystem request. 657180740Sdes 658180740Sdes The command sftp-server(8) implements the ``sftp'' file transfer 659180740Sdes subsystem. 660180740Sdes 661180740Sdes Alternately the name ``internal-sftp'' implements an in-process 662180740Sdes ``sftp'' server. This may simplify configurations using 663180740Sdes ChrootDirectory to force a different filesystem root on clients. 664180740Sdes 665180740Sdes By default no subsystems are defined. Note that this option 666180740Sdes applies to protocol version 2 only. 667180740Sdes 668180740Sdes SyslogFacility 669180740Sdes Gives the facility code that is used when logging messages from 670180740Sdes sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0, 671214979Sdes LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The 672214979Sdes default is AUTH. 673214979Sdes 674180740Sdes TCPKeepAlive 675180740Sdes Specifies whether the system should send TCP keepalive messages 676180740Sdes to the other side. If they are sent, death of the connection or 677180740Sdes crash of one of the machines will be properly noticed. However, 678180740Sdes this means that connections will die if the route is down 679180740Sdes temporarily, and some people find it annoying. On the other 680214979Sdes hand, if TCP keepalives are not sent, sessions may hang 681218767Sdes indefinitely on the server, leaving ``ghost'' users and consuming 682218767Sdes server resources. 683218767Sdes 684180740Sdes The default is ``yes'' (to send TCP keepalive messages), and the 685180740Sdes server will notice if the network goes down or the client host 686180740Sdes crashes. This avoids infinitely hanging sessions. 687180740Sdes 688180740Sdes To disable TCP keepalive messages, the value should be set to 689180740Sdes ``no''. 690180740Sdes 691180740Sdes TrustedUserCAKeys 692180740Sdes Specifies a file containing public keys of certificate 693180740Sdes authorities that are trusted to sign user certificates for 694180740Sdes authentication. Keys are listed one per line; empty lines and 695180740Sdes comments starting with `#' are allowed. If a certificate is 696180740Sdes presented for authentication and has its signing CA key listed in 697180740Sdes this file, then it may be used for authentication for any user 698180740Sdes listed in the certificate's principals list. Note that 699180740Sdes certificates that lack a list of principals will not be permitted 700180740Sdes for authentication using TrustedUserCAKeys. For more details on 701180740Sdes certificates, see the CERTIFICATES section in ssh-keygen(1). 702180740Sdes 703180740Sdes UseDNS Specifies whether sshd(8) should look up the remote host name and 704214979Sdes check that the resolved host name for the remote IP address maps 705214979Sdes back to the very same IP address. The default is ``yes''. 706180740Sdes 707180740Sdes UseLogin 708180740Sdes Specifies whether login(1) is used for interactive login 709180740Sdes sessions. The default is ``no''. Note that login(1) is never 710180740Sdes used for remote command execution. Note also, that if this is 711180740Sdes enabled, X11Forwarding will be disabled because login(1) does not 712180740Sdes know how to handle xauth(1) cookies. If UsePrivilegeSeparation 713214979Sdes is specified, it will be disabled after authentication. 714214979Sdes 715180740Sdes UsePAM Enables the Pluggable Authentication Module interface. If set to 716180740Sdes ``yes'' this will enable PAM authentication using 717180740Sdes ChallengeResponseAuthentication and PasswordAuthentication in 718225825Sdes addition to PAM account and session module processing for all 719 authentication types. 720 721 Because PAM challenge-response authentication usually serves an 722 equivalent role to password authentication, you should disable 723 either PasswordAuthentication or ChallengeResponseAuthentication. 724 725 If UsePAM is enabled, you will not be able to run sshd(8) as a 726 non-root user. The default is ``no''. 727 728 UsePrivilegeSeparation 729 Specifies whether sshd(8) separates privileges by creating an 730 unprivileged child process to deal with incoming network traffic. 731 After successful authentication, another process will be created 732 that has the privilege of the authenticated user. The goal of 733 privilege separation is to prevent privilege escalation by 734 containing any corruption within the unprivileged processes. The 735 default is ``yes''. If UsePrivilegeSeparation is set to 736 ``sandbox'' then the pre-authentication unprivileged process is 737 subject to additional restrictions. 738 739 VersionAddendum 740 Optionally specifies additional text to append to the SSH 741 protocol banner sent by the server upon connection. The default 742 is ``none''. 743 744 X11DisplayOffset 745 Specifies the first display number available for sshd(8)'s X11 746 forwarding. This prevents sshd from interfering with real X11 747 servers. The default is 10. 748 749 X11Forwarding 750 Specifies whether X11 forwarding is permitted. The argument must 751 be ``yes'' or ``no''. The default is ``no''. 752 753 When X11 forwarding is enabled, there may be additional exposure 754 to the server and to client displays if the sshd(8) proxy display 755 is configured to listen on the wildcard address (see 756 X11UseLocalhost below), though this is not the default. 757 Additionally, the authentication spoofing and authentication data 758 verification and substitution occur on the client side. The 759 security risk of using X11 forwarding is that the client's X11 760 display server may be exposed to attack when the SSH client 761 requests forwarding (see the warnings for ForwardX11 in 762 ssh_config(5)). A system administrator may have a stance in 763 which they want to protect clients that may expose themselves to 764 attack by unwittingly requesting X11 forwarding, which can 765 warrant a ``no'' setting. 766 767 Note that disabling X11 forwarding does not prevent users from 768 forwarding X11 traffic, as users can always install their own 769 forwarders. X11 forwarding is automatically disabled if UseLogin 770 is enabled. 771 772 X11UseLocalhost 773 Specifies whether sshd(8) should bind the X11 forwarding server 774 to the loopback address or to the wildcard address. By default, 775 sshd binds the forwarding server to the loopback address and sets 776 the hostname part of the DISPLAY environment variable to 777 ``localhost''. This prevents remote hosts from connecting to the 778 proxy display. However, some older X11 clients may not function 779 with this configuration. X11UseLocalhost may be set to ``no'' to 780 specify that the forwarding server should be bound to the 781 wildcard address. The argument must be ``yes'' or ``no''. The 782 default is ``yes''. 783 784 XAuthLocation 785 Specifies the full pathname of the xauth(1) program. The default 786 is /usr/X11R6/bin/xauth. 787 788TIME FORMATS 789 sshd(8) command-line arguments and configuration file options that 790 specify time may be expressed using a sequence of the form: 791 time[qualifier], where time is a positive integer value and qualifier is 792 one of the following: 793 794 <none> seconds 795 s | S seconds 796 m | M minutes 797 h | H hours 798 d | D days 799 w | W weeks 800 801 Each member of the sequence is added together to calculate the total time 802 value. 803 804 Time format examples: 805 806 600 600 seconds (10 minutes) 807 10m 10 minutes 808 1h30m 1 hour 30 minutes (90 minutes) 809 810FILES 811 /etc/ssh/sshd_config 812 Contains configuration data for sshd(8). This file should be 813 writable by root only, but it is recommended (though not 814 necessary) that it be world-readable. 815 816SEE ALSO 817 sshd(8) 818 819AUTHORS 820 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 821 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 822 de Raadt and Dug Song removed many bugs, re-added newer features and 823 created OpenSSH. Markus Friedl contributed the support for SSH protocol 824 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 825 for privilege separation. 826 827OpenBSD 5.4 December 8, 2013 OpenBSD 5.4 828