SYNOPSIS
sshd [-diqQ46] [-b bits] [-f config_file] [-g lo-
gin_grace_time] [-h
host_key_file] [-k key_gen_time] [-p port] [-u len] [-V
client_protocol_id]
DESCRIPTION
sshd (Secure Shell Daemon) is the daemon program for ssh(1).
Together
these programs replace rlogin and rsh, and provide secure
encrypted com-
munications between two untrusted hosts over an insecure
network. The
programs are intended to be as easy to install and use as
possible.
sshd is the daemon that listens for connections from
clients. It is nor-
mally started at boot from /etc/rc. It forks a new daemon
for each incom-
ing connection. The forked daemons handle key exchange, en-
cryption, au-
thentication, command execution, and data exchange. This
implementation
of sshd supports both SSH protocol version 1 and 2 simulta-
neously. sshd
works as follows.
SSH protocol version 1
Each host has a host-specific RSA key (normally 1024 bits)
used to iden-
tify the host. Additionally, when the daemon starts, it
generates a
server RSA key (normally 768 bits). This key is normally
regenerated ev-
ery hour if it has been used, and is never stored on disk.
Whenever a client connects the daemon responds with its pub-
lic host and
server keys. The client compares the RSA host key against
its own
database to verify that it has not changed. The client then
generates a
256 bit random number. It encrypts this random number using
both the
host key and the server key, and sends the encrypted number
to the serv-
er. Both sides then use this random number as a session key
which is
used to encrypt all further communications in the session.
The rest of
Rhosts authentication is normally disabled because it is
fundamentally
insecure, but can be enabled in the server configuration
file if desired.
System security is not improved unless rshd(8), rlogind(8),
rexecd(8),
and rexd(8) are disabled (thus completely disabling
rlogin(1) and rsh(1)
into the machine).
SSH protocol version 2
Version 2 works similarly: Each host has a host-specific DSA
key used to
identify the host. However, when the daemon starts, it does
not generate
a server key. Forward security is provided through a
Diffie-Hellman key
agreement. This key agreement results in a shared session
key. The rest
of the session is encrypted using a symmetric cipher, cur-
rently Blowfish,
3DES or CAST128 in CBC mode or Arcfour. The client selects
the encryp-
tion algorithm to use from those offered by the server. Ad-
ditionally,
session integrity is provided through a cryptographic mes-
sage authentica-
tion code (hmac-sha1 or hmac-md5).
Protocol version 2 provides a public key based user authen-
tication method
(DSAAuthentication) and conventional password authentica-
tion.
Command execution and data forwarding
If the client successfully authenticates itself, a dialog
for preparing
the session is entered. At this time the client may request
things like
allocating a pseudo-tty, forwarding X11 connections, for-
warding TCP/IP
connections, or forwarding the authentication agent connec-
tion over the
secure channel.
Finally, the client either requests a shell or execution of
a command.
The sides then enter session mode. In this mode, either
side may send
configura-
tion file.
sshd rereads its configuration file when it receives a
hangup signal,
SIGHUP.
The options are as follows:
-b bits
Specifies the number of bits in the server key (de-
fault 768).
-d Debug mode. The server sends verbose debug output
to the system
log, and does not put itself in the background. The
server also
will not fork and will only process one connection.
This option
is only intended for debugging for the server. Mul-
tiple -d op-
tions increases the debugging level. Maximum is 3.
-f configuration_file
Specifies the name of the configuration file. The
default is
/etc/sshd_config. sshd refuses to start if there is
no configura-
tion file.
-g login_grace_time
Gives the grace time for clients to authenticate
themselves (de-
fault 300 seconds). If the client fails to authen-
ticate the user
within this many seconds, the server disconnects and
exits. A
value of zero indicates no limit.
-h host_key_file
Specifies the file from which the RSA host key is
read (default
/etc/ssh_host_key). This option must be given if
sshd is not run
as root (as the normal host file is normally not
readable by any-
one but root).
-i Specifies that sshd is being run from inetd. sshd
is normally
not run from inetd because it needs to generate the
server key
and after
about an hour, it becomes impossible to recover the
key for de-
crypting intercepted communications even if the ma-
chine is
cracked into or physically seized. A value of zero
indicates
that the key will never be regenerated.
-p port
Specifies the port on which the server listens for
connections
(default 22).
-q Quiet mode. Nothing is sent to the system log.
Normally the be-
ginning, authentication, and termination of each
connection is
logged.
-u len This option is used to specify the size of the field
in the utmp
structure that holds the remote host name. If the
resolved host
name is longer than len, the dotted decimal value
will be used
instead. This allows hosts with very long host
names that over-
flow this field to still be uniquely identified.
Specifying -u0
indicates that only dotted decimal addresses should
be put into
the utmp file.
-Q Do not print an error message if RSA support is
missing.
-V client_protocol_id
SSH-2 compatibility mode. When this option is spec-
ified sshd as-
sumes the client has sent the supplied version
string and skips
the Protocol Version Identification Exchange. This
option is not
intended to be called directly.
-4 Forces sshd to use IPv4 addresses only.
-6 Forces sshd to use IPv6 addresses only.
CONFIGURATION FILE
sshd reads configuration data from /etc/sshd_config (or the
AllowGroups
This keyword can be followed by a number of group
names, separat-
ed by spaces. If specified, login is allowed only
for users
whose primary group matches one of the patterns.
`*' and `?' can
be used as wildcards in the patterns. Only group
names are
valid; a numerical group ID isn't recognized. By
default login
is allowed regardless of the primary group.
AllowTcpForwarding
Specifies whether TCP forwarding is permitted. The
default is
``yes''. Note that disabling TCP forwarding does not
improve se-
curity unless users are also denied shell access, as
they can al-
ways install their own forwarders.
AllowUsers
This keyword can be followed by a number of user
names, separated
by spaces. If specified, login is allowed only for
users names
that match one of the patterns. `*' and `?' can be
used as wild-
cards in the patterns. Only user names are valid; a
numerical
user ID isn't recognized. By default login is al-
lowed regardless
of the user name.
Ciphers
Specifies the ciphers allowed for protocol version
2. Multiple
ciphers must be comma-separated. The default is
``3des-
cbc,blowfish-cbc,arcfour,cast128-cbc''.
CheckMail
Specifies whether sshd should check for new mail for
interactive
logins. The default is ``no''.
DenyGroups
This keyword can be followed by a number of group
names, separat-
ed by spaces. Users whose primary group matches one
of the pat-
in the pat-
terns. Only user names are valid; a numerical user
ID isn't rec-
ognized. By default login is allowed regardless of
the user
name.
DSAAuthentication
Specifies whether DSA authentication is allowed.
The default is
``yes''. Note that this option applies to protocol
version 2 on-
ly.
GatewayPorts
Specifies whether remote hosts are allowed to con-
nect to ports
forwarded for the client. The argument must be
``yes'' or
``no''. The default is ``no''.
HostDSAKey
Specifies the file containing the private DSA host
key (default
/etc/ssh_host_dsa_key) used by SSH protocol 2.0.
Note that sshd
disables protocol 2.0 if this file is group/world-
accessible.
HostKey
Specifies the file containing the private RSA host
key (default
/etc/ssh_host_key) used by SSH protocols 1.3 and
1.5. Note that
sshd disables protocols 1.3 and 1.5 if this file is
group/world-
accessible.
IgnoreRhosts
Specifies that .rhosts and .shosts files will not be
used in au-
thentication. /etc/hosts.equiv and
/etc/shosts.equiv are still
used. The default is ``yes''.
IgnoreUserKnownHosts
Specifies whether sshd should ignore the user's
$HOME/.ssh/known_hosts during RhostsRSAAuthentica-
tion. The de-
fault is ``no''.
KeepAlive
The default is ``yes'' (to send keepalives), and the
server will
notice if the network goes down or the client host
reboots. This
avoids infinitely hanging sessions.
To disable keepalives, the value should be set to
``no'' in both
the server and the client configuration files.
KerberosAuthentication
Specifies whether Kerberos authentication is al-
lowed. This can
be in the form of a Kerberos ticket, or if Passwor-
dAuthentication
is yes, the password provided by the user will be
validated
through the Kerberos KDC. To use this option, the
server needs a
Kerberos servtab which allows the verification of
the KDC's iden-
tity. Default is ``yes''.
KerberosOrLocalPasswd
If set then if password authentication through Ker-
beros fails
then the password will be validated via any addi-
tional local
mechanism such as /etc/passwd. Default is ``yes''.
KerberosTgtPassing
Specifies whether a Kerberos TGT may be forwarded to
the server.
Default is ``no'', as this only works when the Ker-
beros KDC is
actually an AFS kaserver.
KerberosTicketCleanup
Specifies whether to automatically destroy the us-
er's ticket
cache file on logout. Default is ``yes''.
KeyRegenerationInterval
The server key is automatically regenerated after
this many sec-
onds (if it has been used). The purpose of regener-
ation is to
prevent decrypting captured sessions by later break-
ing into the
machine and stealing the keys. The key is never
stored anywhere.
The server disconnects after this time if the user
has not suc-
cessfully logged in. If the value is 0, there is no
time limit.
The default is 600 (seconds).
LogLevel
Gives the verbosity level that is used when logging
messages from
sshd. The possible values are: QUIET, FATAL, ERROR,
INFO, VERBOSE
and DEBUG. The default is INFO. Logging with level
DEBUG vio-
lates the privacy of users and is not recommended.
MaxStartups
Specifies the maximum number of concurrent unauthen-
ticated con-
nections to the sshd daemon. Additional connections
will be
dropped until authentication succeeds or the Login-
GraceTime ex-
pires for a connection. The default is 10.
Alternatively, random early drop can be enabled by
specifying the
three colon separated values ``start:rate:full''
(e.g.,
"10:30:60"). sshd will refuse connection attempts
with a proba-
billity of ``rate/100'' (30%) if there are currently
``start''
(10) unauthenticated connections. The probabillity
increases
linearly and all connection attempts are refused if
the number of
unauthenticated connections reaches ``full'' (60).
PasswordAuthentication
Specifies whether password authentication is al-
lowed. The de-
fault is ``yes''. Note that this option applies to
both protocol
versions 1 and 2.
PermitEmptyPasswords
When password authentication is allowed, it speci-
fies whether the
server allows login to accounts with empty password
strings. The
default is ``no''.
ups even if
root login is normally not allowed).
PidFile
Specifies the file that contains the process identi-
fier of the
sshd daemon. The default is /var/run/sshd.pid.
Port Specifies the port number that sshd listens on. The
default is
22. Multiple options of this type are permitted.
PrintMotd
Specifies whether sshd should print /etc/motd when a
user logs in
interactively. (On some systems it is also printed
by the shell,
/etc/profile, or equivalent.) The default is
``yes''.
Protocol
Specifies the protocol versions sshd should support.
The possi-
ble values are ``1'' and ``2''. Multiple versions
must be comma-
separated. The default is ``1''.
RandomSeed
Obsolete. Random number generation uses other tech-
niques.
RhostsAuthentication
Specifies whether authentication using rhosts or
/etc/hosts.equiv
files is sufficient. Normally, this method should
not be permit-
ted because it is insecure. RhostsRSAAuthentication
should be
used instead, because it performs RSA-based host au-
thentication
in addition to normal rhosts or /etc/hosts.equiv au-
thentication.
The default is ``no''.
RhostsRSAAuthentication
Specifies whether rhosts or /etc/hosts.equiv authen-
tication to-
gether with successful RSA host authentication is
allowed. The
default is ``no''.
RSAAuthentication
Specifies whether skey(1) authentication is allowed.
The default
is ``yes''. Note that s/key authentication is en-
abled only if
PasswordAuthentication is allowed, too.
StrictModes
Specifies whether sshd should check file modes and
ownership of
the user's files and home directory before accepting
login. This
is normally desirable because novices sometimes ac-
cidentally
leave their directory or files world-writable. The
default is
``yes''.
Subsystem
Configures an external subsystem (e.g., file trans-
fer daemon).
Arguments should be a subsystem name and a command
to execute up-
on subsystem request. The command sftp-server(8)
implements the
``sftp'' file transfer subsystem. By default no
subsystems are
defined. Note that this option applies to protocol
version 2 on-
ly.
SyslogFacility
Gives the facility code that is used when logging
messages from
sshd. The possible values are: DAEMON, USER, AUTH,
LOCAL0, LO-
CAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LO-
CAL7. The de-
fault is AUTH.
UseLogin
Specifies whether login(1) is used for interactive
login ses-
sions. Note that login(1) is never used for remote
command exe-
cution. The default is ``no''.
X11DisplayOffset
Specifies the first display number available for
sshd's X11 for-
warding. This prevents sshd from interfering with
real X11
servers. The default is 10.
LOGIN PROCESS
When a user successfully logs in, sshd does the following:
1. If the login is on a tty, and no command has been
specified,
prints last login time and /etc/motd (unless pre-
vented in the
configuration file or by $HOME/.hushlogin; see
the FILES sec-
tion).
2. If the login is on a tty, records login time.
3. Checks /etc/nologin; if it exists, prints con-
tents and quits
(unless root).
4. Changes to run with normal user privileges.
5. Sets up basic environment.
6. Reads $HOME/.ssh/environment if it exists.
7. Changes to user's home directory.
8. If $HOME/.ssh/rc exists, runs it; else if
/etc/sshrc exists,
runs it; otherwise runs xauth. The ``rc'' files
are given the
X11 authentication protocol and cookie in stan-
dard input.
9. Runs user's shell or command.
AUTHORIZED_KEYS FILE FORMAT
The $HOME/.ssh/authorized_keys file lists the RSA keys that
are permitted
for RSA authentication in SSH protocols 1.3 and 1.5 Similar-
ly, the
$HOME/.ssh/authorized_keys2 file lists the DSA keys that are
permitted
for DSA authentication in SSH protocol 2.0. Each line of
the file con-
tains one key (empty lines and lines starting with a `#' are
ignored as
comments). Each line consists of the following fields, sep-
arated by
spaces: options, bits, exponent, modulus, comment. The op-
tions field is
optional; its presence is determined by whether the line
The options (if present) consist of comma-separated option
specifica-
tions. No spaces are permitted, except within double
quotes. The fol-
lowing option specifications are supported:
from="pattern-list"
Specifies that in addition to RSA authentication,
the canonical
name of the remote host must be present in the com-
ma-separated
list of patterns (`*' and `?' serve as wildcards).
The list may
also contain patterns negated by prefixing them with
`!'; if the
canonical host name matches a negated pattern, the
key is not ac-
cepted. The purpose of this option is to optionally
increase se-
curity: RSA authentication by itself does not trust
the network
or name servers or anything (but the key); however,
if somebody
somehow steals the key, the key permits an intruder
to log in
from anywhere in the world. This additional option
makes using a
stolen key more difficult (name servers and/or
routers would have
to be compromised in addition to just the key).
command="command"
Specifies that the command is executed whenever this
key is used
for authentication. The command supplied by the us-
er (if any) is
ignored. The command is run on a pty if the connec-
tion requests
a pty; otherwise it is run without a tty. A quote
may be includ-
ed in the command by quoting it with a backslash.
This option
might be useful to restrict certain RSA keys to per-
form just a
specific operation. An example might be a key that
permits re-
mote backups but nothing else. Note that the client
may specify
TCP/IP and/or X11 forwarding unless they are explic-
itly prohibit-
ed.
return an er-
ror. This might be used, e.g., in connection with
the command
option.
no-X11-forwarding
Forbids X11 forwarding when this key is used for au-
thentication.
Any X11 forward requests by the client will return
an error.
no-agent-forwarding
Forbids authentication agent forwarding when this
key is used for
authentication.
no-pty Prevents tty allocation (a request to allocate a pty
will fail).
Examples
1024 33 12121...312314325 ylo@foo.bar
from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334
ylo@niksula
command="dump /home",no-pty,no-port-forwarding 1024 33
23...2323 back-
up.hut.fi
SSH_KNOWN_HOSTS FILE FORMAT
The /etc/ssh_known_hosts, /etc/ssh_known_hosts2,
$HOME/.ssh/known_hosts,
and $HOME/.ssh/known_hosts2 files contain host public keys
for all known
hosts. The global file should be prepared by the adminis-
trator (option-
al), and the per-user file is maintained automatically:
whenever the user
connects from an unknown host its key is added to the per-
user file.
Each line in these files contains the following fields:
hostnames, bits,
exponent, modulus, comment. The fields are separated by
spaces.
Hostnames is a comma-separated list of patterns ('*' and '?'
act as wild-
cards); each pattern in turn is matched against the canoni-
cal host name
(when authenticating a client) or against the user-supplied
name (when
Lines starting with `#' and empty lines are ignored as com-
ments.
When performing host authentication, authentication is ac-
cepted if any
matching line has the proper key. It is thus permissible
(but not recom-
mended) to have several lines or different host keys for the
same names.
This will inevitably happen when short forms of host names
from different
domains are put in the file. It is possible that the files
contain con-
flicting information; authentication is accepted if valid
information can
be found from either file.
Note that the lines in these files are typically hundreds of
characters
long, and you definitely don't want to type in the host keys
by hand.
Rather, generate them by a script or by taking
/etc/ssh_host_key.pub and
adding the host names at the front.
Examples
closenet,closenet.hut.fi,...,130.233.208.41 1024 37 159...93
closenet.hut.fi
FILES
/etc/sshd_config
Contains configuration data for sshd. This file
should be
writable by root only, but it is recommended (though
not neces-
sary) that it be world-readable.
/etc/ssh_host_key
Contains the private part of the host key. This
file should only
be owned by root, readable only by root, and not ac-
cessible to
others. Note that sshd does not start if this file
is
group/world-accessible.
/etc/ssh_host_key.pub
Contains the public part of the host key. This file
should be
world-readable but writable only by root. Its con-
tents should
last). The con-
tent of this file is not sensitive; it can be world-
readable.
$HOME/.ssh/authorized_keys
Lists the RSA keys that can be used to log into the
user's ac-
count. This file must be readable by root (which
may on some ma-
chines imply it being world-readable if the user's
home directory
resides on an NFS volume). It is recommended that
it not be ac-
cessible by others. The format of this file is de-
scribed above.
Users will place the contents of their identity.pub
files into
this file, as described in ssh-keygen(1).
$HOME/.ssh/authorized_keys2
Lists the DSA keys that can be used to log into the
user's ac-
count. This file must be readable by root (which
may on some ma-
chines imply it being world-readable if the user's
home directory
resides on an NFS volume). It is recommended that
it not be ac-
cessible by others. The format of this file is de-
scribed above.
Users will place the contents of their id_dsa.pub
files into this
file, as described in ssh-keygen(1).
/etc/ssh_known_hosts and $HOME/.ssh/known_hosts
These files are consulted when using rhosts with RSA
host authen-
tication to check the public key of the host. The
key must be
listed in one of these files to be accepted. The
client uses the
same files to verify that the remote host is the one
it intended
to connect. These files should be writable only by
root/the own-
er. /etc/ssh_known_hosts should be world-readable,
and
$HOME/.ssh/known_hosts can but need not be world-
readable.
/etc/nologin
If this file exists, sshd refuses to let anyone ex-
a space, one
per line. The given user on the corresponding host
is permitted
to log in without password. The same file is used
by rlogind and
rshd. The file must be writable only by the user;
it is recom-
mended that it not be accessible by others.
If is also possible to use netgroups in the file.
Either host or
user name may be of the form +@groupname to specify
all hosts or
all users in the group.
$HOME/.shosts
For ssh, this file is exactly the same as for
.rhosts. However,
this file is not used by rlogin and rshd, so using
this permits
access using SSH only.
/etc/hosts.equiv
This file is used during .rhosts authentication. In
the simplest
form, this file contains host names, one per line.
Users on
those hosts are permitted to log in without a pass-
word, provided
they have the same user name on both machines. The
host name may
also be followed by a user name; such users are per-
mitted to log
in as any user on this machine (except root). Addi-
tionally, the
syntax ``+@group'' can be used to specify netgroups.
Negated en-
tries start with `-'.
If the client host/user is successfully matched in
this file, lo-
gin is automatically permitted provided the client
and server us-
er names are the same. Additionally, successful RSA
host authen-
tication is normally required. This file must be
writable only
by root; it is recommended that it be world-read-
able.
Warning: It is almost never a good idea to use user
names in
This is processed exactly as /etc/hosts.equiv. How-
ever, this file
may be useful in environments that want to run both
rsh/rlogin
and ssh.
$HOME/.ssh/environment
This file is read into the environment at login (if
it exists).
It can only contain empty lines, comment lines (that
start with
`#'), and assignment lines of the form name=value.
The file
should be writable only by the user; it need not be
readable by
anyone else.
$HOME/.ssh/rc
If this file exists, it is run with /bin/sh after
reading the en-
vironment files but before starting the user's shell
or command.
If X11 spoofing is in use, this will receive the
"proto cookie"
pair in standard input (and DISPLAY in environment).
This must
call xauth(1) in that case.
The primary purpose of this file is to run any ini-
tialization
routines which may be needed before the user's home
directory be-
comes accessible; AFS is a particular example of
such an environ-
ment.
This file will probably contain some initialization
code followed
by something similar to: "if read proto cookie; then
echo add
$DISPLAY $proto $cookie | xauth -q -; fi".
If this file does not exist, /etc/sshrc is run, and
if that does
not exist either, xauth is used to store the cookie.
This file should be writable only by the user, and
need not be
readable by anyone else.
/etc/sshrc
sion was born.
This version of OpenSSH
o has all components of a restrictive nature (i.e.,
patents, see
crypto(3)) directly removed from the source code; any
licensed or
patented components are chosen from external libraries.
o has been updated to support SSH protocol 1.5 and 2, mak-
ing it compat-
ible with all other SSH clients and servers.
o contains added support for kerberos(8) authentication
and ticket
passing.
o supports one-time password authentication with skey(1).
OpenSSH has been created by Aaron Campbell, Bob Beck, Markus
Friedl,
Niels Provos, Theo de Raadt, and Dug Song.
The support for SSH protocol 2 was written by Markus Friedl.
SEE ALSO
scp(1), sftp-server(8), ssh(1), ssh-add(1), ssh-
agent(1), ssh-
keygen(1), crypto(3), rlogin(1), rsh(1)
BSD Experimental September 25, 1999
12
Man(1) output converted with man2html