diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:40:04 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:40:04 +0000 |
commit | 25505898530a333011f4fd5cbc841ad6b26c089c (patch) | |
tree | 333a33fdd60930bcccc3f177ed9467d535e9bac6 /sshd_config | |
parent | Initial commit. (diff) | |
download | openssh-25505898530a333011f4fd5cbc841ad6b26c089c.tar.xz openssh-25505898530a333011f4fd5cbc841ad6b26c089c.zip |
Adding upstream version 1:9.2p1.upstream/1%9.2p1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | sshd_config | 116 | ||||
-rw-r--r-- | sshd_config.0 | 1278 | ||||
-rw-r--r-- | sshd_config.5 | 2082 |
3 files changed, 3476 insertions, 0 deletions
diff --git a/sshd_config b/sshd_config new file mode 100644 index 0000000..36894ac --- /dev/null +++ b/sshd_config @@ -0,0 +1,116 @@ +# $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin + +# The strategy used for options in the default sshd_config shipped with +# OpenSSH is to specify options with their default value where +# possible, but leave them commented. Uncommented options override the +# default value. + +#Port 22 +#AddressFamily any +#ListenAddress 0.0.0.0 +#ListenAddress :: + +#HostKey /etc/ssh/ssh_host_rsa_key +#HostKey /etc/ssh/ssh_host_ecdsa_key +#HostKey /etc/ssh/ssh_host_ed25519_key + +# Ciphers and keying +#RekeyLimit default none + +# Logging +#SyslogFacility AUTH +#LogLevel INFO + +# Authentication: + +#LoginGraceTime 2m +#PermitRootLogin prohibit-password +#StrictModes yes +#MaxAuthTries 6 +#MaxSessions 10 + +#PubkeyAuthentication yes + +# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2 +# but this is overridden so installations will only check .ssh/authorized_keys +AuthorizedKeysFile .ssh/authorized_keys + +#AuthorizedPrincipalsFile none + +#AuthorizedKeysCommand none +#AuthorizedKeysCommandUser nobody + +# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts +#HostbasedAuthentication no +# Change to yes if you don't trust ~/.ssh/known_hosts for +# HostbasedAuthentication +#IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes + +# To disable tunneled clear text passwords, change to no here! +#PasswordAuthentication yes +#PermitEmptyPasswords no + +# Change to no to disable s/key passwords +#KbdInteractiveAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes +#KerberosGetAFSToken no + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the KbdInteractiveAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via KbdInteractiveAuthentication may bypass +# the setting of "PermitRootLogin prohibit-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and KbdInteractiveAuthentication to 'no'. +#UsePAM no + +#AllowAgentForwarding yes +#AllowTcpForwarding yes +#GatewayPorts no +#X11Forwarding no +#X11DisplayOffset 10 +#X11UseLocalhost yes +#PermitTTY yes +#PrintMotd yes +#PrintLastLog yes +#TCPKeepAlive yes +#PermitUserEnvironment no +#Compression delayed +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS no +#PidFile /var/run/sshd.pid +#MaxStartups 10:30:100 +#PermitTunnel no +#ChrootDirectory none +#VersionAddendum none + +# no default banner path +#Banner none + +# override default of no subsystems +Subsystem sftp /usr/libexec/sftp-server + +# Example of overriding settings on a per-user basis +#Match User anoncvs +# X11Forwarding no +# AllowTcpForwarding no +# PermitTTY no +# ForceCommand cvs server diff --git a/sshd_config.0 b/sshd_config.0 new file mode 100644 index 0000000..b0bb6f9 --- /dev/null +++ b/sshd_config.0 @@ -0,0 +1,1278 @@ +SSHD_CONFIG(5) File Formats Manual SSHD_CONFIG(5) + +NAME + sshd_config M-bM-^@M-^S OpenSSH daemon configuration file + +DESCRIPTION + sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file + specified with -f on the command line). The file contains keyword- + argument pairs, one per line. For each keyword, the first obtained value + will be used. Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines are interpreted as + comments. Arguments may optionally be enclosed in double quotes (") in + order to represent arguments containing spaces. + + The possible keywords and their meanings are as follows (note that + keywords are case-insensitive and arguments are case-sensitive): + + AcceptEnv + Specifies what environment variables sent by the client will be + copied into the session's environ(7). See SendEnv and SetEnv in + ssh_config(5) for how to configure the client. The TERM + environment variable is always accepted whenever the client + requests a pseudo-terminal as it is required by the protocol. + Variables are specified by name, which may contain the wildcard + characters M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y. Multiple environment variables may be + separated by whitespace or spread across multiple AcceptEnv + directives. Be warned that some environment variables could be + used to bypass restricted user environments. For this reason, + care should be taken in the use of this directive. The default + is not to accept any environment variables. + + AddressFamily + Specifies which address family should be used by sshd(8). Valid + arguments are any (the default), inet (use IPv4 only), or inet6 + (use IPv6 only). + + AllowAgentForwarding + Specifies whether ssh-agent(1) forwarding is permitted. The + default is yes. Note that disabling agent forwarding does not + improve security unless users are also denied shell access, as + they can always install their own forwarders. + + AllowGroups + This keyword can be followed by a list of group name patterns, + separated by spaces. If specified, login is allowed only for + users whose primary group or supplementary group list matches one + of the patterns. Only group names are valid; a numerical group + ID is not recognized. By default, login is allowed for all + groups. The allow/deny groups directives are processed in the + following order: DenyGroups, AllowGroups. + + See PATTERNS in ssh_config(5) for more information on patterns. + + AllowStreamLocalForwarding + Specifies whether StreamLocal (Unix-domain socket) forwarding is + permitted. The available options are yes (the default) or all to + allow StreamLocal forwarding, no to prevent all StreamLocal + forwarding, local to allow local (from the perspective of ssh(1)) + forwarding only or remote to allow remote forwarding only. Note + that disabling StreamLocal forwarding does not improve security + unless users are also denied shell access, as they can always + install their own forwarders. + + AllowTcpForwarding + Specifies whether TCP forwarding is permitted. The available + options are yes (the default) or all to allow TCP forwarding, no + to prevent all TCP forwarding, local to allow local (from the + perspective of ssh(1)) forwarding only or remote to allow remote + forwarding only. Note that disabling TCP forwarding does not + improve security unless users are also denied shell access, as + they can always install their own forwarders. + + AllowUsers + This keyword can be followed by a list of user name patterns, + separated by spaces. If specified, login is allowed only for + user names that match one of the patterns. Only user names are + valid; a numerical user ID is not recognized. By default, login + is allowed for all users. If the pattern takes the form + USER@HOST then USER and HOST are separately checked, restricting + logins to particular users from particular hosts. HOST criteria + may additionally contain addresses to match in CIDR + address/masklen format. The allow/deny users directives are + processed in the following order: DenyUsers, AllowUsers. + + See PATTERNS in ssh_config(5) for more information on patterns. + + AuthenticationMethods + Specifies the authentication methods that must be successfully + completed for a user to be granted access. This option must be + followed by one or more lists of comma-separated authentication + method names, or by the single string any to indicate the default + behaviour of accepting any single authentication method. If the + default is overridden, then successful authentication requires + completion of every method in at least one of these lists. + + For example, "publickey,password publickey,keyboard-interactive" + would require the user to complete public key authentication, + followed by either password or keyboard interactive + authentication. Only methods that are next in one or more lists + are offered at each stage, so for this example it would not be + possible to attempt password or keyboard-interactive + authentication before public key. + + For keyboard interactive authentication it is also possible to + restrict authentication to a specific device by appending a colon + followed by the device identifier bsdauth or pam. depending on + the server configuration. For example, + "keyboard-interactive:bsdauth" would restrict keyboard + interactive authentication to the bsdauth device. + + If the publickey method is listed more than once, sshd(8) + verifies that keys that have been used successfully are not + reused for subsequent authentications. For example, + "publickey,publickey" requires successful authentication using + two different public keys. + + Note that each authentication method listed should also be + explicitly enabled in the configuration. + + The available authentication methods are: "gssapi-with-mic", + "hostbased", "keyboard-interactive", "none" (used for access to + password-less accounts when PermitEmptyPasswords is enabled), + "password" and "publickey". + + AuthorizedKeysCommand + Specifies a program to be used to look up the user's public keys. + The program must be owned by root, not writable by group or + others and specified by an absolute path. Arguments to + AuthorizedKeysCommand accept the tokens described in the TOKENS + section. If no arguments are specified then the username of the + target user is used. + + The program should produce on standard output zero or more lines + of authorized_keys output (see AUTHORIZED_KEYS in sshd(8)). + AuthorizedKeysCommand is tried after the usual AuthorizedKeysFile + files and will not be executed if a matching key is found there. + By default, no AuthorizedKeysCommand is run. + + AuthorizedKeysCommandUser + Specifies the user under whose account the AuthorizedKeysCommand + is run. It is recommended to use a dedicated user that has no + other role on the host than running authorized keys commands. If + AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser + is not, then sshd(8) will refuse to start. + + AuthorizedKeysFile + Specifies the file that contains the public keys used for user + authentication. The format is described in the AUTHORIZED_KEYS + FILE FORMAT section of sshd(8). Arguments to AuthorizedKeysFile + accept the tokens described in the TOKENS section. After + expansion, AuthorizedKeysFile is taken to be an absolute path or + one relative to the user's home directory. Multiple files may be + listed, separated by whitespace. Alternately this option may be + set to none to skip checking for user keys in files. The default + is ".ssh/authorized_keys .ssh/authorized_keys2". + + AuthorizedPrincipalsCommand + Specifies a program to be used to generate the list of allowed + certificate principals as per AuthorizedPrincipalsFile. The + program must be owned by root, not writable by group or others + and specified by an absolute path. Arguments to + AuthorizedPrincipalsCommand accept the tokens described in the + TOKENS section. If no arguments are specified then the username + of the target user is used. + + The program should produce on standard output zero or more lines + of AuthorizedPrincipalsFile output. If either + AuthorizedPrincipalsCommand or AuthorizedPrincipalsFile is + specified, then certificates offered by the client for + authentication must contain a principal that is listed. By + default, no AuthorizedPrincipalsCommand is run. + + AuthorizedPrincipalsCommandUser + Specifies the user under whose account the + AuthorizedPrincipalsCommand is run. It is recommended to use a + dedicated user that has no other role on the host than running + authorized principals commands. If AuthorizedPrincipalsCommand + is specified but AuthorizedPrincipalsCommandUser is not, then + sshd(8) will refuse to start. + + AuthorizedPrincipalsFile + Specifies a file that lists principal names that are accepted for + certificate authentication. When using certificates signed by a + key listed in TrustedUserCAKeys, this file lists names, one of + which must appear in the certificate for it to be accepted for + authentication. Names are listed one per line preceded by key + options (as described in AUTHORIZED_KEYS FILE FORMAT in sshd(8)). + Empty lines and comments starting with M-bM-^@M-^X#M-bM-^@M-^Y are ignored. + + Arguments to AuthorizedPrincipalsFile accept the tokens described + in the TOKENS section. After expansion, AuthorizedPrincipalsFile + is taken to be an absolute path or one relative to the user's + home directory. The default is none, i.e. not to use a + principals file M-bM-^@M-^S in this case, the username of the user must + appear in a certificate's principals list for it to be accepted. + + Note that AuthorizedPrincipalsFile is only used when + authentication proceeds using a CA listed in TrustedUserCAKeys + and is not consulted for certification authorities trusted via + ~/.ssh/authorized_keys, though the principals= key option offers + a similar facility (see sshd(8) for details). + + Banner The contents of the specified file are sent to the remote user + before authentication is allowed. If the argument is none then + no banner is displayed. By default, no banner is displayed. + + CASignatureAlgorithms + Specifies which algorithms are allowed for signing of + certificates by certificate authorities (CAs). The default is: + + ssh-ed25519,ecdsa-sha2-nistp256, + ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, + sk-ssh-ed25519@openssh.com, + sk-ecdsa-sha2-nistp256@openssh.com, + rsa-sha2-512,rsa-sha2-256 + + If the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the + specified algorithms will be appended to the default set instead + of replacing them. If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y + character, then the specified algorithms (including wildcards) + will be removed from the default set instead of replacing them. + + Certificates signed using other algorithms will not be accepted + for public key or host-based authentication. + + ChannelTimeout + Specifies whether and how quickly sshd(8) should close inactive + channels. Timeouts are specified as one or more M-bM-^@M-^\type=intervalM-bM-^@M-^] + pairs separated by whitespace, where the M-bM-^@M-^\typeM-bM-^@M-^] must be a channel + type name (as described in the table below), optionally + containing wildcard characters. + + The timeout value M-bM-^@M-^\intervalM-bM-^@M-^] is specified in seconds or may use + any of the units documented in the TIME FORMATS section. For + example, M-bM-^@M-^\session:*=5mM-bM-^@M-^] would cause all sessions to terminate + after five minutes of inactivity. Specifying a zero value + disables the inactivity timeout. + + The available channel types include: + + agent-connection + Open connections to ssh-agent(1). + + direct-tcpip, direct-streamlocal@openssh.com + Open TCP or Unix socket (respectively) connections that + have been established from a ssh(1) local forwarding, + i.e. LocalForward or DynamicForward. + + forwarded-tcpip, forwarded-streamlocal@openssh.com + Open TCP or Unix socket (respectively) connections that + have been established to a sshd(8) listening on behalf of + a ssh(1) remote forwarding, i.e. RemoteForward. + + session:command + Command execution sessions. + + session:shell + Interactive shell sessions. + + session:subsystem:... + Subsystem sessions, e.g. for sftp(1), which could be + identified as session:subsystem:sftp. + + x11-connection + Open X11 forwarding sessions. + + Note that in all the above cases, terminating an inactive session + does not guarantee to remove all resources associated with the + session, e.g. shell processes or X11 clients relating to the + session may continue to execute. + + Moreover, terminating an inactive channel or session does not + necessarily close the SSH connection, nor does it prevent a + client from requesting another channel of the same type. In + particular, expiring an inactive forwarding session does not + prevent another identical forwarding from being subsequently + created. See also UnusedConnectionTimeout, which may be used in + conjunction with this option. + + The default is not to expire channels of any type for inactivity. + + ChrootDirectory + Specifies the pathname of a directory to chroot(2) to after + authentication. At session startup sshd(8) checks that all + components of the pathname are root-owned directories which are + not writable by any other user or group. After the chroot, + sshd(8) changes the working directory to the user's home + directory. Arguments to ChrootDirectory accept the tokens + described in the TOKENS section. + + The ChrootDirectory must contain the necessary files and + directories to support the user's session. For an interactive + session this requires at least a shell, typically sh(1), and + basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4), + stderr(4), and tty(4) devices. For file transfer sessions using + SFTP no additional configuration of the environment is necessary + if the in-process sftp-server is used, though sessions which use + logging may require /dev/log inside the chroot directory on some + operating systems (see sftp-server(8) for details). + + For safety, it is very important that the directory hierarchy be + prevented from modification by other processes on the system + (especially those outside the jail). Misconfiguration can lead + to unsafe environments which sshd(8) cannot detect. + + The default is none, indicating not to chroot(2). + + Ciphers + Specifies the ciphers allowed. Multiple ciphers must be comma- + separated. If the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, + then the specified ciphers will be appended to the default set + instead of replacing them. If the specified list begins with a + M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified ciphers (including wildcards) + will be removed from the default set instead of replacing them. + If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the + specified ciphers will be placed at the head of the default set. + + The supported ciphers are: + + 3des-cbc + aes128-cbc + aes192-cbc + aes256-cbc + aes128-ctr + aes192-ctr + aes256-ctr + aes128-gcm@openssh.com + aes256-gcm@openssh.com + chacha20-poly1305@openssh.com + + The default is: + + chacha20-poly1305@openssh.com, + aes128-ctr,aes192-ctr,aes256-ctr, + aes128-gcm@openssh.com,aes256-gcm@openssh.com + + The list of available ciphers may also be obtained using "ssh -Q + cipher". + + ClientAliveCountMax + Sets the number of client alive messages which may be sent + without sshd(8) receiving any messages back from the client. If + this threshold is reached while client alive messages are being + sent, sshd will disconnect the client, terminating the session. + It is important to note that the use of client alive messages is + very different from TCPKeepAlive. The client alive messages are + sent through the encrypted channel and therefore will not be + spoofable. The TCP keepalive option enabled by TCPKeepAlive is + spoofable. The client alive mechanism is valuable when the + client or server depend on knowing when a connection has become + unresponsive. + + The default value is 3. If ClientAliveInterval is set to 15, and + ClientAliveCountMax is left at the default, unresponsive SSH + clients will be disconnected after approximately 45 seconds. + Setting a zero ClientAliveCountMax disables connection + termination. + + ClientAliveInterval + Sets a timeout interval in seconds after which if no data has + been received from the client, sshd(8) will send a message + through the encrypted channel to request a response from the + client. The default is 0, indicating that these messages will + not be sent to the client. + + Compression + Specifies whether compression is enabled after the user has + authenticated successfully. The argument must be yes, delayed (a + legacy synonym for yes) or no. The default is yes. + + DenyGroups + This keyword can be followed by a list of group name patterns, + separated by spaces. Login is disallowed for users whose primary + group or supplementary group list matches one of the patterns. + Only group names are valid; a numerical group ID is not + recognized. By default, login is allowed for all groups. The + allow/deny groups directives are processed in the following + order: DenyGroups, AllowGroups. + + See PATTERNS in ssh_config(5) for more information on patterns. + + DenyUsers + This keyword can be followed by a list of user name patterns, + separated by spaces. Login is disallowed for user names that + match one of the patterns. Only user names are valid; a + numerical user ID is not recognized. By default, login is + allowed for all users. If the pattern takes the form USER@HOST + then USER and HOST are separately checked, restricting logins to + particular users from particular hosts. HOST criteria may + additionally contain addresses to match in CIDR address/masklen + format. The allow/deny users directives are processed in the + following order: DenyUsers, AllowUsers. + + See PATTERNS in ssh_config(5) for more information on patterns. + + DisableForwarding + Disables all forwarding features, including X11, ssh-agent(1), + TCP and StreamLocal. This option overrides all other forwarding- + related options and may simplify restricted configurations. + + ExposeAuthInfo + Writes a temporary file containing a list of authentication + methods and public credentials (e.g. keys) used to authenticate + the user. The location of the file is exposed to the user + session through the SSH_USER_AUTH environment variable. The + default is no. + + FingerprintHash + Specifies the hash algorithm used when logging key fingerprints. + Valid options are: md5 and sha256. The default is sha256. + + ForceCommand + Forces the execution of the command specified by ForceCommand, + ignoring any command supplied by the client and ~/.ssh/rc if + present. The command is invoked by using the user's login shell + with the -c option. This applies to shell, command, or subsystem + execution. It is most useful inside a Match block. The command + originally supplied by the client is available in the + SSH_ORIGINAL_COMMAND environment variable. Specifying a command + of internal-sftp will force the use of an in-process SFTP server + that requires no support files when used with ChrootDirectory. + The default is none. + + GatewayPorts + Specifies whether remote hosts are allowed to connect to ports + forwarded for the client. By default, sshd(8) binds remote port + forwardings to the loopback address. This prevents other remote + hosts from connecting to forwarded ports. GatewayPorts can be + used to specify that sshd should allow remote port forwardings to + bind to non-loopback addresses, thus allowing other hosts to + connect. The argument may be no to force remote port forwardings + to be available to the local host only, yes to force remote port + forwardings to bind to the wildcard address, or clientspecified + to allow the client to select the address to which the forwarding + is bound. The default is no. + + GSSAPIAuthentication + Specifies whether user authentication based on GSSAPI is allowed. + The default is no. + + GSSAPICleanupCredentials + Specifies whether to automatically destroy the user's credentials + cache on logout. The default is yes. + + GSSAPIStrictAcceptorCheck + Determines whether to be strict about the identity of the GSSAPI + acceptor a client authenticates against. If set to yes then the + client must authenticate against the host service on the current + hostname. If set to no then the client may authenticate against + any service key stored in the machine's default store. This + facility is provided to assist with operation on multi homed + machines. The default is yes. + + HostbasedAcceptedAlgorithms + Specifies the signature algorithms that will be accepted for + hostbased authentication as a list of comma-separated patterns. + Alternately if the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, + then the specified signature algorithms will be appended to the + default set instead of replacing them. If the specified list + begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified signature + algorithms (including wildcards) will be removed from the default + set instead of replacing them. If the specified list begins with + a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified signature algorithms will be + placed at the head of the default set. The default for this + option is: + + ssh-ed25519-cert-v01@openssh.com, + ecdsa-sha2-nistp256-cert-v01@openssh.com, + ecdsa-sha2-nistp384-cert-v01@openssh.com, + ecdsa-sha2-nistp521-cert-v01@openssh.com, + sk-ssh-ed25519-cert-v01@openssh.com, + sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, + rsa-sha2-512-cert-v01@openssh.com, + rsa-sha2-256-cert-v01@openssh.com, + ssh-ed25519, + ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, + sk-ssh-ed25519@openssh.com, + sk-ecdsa-sha2-nistp256@openssh.com, + rsa-sha2-512,rsa-sha2-256 + + The list of available signature algorithms may also be obtained + using "ssh -Q HostbasedAcceptedAlgorithms". This was formerly + named HostbasedAcceptedKeyTypes. + + HostbasedAuthentication + Specifies whether rhosts or /etc/hosts.equiv authentication + together with successful public key client host authentication is + allowed (host-based authentication). The default is no. + + HostbasedUsesNameFromPacketOnly + Specifies whether or not the server will attempt to perform a + reverse name lookup when matching the name in the ~/.shosts, + ~/.rhosts, and /etc/hosts.equiv files during + HostbasedAuthentication. A setting of yes means that sshd(8) + uses the name supplied by the client rather than attempting to + resolve the name from the TCP connection itself. The default is + no. + + HostCertificate + Specifies a file containing a public host certificate. The + certificate's public key must match a private host key already + specified by HostKey. The default behaviour of sshd(8) is not to + load any certificates. + + HostKey + Specifies a file containing a private host key used by SSH. The + defaults are /etc/ssh/ssh_host_ecdsa_key, + /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key. + + Note that sshd(8) will refuse to use a file if it is group/world- + accessible and that the HostKeyAlgorithms option restricts which + of the keys are actually used by sshd(8). + + It is possible to have multiple host key files. It is also + possible to specify public host key files instead. In this case + operations on the private key will be delegated to an + ssh-agent(1). + + HostKeyAgent + Identifies the UNIX-domain socket used to communicate with an + agent that has access to the private host keys. If the string + "SSH_AUTH_SOCK" is specified, the location of the socket will be + read from the SSH_AUTH_SOCK environment variable. + + HostKeyAlgorithms + Specifies the host key signature algorithms that the server + offers. The default for this option is: + + ssh-ed25519-cert-v01@openssh.com, + ecdsa-sha2-nistp256-cert-v01@openssh.com, + ecdsa-sha2-nistp384-cert-v01@openssh.com, + ecdsa-sha2-nistp521-cert-v01@openssh.com, + sk-ssh-ed25519-cert-v01@openssh.com, + sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, + rsa-sha2-512-cert-v01@openssh.com, + rsa-sha2-256-cert-v01@openssh.com, + ssh-ed25519, + ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, + sk-ssh-ed25519@openssh.com, + sk-ecdsa-sha2-nistp256@openssh.com, + rsa-sha2-512,rsa-sha2-256 + + The list of available signature algorithms may also be obtained + using "ssh -Q HostKeyAlgorithms". + + IgnoreRhosts + Specifies whether to ignore per-user .rhosts and .shosts files + during HostbasedAuthentication. The system-wide /etc/hosts.equiv + and /etc/shosts.equiv are still used regardless of this setting. + + Accepted values are yes (the default) to ignore all per-user + files, shosts-only to allow the use of .shosts but to ignore + .rhosts or no to allow both .shosts and rhosts. + + IgnoreUserKnownHosts + Specifies whether sshd(8) should ignore the user's + ~/.ssh/known_hosts during HostbasedAuthentication and use only + the system-wide known hosts file /etc/ssh/ssh_known_hosts. The + default is M-bM-^@M-^\noM-bM-^@M-^]. + + Include + Include the specified configuration file(s). Multiple pathnames + may be specified and each pathname may contain glob(7) wildcards + that will be expanded and processed in lexical order. Files + without absolute paths are assumed to be in /etc/ssh. An Include + directive may appear inside a Match block to perform conditional + inclusion. + + IPQoS Specifies the IPv4 type-of-service or DSCP class for the + connection. Accepted values are af11, af12, af13, af21, af22, + af23, af31, af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, + cs4, cs5, cs6, cs7, ef, le, lowdelay, throughput, reliability, a + numeric value, or none to use the operating system default. This + option may take one or two arguments, separated by whitespace. + If one argument is specified, it is used as the packet class + unconditionally. If two values are specified, the first is + automatically selected for interactive sessions and the second + for non-interactive sessions. The default is af21 (Low-Latency + Data) for interactive sessions and cs1 (Lower Effort) for non- + interactive sessions. + + KbdInteractiveAuthentication + Specifies whether to allow keyboard-interactive authentication. + All authentication styles from login.conf(5) are supported. The + default is yes. The argument to this keyword must be yes or no. + ChallengeResponseAuthentication is a deprecated alias for this. + + KerberosAuthentication + Specifies whether the password provided by the user for + PasswordAuthentication will be validated through the Kerberos + KDC. To use this option, the server needs a Kerberos servtab + which allows the verification of the KDC's identity. The default + is no. + + KerberosGetAFSToken + If AFS is active and the user has a Kerberos 5 TGT, attempt to + acquire an AFS token before accessing the user's home directory. + The default is no. + + KerberosOrLocalPasswd + If password authentication through Kerberos fails then the + password will be validated via any additional local mechanism + such as /etc/passwd. The default is yes. + + KerberosTicketCleanup + Specifies whether to automatically destroy the user's ticket + cache file on logout. The default is yes. + + KexAlgorithms + Specifies the available KEX (Key Exchange) algorithms. Multiple + algorithms must be comma-separated. Alternately if the specified + list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified algorithms + will be appended to the default set instead of replacing them. + If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the + specified algorithms (including wildcards) will be removed from + the default set instead of replacing them. If the specified list + begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the specified algorithms will + be placed at the head of the default set. The supported + algorithms are: + + curve25519-sha256 + curve25519-sha256@libssh.org + diffie-hellman-group1-sha1 + diffie-hellman-group14-sha1 + diffie-hellman-group14-sha256 + diffie-hellman-group16-sha512 + diffie-hellman-group18-sha512 + diffie-hellman-group-exchange-sha1 + diffie-hellman-group-exchange-sha256 + ecdh-sha2-nistp256 + ecdh-sha2-nistp384 + ecdh-sha2-nistp521 + sntrup761x25519-sha512@openssh.com + + The default is: + + sntrup761x25519-sha512@openssh.com, + curve25519-sha256,curve25519-sha256@libssh.org, + ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, + diffie-hellman-group-exchange-sha256, + diffie-hellman-group16-sha512,diffie-hellman-group18-sha512, + diffie-hellman-group14-sha256 + + The list of available key exchange algorithms may also be + obtained using "ssh -Q KexAlgorithms". + + ListenAddress + Specifies the local addresses sshd(8) should listen on. The + following forms may be used: + + ListenAddress hostname|address [rdomain domain] + ListenAddress hostname:port [rdomain domain] + ListenAddress IPv4_address:port [rdomain domain] + ListenAddress [hostname|address]:port [rdomain domain] + + The optional rdomain qualifier requests sshd(8) listen in an + explicit routing domain. If port is not specified, sshd will + listen on the address and all Port options specified. The + default is to listen on all local addresses on the current + default routing domain. Multiple ListenAddress options are + permitted. For more information on routing domains, see + rdomain(4). + + LoginGraceTime + The server disconnects after this time if the user has not + successfully logged in. If the value is 0, there is no time + limit. The default is 120 seconds. + + LogLevel + Gives the verbosity level that is used when logging messages from + sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO, + VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. + DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify + higher levels of debugging output. Logging with a DEBUG level + violates the privacy of users and is not recommended. + + LogVerbose + Specify one or more overrides to LogLevel. An override consists + of a pattern lists that matches the source file, function and + line number to force detailed logging for. For example, an + override pattern of: + + kex.c:*:1000,*:kex_exchange_identification():*,packet.c:* + + would enable detailed logging for line 1000 of kex.c, everything + in the kex_exchange_identification() function, and all code in + the packet.c file. This option is intended for debugging and no + overrides are enabled by default. + + MACs Specifies the available MAC (message authentication code) + algorithms. The MAC algorithm is used for data integrity + protection. Multiple algorithms must be comma-separated. If the + specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified + algorithms will be appended to the default set instead of + replacing them. If the specified list begins with a M-bM-^@M-^X-M-bM-^@M-^Y + character, then the specified algorithms (including wildcards) + will be removed from the default set instead of replacing them. + If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y character, then the + specified algorithms will be placed at the head of the default + set. + + The algorithms that contain "-etm" calculate the MAC after + encryption (encrypt-then-mac). These are considered safer and + their use recommended. The supported MACs are: + + hmac-md5 + hmac-md5-96 + hmac-sha1 + hmac-sha1-96 + hmac-sha2-256 + hmac-sha2-512 + umac-64@openssh.com + umac-128@openssh.com + hmac-md5-etm@openssh.com + hmac-md5-96-etm@openssh.com + hmac-sha1-etm@openssh.com + hmac-sha1-96-etm@openssh.com + hmac-sha2-256-etm@openssh.com + hmac-sha2-512-etm@openssh.com + umac-64-etm@openssh.com + umac-128-etm@openssh.com + + The default is: + + umac-64-etm@openssh.com,umac-128-etm@openssh.com, + hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, + hmac-sha1-etm@openssh.com, + umac-64@openssh.com,umac-128@openssh.com, + hmac-sha2-256,hmac-sha2-512,hmac-sha1 + + The list of available MAC algorithms may also be obtained using + "ssh -Q mac". + + Match Introduces a conditional block. If all of the criteria on the + Match line are satisfied, the keywords on the following lines + override those set in the global section of the config file, + until either another Match line or the end of the file. If a + keyword appears in multiple Match blocks that are satisfied, only + the first instance of the keyword is applied. + + The arguments to Match are one or more criteria-pattern pairs or + the single token All which matches all criteria. The available + criteria are User, Group, Host, LocalAddress, LocalPort, RDomain, + and Address (with RDomain representing the rdomain(4) on which + the connection was received). + + The match patterns may consist of single entries or comma- + separated lists and may use the wildcard and negation operators + described in the PATTERNS section of ssh_config(5). + + The patterns in an Address criteria may additionally contain + addresses to match in CIDR address/masklen format, such as + 192.0.2.0/24 or 2001:db8::/32. Note that the mask length + provided must be consistent with the address - it is an error to + specify a mask length that is too long for the address or one + with bits set in this host portion of the address. For example, + 192.0.2.0/33 and 192.0.2.0/8, respectively. + + Only a subset of keywords may be used on the lines following a + Match keyword. Available keywords are AcceptEnv, + AllowAgentForwarding, AllowGroups, AllowStreamLocalForwarding, + AllowTcpForwarding, AllowUsers, AuthenticationMethods, + AuthorizedKeysCommand, AuthorizedKeysCommandUser, + AuthorizedKeysFile, AuthorizedPrincipalsCommand, + AuthorizedPrincipalsCommandUser, AuthorizedPrincipalsFile, + Banner, CASignatureAlgorithms, ChannelTimeout, ChrootDirectory, + ClientAliveCountMax, ClientAliveInterval, DenyGroups, DenyUsers, + DisableForwarding, ExposeAuthInfo, ForceCommand, GatewayPorts, + GSSAPIAuthentication, HostbasedAcceptedAlgorithms, + HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, + IgnoreRhosts, Include, IPQoS, KbdInteractiveAuthentication, + KerberosAuthentication, LogLevel, MaxAuthTries, MaxSessions, + PasswordAuthentication, PermitEmptyPasswords, PermitListen, + PermitOpen, PermitRootLogin, PermitTTY, PermitTunnel, + PermitUserRC, PubkeyAcceptedAlgorithms, PubkeyAuthentication, + PubkeyAuthOptions, RekeyLimit, RevokedKeys, RDomain, SetEnv, + StreamLocalBindMask, StreamLocalBindUnlink, TrustedUserCAKeys, + UnusedConnectionTimeout, X11DisplayOffset, X11Forwarding and + X11UseLocalhost. + + MaxAuthTries + Specifies the maximum number of authentication attempts permitted + per connection. Once the number of failures reaches half this + value, additional failures are logged. The default is 6. + + MaxSessions + Specifies the maximum number of open shell, login or subsystem + (e.g. sftp) sessions permitted per network connection. Multiple + sessions may be established by clients that support connection + multiplexing. Setting MaxSessions to 1 will effectively disable + session multiplexing, whereas setting it to 0 will prevent all + shell, login and subsystem sessions while still permitting + forwarding. The default is 10. + + MaxStartups + Specifies the maximum number of concurrent unauthenticated + connections to the SSH daemon. Additional connections will be + dropped until authentication succeeds or the LoginGraceTime + expires for a connection. The default is 10:30:100. + + Alternatively, random early drop can be enabled by specifying the + three colon separated values start:rate:full (e.g. "10:30:60"). + sshd(8) will refuse connection attempts with a probability of + rate/100 (30%) if there are currently start (10) unauthenticated + connections. The probability increases linearly and all + connection attempts are refused if the number of unauthenticated + connections reaches full (60). + + ModuliFile + Specifies the moduli(5) file that contains the Diffie-Hellman + groups used for the M-bM-^@M-^\diffie-hellman-group-exchange-sha1M-bM-^@M-^] and + M-bM-^@M-^\diffie-hellman-group-exchange-sha256M-bM-^@M-^] key exchange methods. The + default is /etc/moduli. + + PasswordAuthentication + Specifies whether password authentication is allowed. The + default is yes. + + PermitEmptyPasswords + When password authentication is allowed, it specifies whether the + server allows login to accounts with empty password strings. The + default is no. + + PermitListen + Specifies the addresses/ports on which a remote TCP port + forwarding may listen. The listen specification must be one of + the following forms: + + PermitListen port + PermitListen host:port + + Multiple permissions may be specified by separating them with + whitespace. An argument of any can be used to remove all + restrictions and permit any listen requests. An argument of none + can be used to prohibit all listen requests. The host name may + contain wildcards as described in the PATTERNS section in + ssh_config(5). The wildcard M-bM-^@M-^X*M-bM-^@M-^Y can also be used in place of a + port number to allow all ports. By default all port forwarding + listen requests are permitted. Note that the GatewayPorts option + may further restrict which addresses may be listened on. Note + also that ssh(1) will request a listen host of M-bM-^@M-^\localhostM-bM-^@M-^] if no + listen host was specifically requested, and this name is treated + differently to explicit localhost addresses of M-bM-^@M-^\127.0.0.1M-bM-^@M-^] and + M-bM-^@M-^\::1M-bM-^@M-^]. + + PermitOpen + Specifies the destinations to which TCP port forwarding is + permitted. The forwarding specification must be one of the + following forms: + + PermitOpen host:port + PermitOpen IPv4_addr:port + PermitOpen [IPv6_addr]:port + + Multiple forwards may be specified by separating them with + whitespace. An argument of any can be used to remove all + restrictions and permit any forwarding requests. An argument of + none can be used to prohibit all forwarding requests. The + wildcard M-bM-^@M-^X*M-bM-^@M-^Y can be used for host or port to allow all hosts or + ports respectively. Otherwise, no pattern matching or address + lookups are performed on supplied names. By default all port + forwarding requests are permitted. + + PermitRootLogin + Specifies whether root can log in using ssh(1). The argument + must be yes, prohibit-password, forced-commands-only, or no. The + default is prohibit-password. + + If this option is set to prohibit-password (or its deprecated + alias, without-password), password and keyboard-interactive + authentication are disabled for root. + + If this option is set to forced-commands-only, root login with + public key authentication will be allowed, but only if the + command option has been specified (which may be useful for taking + remote backups even if root login is normally not allowed). All + other authentication methods are disabled for root. + + If this option is set to no, root is not allowed to log in. + + PermitTTY + Specifies whether pty(4) allocation is permitted. The default is + yes. + + PermitTunnel + Specifies whether tun(4) device forwarding is allowed. The + argument must be yes, point-to-point (layer 3), ethernet (layer + 2), or no. Specifying yes permits both point-to-point and + ethernet. The default is no. + + Independent of this setting, the permissions of the selected + tun(4) device must allow access to the user. + + PermitUserEnvironment + Specifies whether ~/.ssh/environment and environment= options in + ~/.ssh/authorized_keys are processed by sshd(8). Valid options + are yes, no or a pattern-list specifying which environment + variable names to accept (for example "LANG,LC_*"). The default + is no. Enabling environment processing may enable users to + bypass access restrictions in some configurations using + mechanisms such as LD_PRELOAD. + + PermitUserRC + Specifies whether any ~/.ssh/rc file is executed. The default is + yes. + + PerSourceMaxStartups + Specifies the number of unauthenticated connections allowed from + a given source address, or M-bM-^@M-^\noneM-bM-^@M-^] if there is no limit. This + limit is applied in addition to MaxStartups, whichever is lower. + The default is none. + + PerSourceNetBlockSize + Specifies the number of bits of source address that are grouped + together for the purposes of applying PerSourceMaxStartups + limits. Values for IPv4 and optionally IPv6 may be specified, + separated by a colon. The default is 32:128, which means each + address is considered individually. + + PidFile + Specifies the file that contains the process ID of the SSH + daemon, or none to not write one. The default is + /var/run/sshd.pid. + + Port Specifies the port number that sshd(8) listens on. The default + is 22. Multiple options of this type are permitted. See also + ListenAddress. + + PrintLastLog + Specifies whether sshd(8) should print the date and time of the + last user login when a user logs in interactively. The default + is yes. + + PrintMotd + Specifies whether sshd(8) should print /etc/motd when a user logs + in interactively. (On some systems it is also printed by the + shell, /etc/profile, or equivalent.) The default is yes. + + PubkeyAcceptedAlgorithms + Specifies the signature algorithms that will be accepted for + public key authentication as a list of comma-separated patterns. + Alternately if the specified list begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, + then the specified algorithms will be appended to the default set + instead of replacing them. If the specified list begins with a + M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified algorithms (including + wildcards) will be removed from the default set instead of + replacing them. If the specified list begins with a M-bM-^@M-^X^M-bM-^@M-^Y + character, then the specified algorithms will be placed at the + head of the default set. The default for this option is: + + ssh-ed25519-cert-v01@openssh.com, + ecdsa-sha2-nistp256-cert-v01@openssh.com, + ecdsa-sha2-nistp384-cert-v01@openssh.com, + ecdsa-sha2-nistp521-cert-v01@openssh.com, + sk-ssh-ed25519-cert-v01@openssh.com, + sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, + rsa-sha2-512-cert-v01@openssh.com, + rsa-sha2-256-cert-v01@openssh.com, + ssh-ed25519, + ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, + sk-ssh-ed25519@openssh.com, + sk-ecdsa-sha2-nistp256@openssh.com, + rsa-sha2-512,rsa-sha2-256 + + The list of available signature algorithms may also be obtained + using "ssh -Q PubkeyAcceptedAlgorithms". + + PubkeyAuthOptions + Sets one or more public key authentication options. The + supported keywords are: none (the default; indicating no + additional options are enabled), touch-required and + verify-required. + + The touch-required option causes public key authentication using + a FIDO authenticator algorithm (i.e. ecdsa-sk or ed25519-sk) to + always require the signature to attest that a physically present + user explicitly confirmed the authentication (usually by touching + the authenticator). By default, sshd(8) requires user presence + unless overridden with an authorized_keys option. The + touch-required flag disables this override. + + The verify-required option requires a FIDO key signature attest + that the user was verified, e.g. via a PIN. + + Neither the touch-required or verify-required options have any + effect for other, non-FIDO, public key types. + + PubkeyAuthentication + Specifies whether public key authentication is allowed. The + default is yes. + + RekeyLimit + Specifies the maximum amount of data that may be transmitted or + received before the session key is renegotiated, optionally + followed by a maximum amount of time that may pass before the + session key is renegotiated. The first argument is specified in + bytes and may have a suffix of M-bM-^@M-^XKM-bM-^@M-^Y, M-bM-^@M-^XMM-bM-^@M-^Y, or M-bM-^@M-^XGM-bM-^@M-^Y to indicate + Kilobytes, Megabytes, or Gigabytes, respectively. The default is + between M-bM-^@M-^X1GM-bM-^@M-^Y and M-bM-^@M-^X4GM-bM-^@M-^Y, depending on the cipher. The optional + second value is specified in seconds and may use any of the units + documented in the TIME FORMATS section. The default value for + RekeyLimit is default none, which means that rekeying is + performed after the cipher's default amount of data has been sent + or received and no time based rekeying is done. + + RequiredRSASize + Specifies the minimum RSA key size (in bits) that sshd(8) will + accept. User and host-based authentication keys smaller than + this limit will be refused. The default is 1024 bits. Note that + this limit may only be raised from the default. + + RevokedKeys + Specifies revoked public keys file, or none to not use one. Keys + listed in this file will be refused for public key + authentication. Note that if this file is not readable, then + public key authentication will be refused for all users. Keys + may be specified as a text file, listing one public key per line, + or as an OpenSSH Key Revocation List (KRL) as generated by + ssh-keygen(1). For more information on KRLs, see the KEY + REVOCATION LISTS section in ssh-keygen(1). + + RDomain + Specifies an explicit routing domain that is applied after + authentication has completed. The user session, as well as any + forwarded or listening IP sockets, will be bound to this + rdomain(4). If the routing domain is set to %D, then the domain + in which the incoming connection was received will be applied. + + SecurityKeyProvider + Specifies a path to a library that will be used when loading FIDO + authenticator-hosted keys, overriding the default of using the + built-in USB HID support. + + SetEnv Specifies one or more environment variables to set in child + sessions started by sshd(8) as M-bM-^@M-^\NAME=VALUEM-bM-^@M-^]. The environment + value may be quoted (e.g. if it contains whitespace characters). + Environment variables set by SetEnv override the default + environment and any variables specified by the user via AcceptEnv + or PermitUserEnvironment. + + StreamLocalBindMask + Sets the octal file creation mode mask (umask) used when creating + a Unix-domain socket file for local or remote port forwarding. + This option is only used for port forwarding to a Unix-domain + socket file. + + The default value is 0177, which creates a Unix-domain socket + file that is readable and writable only by the owner. Note that + not all operating systems honor the file mode on Unix-domain + socket files. + + StreamLocalBindUnlink + Specifies whether to remove an existing Unix-domain socket file + for local or remote port forwarding before creating a new one. + If the socket file already exists and StreamLocalBindUnlink is + not enabled, sshd will be unable to forward the port to the Unix- + domain socket file. This option is only used for port forwarding + to a Unix-domain socket file. + + The argument must be yes or no. The default is no. + + StrictModes + Specifies whether sshd(8) should check file modes and ownership + of the user's files and home directory before accepting login. + This is normally desirable because novices sometimes accidentally + leave their directory or files world-writable. The default is + yes. Note that this does not apply to ChrootDirectory, whose + permissions and ownership are checked unconditionally. + + Subsystem + Configures an external subsystem (e.g. file transfer daemon). + Arguments should be a subsystem name and a command (with optional + arguments) to execute upon subsystem request. + + The command sftp-server implements the SFTP file transfer + subsystem. + + Alternately the name internal-sftp implements an in-process SFTP + server. This may simplify configurations using ChrootDirectory + to force a different filesystem root on clients. + + By default no subsystems are defined. + + SyslogFacility + Gives the facility code that is used when logging messages from + sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0, + LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The + default is AUTH. + + TCPKeepAlive + Specifies whether the system should send TCP keepalive messages + to the other side. If they are sent, death of the connection or + crash of one of the machines will be properly noticed. However, + this means that connections will die if the route is down + temporarily, and some people find it annoying. On the other + hand, if TCP keepalives are not sent, sessions may hang + indefinitely on the server, leaving "ghost" users and consuming + server resources. + + The default is yes (to send TCP keepalive messages), and the + server will notice if the network goes down or the client host + crashes. This avoids infinitely hanging sessions. + + To disable TCP keepalive messages, the value should be set to no. + + TrustedUserCAKeys + Specifies a file containing public keys of certificate + authorities that are trusted to sign user certificates for + authentication, or none to not use one. Keys are listed one per + line; empty lines and comments starting with M-bM-^@M-^X#M-bM-^@M-^Y are allowed. If + a certificate is presented for authentication and has its signing + CA key listed in this file, then it may be used for + authentication for any user listed in the certificate's + principals list. Note that certificates that lack a list of + principals will not be permitted for authentication using + TrustedUserCAKeys. For more details on certificates, see the + CERTIFICATES section in ssh-keygen(1). + + UnusedConnectionTimeout + Specifies whether and how quickly sshd(8) should close client + connections with no open channels. Open channels include active + shell, command execution or subsystem sessions, connected + network, socket, agent or X11 forwardings. Forwarding listeners, + such as those from the ssh(1) -R flag, are not considered as open + channels and do not prevent the timeout. The timeout value is + specified in seconds or may use any of the units documented in + the TIME FORMATS section. + + Note that this timeout starts when the client connection + completes user authentication but before the client has an + opportunity to open any channels. Caution should be used when + using short timeout values, as they may not provide sufficient + time for the client to request and open its channels before + terminating the connection. + + The default none is to never expire connections for having no + open channels. This option may be useful in conjunction with + ChannelTimeout. + + UseDNS Specifies whether sshd(8) should look up the remote host name, + and to check that the resolved host name for the remote IP + address maps back to the very same IP address. + + If this option is set to no (the default) then only addresses and + not host names may be used in ~/.ssh/authorized_keys from and + sshd_config Match Host directives. + + UsePAM Enables the Pluggable Authentication Module interface. If set to + yes this will enable PAM authentication using + KbdInteractiveAuthentication and PasswordAuthentication in + addition to PAM account and session module processing for all + authentication types. + + Because PAM keyboard-interactive authentication usually serves an + equivalent role to password authentication, you should disable + either PasswordAuthentication or KbdInteractiveAuthentication. + + If UsePAM is enabled, you will not be able to run sshd(8) as a + non-root user. The default is no. + + VersionAddendum + Optionally specifies additional text to append to the SSH + protocol banner sent by the server upon connection. The default + is none. + + X11DisplayOffset + Specifies the first display number available for sshd(8)'s X11 + forwarding. This prevents sshd from interfering with real X11 + servers. The default is 10. + + X11Forwarding + Specifies whether X11 forwarding is permitted. The argument must + be yes or no. The default is no. + + When X11 forwarding is enabled, there may be additional exposure + to the server and to client displays if the sshd(8) proxy display + is configured to listen on the wildcard address (see + X11UseLocalhost), though this is not the default. Additionally, + the authentication spoofing and authentication data verification + and substitution occur on the client side. The security risk of + using X11 forwarding is that the client's X11 display server may + be exposed to attack when the SSH client requests forwarding (see + the warnings for ForwardX11 in ssh_config(5)). A system + administrator may have a stance in which they want to protect + clients that may expose themselves to attack by unwittingly + requesting X11 forwarding, which can warrant a no setting. + + Note that disabling X11 forwarding does not prevent users from + forwarding X11 traffic, as users can always install their own + forwarders. + + X11UseLocalhost + Specifies whether sshd(8) should bind the X11 forwarding server + to the loopback address or to the wildcard address. By default, + sshd binds the forwarding server to the loopback address and sets + the hostname part of the DISPLAY environment variable to + localhost. This prevents remote hosts from connecting to the + proxy display. However, some older X11 clients may not function + with this configuration. X11UseLocalhost may be set to no to + specify that the forwarding server should be bound to the + wildcard address. The argument must be yes or no. The default + is yes. + + XAuthLocation + Specifies the full pathname of the xauth(1) program, or none to + not use one. The default is /usr/X11R6/bin/xauth. + +TIME FORMATS + sshd(8) command-line arguments and configuration file options that + specify time may be expressed using a sequence of the form: + time[qualifier], where time is a positive integer value and qualifier is + one of the following: + + M-bM-^_M-(noneM-bM-^_M-) seconds + s | S seconds + m | M minutes + h | H hours + d | D days + w | W weeks + + Each member of the sequence is added together to calculate the total time + value. + + Time format examples: + + 600 600 seconds (10 minutes) + 10m 10 minutes + 1h30m 1 hour 30 minutes (90 minutes) + +TOKENS + Arguments to some keywords can make use of tokens, which are expanded at + runtime: + + %% A literal M-bM-^@M-^X%M-bM-^@M-^Y. + %D The routing domain in which the incoming connection was + received. + %F The fingerprint of the CA key. + %f The fingerprint of the key or certificate. + %h The home directory of the user. + %i The key ID in the certificate. + %K The base64-encoded CA key. + %k The base64-encoded key or certificate for authentication. + %s The serial number of the certificate. + %T The type of the CA key. + %t The key or certificate type. + %U The numeric user ID of the target user. + %u The username. + + AuthorizedKeysCommand accepts the tokens %%, %f, %h, %k, %t, %U, and %u. + + AuthorizedKeysFile accepts the tokens %%, %h, %U, and %u. + + AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %h, %i, %K, + %k, %s, %T, %t, %U, and %u. + + AuthorizedPrincipalsFile accepts the tokens %%, %h, %U, and %u. + + ChrootDirectory accepts the tokens %%, %h, %U, and %u. + + RoutingDomain accepts the token %D. + +FILES + /etc/ssh/sshd_config + Contains configuration data for sshd(8). This file should be + writable by root only, but it is recommended (though not + necessary) that it be world-readable. + +SEE ALSO + sftp-server(8), sshd(8) + +AUTHORS + OpenSSH is a derivative of the original and free ssh 1.2.12 release by + Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo + de Raadt and Dug Song removed many bugs, re-added newer features and + created OpenSSH. Markus Friedl contributed the support for SSH protocol + versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support + for privilege separation. + +OpenBSD 7.2 January 18, 2023 OpenBSD 7.2 diff --git a/sshd_config.5 b/sshd_config.5 new file mode 100644 index 0000000..7313a7f --- /dev/null +++ b/sshd_config.5 @@ -0,0 +1,2082 @@ +.\" +.\" Author: Tatu Ylonen <ylo@cs.hut.fi> +.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland +.\" All rights reserved +.\" +.\" As far as I am concerned, the code I have written for this software +.\" can be used freely for any purpose. Any derived versions of this +.\" software must be clearly marked as such, and if the derived work is +.\" incompatible with the protocol description in the RFC file, it must be +.\" called by a name other than "ssh" or "Secure Shell". +.\" +.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. +.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. +.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $OpenBSD: sshd_config.5,v 1.347 2023/01/18 06:55:32 jmc Exp $ +.Dd $Mdocdate: January 18 2023 $ +.Dt SSHD_CONFIG 5 +.Os +.Sh NAME +.Nm sshd_config +.Nd OpenSSH daemon configuration file +.Sh DESCRIPTION +.Xr sshd 8 +reads configuration data from +.Pa /etc/ssh/sshd_config +(or the file specified with +.Fl f +on the command line). +The file contains keyword-argument pairs, one per line. +For each keyword, the first obtained value will be used. +Lines starting with +.Ql # +and empty lines are interpreted as comments. +Arguments may optionally be enclosed in double quotes +.Pq \&" +in order to represent arguments containing spaces. +.Pp +The possible +keywords and their meanings are as follows (note that +keywords are case-insensitive and arguments are case-sensitive): +.Bl -tag -width Ds +.It Cm AcceptEnv +Specifies what environment variables sent by the client will be copied into +the session's +.Xr environ 7 . +See +.Cm SendEnv +and +.Cm SetEnv +in +.Xr ssh_config 5 +for how to configure the client. +The +.Ev TERM +environment variable is always accepted whenever the client +requests a pseudo-terminal as it is required by the protocol. +Variables are specified by name, which may contain the wildcard characters +.Ql * +and +.Ql \&? . +Multiple environment variables may be separated by whitespace or spread +across multiple +.Cm AcceptEnv +directives. +Be warned that some environment variables could be used to bypass restricted +user environments. +For this reason, care should be taken in the use of this directive. +The default is not to accept any environment variables. +.It Cm AddressFamily +Specifies which address family should be used by +.Xr sshd 8 . +Valid arguments are +.Cm any +(the default), +.Cm inet +(use IPv4 only), or +.Cm inet6 +(use IPv6 only). +.It Cm AllowAgentForwarding +Specifies whether +.Xr ssh-agent 1 +forwarding is permitted. +The default is +.Cm yes . +Note that disabling agent forwarding does not improve security +unless users are also denied shell access, as they can always install +their own forwarders. +.It Cm AllowGroups +This keyword can be followed by a list of group name patterns, separated +by spaces. +If specified, login is allowed only for users whose primary +group or supplementary group list matches one of the patterns. +Only group names are valid; a numerical group ID is not recognized. +By default, login is allowed for all groups. +The allow/deny groups directives are processed in the following order: +.Cm DenyGroups , +.Cm AllowGroups . +.Pp +See PATTERNS in +.Xr ssh_config 5 +for more information on patterns. +.It Cm AllowStreamLocalForwarding +Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted. +The available options are +.Cm yes +(the default) +or +.Cm all +to allow StreamLocal forwarding, +.Cm no +to prevent all StreamLocal forwarding, +.Cm local +to allow local (from the perspective of +.Xr ssh 1 ) +forwarding only or +.Cm remote +to allow remote forwarding only. +Note that disabling StreamLocal forwarding does not improve security unless +users are also denied shell access, as they can always install their +own forwarders. +.It Cm AllowTcpForwarding +Specifies whether TCP forwarding is permitted. +The available options are +.Cm yes +(the default) +or +.Cm all +to allow TCP forwarding, +.Cm no +to prevent all TCP forwarding, +.Cm local +to allow local (from the perspective of +.Xr ssh 1 ) +forwarding only or +.Cm remote +to allow remote forwarding only. +Note that disabling TCP forwarding does not improve security unless +users are also denied shell access, as they can always install their +own forwarders. +.It Cm AllowUsers +This keyword can be followed by a list of user name patterns, separated +by spaces. +If specified, login is allowed only for user names that +match one of the patterns. +Only user names are valid; a numerical user ID is not recognized. +By default, login is allowed for all users. +If the pattern takes the form USER@HOST then USER and HOST +are separately checked, restricting logins to particular +users from particular hosts. +HOST criteria may additionally contain addresses to match in CIDR +address/masklen format. +The allow/deny users directives are processed in the following order: +.Cm DenyUsers , +.Cm AllowUsers . +.Pp +See PATTERNS in +.Xr ssh_config 5 +for more information on patterns. +.It Cm AuthenticationMethods +Specifies the authentication methods that must be successfully completed +for a user to be granted access. +This option must be followed by one or more lists of comma-separated +authentication method names, or by the single string +.Cm any +to indicate the default behaviour of accepting any single authentication +method. +If the default is overridden, then successful authentication requires +completion of every method in at least one of these lists. +.Pp +For example, +.Qq publickey,password publickey,keyboard-interactive +would require the user to complete public key authentication, followed by +either password or keyboard interactive authentication. +Only methods that are next in one or more lists are offered at each stage, +so for this example it would not be possible to attempt password or +keyboard-interactive authentication before public key. +.Pp +For keyboard interactive authentication it is also possible to +restrict authentication to a specific device by appending a +colon followed by the device identifier +.Cm bsdauth +or +.Cm pam . +depending on the server configuration. +For example, +.Qq keyboard-interactive:bsdauth +would restrict keyboard interactive authentication to the +.Cm bsdauth +device. +.Pp +If the publickey method is listed more than once, +.Xr sshd 8 +verifies that keys that have been used successfully are not reused for +subsequent authentications. +For example, +.Qq publickey,publickey +requires successful authentication using two different public keys. +.Pp +Note that each authentication method listed should also be explicitly enabled +in the configuration. +.Pp +The available authentication methods are: +.Qq gssapi-with-mic , +.Qq hostbased , +.Qq keyboard-interactive , +.Qq none +(used for access to password-less accounts when +.Cm PermitEmptyPasswords +is enabled), +.Qq password +and +.Qq publickey . +.It Cm AuthorizedKeysCommand +Specifies a program to be used to look up the user's public keys. +The program must be owned by root, not writable by group or others and +specified by an absolute path. +Arguments to +.Cm AuthorizedKeysCommand +accept the tokens described in the +.Sx TOKENS +section. +If no arguments are specified then the username of the target user is used. +.Pp +The program should produce on standard output zero or +more lines of authorized_keys output (see +.Sx AUTHORIZED_KEYS +in +.Xr sshd 8 ) . +.Cm AuthorizedKeysCommand +is tried after the usual +.Cm AuthorizedKeysFile +files and will not be executed if a matching key is found there. +By default, no +.Cm AuthorizedKeysCommand +is run. +.It Cm AuthorizedKeysCommandUser +Specifies the user under whose account the +.Cm AuthorizedKeysCommand +is run. +It is recommended to use a dedicated user that has no other role on the host +than running authorized keys commands. +If +.Cm AuthorizedKeysCommand +is specified but +.Cm AuthorizedKeysCommandUser +is not, then +.Xr sshd 8 +will refuse to start. +.It Cm AuthorizedKeysFile +Specifies the file that contains the public keys used for user authentication. +The format is described in the AUTHORIZED_KEYS FILE FORMAT section of +.Xr sshd 8 . +Arguments to +.Cm AuthorizedKeysFile +accept the tokens described in the +.Sx TOKENS +section. +After expansion, +.Cm AuthorizedKeysFile +is taken to be an absolute path or one relative to the user's home +directory. +Multiple files may be listed, separated by whitespace. +Alternately this option may be set to +.Cm none +to skip checking for user keys in files. +The default is +.Qq .ssh/authorized_keys .ssh/authorized_keys2 . +.It Cm AuthorizedPrincipalsCommand +Specifies a program to be used to generate the list of allowed +certificate principals as per +.Cm AuthorizedPrincipalsFile . +The program must be owned by root, not writable by group or others and +specified by an absolute path. +Arguments to +.Cm AuthorizedPrincipalsCommand +accept the tokens described in the +.Sx TOKENS +section. +If no arguments are specified then the username of the target user is used. +.Pp +The program should produce on standard output zero or +more lines of +.Cm AuthorizedPrincipalsFile +output. +If either +.Cm AuthorizedPrincipalsCommand +or +.Cm AuthorizedPrincipalsFile +is specified, then certificates offered by the client for authentication +must contain a principal that is listed. +By default, no +.Cm AuthorizedPrincipalsCommand +is run. +.It Cm AuthorizedPrincipalsCommandUser +Specifies the user under whose account the +.Cm AuthorizedPrincipalsCommand +is run. +It is recommended to use a dedicated user that has no other role on the host +than running authorized principals commands. +If +.Cm AuthorizedPrincipalsCommand +is specified but +.Cm AuthorizedPrincipalsCommandUser +is not, then +.Xr sshd 8 +will refuse to start. +.It Cm AuthorizedPrincipalsFile +Specifies a file that lists principal names that are accepted for +certificate authentication. +When using certificates signed by a key listed in +.Cm TrustedUserCAKeys , +this file lists names, one of which must appear in the certificate for it +to be accepted for authentication. +Names are listed one per line preceded by key options (as described in +.Sx AUTHORIZED_KEYS FILE FORMAT +in +.Xr sshd 8 ) . +Empty lines and comments starting with +.Ql # +are ignored. +.Pp +Arguments to +.Cm AuthorizedPrincipalsFile +accept the tokens described in the +.Sx TOKENS +section. +After expansion, +.Cm AuthorizedPrincipalsFile +is taken to be an absolute path or one relative to the user's home directory. +The default is +.Cm none , +i.e. not to use a principals file \(en in this case, the username +of the user must appear in a certificate's principals list for it to be +accepted. +.Pp +Note that +.Cm AuthorizedPrincipalsFile +is only used when authentication proceeds using a CA listed in +.Cm TrustedUserCAKeys +and is not consulted for certification authorities trusted via +.Pa ~/.ssh/authorized_keys , +though the +.Cm principals= +key option offers a similar facility (see +.Xr sshd 8 +for details). +.It Cm Banner +The contents of the specified file are sent to the remote user before +authentication is allowed. +If the argument is +.Cm none +then no banner is displayed. +By default, no banner is displayed. +.It Cm CASignatureAlgorithms +Specifies which algorithms are allowed for signing of certificates +by certificate authorities (CAs). +The default is: +.Bd -literal -offset indent +ssh-ed25519,ecdsa-sha2-nistp256, +ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +sk-ssh-ed25519@openssh.com, +sk-ecdsa-sha2-nistp256@openssh.com, +rsa-sha2-512,rsa-sha2-256 +.Ed +.Pp +If the specified list begins with a +.Sq + +character, then the specified algorithms will be appended to the default set +instead of replacing them. +If the specified list begins with a +.Sq - +character, then the specified algorithms (including wildcards) will be removed +from the default set instead of replacing them. +.Pp +Certificates signed using other algorithms will not be accepted for +public key or host-based authentication. +.It Cm ChannelTimeout +Specifies whether and how quickly +.Xr sshd 8 +should close inactive channels. +Timeouts are specified as one or more +.Dq type=interval +pairs separated by whitespace, where the +.Dq type +must be a channel type name (as described in the table below), optionally +containing wildcard characters. +.Pp +The timeout value +.Dq interval +is specified in seconds or may use any of the units documented in the +.Sx TIME FORMATS +section. +For example, +.Dq session:*=5m +would cause all sessions to terminate after five minutes of inactivity. +Specifying a zero value disables the inactivity timeout. +.Pp +The available channel types include: +.Bl -tag -width Ds +.It Cm agent-connection +Open connections to +.Xr ssh-agent 1 . +.It Cm direct-tcpip , Cm direct-streamlocal@openssh.com +Open TCP or Unix socket (respectively) connections that have +been established from a +.Xr ssh 1 +local forwarding, i.e.\& +.Cm LocalForward +or +.Cm DynamicForward . +.It Cm forwarded-tcpip , Cm forwarded-streamlocal@openssh.com +Open TCP or Unix socket (respectively) connections that have been +established to a +.Xr sshd 8 +listening on behalf of a +.Xr ssh 1 +remote forwarding, i.e.\& +.Cm RemoteForward . +.It Cm session:command +Command execution sessions. +.It Cm session:shell +Interactive shell sessions. +.It Cm session:subsystem:... +Subsystem sessions, e.g. for +.Xr sftp 1 , +which could be identified as +.Cm session:subsystem:sftp . +.It Cm x11-connection +Open X11 forwarding sessions. +.El +.Pp +Note that in all the above cases, terminating an inactive session does not +guarantee to remove all resources associated with the session, e.g. shell +processes or X11 clients relating to the session may continue to execute. +.Pp +Moreover, terminating an inactive channel or session does not necessarily +close the SSH connection, nor does it prevent a client from +requesting another channel of the same type. +In particular, expiring an inactive forwarding session does not prevent +another identical forwarding from being subsequently created. +See also +.Cm UnusedConnectionTimeout , +which may be used in conjunction with this option. +.Pp +The default is not to expire channels of any type for inactivity. +.It Cm ChrootDirectory +Specifies the pathname of a directory to +.Xr chroot 2 +to after authentication. +At session startup +.Xr sshd 8 +checks that all components of the pathname are root-owned directories +which are not writable by any other user or group. +After the chroot, +.Xr sshd 8 +changes the working directory to the user's home directory. +Arguments to +.Cm ChrootDirectory +accept the tokens described in the +.Sx TOKENS +section. +.Pp +The +.Cm ChrootDirectory +must contain the necessary files and directories to support the +user's session. +For an interactive session this requires at least a shell, typically +.Xr sh 1 , +and basic +.Pa /dev +nodes such as +.Xr null 4 , +.Xr zero 4 , +.Xr stdin 4 , +.Xr stdout 4 , +.Xr stderr 4 , +and +.Xr tty 4 +devices. +For file transfer sessions using SFTP +no additional configuration of the environment is necessary if the in-process +sftp-server is used, +though sessions which use logging may require +.Pa /dev/log +inside the chroot directory on some operating systems (see +.Xr sftp-server 8 +for details). +.Pp +For safety, it is very important that the directory hierarchy be +prevented from modification by other processes on the system (especially +those outside the jail). +Misconfiguration can lead to unsafe environments which +.Xr sshd 8 +cannot detect. +.Pp +The default is +.Cm none , +indicating not to +.Xr chroot 2 . +.It Cm Ciphers +Specifies the ciphers allowed. +Multiple ciphers must be comma-separated. +If the specified list begins with a +.Sq + +character, then the specified ciphers will be appended to the default set +instead of replacing them. +If the specified list begins with a +.Sq - +character, then the specified ciphers (including wildcards) will be removed +from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified ciphers will be placed at the head of the +default set. +.Pp +The supported ciphers are: +.Pp +.Bl -item -compact -offset indent +.It +3des-cbc +.It +aes128-cbc +.It +aes192-cbc +.It +aes256-cbc +.It +aes128-ctr +.It +aes192-ctr +.It +aes256-ctr +.It +aes128-gcm@openssh.com +.It +aes256-gcm@openssh.com +.It +chacha20-poly1305@openssh.com +.El +.Pp +The default is: +.Bd -literal -offset indent +chacha20-poly1305@openssh.com, +aes128-ctr,aes192-ctr,aes256-ctr, +aes128-gcm@openssh.com,aes256-gcm@openssh.com +.Ed +.Pp +The list of available ciphers may also be obtained using +.Qq ssh -Q cipher . +.It Cm ClientAliveCountMax +Sets the number of client alive messages which may be sent without +.Xr sshd 8 +receiving any messages back from the client. +If this threshold is reached while client alive messages are being sent, +sshd will disconnect the client, terminating the session. +It is important to note that the use of client alive messages is very +different from +.Cm TCPKeepAlive . +The client alive messages are sent through the encrypted channel +and therefore will not be spoofable. +The TCP keepalive option enabled by +.Cm TCPKeepAlive +is spoofable. +The client alive mechanism is valuable when the client or +server depend on knowing when a connection has become unresponsive. +.Pp +The default value is 3. +If +.Cm ClientAliveInterval +is set to 15, and +.Cm ClientAliveCountMax +is left at the default, unresponsive SSH clients +will be disconnected after approximately 45 seconds. +Setting a zero +.Cm ClientAliveCountMax +disables connection termination. +.It Cm ClientAliveInterval +Sets a timeout interval in seconds after which if no data has been received +from the client, +.Xr sshd 8 +will send a message through the encrypted +channel to request a response from the client. +The default +is 0, indicating that these messages will not be sent to the client. +.It Cm Compression +Specifies whether compression is enabled after +the user has authenticated successfully. +The argument must be +.Cm yes , +.Cm delayed +(a legacy synonym for +.Cm yes ) +or +.Cm no . +The default is +.Cm yes . +.It Cm DenyGroups +This keyword can be followed by a list of group name patterns, separated +by spaces. +Login is disallowed for users whose primary group or supplementary +group list matches one of the patterns. +Only group names are valid; a numerical group ID is not recognized. +By default, login is allowed for all groups. +The allow/deny groups directives are processed in the following order: +.Cm DenyGroups , +.Cm AllowGroups . +.Pp +See PATTERNS in +.Xr ssh_config 5 +for more information on patterns. +.It Cm DenyUsers +This keyword can be followed by a list of user name patterns, separated +by spaces. +Login is disallowed for user names that match one of the patterns. +Only user names are valid; a numerical user ID is not recognized. +By default, login is allowed for all users. +If the pattern takes the form USER@HOST then USER and HOST +are separately checked, restricting logins to particular +users from particular hosts. +HOST criteria may additionally contain addresses to match in CIDR +address/masklen format. +The allow/deny users directives are processed in the following order: +.Cm DenyUsers , +.Cm AllowUsers . +.Pp +See PATTERNS in +.Xr ssh_config 5 +for more information on patterns. +.It Cm DisableForwarding +Disables all forwarding features, including X11, +.Xr ssh-agent 1 , +TCP and StreamLocal. +This option overrides all other forwarding-related options and may +simplify restricted configurations. +.It Cm ExposeAuthInfo +Writes a temporary file containing a list of authentication methods and +public credentials (e.g. keys) used to authenticate the user. +The location of the file is exposed to the user session through the +.Ev SSH_USER_AUTH +environment variable. +The default is +.Cm no . +.It Cm FingerprintHash +Specifies the hash algorithm used when logging key fingerprints. +Valid options are: +.Cm md5 +and +.Cm sha256 . +The default is +.Cm sha256 . +.It Cm ForceCommand +Forces the execution of the command specified by +.Cm ForceCommand , +ignoring any command supplied by the client and +.Pa ~/.ssh/rc +if present. +The command is invoked by using the user's login shell with the -c option. +This applies to shell, command, or subsystem execution. +It is most useful inside a +.Cm Match +block. +The command originally supplied by the client is available in the +.Ev SSH_ORIGINAL_COMMAND +environment variable. +Specifying a command of +.Cm internal-sftp +will force the use of an in-process SFTP server that requires no support +files when used with +.Cm ChrootDirectory . +The default is +.Cm none . +.It Cm GatewayPorts +Specifies whether remote hosts are allowed to connect to ports +forwarded for the client. +By default, +.Xr sshd 8 +binds remote port forwardings to the loopback address. +This prevents other remote hosts from connecting to forwarded ports. +.Cm GatewayPorts +can be used to specify that sshd +should allow remote port forwardings to bind to non-loopback addresses, thus +allowing other hosts to connect. +The argument may be +.Cm no +to force remote port forwardings to be available to the local host only, +.Cm yes +to force remote port forwardings to bind to the wildcard address, or +.Cm clientspecified +to allow the client to select the address to which the forwarding is bound. +The default is +.Cm no . +.It Cm GSSAPIAuthentication +Specifies whether user authentication based on GSSAPI is allowed. +The default is +.Cm no . +.It Cm GSSAPICleanupCredentials +Specifies whether to automatically destroy the user's credentials cache +on logout. +The default is +.Cm yes . +.It Cm GSSAPIStrictAcceptorCheck +Determines whether to be strict about the identity of the GSSAPI acceptor +a client authenticates against. +If set to +.Cm yes +then the client must authenticate against the host +service on the current hostname. +If set to +.Cm no +then the client may authenticate against any service key stored in the +machine's default store. +This facility is provided to assist with operation on multi homed machines. +The default is +.Cm yes . +.It Cm HostbasedAcceptedAlgorithms +Specifies the signature algorithms that will be accepted for hostbased +authentication as a list of comma-separated patterns. +Alternately if the specified list begins with a +.Sq + +character, then the specified signature algorithms will be appended to +the default set instead of replacing them. +If the specified list begins with a +.Sq - +character, then the specified signature algorithms (including wildcards) +will be removed from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified signature algorithms will be placed at +the head of the default set. +The default for this option is: +.Bd -literal -offset 3n +ssh-ed25519-cert-v01@openssh.com, +ecdsa-sha2-nistp256-cert-v01@openssh.com, +ecdsa-sha2-nistp384-cert-v01@openssh.com, +ecdsa-sha2-nistp521-cert-v01@openssh.com, +sk-ssh-ed25519-cert-v01@openssh.com, +sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, +rsa-sha2-512-cert-v01@openssh.com, +rsa-sha2-256-cert-v01@openssh.com, +ssh-ed25519, +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +sk-ssh-ed25519@openssh.com, +sk-ecdsa-sha2-nistp256@openssh.com, +rsa-sha2-512,rsa-sha2-256 +.Ed +.Pp +The list of available signature algorithms may also be obtained using +.Qq ssh -Q HostbasedAcceptedAlgorithms . +This was formerly named HostbasedAcceptedKeyTypes. +.It Cm HostbasedAuthentication +Specifies whether rhosts or /etc/hosts.equiv authentication together +with successful public key client host authentication is allowed +(host-based authentication). +The default is +.Cm no . +.It Cm HostbasedUsesNameFromPacketOnly +Specifies whether or not the server will attempt to perform a reverse +name lookup when matching the name in the +.Pa ~/.shosts , +.Pa ~/.rhosts , +and +.Pa /etc/hosts.equiv +files during +.Cm HostbasedAuthentication . +A setting of +.Cm yes +means that +.Xr sshd 8 +uses the name supplied by the client rather than +attempting to resolve the name from the TCP connection itself. +The default is +.Cm no . +.It Cm HostCertificate +Specifies a file containing a public host certificate. +The certificate's public key must match a private host key already specified +by +.Cm HostKey . +The default behaviour of +.Xr sshd 8 +is not to load any certificates. +.It Cm HostKey +Specifies a file containing a private host key +used by SSH. +The defaults are +.Pa /etc/ssh/ssh_host_ecdsa_key , +.Pa /etc/ssh/ssh_host_ed25519_key +and +.Pa /etc/ssh/ssh_host_rsa_key . +.Pp +Note that +.Xr sshd 8 +will refuse to use a file if it is group/world-accessible +and that the +.Cm HostKeyAlgorithms +option restricts which of the keys are actually used by +.Xr sshd 8 . +.Pp +It is possible to have multiple host key files. +It is also possible to specify public host key files instead. +In this case operations on the private key will be delegated +to an +.Xr ssh-agent 1 . +.It Cm HostKeyAgent +Identifies the UNIX-domain socket used to communicate +with an agent that has access to the private host keys. +If the string +.Qq SSH_AUTH_SOCK +is specified, the location of the socket will be read from the +.Ev SSH_AUTH_SOCK +environment variable. +.It Cm HostKeyAlgorithms +Specifies the host key signature algorithms +that the server offers. +The default for this option is: +.Bd -literal -offset 3n +ssh-ed25519-cert-v01@openssh.com, +ecdsa-sha2-nistp256-cert-v01@openssh.com, +ecdsa-sha2-nistp384-cert-v01@openssh.com, +ecdsa-sha2-nistp521-cert-v01@openssh.com, +sk-ssh-ed25519-cert-v01@openssh.com, +sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, +rsa-sha2-512-cert-v01@openssh.com, +rsa-sha2-256-cert-v01@openssh.com, +ssh-ed25519, +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +sk-ssh-ed25519@openssh.com, +sk-ecdsa-sha2-nistp256@openssh.com, +rsa-sha2-512,rsa-sha2-256 +.Ed +.Pp +The list of available signature algorithms may also be obtained using +.Qq ssh -Q HostKeyAlgorithms . +.It Cm IgnoreRhosts +Specifies whether to ignore per-user +.Pa .rhosts +and +.Pa .shosts +files during +.Cm HostbasedAuthentication . +The system-wide +.Pa /etc/hosts.equiv +and +.Pa /etc/shosts.equiv +are still used regardless of this setting. +.Pp +Accepted values are +.Cm yes +(the default) to ignore all per-user files, +.Cm shosts-only +to allow the use of +.Pa .shosts +but to ignore +.Pa .rhosts +or +.Cm no +to allow both +.Pa .shosts +and +.Pa rhosts . +.It Cm IgnoreUserKnownHosts +Specifies whether +.Xr sshd 8 +should ignore the user's +.Pa ~/.ssh/known_hosts +during +.Cm HostbasedAuthentication +and use only the system-wide known hosts file +.Pa /etc/ssh/ssh_known_hosts . +The default is +.Dq no . +.It Cm Include +Include the specified configuration file(s). +Multiple pathnames may be specified and each pathname may contain +.Xr glob 7 +wildcards that will be expanded and processed in lexical order. +Files without absolute paths are assumed to be in +.Pa /etc/ssh . +An +.Cm Include +directive may appear inside a +.Cm Match +block +to perform conditional inclusion. +.It Cm IPQoS +Specifies the IPv4 type-of-service or DSCP class for the connection. +Accepted values are +.Cm af11 , +.Cm af12 , +.Cm af13 , +.Cm af21 , +.Cm af22 , +.Cm af23 , +.Cm af31 , +.Cm af32 , +.Cm af33 , +.Cm af41 , +.Cm af42 , +.Cm af43 , +.Cm cs0 , +.Cm cs1 , +.Cm cs2 , +.Cm cs3 , +.Cm cs4 , +.Cm cs5 , +.Cm cs6 , +.Cm cs7 , +.Cm ef , +.Cm le , +.Cm lowdelay , +.Cm throughput , +.Cm reliability , +a numeric value, or +.Cm none +to use the operating system default. +This option may take one or two arguments, separated by whitespace. +If one argument is specified, it is used as the packet class unconditionally. +If two values are specified, the first is automatically selected for +interactive sessions and the second for non-interactive sessions. +The default is +.Cm af21 +(Low-Latency Data) +for interactive sessions and +.Cm cs1 +(Lower Effort) +for non-interactive sessions. +.It Cm KbdInteractiveAuthentication +Specifies whether to allow keyboard-interactive authentication. +All authentication styles from +.Xr login.conf 5 +are supported. +The default is +.Cm yes . +The argument to this keyword must be +.Cm yes +or +.Cm no . +.Cm ChallengeResponseAuthentication +is a deprecated alias for this. +.It Cm KerberosAuthentication +Specifies whether the password provided by the user for +.Cm PasswordAuthentication +will be validated through the Kerberos KDC. +To use this option, the server needs a +Kerberos servtab which allows the verification of the KDC's identity. +The default is +.Cm no . +.It Cm KerberosGetAFSToken +If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire +an AFS token before accessing the user's home directory. +The default is +.Cm no . +.It Cm KerberosOrLocalPasswd +If password authentication through Kerberos fails then +the password will be validated via any additional local mechanism +such as +.Pa /etc/passwd . +The default is +.Cm yes . +.It Cm KerberosTicketCleanup +Specifies whether to automatically destroy the user's ticket cache +file on logout. +The default is +.Cm yes . +.It Cm KexAlgorithms +Specifies the available KEX (Key Exchange) algorithms. +Multiple algorithms must be comma-separated. +Alternately if the specified list begins with a +.Sq + +character, then the specified algorithms will be appended to the default set +instead of replacing them. +If the specified list begins with a +.Sq - +character, then the specified algorithms (including wildcards) will be removed +from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified algorithms will be placed at the head of the +default set. +The supported algorithms are: +.Pp +.Bl -item -compact -offset indent +.It +curve25519-sha256 +.It +curve25519-sha256@libssh.org +.It +diffie-hellman-group1-sha1 +.It +diffie-hellman-group14-sha1 +.It +diffie-hellman-group14-sha256 +.It +diffie-hellman-group16-sha512 +.It +diffie-hellman-group18-sha512 +.It +diffie-hellman-group-exchange-sha1 +.It +diffie-hellman-group-exchange-sha256 +.It +ecdh-sha2-nistp256 +.It +ecdh-sha2-nistp384 +.It +ecdh-sha2-nistp521 +.It +sntrup761x25519-sha512@openssh.com +.El +.Pp +The default is: +.Bd -literal -offset indent +sntrup761x25519-sha512@openssh.com, +curve25519-sha256,curve25519-sha256@libssh.org, +ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, +diffie-hellman-group-exchange-sha256, +diffie-hellman-group16-sha512,diffie-hellman-group18-sha512, +diffie-hellman-group14-sha256 +.Ed +.Pp +The list of available key exchange algorithms may also be obtained using +.Qq ssh -Q KexAlgorithms . +.It Cm ListenAddress +Specifies the local addresses +.Xr sshd 8 +should listen on. +The following forms may be used: +.Pp +.Bl -item -offset indent -compact +.It +.Cm ListenAddress +.Sm off +.Ar hostname | address +.Sm on +.Op Cm rdomain Ar domain +.It +.Cm ListenAddress +.Sm off +.Ar hostname : port +.Sm on +.Op Cm rdomain Ar domain +.It +.Cm ListenAddress +.Sm off +.Ar IPv4_address : port +.Sm on +.Op Cm rdomain Ar domain +.It +.Cm ListenAddress +.Sm off +.Oo Ar hostname | address Oc : Ar port +.Sm on +.Op Cm rdomain Ar domain +.El +.Pp +The optional +.Cm rdomain +qualifier requests +.Xr sshd 8 +listen in an explicit routing domain. +If +.Ar port +is not specified, +sshd will listen on the address and all +.Cm Port +options specified. +The default is to listen on all local addresses on the current default +routing domain. +Multiple +.Cm ListenAddress +options are permitted. +For more information on routing domains, see +.Xr rdomain 4 . +.It Cm LoginGraceTime +The server disconnects after this time if the user has not +successfully logged in. +If the value is 0, there is no time limit. +The default is 120 seconds. +.It Cm LogLevel +Gives the verbosity level that is used when logging messages from +.Xr sshd 8 . +The possible values are: +QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. +The default is INFO. +DEBUG and DEBUG1 are equivalent. +DEBUG2 and DEBUG3 each specify higher levels of debugging output. +Logging with a DEBUG level violates the privacy of users and is not recommended. +.It Cm LogVerbose +Specify one or more overrides to LogLevel. +An override consists of a pattern lists that matches the source file, function +and line number to force detailed logging for. +For example, an override pattern of: +.Bd -literal -offset indent +kex.c:*:1000,*:kex_exchange_identification():*,packet.c:* +.Ed +.Pp +would enable detailed logging for line 1000 of +.Pa kex.c , +everything in the +.Fn kex_exchange_identification +function, and all code in the +.Pa packet.c +file. +This option is intended for debugging and no overrides are enabled by default. +.It Cm MACs +Specifies the available MAC (message authentication code) algorithms. +The MAC algorithm is used for data integrity protection. +Multiple algorithms must be comma-separated. +If the specified list begins with a +.Sq + +character, then the specified algorithms will be appended to the default set +instead of replacing them. +If the specified list begins with a +.Sq - +character, then the specified algorithms (including wildcards) will be removed +from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified algorithms will be placed at the head of the +default set. +.Pp +The algorithms that contain +.Qq -etm +calculate the MAC after encryption (encrypt-then-mac). +These are considered safer and their use recommended. +The supported MACs are: +.Pp +.Bl -item -compact -offset indent +.It +hmac-md5 +.It +hmac-md5-96 +.It +hmac-sha1 +.It +hmac-sha1-96 +.It +hmac-sha2-256 +.It +hmac-sha2-512 +.It +umac-64@openssh.com +.It +umac-128@openssh.com +.It +hmac-md5-etm@openssh.com +.It +hmac-md5-96-etm@openssh.com +.It +hmac-sha1-etm@openssh.com +.It +hmac-sha1-96-etm@openssh.com +.It +hmac-sha2-256-etm@openssh.com +.It +hmac-sha2-512-etm@openssh.com +.It +umac-64-etm@openssh.com +.It +umac-128-etm@openssh.com +.El +.Pp +The default is: +.Bd -literal -offset indent +umac-64-etm@openssh.com,umac-128-etm@openssh.com, +hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com, +hmac-sha1-etm@openssh.com, +umac-64@openssh.com,umac-128@openssh.com, +hmac-sha2-256,hmac-sha2-512,hmac-sha1 +.Ed +.Pp +The list of available MAC algorithms may also be obtained using +.Qq ssh -Q mac . +.It Cm Match +Introduces a conditional block. +If all of the criteria on the +.Cm Match +line are satisfied, the keywords on the following lines override those +set in the global section of the config file, until either another +.Cm Match +line or the end of the file. +If a keyword appears in multiple +.Cm Match +blocks that are satisfied, only the first instance of the keyword is +applied. +.Pp +The arguments to +.Cm Match +are one or more criteria-pattern pairs or the single token +.Cm All +which matches all criteria. +The available criteria are +.Cm User , +.Cm Group , +.Cm Host , +.Cm LocalAddress , +.Cm LocalPort , +.Cm RDomain , +and +.Cm Address +(with +.Cm RDomain +representing the +.Xr rdomain 4 +on which the connection was received). +.Pp +The match patterns may consist of single entries or comma-separated +lists and may use the wildcard and negation operators described in the +.Sx PATTERNS +section of +.Xr ssh_config 5 . +.Pp +The patterns in an +.Cm Address +criteria may additionally contain addresses to match in CIDR +address/masklen format, +such as 192.0.2.0/24 or 2001:db8::/32. +Note that the mask length provided must be consistent with the address - +it is an error to specify a mask length that is too long for the address +or one with bits set in this host portion of the address. +For example, 192.0.2.0/33 and 192.0.2.0/8, respectively. +.Pp +Only a subset of keywords may be used on the lines following a +.Cm Match +keyword. +Available keywords are +.Cm AcceptEnv , +.Cm AllowAgentForwarding , +.Cm AllowGroups , +.Cm AllowStreamLocalForwarding , +.Cm AllowTcpForwarding , +.Cm AllowUsers , +.Cm AuthenticationMethods , +.Cm AuthorizedKeysCommand , +.Cm AuthorizedKeysCommandUser , +.Cm AuthorizedKeysFile , +.Cm AuthorizedPrincipalsCommand , +.Cm AuthorizedPrincipalsCommandUser , +.Cm AuthorizedPrincipalsFile , +.Cm Banner , +.Cm CASignatureAlgorithms , +.Cm ChannelTimeout , +.Cm ChrootDirectory , +.Cm ClientAliveCountMax , +.Cm ClientAliveInterval , +.Cm DenyGroups , +.Cm DenyUsers , +.Cm DisableForwarding , +.Cm ExposeAuthInfo , +.Cm ForceCommand , +.Cm GatewayPorts , +.Cm GSSAPIAuthentication , +.Cm HostbasedAcceptedAlgorithms , +.Cm HostbasedAuthentication , +.Cm HostbasedUsesNameFromPacketOnly , +.Cm IgnoreRhosts , +.Cm Include , +.Cm IPQoS , +.Cm KbdInteractiveAuthentication , +.Cm KerberosAuthentication , +.Cm LogLevel , +.Cm MaxAuthTries , +.Cm MaxSessions , +.Cm PasswordAuthentication , +.Cm PermitEmptyPasswords , +.Cm PermitListen , +.Cm PermitOpen , +.Cm PermitRootLogin , +.Cm PermitTTY , +.Cm PermitTunnel , +.Cm PermitUserRC , +.Cm PubkeyAcceptedAlgorithms , +.Cm PubkeyAuthentication , +.Cm PubkeyAuthOptions , +.Cm RekeyLimit , +.Cm RevokedKeys , +.Cm RDomain , +.Cm SetEnv , +.Cm StreamLocalBindMask , +.Cm StreamLocalBindUnlink , +.Cm TrustedUserCAKeys , +.Cm UnusedConnectionTimeout , +.Cm X11DisplayOffset , +.Cm X11Forwarding +and +.Cm X11UseLocalhost . +.It Cm MaxAuthTries +Specifies the maximum number of authentication attempts permitted per +connection. +Once the number of failures reaches half this value, +additional failures are logged. +The default is 6. +.It Cm MaxSessions +Specifies the maximum number of open shell, login or subsystem (e.g. sftp) +sessions permitted per network connection. +Multiple sessions may be established by clients that support connection +multiplexing. +Setting +.Cm MaxSessions +to 1 will effectively disable session multiplexing, whereas setting it to 0 +will prevent all shell, login and subsystem sessions while still permitting +forwarding. +The default is 10. +.It Cm MaxStartups +Specifies the maximum number of concurrent unauthenticated connections to the +SSH daemon. +Additional connections will be dropped until authentication succeeds or the +.Cm LoginGraceTime +expires for a connection. +The default is 10:30:100. +.Pp +Alternatively, random early drop can be enabled by specifying +the three colon separated values +start:rate:full (e.g. "10:30:60"). +.Xr sshd 8 +will refuse connection attempts with a probability of rate/100 (30%) +if there are currently start (10) unauthenticated connections. +The probability increases linearly and all connection attempts +are refused if the number of unauthenticated connections reaches full (60). +.It Cm ModuliFile +Specifies the +.Xr moduli 5 +file that contains the Diffie-Hellman groups used for the +.Dq diffie-hellman-group-exchange-sha1 +and +.Dq diffie-hellman-group-exchange-sha256 +key exchange methods. +The default is +.Pa /etc/moduli . +.It Cm PasswordAuthentication +Specifies whether password authentication is allowed. +The default is +.Cm yes . +.It Cm PermitEmptyPasswords +When password authentication is allowed, it specifies whether the +server allows login to accounts with empty password strings. +The default is +.Cm no . +.It Cm PermitListen +Specifies the addresses/ports on which a remote TCP port forwarding may listen. +The listen specification must be one of the following forms: +.Pp +.Bl -item -offset indent -compact +.It +.Cm PermitListen +.Sm off +.Ar port +.Sm on +.It +.Cm PermitListen +.Sm off +.Ar host : port +.Sm on +.El +.Pp +Multiple permissions may be specified by separating them with whitespace. +An argument of +.Cm any +can be used to remove all restrictions and permit any listen requests. +An argument of +.Cm none +can be used to prohibit all listen requests. +The host name may contain wildcards as described in the PATTERNS section in +.Xr ssh_config 5 . +The wildcard +.Sq * +can also be used in place of a port number to allow all ports. +By default all port forwarding listen requests are permitted. +Note that the +.Cm GatewayPorts +option may further restrict which addresses may be listened on. +Note also that +.Xr ssh 1 +will request a listen host of +.Dq localhost +if no listen host was specifically requested, and this name is +treated differently to explicit localhost addresses of +.Dq 127.0.0.1 +and +.Dq ::1 . +.It Cm PermitOpen +Specifies the destinations to which TCP port forwarding is permitted. +The forwarding specification must be one of the following forms: +.Pp +.Bl -item -offset indent -compact +.It +.Cm PermitOpen +.Sm off +.Ar host : port +.Sm on +.It +.Cm PermitOpen +.Sm off +.Ar IPv4_addr : port +.Sm on +.It +.Cm PermitOpen +.Sm off +.Ar \&[ IPv6_addr \&] : port +.Sm on +.El +.Pp +Multiple forwards may be specified by separating them with whitespace. +An argument of +.Cm any +can be used to remove all restrictions and permit any forwarding requests. +An argument of +.Cm none +can be used to prohibit all forwarding requests. +The wildcard +.Sq * +can be used for host or port to allow all hosts or ports respectively. +Otherwise, no pattern matching or address lookups are performed on supplied +names. +By default all port forwarding requests are permitted. +.It Cm PermitRootLogin +Specifies whether root can log in using +.Xr ssh 1 . +The argument must be +.Cm yes , +.Cm prohibit-password , +.Cm forced-commands-only , +or +.Cm no . +The default is +.Cm prohibit-password . +.Pp +If this option is set to +.Cm prohibit-password +(or its deprecated alias, +.Cm without-password ) , +password and keyboard-interactive authentication are disabled for root. +.Pp +If this option is set to +.Cm forced-commands-only , +root login with public key authentication will be allowed, +but only if the +.Ar command +option has been specified +(which may be useful for taking remote backups even if root login is +normally not allowed). +All other authentication methods are disabled for root. +.Pp +If this option is set to +.Cm no , +root is not allowed to log in. +.It Cm PermitTTY +Specifies whether +.Xr pty 4 +allocation is permitted. +The default is +.Cm yes . +.It Cm PermitTunnel +Specifies whether +.Xr tun 4 +device forwarding is allowed. +The argument must be +.Cm yes , +.Cm point-to-point +(layer 3), +.Cm ethernet +(layer 2), or +.Cm no . +Specifying +.Cm yes +permits both +.Cm point-to-point +and +.Cm ethernet . +The default is +.Cm no . +.Pp +Independent of this setting, the permissions of the selected +.Xr tun 4 +device must allow access to the user. +.It Cm PermitUserEnvironment +Specifies whether +.Pa ~/.ssh/environment +and +.Cm environment= +options in +.Pa ~/.ssh/authorized_keys +are processed by +.Xr sshd 8 . +Valid options are +.Cm yes , +.Cm no +or a pattern-list specifying which environment variable names to accept +(for example +.Qq LANG,LC_* ) . +The default is +.Cm no . +Enabling environment processing may enable users to bypass access +restrictions in some configurations using mechanisms such as +.Ev LD_PRELOAD . +.It Cm PermitUserRC +Specifies whether any +.Pa ~/.ssh/rc +file is executed. +The default is +.Cm yes . +.It Cm PerSourceMaxStartups +Specifies the number of unauthenticated connections allowed from a +given source address, or +.Dq none +if there is no limit. +This limit is applied in addition to +.Cm MaxStartups , +whichever is lower. +The default is +.Cm none . +.It Cm PerSourceNetBlockSize +Specifies the number of bits of source address that are grouped together +for the purposes of applying PerSourceMaxStartups limits. +Values for IPv4 and optionally IPv6 may be specified, separated by a colon. +The default is +.Cm 32:128 , +which means each address is considered individually. +.It Cm PidFile +Specifies the file that contains the process ID of the +SSH daemon, or +.Cm none +to not write one. +The default is +.Pa /var/run/sshd.pid . +.It Cm Port +Specifies the port number that +.Xr sshd 8 +listens on. +The default is 22. +Multiple options of this type are permitted. +See also +.Cm ListenAddress . +.It Cm PrintLastLog +Specifies whether +.Xr sshd 8 +should print the date and time of the last user login when a user logs +in interactively. +The default is +.Cm yes . +.It Cm PrintMotd +Specifies whether +.Xr sshd 8 +should print +.Pa /etc/motd +when a user logs in interactively. +(On some systems it is also printed by the shell, +.Pa /etc/profile , +or equivalent.) +The default is +.Cm yes . +.It Cm PubkeyAcceptedAlgorithms +Specifies the signature algorithms that will be accepted for public key +authentication as a list of comma-separated patterns. +Alternately if the specified list begins with a +.Sq + +character, then the specified algorithms will be appended to the default set +instead of replacing them. +If the specified list begins with a +.Sq - +character, then the specified algorithms (including wildcards) will be removed +from the default set instead of replacing them. +If the specified list begins with a +.Sq ^ +character, then the specified algorithms will be placed at the head of the +default set. +The default for this option is: +.Bd -literal -offset 3n +ssh-ed25519-cert-v01@openssh.com, +ecdsa-sha2-nistp256-cert-v01@openssh.com, +ecdsa-sha2-nistp384-cert-v01@openssh.com, +ecdsa-sha2-nistp521-cert-v01@openssh.com, +sk-ssh-ed25519-cert-v01@openssh.com, +sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, +rsa-sha2-512-cert-v01@openssh.com, +rsa-sha2-256-cert-v01@openssh.com, +ssh-ed25519, +ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, +sk-ssh-ed25519@openssh.com, +sk-ecdsa-sha2-nistp256@openssh.com, +rsa-sha2-512,rsa-sha2-256 +.Ed +.Pp +The list of available signature algorithms may also be obtained using +.Qq ssh -Q PubkeyAcceptedAlgorithms . +.It Cm PubkeyAuthOptions +Sets one or more public key authentication options. +The supported keywords are: +.Cm none +(the default; indicating no additional options are enabled), +.Cm touch-required +and +.Cm verify-required . +.Pp +The +.Cm touch-required +option causes public key authentication using a FIDO authenticator algorithm +(i.e.\& +.Cm ecdsa-sk +or +.Cm ed25519-sk ) +to always require the signature to attest that a physically present user +explicitly confirmed the authentication (usually by touching the authenticator). +By default, +.Xr sshd 8 +requires user presence unless overridden with an authorized_keys option. +The +.Cm touch-required +flag disables this override. +.Pp +The +.Cm verify-required +option requires a FIDO key signature attest that the user was verified, +e.g. via a PIN. +.Pp +Neither the +.Cm touch-required +or +.Cm verify-required +options have any effect for other, non-FIDO, public key types. +.It Cm PubkeyAuthentication +Specifies whether public key authentication is allowed. +The default is +.Cm yes . +.It Cm RekeyLimit +Specifies the maximum amount of data that may be transmitted or received +before the session key is renegotiated, optionally followed by a maximum +amount of time that may pass before the session key is renegotiated. +The first argument is specified in bytes and may have a suffix of +.Sq K , +.Sq M , +or +.Sq G +to indicate Kilobytes, Megabytes, or Gigabytes, respectively. +The default is between +.Sq 1G +and +.Sq 4G , +depending on the cipher. +The optional second value is specified in seconds and may use any of the +units documented in the +.Sx TIME FORMATS +section. +The default value for +.Cm RekeyLimit +is +.Cm default none , +which means that rekeying is performed after the cipher's default amount +of data has been sent or received and no time based rekeying is done. +.It Cm RequiredRSASize +Specifies the minimum RSA key size (in bits) that +.Xr sshd 8 +will accept. +User and host-based authentication keys smaller than this limit will be +refused. +The default is +.Cm 1024 +bits. +Note that this limit may only be raised from the default. +.It Cm RevokedKeys +Specifies revoked public keys file, or +.Cm none +to not use one. +Keys listed in this file will be refused for public key authentication. +Note that if this file is not readable, then public key authentication will +be refused for all users. +Keys may be specified as a text file, listing one public key per line, or as +an OpenSSH Key Revocation List (KRL) as generated by +.Xr ssh-keygen 1 . +For more information on KRLs, see the KEY REVOCATION LISTS section in +.Xr ssh-keygen 1 . +.It Cm RDomain +Specifies an explicit routing domain that is applied after authentication +has completed. +The user session, as well as any forwarded or listening IP sockets, +will be bound to this +.Xr rdomain 4 . +If the routing domain is set to +.Cm \&%D , +then the domain in which the incoming connection was received will be applied. +.It Cm SecurityKeyProvider +Specifies a path to a library that will be used when loading +FIDO authenticator-hosted keys, overriding the default of using +the built-in USB HID support. +.It Cm SetEnv +Specifies one or more environment variables to set in child sessions started +by +.Xr sshd 8 +as +.Dq NAME=VALUE . +The environment value may be quoted (e.g. if it contains whitespace +characters). +Environment variables set by +.Cm SetEnv +override the default environment and any variables specified by the user +via +.Cm AcceptEnv +or +.Cm PermitUserEnvironment . +.It Cm StreamLocalBindMask +Sets the octal file creation mode mask +.Pq umask +used when creating a Unix-domain socket file for local or remote +port forwarding. +This option is only used for port forwarding to a Unix-domain socket file. +.Pp +The default value is 0177, which creates a Unix-domain socket file that is +readable and writable only by the owner. +Note that not all operating systems honor the file mode on Unix-domain +socket files. +.It Cm StreamLocalBindUnlink +Specifies whether to remove an existing Unix-domain socket file for local +or remote port forwarding before creating a new one. +If the socket file already exists and +.Cm StreamLocalBindUnlink +is not enabled, +.Nm sshd +will be unable to forward the port to the Unix-domain socket file. +This option is only used for port forwarding to a Unix-domain socket file. +.Pp +The argument must be +.Cm yes +or +.Cm no . +The default is +.Cm no . +.It Cm StrictModes +Specifies whether +.Xr sshd 8 +should check file modes and ownership of the +user's files and home directory before accepting login. +This is normally desirable because novices sometimes accidentally leave their +directory or files world-writable. +The default is +.Cm yes . +Note that this does not apply to +.Cm ChrootDirectory , +whose permissions and ownership are checked unconditionally. +.It Cm Subsystem +Configures an external subsystem (e.g. file transfer daemon). +Arguments should be a subsystem name and a command (with optional arguments) +to execute upon subsystem request. +.Pp +The command +.Cm sftp-server +implements the SFTP file transfer subsystem. +.Pp +Alternately the name +.Cm internal-sftp +implements an in-process SFTP server. +This may simplify configurations using +.Cm ChrootDirectory +to force a different filesystem root on clients. +.Pp +By default no subsystems are defined. +.It Cm SyslogFacility +Gives the facility code that is used when logging messages from +.Xr sshd 8 . +The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, +LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. +The default is AUTH. +.It Cm TCPKeepAlive +Specifies whether the system should send TCP keepalive messages to the +other side. +If they are sent, death of the connection or crash of one +of the machines will be properly noticed. +However, this means that +connections will die if the route is down temporarily, and some people +find it annoying. +On the other hand, if TCP keepalives are not sent, +sessions may hang indefinitely on the server, leaving +.Qq ghost +users and consuming server resources. +.Pp +The default is +.Cm yes +(to send TCP keepalive messages), and the server will notice +if the network goes down or the client host crashes. +This avoids infinitely hanging sessions. +.Pp +To disable TCP keepalive messages, the value should be set to +.Cm no . +.It Cm TrustedUserCAKeys +Specifies a file containing public keys of certificate authorities that are +trusted to sign user certificates for authentication, or +.Cm none +to not use one. +Keys are listed one per line; empty lines and comments starting with +.Ql # +are allowed. +If a certificate is presented for authentication and has its signing CA key +listed in this file, then it may be used for authentication for any user +listed in the certificate's principals list. +Note that certificates that lack a list of principals will not be permitted +for authentication using +.Cm TrustedUserCAKeys . +For more details on certificates, see the CERTIFICATES section in +.Xr ssh-keygen 1 . +.It Cm UnusedConnectionTimeout +Specifies whether and how quickly +.Xr sshd 8 +should close client connections with no open channels. +Open channels include active shell, command execution or subsystem +sessions, connected network, socket, agent or X11 forwardings. +Forwarding listeners, such as those from the +.Xr ssh 1 +.Fl R +flag, are not considered as open channels and do not prevent the timeout. +The timeout value +is specified in seconds or may use any of the units documented in the +.Sx TIME FORMATS +section. +.Pp +Note that this timeout starts when the client connection completes +user authentication but before the client has an opportunity to open any +channels. +Caution should be used when using short timeout values, as they may not +provide sufficient time for the client to request and open its channels +before terminating the connection. +.Pp +The default +.Cm none +is to never expire connections for having no open channels. +This option may be useful in conjunction with +.Cm ChannelTimeout . +.It Cm UseDNS +Specifies whether +.Xr sshd 8 +should look up the remote host name, and to check that +the resolved host name for the remote IP address maps back to the +very same IP address. +.Pp +If this option is set to +.Cm no +(the default) then only addresses and not host names may be used in +.Pa ~/.ssh/authorized_keys +.Cm from +and +.Nm +.Cm Match +.Cm Host +directives. +.It Cm UsePAM +Enables the Pluggable Authentication Module interface. +If set to +.Cm yes +this will enable PAM authentication using +.Cm KbdInteractiveAuthentication +and +.Cm PasswordAuthentication +in addition to PAM account and session module processing for all +authentication types. +.Pp +Because PAM keyboard-interactive authentication usually serves an equivalent +role to password authentication, you should disable either +.Cm PasswordAuthentication +or +.Cm KbdInteractiveAuthentication . +.Pp +If +.Cm UsePAM +is enabled, you will not be able to run +.Xr sshd 8 +as a non-root user. +The default is +.Cm no . +.It Cm VersionAddendum +Optionally specifies additional text to append to the SSH protocol banner +sent by the server upon connection. +The default is +.Cm none . +.It Cm X11DisplayOffset +Specifies the first display number available for +.Xr sshd 8 Ns 's +X11 forwarding. +This prevents sshd from interfering with real X11 servers. +The default is 10. +.It Cm X11Forwarding +Specifies whether X11 forwarding is permitted. +The argument must be +.Cm yes +or +.Cm no . +The default is +.Cm no . +.Pp +When X11 forwarding is enabled, there may be additional exposure to +the server and to client displays if the +.Xr sshd 8 +proxy display is configured to listen on the wildcard address (see +.Cm X11UseLocalhost ) , +though this is not the default. +Additionally, the authentication spoofing and authentication data +verification and substitution occur on the client side. +The security risk of using X11 forwarding is that the client's X11 +display server may be exposed to attack when the SSH client requests +forwarding (see the warnings for +.Cm ForwardX11 +in +.Xr ssh_config 5 ) . +A system administrator may have a stance in which they want to +protect clients that may expose themselves to attack by unwittingly +requesting X11 forwarding, which can warrant a +.Cm no +setting. +.Pp +Note that disabling X11 forwarding does not prevent users from +forwarding X11 traffic, as users can always install their own forwarders. +.It Cm X11UseLocalhost +Specifies whether +.Xr sshd 8 +should bind the X11 forwarding server to the loopback address or to +the wildcard address. +By default, +sshd binds the forwarding server to the loopback address and sets the +hostname part of the +.Ev DISPLAY +environment variable to +.Cm localhost . +This prevents remote hosts from connecting to the proxy display. +However, some older X11 clients may not function with this +configuration. +.Cm X11UseLocalhost +may be set to +.Cm no +to specify that the forwarding server should be bound to the wildcard +address. +The argument must be +.Cm yes +or +.Cm no . +The default is +.Cm yes . +.It Cm XAuthLocation +Specifies the full pathname of the +.Xr xauth 1 +program, or +.Cm none +to not use one. +The default is +.Pa /usr/X11R6/bin/xauth . +.El +.Sh TIME FORMATS +.Xr sshd 8 +command-line arguments and configuration file options that specify time +may be expressed using a sequence of the form: +.Sm off +.Ar time Op Ar qualifier , +.Sm on +where +.Ar time +is a positive integer value and +.Ar qualifier +is one of the following: +.Pp +.Bl -tag -width Ds -compact -offset indent +.It Aq Cm none +seconds +.It Cm s | Cm S +seconds +.It Cm m | Cm M +minutes +.It Cm h | Cm H +hours +.It Cm d | Cm D +days +.It Cm w | Cm W +weeks +.El +.Pp +Each member of the sequence is added together to calculate +the total time value. +.Pp +Time format examples: +.Pp +.Bl -tag -width Ds -compact -offset indent +.It 600 +600 seconds (10 minutes) +.It 10m +10 minutes +.It 1h30m +1 hour 30 minutes (90 minutes) +.El +.Sh TOKENS +Arguments to some keywords can make use of tokens, +which are expanded at runtime: +.Pp +.Bl -tag -width XXXX -offset indent -compact +.It %% +A literal +.Sq % . +.It \&%D +The routing domain in which the incoming connection was received. +.It %F +The fingerprint of the CA key. +.It %f +The fingerprint of the key or certificate. +.It %h +The home directory of the user. +.It %i +The key ID in the certificate. +.It %K +The base64-encoded CA key. +.It %k +The base64-encoded key or certificate for authentication. +.It %s +The serial number of the certificate. +.It \&%T +The type of the CA key. +.It %t +The key or certificate type. +.It \&%U +The numeric user ID of the target user. +.It %u +The username. +.El +.Pp +.Cm AuthorizedKeysCommand +accepts the tokens %%, %f, %h, %k, %t, %U, and %u. +.Pp +.Cm AuthorizedKeysFile +accepts the tokens %%, %h, %U, and %u. +.Pp +.Cm AuthorizedPrincipalsCommand +accepts the tokens %%, %F, %f, %h, %i, %K, %k, %s, %T, %t, %U, and %u. +.Pp +.Cm AuthorizedPrincipalsFile +accepts the tokens %%, %h, %U, and %u. +.Pp +.Cm ChrootDirectory +accepts the tokens %%, %h, %U, and %u. +.Pp +.Cm RoutingDomain +accepts the token %D. +.Sh FILES +.Bl -tag -width Ds +.It Pa /etc/ssh/sshd_config +Contains configuration data for +.Xr sshd 8 . +This file should be writable by root only, but it is recommended +(though not necessary) that it be world-readable. +.El +.Sh SEE ALSO +.Xr sftp-server 8 , +.Xr sshd 8 +.Sh AUTHORS +.An -nosplit +OpenSSH is a derivative of the original and free +ssh 1.2.12 release by +.An Tatu Ylonen . +.An Aaron Campbell , Bob Beck , Markus Friedl , Niels Provos , +.An Theo de Raadt +and +.An Dug Song +removed many bugs, re-added newer features and +created OpenSSH. +.An Markus Friedl +contributed the support for SSH protocol versions 1.5 and 2.0. +.An Niels Provos +and +.An Markus Friedl +contributed support for privilege separation. |