sshd.8 32 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036
  1. .\"
  2. .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
  3. .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  4. .\" All rights reserved
  5. .\"
  6. .\" As far as I am concerned, the code I have written for this software
  7. .\" can be used freely for any purpose. Any derived versions of this
  8. .\" software must be clearly marked as such, and if the derived work is
  9. .\" incompatible with the protocol description in the RFC file, it must be
  10. .\" called by a name other than "ssh" or "Secure Shell".
  11. .\"
  12. .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
  13. .\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
  14. .\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
  15. .\"
  16. .\" Redistribution and use in source and binary forms, with or without
  17. .\" modification, are permitted provided that the following conditions
  18. .\" are met:
  19. .\" 1. Redistributions of source code must retain the above copyright
  20. .\" notice, this list of conditions and the following disclaimer.
  21. .\" 2. Redistributions in binary form must reproduce the above copyright
  22. .\" notice, this list of conditions and the following disclaimer in the
  23. .\" documentation and/or other materials provided with the distribution.
  24. .\"
  25. .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
  26. .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
  27. .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
  28. .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
  29. .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  30. .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  31. .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  32. .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  33. .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  34. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  35. .\"
  36. .\" $OpenBSD: sshd.8,v 1.313 2020/08/27 01:07:10 djm Exp $
  37. .Dd $Mdocdate: August 27 2020 $
  38. .Dt SSHD 8
  39. .Os
  40. .Sh NAME
  41. .Nm sshd
  42. .Nd OpenSSH daemon
  43. .Sh SYNOPSIS
  44. .Nm sshd
  45. .Bk -words
  46. .Op Fl 46DdeiqTt
  47. .Op Fl C Ar connection_spec
  48. .Op Fl c Ar host_certificate_file
  49. .Op Fl E Ar log_file
  50. .Op Fl f Ar config_file
  51. .Op Fl g Ar login_grace_time
  52. .Op Fl h Ar host_key_file
  53. .Op Fl o Ar option
  54. .Op Fl p Ar port
  55. .Op Fl u Ar len
  56. .Ek
  57. .Sh DESCRIPTION
  58. .Nm
  59. (OpenSSH Daemon) is the daemon program for
  60. .Xr ssh 1 .
  61. Together these programs replace rlogin and rsh,
  62. and provide secure encrypted communications between two untrusted hosts
  63. over an insecure network.
  64. .Pp
  65. .Nm
  66. listens for connections from clients.
  67. It is normally started at boot from
  68. .Pa /etc/init.d/ssh .
  69. It forks a new
  70. daemon for each incoming connection.
  71. The forked daemons handle
  72. key exchange, encryption, authentication, command execution,
  73. and data exchange.
  74. .Pp
  75. .Nm
  76. can be configured using command-line options or a configuration file
  77. (by default
  78. .Xr sshd_config 5 ) ;
  79. command-line options override values specified in the
  80. configuration file.
  81. .Nm
  82. rereads its configuration file when it receives a hangup signal,
  83. .Dv SIGHUP ,
  84. by executing itself with the name and options it was started with, e.g.\&
  85. .Pa /usr/sbin/sshd .
  86. .Pp
  87. The options are as follows:
  88. .Bl -tag -width Ds
  89. .It Fl 4
  90. Forces
  91. .Nm
  92. to use IPv4 addresses only.
  93. .It Fl 6
  94. Forces
  95. .Nm
  96. to use IPv6 addresses only.
  97. .It Fl C Ar connection_spec
  98. Specify the connection parameters to use for the
  99. .Fl T
  100. extended test mode.
  101. If provided, any
  102. .Cm Match
  103. directives in the configuration file that would apply are applied before the
  104. configuration is written to standard output.
  105. The connection parameters are supplied as keyword=value pairs and may be
  106. supplied in any order, either with multiple
  107. .Fl C
  108. options or as a comma-separated list.
  109. The keywords are
  110. .Dq addr,
  111. .Dq user ,
  112. .Dq host ,
  113. .Dq laddr ,
  114. .Dq lport ,
  115. and
  116. .Dq rdomain
  117. and correspond to source address, user, resolved source host name,
  118. local address, local port number and routing domain respectively.
  119. .It Fl c Ar host_certificate_file
  120. Specifies a path to a certificate file to identify
  121. .Nm
  122. during key exchange.
  123. The certificate file must match a host key file specified using the
  124. .Fl h
  125. option or the
  126. .Cm HostKey
  127. configuration directive.
  128. .It Fl D
  129. When this option is specified,
  130. .Nm
  131. will not detach and does not become a daemon.
  132. This allows easy monitoring of
  133. .Nm sshd .
  134. .It Fl d
  135. Debug mode.
  136. The server sends verbose debug output to standard error,
  137. and does not put itself in the background.
  138. The server also will not fork and will only process one connection.
  139. This option is only intended for debugging for the server.
  140. Multiple
  141. .Fl d
  142. options increase the debugging level.
  143. Maximum is 3.
  144. .It Fl E Ar log_file
  145. Append debug logs to
  146. .Ar log_file
  147. instead of the system log.
  148. .It Fl e
  149. Write debug logs to standard error instead of the system log.
  150. .It Fl f Ar config_file
  151. Specifies the name of the configuration file.
  152. The default is
  153. .Pa /etc/ssh/sshd_config .
  154. .Nm
  155. refuses to start if there is no configuration file.
  156. .It Fl g Ar login_grace_time
  157. Gives the grace time for clients to authenticate themselves (default
  158. 120 seconds).
  159. If the client fails to authenticate the user within
  160. this many seconds, the server disconnects and exits.
  161. A value of zero indicates no limit.
  162. .It Fl h Ar host_key_file
  163. Specifies a file from which a host key is read.
  164. This option must be given if
  165. .Nm
  166. is not run as root (as the normal
  167. host key files are normally not readable by anyone but root).
  168. The default is
  169. .Pa /etc/ssh/ssh_host_ecdsa_key ,
  170. .Pa /etc/ssh/ssh_host_ed25519_key
  171. and
  172. .Pa /etc/ssh/ssh_host_rsa_key .
  173. It is possible to have multiple host key files for
  174. the different host key algorithms.
  175. .It Fl i
  176. Specifies that
  177. .Nm
  178. is being run from
  179. .Xr inetd 8 .
  180. .It Fl o Ar option
  181. Can be used to give options in the format used in the configuration file.
  182. This is useful for specifying options for which there is no separate
  183. command-line flag.
  184. For full details of the options, and their values, see
  185. .Xr sshd_config 5 .
  186. .It Fl p Ar port
  187. Specifies the port on which the server listens for connections
  188. (default 22).
  189. Multiple port options are permitted.
  190. Ports specified in the configuration file with the
  191. .Cm Port
  192. option are ignored when a command-line port is specified.
  193. Ports specified using the
  194. .Cm ListenAddress
  195. option override command-line ports.
  196. .It Fl q
  197. Quiet mode.
  198. Nothing is sent to the system log.
  199. Normally the beginning,
  200. authentication, and termination of each connection is logged.
  201. .It Fl T
  202. Extended test mode.
  203. Check the validity of the configuration file, output the effective configuration
  204. to stdout and then exit.
  205. Optionally,
  206. .Cm Match
  207. rules may be applied by specifying the connection parameters using one or more
  208. .Fl C
  209. options.
  210. .It Fl t
  211. Test mode.
  212. Only check the validity of the configuration file and sanity of the keys.
  213. This is useful for updating
  214. .Nm
  215. reliably as configuration options may change.
  216. .It Fl u Ar len
  217. This option is used to specify the size of the field
  218. in the
  219. .Li utmp
  220. structure that holds the remote host name.
  221. If the resolved host name is longer than
  222. .Ar len ,
  223. the dotted decimal value will be used instead.
  224. This allows hosts with very long host names that
  225. overflow this field to still be uniquely identified.
  226. Specifying
  227. .Fl u0
  228. indicates that only dotted decimal addresses
  229. should be put into the
  230. .Pa utmp
  231. file.
  232. .Fl u0
  233. may also be used to prevent
  234. .Nm
  235. from making DNS requests unless the authentication
  236. mechanism or configuration requires it.
  237. Authentication mechanisms that may require DNS include
  238. .Cm HostbasedAuthentication
  239. and using a
  240. .Cm from="pattern-list"
  241. option in a key file.
  242. Configuration options that require DNS include using a
  243. USER@HOST pattern in
  244. .Cm AllowUsers
  245. or
  246. .Cm DenyUsers .
  247. .El
  248. .Sh AUTHENTICATION
  249. The OpenSSH SSH daemon supports SSH protocol 2 only.
  250. Each host has a host-specific key,
  251. used to identify the host.
  252. Whenever a client connects, the daemon responds with its public
  253. host key.
  254. The client compares the
  255. host key against its own database to verify that it has not changed.
  256. Forward secrecy is provided through a Diffie-Hellman key agreement.
  257. This key agreement results in a shared session key.
  258. The rest of the session is encrypted using a symmetric cipher.
  259. The client selects the encryption algorithm
  260. to use from those offered by the server.
  261. Additionally, session integrity is provided
  262. through a cryptographic message authentication code (MAC).
  263. .Pp
  264. Finally, the server and the client enter an authentication dialog.
  265. The client tries to authenticate itself using
  266. host-based authentication,
  267. public key authentication,
  268. GSSAPI authentication,
  269. challenge-response authentication,
  270. or password authentication.
  271. .Pp
  272. Regardless of the authentication type, the account is checked to
  273. ensure that it is accessible. An account is not accessible if it is
  274. locked, listed in
  275. .Cm DenyUsers
  276. or its group is listed in
  277. .Cm DenyGroups
  278. \&. The definition of a locked account is system dependent. Some platforms
  279. have their own account database (eg AIX) and some modify the passwd field (
  280. .Ql \&*LK\&*
  281. on Solaris and UnixWare,
  282. .Ql \&*
  283. on HP-UX, containing
  284. .Ql Nologin
  285. on Tru64,
  286. a leading
  287. .Ql \&*LOCKED\&*
  288. on FreeBSD and a leading
  289. .Ql \&!
  290. on most Linuxes).
  291. If there is a requirement to disable password authentication
  292. for the account while allowing still public-key, then the passwd field
  293. should be set to something other than these values (eg
  294. .Ql NP
  295. or
  296. .Ql \&*NP\&*
  297. ).
  298. .Pp
  299. If the client successfully authenticates itself, a dialog for
  300. preparing the session is entered.
  301. At this time the client may request
  302. things like allocating a pseudo-tty, forwarding X11 connections,
  303. forwarding TCP connections, or forwarding the authentication agent
  304. connection over the secure channel.
  305. .Pp
  306. After this, the client either requests a shell or execution of a command.
  307. The sides then enter session mode.
  308. In this mode, either side may send
  309. data at any time, and such data is forwarded to/from the shell or
  310. command on the server side, and the user terminal in the client side.
  311. .Pp
  312. When the user program terminates and all forwarded X11 and other
  313. connections have been closed, the server sends command exit status to
  314. the client, and both sides exit.
  315. .Sh LOGIN PROCESS
  316. When a user successfully logs in,
  317. .Nm
  318. does the following:
  319. .Bl -enum -offset indent
  320. .It
  321. If the login is on a tty, and no command has been specified,
  322. prints last login time and
  323. .Pa /etc/motd
  324. (unless prevented in the configuration file or by
  325. .Pa ~/.hushlogin ;
  326. see the
  327. .Sx FILES
  328. section).
  329. .It
  330. If the login is on a tty, records login time.
  331. .It
  332. Checks
  333. .Pa /etc/nologin ;
  334. if it exists, prints contents and quits
  335. (unless root).
  336. .It
  337. Changes to run with normal user privileges.
  338. .It
  339. Sets up basic environment.
  340. .It
  341. Reads the file
  342. .Pa ~/.ssh/environment ,
  343. if it exists, and users are allowed to change their environment.
  344. See the
  345. .Cm PermitUserEnvironment
  346. option in
  347. .Xr sshd_config 5 .
  348. .It
  349. Changes to user's home directory.
  350. .It
  351. If
  352. .Pa ~/.ssh/rc
  353. exists and the
  354. .Xr sshd_config 5
  355. .Cm PermitUserRC
  356. option is set, runs it; else if
  357. .Pa /etc/ssh/sshrc
  358. exists, runs
  359. it; otherwise runs xauth.
  360. The
  361. .Dq rc
  362. files are given the X11
  363. authentication protocol and cookie in standard input.
  364. See
  365. .Sx SSHRC ,
  366. below.
  367. .It
  368. Runs user's shell or command.
  369. All commands are run under the user's login shell as specified in the
  370. system password database.
  371. .El
  372. .Sh SSHRC
  373. If the file
  374. .Pa ~/.ssh/rc
  375. exists,
  376. .Xr sh 1
  377. runs it after reading the
  378. environment files but before starting the user's shell or command.
  379. It must not produce any output on stdout; stderr must be used
  380. instead.
  381. If X11 forwarding is in use, it will receive the "proto cookie" pair in
  382. its standard input (and
  383. .Ev DISPLAY
  384. in its environment).
  385. The script must call
  386. .Xr xauth 1
  387. because
  388. .Nm
  389. will not run xauth automatically to add X11 cookies.
  390. .Pp
  391. The primary purpose of this file is to run any initialization routines
  392. which may be needed before the user's home directory becomes
  393. accessible; AFS is a particular example of such an environment.
  394. .Pp
  395. This file will probably contain some initialization code followed by
  396. something similar to:
  397. .Bd -literal -offset 3n
  398. if read proto cookie && [ -n "$DISPLAY" ]; then
  399. if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then
  400. # X11UseLocalhost=yes
  401. echo add unix:`echo $DISPLAY |
  402. cut -c11-` $proto $cookie
  403. else
  404. # X11UseLocalhost=no
  405. echo add $DISPLAY $proto $cookie
  406. fi | xauth -q -
  407. fi
  408. .Ed
  409. .Pp
  410. If this file does not exist,
  411. .Pa /etc/ssh/sshrc
  412. is run, and if that
  413. does not exist either, xauth is used to add the cookie.
  414. .Sh AUTHORIZED_KEYS FILE FORMAT
  415. .Cm AuthorizedKeysFile
  416. specifies the files containing public keys for
  417. public key authentication;
  418. if this option is not specified, the default is
  419. .Pa ~/.ssh/authorized_keys
  420. and
  421. .Pa ~/.ssh/authorized_keys2 .
  422. Each line of the file contains one
  423. key (empty lines and lines starting with a
  424. .Ql #
  425. are ignored as
  426. comments).
  427. Public keys consist of the following space-separated fields:
  428. options, keytype, base64-encoded key, comment.
  429. The options field is optional.
  430. The supported key types are:
  431. .Pp
  432. .Bl -item -compact -offset indent
  433. .It
  434. sk-ecdsa-sha2-nistp256@openssh.com
  435. .It
  436. ecdsa-sha2-nistp256
  437. .It
  438. ecdsa-sha2-nistp384
  439. .It
  440. ecdsa-sha2-nistp521
  441. .It
  442. sk-ssh-ed25519@openssh.com
  443. .It
  444. ssh-ed25519
  445. .It
  446. ssh-dss
  447. .It
  448. ssh-rsa
  449. .El
  450. .Pp
  451. The comment field is not used for anything (but may be convenient for the
  452. user to identify the key).
  453. .Pp
  454. Note that lines in this file can be several hundred bytes long
  455. (because of the size of the public key encoding) up to a limit of
  456. 8 kilobytes, which permits RSA keys up to 16 kilobits.
  457. You don't want to type them in; instead, copy the
  458. .Pa id_dsa.pub ,
  459. .Pa id_ecdsa.pub ,
  460. .Pa id_ecdsa_sk.pub ,
  461. .Pa id_ed25519.pub ,
  462. .Pa id_ed25519_sk.pub ,
  463. or the
  464. .Pa id_rsa.pub
  465. file and edit it.
  466. .Pp
  467. .Nm
  468. enforces a minimum RSA key modulus size of 1024 bits.
  469. .Pp
  470. The options (if present) consist of comma-separated option
  471. specifications.
  472. No spaces are permitted, except within double quotes.
  473. The following option specifications are supported (note
  474. that option keywords are case-insensitive):
  475. .Bl -tag -width Ds
  476. .It Cm agent-forwarding
  477. Enable authentication agent forwarding previously disabled by the
  478. .Cm restrict
  479. option.
  480. .It Cm cert-authority
  481. Specifies that the listed key is a certification authority (CA) that is
  482. trusted to validate signed certificates for user authentication.
  483. .Pp
  484. Certificates may encode access restrictions similar to these key options.
  485. If both certificate restrictions and key options are present, the most
  486. restrictive union of the two is applied.
  487. .It Cm command="command"
  488. Specifies that the command is executed whenever this key is used for
  489. authentication.
  490. The command supplied by the user (if any) is ignored.
  491. The command is run on a pty if the client requests a pty;
  492. otherwise it is run without a tty.
  493. If an 8-bit clean channel is required,
  494. one must not request a pty or should specify
  495. .Cm no-pty .
  496. A quote may be included in the command by quoting it with a backslash.
  497. .Pp
  498. This option might be useful
  499. to restrict certain public keys to perform just a specific operation.
  500. An example might be a key that permits remote backups but nothing else.
  501. Note that the client may specify TCP and/or X11
  502. forwarding unless they are explicitly prohibited, e.g. using the
  503. .Cm restrict
  504. key option.
  505. .Pp
  506. The command originally supplied by the client is available in the
  507. .Ev SSH_ORIGINAL_COMMAND
  508. environment variable.
  509. Note that this option applies to shell, command or subsystem execution.
  510. Also note that this command may be superseded by a
  511. .Xr sshd_config 5
  512. .Cm ForceCommand
  513. directive.
  514. .Pp
  515. If a command is specified and a forced-command is embedded in a certificate
  516. used for authentication, then the certificate will be accepted only if the
  517. two commands are identical.
  518. .It Cm environment="NAME=value"
  519. Specifies that the string is to be added to the environment when
  520. logging in using this key.
  521. Environment variables set this way
  522. override other default environment values.
  523. Multiple options of this type are permitted.
  524. Environment processing is disabled by default and is
  525. controlled via the
  526. .Cm PermitUserEnvironment
  527. option.
  528. .It Cm expiry-time="timespec"
  529. Specifies a time after which the key will not be accepted.
  530. The time may be specified as a YYYYMMDD date or a YYYYMMDDHHMM[SS] time
  531. in the system time-zone.
  532. .It Cm from="pattern-list"
  533. Specifies that in addition to public key authentication, either the canonical
  534. name of the remote host or its IP address must be present in the
  535. comma-separated list of patterns.
  536. See PATTERNS in
  537. .Xr ssh_config 5
  538. for more information on patterns.
  539. .Pp
  540. In addition to the wildcard matching that may be applied to hostnames or
  541. addresses, a
  542. .Cm from
  543. stanza may match IP addresses using CIDR address/masklen notation.
  544. .Pp
  545. The purpose of this option is to optionally increase security: public key
  546. authentication by itself does not trust the network or name servers or
  547. anything (but the key); however, if somebody somehow steals the key, the key
  548. permits an intruder to log in from anywhere in the world.
  549. This additional option makes using a stolen key more difficult (name
  550. servers and/or routers would have to be compromised in addition to
  551. just the key).
  552. .It Cm no-agent-forwarding
  553. Forbids authentication agent forwarding when this key is used for
  554. authentication.
  555. .It Cm no-port-forwarding
  556. Forbids TCP forwarding when this key is used for authentication.
  557. Any port forward requests by the client will return an error.
  558. This might be used, e.g. in connection with the
  559. .Cm command
  560. option.
  561. .It Cm no-pty
  562. Prevents tty allocation (a request to allocate a pty will fail).
  563. .It Cm no-user-rc
  564. Disables execution of
  565. .Pa ~/.ssh/rc .
  566. .It Cm no-X11-forwarding
  567. Forbids X11 forwarding when this key is used for authentication.
  568. Any X11 forward requests by the client will return an error.
  569. .It Cm permitlisten="[host:]port"
  570. Limit remote port forwarding with the
  571. .Xr ssh 1
  572. .Fl R
  573. option such that it may only listen on the specified host (optional) and port.
  574. IPv6 addresses can be specified by enclosing the address in square brackets.
  575. Multiple
  576. .Cm permitlisten
  577. options may be applied separated by commas.
  578. Hostnames may include wildcards as described in the PATTERNS section in
  579. .Xr ssh_config 5 .
  580. A port specification of
  581. .Cm *
  582. matches any port.
  583. Note that the setting of
  584. .Cm GatewayPorts
  585. may further restrict listen addresses.
  586. Note that
  587. .Xr ssh 1
  588. will send a hostname of
  589. .Dq localhost
  590. if a listen host was not specified when the forwarding was requested, and
  591. that this name is treated differently to the explicit localhost addresses
  592. .Dq 127.0.0.1
  593. and
  594. .Dq ::1 .
  595. .It Cm permitopen="host:port"
  596. Limit local port forwarding with the
  597. .Xr ssh 1
  598. .Fl L
  599. option such that it may only connect to the specified host and port.
  600. IPv6 addresses can be specified by enclosing the address in square brackets.
  601. Multiple
  602. .Cm permitopen
  603. options may be applied separated by commas.
  604. No pattern matching or name lookup is performed on the
  605. specified hostnames, they must be literal host names and/or addresses.
  606. A port specification of
  607. .Cm *
  608. matches any port.
  609. .It Cm port-forwarding
  610. Enable port forwarding previously disabled by the
  611. .Cm restrict
  612. option.
  613. .It Cm principals="principals"
  614. On a
  615. .Cm cert-authority
  616. line, specifies allowed principals for certificate authentication as a
  617. comma-separated list.
  618. At least one name from the list must appear in the certificate's
  619. list of principals for the certificate to be accepted.
  620. This option is ignored for keys that are not marked as trusted certificate
  621. signers using the
  622. .Cm cert-authority
  623. option.
  624. .It Cm pty
  625. Permits tty allocation previously disabled by the
  626. .Cm restrict
  627. option.
  628. .It Cm no-touch-required
  629. Do not require demonstration of user presence
  630. for signatures made using this key.
  631. This option only makes sense for the FIDO authenticator algorithms
  632. .Cm ecdsa-sk
  633. and
  634. .Cm ed25519-sk .
  635. .It Cm verify-required
  636. Require that signatures made using this key attest that they verified
  637. the user, e.g. via a PIN.
  638. This option only makes sense for the FIDO authenticator algorithms
  639. .Cm ecdsa-sk
  640. and
  641. .Cm ed25519-sk .
  642. .It Cm restrict
  643. Enable all restrictions, i.e. disable port, agent and X11 forwarding,
  644. as well as disabling PTY allocation
  645. and execution of
  646. .Pa ~/.ssh/rc .
  647. If any future restriction capabilities are added to authorized_keys files
  648. they will be included in this set.
  649. .It Cm tunnel="n"
  650. Force a
  651. .Xr tun 4
  652. device on the server.
  653. Without this option, the next available device will be used if
  654. the client requests a tunnel.
  655. .It Cm user-rc
  656. Enables execution of
  657. .Pa ~/.ssh/rc
  658. previously disabled by the
  659. .Cm restrict
  660. option.
  661. .It Cm X11-forwarding
  662. Permits X11 forwarding previously disabled by the
  663. .Cm restrict
  664. option.
  665. .El
  666. .Pp
  667. An example authorized_keys file:
  668. .Bd -literal -offset 3n
  669. # Comments allowed at start of line
  670. ssh-rsa AAAAB3Nza...LiPk== user@example.net
  671. from="*.sales.example.net,!pc.sales.example.net" ssh-rsa
  672. AAAAB2...19Q== john@example.net
  673. command="dump /home",no-pty,no-port-forwarding ssh-rsa
  674. AAAAC3...51R== example.net
  675. permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa
  676. AAAAB5...21S==
  677. permitlisten="localhost:8080",permitopen="localhost:22000" ssh-rsa
  678. AAAAB5...21S==
  679. tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...==
  680. jane@example.net
  681. restrict,command="uptime" ssh-rsa AAAA1C8...32Tv==
  682. user@example.net
  683. restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5==
  684. user@example.net
  685. no-touch-required sk-ecdsa-sha2-nistp256@openssh.com AAAAInN...Ko==
  686. user@example.net
  687. .Ed
  688. .Sh SSH_KNOWN_HOSTS FILE FORMAT
  689. The
  690. .Pa /etc/ssh/ssh_known_hosts
  691. and
  692. .Pa ~/.ssh/known_hosts
  693. files contain host public keys for all known hosts.
  694. The global file should
  695. be prepared by the administrator (optional), and the per-user file is
  696. maintained automatically: whenever the user connects to an unknown host,
  697. its key is added to the per-user file.
  698. .Pp
  699. Each line in these files contains the following fields: markers (optional),
  700. hostnames, keytype, base64-encoded key, comment.
  701. The fields are separated by spaces.
  702. .Pp
  703. The marker is optional, but if it is present then it must be one of
  704. .Dq @cert-authority ,
  705. to indicate that the line contains a certification authority (CA) key,
  706. or
  707. .Dq @revoked ,
  708. to indicate that the key contained on the line is revoked and must not ever
  709. be accepted.
  710. Only one marker should be used on a key line.
  711. .Pp
  712. Hostnames is a comma-separated list of patterns
  713. .Pf ( Ql *
  714. and
  715. .Ql \&?
  716. act as
  717. wildcards); each pattern in turn is matched against the host name.
  718. When
  719. .Nm sshd
  720. is authenticating a client, such as when using
  721. .Cm HostbasedAuthentication ,
  722. this will be the canonical client host name.
  723. When
  724. .Xr ssh 1
  725. is authenticating a server, this will be the host name
  726. given by the user, the value of the
  727. .Xr ssh 1
  728. .Cm HostkeyAlias
  729. if it was specified, or the canonical server hostname if the
  730. .Xr ssh 1
  731. .Cm CanonicalizeHostname
  732. option was used.
  733. .Pp
  734. A pattern may also be preceded by
  735. .Ql \&!
  736. to indicate negation: if the host name matches a negated
  737. pattern, it is not accepted (by that line) even if it matched another
  738. pattern on the line.
  739. A hostname or address may optionally be enclosed within
  740. .Ql \&[
  741. and
  742. .Ql \&]
  743. brackets then followed by
  744. .Ql \&:
  745. and a non-standard port number.
  746. .Pp
  747. Alternately, hostnames may be stored in a hashed form which hides host names
  748. and addresses should the file's contents be disclosed.
  749. Hashed hostnames start with a
  750. .Ql |
  751. character.
  752. Only one hashed hostname may appear on a single line and none of the above
  753. negation or wildcard operators may be applied.
  754. .Pp
  755. The keytype and base64-encoded key are taken directly from the host key; they
  756. can be obtained, for example, from
  757. .Pa /etc/ssh/ssh_host_rsa_key.pub .
  758. The optional comment field continues to the end of the line, and is not used.
  759. .Pp
  760. Lines starting with
  761. .Ql #
  762. and empty lines are ignored as comments.
  763. .Pp
  764. When performing host authentication, authentication is accepted if any
  765. matching line has the proper key; either one that matches exactly or,
  766. if the server has presented a certificate for authentication, the key
  767. of the certification authority that signed the certificate.
  768. For a key to be trusted as a certification authority, it must use the
  769. .Dq @cert-authority
  770. marker described above.
  771. .Pp
  772. The known hosts file also provides a facility to mark keys as revoked,
  773. for example when it is known that the associated private key has been
  774. stolen.
  775. Revoked keys are specified by including the
  776. .Dq @revoked
  777. marker at the beginning of the key line, and are never accepted for
  778. authentication or as certification authorities, but instead will
  779. produce a warning from
  780. .Xr ssh 1
  781. when they are encountered.
  782. .Pp
  783. It is permissible (but not
  784. recommended) to have several lines or different host keys for the same
  785. names.
  786. This will inevitably happen when short forms of host names
  787. from different domains are put in the file.
  788. It is possible
  789. that the files contain conflicting information; authentication is
  790. accepted if valid information can be found from either file.
  791. .Pp
  792. Note that the lines in these files are typically hundreds of characters
  793. long, and you definitely don't want to type in the host keys by hand.
  794. Rather, generate them by a script,
  795. .Xr ssh-keyscan 1
  796. or by taking, for example,
  797. .Pa /etc/ssh/ssh_host_rsa_key.pub
  798. and adding the host names at the front.
  799. .Xr ssh-keygen 1
  800. also offers some basic automated editing for
  801. .Pa ~/.ssh/known_hosts
  802. including removing hosts matching a host name and converting all host
  803. names to their hashed representations.
  804. .Pp
  805. An example ssh_known_hosts file:
  806. .Bd -literal -offset 3n
  807. # Comments allowed at start of line
  808. closenet,...,192.0.2.53 1024 37 159...93 closenet.example.net
  809. cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....=
  810. # A hashed hostname
  811. |1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa
  812. AAAA1234.....=
  813. # A revoked key
  814. @revoked * ssh-rsa AAAAB5W...
  815. # A CA key, accepted for any host in *.mydomain.com or *.mydomain.org
  816. @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W...
  817. .Ed
  818. .Sh FILES
  819. .Bl -tag -width Ds -compact
  820. .It Pa ~/.hushlogin
  821. This file is used to suppress printing the last login time and
  822. .Pa /etc/motd ,
  823. if
  824. .Cm PrintLastLog
  825. and
  826. .Cm PrintMotd ,
  827. respectively,
  828. are enabled.
  829. It does not suppress printing of the banner specified by
  830. .Cm Banner .
  831. .Pp
  832. .It Pa ~/.rhosts
  833. This file is used for host-based authentication (see
  834. .Xr ssh 1
  835. for more information).
  836. On some machines this file may need to be
  837. world-readable if the user's home directory is on an NFS partition,
  838. because
  839. .Nm
  840. reads it as root.
  841. Additionally, this file must be owned by the user,
  842. and must not have write permissions for anyone else.
  843. The recommended
  844. permission for most machines is read/write for the user, and not
  845. accessible by others.
  846. .Pp
  847. .It Pa ~/.shosts
  848. This file is used in exactly the same way as
  849. .Pa .rhosts ,
  850. but allows host-based authentication without permitting login with
  851. rlogin/rsh.
  852. .Pp
  853. .It Pa ~/.k5login
  854. .It Pa ~/.k5users
  855. These files enforce GSSAPI/Kerberos authentication access control.
  856. Further details are described in
  857. .Xr ksu 1 .
  858. .Pp
  859. .It Pa ~/.ssh/
  860. This directory is the default location for all user-specific configuration
  861. and authentication information.
  862. There is no general requirement to keep the entire contents of this directory
  863. secret, but the recommended permissions are read/write/execute for the user,
  864. and not accessible by others.
  865. .Pp
  866. .It Pa ~/.ssh/authorized_keys
  867. Lists the public keys (DSA, ECDSA, Ed25519, RSA)
  868. that can be used for logging in as this user.
  869. The format of this file is described above.
  870. The content of the file is not highly sensitive, but the recommended
  871. permissions are read/write for the user, and not accessible by others.
  872. .Pp
  873. If this file, the
  874. .Pa ~/.ssh
  875. directory, or the user's home directory are writable
  876. by other users, then the file could be modified or replaced by unauthorized
  877. users.
  878. In this case,
  879. .Nm
  880. will not allow it to be used unless the
  881. .Cm StrictModes
  882. option has been set to
  883. .Dq no .
  884. .Pp
  885. .It Pa ~/.ssh/environment
  886. This file is read into the environment at login (if it exists).
  887. It can only contain empty lines, comment lines (that start with
  888. .Ql # ) ,
  889. and assignment lines of the form name=value.
  890. The file should be writable
  891. only by the user; it need not be readable by anyone else.
  892. Environment processing is disabled by default and is
  893. controlled via the
  894. .Cm PermitUserEnvironment
  895. option.
  896. .Pp
  897. .It Pa ~/.ssh/known_hosts
  898. Contains a list of host keys for all hosts the user has logged into
  899. that are not already in the systemwide list of known host keys.
  900. The format of this file is described above.
  901. This file should be writable only by root/the owner and
  902. can, but need not be, world-readable.
  903. .Pp
  904. .It Pa ~/.ssh/rc
  905. Contains initialization routines to be run before
  906. the user's home directory becomes accessible.
  907. This file should be writable only by the user, and need not be
  908. readable by anyone else.
  909. .Pp
  910. .It Pa /etc/hosts.allow
  911. .It Pa /etc/hosts.deny
  912. Access controls that should be enforced by tcp-wrappers are defined here.
  913. Further details are described in
  914. .Xr hosts_access 5 .
  915. .Pp
  916. .It Pa /etc/hosts.equiv
  917. This file is for host-based authentication (see
  918. .Xr ssh 1 ) .
  919. It should only be writable by root.
  920. .Pp
  921. .It Pa /etc/ssh/moduli
  922. Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange"
  923. key exchange method.
  924. The file format is described in
  925. .Xr moduli 5 .
  926. If no usable groups are found in this file then fixed internal groups will
  927. be used.
  928. .Pp
  929. .It Pa /etc/motd
  930. See
  931. .Xr motd 5 .
  932. .Pp
  933. .It Pa /etc/nologin
  934. If this file exists,
  935. .Nm
  936. refuses to let anyone except root log in.
  937. The contents of the file
  938. are displayed to anyone trying to log in, and non-root connections are
  939. refused.
  940. The file should be world-readable.
  941. .Pp
  942. .It Pa /etc/shosts.equiv
  943. This file is used in exactly the same way as
  944. .Pa hosts.equiv ,
  945. but allows host-based authentication without permitting login with
  946. rlogin/rsh.
  947. .Pp
  948. .It Pa /etc/ssh/ssh_host_ecdsa_key
  949. .It Pa /etc/ssh/ssh_host_ed25519_key
  950. .It Pa /etc/ssh/ssh_host_rsa_key
  951. These files contain the private parts of the host keys.
  952. These files should only be owned by root, readable only by root, and not
  953. accessible to others.
  954. Note that
  955. .Nm
  956. does not start if these files are group/world-accessible.
  957. .Pp
  958. .It Pa /etc/ssh/ssh_host_ecdsa_key.pub
  959. .It Pa /etc/ssh/ssh_host_ed25519_key.pub
  960. .It Pa /etc/ssh/ssh_host_rsa_key.pub
  961. These files contain the public parts of the host keys.
  962. These files should be world-readable but writable only by
  963. root.
  964. Their contents should match the respective private parts.
  965. These files are not
  966. really used for anything; they are provided for the convenience of
  967. the user so their contents can be copied to known hosts files.
  968. These files are created using
  969. .Xr ssh-keygen 1 .
  970. .Pp
  971. .It Pa /etc/ssh/ssh_known_hosts
  972. Systemwide list of known host keys.
  973. This file should be prepared by the
  974. system administrator to contain the public host keys of all machines in the
  975. organization.
  976. The format of this file is described above.
  977. This file should be writable only by root/the owner and
  978. should be world-readable.
  979. .Pp
  980. .It Pa /etc/ssh/sshd_config
  981. Contains configuration data for
  982. .Nm sshd .
  983. The file format and configuration options are described in
  984. .Xr sshd_config 5 .
  985. .Pp
  986. .It Pa /etc/ssh/sshrc
  987. Similar to
  988. .Pa ~/.ssh/rc ,
  989. it can be used to specify
  990. machine-specific login-time initializations globally.
  991. This file should be writable only by root, and should be world-readable.
  992. .Pp
  993. .It Pa /var/empty
  994. .Xr chroot 2
  995. directory used by
  996. .Nm
  997. during privilege separation in the pre-authentication phase.
  998. The directory should not contain any files and must be owned by root
  999. and not group or world-writable.
  1000. .Pp
  1001. .It Pa /var/run/sshd.pid
  1002. Contains the process ID of the
  1003. .Nm
  1004. listening for connections (if there are several daemons running
  1005. concurrently for different ports, this contains the process ID of the one
  1006. started last).
  1007. The content of this file is not sensitive; it can be world-readable.
  1008. .El
  1009. .Sh IPV6
  1010. IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
  1011. .Sh SEE ALSO
  1012. .Xr scp 1 ,
  1013. .Xr sftp 1 ,
  1014. .Xr ssh 1 ,
  1015. .Xr ssh-add 1 ,
  1016. .Xr ssh-agent 1 ,
  1017. .Xr ssh-keygen 1 ,
  1018. .Xr ssh-keyscan 1 ,
  1019. .Xr chroot 2 ,
  1020. .Xr hosts_access 5 ,
  1021. .Xr moduli 5 ,
  1022. .Xr sshd_config 5 ,
  1023. .Xr inetd 8 ,
  1024. .Xr sftp-server 8
  1025. .Sh AUTHORS
  1026. OpenSSH is a derivative of the original and free
  1027. ssh 1.2.12 release by Tatu Ylonen.
  1028. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
  1029. Theo de Raadt and Dug Song
  1030. removed many bugs, re-added newer features and
  1031. created OpenSSH.
  1032. Markus Friedl contributed the support for SSH
  1033. protocol versions 1.5 and 2.0.
  1034. Niels Provos and Markus Friedl contributed support
  1035. for privilege separation.