# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2024-03-01 17:08+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Dd #: archlinux debian-unstable fedora-40 fedora-rawhide opensuse-tumbleweed #, no-wrap msgid "$Mdocdate: September 19 2023 $" msgstr "" #. type: Dt #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "SSHD 8" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "NAME" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "E<.Nm sshd>" msgstr "" #. type: Nd #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "OpenSSH daemon" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "SYNOPSIS" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "" "E<.Nm sshd> E<.Bk -words> E<.Op Fl 46DdeGiqTtV> E<.Op Fl C Ar " "connection_spec> E<.Op Fl c Ar host_certificate_file> E<.Op Fl E Ar " "log_file> E<.Op Fl f Ar config_file> E<.Op Fl g Ar login_grace_time> E<.Op " "Fl h Ar host_key_file> E<.Op Fl o Ar option> E<.Op Fl p Ar port> E<.Op Fl u " "Ar len> E<.Ek>" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "DESCRIPTION" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "E<.Nm> (OpenSSH Daemon) is the daemon program for E<.Xr ssh 1>. It provides " "secure encrypted communications between two untrusted hosts over an insecure " "network." msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron opensuse-tumbleweed msgid "" "E<.Nm> listens for connections from clients. It is normally started at boot " "from E<.Pa /etc/rc>. It forks a new daemon for each incoming connection. " "The forked daemons handle key exchange, encryption, authentication, command " "execution, and data exchange." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "E<.Nm> can be configured using command-line options or a configuration file " "(by default E<.Xr sshd_config 5>); command-line options override values " "specified in the configuration file. E<.Nm> rereads its configuration file " "when it receives a hangup signal, E<.Dv SIGHUP>, by executing itself with " "the name and options it was started with, e.g.\\& E<.Pa /usr/sbin/sshd>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "The options are as follows:" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl 4" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "Forces E<.Nm> to use IPv4 addresses only." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl 6" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "Forces E<.Nm> to use IPv6 addresses only." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl C Ar connection_spec" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specify the connection parameters to use for the E<.Fl T> extended test " "mode. If provided, any E<.Cm Match> directives in the configuration file " "that would apply are applied before the configuration is written to standard " "output. The connection parameters are supplied as keyword=value pairs and " "may be supplied in any order, either with multiple E<.Fl C> options or as a " "comma-separated list. The keywords are E<.Dq addr>, E<.Dq user>, E<.Dq " "host>, E<.Dq laddr>, E<.Dq lport>, and E<.Dq rdomain> and correspond to " "source address, user, resolved source host name, local address, local port " "number and routing domain respectively." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl c Ar host_certificate_file" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies a path to a certificate file to identify E<.Nm> during key " "exchange. The certificate file must match a host key file specified using " "the E<.Fl h> option or the E<.Cm HostKey> configuration directive." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl D" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "When this option is specified, E<.Nm> will not detach and does not become a " "daemon. This allows easy monitoring of E<.Nm sshd>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl d" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Debug mode. The server sends verbose debug output to standard error, and " "does not put itself in the background. The server also will not E<.Xr fork " "2> and will only process one connection. This option is only intended for " "debugging for the server. Multiple E<.Fl d> options increase the debugging " "level. Maximum is 3." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl E Ar log_file" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "Append debug logs to E<.Ar log_file> instead of the system log." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl e" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "Write debug logs to standard error instead of the system log." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl f Ar config_file" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the name of the configuration file. The default is E<.Pa /etc/ssh/" "sshd_config>. E<.Nm> refuses to start if there is no configuration file." msgstr "" #. type: It #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed #, no-wrap msgid "Fl G" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "" "Parse and print configuration file. Check the validity of the configuration " "file, output the effective configuration to stdout and then exit. " "Optionally, E<.Cm Match> rules may be applied by specifying the connection " "parameters using one or more E<.Fl C> options." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl g Ar login_grace_time" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Gives the grace time for clients to authenticate themselves (default 120 " "seconds). If the client fails to authenticate the user within this many " "seconds, the server disconnects and exits. A value of zero indicates no " "limit." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl h Ar host_key_file" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies a file from which a host key is read. This option must be given " "if E<.Nm> is not run as root (as the normal host key files are normally not " "readable by anyone but root). The default is E<.Pa /etc/ssh/" "ssh_host_ecdsa_key>, E<.Pa /etc/ssh/ssh_host_ed25519_key> and E<.Pa /etc/ssh/" "ssh_host_rsa_key>. It is possible to have multiple host key files for the " "different host key algorithms." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl i" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "Specifies that E<.Nm> is being run from E<.Xr inetd 8>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl o Ar option" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Can be used to give options in the format used in the configuration file. " "This is useful for specifying options for which there is no separate command-" "line flag. For full details of the options, and their values, see E<.Xr " "sshd_config 5>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl p Ar port" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies the port on which the server listens for connections (default " "22). Multiple port options are permitted. Ports specified in the " "configuration file with the E<.Cm Port> option are ignored when a command-" "line port is specified. Ports specified using the E<.Cm ListenAddress> " "option override command-line ports." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl q" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Quiet mode. Nothing is sent to the system log. Normally the beginning, " "authentication, and termination of each connection is logged." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl T" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide mageia-cauldron #: opensuse-tumbleweed msgid "" "Extended test mode. Check the validity of the configuration file, output " "the effective configuration to stdout and then exit. Optionally, E<.Cm " "Match> rules may be applied by specifying the connection parameters using " "one or more E<.Fl C> options. This is similar to the E<.Fl G> flag, but it " "includes the additional testing performed by the E<.Fl t> flag." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl t" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Test mode. Only check the validity of the configuration file and sanity of " "the keys. This is useful for updating E<.Nm> reliably as configuration " "options may change." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl u Ar len" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "This option is used to specify the size of the field in the E<.Vt utmp> " "structure that holds the remote host name. If the resolved host name is " "longer than E<.Ar len>, the dotted decimal value will be used instead. This " "allows hosts with very long host names that overflow this field to still be " "uniquely identified. Specifying E<.Fl u0> indicates that only dotted " "decimal addresses should be put into the E<.Pa utmp> file. E<.Fl u0> may " "also be used to prevent E<.Nm> from making DNS requests unless the " "authentication mechanism or configuration requires it. Authentication " "mechanisms that may require DNS include E<.Cm HostbasedAuthentication> and " "using a E<.Cm from=\"pattern-list\"> option in a key file. Configuration " "options that require DNS include using a USER@HOST pattern in E<.Cm " "AllowUsers> or E<.Cm DenyUsers>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Fl V" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "Display the version number and exit." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "AUTHENTICATION" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The OpenSSH SSH daemon supports SSH protocol 2 only. Each host has a host-" "specific key, used to identify the host. Whenever a client connects, the " "daemon responds with its public host key. The client compares the host key " "against its own database to verify that it has not changed. Forward secrecy " "is provided through a Diffie-Hellman key agreement. This key agreement " "results in a shared session key. The rest of the session is encrypted using " "a symmetric cipher. The client selects the encryption algorithm to use from " "those offered by the server. Additionally, session integrity is provided " "through a cryptographic message authentication code (MAC)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable opensuse-tumbleweed msgid "" "Finally, the server and the client enter an authentication dialog. The " "client tries to authenticate itself using host-based authentication, public " "key authentication, challenge-response authentication, or password " "authentication." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Regardless of the authentication type, the account is checked to ensure that " "it is accessible. An account is not accessible if it is locked, listed in " "E<.Cm DenyUsers> or its group is listed in E<.Cm DenyGroups> \\&. The " "definition of a locked account is system dependent. Some platforms have " "their own account database (eg AIX) and some modify the passwd field ( E<.Ql " "\\&*LK\\&*> on Solaris and UnixWare, E<.Ql \\&*> on HP-UX, containing E<.Ql " "Nologin> on Tru64, a leading E<.Ql \\&*LOCKED\\&*> on FreeBSD and a leading " "E<.Ql \\&!> on most Linuxes). If there is a requirement to disable password " "authentication for the account while allowing still public-key, then the " "passwd field should be set to something other than these values (eg E<.Ql " "NP> or E<.Ql \\&*NP\\&*> )." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "If the client successfully authenticates itself, a dialog for preparing the " "session is entered. At this time the client may request things like " "allocating a pseudo-tty, forwarding X11 connections, forwarding TCP " "connections, or forwarding the authentication agent connection over the " "secure channel." msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide opensuse-tumbleweed msgid "" "After this, the client either requests an interactive shell or execution of " "a non-interactive command, which E<.Nm> will execute via the user's shell " "using its E<.Fl c> option. The sides then enter session mode. In this " "mode, either side may send data at any time, and such data is forwarded to/" "from the shell or command on the server side, and the user terminal in the " "client side." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "When the user program terminates and all forwarded X11 and other connections " "have been closed, the server sends command exit status to the client, and " "both sides exit." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "LOGIN PROCESS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "When a user successfully logs in, E<.Nm> does the following:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "If the login is on a tty, and no command has been specified, prints last " "login time and E<.Pa /etc/motd> (unless prevented in the configuration file " "or by E<.Pa ~/.hushlogin>; see the E<.Sx FILES> section)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "If the login is on a tty, records login time." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Checks E<.Pa /etc/nologin>; if it exists, prints contents and quits (unless " "root)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "Changes to run with normal user privileges." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "Sets up basic environment." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Reads the file E<.Pa ~/.ssh/environment>, if it exists, and users are " "allowed to change their environment. See the E<.Cm PermitUserEnvironment> " "option in E<.Xr sshd_config 5>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "Changes to user's home directory." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "If E<.Pa ~/.ssh/rc> exists and the E<.Xr sshd_config 5> E<.Cm PermitUserRC> " "option is set, runs it; else if E<.Pa /etc/ssh/sshrc> exists, runs it; " "otherwise runs E<.Xr xauth 1>. The E<.Dq rc> files are given the X11 " "authentication protocol and cookie in standard input. See E<.Sx SSHRC>, " "below." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Runs user's shell or command. All commands are run under the user's login " "shell as specified in the system password database." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "SSHRC" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "If the file E<.Pa ~/.ssh/rc> exists, E<.Xr sh 1> runs it after reading the " "environment files but before starting the user's shell or command. It must " "not produce any output on stdout; stderr must be used instead. If X11 " "forwarding is in use, it will receive the \"proto cookie\" pair in its " "standard input (and E<.Ev DISPLAY> in its environment). The script must " "call E<.Xr xauth 1> because E<.Nm> will not run xauth automatically to add " "X11 cookies." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The primary purpose of this file is to run any initialization routines which " "may be needed before the user's home directory becomes accessible; AFS is a " "particular example of such an environment." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "This file will probably contain some initialization code followed by " "something similar to:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "" "if read proto cookie && [ -n \"$DISPLAY\" ]; then\n" "\tif [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then\n" "\t\t# X11UseLocalhost=yes\n" "\t\techo add unix:`echo $DISPLAY |\n" "\t\t cut -c11-` $proto $cookie\n" "\telse\n" "\t\t# X11UseLocalhost=no\n" "\t\techo add $DISPLAY $proto $cookie\n" "\tfi | xauth -q -\n" "fi\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "If this file does not exist, E<.Pa /etc/ssh/sshrc> is run, and if that does " "not exist either, xauth is used to add the cookie." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "AUTHORIZED_KEYS FILE FORMAT" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "E<.Cm AuthorizedKeysFile> specifies the files containing public keys for " "public key authentication; if this option is not specified, the default is " "E<.Pa ~/.ssh/authorized_keys> and E<.Pa ~/.ssh/authorized_keys2>. Each line " "of the file contains one key (empty lines and lines starting with a E<.Ql #> " "are ignored as comments). Public keys consist of the following space-" "separated fields: options, keytype, base64-encoded key, comment. The " "options field is optional. The supported key types are:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "sk-ecdsa-sha2-nistp256@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "ecdsa-sha2-nistp256" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "ecdsa-sha2-nistp384" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "ecdsa-sha2-nistp521" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "sk-ssh-ed25519@openssh.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "ssh-ed25519" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "ssh-dss" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "ssh-rsa" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The comment field is not used for anything (but may be convenient for the " "user to identify the key)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Note that lines in this file can be several hundred bytes long (because of " "the size of the public key encoding) up to a limit of 8 kilobytes, which " "permits RSA keys up to 16 kilobits. You don't want to type them in; " "instead, copy the E<.Pa id_dsa.pub>, E<.Pa id_ecdsa.pub>, E<.Pa id_ecdsa_sk." "pub>, E<.Pa id_ed25519.pub>, E<.Pa id_ed25519_sk.pub>, or the E<.Pa id_rsa." "pub> file and edit it." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "E<.Nm> enforces a minimum RSA key modulus size of 1024 bits." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The options (if present) consist of comma-separated option specifications. " "No spaces are permitted, except within double quotes. The following option " "specifications are supported (note that option keywords are case-" "insensitive):" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm agent-forwarding" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Enable authentication agent forwarding previously disabled by the E<.Cm " "restrict> option." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm cert-authority" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies that the listed key is a certification authority (CA) that is " "trusted to validate signed certificates for user authentication." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Certificates may encode access restrictions similar to these key options. " "If both certificate restrictions and key options are present, the most " "restrictive union of the two is applied." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm command=\"command\"" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies that the command is executed whenever this key is used for " "authentication. The command supplied by the user (if any) is ignored. The " "command is run on a pty if the client requests a pty; otherwise it is run " "without a tty. If an 8-bit clean channel is required, one must not request " "a pty or should specify E<.Cm no-pty>. A quote may be included in the " "command by quoting it with a backslash." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "This option might be useful to restrict certain public keys to perform just " "a specific operation. An example might be a key that permits remote backups " "but nothing else. Note that the client may specify TCP and/or X11 " "forwarding unless they are explicitly prohibited, e.g. using the E<.Cm " "restrict> key option." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The command originally supplied by the client is available in the E<.Ev " "SSH_ORIGINAL_COMMAND> environment variable. Note that this option applies " "to shell, command or subsystem execution. Also note that this command may " "be superseded by a E<.Xr sshd_config 5> E<.Cm ForceCommand> directive." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "If a command is specified and a forced-command is embedded in a certificate " "used for authentication, then the certificate will be accepted only if the " "two commands are identical." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm environment=\"NAME=value\"" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies that the string is to be added to the environment when logging in " "using this key. Environment variables set this way override other default " "environment values. Multiple options of this type are permitted. " "Environment processing is disabled by default and is controlled via the E<." "Cm PermitUserEnvironment> option." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm expiry-time=\"timespec\"" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies a time after which the key will not be accepted. The time may be " "specified as a YYYYMMDD[Z] date or a YYYYMMDDHHMM[SS][Z] time. Dates and " "times will be interpreted in the system time zone unless suffixed by a Z " "character, in which case they will be interpreted in the UTC time zone." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm from=\"pattern-list\"" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Specifies that in addition to public key authentication, either the " "canonical name of the remote host or its IP address must be present in the " "comma-separated list of patterns. See PATTERNS in E<.Xr ssh_config 5> for " "more information on patterns." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "In addition to the wildcard matching that may be applied to hostnames or " "addresses, a E<.Cm from> stanza may match IP addresses using CIDR address/" "masklen notation." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The purpose of this option is to optionally increase security: public key " "authentication by itself does not trust the network or name servers or " "anything (but the key); however, if somebody somehow steals the key, the key " "permits an intruder to log in from anywhere in the world. This additional " "option makes using a stolen key more difficult (name servers and/or routers " "would have to be compromised in addition to just the key)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm no-agent-forwarding" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Forbids authentication agent forwarding when this key is used for " "authentication." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm no-port-forwarding" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Forbids TCP forwarding when this key is used for authentication. Any port " "forward requests by the client will return an error. This might be used, e." "g. in connection with the E<.Cm command> option." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm no-pty" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "Prevents tty allocation (a request to allocate a pty will fail)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm no-user-rc" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "Disables execution of E<.Pa ~/.ssh/rc>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm no-X11-forwarding" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Forbids X11 forwarding when this key is used for authentication. Any X11 " "forward requests by the client will return an error." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm permitlisten=\"[host:]port\"" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Limit remote port forwarding with the E<.Xr ssh 1> E<.Fl R> option such that " "it may only listen on the specified host (optional) and port. IPv6 " "addresses can be specified by enclosing the address in square brackets. " "Multiple E<.Cm permitlisten> options may be applied separated by commas. " "Hostnames may include wildcards as described in the PATTERNS section in E<." "Xr ssh_config 5>. A port specification of E<.Cm *> matches any port. Note " "that the setting of E<.Cm GatewayPorts> may further restrict listen " "addresses. Note that E<.Xr ssh 1> will send a hostname of E<.Dq localhost> " "if a listen host was not specified when the forwarding was requested, and " "that this name is treated differently to the explicit localhost addresses E<." "Dq 127.0.0.1> and E<.Dq ::1>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm permitopen=\"host:port\"" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Limit local port forwarding with the E<.Xr ssh 1> E<.Fl L> option such that " "it may only connect to the specified host and port. IPv6 addresses can be " "specified by enclosing the address in square brackets. Multiple E<.Cm " "permitopen> options may be applied separated by commas. No pattern matching " "or name lookup is performed on the specified hostnames, they must be literal " "host names and/or addresses. A port specification of E<.Cm *> matches any " "port." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm port-forwarding" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Enable port forwarding previously disabled by the E<.Cm restrict> option." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm principals=\"principals\"" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "On a E<.Cm cert-authority> line, specifies allowed principals for " "certificate authentication as a comma-separated list. At least one name " "from the list must appear in the certificate's list of principals for the " "certificate to be accepted. This option is ignored for keys that are not " "marked as trusted certificate signers using the E<.Cm cert-authority> option." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm pty" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Permits tty allocation previously disabled by the E<.Cm restrict> option." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm no-touch-required" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Do not require demonstration of user presence for signatures made using this " "key. This option only makes sense for the FIDO authenticator algorithms E<." "Cm ecdsa-sk> and E<.Cm ed25519-sk>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm verify-required" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Require that signatures made using this key attest that they verified the " "user, e.g. via a PIN. This option only makes sense for the FIDO " "authenticator algorithms E<.Cm ecdsa-sk> and E<.Cm ed25519-sk>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm restrict" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Enable all restrictions, i.e. disable port, agent and X11 forwarding, as " "well as disabling PTY allocation and execution of E<.Pa ~/.ssh/rc>. If any " "future restriction capabilities are added to authorized_keys files, they " "will be included in this set." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm tunnel=\"n\"" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Force a E<.Xr tun 4> device on the server. Without this option, the next " "available device will be used if the client requests a tunnel." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm user-rc" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Enables execution of E<.Pa ~/.ssh/rc> previously disabled by the E<.Cm " "restrict> option." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Cm X11-forwarding" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Permits X11 forwarding previously disabled by the E<.Cm restrict> option." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "An example authorized_keys file:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "" "# Comments are allowed at start of line. Blank lines are allowed.\n" "# Plain key, no restrictions\n" "ssh-rsa ...\n" "# Forced command, disable PTY and all forwarding\n" "restrict,command=\"dump /home\" ssh-rsa ...\n" "# Restriction of ssh -L forwarding destinations\n" "permitopen=\"192.0.2.1:80\",permitopen=\"192.0.2.2:25\" ssh-rsa ...\n" "# Restriction of ssh -R forwarding listeners\n" "permitlisten=\"localhost:8080\",permitlisten=\"[::1]:22000\" ssh-rsa ...\n" "# Configuration for tunnel forwarding\n" "tunnel=\"0\",command=\"sh /etc/netstart tun0\" ssh-rsa ...\n" "# Override of restriction to allow PTY allocation\n" "restrict,pty,command=\"nethack\" ssh-rsa ...\n" "# Allow FIDO key without requiring touch\n" "no-touch-required sk-ecdsa-sha2-nistp256@openssh.com ...\n" "# Require user-verification (e.g. PIN or biometric) for FIDO key\n" "verify-required sk-ecdsa-sha2-nistp256@openssh.com ...\n" "# Trust CA key, allow touch-less FIDO if requested in certificate\n" "cert-authority,no-touch-required,principals=\"user_a\" ssh-rsa ...\n" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "SSH_KNOWN_HOSTS FILE FORMAT" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The E<.Pa /etc/ssh/ssh_known_hosts> and E<.Pa ~/.ssh/known_hosts> files " "contain host public keys for all known hosts. The global file should be " "prepared by the administrator (optional), and the per-user file is " "maintained automatically: whenever the user connects to an unknown host, its " "key is added to the per-user file." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Each line in these files contains the following fields: marker (optional), " "hostnames, keytype, base64-encoded key, comment. The fields are separated " "by spaces." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The marker is optional, but if it is present then it must be one of E<.Dq " "@cert-authority>, to indicate that the line contains a certification " "authority (CA) key, or E<.Dq @revoked>, to indicate that the key contained " "on the line is revoked and must not ever be accepted. Only one marker " "should be used on a key line." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Hostnames is a comma-separated list of patterns E<.Pf ( Ql *> and E<.Ql \\&?" "> act as wildcards); each pattern in turn is matched against the host name. " "When E<.Nm sshd> is authenticating a client, such as when using E<.Cm " "HostbasedAuthentication>, this will be the canonical client host name. When " "E<.Xr ssh 1> is authenticating a server, this will be the host name given by " "the user, the value of the E<.Xr ssh 1> E<.Cm HostkeyAlias> if it was " "specified, or the canonical server hostname if the E<.Xr ssh 1> E<.Cm " "CanonicalizeHostname> option was used." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "A pattern may also be preceded by E<.Ql \\&!> to indicate negation: if the " "host name matches a negated pattern, it is not accepted (by that line) even " "if it matched another pattern on the line. A hostname or address may " "optionally be enclosed within E<.Ql \\&[> and E<.Ql \\&]> brackets then " "followed by E<.Ql \\&:> and a non-standard port number." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Alternately, hostnames may be stored in a hashed form which hides host names " "and addresses should the file's contents be disclosed. Hashed hostnames " "start with a E<.Ql |> character. Only one hashed hostname may appear on a " "single line and none of the above negation or wildcard operators may be " "applied." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The keytype and base64-encoded key are taken directly from the host key; " "they can be obtained, for example, from E<.Pa /etc/ssh/ssh_host_rsa_key." "pub>. The optional comment field continues to the end of the line, and is " "not used." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "Lines starting with E<.Ql #> and empty lines are ignored as comments." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "When performing host authentication, authentication is accepted if any " "matching line has the proper key; either one that matches exactly or, if the " "server has presented a certificate for authentication, the key of the " "certification authority that signed the certificate. For a key to be " "trusted as a certification authority, it must use the E<.Dq @cert-authority> " "marker described above." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "The known hosts file also provides a facility to mark keys as revoked, for " "example when it is known that the associated private key has been stolen. " "Revoked keys are specified by including the E<.Dq @revoked> marker at the " "beginning of the key line, and are never accepted for authentication or as " "certification authorities, but instead will produce a warning from E<.Xr ssh " "1> when they are encountered." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "It is permissible (but not recommended) to have several lines or different " "host keys for the same names. This will inevitably happen when short forms " "of host names from different domains are put in the file. It is possible " "that the files contain conflicting information; authentication is accepted " "if valid information can be found from either file." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Note that the lines in these files are typically hundreds of characters " "long, and you definitely don't want to type in the host keys by hand. " "Rather, generate them by a script, E<.Xr ssh-keyscan 1> or by taking, for " "example, E<.Pa /etc/ssh/ssh_host_rsa_key.pub> and adding the host names at " "the front. E<.Xr ssh-keygen 1> also offers some basic automated editing for " "E<.Pa ~/.ssh/known_hosts> including removing hosts matching a host name and " "converting all host names to their hashed representations." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "An example ssh_known_hosts file:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "" "# Comments allowed at start of line\n" "cvs.example.net,192.0.2.10 ssh-rsa AAAA1234.....=\n" "# A hashed hostname\n" "|1|JfKTdBh7rNbXkVAQCRp4OQoPfmI=|USECr3SWf1JUPsms5AqfD5QfxkM= ssh-rsa\n" "AAAA1234.....=\n" "# A revoked key\n" "@revoked * ssh-rsa AAAAB5W...\n" "# A CA key, accepted for any host in *.mydomain.com or *.mydomain.org\n" "@cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W...\n" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "FILES" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa ~/.hushlogin" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "This file is used to suppress printing the last login time and E<.Pa /etc/" "motd>, if E<.Cm PrintLastLog> and E<.Cm PrintMotd>, respectively, are " "enabled. It does not suppress printing of the banner specified by E<.Cm " "Banner>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa ~/.rhosts" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "This file is used for host-based authentication (see E<.Xr ssh 1> for more " "information). On some machines this file may need to be world-readable if " "the user's home directory is on an NFS partition, because E<.Nm> reads it as " "root. Additionally, this file must be owned by the user, and must not have " "write permissions for anyone else. The recommended permission for most " "machines is read/write for the user, and not accessible by others." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa ~/.shosts" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "This file is used in exactly the same way as E<.Pa .rhosts>, but allows host-" "based authentication without permitting login with rlogin/rsh." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa ~/.ssh/" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "This directory is the default location for all user-specific configuration " "and authentication information. There is no general requirement to keep the " "entire contents of this directory secret, but the recommended permissions " "are read/write/execute for the user, and not accessible by others." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa ~/.ssh/authorized_keys" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used for " "logging in as this user. The format of this file is described above. The " "content of the file is not highly sensitive, but the recommended permissions " "are read/write for the user, and not accessible by others." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "If this file, the E<.Pa ~/.ssh> directory, or the user's home directory are " "writable by other users, then the file could be modified or replaced by " "unauthorized users. In this case, E<.Nm> will not allow it to be used " "unless the E<.Cm StrictModes> option has been set to E<.Dq no>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa ~/.ssh/environment" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "This file is read into the environment at login (if it exists). It can only " "contain empty lines, comment lines (that start with E<.Ql #>), and " "assignment lines of the form name=value. The file should be writable only " "by the user; it need not be readable by anyone else. Environment processing " "is disabled by default and is controlled via the E<.Cm " "PermitUserEnvironment> option." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa ~/.ssh/known_hosts" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Contains a list of host keys for all hosts the user has logged into that are " "not already in the systemwide list of known host keys. The format of this " "file is described above. This file should be writable only by root/the " "owner and can, but need not be, world-readable." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa ~/.ssh/rc" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Contains initialization routines to be run before the user's home directory " "becomes accessible. This file should be writable only by the user, and need " "not be readable by anyone else." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa /etc/hosts.equiv" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "This file is for host-based authentication (see E<.Xr ssh 1>). It should " "only be writable by root." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa /etc/ssh/moduli" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Contains Diffie-Hellman groups used for the \"Diffie-Hellman Group " "Exchange\" key exchange method. The file format is described in E<.Xr " "moduli 5>. If no usable groups are found in this file then fixed internal " "groups will be used." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa /etc/motd" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "See E<.Xr motd 5>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa /etc/nologin" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "If this file exists, E<.Nm> refuses to let anyone except root log in. The " "contents of the file are displayed to anyone trying to log in, and non-root " "connections are refused. The file should be world-readable." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa /etc/ssh/shosts.equiv" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "This file is used in exactly the same way as E<.Pa hosts.equiv>, but allows " "host-based authentication without permitting login with rlogin/rsh." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa /etc/ssh/ssh_host_ecdsa_key" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa /etc/ssh/ssh_host_ed25519_key" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa /etc/ssh/ssh_host_rsa_key" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "These files contain the private parts of the host keys. These files should " "only be owned by root, readable only by root, and not accessible to others. " "Note that E<.Nm> does not start if these files are group/world-accessible." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa /etc/ssh/ssh_host_ecdsa_key.pub" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa /etc/ssh/ssh_host_ed25519_key.pub" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa /etc/ssh/ssh_host_rsa_key.pub" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "These files contain the public parts of the host keys. These files should " "be world-readable but writable only by root. Their contents should match " "the respective private parts. These files are not really used for anything; " "they are provided for the convenience of the user so their contents can be " "copied to known hosts files. These files are created using E<.Xr ssh-keygen " "1>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa /etc/ssh/ssh_known_hosts" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Systemwide list of known host keys. This file should be prepared by the " "system administrator to contain the public host keys of all machines in the " "organization. The format of this file is described above. This file should " "be writable only by root/the owner and should be world-readable." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa /etc/ssh/sshd_config" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Contains configuration data for E<.Nm sshd>. The file format and " "configuration options are described in E<.Xr sshd_config 5>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "Pa /etc/ssh/sshrc" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Similar to E<.Pa ~/.ssh/rc>, it can be used to specify machine-specific " "login-time initializations globally. This file should be writable only by " "root, and should be world-readable." msgstr "" #. type: It #: archlinux #, no-wrap msgid "Pa /var/empty" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "E<.Xr chroot 2> directory used by E<.Nm> during privilege separation in the " "pre-authentication phase. The directory should not contain any files and " "must be owned by root and not group or world-writable." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable opensuse-tumbleweed #, no-wrap msgid "Pa /run/sshd.pid" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "Contains the process ID of the E<.Nm> listening for connections (if there " "are several daemons running concurrently for different ports, this contains " "the process ID of the one started last). The content of this file is not " "sensitive; it can be world-readable." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "SEE ALSO" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron msgid "" "E<.Xr scp 1>, E<.Xr sftp 1>, E<.Xr ssh 1>, E<.Xr ssh-add 1>, E<.Xr ssh-agent " "1>, E<.Xr ssh-keygen 1>, E<.Xr ssh-keyscan 1>, E<.Xr chroot 2>, E<.Xr login." "conf 5>, E<.Xr moduli 5>, E<.Xr sshd_config 5>, E<.Xr inetd 8>, E<.Xr sftp-" "server 8>" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed #, no-wrap msgid "AUTHORS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron opensuse-tumbleweed msgid "" "OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu " "Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de " "Raadt and Dug Song removed many bugs, re-added newer features and created " "OpenSSH. Markus Friedl contributed the support for SSH protocol versions " "1.5 and 2.0. Niels Provos and Markus Friedl contributed support for " "privilege separation." msgstr "" #. type: Dd #: debian-bookworm #, no-wrap msgid "$Mdocdate: January 18 2023 $" msgstr "" #. type: Plain text #: debian-bookworm msgid "" "E<.Nm sshd> E<.Bk -words> E<.Op Fl 46DdeiqTtV> E<.Op Fl C Ar " "connection_spec> E<.Op Fl c Ar host_certificate_file> E<.Op Fl E Ar " "log_file> E<.Op Fl f Ar config_file> E<.Op Fl g Ar login_grace_time> E<.Op " "Fl h Ar host_key_file> E<.Op Fl o Ar option> E<.Op Fl p Ar port> E<.Op Fl u " "Ar len> E<.Ek>" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "E<.Nm> listens for connections from clients. It is normally started at boot " "from E<.Pa /etc/init.d/ssh>. It forks a new daemon for each incoming " "connection. The forked daemons handle key exchange, encryption, " "authentication, command execution, and data exchange." msgstr "" #. type: Plain text #: debian-bookworm msgid "" "Extended test mode. Check the validity of the configuration file, output " "the effective configuration to stdout and then exit. Optionally, E<.Cm " "Match> rules may be applied by specifying the connection parameters using " "one or more E<.Fl C> options." msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "After this, the client either requests an interactive shell or execution or " "a non-interactive command, which E<.Nm> will execute via the user's shell " "using its E<.Fl c> option. The sides then enter session mode. In this " "mode, either side may send data at any time, and such data is forwarded to/" "from the shell or command on the server side, and the user terminal in the " "client side." msgstr "" #. type: It #: debian-bookworm debian-unstable #, no-wrap msgid "Pa /etc/hosts.allow" msgstr "" #. type: It #: debian-bookworm debian-unstable #, no-wrap msgid "Pa /etc/hosts.deny" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Access controls that should be enforced by tcp-wrappers are defined here. " "Further details are described in E<.Xr hosts_access 5>." msgstr "" #. type: It #: debian-bookworm debian-unstable #, no-wrap msgid "Pa /run/sshd" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "E<.Xr scp 1>, E<.Xr sftp 1>, E<.Xr ssh 1>, E<.Xr ssh-add 1>, E<.Xr ssh-agent " "1>, E<.Xr ssh-keygen 1>, E<.Xr ssh-keyscan 1>, E<.Xr chroot 2>, E<.Xr " "hosts_access 5>, E<.Xr moduli 5>, E<.Xr sshd_config 5>, E<.Xr inetd 8>, E<." "Xr sftp-server 8>" msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "Finally, the server and the client enter an authentication dialog. The " "client tries to authenticate itself using host-based authentication, public " "key authentication, GSSAPI authentication, challenge-response " "authentication, or password authentication." msgstr "" #. type: It #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "Pa ~/.k5login" msgstr "" #. type: It #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "Pa ~/.k5users" msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "These files enforce GSSAPI/Kerberos authentication access control. Further " "details are described in E<.Xr ksu 1>. The location of the k5login file " "depends on the configuration option E<.Cm k5login_directory> in the E<.Xr " "krb5.conf 5>." msgstr "" #. type: It #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "Pa /usr/share/empty.sshd" msgstr "" #. type: It #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "Pa /var/run/sshd.pid" msgstr "" #. type: Sh #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "IPV6" msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "IPv6 address can be used everywhere where IPv4 address. In all entries must " "be the IPv6 address enclosed in square brackets. Note: The square brackets " "are metacharacters for the shell and must be escaped in shell." msgstr "" #. type: Dd #: mageia-cauldron #, no-wrap msgid "$Mdocdate: February 10 2023 $" msgstr "" #. type: It #: opensuse-tumbleweed #, no-wrap msgid "Pa /etc/ssh/ssh/shosts.equiv" msgstr "" #. type: It #: opensuse-tumbleweed #, no-wrap msgid "Pa /var/lib/empty" msgstr "" #. type: Plain text #: opensuse-tumbleweed msgid "" "E<.Xr scp 1>, E<.Xr sftp 1>, E<.Xr ssh 1>, E<.Xr ssh-add 1>, E<.Xr ssh-agent " "1>, E<.Xr ssh-keygen 1>, E<.Xr ssh-keyscan 1>, E<.Xr chroot 2>, E<.Xr login." "defs 5>, E<.Xr moduli 5>, E<.Xr sshd_config 5>, E<.Xr inetd 8>, E<.Xr sftp-" "server 8>" msgstr ""