1 SSHD_CONFIG(5) File Formats Manual SSHD_CONFIG(5) 2 3 NAME 4 sshd_config M-bM-^@M-^S OpenSSH SSH daemon configuration file 5 6 SYNOPSIS 7 /etc/ssh/sshd_config 8 9 DESCRIPTION 10 sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file 11 specified with -f on the command line). The file contains keyword- 12 argument pairs, one per line. Lines starting with M-bM-^@M-^X#M-bM-^@M-^Y and empty lines 13 are interpreted as comments. Arguments may optionally be enclosed in 14 double quotes (") in order to represent arguments containing spaces. 15 16 The possible keywords and their meanings are as follows (note that 17 keywords are case-insensitive and arguments are case-sensitive): 18 19 AcceptEnv 20 Specifies what environment variables sent by the client will be 21 copied into the session's environ(7). See SendEnv in 22 ssh_config(5) for how to configure the client. The TERM 23 environment variable is always sent whenever the client requests 24 a pseudo-terminal as it is required by the protocol. Variables 25 are specified by name, which may contain the wildcard characters 26 M-bM-^@M-^X*M-bM-^@M-^Y and M-bM-^@M-^X?M-bM-^@M-^Y. Multiple environment variables may be separated by 27 whitespace or spread across multiple AcceptEnv directives. Be 28 warned that some environment variables could be used to bypass 29 restricted user environments. For this reason, care should be 30 taken in the use of this directive. The default is not to accept 31 any environment variables. 32 33 AddressFamily 34 Specifies which address family should be used by sshd(8). Valid 35 arguments are any (the default), inet (use IPv4 only), or inet6 36 (use IPv6 only). 37 38 AllowAgentForwarding 39 Specifies whether ssh-agent(1) forwarding is permitted. The 40 default is yes. Note that disabling agent forwarding does not 41 improve security unless users are also denied shell access, as 42 they can always install their own forwarders. 43 44 AllowGroups 45 This keyword can be followed by a list of group name patterns, 46 separated by spaces. If specified, login is allowed only for 47 users whose primary group or supplementary group list matches one 48 of the patterns. Only group names are valid; a numerical group 49 ID is not recognized. By default, login is allowed for all 50 groups. The allow/deny directives are processed in the following 51 order: DenyUsers, AllowUsers, DenyGroups, and finally 52 AllowGroups. 53 54 See PATTERNS in ssh_config(5) for more information on patterns. 55 56 AllowStreamLocalForwarding 57 Specifies whether StreamLocal (Unix-domain socket) forwarding is 58 permitted. The available options are yes (the default) or all to 59 allow StreamLocal forwarding, no to prevent all StreamLocal 60 forwarding, local to allow local (from the perspective of ssh(1)) 61 forwarding only or remote to allow remote forwarding only. Note 62 that disabling StreamLocal forwarding does not improve security 63 unless users are also denied shell access, as they can always 64 install their own forwarders. 65 66 AllowTcpForwarding 67 Specifies whether TCP forwarding is permitted. The available 68 options are yes (the default) or all to allow TCP forwarding, no 69 to prevent all TCP forwarding, local to allow local (from the 70 perspective of ssh(1)) forwarding only or remote to allow remote 71 forwarding only. Note that disabling TCP forwarding does not 72 improve security unless users are also denied shell access, as 73 they can always install their own forwarders. 74 75 AllowUsers 76 This keyword can be followed by a list of user name patterns, 77 separated by spaces. If specified, login is allowed only for 78 user names that match one of the patterns. Only user names are 79 valid; a numerical user ID is not recognized. By default, login 80 is allowed for all users. If the pattern takes the form 81 USER@HOST then USER and HOST are separately checked, restricting 82 logins to particular users from particular hosts. HOST criteria 83 may additionally contain addresses to match in CIDR 84 address/masklen format. The allow/deny directives are processed 85 in the following order: DenyUsers, AllowUsers, DenyGroups, and 86 finally AllowGroups. 87 88 See PATTERNS in ssh_config(5) for more information on patterns. 89 90 AuthenticationMethods 91 Specifies the authentication methods that must be successfully 92 completed for a user to be granted access. This option must be 93 followed by one or more comma-separated lists of authentication 94 method names, or by the single string any to indicate the default 95 behaviour of accepting any single authentication method. If the 96 default is overridden, then successful authentication requires 97 completion of every method in at least one of these lists. 98 99 For example, "publickey,password publickey,keyboard-interactive" 100 would require the user to complete public key authentication, 101 followed by either password or keyboard interactive 102 authentication. Only methods that are next in one or more lists 103 are offered at each stage, so for this example it would not be 104 possible to attempt password or keyboard-interactive 105 authentication before public key. 106 107 For keyboard interactive authentication it is also possible to 108 restrict authentication to a specific device by appending a colon 109 followed by the device identifier bsdauth, pam, or skey, 110 depending on the server configuration. For example, 111 "keyboard-interactive:bsdauth" would restrict keyboard 112 interactive authentication to the bsdauth device. 113 114 If the publickey method is listed more than once, sshd(8) 115 verifies that keys that have been used successfully are not 116 reused for subsequent authentications. For example, 117 "publickey,publickey" requires successful authentication using 118 two different public keys. 119 120 Note that each authentication method listed should also be 121 explicitly enabled in the configuration. 122 123 AuthorizedKeysCommand 124 Specifies a program to be used to look up the user's public keys. 125 The program must be owned by root, not writable by group or 126 others and specified by an absolute path. Arguments to 127 AuthorizedKeysCommand accept the tokens described in the TOKENS 128 section. If no arguments are specified then the username of the 129 target user is used. 130 131 The program should produce on standard output zero or more lines 132 of authorized_keys output (see AUTHORIZED_KEYS in sshd(8)). If a 133 key supplied by AuthorizedKeysCommand does not successfully 134 authenticate and authorize the user then public key 135 authentication continues using the usual AuthorizedKeysFile 136 files. By default, no AuthorizedKeysCommand is run. 137 138 AuthorizedKeysCommandUser 139 Specifies the user under whose account the AuthorizedKeysCommand 140 is run. It is recommended to use a dedicated user that has no 141 other role on the host than running authorized keys commands. If 142 AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser 143 is not, then sshd(8) will refuse to start. 144 145 AuthorizedKeysFile 146 Specifies the file that contains the public keys used for user 147 authentication. The format is described in the AUTHORIZED_KEYS 148 FILE FORMAT section of sshd(8). Arguments to AuthorizedKeysFile 149 accept the tokens described in the TOKENS section. After 150 expansion, AuthorizedKeysFile is taken to be an absolute path or 151 one relative to the user's home directory. Multiple files may be 152 listed, separated by whitespace. Alternately this option may be 153 set to none to skip checking for user keys in files. The default 154 is ".ssh/authorized_keys .ssh/authorized_keys2". 155 156 AuthorizedPrincipalsCommand 157 Specifies a program to be used to generate the list of allowed 158 certificate principals as per AuthorizedPrincipalsFile. The 159 program must be owned by root, not writable by group or others 160 and specified by an absolute path. Arguments to 161 AuthorizedPrincipalsCommand accept the tokens described in the 162 TOKENS section. If no arguments are specified then the username 163 of the target user is used. 164 165 The program should produce on standard output zero or more lines 166 of AuthorizedPrincipalsFile output. If either 167 AuthorizedPrincipalsCommand or AuthorizedPrincipalsFile is 168 specified, then certificates offered by the client for 169 authentication must contain a principal that is listed. By 170 default, no AuthorizedPrincipalsCommand is run. 171 172 AuthorizedPrincipalsCommandUser 173 Specifies the user under whose account the 174 AuthorizedPrincipalsCommand is run. It is recommended to use a 175 dedicated user that has no other role on the host than running 176 authorized principals commands. If AuthorizedPrincipalsCommand 177 is specified but AuthorizedPrincipalsCommandUser is not, then 178 sshd(8) will refuse to start. 179 180 AuthorizedPrincipalsFile 181 Specifies a file that lists principal names that are accepted for 182 certificate authentication. When using certificates signed by a 183 key listed in TrustedUserCAKeys, this file lists names, one of 184 which must appear in the certificate for it to be accepted for 185 authentication. Names are listed one per line preceded by key 186 options (as described in AUTHORIZED_KEYS FILE FORMAT in sshd(8)). 187 Empty lines and comments starting with M-bM-^@M-^X#M-bM-^@M-^Y are ignored. 188 189 Arguments to AuthorizedPrincipalsFile accept the tokens described 190 in the TOKENS section. After expansion, AuthorizedPrincipalsFile 191 is taken to be an absolute path or one relative to the user's 192 home directory. The default is none, i.e. not to use a 193 principals file M-bM-^@M-^S in this case, the username of the user must 194 appear in a certificate's principals list for it to be accepted. 195 196 Note that AuthorizedPrincipalsFile is only used when 197 authentication proceeds using a CA listed in TrustedUserCAKeys 198 and is not consulted for certification authorities trusted via 199 ~/.ssh/authorized_keys, though the principals= key option offers 200 a similar facility (see sshd(8) for details). 201 202 Banner The contents of the specified file are sent to the remote user 203 before authentication is allowed. If the argument is none then 204 no banner is displayed. By default, no banner is displayed. 205 206 ChallengeResponseAuthentication 207 Specifies whether challenge-response authentication is allowed 208 (e.g. via PAM or through authentication styles supported in 209 login.conf(5)) The default is yes. 210 211 ChrootDirectory 212 Specifies the pathname of a directory to chroot(2) to after 213 authentication. At session startup sshd(8) checks that all 214 components of the pathname are root-owned directories which are 215 not writable by any other user or group. After the chroot, 216 sshd(8) changes the working directory to the user's home 217 directory. Arguments to ChrootDirectory accept the tokens 218 described in the TOKENS section. 219 220 The ChrootDirectory must contain the necessary files and 221 directories to support the user's session. For an interactive 222 session this requires at least a shell, typically sh(1), and 223 basic /dev nodes such as null(4), zero(4), stdin(4), stdout(4), 224 stderr(4), and tty(4) devices. For file transfer sessions using 225 SFTP no additional configuration of the environment is necessary 226 if the in-process sftp-server is used, though sessions which use 227 logging may require /dev/log inside the chroot directory on some 228 operating systems (see sftp-server(8) for details). 229 230 For safety, it is very important that the directory hierarchy be 231 prevented from modification by other processes on the system 232 (especially those outside the jail). Misconfiguration can lead 233 to unsafe environments which sshd(8) cannot detect. 234 235 The default is none, indicating not to chroot(2). 236 237 Ciphers 238 Specifies the ciphers allowed. Multiple ciphers must be comma- 239 separated. If the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, 240 then the specified ciphers will be appended to the default set 241 instead of replacing them. If the specified value begins with a 242 M-bM-^@M-^X-M-bM-^@M-^Y character, then the specified ciphers (including wildcards) 243 will be removed from the default set instead of replacing them. 244 245 The supported ciphers are: 246 247 3des-cbc 248 aes128-cbc 249 aes192-cbc 250 aes256-cbc 251 aes128-ctr 252 aes192-ctr 253 aes256-ctr 254 aes128-gcm (a] openssh.com 255 aes256-gcm (a] openssh.com 256 arcfour 257 arcfour128 258 arcfour256 259 blowfish-cbc 260 cast128-cbc 261 chacha20-poly1305 (a] openssh.com 262 263 The default is: 264 265 chacha20-poly1305 (a] openssh.com, 266 aes128-ctr,aes192-ctr,aes256-ctr, 267 aes128-gcm (a] openssh.com,aes256-gcm (a] openssh.com 268 269 The list of available ciphers may also be obtained using "ssh -Q 270 cipher". 271 272 ClientAliveCountMax 273 Sets the number of client alive messages which may be sent 274 without sshd(8) receiving any messages back from the client. If 275 this threshold is reached while client alive messages are being 276 sent, sshd will disconnect the client, terminating the session. 277 It is important to note that the use of client alive messages is 278 very different from TCPKeepAlive. The client alive messages are 279 sent through the encrypted channel and therefore will not be 280 spoofable. The TCP keepalive option enabled by TCPKeepAlive is 281 spoofable. The client alive mechanism is valuable when the 282 client or server depend on knowing when a connection has become 283 inactive. 284 285 The default value is 3. If ClientAliveInterval is set to 15, and 286 ClientAliveCountMax is left at the default, unresponsive SSH 287 clients will be disconnected after approximately 45 seconds. 288 289 ClientAliveInterval 290 Sets a timeout interval in seconds after which if no data has 291 been received from the client, sshd(8) will send a message 292 through the encrypted channel to request a response from the 293 client. The default is 0, indicating that these messages will 294 not be sent to the client. 295 296 Compression 297 Specifies whether compression is enabled after the user has 298 authenticated successfully. The argument must be yes, delayed (a 299 legacy synonym for yes) or no. The default is yes. 300 301 DenyGroups 302 This keyword can be followed by a list of group name patterns, 303 separated by spaces. Login is disallowed for users whose primary 304 group or supplementary group list matches one of the patterns. 305 Only group names are valid; a numerical group ID is not 306 recognized. By default, login is allowed for all groups. The 307 allow/deny directives are processed in the following order: 308 DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. 309 310 See PATTERNS in ssh_config(5) for more information on patterns. 311 312 DenyUsers 313 This keyword can be followed by a list of user name patterns, 314 separated by spaces. Login is disallowed for user names that 315 match one of the patterns. Only user names are valid; a 316 numerical user ID is not recognized. By default, login is 317 allowed for all users. If the pattern takes the form USER@HOST 318 then USER and HOST are separately checked, restricting logins to 319 particular users from particular hosts. HOST criteria may 320 additionally contain addresses to match in CIDR address/masklen 321 format. The allow/deny directives are processed in the following 322 order: DenyUsers, AllowUsers, DenyGroups, and finally 323 AllowGroups. 324 325 See PATTERNS in ssh_config(5) for more information on patterns. 326 327 DisableForwarding 328 Disables all forwarding features, including X11, ssh-agent(1), 329 TCP and StreamLocal. This option overrides all other forwarding- 330 related options and may simplify restricted configurations. 331 332 FingerprintHash 333 Specifies the hash algorithm used when logging key fingerprints. 334 Valid options are: md5 and sha256. The default is sha256. 335 336 ForceCommand 337 Forces the execution of the command specified by ForceCommand, 338 ignoring any command supplied by the client and ~/.ssh/rc if 339 present. The command is invoked by using the user's login shell 340 with the -c option. This applies to shell, command, or subsystem 341 execution. It is most useful inside a Match block. The command 342 originally supplied by the client is available in the 343 SSH_ORIGINAL_COMMAND environment variable. Specifying a command 344 of internal-sftp will force the use of an in-process SFTP server 345 that requires no support files when used with ChrootDirectory. 346 The default is none. 347 348 GatewayPorts 349 Specifies whether remote hosts are allowed to connect to ports 350 forwarded for the client. By default, sshd(8) binds remote port 351 forwardings to the loopback address. This prevents other remote 352 hosts from connecting to forwarded ports. GatewayPorts can be 353 used to specify that sshd should allow remote port forwardings to 354 bind to non-loopback addresses, thus allowing other hosts to 355 connect. The argument may be no to force remote port forwardings 356 to be available to the local host only, yes to force remote port 357 forwardings to bind to the wildcard address, or clientspecified 358 to allow the client to select the address to which the forwarding 359 is bound. The default is no. 360 361 GSSAPIAuthentication 362 Specifies whether user authentication based on GSSAPI is allowed. 363 The default is no. 364 365 GSSAPICleanupCredentials 366 Specifies whether to automatically destroy the user's credentials 367 cache on logout. The default is yes. 368 369 GSSAPIStrictAcceptorCheck 370 Determines whether to be strict about the identity of the GSSAPI 371 acceptor a client authenticates against. If set to yes then the 372 client must authenticate against the host service on the current 373 hostname. If set to no then the client may authenticate against 374 any service key stored in the machine's default store. This 375 facility is provided to assist with operation on multi homed 376 machines. The default is yes. 377 378 HostbasedAcceptedKeyTypes 379 Specifies the key types that will be accepted for hostbased 380 authentication as a comma-separated pattern list. Alternately if 381 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the 382 specified key types will be appended to the default set instead 383 of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y 384 character, then the specified key types (including wildcards) 385 will be removed from the default set instead of replacing them. 386 The default for this option is: 387 388 ecdsa-sha2-nistp256-cert-v01 (a] openssh.com, 389 ecdsa-sha2-nistp384-cert-v01 (a] openssh.com, 390 ecdsa-sha2-nistp521-cert-v01 (a] openssh.com, 391 ssh-ed25519-cert-v01 (a] openssh.com, 392 ssh-rsa-cert-v01 (a] openssh.com, 393 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 394 ssh-ed25519,ssh-rsa 395 396 The list of available key types may also be obtained using "ssh 397 -Q key". 398 399 HostbasedAuthentication 400 Specifies whether rhosts or /etc/hosts.equiv authentication 401 together with successful public key client host authentication is 402 allowed (host-based authentication). The default is no. 403 404 HostbasedUsesNameFromPacketOnly 405 Specifies whether or not the server will attempt to perform a 406 reverse name lookup when matching the name in the ~/.shosts, 407 ~/.rhosts, and /etc/hosts.equiv files during 408 HostbasedAuthentication. A setting of yes means that sshd(8) 409 uses the name supplied by the client rather than attempting to 410 resolve the name from the TCP connection itself. The default is 411 no. 412 413 HostCertificate 414 Specifies a file containing a public host certificate. The 415 certificate's public key must match a private host key already 416 specified by HostKey. The default behaviour of sshd(8) is not to 417 load any certificates. 418 419 HostKey 420 Specifies a file containing a private host key used by SSH. The 421 defaults are /etc/ssh/ssh_host_dsa_key, 422 /etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and 423 /etc/ssh/ssh_host_rsa_key. 424 425 Note that sshd(8) will refuse to use a file if it is group/world- 426 accessible and that the HostKeyAlgorithms option restricts which 427 of the keys are actually used by sshd(8). 428 429 It is possible to have multiple host key files. It is also 430 possible to specify public host key files instead. In this case 431 operations on the private key will be delegated to an 432 ssh-agent(1). 433 434 HostKeyAgent 435 Identifies the UNIX-domain socket used to communicate with an 436 agent that has access to the private host keys. If the string 437 "SSH_AUTH_SOCK" is specified, the location of the socket will be 438 read from the SSH_AUTH_SOCK environment variable. 439 440 HostKeyAlgorithms 441 Specifies the host key algorithms that the server offers. The 442 default for this option is: 443 444 ecdsa-sha2-nistp256-cert-v01 (a] openssh.com, 445 ecdsa-sha2-nistp384-cert-v01 (a] openssh.com, 446 ecdsa-sha2-nistp521-cert-v01 (a] openssh.com, 447 ssh-ed25519-cert-v01 (a] openssh.com, 448 ssh-rsa-cert-v01 (a] openssh.com, 449 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 450 ssh-ed25519,ssh-rsa 451 452 The list of available key types may also be obtained using "ssh 453 -Q key". 454 455 IgnoreRhosts 456 Specifies that .rhosts and .shosts files will not be used in 457 HostbasedAuthentication. 458 459 /etc/hosts.equiv and /etc/shosts.equiv are still used. The 460 default is yes. 461 462 IgnoreUserKnownHosts 463 Specifies whether sshd(8) should ignore the user's 464 ~/.ssh/known_hosts during HostbasedAuthentication. The default 465 is no. 466 467 IPQoS Specifies the IPv4 type-of-service or DSCP class for the 468 connection. Accepted values are af11, af12, af13, af21, af22, 469 af23, af31, af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, 470 cs4, cs5, cs6, cs7, ef, lowdelay, throughput, reliability, or a 471 numeric value. This option may take one or two arguments, 472 separated by whitespace. If one argument is specified, it is 473 used as the packet class unconditionally. If two values are 474 specified, the first is automatically selected for interactive 475 sessions and the second for non-interactive sessions. The 476 default is lowdelay for interactive sessions and throughput for 477 non-interactive sessions. 478 479 KbdInteractiveAuthentication 480 Specifies whether to allow keyboard-interactive authentication. 481 The argument to this keyword must be yes or no. The default is 482 to use whatever value ChallengeResponseAuthentication is set to 483 (by default yes). 484 485 KerberosAuthentication 486 Specifies whether the password provided by the user for 487 PasswordAuthentication will be validated through the Kerberos 488 KDC. To use this option, the server needs a Kerberos servtab 489 which allows the verification of the KDC's identity. The default 490 is no. 491 492 KerberosGetAFSToken 493 If AFS is active and the user has a Kerberos 5 TGT, attempt to 494 acquire an AFS token before accessing the user's home directory. 495 The default is no. 496 497 KerberosOrLocalPasswd 498 If password authentication through Kerberos fails then the 499 password will be validated via any additional local mechanism 500 such as /etc/passwd. The default is yes. 501 502 KerberosTicketCleanup 503 Specifies whether to automatically destroy the user's ticket 504 cache file on logout. The default is yes. 505 506 KexAlgorithms 507 Specifies the available KEX (Key Exchange) algorithms. Multiple 508 algorithms must be comma-separated. Alternately if the specified 509 value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified methods 510 will be appended to the default set instead of replacing them. 511 If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y character, then the 512 specified methods (including wildcards) will be removed from the 513 default set instead of replacing them. The supported algorithms 514 are: 515 516 curve25519-sha256 517 curve25519-sha256 (a] libssh.org 518 diffie-hellman-group1-sha1 519 diffie-hellman-group14-sha1 520 diffie-hellman-group-exchange-sha1 521 diffie-hellman-group-exchange-sha256 522 ecdh-sha2-nistp256 523 ecdh-sha2-nistp384 524 ecdh-sha2-nistp521 525 526 The default is: 527 528 curve25519-sha256,curve25519-sha256 (a] libssh.org, 529 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521, 530 diffie-hellman-group-exchange-sha256, 531 diffie-hellman-group14-sha1 532 533 The list of available key exchange algorithms may also be 534 obtained using "ssh -Q kex". 535 536 ListenAddress 537 Specifies the local addresses sshd(8) should listen on. The 538 following forms may be used: 539 540 ListenAddress host|IPv4_addr|IPv6_addr 541 ListenAddress host|IPv4_addr:port 542 ListenAddress [host|IPv6_addr]:port 543 544 If port is not specified, sshd will listen on the address and all 545 Port options specified. The default is to listen on all local 546 addresses. Multiple ListenAddress options are permitted. 547 548 LoginGraceTime 549 The server disconnects after this time if the user has not 550 successfully logged in. If the value is 0, there is no time 551 limit. The default is 120 seconds. 552 553 LogLevel 554 Gives the verbosity level that is used when logging messages from 555 sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO, 556 VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO. 557 DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify 558 higher levels of debugging output. Logging with a DEBUG level 559 violates the privacy of users and is not recommended. 560 561 MACs Specifies the available MAC (message authentication code) 562 algorithms. The MAC algorithm is used for data integrity 563 protection. Multiple algorithms must be comma-separated. If the 564 specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the specified 565 algorithms will be appended to the default set instead of 566 replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y 567 character, then the specified algorithms (including wildcards) 568 will be removed from the default set instead of replacing them. 569 570 The algorithms that contain "-etm" calculate the MAC after 571 encryption (encrypt-then-mac). These are considered safer and 572 their use recommended. The supported MACs are: 573 574 hmac-md5 575 hmac-md5-96 576 hmac-ripemd160 577 hmac-sha1 578 hmac-sha1-96 579 hmac-sha2-256 580 hmac-sha2-512 581 umac-64 (a] openssh.com 582 umac-128 (a] openssh.com 583 hmac-md5-etm (a] openssh.com 584 hmac-md5-96-etm (a] openssh.com 585 hmac-ripemd160-etm (a] openssh.com 586 hmac-sha1-etm (a] openssh.com 587 hmac-sha1-96-etm (a] openssh.com 588 hmac-sha2-256-etm (a] openssh.com 589 hmac-sha2-512-etm (a] openssh.com 590 umac-64-etm (a] openssh.com 591 umac-128-etm (a] openssh.com 592 593 The default is: 594 595 umac-64-etm (a] openssh.com,umac-128-etm (a] openssh.com, 596 hmac-sha2-256-etm (a] openssh.com,hmac-sha2-512-etm (a] openssh.com, 597 hmac-sha1-etm (a] openssh.com, 598 umac-64 (a] openssh.com,umac-128 (a] openssh.com, 599 hmac-sha2-256,hmac-sha2-512,hmac-sha1 600 601 The list of available MAC algorithms may also be obtained using 602 "ssh -Q mac". 603 604 Match Introduces a conditional block. If all of the criteria on the 605 Match line are satisfied, the keywords on the following lines 606 override those set in the global section of the config file, 607 until either another Match line or the end of the file. If a 608 keyword appears in multiple Match blocks that are satisfied, only 609 the first instance of the keyword is applied. 610 611 The arguments to Match are one or more criteria-pattern pairs or 612 the single token All which matches all criteria. The available 613 criteria are User, Group, Host, LocalAddress, LocalPort, and 614 Address. The match patterns may consist of single entries or 615 comma-separated lists and may use the wildcard and negation 616 operators described in the PATTERNS section of ssh_config(5). 617 618 The patterns in an Address criteria may additionally contain 619 addresses to match in CIDR address/masklen format, such as 620 192.0.2.0/24 or 2001:db8::/32. Note that the mask length 621 provided must be consistent with the address - it is an error to 622 specify a mask length that is too long for the address or one 623 with bits set in this host portion of the address. For example, 624 192.0.2.0/33 and 192.0.2.0/8, respectively. 625 626 Only a subset of keywords may be used on the lines following a 627 Match keyword. Available keywords are AcceptEnv, 628 AllowAgentForwarding, AllowGroups, AllowStreamLocalForwarding, 629 AllowTcpForwarding, AllowUsers, AuthenticationMethods, 630 AuthorizedKeysCommand, AuthorizedKeysCommandUser, 631 AuthorizedKeysFile, AuthorizedPrincipalsCommand, 632 AuthorizedPrincipalsCommandUser, AuthorizedPrincipalsFile, 633 Banner, ChrootDirectory, ClientAliveCountMax, 634 ClientAliveInterval, DenyGroups, DenyUsers, ForceCommand, 635 GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes, 636 HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, IPQoS, 637 KbdInteractiveAuthentication, KerberosAuthentication, 638 MaxAuthTries, MaxSessions, PasswordAuthentication, 639 PermitEmptyPasswords, PermitOpen, PermitRootLogin, PermitTTY, 640 PermitTunnel, PermitUserRC, PubkeyAcceptedKeyTypes, 641 PubkeyAuthentication, RekeyLimit, RevokedKeys, 642 StreamLocalBindMask, StreamLocalBindUnlink, TrustedUserCAKeys, 643 X11DisplayOffset, X11Forwarding and X11UseLocalHost. 644 645 MaxAuthTries 646 Specifies the maximum number of authentication attempts permitted 647 per connection. Once the number of failures reaches half this 648 value, additional failures are logged. The default is 6. 649 650 MaxSessions 651 Specifies the maximum number of open shell, login or subsystem 652 (e.g. sftp) sessions permitted per network connection. Multiple 653 sessions may be established by clients that support connection 654 multiplexing. Setting MaxSessions to 1 will effectively disable 655 session multiplexing, whereas setting it to 0 will prevent all 656 shell, login and subsystem sessions while still permitting 657 forwarding. The default is 10. 658 659 MaxStartups 660 Specifies the maximum number of concurrent unauthenticated 661 connections to the SSH daemon. Additional connections will be 662 dropped until authentication succeeds or the LoginGraceTime 663 expires for a connection. The default is 10:30:100. 664 665 Alternatively, random early drop can be enabled by specifying the 666 three colon separated values start:rate:full (e.g. "10:30:60"). 667 sshd(8) will refuse connection attempts with a probability of 668 rate/100 (30%) if there are currently start (10) unauthenticated 669 connections. The probability increases linearly and all 670 connection attempts are refused if the number of unauthenticated 671 connections reaches full (60). 672 673 PasswordAuthentication 674 Specifies whether password authentication is allowed. The 675 default is yes. 676 677 PermitEmptyPasswords 678 When password authentication is allowed, it specifies whether the 679 server allows login to accounts with empty password strings. The 680 default is no. 681 682 PermitOpen 683 Specifies the destinations to which TCP port forwarding is 684 permitted. The forwarding specification must be one of the 685 following forms: 686 687 PermitOpen host:port 688 PermitOpen IPv4_addr:port 689 PermitOpen [IPv6_addr]:port 690 691 Multiple forwards may be specified by separating them with 692 whitespace. An argument of any can be used to remove all 693 restrictions and permit any forwarding requests. An argument of 694 none can be used to prohibit all forwarding requests. The 695 wildcard M-bM-^@M-^X*M-bM-^@M-^Y can be used for host or port to allow all hosts or 696 ports, respectively. By default all port forwarding requests are 697 permitted. 698 699 PermitRootLogin 700 Specifies whether root can log in using ssh(1). The argument 701 must be yes, prohibit-password, without-password, 702 forced-commands-only, or no. The default is prohibit-password. 703 704 If this option is set to prohibit-password or without-password, 705 password and keyboard-interactive authentication are disabled for 706 root. 707 708 If this option is set to forced-commands-only, root login with 709 public key authentication will be allowed, but only if the 710 command option has been specified (which may be useful for taking 711 remote backups even if root login is normally not allowed). All 712 other authentication methods are disabled for root. 713 714 If this option is set to no, root is not allowed to log in. 715 716 PermitTTY 717 Specifies whether pty(4) allocation is permitted. The default is 718 yes. 719 720 PermitTunnel 721 Specifies whether tun(4) device forwarding is allowed. The 722 argument must be yes, point-to-point (layer 3), ethernet (layer 723 2), or no. Specifying yes permits both point-to-point and 724 ethernet. The default is no. 725 726 Independent of this setting, the permissions of the selected 727 tun(4) device must allow access to the user. 728 729 PermitUserEnvironment 730 Specifies whether ~/.ssh/environment and environment= options in 731 ~/.ssh/authorized_keys are processed by sshd(8). The default is 732 no. Enabling environment processing may enable users to bypass 733 access restrictions in some configurations using mechanisms such 734 as LD_PRELOAD. 735 736 PermitUserRC 737 Specifies whether any ~/.ssh/rc file is executed. The default is 738 yes. 739 740 PidFile 741 Specifies the file that contains the process ID of the SSH 742 daemon, or none to not write one. The default is 743 /var/run/sshd.pid. 744 745 Port Specifies the port number that sshd(8) listens on. The default 746 is 22. Multiple options of this type are permitted. See also 747 ListenAddress. 748 749 PrintLastLog 750 Specifies whether sshd(8) should print the date and time of the 751 last user login when a user logs in interactively. The default 752 is yes. 753 754 PrintMotd 755 Specifies whether sshd(8) should print /etc/motd when a user logs 756 in interactively. (On some systems it is also printed by the 757 shell, /etc/profile, or equivalent.) The default is yes. 758 759 PubkeyAcceptedKeyTypes 760 Specifies the key types that will be accepted for public key 761 authentication as a comma-separated pattern list. Alternately if 762 the specified value begins with a M-bM-^@M-^X+M-bM-^@M-^Y character, then the 763 specified key types will be appended to the default set instead 764 of replacing them. If the specified value begins with a M-bM-^@M-^X-M-bM-^@M-^Y 765 character, then the specified key types (including wildcards) 766 will be removed from the default set instead of replacing them. 767 The default for this option is: 768 769 ecdsa-sha2-nistp256-cert-v01 (a] openssh.com, 770 ecdsa-sha2-nistp384-cert-v01 (a] openssh.com, 771 ecdsa-sha2-nistp521-cert-v01 (a] openssh.com, 772 ssh-ed25519-cert-v01 (a] openssh.com, 773 ssh-rsa-cert-v01 (a] openssh.com, 774 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 775 ssh-ed25519,ssh-rsa 776 777 The list of available key types may also be obtained using "ssh 778 -Q key". 779 780 PubkeyAuthentication 781 Specifies whether public key authentication is allowed. The 782 default is yes. 783 784 RekeyLimit 785 Specifies the maximum amount of data that may be transmitted 786 before the session key is renegotiated, optionally followed a 787 maximum amount of time that may pass before the session key is 788 renegotiated. The first argument is specified in bytes and may 789 have a suffix of M-bM-^@M-^XKM-bM-^@M-^Y, M-bM-^@M-^XMM-bM-^@M-^Y, or M-bM-^@M-^XGM-bM-^@M-^Y to indicate Kilobytes, 790 Megabytes, or Gigabytes, respectively. The default is between 791 M-bM-^@M-^X1GM-bM-^@M-^Y and M-bM-^@M-^X4GM-bM-^@M-^Y, depending on the cipher. The optional second 792 value is specified in seconds and may use any of the units 793 documented in the TIME FORMATS section. The default value for 794 RekeyLimit is default none, which means that rekeying is 795 performed after the cipher's default amount of data has been sent 796 or received and no time based rekeying is done. 797 798 RevokedKeys 799 Specifies revoked public keys file, or none to not use one. Keys 800 listed in this file will be refused for public key 801 authentication. Note that if this file is not readable, then 802 public key authentication will be refused for all users. Keys 803 may be specified as a text file, listing one public key per line, 804 or as an OpenSSH Key Revocation List (KRL) as generated by 805 ssh-keygen(1). For more information on KRLs, see the KEY 806 REVOCATION LISTS section in ssh-keygen(1). 807 808 StreamLocalBindMask 809 Sets the octal file creation mode mask (umask) used when creating 810 a Unix-domain socket file for local or remote port forwarding. 811 This option is only used for port forwarding to a Unix-domain 812 socket file. 813 814 The default value is 0177, which creates a Unix-domain socket 815 file that is readable and writable only by the owner. Note that 816 not all operating systems honor the file mode on Unix-domain 817 socket files. 818 819 StreamLocalBindUnlink 820 Specifies whether to remove an existing Unix-domain socket file 821 for local or remote port forwarding before creating a new one. 822 If the socket file already exists and StreamLocalBindUnlink is 823 not enabled, sshd will be unable to forward the port to the Unix- 824 domain socket file. This option is only used for port forwarding 825 to a Unix-domain socket file. 826 827 The argument must be yes or no. The default is no. 828 829 StrictModes 830 Specifies whether sshd(8) should check file modes and ownership 831 of the user's files and home directory before accepting login. 832 This is normally desirable because novices sometimes accidentally 833 leave their directory or files world-writable. The default is 834 yes. Note that this does not apply to ChrootDirectory, whose 835 permissions and ownership are checked unconditionally. 836 837 Subsystem 838 Configures an external subsystem (e.g. file transfer daemon). 839 Arguments should be a subsystem name and a command (with optional 840 arguments) to execute upon subsystem request. 841 842 The command sftp-server implements the SFTP file transfer 843 subsystem. 844 845 Alternately the name internal-sftp implements an in-process SFTP 846 server. This may simplify configurations using ChrootDirectory 847 to force a different filesystem root on clients. 848 849 By default no subsystems are defined. 850 851 SyslogFacility 852 Gives the facility code that is used when logging messages from 853 sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0, 854 LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The 855 default is AUTH. 856 857 TCPKeepAlive 858 Specifies whether the system should send TCP keepalive messages 859 to the other side. If they are sent, death of the connection or 860 crash of one of the machines will be properly noticed. However, 861 this means that connections will die if the route is down 862 temporarily, and some people find it annoying. On the other 863 hand, if TCP keepalives are not sent, sessions may hang 864 indefinitely on the server, leaving "ghost" users and consuming 865 server resources. 866 867 The default is yes (to send TCP keepalive messages), and the 868 server will notice if the network goes down or the client host 869 crashes. This avoids infinitely hanging sessions. 870 871 To disable TCP keepalive messages, the value should be set to no. 872 873 TrustedUserCAKeys 874 Specifies a file containing public keys of certificate 875 authorities that are trusted to sign user certificates for 876 authentication, or none to not use one. Keys are listed one per 877 line; empty lines and comments starting with M-bM-^@M-^X#M-bM-^@M-^Y are allowed. If 878 a certificate is presented for authentication and has its signing 879 CA key listed in this file, then it may be used for 880 authentication for any user listed in the certificate's 881 principals list. Note that certificates that lack a list of 882 principals will not be permitted for authentication using 883 TrustedUserCAKeys. For more details on certificates, see the 884 CERTIFICATES section in ssh-keygen(1). 885 886 UseDNS Specifies whether sshd(8) should look up the remote host name, 887 and to check that the resolved host name for the remote IP 888 address maps back to the very same IP address. 889 890 If this option is set to no (the default) then only addresses and 891 not host names may be used in ~/.ssh/authorized_keys from and 892 sshd_config Match Host directives. 893 894 UsePAM Enables the Pluggable Authentication Module interface. If set to 895 yes this will enable PAM authentication using 896 ChallengeResponseAuthentication and PasswordAuthentication in 897 addition to PAM account and session module processing for all 898 authentication types. 899 900 Because PAM challenge-response authentication usually serves an 901 equivalent role to password authentication, you should disable 902 either PasswordAuthentication or ChallengeResponseAuthentication. 903 904 If UsePAM is enabled, you will not be able to run sshd(8) as a 905 non-root user. The default is no. 906 907 VersionAddendum 908 Optionally specifies additional text to append to the SSH 909 protocol banner sent by the server upon connection. The default 910 is none. 911 912 X11DisplayOffset 913 Specifies the first display number available for sshd(8)'s X11 914 forwarding. This prevents sshd from interfering with real X11 915 servers. The default is 10. 916 917 X11Forwarding 918 Specifies whether X11 forwarding is permitted. The argument must 919 be yes or no. The default is no. 920 921 When X11 forwarding is enabled, there may be additional exposure 922 to the server and to client displays if the sshd(8) proxy display 923 is configured to listen on the wildcard address (see 924 X11UseLocalhost), though this is not the default. Additionally, 925 the authentication spoofing and authentication data verification 926 and substitution occur on the client side. The security risk of 927 using X11 forwarding is that the client's X11 display server may 928 be exposed to attack when the SSH client requests forwarding (see 929 the warnings for ForwardX11 in ssh_config(5)). A system 930 administrator may have a stance in which they want to protect 931 clients that may expose themselves to attack by unwittingly 932 requesting X11 forwarding, which can warrant a no setting. 933 934 Note that disabling X11 forwarding does not prevent users from 935 forwarding X11 traffic, as users can always install their own 936 forwarders. 937 938 X11UseLocalhost 939 Specifies whether sshd(8) should bind the X11 forwarding server 940 to the loopback address or to the wildcard address. By default, 941 sshd binds the forwarding server to the loopback address and sets 942 the hostname part of the DISPLAY environment variable to 943 localhost. This prevents remote hosts from connecting to the 944 proxy display. However, some older X11 clients may not function 945 with this configuration. X11UseLocalhost may be set to no to 946 specify that the forwarding server should be bound to the 947 wildcard address. The argument must be yes or no. The default 948 is yes. 949 950 XAuthLocation 951 Specifies the full pathname of the xauth(1) program, or none to 952 not use one. The default is /usr/X11R6/bin/xauth. 953 954 TIME FORMATS 955 sshd(8) command-line arguments and configuration file options that 956 specify time may be expressed using a sequence of the form: 957 time[qualifier], where time is a positive integer value and qualifier is 958 one of the following: 959 960 M-bM-^_M-(noneM-bM-^_M-) seconds 961 s | S seconds 962 m | M minutes 963 h | H hours 964 d | D days 965 w | W weeks 966 967 Each member of the sequence is added together to calculate the total time 968 value. 969 970 Time format examples: 971 972 600 600 seconds (10 minutes) 973 10m 10 minutes 974 1h30m 1 hour 30 minutes (90 minutes) 975 976 TOKENS 977 Arguments to some keywords can make use of tokens, which are expanded at 978 runtime: 979 980 %% A literal M-bM-^@M-^X%M-bM-^@M-^Y. 981 %F The fingerprint of the CA key. 982 %f The fingerprint of the key or certificate. 983 %h The home directory of the user. 984 %i The key ID in the certificate. 985 %K The base64-encoded CA key. 986 %k The base64-encoded key or certificate for authentication. 987 %s The serial number of the certificate. 988 %T The type of the CA key. 989 %t The key or certificate type. 990 %u The username. 991 992 AuthorizedKeysCommand accepts the tokens %%, %f, %h, %k, %t, and %u. 993 994 AuthorizedKeysFile accepts the tokens %%, %h, and %u. 995 996 AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %h, %i, %K, 997 %k, %s, %T, %t, and %u. 998 999 AuthorizedPrincipalsFile accepts the tokens %%, %h, and %u. 1000 1001 ChrootDirectory accepts the tokens %%, %h, and %u. 1002 1003 FILES 1004 /etc/ssh/sshd_config 1005 Contains configuration data for sshd(8). This file should be 1006 writable by root only, but it is recommended (though not 1007 necessary) that it be world-readable. 1008 1009 SEE ALSO 1010 sftp-server(8), sshd(8) 1011 1012 AUTHORS 1013 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 1014 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 1015 de Raadt and Dug Song removed many bugs, re-added newer features and 1016 created OpenSSH. Markus Friedl contributed the support for SSH protocol 1017 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 1018 for privilege separation. 1019 1020 OpenBSD 6.0 March 14, 2017 OpenBSD 6.0 1021
