sshdSection: SSH (8)
Updated: November 8, 1995
SSH man page index Return to SSH FAQ
NAMEsshd - secure shell daemon
SYNOPSISsshd[-b bits][-d ][-f config_file][-g login_grace_time][-h host_key_file][-i ][-k key_gen_time][-p port][-q ][-V version]
Sshd (Secure Shell Daemon) is the daemon program for ssh.Together these programs replace rlogin and rsh programs, andprovide secure encrypted communications between two untrusted hostsover an insecure network. The programs are intended to be as easy toinstall and use as possible.
Sshdis the daemon that listens for connections from clients. It isnormally started at boot from /etc/rc.localor equivalent. It forks a newdaemon for each incoming connection. The forked daemons handlekey exchange, encryption, authentication, command execution,and data exchange.
Sshd works as follows. Each host has a host-specific RSA key(normally 1024 bits) used to identify the host. Additionally, whenthe daemon starts, it generates a server RSA key (normally 768 bits).This key is normally regenerated every hour if it has been used, andis never stored on disk.
Whenever a client connects the daemon, the daemon sends its hostand server public keys to the client. The client compares thehost key against its own database to verify that it has not changed.The client then generates a 256 bit random number. It encrypts thisrandom number using both the host key and the server key, and sendsthe encrypted number to the server. Both sides then start to use thisrandom number as a session key which is used to encrypt all furthercommunications in the session. The rest of the session is encryptedusing a conventional cipher. Currently, IDEA,DES,3DES,ARCFOUR, andTSS(a fast home-grown algorithm) are supported. IDEAis used by default. The client selects the encryption algorithm to usefrom those offered by the server.
Next, the server and the client enter an authentication dialog. Theclient tries to authenticate itself using .rhostsauthentication, .rhosts authentication combined with RSA hostauthentication, RSA challenge-response authentication, TIS channengeresponse authentication, or passwordbased authentication.
Rhosts authentication is normally disabledbecause it is fundamentally insecure, but can be enabled in the serverconfiguration file if desired. System security is not improved unless rshd(8), rlogind(8), rexecd(8), andrexd (8) are disabled (thus completely disabling rlogin(1)and rsh(1)into that machine).
If the client successfully authenticates itself, a dialog forpreparing the session is entered. At this time the client may requestthings like allocating a pseudo-tty, forwarding X11 connections,forwarding TCP/IP connections, or forwarding the authentication agentconnection over the secure channel.
Finally, the client either requests a shell or execution of a command.The sides then enter session mode. In this mode, either side may senddata at any time, and such data is forwarded to/from the shell orcommand on the server side, and the user terminal in the client side.
When the user program terminates and all forwarded X11 and otherconnections have been closed, the server sends command exit status tothe client, and both sides exit.
Sshd can be configured using command-line options or a configurationfile. Command-line options override values specified in theconfiguration file.
Sshd rereads its configuration file if it is sent the hangupsignal, SIGHUP.
- -b bits
- Specifies the number of bits in the server key (default 768).
- Debug mode. The server sends verbose debug output to the systemlog, and does not put itself in the background. The server also willnot fork and will only process one connection. This option is onlyintended for debugging for the server.
- -f configuration_file
- Specifies the name of the configuration file. The default is/etc/sshd_config.
- -g login_grace_time
- Gives the grace time for clients to authenticate themselves (default600 seconds). If the client fails to authenticate the user withinthis many seconds, the server disconnects and exits. A value of zeroindicates no limit.
- -h host_key_file
- Specifies the file from which the host key is read (default/etc/ssh_host_key).This option must be given if sshd is not run as root (as the normalhost file is normally not readable by anyone but root).
- Specifies that sshd is being run from inetd. Sshd is normally not runfrom inetd because it needs to generate the server key before it canrespond to the client, and this may take tens of seconds. Clientswould have to wait too long if the key was regenerated every time.However, with small key sizes (e.g. 512) using sshd from inetd maybe feasible.
- -k key_gen_time
- Specifies how often the server key is regenerated (default 3600seconds, or one hour). The motivation for regenerating the key fairlyoften is that the key is not stored anywhere, and after about an hour,it becomes impossible to recover the key for decrypting interceptedcommunications even if the machine is cracked into or physicallyseized. A value of zero indicates that the key will never be regenerated.
- -p port
- Specifies the port on which the server listens for connections(default 22).
- Quiet mode. Nothing is sent to the system log. Normally the beginning,authentication, and termination of each connection is logged.
- SSH version 2 compatibility mode. Server assumes that SSH version 2daemon has already read the version number string from the client andthis option gives the version string read from the client.
Sshdreads configuration data from /etc/sshd_config(or the file specified with -f on the command line). The filecontains keyword-value pairs, one per line. Lines starting with '#'and empty lines are interpreted as comments.
The following keywords are possible. Keywords are case insensitive.
- This keyword can be followed by any number of group name patterns,separated by spaces. If specified, login is allowed only if usersprimary group name matches one of the patterns. '*' and '?' can beused as wildcards in the patterns. By default, logins as all users areallowed.
Note that the all other login authentication steps must still besucessfully completed. AllowGroups and DenyGroups are additionalrestrictions.
- This keyword can be followed by any number of host name patterns,separated by spaces. If specified, login is allowed only from hostswhose name matches one of the patterns. '*' and '?' can be used aswildcards in the patterns. Normal name servers are used to map theclient's host into a canonical host name. If the name cannot bemapped, its IP-address is used as the host name. By default all hostsare allowed to connect.
Note thatsshdcan also be configured to use tcp_wrappers using the --with-libwrapcompile-time configuration option.
- Specifies when to start print warning messages that the account isgoing to expire. The value is number of days before the accountexpiration. The default value is 14 days, and if set to 0 the warningmessages are disabled.
- This keyword can be followed by any number of host name patterns,separated by spaces. If specified, .shosts (and .rhosts and/etc/hosts.equiv) entries are only honoured for hosts whose namematches one of the patterns.servers are used to map the client's host into a canonical host name.If the name cannot be mapped, its IP-address is used as the host name.By default all hosts are allowed to connect.
- Specifies whether tcp forwarding is permitted. The default is "yes".Note that disabling tcp forwarding does not improve security in anyway, as users can always install their own forwarders.
- This keyword can be followed by any number of user name patterns or user@host patterns, separated by spaces. Host name may be either thedns name or the ip address. If specified, login is allowed only asusers whose name matches one of the patterns. '*' and '?' can beused as wildcards in the patterns. By default, logins as all users areallowed.
Note that the all other login authentication steps must still besucessfully completed. AllowUsers and DenyUsers are additionalrestrictions.
- Specifies whethersshdshould print information whether you have new mail or notwhen a user logs in interactively. (On some systems it is alsoprinted by the shell, /etc/profile, or equivalent.) The default is"yes".
- This keyword can be followed by any number of group name patterns,separated by spaces. If specified, login is disallowed if usersprimary group name name matches any of the patterns.
- This keyword can be followed by any number of host name patterns,separated by spaces. If specified, login is disallowed from the hostswhose name matches any of the patterns.
- This keyword can be followed by any number of host name patterns,separated by spaces. If specified, .shosts (and .rhosts and/etc/hosts.equiv) entries whose name matches any of the patterns areignored.
- This keyword can be followed by any number of user name patterns or user@host patterns, separated by spaces. Host name may be either thedns name or the ip address. If specified, login is disallowed as userswhose name matches any of the patterns.
- Specifies whether to use verbose logging. Verbose logging violatesthe privacy of users and is not recommended. The argument must be"yes" or "no" (without the quotes). The default is "no".
- Specifies whether to force password change if the password is empty(first login). . The argument must be "yes" or "no" (without thequotes). The default is "no".
- Specifies whether to force password change if the password is expired.The argument must be"yes" or "no" (without the quotes). The default is "yes".
- Specifies the file containing the private host key (default/etc/ssh_host_key).
- IdleTimeout time
- Sets idle timeout limit to time in seconds (s or nothing afternumber), in minutes (m), in hours (h), in days (d), or in weeks (w).If the connection have been idle (all channels) for that long time thechild process is killed with SIGHUP, and connection is closed down.
- Specifies that rhosts and shosts files will not be used inauthentication./etc/hosts.equivand/etc/shosts.equiv are still used. The default is "no".
- Specifies that rhosts and shosts files will not be used inauthentication for root. The default is the value ofIgnoreRhosts.
- Specifies whether the system should send keepalive messages to theother side. If they are sent, death of the connection or crash of oneof the machines will be properly noticed. However, this means thatconnections will die if the route is down temporarily, and some peoplefind it annoying. On the other hand, if keepalives are not send,sessions may hang indefinitely on the server, leaving "ghost" usersand consuming server resources.
The default is "yes" (to send keepalives), and the server will noticeif the network goes down or the client host reboots. This avoidsinfinitely hanging sessions.
To disable keepalives, the value should be set to "no" in both theserver and the client configuration files.
- Specifies whether Kerberos V5 authentication is allowed. This canbe in the form of a Kerberos ticket, or if PasswordAuthenticationis yes, the password provided by the user will be validated throughthe Kerberos KDC or DCE Security Server. Default is yes.
- If set then if password authentication through Kerberos fails thenthe password will be validated via any additional local mechanismsuch as /etc/passwd or SecurID. Default is no.
- Specifies whether a Kerberos V5 TGT may be forwarded to the server.Default is yes.
- The server key is automatically regenerated after this many seconds(if it has been used). The purpose of regeneration is to preventdecrypting captured sessions by later breaking into the machine andstealing the keys. The key is never stored anywhere. If the value is0, the key is never regenerated. The default is 3600(seconds).
- Specifies the ip address of the interface where the sshd server socketis bind.
- The server disconnects after this time if the user has notsuccessfully logged in. If the value is 0, there is no time limit.The default is 600 (seconds).
- Specifies whether password authentication is allowed.The default is "yes".
- Specifies when to start print warning messages that the password isgoing to expire. The value is number of days before the passwordexpiration. The default value is 14 days, and if set to 0 the warningmessages are disabled.
- When password authentication is allowed, it specifies whether theserver allows login to accounts with empty password strings. The defaultis "yes".
- Specifies whether the root can log in usingssh.May be set to "yes", "nopwd", or "no". The default is "yes", allowingroot logins through any of the authentication types allowed for otherusers. The "nopwd" value disables password-authenticated root logins.The "no" value disables root logins through any of the authenticationmethods. ("nopwd" and "no" are equivalent unless you havea .rhosts, .shosts, or .ssh/authorized_keys file in the root homedirectory.)
Root login with RSA authentication when the "command" option has beenspecified will be allowed regardless of the value of this setting(which may be useful for taking remote backups even if root login isnormally not allowed).
- Specifies the location of the file containing the process ID of themaster sshd daemon (default: /etc/sshd.pid or /var/run/sshd.pid,depending on the system).
- Specifies the port number thatsshdlistens on. The default is 22.
- Specifies whethersshdshould print /etc/motdwhen a user logs in interactively. (On some systems it is alsoprinted by the shell, /etc/profile, or equivalent.) The default is"yes".
- Specifies whether the system runs in quiet mode. In quiet mode,nothing is logged in the system log, except fatal errors. The defaultis "no".
- Specifies the file containing the random seed for the server; thisfile is created automatically and updated regularly. The default is/etc/ssh_random_seed.
- Specifies whether authentication using rhosts or /etc/hosts.equivfiles is sufficient. Normally, this method should not be permittedbecause it is insecure. RhostsRSAAuthentication should be usedinstead, because it performs RSA-based host authentication in additionto normal rhosts or /etc/hosts.equiv authentication.The default is "no".
- Specifies whether rhosts or /etc/hosts.equiv authentication togetherwith successful RSA host authentication is allowed. The default is "yes".
- Specifies whether pure RSA authentication is allowed. The default is "yes".
- Defines the number of bits in the server key. The minimum value is512, and the default is 768.
- Specifies wheter denied (or not allowed) connections are deniedsilently (just close the connection, no logging etc) or are theyclosed cleanly (send error message and log connection attempt).
- Specifies whether ssh should check file modes and ownership of theuser's home directory and rhosts files before accepting login. Thisis normally desirable because novices sometimes accidentally leave theirdirectory or files world-writable. The default is "yes".
- Gives the facility code that is used when logging messages fromsshd.The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is DAEMON.
- Specifies wether authentication through TISauthsrv(8) is allowed. The default is "no".
- Sets default umask for sshd and its childs. Remember to add 0 in frontof the number to make it octal. Default is to not set umask at all.
- Specifies whether X11 forwarding is permitted. The default is "yes".Note that disabling X11 forwarding does not improve security in anyway, as users can always install their own forwarders.
- Specifies the first display number available for sshd's X11 forwarding. This prevents sshd from interfering with real X11servers.
- Specifies the default path to xauth program.
When a user successfully logs in,sshddoes the following:
- If the login is on a tty, and no command has been specified,prints last login time and /etc/motd(unless prevented in the configuration file or by$HOME/.hushlogin;see the FILES section).
- If the login is on a tty, records login time.
- Checks /etc/nologin; if it exists, prints contents and quits(unless root).
- Changes to run with normal user privileges.
- Sets up basic environment.
- Reads /etc/environment if it exists.
- Reads $HOME/.ssh/environment if it exists.
- Changes to user's home directory.
- If $HOME/.ssh/rc exists, runs it (with the user's shell); else if/etc/sshrc exists, runs it (with /bin/sh); otherwise runs xauth.The "rc" files are given the X11 authentication protocol and cookie instandard input.
- Runs user's shell or command.
AUTHORIZED_KEYS FILE FORMAT
The $HOME/.ssh/authorized_keysfile lists the RSA keys that arepermitted for RSA authentication. Each line of the file contains onekey (empty lines and lines starting with a '#' are ignored ascomments). Each line consists of the following fields, separated byspaces: options, bits, exponent, modulus, comment. The options fieldis optional; its presence is determined by whether the line startswith a number or not (the option field never starts with a number).The bits, exponent, modulus and comment fields give the RSA key; thecomment field is not used for anything (but may be convenient for theuser to identify the key).
Note that lines in this file are usually several hundred bytes long(because of the size of the RSA key modulus). You don't want to typethem in; instead, copy the identity.pubfile and edit it.
The options (if present) consists of comma-separated optionspecifications. No spaces are permitted, except within double quotes.Option names are case insensitive. The following option specificationsare supported:
Specifies that in addition to RSA authentication, the canonical nameof the remote host must be present in the comma-separated list ofpatterns ('*' and '?' serve as wildcards). The list may also containpatterns negated by prefixing them with '!'; if the canonical hostname matches a negated pattern, the key is not accepted. The purposeof this option is to optionally increase security: RSA authenticationby itself does not trust the network or name servers or anything (butthe key); however, if somebody somehow steals the key, the keypermits an intruder to log in from anywhere in the world. Thisadditional option makes using a stolen key more difficult (nameservers and/or routers would have to be compromised in addition tojust the key).
Specifies that the command is executed whenever this key is used forauthentication. The command supplied by the user (if any) is ignored.The command is run on a pty if the connection requests a pty;otherwise it is run without a tty. A quote may be included in thecommand by quoting it with a backslash. This option might be usefulto restrict certain RSA keys to perform just a specific operation. Anexample might be a key that permits remote backups but nothingelse. Notice that the client may specify TCP/IP and/or X11forwardings unless they are explicitly prohibited.
Specifies that the string is to be added to the environment whenlogging in using this key. Environment variables set this wayoverride other default environment values. Multiple options of thistype are permitted.
Sets idle timeout limit to time in seconds (s or nothing afternumber), in minutes (m), in hours (h), in days (d), or in weeks (w).If the connection have been idle (all channels) for that long time thechild process is killed with SIGHUP, and connection is closed down.
Forbids TCP/IP forwarding when this key is used for authentication.Any port forward requests by the client will return an error. Thismight be used e.g. in connection with thecommandoption.
Forbids X11 forwarding when this key is used for authentication.Any X11 forward requests by the client will return an error.
Forbids authentication agent forwarding when this key is used forauthentication.
Prevents tty allocation (a request to allocate a pty will fail).
1024 33 12121...312314325 firstname.lastname@example.org
from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23...2334 ylo@niksula
command="dump /home",no-pty,no-port-forwarding 1024 33 23...2323 backup.hut.fi
SSH WITH TCP WRAPPERS
When sshd is compiled with tcp wrappers libraries, then thehost.allow/deny files also controls who can connect to ports forwardedby sshd.
The program names in the hosts.allow/deny files aresshdfwd-<portname>,sshdfwd-<portnumber>, andsshdfwd-X11for forwarded ports the ssh client or server is listening.
If the port has name defined then you must use it.
SSH_KNOWN_HOSTS FILE FORMAT
The /etc/ssh_known_hostsand $HOME/.ssh/known_hostsfiles contain host public keys for all known hosts. The global file shouldbe prepared by the admistrator (optional), and the per-user file ismaintained automatically: whenever the user connects an unknown hostits key is added to the per-user file. The recommended way to create/etc/ssh_known_hostsis to use themake-ssh-known-hostscommand.
Each line in these files contains the following fields: hostnames,bits, exponent, modulus, comment. The fields are separated by spaces.
Hostnames is a comma-separated list of patterns ('*' and '?' act aswildcards); each pattern in turn is matched against the canonical hostname (when authenticating a client) or against the user-suppliedname (when authenticating a server). A pattern may also be precededby '!' to indicate negation: if the host name matches a negatedpattern, it is not accepted (by that line) even if it matched anotherpattern on the line.
Bits, exponent, and modulus are taken directly from the host key; theycan be obtained e.g. from/etc/ssh_host_key.pub.The optional comment field continues to the end of the line, and is not used.
Lines starting with '#' and empty lines are ignored as comments.
When performing host authentication, authentication is accepted if anymatching line has the proper key. It is thus permissible (but notrecommended) to have several lines or different host keys for the samenames. This will inevitably happen when short forms of host namesfrom different domains are put in the file. It is possiblethat the files contain conflicting information; authentication isaccepted if valid information can be found from either file.
Note that the lines in these files are typically hundreds of characterslong, and you definitely don't want to type in the host keys by hand.Rather, generate them by a script (see make-ssh-known-hosts(1))or by taking /etc/ssh_host_key.puband adding the host names at the front.
closenet,closenet.hut.fi,...,184.108.40.206 1024 37 159...93 closenet.hut.fi
- Contains configuration data forsshd.This file should be writable by root only, but it is recommended(though not necessary) that it be world-readable.
- Contains the private part of the host key. This file is normallycreated automatically by "make install", but can also be created manually usingssh-keygen(1). This file should only be owned by root, readable only by root, and notaccessible to others.
- Contains the public part of the host key. This file is normallycreated automatically by "make install", but can also be createdmanually. This file should be world-readable but writable only byroot. Its contents should match the private part. This file is notreally used for anything; it is only provided for the convenience ofthe user so its contents can be copied to known hosts files.
- This file contains a seed for the random number generator. This fileshould only be accessible by root.
- Contains the process id of thesshdlistening for connections (if there are several daemons runningconcurrently for different ports, this contains the pid of the onestarted last). The contents of this file are not sensitive; it can beworld-readable.
- Lists the RSA keys that can be used to log into the user's account.This file must be readable by root (which may on some machines implyit being world-readable if the user's home directory resides on an NFSvolume). It is recommended that it not be accessible by others. Theformat of this file is described above.
- /etc/ssh_known_hosts and $HOME/.ssh/known_hosts
- These files are consulted when using rhosts with RSA hostauthentication to check the public key of the host. The key must belisted in one of these files to be accepted. (The client uses thesame files to verify that the remote host is the one we intended toconnect.) These files should be writable only by root/the owner./etc/ssh_known_hostsshould be world-readable, and $HOME/.ssh/known_hosts canbut need not be world-readable.
- If this file exists, sshdrefuses to let anyone except root log in. The contents of the fileare displayed to anyone trying to log in, and non-root connections arerefused. The file should be world-readable.
- This file contains host-username pairs, separated by a space, one perline. The given user on the corresponding host is permitted to log inwithout password. The same file is used by rlogind and rshd.Ssh differs from rlogindand rshd in that it requires RSA host authentication in addition tovalidating the host name retrieved from domain name servers (unlesscompiled with the --with-rhosts configuration option). The file mustbe writable only by the user; it is recommended that it not beaccessible by others.
It is also possible to use netgroups in the file. Either host or username may be of the form +@groupname to specify all hosts or all usersin the group.
- Forssh,this file is exactly the same as for .rhosts. However, this file isnot used by rlogin and rshd, so using this permits access usingsshonly.
- This file is used during .rhosts authentication. In thesimplest form, this file contains host names, one per line. Users onthose hosts are permitted to log in without a password, provided theyhave the same user name on both machines. The host name may also befollowed by a user name; such users are permitted to log in asanyuser on this machine (except root). Additionally, the syntax +@groupcan be used to specify netgroups. Negated entries start with '-'.
If the client host/user is successfully matched in this file, login isautomatically permitted provided the client and server user names are thesame. Additionally, successful RSA host authentication is normallyrequired. This file must be writable only by root; it is recommendedthat it be world-readable.
Warning: It is almost never a good idea to use user names in hosts.equiv.Beware that it really means that the named user(s) can log in asanybody,which includes bin, daemon, adm, and other accounts that own criticalbinaries and directories. Using a user name practically grants theuser root access. The only valid use for user names that I can thinkof is in negative entries.Note that this warning also applies to rsh/rlogin.
- This is processed exactly as/etc/hosts.equiv.However, this file may be useful in environments that want to run bothrsh/rlogin andssh.
- This file is read into the environment at login (if it exists). Itcan only contain empty lines, comment lines (that start with '#'), andassignment lines of the form name=value. This file is processed inall environments (normal rsh/rlogin only process it on AIX andpotentially some other systems). The file should be writable only byroot, and should be world-readable.
- This file is read into the environment after /etc/environment. It hasthe same format. The file should be writable only by the user; itneed not be readable by anyone else.
- If this file exists, it is run with the user's shell after reading theenvironment files but before starting the user's shell or command. IfX11 spoofing is in use, this will receive the "proto cookie" pair instandard input (and DISPLAY in environment). This must call xauth inthat case.
The primary purpose of this file is to run any initialization routineswhich may be needed before the user's home directory becomesaccessible; AFS is a particular example of such an environment.
This file will probably contain some initialization code followed bysomething similar to: "if read proto cookie; then echo add $DISPLAY$proto $cookie | xauth -q -; fi".
If this file does not exist, /etc/sshrc is run, and if thatdoes not exist either, xauth is used to store the cookie.
This file should be writable only by the user, and need not bereadable by anyone else.
- Like $HOME/.ssh/rc, but run with /bin/sh. This can be used to specifymachine-specific login-time initializations globally. This fileshould be writable only by root, and should be world-readable.
- Establishes a mapping between a local username and its correspondingname in the TIS database. Each line contains the local name followedby a ":" followed by the corresponding name. If the file does notexist or the user is not found, the corresponding name in the TISdatabase is supposed to be the same.
Sshd is normally run as root. If it is not run as root, it canonly log in as the user it is running as, and password authenticationmay not work if the system uses shadow passwords. An alternativehost key file must also be used.
Sshd is normally started from /etc/rc.localor equivalent at system boot.
Considerable work has been put to makingsshdsecure. However, if you find a security problem, please report itimmediately to <email@example.com>.
Tatu Ylonen <firstname.lastname@example.org>
Information about new releases, mailing lists, and other relatedissues can be found from the ssh WWW home page athttp://www.ssh.com.
This document was created by man2html,using the manual pages.
Time: 05:38:44 GMT, September 09, 1999