+sshd [[-deiqtD46] [[-b bits] [[-f config_file] [[-g login_grace_time] [[-h host_key_file] [[-k key_gen_time] [[-p port] [[-u len]  

+  

+sshd (SSH Daemon) is the daemon program for ssh(1). Together these programs replace rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. The programs are intended to be as easy to install and use as possible. 

+sshd is the daemon that listens for connections from clients. It is normally started at boot from /etc/rc. It forks a new daemon for each incoming connection. The forked daemons handle key exchange, encryption, authentication, command execution, and data exchange. This implementation of sshd supports both SSH protocol version 1 and 2 simulta- neously. sshd works as follows. 

+Each host has a host-specific RSA key (normally 1024 bits) used to identify the host. Additionally, when the daemon starts, it generates a server RSA key (normally 768 bits). This key is normally regenerated every hour if it has been used, and is never stored on disk. 

+Whenever a client connects the daemon responds with its public host and server keys. The client compares the RSA host key against its own database to verify that it has not changed. The client then generates a 256 bit random number. It encrypts this random number using both the host key and the server key, and sends the encrypted number to the server. Both sides then use this random number as a session key which is used to encrypt all further communications in the session. The rest of the session is encrypted using a conventional cipher, currently Blowfish or 3DES, with 3DES being used by default. The client selects the encryption  

+algorithm to use from those offered by the server. 

+Next, the server and the client enter an authentication dialog . The client tries to authenticate itself using .rhosts authentication, .rhosts authentication combined with RSA host authentication, RSA challenge-response authentication, or password based authentication. 

+Rhosts authentication is normally disabled because it is fundamentally insecure, but can be enabled in the server configuration file if desired. System security is not improved unless rshd(8), rlogind(8), and rexecd(8) are dis- abled (thus completely disabling  

+rlogin(1) and rsh(1) into the machine). 

+Version 2 works similarly: Each host has a host-specific key (RSA or DSA) used to identify the host. However, when the daemon starts, it does not generate a server key. Forward security is provided through a Diffie-Hellman key agreement. This key agreement results in a shared session key. 

+The rest of the session is encrypted using a symmetric cipher, currently 128 bit AES, Blowfish, 3DES, CAST128, Arcfour , 192 bit AES, or 256 bit AES. The client selects the encryption algorithm to use from those offered by the server. Additionally, session integrity is provided through a cryptographic message authentication code (hmac-sha1 or hmac-md5). 

+Protocol version 2 provides a public key based user (!PubkeyAuthentication ) or client host (! HostbasedAuthentication) authentication method, conventional password authentication and challenge response based methods. 

+If the client successfully authenticates itself, a dialog for preparing the session is entered. At this time the client may request things like allocating a pseudo-tty, forwarding X11 connections, forwarding TCP/IP connections, or forwarding the authentication agent connection over the secure channel. 

+Finally, the client either requests a shell or execution of a command. The sides then enter session mode. In this mode, either side may send data at any time, and such data is forwarded to/from the shell or command on the server side, and the user terminal in the client side. 

+When the user program terminates and all forwarded X11 and other connections have been closed, the server sends command exit status to the client, and both sides exit. 

+sshd can be configured using command-line options or a configuration file. Command-line options override values specified in the configuration file. 

+sshd rereads its configuration file when it receives a hangup signal, SIGHUP, by executing itself with the name it was started as, i.e., /usr/sbin/sshd. 

+ -b bits 

+ -g login_grace_time  

+Gives the grace time for clients to authenticate themselves (default 600 seconds). If the client fails to authenticate the user within this many sec- onds, the server disconnects and exits. A value of zero indicates no limit. 

+ -h host_key_file  

+Specifies the file from which the host key is read (default /etc/ssh/ssh_host_key). This option must be given if sshd is not run as root (as the normal host file is normally not readable by anyone but root). It is possible to have multiple host key files for the different protocol versions and host key algorithms . 

+ -i  

+Specifies that sshd is being run from inetd. sshd is normally not run from inetd because it needs to generate the server key before it can respond to the client, and this may take tens of seconds. Clients would have to wait too long if the key was regener- ated every time. However, with small key sizes (e.g., 512) using sshd from inetd may be feasible. 

+ -k key_gen_time  

+Specifies how often the ephemeral protocol version 1 server key is regenerated (default 3600 seconds, or one hour). The motivation for regenerating the key fairly often is that the key is not stored anywhere, and after about an hour, it becomes impossible to recover the key for decrypting intercepted communications even if the machine is cracked into or physically seized. A value of zero indicates that the key will never be regenerated. 

+ -p port  

+Specifies the port on which the server listens for connections (default 22). 

+ -q  

+Quiet mode. Only fatal errors are sent to the system log. Normally the beginning, authentication, and termination of each connection is logged. If a sec- ond -q is given then nothing is sent to the system log. 

+ -t  

+Test mode. Only check the validity of the configuration file and sanity of the keys. This is useful for updating sshd reliably as configuration options may change. 

+ -u len  

+This option is used to specify the size of the field in the utmp structure that holds the remote host name. If the resolved host name is longer than len, the dotted decimal value will be used instead. This allows hosts with very long host names that overflow this field to still be uniquely identified. Specifying -u0 indicates that only dotted decimal addresses should be put into the  

+utmp file. -u0 is also be used to prevent sshd from making DNS requests unless the authentication mechanism or configuration requires it. Authentication mechanisms that may require DNS include ! RhostsAuthentication, ! RhostsRSAAuthentication, ! HostbasedAuthentication and using a from="pattern-list" option in a key file. Configuration options that require DNS include using a USER@HOST pattern in AllowUsers or DenyUsers.  

+ -D  

+When this option is specified sshd will not detach and does not become a daemon. This allows easy monitoring of sshd. 

+ -4 

+ -6 

+sshd reads configuration data from /etc/ssh/sshd_config (or the file specified with -f on the command line). The file contains keyword-argument pairs, one per line. Lines starting with # and empty lines are interpreted as comments. 

+The possible keywords and their meanings are as follows (note that keywords are case-insensitive and arguments are case-sensitive): 

+Specifies whether an AFS token may be forwarded tothe server. Default is ``yes''.! AllowGroupsThis keyword can be followed by a list of groupnames, separated by spaces. If specified, login isallowed only for users whose primary group or supple-mentary group list matches one of the patterns. and? can be used as wildcards in the patterns. Onlygroup names are valid; a numerical group ID is notrecognized. By default login is allowed regardlessof the group list.! AllowTcpForwardingSpecifies whether TCP forwarding is permitted. Thedefault is ``yes''. Note that disabling TCP forward-ing does not improve security unless users are alsodenied shell access, as they can always install theirown forwarders.! AllowUsersThis keyword can be followed by a list of user names,separated by spaces. If specified, login is allowedonly for users names that match one of the patterns.and ? can be used as wildcards in the patterns.Only user names are valid; a numerical user ID is notrecognized. By default login is allowed regardlessof the user name. If the pattern takes the formUSER@HOST then USER and HOST are separately checked,restricting logins to particular users from particu-lar hosts.! AuthorizedKeysFileSpecifies the file that contains the public keys thatcan be used for user authentication.! AuthorizedKeysFile may contain tokens of the form %Twhich are substituted during connection set-up. Thefollowing tokens are defined: %% is replaced by aliteral '%', %h is replaced by the home directory ofthe user being authenticated and %u is replaced bythe username of that user. After expansion,! AuthorizedKeysFile is taken to be an absolute path orone relative to the user's home directory. Thedefault is ``.ssh/authorized_keys''! BannerIn some jurisdictions, sending a warning messagebefore authentication may be relevant for gettinglegal protection. The contents of the specified fileare sent to the remote user before authentication isallowed. This option is only available for protocolversion 2.! ChallengeResponseAuthenticationSpecifies whether challenge response authenticationis allowed. All authentication styles fromlogin.conf(5) are supported. The default is ``yes''. 

+ Ciphers  

+Specifies the ciphers allowed for protocol version 2. Multiple ciphers must be comma-separated. The default is ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour.'' 

+ ! ClientAliveInterval  

+Sets a timeout interval in seconds after which if no data has been received from the client, sshd will send a message through the encrypted channel to request a response from the client. The default is , indicating that these messages will not be sent to the client. This option applies to protocol version 2 only. 

+ ! ClientAliveCountMax  

+Sets the number of client alive messages (see above) which may be sent without sshd receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from ! KeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by ! KeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive. 

+The default value is 3. If ! ClientAliveInterval (above) is set to 15, and ! ClientAliveCountMax is left at the default, unresponsive ssh clients will be disconnected after approximately 45 seconds. 

+! DenyGroups  

+This keyword can be followed by a number of group names, separated by spaces. Users whose primary group or supplementary group list matches one of the patterns aren't allowed to log in. and ? can be used as wildcards in the patterns. Only group names are valid; a numerical group ID is not recognized. By default login is allowed regardless of the group list. 

+! DenyUsers  

+This keyword can be followed by a number of user names, separated by spaces. Login is disallowed for user names that match one of the patterns. and ? can be used as wildcards in the patterns. Only user names are valid; a numerical user ID is not recognized . By default login is allowed regardless of the user name. 

+! GatewayPorts  

+Specifies whether remote hosts are allowed to connect to ports forwarded for the client. By default, sshd binds remote port forwardings to the loopback addresss. This prevents other remote hosts from con- necting to forwarded ports. ! GatewayPorts can be used to specify that sshd should bind remote port forward- ings to the wildcard address, thus allowing remote hosts to connect to forwarded ports. The argument must be ``yes'' or ``no''. The default is ``no''. 

+! HostbasedAuthentication  

+Specifies whether rhosts or /etc/hosts.equiv authentication together with successful public key client host authentication is allowed (hostbased authentica- tion). This option is similar to RhostsRSAAuthentication and applies to protocol version 2 only. The default is ``no''. 

+! HostKey  

+Specifies the file containing the private host keys (default /etc/ssh/ssh_host_key) used by SSH protocol versions 1 and 2. Note that sshd will refuse to use a file if it is group/world-accessible. It is possi- ble to have multiple host key files. ``rsa1'' keys are used for version 1 and ``dsa'' or ``rsa'' are used for version 2 of the SSH protocol. 

+! IgnoreRhosts  

+Specifies that .rhosts and .shosts files will not be used in ! RhostsAuthentication, RhostsRSAAuthentication or ! HostbasedAuthentication. 

+! KerberosOrLocalPasswd  

+If set then if password authentication through Kerberos fails then the password will be validated via any additional local mechanism such as /etc/passwd. Default is ``yes''. 

+! KerberosTgtPassing  

+Specifies whether a Kerberos TGT may be forwarded to the server. Default is ``no'', as this only works when the Kerberos KDC is actually an AFS kaserver. 

+! KerberosTicketCleanup  

+Specifies whether to automatically destroy the user's ticket cache file on logout. Default is ``yes''. 

+! KeyRegenerationInterval  

+In protocol version 1, the ephemeral server key is automatically regenerated after this many seconds (if it has been used). The purpose of regeneration is to prevent decrypting captured sessions by later break- ing into the machine and stealing the keys. The key is never stored anywhere. If the value is , the key is never regenerated. The default is 3600 (seconds). 

+! ListenAddress  

+Specifies the local addresses sshd should listen on. The following forms may be used: 

+ ! ListenAddress host|IPv4_addr|IPv6_addr  

+ ! ListenAddress host|IPv4_addr:port  

+ ! ListenAddress [[ host|IPv6_addr]:port 

+If port is not specified, sshd will listen on the address and all prior Port options specified. The default is to listen on all local addresses. Multiple ! ListenAddress options are permitted. Addition- ally, any Port options must precede this option for non port qualified addresses. 

+! LoginGraceTime  

+The server disconnects after this time if the user has not successfully logged in. If the value is , there is no time limit. The default is 600 (seconds ). 

+! LogLevel  

+Gives the verbosity level that is used when logging messages from sshd. The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG. The default is INFO. Logging with level DEBUG violates the privacy of users and is not recommended. 

+Specifies the available MAC (message authentication code) algorithms. The MAC algorithm is used in pro- tocol version 2 for data integrity protection. Multiple algorithms must be comma-separated. The default is ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96''. 

+! MaxStartups  

+Specifies the maximum number of concurrent unauthenticated connections to the sshd daemon. Additional connections will be dropped until authentication succeeds or the ! LoginGraceTime expires for a connection. The default is 10. 

+Alternatively, random early drop can be enabled by specifying the three colon separated values ``start:rate:full'' (e.g., 

+Specifies whether PAM challenge response authentication is allowed. This allows the use of most PAM challenge response authentication modules, but it will allow password authentication regardless of whether ! PasswordAuthentication is disabled. The default is ``no''. 

+! PasswordAuthentication  

+Specifies whether password authentication is allowed. The default is ``yes''. 

+! PermitEmptyPasswords  

+When password authentication is allowed, it specifies whether the server allows login to accounts with empty password strings. The default is ``no''. 

+! PermitRootLogin  

+Specifies whether root can login using ssh(1). The argument must be ``yes'', ``without-password'', ``forced-commands-only'' or ``no''. The default is ``yes''. 

+If this option is set to ``without-password'' password authentication is disabled for root. 

+If this option is set to ``forced-commands-only'' root login with public key authentication will be allowed, but only if the command option has been specified (which may be useful for taking remote backups even if root login is normally not allowed). All other authentication methods are disabled for root. 

+! PidFile 

+! ListenAddress. 

+! PrintLastLog 

+! PrintMotd 

+! PubkeyAuthentication 

+! ReverseMappingCheck 

+! RhostsAuthentication 

+! ServerKeyBits 

+! StrictModes 

+! SyslogFacility 

+! UseLogin 

+disabled if ! UseLogin is enabled. 

+2. ! AuthorizedKeysFile may be used to specify an alternative 

+ /etc/ssh/moduli  

+Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".  

+The primary purpose of this file is to run any initialization routines which may be needed before the user's home directory becomes accessible; AFS is a particular example of such an environment.  

+This file will probably contain some initialization code followed by something similar to:  

+  

+  

+ if read proto cookie && [ -n "$DISPLAY" ] ; then  

+ if [ ` echo $DISPLAY | cut -c1-10` = 'localhost:' ]; then  

+ # X11UseLocalhost=yes  

+ xauth add unix:`echo $DISPLAY |  

+ cut -c11-` $proto $cookie  

+ else  

+ # X11UseLocalhost=no  

+ xauth add $DISPLAY $proto $cookie  

+ fi  

+Like $HOME/.ssh/rc. This can be used to specify machine-specific login-time initializations globally. This file should be writable only by root, and should be world-readable. 

+OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt and Dug Song removed many bugs, re-added newer features and created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2..  

+  

+BSD September 25, 1999 1