sshd_config.0 revision 264377
1180740SdesSSHD_CONFIG(5) OpenBSD Programmer's Manual SSHD_CONFIG(5) 2180740Sdes 3180740SdesNAME 4180740Sdes sshd_config - OpenSSH SSH daemon configuration file 5180740Sdes 6180740SdesSYNOPSIS 7180740Sdes /etc/ssh/sshd_config 8180740Sdes 9180740SdesDESCRIPTION 10180740Sdes sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file 11214979Sdes specified with -f on the command line). The file contains keyword- 12214979Sdes argument pairs, one per line. Lines starting with `#' and empty lines 13214979Sdes are interpreted as comments. Arguments may optionally be enclosed in 14214979Sdes double quotes (") in order to represent arguments containing spaces. 15180740Sdes 16214979Sdes The possible keywords and their meanings are as follows (note that 17214979Sdes keywords are case-insensitive and arguments are case-sensitive): 18180740Sdes 19180740Sdes AcceptEnv 20180740Sdes Specifies what environment variables sent by the client will be 21180740Sdes copied into the session's environ(7). See SendEnv in 22214979Sdes ssh_config(5) for how to configure the client. Note that 23214979Sdes environment passing is only supported for protocol 2. Variables 24214979Sdes are specified by name, which may contain the wildcard characters 25214979Sdes `*' and `?'. Multiple environment variables may be separated by 26180740Sdes whitespace or spread across multiple AcceptEnv directives. Be 27180740Sdes warned that some environment variables could be used to bypass 28180740Sdes restricted user environments. For this reason, care should be 29180740Sdes taken in the use of this directive. The default is not to accept 30180740Sdes any environment variables. 31180740Sdes 32180740Sdes AddressFamily 33180740Sdes Specifies which address family should be used by sshd(8). Valid 34180740Sdes arguments are ``any'', ``inet'' (use IPv4 only), or ``inet6'' 35180740Sdes (use IPv6 only). The default is ``any''. 36180740Sdes 37180750Sdes AllowAgentForwarding 38214979Sdes Specifies whether ssh-agent(1) forwarding is permitted. The 39214979Sdes default is ``yes''. Note that disabling agent forwarding does 40214979Sdes not improve security unless users are also denied shell access, 41214979Sdes as they can always install their own forwarders. 42180750Sdes 43180740Sdes AllowGroups 44180740Sdes This keyword can be followed by a list of group name patterns, 45180740Sdes separated by spaces. If specified, login is allowed only for 46180740Sdes users whose primary group or supplementary group list matches one 47180740Sdes of the patterns. Only group names are valid; a numerical group 48180740Sdes ID is not recognized. By default, login is allowed for all 49180740Sdes groups. The allow/deny directives are processed in the following 50180740Sdes order: DenyUsers, AllowUsers, DenyGroups, and finally 51180740Sdes AllowGroups. 52180740Sdes 53180740Sdes See PATTERNS in ssh_config(5) for more information on patterns. 54180740Sdes 55180740Sdes AllowTcpForwarding 56248613Sdes Specifies whether TCP forwarding is permitted. The available 57248613Sdes options are ``yes'' or ``all'' to allow TCP forwarding, ``no'' to 58248613Sdes prevent all TCP forwarding, ``local'' to allow local (from the 59248613Sdes perspective of ssh(1)) forwarding only or ``remote'' to allow 60248613Sdes remote forwarding only. The default is ``yes''. Note that 61248613Sdes disabling TCP forwarding does not improve security unless users 62248613Sdes are also denied shell access, as they can always install their 63248613Sdes own forwarders. 64180740Sdes 65180740Sdes AllowUsers 66180740Sdes This keyword can be followed by a list of user name patterns, 67214979Sdes separated by spaces. If specified, login is allowed only for 68214979Sdes user names that match one of the patterns. Only user names are 69180740Sdes valid; a numerical user ID is not recognized. By default, login 70214979Sdes is allowed for all users. If the pattern takes the form 71214979Sdes USER@HOST then USER and HOST are separately checked, restricting 72180740Sdes logins to particular users from particular hosts. The allow/deny 73180740Sdes directives are processed in the following order: DenyUsers, 74180740Sdes AllowUsers, DenyGroups, and finally AllowGroups. 75180740Sdes 76180740Sdes See PATTERNS in ssh_config(5) for more information on patterns. 77180740Sdes 78248613Sdes AuthenticationMethods 79248613Sdes Specifies the authentication methods that must be successfully 80248613Sdes completed for a user to be granted access. This option must be 81248613Sdes followed by one or more comma-separated lists of authentication 82248613Sdes method names. Successful authentication requires completion of 83248613Sdes every method in at least one of these lists. 84248613Sdes 85248613Sdes For example, an argument of ``publickey,password 86248613Sdes publickey,keyboard-interactive'' would require the user to 87248613Sdes complete public key authentication, followed by either password 88248613Sdes or keyboard interactive authentication. Only methods that are 89248613Sdes next in one or more lists are offered at each stage, so for this 90248613Sdes example, it would not be possible to attempt password or 91248613Sdes keyboard-interactive authentication before public key. 92248613Sdes 93255670Sdes For keyboard interactive authentication it is also possible to 94255670Sdes restrict authentication to a specific device by appending a colon 95255670Sdes followed by the device identifier ``bsdauth'', ``pam'', or 96255670Sdes ``skey'', depending on the server configuration. For example, 97255670Sdes ``keyboard-interactive:bsdauth'' would restrict keyboard 98255670Sdes interactive authentication to the ``bsdauth'' device. 99255670Sdes 100248613Sdes This option is only available for SSH protocol 2 and will yield a 101248613Sdes fatal error if enabled if protocol 1 is also enabled. Note that 102248613Sdes each authentication method listed should also be explicitly 103248613Sdes enabled in the configuration. The default is not to require 104248613Sdes multiple authentication; successful completion of a single 105248613Sdes authentication method is sufficient. 106248613Sdes 107248613Sdes AuthorizedKeysCommand 108248613Sdes Specifies a program to be used to look up the user's public keys. 109255670Sdes The program must be owned by root and not writable by group or 110255670Sdes others. It will be invoked with a single argument of the 111248613Sdes username being authenticated, and should produce on standard 112248613Sdes output zero or more lines of authorized_keys output (see 113248613Sdes AUTHORIZED_KEYS in sshd(8)). If a key supplied by 114248613Sdes AuthorizedKeysCommand does not successfully authenticate and 115248613Sdes authorize the user then public key authentication continues using 116248613Sdes the usual AuthorizedKeysFile files. By default, no 117248613Sdes AuthorizedKeysCommand is run. 118248613Sdes 119248613Sdes AuthorizedKeysCommandUser 120248613Sdes Specifies the user under whose account the AuthorizedKeysCommand 121248613Sdes is run. It is recommended to use a dedicated user that has no 122248613Sdes other role on the host than running authorized keys commands. 123248613Sdes 124180740Sdes AuthorizedKeysFile 125180740Sdes Specifies the file that contains the public keys that can be used 126214979Sdes for user authentication. The format is described in the 127214979Sdes AUTHORIZED_KEYS FILE FORMAT section of sshd(8). 128214979Sdes AuthorizedKeysFile may contain tokens of the form %T which are 129214979Sdes substituted during connection setup. The following tokens are 130214979Sdes defined: %% is replaced by a literal '%', %h is replaced by the 131214979Sdes home directory of the user being authenticated, and %u is 132214979Sdes replaced by the username of that user. After expansion, 133214979Sdes AuthorizedKeysFile is taken to be an absolute path or one 134225825Sdes relative to the user's home directory. Multiple files may be 135225825Sdes listed, separated by whitespace. The default is 136225825Sdes ``.ssh/authorized_keys .ssh/authorized_keys2''. 137180740Sdes 138214979Sdes AuthorizedPrincipalsFile 139214979Sdes Specifies a file that lists principal names that are accepted for 140214979Sdes certificate authentication. When using certificates signed by a 141214979Sdes key listed in TrustedUserCAKeys, this file lists names, one of 142214979Sdes which must appear in the certificate for it to be accepted for 143214979Sdes authentication. Names are listed one per line preceded by key 144214979Sdes options (as described in AUTHORIZED_KEYS FILE FORMAT in sshd(8)). 145214979Sdes Empty lines and comments starting with `#' are ignored. 146214979Sdes 147214979Sdes AuthorizedPrincipalsFile may contain tokens of the form %T which 148214979Sdes are substituted during connection setup. The following tokens 149214979Sdes are defined: %% is replaced by a literal '%', %h is replaced by 150214979Sdes the home directory of the user being authenticated, and %u is 151214979Sdes replaced by the username of that user. After expansion, 152214979Sdes AuthorizedPrincipalsFile is taken to be an absolute path or one 153214979Sdes relative to the user's home directory. 154214979Sdes 155239849Sdes The default is ``none'', i.e. not to use a principals file - in 156239849Sdes this case, the username of the user must appear in a 157239849Sdes certificate's principals list for it to be accepted. Note that 158239849Sdes AuthorizedPrincipalsFile is only used when authentication 159239849Sdes proceeds using a CA listed in TrustedUserCAKeys and is not 160239849Sdes consulted for certification authorities trusted via 161239849Sdes ~/.ssh/authorized_keys, though the principals= key option offers 162239849Sdes a similar facility (see sshd(8) for details). 163214979Sdes 164180746Sdes Banner The contents of the specified file are sent to the remote user 165180746Sdes before authentication is allowed. If the argument is ``none'' 166180746Sdes then no banner is displayed. This option is only available for 167180740Sdes protocol version 2. By default, no banner is displayed. 168180740Sdes 169180740Sdes ChallengeResponseAuthentication 170197670Sdes Specifies whether challenge-response authentication is allowed 171197670Sdes (e.g. via PAM or though authentication styles supported in 172197670Sdes login.conf(5)) The default is ``yes''. 173180740Sdes 174180746Sdes ChrootDirectory 175214979Sdes Specifies the pathname of a directory to chroot(2) to after 176214979Sdes authentication. All components of the pathname must be root- 177214979Sdes owned directories that are not writable by any other user or 178214979Sdes group. After the chroot, sshd(8) changes the working directory 179214979Sdes to the user's home directory. 180180746Sdes 181204861Sdes The pathname may contain the following tokens that are expanded 182204861Sdes at runtime once the connecting user has been authenticated: %% is 183180746Sdes replaced by a literal '%', %h is replaced by the home directory 184214979Sdes of the user being authenticated, and %u is replaced by the 185214979Sdes username of that user. 186180746Sdes 187214979Sdes The ChrootDirectory must contain the necessary files and 188214979Sdes directories to support the user's session. For an interactive 189214979Sdes session this requires at least a shell, typically sh(1), and 190214979Sdes basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4), 191214979Sdes stderr(4), arandom(4) and tty(4) devices. For file transfer 192214979Sdes sessions using ``sftp'', no additional configuration of the 193214979Sdes environment is necessary if the in-process sftp server is used, 194214979Sdes though sessions which use logging do require /dev/log inside the 195214979Sdes chroot directory (see sftp-server(8) for details). 196180746Sdes 197180746Sdes The default is not to chroot(2). 198180746Sdes 199180740Sdes Ciphers 200180740Sdes Specifies the ciphers allowed for protocol version 2. Multiple 201262566Sdes ciphers must be comma-separated. The supported ciphers are: 202262566Sdes 203180740Sdes ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'', 204248613Sdes ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', 205248613Sdes ``aes128-gcm@openssh.com'', ``aes256-gcm@openssh.com'', 206248613Sdes ``arcfour128'', ``arcfour256'', ``arcfour'', ``blowfish-cbc'', 207262566Sdes ``cast128-cbc'', and ``chacha20-poly1305@openssh.com''. 208180740Sdes 209262566Sdes The default is: 210262566Sdes 211189006Sdes aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128, 212248613Sdes aes128-gcm@openssh.com,aes256-gcm@openssh.com, 213262566Sdes chacha20-poly1305@openssh.com, 214189006Sdes aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc, 215189006Sdes aes256-cbc,arcfour 216180740Sdes 217262566Sdes The list of available ciphers may also be obtained using the -Q 218262566Sdes option of ssh(1). 219262566Sdes 220180740Sdes ClientAliveCountMax 221180740Sdes Sets the number of client alive messages (see below) which may be 222180740Sdes sent without sshd(8) receiving any messages back from the client. 223214979Sdes If this threshold is reached while client alive messages are 224214979Sdes being sent, sshd will disconnect the client, terminating the 225214979Sdes session. It is important to note that the use of client alive 226214979Sdes messages is very different from TCPKeepAlive (below). The client 227214979Sdes alive messages are sent through the encrypted channel and 228214979Sdes therefore will not be spoofable. The TCP keepalive option 229214979Sdes enabled by TCPKeepAlive is spoofable. The client alive mechanism 230214979Sdes is valuable when the client or server depend on knowing when a 231214979Sdes connection has become inactive. 232180740Sdes 233180740Sdes The default value is 3. If ClientAliveInterval (see below) is 234214979Sdes set to 15, and ClientAliveCountMax is left at the default, 235214979Sdes unresponsive SSH clients will be disconnected after approximately 236214979Sdes 45 seconds. This option applies to protocol version 2 only. 237180740Sdes 238180740Sdes ClientAliveInterval 239180740Sdes Sets a timeout interval in seconds after which if no data has 240180740Sdes been received from the client, sshd(8) will send a message 241180740Sdes through the encrypted channel to request a response from the 242180740Sdes client. The default is 0, indicating that these messages will 243214979Sdes not be sent to the client. This option applies to protocol 244214979Sdes version 2 only. 245180740Sdes 246180740Sdes Compression 247180740Sdes Specifies whether compression is allowed, or delayed until the 248180740Sdes user has authenticated successfully. The argument must be 249180740Sdes ``yes'', ``delayed'', or ``no''. The default is ``delayed''. 250180740Sdes 251180740Sdes DenyGroups 252180740Sdes This keyword can be followed by a list of group name patterns, 253180740Sdes separated by spaces. Login is disallowed for users whose primary 254180740Sdes group or supplementary group list matches one of the patterns. 255214979Sdes Only group names are valid; a numerical group ID is not 256214979Sdes recognized. By default, login is allowed for all groups. The 257214979Sdes allow/deny directives are processed in the following order: 258180740Sdes DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. 259180740Sdes 260180740Sdes See PATTERNS in ssh_config(5) for more information on patterns. 261180740Sdes 262180740Sdes DenyUsers 263180740Sdes This keyword can be followed by a list of user name patterns, 264180740Sdes separated by spaces. Login is disallowed for user names that 265214979Sdes match one of the patterns. Only user names are valid; a 266214979Sdes numerical user ID is not recognized. By default, login is 267214979Sdes allowed for all users. If the pattern takes the form USER@HOST 268214979Sdes then USER and HOST are separately checked, restricting logins to 269214979Sdes particular users from particular hosts. The allow/deny 270214979Sdes directives are processed in the following order: DenyUsers, 271214979Sdes AllowUsers, DenyGroups, and finally AllowGroups. 272180740Sdes 273180740Sdes See PATTERNS in ssh_config(5) for more information on patterns. 274180740Sdes 275180740Sdes ForceCommand 276180740Sdes Forces the execution of the command specified by ForceCommand, 277214979Sdes ignoring any command supplied by the client and ~/.ssh/rc if 278214979Sdes present. The command is invoked by using the user's login shell 279180746Sdes with the -c option. This applies to shell, command, or subsystem 280180746Sdes execution. It is most useful inside a Match block. The command 281180746Sdes originally supplied by the client is available in the 282180746Sdes SSH_ORIGINAL_COMMAND environment variable. Specifying a command 283180746Sdes of ``internal-sftp'' will force the use of an in-process sftp 284180746Sdes server that requires no support files when used with 285180746Sdes ChrootDirectory. 286180740Sdes 287180740Sdes GatewayPorts 288180740Sdes Specifies whether remote hosts are allowed to connect to ports 289180740Sdes forwarded for the client. By default, sshd(8) binds remote port 290180740Sdes forwardings to the loopback address. This prevents other remote 291180740Sdes hosts from connecting to forwarded ports. GatewayPorts can be 292180740Sdes used to specify that sshd should allow remote port forwardings to 293214979Sdes bind to non-loopback addresses, thus allowing other hosts to 294214979Sdes connect. The argument may be ``no'' to force remote port 295214979Sdes forwardings to be available to the local host only, ``yes'' to 296214979Sdes force remote port forwardings to bind to the wildcard address, or 297180740Sdes ``clientspecified'' to allow the client to select the address to 298180740Sdes which the forwarding is bound. The default is ``no''. 299180740Sdes 300180740Sdes GSSAPIAuthentication 301180740Sdes Specifies whether user authentication based on GSSAPI is allowed. 302180740Sdes The default is ``no''. Note that this option applies to protocol 303180740Sdes version 2 only. 304180740Sdes 305180740Sdes GSSAPICleanupCredentials 306180740Sdes Specifies whether to automatically destroy the user's credentials 307180740Sdes cache on logout. The default is ``yes''. Note that this option 308180740Sdes applies to protocol version 2 only. 309180740Sdes 310180740Sdes HostbasedAuthentication 311214979Sdes Specifies whether rhosts or /etc/hosts.equiv authentication 312214979Sdes together with successful public key client host authentication is 313180740Sdes allowed (host-based authentication). This option is similar to 314180740Sdes RhostsRSAAuthentication and applies to protocol version 2 only. 315180740Sdes The default is ``no''. 316180740Sdes 317180740Sdes HostbasedUsesNameFromPacketOnly 318214979Sdes Specifies whether or not the server will attempt to perform a 319214979Sdes reverse name lookup when matching the name in the ~/.shosts, 320180740Sdes ~/.rhosts, and /etc/hosts.equiv files during 321180740Sdes HostbasedAuthentication. A setting of ``yes'' means that sshd(8) 322180740Sdes uses the name supplied by the client rather than attempting to 323180740Sdes resolve the name from the TCP connection itself. The default is 324180740Sdes ``no''. 325180740Sdes 326204861Sdes HostCertificate 327214979Sdes Specifies a file containing a public host certificate. The 328214979Sdes certificate's public key must match a private host key already 329214979Sdes specified by HostKey. The default behaviour of sshd(8) is not to 330204861Sdes load any certificates. 331204861Sdes 332180740Sdes HostKey 333180740Sdes Specifies a file containing a private host key used by SSH. The 334180740Sdes default is /etc/ssh/ssh_host_key for protocol version 1, and 335262566Sdes /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_ecdsa_key, 336262566Sdes /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key for 337262566Sdes protocol version 2. Note that sshd(8) will refuse to use a file 338262566Sdes if it is group/world-accessible. It is possible to have multiple 339262566Sdes host key files. ``rsa1'' keys are used for version 1 and 340262566Sdes ``dsa'', ``ecdsa'', ``ed25519'' or ``rsa'' are used for version 2 341262566Sdes of the SSH protocol. It is also possible to specify public host 342262566Sdes key files instead. In this case operations on the private key 343262566Sdes will be delegated to an ssh-agent(1). 344180740Sdes 345255670Sdes HostKeyAgent 346255670Sdes Identifies the UNIX-domain socket used to communicate with an 347255670Sdes agent that has access to the private host keys. If 348255670Sdes ``SSH_AUTH_SOCK'' is specified, the location of the socket will 349255670Sdes be read from the SSH_AUTH_SOCK environment variable. 350255670Sdes 351180740Sdes IgnoreRhosts 352180740Sdes Specifies that .rhosts and .shosts files will not be used in 353180740Sdes RhostsRSAAuthentication or HostbasedAuthentication. 354180740Sdes 355214979Sdes /etc/hosts.equiv and /etc/shosts.equiv are still used. The 356214979Sdes default is ``yes''. 357180740Sdes 358180740Sdes IgnoreUserKnownHosts 359180740Sdes Specifies whether sshd(8) should ignore the user's 360180740Sdes ~/.ssh/known_hosts during RhostsRSAAuthentication or 361180740Sdes HostbasedAuthentication. The default is ``no''. 362180740Sdes 363218767Sdes IPQoS Specifies the IPv4 type-of-service or DSCP class for the 364218767Sdes connection. Accepted values are ``af11'', ``af12'', ``af13'', 365239844Sdes ``af21'', ``af22'', ``af23'', ``af31'', ``af32'', ``af33'', 366218767Sdes ``af41'', ``af42'', ``af43'', ``cs0'', ``cs1'', ``cs2'', ``cs3'', 367218767Sdes ``cs4'', ``cs5'', ``cs6'', ``cs7'', ``ef'', ``lowdelay'', 368218767Sdes ``throughput'', ``reliability'', or a numeric value. This option 369218767Sdes may take one or two arguments, separated by whitespace. If one 370218767Sdes argument is specified, it is used as the packet class 371218767Sdes unconditionally. If two values are specified, the first is 372218767Sdes automatically selected for interactive sessions and the second 373218767Sdes for non-interactive sessions. The default is ``lowdelay'' for 374218767Sdes interactive sessions and ``throughput'' for non-interactive 375218767Sdes sessions. 376218767Sdes 377264377Sdes KbdInteractiveAuthentication 378264377Sdes Specifies whether to allow keyboard-interactive authentication. 379264377Sdes The argument to this keyword must be ``yes'' or ``no''. The 380264377Sdes default is to use whatever value ChallengeResponseAuthentication 381264377Sdes is set to (by default ``yes''). 382264377Sdes 383180740Sdes KerberosAuthentication 384180740Sdes Specifies whether the password provided by the user for 385180740Sdes PasswordAuthentication will be validated through the Kerberos 386180740Sdes KDC. To use this option, the server needs a Kerberos servtab 387180740Sdes which allows the verification of the KDC's identity. The default 388180740Sdes is ``no''. 389180740Sdes 390180740Sdes KerberosGetAFSToken 391180740Sdes If AFS is active and the user has a Kerberos 5 TGT, attempt to 392180740Sdes acquire an AFS token before accessing the user's home directory. 393180740Sdes The default is ``no''. 394180740Sdes 395180740Sdes KerberosOrLocalPasswd 396214979Sdes If password authentication through Kerberos fails then the 397214979Sdes password will be validated via any additional local mechanism 398214979Sdes such as /etc/passwd. The default is ``yes''. 399180740Sdes 400180740Sdes KerberosTicketCleanup 401180740Sdes Specifies whether to automatically destroy the user's ticket 402180740Sdes cache file on logout. The default is ``yes''. 403180740Sdes 404218767Sdes KexAlgorithms 405218767Sdes Specifies the available KEX (Key Exchange) algorithms. Multiple 406218767Sdes algorithms must be comma-separated. The default is 407218767Sdes 408262566Sdes curve25519-sha256@libssh.org, 409262566Sdes ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 410262566Sdes diffie-hellman-group-exchange-sha256, 411262566Sdes diffie-hellman-group-exchange-sha1, 412262566Sdes diffie-hellman-group14-sha1, 413262566Sdes diffie-hellman-group1-sha1 414262566Sdes 415180740Sdes KeyRegenerationInterval 416180740Sdes In protocol version 1, the ephemeral server key is automatically 417180740Sdes regenerated after this many seconds (if it has been used). The 418214979Sdes purpose of regeneration is to prevent decrypting captured 419214979Sdes sessions by later breaking into the machine and stealing the 420214979Sdes keys. The key is never stored anywhere. If the value is 0, the 421214979Sdes key is never regenerated. The default is 3600 (seconds). 422180740Sdes 423180740Sdes ListenAddress 424214979Sdes Specifies the local addresses sshd(8) should listen on. The 425214979Sdes following forms may be used: 426180740Sdes 427218767Sdes ListenAddress host|IPv4_addr|IPv6_addr 428218767Sdes ListenAddress host|IPv4_addr:port 429180740Sdes ListenAddress [host|IPv6_addr]:port 430180740Sdes 431180740Sdes If port is not specified, sshd will listen on the address and all 432180740Sdes prior Port options specified. The default is to listen on all 433180740Sdes local addresses. Multiple ListenAddress options are permitted. 434180740Sdes Additionally, any Port options must precede this option for non- 435180740Sdes port qualified addresses. 436180740Sdes 437180740Sdes LoginGraceTime 438214979Sdes The server disconnects after this time if the user has not 439214979Sdes successfully logged in. If the value is 0, there is no time 440214979Sdes limit. The default is 120 seconds. 441180740Sdes 442180740Sdes LogLevel 443180740Sdes Gives the verbosity level that is used when logging messages from 444180740Sdes sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO, 445180740Sdes VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. 446180740Sdes DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify 447180740Sdes higher levels of debugging output. Logging with a DEBUG level 448180740Sdes violates the privacy of users and is not recommended. 449180740Sdes 450214979Sdes MACs Specifies the available MAC (message authentication code) 451214979Sdes algorithms. The MAC algorithm is used in protocol version 2 for 452214979Sdes data integrity protection. Multiple algorithms must be comma- 453248613Sdes separated. The algorithms that contain ``-etm'' calculate the 454248613Sdes MAC after encryption (encrypt-then-mac). These are considered 455248613Sdes safer and their use recommended. The default is: 456180740Sdes 457248613Sdes hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com, 458248613Sdes umac-64-etm@openssh.com,umac-128-etm@openssh.com, 459248613Sdes hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, 460248613Sdes hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com, 461248613Sdes hmac-md5-96-etm@openssh.com, 462248613Sdes hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com, 463239849Sdes hmac-sha2-256,hmac-sha2-512,hmac-ripemd160, 464239849Sdes hmac-sha1-96,hmac-md5-96 465180744Sdes 466180740Sdes Match Introduces a conditional block. If all of the criteria on the 467180740Sdes Match line are satisfied, the keywords on the following lines 468214979Sdes override those set in the global section of the config file, 469264377Sdes until either another Match line or the end of the file. If a 470264377Sdes keyword appears in multiple Match blocks that are satisified, 471264377Sdes only the first instance of the keyword is applied. 472180750Sdes 473262566Sdes The arguments to Match are one or more criteria-pattern pairs or 474262566Sdes the single token All which matches all criteria. The available 475262566Sdes criteria are User, Group, Host, LocalAddress, LocalPort, and 476262566Sdes Address. The match patterns may consist of single entries or 477262566Sdes comma-separated lists and may use the wildcard and negation 478262566Sdes operators described in the PATTERNS section of ssh_config(5). 479180750Sdes 480214979Sdes The patterns in an Address criteria may additionally contain 481214979Sdes addresses to match in CIDR address/masklen format, e.g. 482180750Sdes ``192.0.2.0/24'' or ``3ffe:ffff::/32''. Note that the mask 483180750Sdes length provided must be consistent with the address - it is an 484180750Sdes error to specify a mask length that is too long for the address 485180750Sdes or one with bits set in this host portion of the address. For 486180750Sdes example, ``192.0.2.0/33'' and ``192.0.2.0/8'' respectively. 487180750Sdes 488180750Sdes Only a subset of keywords may be used on the lines following a 489239849Sdes Match keyword. Available keywords are AcceptEnv, 490239849Sdes AllowAgentForwarding, AllowGroups, AllowTcpForwarding, 491248613Sdes AllowUsers, AuthenticationMethods, AuthorizedKeysCommand, 492248613Sdes AuthorizedKeysCommandUser, AuthorizedKeysFile, 493248613Sdes AuthorizedPrincipalsFile, Banner, ChrootDirectory, DenyGroups, 494248613Sdes DenyUsers, ForceCommand, GatewayPorts, GSSAPIAuthentication, 495248613Sdes HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, 496248613Sdes KbdInteractiveAuthentication, KerberosAuthentication, 497248613Sdes MaxAuthTries, MaxSessions, PasswordAuthentication, 498262566Sdes PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTTY, 499262566Sdes PermitTunnel, PubkeyAuthentication, RekeyLimit, 500262566Sdes RhostsRSAAuthentication, RSAAuthentication, X11DisplayOffset, 501262566Sdes X11Forwarding and X11UseLocalHost. 502180740Sdes 503180740Sdes MaxAuthTries 504180740Sdes Specifies the maximum number of authentication attempts permitted 505180740Sdes per connection. Once the number of failures reaches half this 506180740Sdes value, additional failures are logged. The default is 6. 507180740Sdes 508180750Sdes MaxSessions 509214979Sdes Specifies the maximum number of open sessions permitted per 510214979Sdes network connection. The default is 10. 511180750Sdes 512180740Sdes MaxStartups 513214979Sdes Specifies the maximum number of concurrent unauthenticated 514214979Sdes connections to the SSH daemon. Additional connections will be 515214979Sdes dropped until authentication succeeds or the LoginGraceTime 516248613Sdes expires for a connection. The default is 10:30:100. 517180740Sdes 518180740Sdes Alternatively, random early drop can be enabled by specifying the 519180740Sdes three colon separated values ``start:rate:full'' (e.g. 520180740Sdes "10:30:60"). sshd(8) will refuse connection attempts with a 521180740Sdes probability of ``rate/100'' (30%) if there are currently 522214979Sdes ``start'' (10) unauthenticated connections. The probability 523214979Sdes increases linearly and all connection attempts are refused if the 524180740Sdes number of unauthenticated connections reaches ``full'' (60). 525180740Sdes 526180740Sdes PasswordAuthentication 527214979Sdes Specifies whether password authentication is allowed. The 528214979Sdes default is ``yes''. 529180740Sdes 530180740Sdes PermitEmptyPasswords 531180740Sdes When password authentication is allowed, it specifies whether the 532180740Sdes server allows login to accounts with empty password strings. The 533180740Sdes default is ``no''. 534180740Sdes 535180740Sdes PermitOpen 536214979Sdes Specifies the destinations to which TCP port forwarding is 537214979Sdes permitted. The forwarding specification must be one of the 538214979Sdes following forms: 539180740Sdes 540180740Sdes PermitOpen host:port 541180740Sdes PermitOpen IPv4_addr:port 542218767Sdes PermitOpen [IPv6_addr]:port 543180740Sdes 544180740Sdes Multiple forwards may be specified by separating them with 545214979Sdes whitespace. An argument of ``any'' can be used to remove all 546239849Sdes restrictions and permit any forwarding requests. An argument of 547239849Sdes ``none'' can be used to prohibit all forwarding requests. By 548239849Sdes default all port forwarding requests are permitted. 549180740Sdes 550180740Sdes PermitRootLogin 551180740Sdes Specifies whether root can log in using ssh(1). The argument 552180740Sdes must be ``yes'', ``without-password'', ``forced-commands-only'', 553180740Sdes or ``no''. The default is ``yes''. 554180740Sdes 555214979Sdes If this option is set to ``without-password'', password 556214979Sdes authentication is disabled for root. 557180740Sdes 558180740Sdes If this option is set to ``forced-commands-only'', root login 559180740Sdes with public key authentication will be allowed, but only if the 560180740Sdes command option has been specified (which may be useful for taking 561180740Sdes remote backups even if root login is normally not allowed). All 562180740Sdes other authentication methods are disabled for root. 563180740Sdes 564180740Sdes If this option is set to ``no'', root is not allowed to log in. 565180740Sdes 566180740Sdes PermitTunnel 567214979Sdes Specifies whether tun(4) device forwarding is allowed. The 568214979Sdes argument must be ``yes'', ``point-to-point'' (layer 3), 569214979Sdes ``ethernet'' (layer 2), or ``no''. Specifying ``yes'' permits 570214979Sdes both ``point-to-point'' and ``ethernet''. The default is ``no''. 571180740Sdes 572262566Sdes PermitTTY 573262566Sdes Specifies whether pty(4) allocation is permitted. The default is 574262566Sdes ``yes''. 575262566Sdes 576180740Sdes PermitUserEnvironment 577180740Sdes Specifies whether ~/.ssh/environment and environment= options in 578180740Sdes ~/.ssh/authorized_keys are processed by sshd(8). The default is 579214979Sdes ``no''. Enabling environment processing may enable users to 580214979Sdes bypass access restrictions in some configurations using 581214979Sdes mechanisms such as LD_PRELOAD. 582180740Sdes 583180740Sdes PidFile 584214979Sdes Specifies the file that contains the process ID of the SSH 585214979Sdes daemon. The default is /var/run/sshd.pid. 586180740Sdes 587180740Sdes Port Specifies the port number that sshd(8) listens on. The default 588180740Sdes is 22. Multiple options of this type are permitted. See also 589180740Sdes ListenAddress. 590180740Sdes 591180740Sdes PrintLastLog 592180740Sdes Specifies whether sshd(8) should print the date and time of the 593180740Sdes last user login when a user logs in interactively. The default 594180740Sdes is ``yes''. 595180740Sdes 596180740Sdes PrintMotd 597180740Sdes Specifies whether sshd(8) should print /etc/motd when a user logs 598180740Sdes in interactively. (On some systems it is also printed by the 599180740Sdes shell, /etc/profile, or equivalent.) The default is ``yes''. 600180740Sdes 601180740Sdes Protocol 602180740Sdes Specifies the protocol versions sshd(8) supports. The possible 603214979Sdes values are `1' and `2'. Multiple versions must be comma- 604214979Sdes separated. The default is `2'. Note that the order of the 605214979Sdes protocol list does not indicate preference, because the client 606214979Sdes selects among multiple protocol versions offered by the server. 607214979Sdes Specifying ``2,1'' is identical to ``1,2''. 608180740Sdes 609180740Sdes PubkeyAuthentication 610214979Sdes Specifies whether public key authentication is allowed. The 611214979Sdes default is ``yes''. Note that this option applies to protocol 612214979Sdes version 2 only. 613180740Sdes 614255670Sdes RekeyLimit 615255670Sdes Specifies the maximum amount of data that may be transmitted 616255670Sdes before the session key is renegotiated, optionally followed a 617255670Sdes maximum amount of time that may pass before the session key is 618255670Sdes renegotiated. The first argument is specified in bytes and may 619255670Sdes have a suffix of `K', `M', or `G' to indicate Kilobytes, 620255670Sdes Megabytes, or Gigabytes, respectively. The default is between 621255670Sdes `1G' and `4G', depending on the cipher. The optional second 622255670Sdes value is specified in seconds and may use any of the units 623255670Sdes documented in the TIME FORMATS section. The default value for 624255670Sdes RekeyLimit is ``default none'', which means that rekeying is 625255670Sdes performed after the cipher's default amount of data has been sent 626255670Sdes or received and no time based rekeying is done. This option 627255670Sdes applies to protocol version 2 only. 628255670Sdes 629204861Sdes RevokedKeys 630248613Sdes Specifies revoked public keys. Keys listed in this file will be 631248613Sdes refused for public key authentication. Note that if this file is 632248613Sdes not readable, then public key authentication will be refused for 633248613Sdes all users. Keys may be specified as a text file, listing one 634248613Sdes public key per line, or as an OpenSSH Key Revocation List (KRL) 635248613Sdes as generated by ssh-keygen(1). For more information on KRLs, see 636248613Sdes the KEY REVOCATION LISTS section in ssh-keygen(1). 637204861Sdes 638180740Sdes RhostsRSAAuthentication 639214979Sdes Specifies whether rhosts or /etc/hosts.equiv authentication 640214979Sdes together with successful RSA host authentication is allowed. The 641214979Sdes default is ``no''. This option applies to protocol version 1 642214979Sdes only. 643180740Sdes 644180740Sdes RSAAuthentication 645214979Sdes Specifies whether pure RSA authentication is allowed. The 646214979Sdes default is ``yes''. This option applies to protocol version 1 647214979Sdes only. 648180740Sdes 649180740Sdes ServerKeyBits 650180740Sdes Defines the number of bits in the ephemeral protocol version 1 651180750Sdes server key. The minimum value is 512, and the default is 1024. 652180740Sdes 653180740Sdes StrictModes 654180740Sdes Specifies whether sshd(8) should check file modes and ownership 655180740Sdes of the user's files and home directory before accepting login. 656180740Sdes This is normally desirable because novices sometimes accidentally 657180740Sdes leave their directory or files world-writable. The default is 658204861Sdes ``yes''. Note that this does not apply to ChrootDirectory, whose 659204861Sdes permissions and ownership are checked unconditionally. 660180740Sdes 661180740Sdes Subsystem 662180740Sdes Configures an external subsystem (e.g. file transfer daemon). 663180740Sdes Arguments should be a subsystem name and a command (with optional 664180746Sdes arguments) to execute upon subsystem request. 665180746Sdes 666180746Sdes The command sftp-server(8) implements the ``sftp'' file transfer 667180746Sdes subsystem. 668180746Sdes 669180746Sdes Alternately the name ``internal-sftp'' implements an in-process 670180746Sdes ``sftp'' server. This may simplify configurations using 671180746Sdes ChrootDirectory to force a different filesystem root on clients. 672180746Sdes 673214979Sdes By default no subsystems are defined. Note that this option 674214979Sdes applies to protocol version 2 only. 675180740Sdes 676180740Sdes SyslogFacility 677180740Sdes Gives the facility code that is used when logging messages from 678180740Sdes sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0, 679214979Sdes LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The 680214979Sdes default is AUTH. 681180740Sdes 682180740Sdes TCPKeepAlive 683180740Sdes Specifies whether the system should send TCP keepalive messages 684180740Sdes to the other side. If they are sent, death of the connection or 685180740Sdes crash of one of the machines will be properly noticed. However, 686214979Sdes this means that connections will die if the route is down 687214979Sdes temporarily, and some people find it annoying. On the other 688214979Sdes hand, if TCP keepalives are not sent, sessions may hang 689214979Sdes indefinitely on the server, leaving ``ghost'' users and consuming 690214979Sdes server resources. 691180740Sdes 692180740Sdes The default is ``yes'' (to send TCP keepalive messages), and the 693180740Sdes server will notice if the network goes down or the client host 694180740Sdes crashes. This avoids infinitely hanging sessions. 695180740Sdes 696180740Sdes To disable TCP keepalive messages, the value should be set to 697180740Sdes ``no''. 698180740Sdes 699204861Sdes TrustedUserCAKeys 700214979Sdes Specifies a file containing public keys of certificate 701214979Sdes authorities that are trusted to sign user certificates for 702214979Sdes authentication. Keys are listed one per line; empty lines and 703214979Sdes comments starting with `#' are allowed. If a certificate is 704214979Sdes presented for authentication and has its signing CA key listed in 705214979Sdes this file, then it may be used for authentication for any user 706214979Sdes listed in the certificate's principals list. Note that 707214979Sdes certificates that lack a list of principals will not be permitted 708214979Sdes for authentication using TrustedUserCAKeys. For more details on 709214979Sdes certificates, see the CERTIFICATES section in ssh-keygen(1). 710204861Sdes 711180740Sdes UseDNS Specifies whether sshd(8) should look up the remote host name and 712180740Sdes check that the resolved host name for the remote IP address maps 713180740Sdes back to the very same IP address. The default is ``yes''. 714180740Sdes 715180740Sdes UseLogin 716214979Sdes Specifies whether login(1) is used for interactive login 717214979Sdes sessions. The default is ``no''. Note that login(1) is never 718214979Sdes used for remote command execution. Note also, that if this is 719214979Sdes enabled, X11Forwarding will be disabled because login(1) does not 720180740Sdes know how to handle xauth(1) cookies. If UsePrivilegeSeparation 721180740Sdes is specified, it will be disabled after authentication. 722180740Sdes 723180740Sdes UsePAM Enables the Pluggable Authentication Module interface. If set to 724180740Sdes ``yes'' this will enable PAM authentication using 725214979Sdes ChallengeResponseAuthentication and PasswordAuthentication in 726214979Sdes addition to PAM account and session module processing for all 727214979Sdes authentication types. 728180740Sdes 729180740Sdes Because PAM challenge-response authentication usually serves an 730180740Sdes equivalent role to password authentication, you should disable 731180740Sdes either PasswordAuthentication or ChallengeResponseAuthentication. 732180740Sdes 733180740Sdes If UsePAM is enabled, you will not be able to run sshd(8) as a 734180740Sdes non-root user. The default is ``no''. 735180740Sdes 736180740Sdes UsePrivilegeSeparation 737214979Sdes Specifies whether sshd(8) separates privileges by creating an 738214979Sdes unprivileged child process to deal with incoming network traffic. 739180740Sdes After successful authentication, another process will be created 740180740Sdes that has the privilege of the authenticated user. The goal of 741214979Sdes privilege separation is to prevent privilege escalation by 742214979Sdes containing any corruption within the unprivileged processes. The 743225825Sdes default is ``yes''. If UsePrivilegeSeparation is set to 744225825Sdes ``sandbox'' then the pre-authentication unprivileged process is 745225825Sdes subject to additional restrictions. 746180740Sdes 747239849Sdes VersionAddendum 748239849Sdes Optionally specifies additional text to append to the SSH 749239849Sdes protocol banner sent by the server upon connection. The default 750239849Sdes is ``none''. 751239849Sdes 752180740Sdes X11DisplayOffset 753180740Sdes Specifies the first display number available for sshd(8)'s X11 754180740Sdes forwarding. This prevents sshd from interfering with real X11 755180740Sdes servers. The default is 10. 756180740Sdes 757180740Sdes X11Forwarding 758180740Sdes Specifies whether X11 forwarding is permitted. The argument must 759180740Sdes be ``yes'' or ``no''. The default is ``no''. 760180740Sdes 761180740Sdes When X11 forwarding is enabled, there may be additional exposure 762180740Sdes to the server and to client displays if the sshd(8) proxy display 763180740Sdes is configured to listen on the wildcard address (see 764214979Sdes X11UseLocalhost below), though this is not the default. 765214979Sdes Additionally, the authentication spoofing and authentication data 766214979Sdes verification and substitution occur on the client side. The 767214979Sdes security risk of using X11 forwarding is that the client's X11 768214979Sdes display server may be exposed to attack when the SSH client 769214979Sdes requests forwarding (see the warnings for ForwardX11 in 770214979Sdes ssh_config(5)). A system administrator may have a stance in 771214979Sdes which they want to protect clients that may expose themselves to 772214979Sdes attack by unwittingly requesting X11 forwarding, which can 773214979Sdes warrant a ``no'' setting. 774180740Sdes 775180740Sdes Note that disabling X11 forwarding does not prevent users from 776180740Sdes forwarding X11 traffic, as users can always install their own 777180740Sdes forwarders. X11 forwarding is automatically disabled if UseLogin 778180740Sdes is enabled. 779180740Sdes 780180740Sdes X11UseLocalhost 781180740Sdes Specifies whether sshd(8) should bind the X11 forwarding server 782180740Sdes to the loopback address or to the wildcard address. By default, 783180740Sdes sshd binds the forwarding server to the loopback address and sets 784180740Sdes the hostname part of the DISPLAY environment variable to 785180740Sdes ``localhost''. This prevents remote hosts from connecting to the 786180740Sdes proxy display. However, some older X11 clients may not function 787180740Sdes with this configuration. X11UseLocalhost may be set to ``no'' to 788214979Sdes specify that the forwarding server should be bound to the 789214979Sdes wildcard address. The argument must be ``yes'' or ``no''. The 790214979Sdes default is ``yes''. 791180740Sdes 792180740Sdes XAuthLocation 793180740Sdes Specifies the full pathname of the xauth(1) program. The default 794180740Sdes is /usr/X11R6/bin/xauth. 795180740Sdes 796180740SdesTIME FORMATS 797214979Sdes sshd(8) command-line arguments and configuration file options that 798218767Sdes specify time may be expressed using a sequence of the form: 799218767Sdes time[qualifier], where time is a positive integer value and qualifier is 800218767Sdes one of the following: 801180740Sdes 802180740Sdes <none> seconds 803180740Sdes s | S seconds 804180740Sdes m | M minutes 805180740Sdes h | H hours 806180740Sdes d | D days 807180740Sdes w | W weeks 808180740Sdes 809180740Sdes Each member of the sequence is added together to calculate the total time 810180740Sdes value. 811180740Sdes 812180740Sdes Time format examples: 813180740Sdes 814180740Sdes 600 600 seconds (10 minutes) 815180740Sdes 10m 10 minutes 816180740Sdes 1h30m 1 hour 30 minutes (90 minutes) 817180740Sdes 818180740SdesFILES 819180740Sdes /etc/ssh/sshd_config 820180740Sdes Contains configuration data for sshd(8). This file should be 821214979Sdes writable by root only, but it is recommended (though not 822214979Sdes necessary) that it be world-readable. 823180740Sdes 824180740SdesSEE ALSO 825180740Sdes sshd(8) 826180740Sdes 827180740SdesAUTHORS 828180740Sdes OpenSSH is a derivative of the original and free ssh 1.2.12 release by 829180740Sdes Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 830214979Sdes de Raadt and Dug Song removed many bugs, re-added newer features and 831214979Sdes created OpenSSH. Markus Friedl contributed the support for SSH protocol 832180740Sdes versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 833180740Sdes for privilege separation. 834180740Sdes 835264377SdesOpenBSD 5.5 February 27, 2014 OpenBSD 5.5 836