1SSHD_CONFIG(5) BSD File Formats Manual SSHD_CONFIG(5)
2
4 sshd_config — OpenSSH SSH daemon configuration file
5
7 /etc/ssh/sshd_config
8
10 sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file
11 specified with -f on the command line). The file contains keyword-argu‐
12 ment pairs, one per line. Lines starting with ‘#’ and empty lines are
13 interpreted as comments. Arguments may optionally be enclosed in double
14 quotes (") in order to represent arguments containing spaces.
15 The possible keywords and their meanings are as follows (note that key‐
17 words are case-insensitive and arguments are case-sensitive):
18 AcceptEnv
20 Specifies what environment variables sent by the client will be
21 copied into the session's environ(7). See SendEnv in
22 ssh_config(5) for how to configure the client. The TERM environ‐
23 ment variable is always sent whenever the client requests a
24 pseudo-terminal as it is required by the protocol. Variables are
25 specified by name, which may contain the wildcard characters ‘*’
26 and ‘?’. Multiple environment variables may be separated by
27 whitespace or spread across multiple AcceptEnv directives. Be
28 warned that some environment variables could be used to bypass
29 restricted user environments. For this reason, care should be
30 taken in the use of this directive. The default is not to accept
31 any environment variables.
32 AddressFamily
34 Specifies which address family should be used by sshd(8). Valid
35 arguments are any (the default), inet (use IPv4 only), or inet6
36 (use IPv6 only).
37 AllowAgentForwarding
39 Specifies whether ssh-agent(1) forwarding is permitted. The
40 default is yes. Note that disabling agent forwarding does not
41 improve security unless users are also denied shell access, as
42 they can always install their own forwarders.
43 AllowGroups
45 This keyword can be followed by a list of group name patterns,
46 separated by spaces. If specified, login is allowed only for
47 users whose primary group or supplementary group list matches one
48 of the patterns. Only group names are valid; a numerical group
49 ID is not recognized. By default, login is allowed for all
50 groups. The allow/deny directives are processed in the following
51 order: DenyUsers, AllowUsers, DenyGroups, and finally
52 AllowGroups. All of the specified user and group tests must suc‐
53 ceed, before user is allowed to log in.
54 See PATTERNS in ssh_config(5) for more information on patterns.
56 AllowStreamLocalForwarding
58 Specifies whether StreamLocal (Unix-domain socket) forwarding is
59 permitted. The available options are yes (the default) or all to
60 allow StreamLocal forwarding, no to prevent all StreamLocal for‐
61 warding, local to allow local (from the perspective of ssh(1))
62 forwarding only or remote to allow remote forwarding only. Note
63 that disabling StreamLocal forwarding does not improve security
64 unless users are also denied shell access, as they can always
65 install their own forwarders.
66 AllowTcpForwarding
68 Specifies whether TCP forwarding is permitted. The available
69 options are yes (the default) or all to allow TCP forwarding, no
70 to prevent all TCP forwarding, local to allow local (from the
71 perspective of ssh(1)) forwarding only or remote to allow remote
72 forwarding only. Note that disabling TCP forwarding does not
73 improve security unless users are also denied shell access, as
74 they can always install their own forwarders.
75 AllowUsers
77 This keyword can be followed by a list of user name patterns,
78 separated by spaces. If specified, login is allowed only for
79 user names that match one of the patterns. Only user names are
80 valid; a numerical user ID is not recognized. By default, login
81 is allowed for all users. If the pattern takes the form
82 USER@HOST then USER and HOST are separately checked, restricting
83 logins to particular users from particular hosts. HOST criteria
84 may additionally contain addresses to match in CIDR
85 address/masklen format. The allow/deny directives are processed
86 in the following order: DenyUsers, AllowUsers, DenyGroups, and
87 finally AllowGroups. All of the specified user and group tests
88 must succeed, before user is allowed to log in.
89 See PATTERNS in ssh_config(5) for more information on patterns.
91 AuthenticationMethods
93 Specifies the authentication methods that must be successfully
94 completed for a user to be granted access. This option must be
95 followed by one or more comma-separated lists of authentication
96 method names, or by the single string any to indicate the default
97 behaviour of accepting any single authentication method. If the
98 default is overridden, then successful authentication requires
99 completion of every method in at least one of these lists.
100 For example, "publickey,password publickey,keyboard-interactive"
102 would require the user to complete public key authentication,
103 followed by either password or keyboard interactive authentica‐
104 tion. Only methods that are next in one or more lists are
105 offered at each stage, so for this example it would not be possi‐
106 ble to attempt password or keyboard-interactive authentication
107 before public key.
108 For keyboard interactive authentication it is also possible to
110 restrict authentication to a specific device by appending a colon
111 followed by the device identifier bsdauth, pam, or skey, depend‐
112 ing on the server configuration. For example,
113 "keyboard-interactive:bsdauth" would restrict keyboard interac‐
114 tive authentication to the bsdauth device.
115 If the publickey method is listed more than once, sshd(8) veri‐
117 fies that keys that have been used successfully are not reused
118 for subsequent authentications. For example,
119 "publickey,publickey" requires successful authentication using
120 two different public keys.
121 Note that each authentication method listed should also be
123 explicitly enabled in the configuration.
124 AuthorizedKeysCommand
126 Specifies a program to be used to look up the user's public keys.
127 The program must be owned by root, not writable by group or oth‐
128 ers and specified by an absolute path. Arguments to
129 AuthorizedKeysCommand accept the tokens described in the TOKENS
130 section. If no arguments are specified then the username of the
131 target user is used.
132 The program should produce on standard output zero or more lines
134 of authorized_keys output (see AUTHORIZED_KEYS in sshd(8)). If a
135 key supplied by AuthorizedKeysCommand does not successfully
136 authenticate and authorize the user then public key authentica‐
137 tion continues using the usual AuthorizedKeysFile files. By
138 default, no AuthorizedKeysCommand is run.
139 AuthorizedKeysCommandUser
141 Specifies the user under whose account the AuthorizedKeysCommand
142 is run. It is recommended to use a dedicated user that has no
143 other role on the host than running authorized keys commands. If
144 AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser
145 is not, then sshd(8) will refuse to start.
146 AuthorizedKeysFile
148 Specifies the file that contains the public keys used for user
149 authentication. The format is described in the AUTHORIZED_KEYS
150 FILE FORMAT section of sshd(8). Arguments to AuthorizedKeysFile
151 accept the tokens described in the TOKENS section. After expan‐
152 sion, AuthorizedKeysFile is taken to be an absolute path or one
153 relative to the user's home directory. Multiple files may be
154 listed, separated by whitespace. Alternately this option may be
155 set to none to skip checking for user keys in files. The default
156 is ".ssh/authorized_keys .ssh/authorized_keys2".
157 AuthorizedPrincipalsCommand
159 Specifies a program to be used to generate the list of allowed
160 certificate principals as per AuthorizedPrincipalsFile. The pro‐
161 gram must be owned by root, not writable by group or others and
162 specified by an absolute path. Arguments to
163 AuthorizedPrincipalsCommand accept the tokens described in the
164 TOKENS section. If no arguments are specified then the username
165 of the target user is used.
166 The program should produce on standard output zero or more lines
168 of AuthorizedPrincipalsFile output. If either
169 AuthorizedPrincipalsCommand or AuthorizedPrincipalsFile is speci‐
170 fied, then certificates offered by the client for authentication
171 must contain a principal that is listed. By default, no
172 AuthorizedPrincipalsCommand is run.
173 AuthorizedPrincipalsCommandUser
175 Specifies the user under whose account the
176 AuthorizedPrincipalsCommand is run. It is recommended to use a
177 dedicated user that has no other role on the host than running
178 authorized principals commands. If AuthorizedPrincipalsCommand
179 is specified but AuthorizedPrincipalsCommandUser is not, then
180 sshd(8) will refuse to start.
181 AuthorizedPrincipalsFile
183 Specifies a file that lists principal names that are accepted for
184 certificate authentication. When using certificates signed by a
185 key listed in TrustedUserCAKeys, this file lists names, one of
186 which must appear in the certificate for it to be accepted for
187 authentication. Names are listed one per line preceded by key
188 options (as described in AUTHORIZED_KEYS FILE FORMAT in sshd(8)).
189 Empty lines and comments starting with ‘#’ are ignored.
190 Arguments to AuthorizedPrincipalsFile accept the tokens described
192 in the TOKENS section. After expansion, AuthorizedPrincipalsFile
193 is taken to be an absolute path or one relative to the user's
194 home directory. The default is none, i.e. not to use a princi‐
195 pals file – in this case, the username of the user must appear in
196 a certificate's principals list for it to be accepted.
197 Note that AuthorizedPrincipalsFile is only used when authentica‐
199 tion proceeds using a CA listed in TrustedUserCAKeys and is not
200 consulted for certification authorities trusted via
201 ~/.ssh/authorized_keys, though the principals= key option offers
202 a similar facility (see sshd(8) for details).
203 Banner The contents of the specified file are sent to the remote user
205 before authentication is allowed. If the argument is none then
206 no banner is displayed. By default, no banner is displayed.
207 ChallengeResponseAuthentication
209 Specifies whether challenge-response authentication is allowed
210 (e.g. via PAM or through authentication styles supported in
211 login.conf(5)) The default is yes.
212 ChrootDirectory
214 Specifies the pathname of a directory to chroot(2) to after
215 authentication. At session startup sshd(8) checks that all com‐
216 ponents of the pathname are root-owned directories which are not
217 writable by any other user or group. After the chroot, sshd(8)
218 changes the working directory to the user's home directory.
219 Arguments to ChrootDirectory accept the tokens described in the
220 TOKENS section.
221 The ChrootDirectory must contain the necessary files and directo‐
223 ries to support the user's session. For an interactive session
224 this requires at least a shell, typically sh(1), and basic /dev
225 nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4),
226 and tty(4) devices. For file transfer sessions using SFTP no
227 additional configuration of the environment is necessary if the
228 in-process sftp-server is used, though sessions which use logging
229 may require /dev/log inside the chroot directory on some operat‐
230 ing systems (see sftp-server(8) for details).
231 For safety, it is very important that the directory hierarchy be
233 prevented from modification by other processes on the system
234 (especially those outside the jail). Misconfiguration can lead
235 to unsafe environments which sshd(8) cannot detect.
236 The default is none, indicating not to chroot(2).
238 Ciphers
240 Specifies the ciphers allowed. Multiple ciphers must be comma-
241 separated. If the specified value begins with a ‘+’ character,
242 then the specified ciphers will be appended to the default set
243 instead of replacing them.
244 The supported ciphers are:
246 3des-cbc
248 aes128-cbc
249 aes192-cbc
250 aes256-cbc
251 aes128-ctr
252 aes192-ctr
253 aes256-ctr
254 aes128-gcm@openssh.com
255 aes256-gcm@openssh.com
256 arcfour
257 arcfour128
258 arcfour256
259 blowfish-cbc
260 cast128-cbc
261 chacha20-poly1305@openssh.com
262 The default is:
264 chacha20-poly1305@openssh.com,
266 aes128-ctr,aes192-ctr,aes256-ctr,
267 aes128-gcm@openssh.com,aes256-gcm@openssh.com,
268 aes128-cbc,aes192-cbc,aes256-cbc,
269 blowfish-cbc,cast128-cbc,3des-cbc
270 The list of available ciphers may also be obtained using "ssh -Q
272 cipher".
273 ClientAliveCountMax
275 Sets the number of client alive messages which may be sent with‐
276 out sshd(8) receiving any messages back from the client. If this
277 threshold is reached while client alive messages are being sent,
278 sshd will disconnect the client, terminating the session. It is
279 important to note that the use of client alive messages is very
280 different from TCPKeepAlive. The client alive messages are sent
281 through the encrypted channel and therefore will not be spoofa‐
282 ble. The TCP keepalive option enabled by TCPKeepAlive is spoofa‐
283 ble. The client alive mechanism is valuable when the client or
284 server depend on knowing when a connection has become inactive.
285 The default value is 3. If ClientAliveInterval is set to 15, and
287 ClientAliveCountMax is left at the default, unresponsive SSH
288 clients will be disconnected after approximately 45 seconds.
289 ClientAliveInterval
291 Sets a timeout interval in seconds after which if no data has
292 been received from the client, sshd(8) will send a message
293 through the encrypted channel to request a response from the
294 client. The default is 0, indicating that these messages will
295 not be sent to the client.
296 Compression
298 Specifies whether compression is enabled after the user has
299 authenticated successfully. The argument must be yes, delayed (a
300 legacy synonym for yes) or no. The default is yes.
301 DenyGroups
303 This keyword can be followed by a list of group name patterns,
304 separated by spaces. Login is disallowed for users whose primary
305 group or supplementary group list matches one of the patterns.
306 Only group names are valid; a numerical group ID is not recog‐
307 nized. By default, login is allowed for all groups. The
308 allow/deny directives are processed in the following order:
309 DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. All
310 of the specified user and group tests must succeed, before user
311 is allowed to log in.
312 See PATTERNS in ssh_config(5) for more information on patterns.
314 DenyUsers
316 This keyword can be followed by a list of user name patterns,
317 separated by spaces. Login is disallowed for user names that
318 match one of the patterns. Only user names are valid; a numeri‐
319 cal user ID is not recognized. By default, login is allowed for
320 all users. If the pattern takes the form USER@HOST then USER and
321 HOST are separately checked, restricting logins to particular
322 users from particular hosts. HOST criteria may additionally con‐
323 tain addresses to match in CIDR address/masklen format. The
324 allow/deny directives are processed in the following order:
325 DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups. All
326 of the specified user and group tests must succeed, before user
327 is allowed to log in.
328 See PATTERNS in ssh_config(5) for more information on patterns.
330 DisableForwarding
332 Disables all forwarding features, including X11, ssh-agent(1),
333 TCP and StreamLocal. This option overrides all other forwarding-
334 related options and may simplify restricted configurations.
335 ExposeAuthenticationMethods
337 When using SSH2, this option controls the exposure of the list of
338 successful authentication methods to PAM during the authentica‐
339 tion and to the shell environment via the SSH_USER_AUTH variable.
340 See the description of this variable for more details. Valid
341 options are: never (Do not expose successful authentication meth‐
342 ods), pam-only (Only expose them to PAM during authentication,
343 not afterwards), pam-and-env (Expose them to PAM and keep them in
344 the shell environment). The default is never.
345 FingerprintHash
347 Specifies the hash algorithm used when logging key fingerprints.
348 Valid options are: md5 and sha256. The default is sha256.
349 ForceCommand
351 Forces the execution of the command specified by ForceCommand,
352 ignoring any command supplied by the client and ~/.ssh/rc if
353 present. The command is invoked by using the user's login shell
354 with the -c option. This applies to shell, command, or subsystem
355 execution. It is most useful inside a Match block. The command
356 originally supplied by the client is available in the
357 SSH_ORIGINAL_COMMAND environment variable. Specifying a command
358 of internal-sftp will force the use of an in-process SFTP server
359 that requires no support files when used with ChrootDirectory.
360 The default is none.
361 GatewayPorts
363 Specifies whether remote hosts are allowed to connect to ports
364 forwarded for the client. By default, sshd(8) binds remote port
365 forwardings to the loopback address. This prevents other remote
366 hosts from connecting to forwarded ports. GatewayPorts can be
367 used to specify that sshd should allow remote port forwardings to
368 bind to non-loopback addresses, thus allowing other hosts to con‐
369 nect. The argument may be no to force remote port forwardings to
370 be available to the local host only, yes to force remote port
371 forwardings to bind to the wildcard address, or clientspecified
372 to allow the client to select the address to which the forwarding
373 is bound. The default is no.
374 GSSAPIAuthentication
376 Specifies whether user authentication based on GSSAPI is allowed.
377 The default is no.
378 GSSAPICleanupCredentials
380 Specifies whether to automatically destroy the user's credentials
381 cache on logout. The default is yes.
382 GSSAPIKeyExchange
384 Specifies whether key exchange based on GSSAPI is allowed. GSSAPI
385 key exchange doesn't rely on ssh keys to verify host identity.
386 The default is “no”.
387 GSSAPIEnablek5users
389 Specifies whether to look at .k5users file for GSSAPI authentica‐
390 tion access control. Further details are described in ksu(1).
391 The default is no.
392 GSSAPIStrictAcceptorCheck
394 Determines whether to be strict about the identity of the GSSAPI
395 acceptor a client authenticates against. If set to yes then the
396 client must authenticate against the host service on the current
397 hostname. If set to no then the client may authenticate against
398 any service key stored in the machine's default store. This
399 facility is provided to assist with operation on multi homed
400 machines. The default is yes.
401 GSSAPIStoreCredentialsOnRekey
403 Controls whether the user's GSSAPI credentials should be updated
404 following a successful connection rekeying. This option can be
405 used to accepted renewed or updated credentials from a compatible
406 client. The default is “no”.
407 GSSAPIKexAlgorithms
409 The list of key exchange algorithms that are accepted by GSSAPI
410 key exchange. Possible values are
411 gss-gex-sha1-,
413 gss-group1-sha1-,
414 gss-group14-sha1-
415 The default is
417 “gss-gex-sha1-,gss-group1-sha1-,gss-group14-sha1-”. This option
418 only applies to protocol version 2 connections using GSSAPI.
419 HostbasedAcceptedKeyTypes
421 Specifies the key types that will be accepted for hostbased
422 authentication as a comma-separated pattern list. Alternately if
423 the specified value begins with a ‘+’ character, then the speci‐
424 fied key types will be appended to the default set instead of
425 replacing them. The default for this option is:
426 ecdsa-sha2-nistp256-cert-v01@openssh.com,
428 ecdsa-sha2-nistp384-cert-v01@openssh.com,
429 ecdsa-sha2-nistp521-cert-v01@openssh.com,
430 ssh-ed25519-cert-v01@openssh.com,
431 ssh-rsa-cert-v01@openssh.com,
432 ssh-dss-cert-v01@openssh.com,
433 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
434 ssh-ed25519,ssh-rsa,ssh-dss
435 The list of available key types may also be obtained using "ssh
437 -Q key".
438 HostbasedAuthentication
440 Specifies whether rhosts or /etc/hosts.equiv authentication
441 together with successful public key client host authentication is
442 allowed (host-based authentication). The default is no.
443 HostbasedUsesNameFromPacketOnly
445 Specifies whether or not the server will attempt to perform a
446 reverse name lookup when matching the name in the ~/.shosts,
447 ~/.rhosts, and /etc/hosts.equiv files during
448 HostbasedAuthentication. A setting of yes means that sshd(8)
449 uses the name supplied by the client rather than attempting to
450 resolve the name from the TCP connection itself. The default is
451 no.
452 HostCertificate
454 Specifies a file containing a public host certificate. The cer‐
455 tificate's public key must match a private host key already spec‐
456 ified by HostKey. The default behaviour of sshd(8) is not to
457 load any certificates.
458 HostKey
460 Specifies a file containing a private host key used by SSH. The
461 defaults are /etc/ssh/ssh_host_dsa_key,
462 /etc/ssh/ssh_host_ecdsa_key, /etc/ssh/ssh_host_ed25519_key and
463 /etc/ssh/ssh_host_rsa_key.
464 Note that sshd(8) will refuse to use a file if it is group/world-
466 accessible and that the HostKeyAlgorithms option restricts which
467 of the keys are actually used by sshd(8).
468 It is possible to have multiple host key files. It is also pos‐
470 sible to specify public host key files instead. In this case
471 operations on the private key will be delegated to an
472 ssh-agent(1).
473 HostKeyAgent
475 Identifies the UNIX-domain socket used to communicate with an
476 agent that has access to the private host keys. If the string
477 "SSH_AUTH_SOCK" is specified, the location of the socket will be
478 read from the SSH_AUTH_SOCK environment variable.
479 HostKeyAlgorithms
481 Specifies the host key algorithms that the server offers. The
482 default for this option is:
483 ecdsa-sha2-nistp256-cert-v01@openssh.com,
485 ecdsa-sha2-nistp384-cert-v01@openssh.com,
486 ecdsa-sha2-nistp521-cert-v01@openssh.com,
487 ssh-ed25519-cert-v01@openssh.com,
488 ssh-rsa-cert-v01@openssh.com,
489 ssh-dss-cert-v01@openssh.com,
490 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
491 ssh-ed25519,ssh-rsa,ssh-dss
492 The list of available key types may also be obtained using "ssh
494 -Q key".
495 IgnoreRhosts
497 Specifies that .rhosts and .shosts files will not be used in
498 HostbasedAuthentication.
499 /etc/hosts.equiv and /etc/ssh/shosts.equiv are still used. The
501 default is yes.
502 IgnoreUserKnownHosts
504 Specifies whether sshd(8) should ignore the user's
505 ~/.ssh/known_hosts during HostbasedAuthentication. The default
506 is no.
507 IPQoS Specifies the IPv4 type-of-service or DSCP class for the connec‐
509 tion. Accepted values are af11, af12, af13, af21, af22, af23,
510 af31, af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, cs4, cs5,
511 cs6, cs7, ef, lowdelay, throughput, reliability, or a numeric
512 value. This option may take one or two arguments, separated by
513 whitespace. If one argument is specified, it is used as the
514 packet class unconditionally. If two values are specified, the
515 first is automatically selected for interactive sessions and the
516 second for non-interactive sessions. The default is lowdelay for
517 interactive sessions and throughput for non-interactive sessions.
518 KbdInteractiveAuthentication
520 Specifies whether to allow keyboard-interactive authentication.
521 The argument to this keyword must be yes or no. The default is
522 to use whatever value ChallengeResponseAuthentication is set to
523 (by default yes).
524 KerberosAuthentication
526 Specifies whether the password provided by the user for
527 PasswordAuthentication will be validated through the Kerberos
528 KDC. To use this option, the server needs a Kerberos servtab
529 which allows the verification of the KDC's identity. The default
530 is no.
531 KerberosGetAFSToken
533 If AFS is active and the user has a Kerberos 5 TGT, attempt to
534 acquire an AFS token before accessing the user's home directory.
535 The default is no.
536 KerberosOrLocalPasswd
538 If password authentication through Kerberos fails then the pass‐
539 word will be validated via any additional local mechanism such as
540 /etc/passwd. The default is yes.
541 KerberosTicketCleanup
543 Specifies whether to automatically destroy the user's ticket
544 cache file on logout. The default is yes.
545 KerberosUseKuserok
547 Specifies whether to look at .k5login file for user's aliases.
548 The default is yes.
549 KexAlgorithms
551 Specifies the available KEX (Key Exchange) algorithms. Multiple
552 algorithms must be comma-separated. Alternately if the specified
553 value begins with a ‘+’ character, then the specified methods
554 will be appended to the default set instead of replacing them.
555 The supported algorithms are:
556 curve25519-sha256
558 curve25519-sha256@libssh.org
559 diffie-hellman-group1-sha1
560 diffie-hellman-group14-sha1
561 diffie-hellman-group-exchange-sha1
562 diffie-hellman-group-exchange-sha256
563 ecdh-sha2-nistp256
564 ecdh-sha2-nistp384
565 ecdh-sha2-nistp521
566 The default is:
568 curve25519-sha256,curve25519-sha256@libssh.org,
570 ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
571 diffie-hellman-group-exchange-sha256,
572 diffie-hellman-group14-sha1,
573 diffie-hellman-group1-sha1
574 The list of available key exchange algorithms may also be
576 obtained using "ssh -Q kex".
577 ListenAddress
579 Specifies the local addresses sshd(8) should listen on. The fol‐
580 lowing forms may be used:
581 ListenAddress host|IPv4_addr|IPv6_addr
583 ListenAddress host|IPv4_addr:port
584 ListenAddress [host|IPv6_addr]:port
585 If port is not specified, sshd will listen on the address and all
587 Port options specified. The default is to listen on all local
588 addresses. Multiple ListenAddress options are permitted.
589 LoginGraceTime
591 The server disconnects after this time if the user has not suc‐
592 cessfully logged in. If the value is 0, there is no time limit.
593 The default is 120 seconds.
594 LogLevel
596 Gives the verbosity level that is used when logging messages from
597 sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO,
598 VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO.
599 DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
600 higher levels of debugging output. Logging with a DEBUG level
601 violates the privacy of users and is not recommended.
602 MACs Specifies the available MAC (message authentication code) algo‐
604 rithms. The MAC algorithm is used for data integrity protection.
605 Multiple algorithms must be comma-separated. If the specified
606 value begins with a ‘+’ character, then the specified algorithms
607 will be appended to the default set instead of replacing them.
608 The algorithms that contain "-etm" calculate the MAC after
610 encryption (encrypt-then-mac). These are considered safer and
611 their use recommended. The supported MACs are:
612 hmac-md5
614 hmac-md5-96
615 hmac-ripemd160
616 hmac-sha1
617 hmac-sha1-96
618 hmac-sha2-256
619 hmac-sha2-512
620 umac-64@openssh.com
621 umac-128@openssh.com
622 hmac-md5-etm@openssh.com
623 hmac-md5-96-etm@openssh.com
624 hmac-ripemd160-etm@openssh.com
625 hmac-sha1-etm@openssh.com
626 hmac-sha1-96-etm@openssh.com
627 hmac-sha2-256-etm@openssh.com
628 hmac-sha2-512-etm@openssh.com
629 umac-64-etm@openssh.com
630 umac-128-etm@openssh.com
631 The default is:
633 umac-64-etm@openssh.com,umac-128-etm@openssh.com,
635 hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
636 hmac-sha1-etm@openssh.com,
637 umac-64@openssh.com,umac-128@openssh.com,
638 hmac-sha2-256,hmac-sha2-512,hmac-sha1,
639 hmac-sha1-etm@openssh.com
640 The list of available MAC algorithms may also be obtained using
642 "ssh -Q mac".
643 Match Introduces a conditional block. If all of the criteria on the
645 Match line are satisfied, the keywords on the following lines
646 override those set in the global section of the config file,
647 until either another Match line or the end of the file. If a
648 keyword appears in multiple Match blocks that are satisfied, only
649 the first instance of the keyword is applied.
650 The arguments to Match are one or more criteria-pattern pairs or
652 the single token All which matches all criteria. The available
653 criteria are User, Group, Host, LocalAddress, LocalPort, and
654 Address. The match patterns may consist of single entries or
655 comma-separated lists and may use the wildcard and negation oper‐
656 ators described in the PATTERNS section of ssh_config(5).
657 The patterns in an Address criteria may additionally contain
659 addresses to match in CIDR address/masklen format, such as
660 192.0.2.0/24 or 2001:db8::/32. Note that the mask length pro‐
661 vided must be consistent with the address - it is an error to
662 specify a mask length that is too long for the address or one
663 with bits set in this host portion of the address. For example,
664 192.0.2.0/33 and 192.0.2.0/8, respectively.
665 Only a subset of keywords may be used on the lines following a
667 Match keyword. Available keywords are AcceptEnv,
668 AllowAgentForwarding, AllowGroups, AllowStreamLocalForwarding,
669 AllowTcpForwarding, AllowUsers, AuthenticationMethods,
670 AuthorizedKeysCommand, AuthorizedKeysCommandUser,
671 AuthorizedKeysFile, AuthorizedPrincipalsCommand,
672 AuthorizedPrincipalsCommandUser, AuthorizedPrincipalsFile,
673 Banner, ChrootDirectory, ClientAliveCountMax,
674 ClientAliveInterval, DenyGroups, DenyUsers, ForceCommand,
675 GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes,
676 HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, IPQoS,
677 KbdInteractiveAuthentication, KerberosAuthentication,
678 KerberosUseKuserok, MaxAuthTries, MaxSessions,
679 PasswordAuthentication, PermitEmptyPasswords, PermitOpen,
680 PermitRootLogin, PermitTTY, PermitTunnel, PermitUserRC,
681 PubkeyAcceptedKeyTypes, PubkeyAuthentication, RekeyLimit,
682 RevokedKeys, StreamLocalBindMask, StreamLocalBindUnlink,
683 TrustedUserCAKeys, X11DisplayOffset, X11MaxDisplays,
684 X11Forwarding and X11UseLocalHost.
685 MaxAuthTries
687 Specifies the maximum number of authentication attempts permitted
688 per connection. Once the number of failures reaches half this
689 value, additional failures are logged. The default is 6.
690 MaxSessions
692 Specifies the maximum number of open shell, login or subsystem
693 (e.g. sftp) sessions permitted per network connection. Multiple
694 sessions may be established by clients that support connection
695 multiplexing. Setting MaxSessions to 1 will effectively disable
696 session multiplexing, whereas setting it to 0 will prevent all
697 shell, login and subsystem sessions while still permitting for‐
698 warding. The default is 10.
699 MaxStartups
701 Specifies the maximum number of concurrent unauthenticated con‐
702 nections to the SSH daemon. Additional connections will be
703 dropped until authentication succeeds or the LoginGraceTime
704 expires for a connection. The default is 10:30:100.
705 Alternatively, random early drop can be enabled by specifying the
707 three colon separated values start:rate:full (e.g. "10:30:60").
708 sshd(8) will refuse connection attempts with a probability of
709 rate/100 (30%) if there are currently start (10) unauthenticated
710 connections. The probability increases linearly and all connec‐
711 tion attempts are refused if the number of unauthenticated con‐
712 nections reaches full (60).
713 PasswordAuthentication
715 Specifies whether password authentication is allowed. The
716 default is yes.
717 PermitEmptyPasswords
719 When password authentication is allowed, it specifies whether the
720 server allows login to accounts with empty password strings. The
721 default is no.
722 PermitOpen
724 Specifies the destinations to which TCP port forwarding is per‐
725 mitted. The forwarding specification must be one of the follow‐
726 ing forms:
727 PermitOpen host:port
729 PermitOpen IPv4_addr:port
730 PermitOpen [IPv6_addr]:port
731 Multiple forwards may be specified by separating them with white‐
733 space. An argument of any can be used to remove all restrictions
734 and permit any forwarding requests. An argument of none can be
735 used to prohibit all forwarding requests. The wildcard ‘*’ can
736 be used for host or port to allow all hosts or ports, respec‐
737 tively. By default all port forwarding requests are permitted.
738 PermitRootLogin
740 Specifies whether root can log in using ssh(1). The argument
741 must be yes, prohibit-password, without-password,
742 forced-commands-only, or no. The default is yes.
743 If this option is set to prohibit-password or without-password,
745 password and keyboard-interactive authentication are disabled for
746 root.
747 If this option is set to forced-commands-only, root login with
749 public key authentication will be allowed, but only if the
750 command option has been specified (which may be useful for taking
751 remote backups even if root login is normally not allowed). All
752 other authentication methods are disabled for root.
753 If this option is set to no, root is not allowed to log in.
755 PermitTTY
757 Specifies whether pty(4) allocation is permitted. The default is
758 yes.
759 PermitTunnel
761 Specifies whether tun(4) device forwarding is allowed. The argu‐
762 ment must be yes, point-to-point (layer 3), ethernet (layer 2),
763 or no. Specifying yes permits both point-to-point and ethernet.
764 The default is no.
765 Independent of this setting, the permissions of the selected
767 tun(4) device must allow access to the user.
768 PermitUserEnvironment
770 Specifies whether ~/.ssh/environment and environment= options in
771 ~/.ssh/authorized_keys are processed by sshd(8). The default is
772 no. Enabling environment processing may enable users to bypass
773 access restrictions in some configurations using mechanisms such
774 as LD_PRELOAD.
775 PermitUserRC
777 Specifies whether any ~/.ssh/rc file is executed. The default is
778 yes.
779 PidFile
781 Specifies the file that contains the process ID of the SSH dae‐
782 mon, or none to not write one. The default is /var/run/sshd.pid.
783 Port Specifies the port number that sshd(8) listens on. The default
785 is 22. Multiple options of this type are permitted. See also
786 ListenAddress.
787 PrintLastLog
789 Specifies whether sshd(8) should print the date and time of the
790 last user login when a user logs in interactively. The default
791 is yes.
792 PrintMotd
794 Specifies whether sshd(8) should print /etc/motd when a user logs
795 in interactively. (On some systems it is also printed by the
796 shell, /etc/profile, or equivalent.) The default is yes.
797 PubkeyAcceptedKeyTypes
799 Specifies the key types that will be accepted for public key
800 authentication as a comma-separated pattern list. Alternately if
801 the specified value begins with a ‘+’ character, then the speci‐
802 fied key types will be appended to the default set instead of
803 replacing them. The default for this option is:
804 ecdsa-sha2-nistp256-cert-v01@openssh.com,
806 ecdsa-sha2-nistp384-cert-v01@openssh.com,
807 ecdsa-sha2-nistp521-cert-v01@openssh.com,
808 ssh-ed25519-cert-v01@openssh.com,
809 ssh-rsa-cert-v01@openssh.com,
810 ssh-dss-cert-v01@openssh.com,
811 ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
812 ssh-ed25519,ssh-rsa,ssh-dss
813 The list of available key types may also be obtained using "ssh
815 -Q key".
816 PubkeyAuthentication
818 Specifies whether public key authentication is allowed. The
819 default is yes.
820 RekeyLimit
822 Specifies the maximum amount of data that may be transmitted
823 before the session key is renegotiated, optionally followed a
824 maximum amount of time that may pass before the session key is
825 renegotiated. The first argument is specified in bytes and may
826 have a suffix of ‘K’, ‘M’, or ‘G’ to indicate Kilobytes,
827 Megabytes, or Gigabytes, respectively. The default is between
828 ‘1G’ and ‘4G’, depending on the cipher. The optional second
829 value is specified in seconds and may use any of the units docu‐
830 mented in the TIME FORMATS section. The default value for
831 RekeyLimit is default none, which means that rekeying is per‐
832 formed after the cipher's default amount of data has been sent or
833 received and no time based rekeying is done.
834 RevokedKeys
836 Specifies revoked public keys file, or none to not use one. Keys
837 listed in this file will be refused for public key authentica‐
838 tion. Note that if this file is not readable, then public key
839 authentication will be refused for all users. Keys may be speci‐
840 fied as a text file, listing one public key per line, or as an
841 OpenSSH Key Revocation List (KRL) as generated by ssh-keygen(1).
842 For more information on KRLs, see the KEY REVOCATION LISTS sec‐
843 tion in ssh-keygen(1).
844 ShowPatchLevel
846 Specifies whether sshd will display the patch level of the binary
847 in the identification string. The patch level is set at compile-
848 time. The default is “no”. This option applies to protocol ver‐
849 sion 1 only.
850 StreamLocalBindMask
852 Sets the octal file creation mode mask (umask) used when creating
853 a Unix-domain socket file for local or remote port forwarding.
854 This option is only used for port forwarding to a Unix-domain
855 socket file.
856 The default value is 0177, which creates a Unix-domain socket
858 file that is readable and writable only by the owner. Note that
859 not all operating systems honor the file mode on Unix-domain
860 socket files.
861 StreamLocalBindUnlink
863 Specifies whether to remove an existing Unix-domain socket file
864 for local or remote port forwarding before creating a new one.
865 If the socket file already exists and StreamLocalBindUnlink is
866 not enabled, sshd will be unable to forward the port to the Unix-
867 domain socket file. This option is only used for port forwarding
868 to a Unix-domain socket file.
869 The argument must be yes or no. The default is no.
871 StrictModes
873 Specifies whether sshd(8) should check file modes and ownership
874 of the user's files and home directory before accepting login.
875 This is normally desirable because novices sometimes accidentally
876 leave their directory or files world-writable. The default is
877 yes. Note that this does not apply to ChrootDirectory, whose
878 permissions and ownership are checked unconditionally.
879 Subsystem
881 Configures an external subsystem (e.g. file transfer daemon).
882 Arguments should be a subsystem name and a command (with optional
883 arguments) to execute upon subsystem request.
884 The command sftp-server implements the SFTP file transfer subsys‐
886 tem.
887 Alternately the name internal-sftp implements an in-process SFTP
889 server. This may simplify configurations using ChrootDirectory
890 to force a different filesystem root on clients.
891 By default no subsystems are defined.
893 SyslogFacility
895 Gives the facility code that is used when logging messages from
896 sshd(8). The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
897 LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
898 The default is AUTH.
899 TCPKeepAlive
901 Specifies whether the system should send TCP keepalive messages
902 to the other side. If they are sent, death of the connection or
903 crash of one of the machines will be properly noticed. However,
904 this means that connections will die if the route is down tempo‐
905 rarily, and some people find it annoying. On the other hand, if
906 TCP keepalives are not sent, sessions may hang indefinitely on
907 the server, leaving "ghost" users and consuming server resources.
908 The default is yes (to send TCP keepalive messages), and the
910 server will notice if the network goes down or the client host
911 crashes. This avoids infinitely hanging sessions.
912 To disable TCP keepalive messages, the value should be set to no.
914 TrustedUserCAKeys
916 Specifies a file containing public keys of certificate authori‐
917 ties that are trusted to sign user certificates for authentica‐
918 tion, or none to not use one. Keys are listed one per line;
919 empty lines and comments starting with ‘#’ are allowed. If a
920 certificate is presented for authentication and has its signing
921 CA key listed in this file, then it may be used for authentica‐
922 tion for any user listed in the certificate's principals list.
923 Note that certificates that lack a list of principals will not be
924 permitted for authentication using TrustedUserCAKeys. For more
925 details on certificates, see the CERTIFICATES section in
926 ssh-keygen(1).
927 UseDNS Specifies whether sshd(8) should look up the remote host name,
929 and to check that the resolved host name for the remote IP
930 address maps back to the very same IP address. The default is
931 “yes”.
932 If this option is set to no then only addresses and not host
934 names may be used in ~/.ssh/authorized_keys from and sshd_config
935 Match Host directives.
936 UsePAM Enables the Pluggable Authentication Module interface. If set to
938 yes this will enable PAM authentication using
939 ChallengeResponseAuthentication and PasswordAuthentication in
940 addition to PAM account and session module processing for all
941 authentication types.
942 Because PAM challenge-response authentication usually serves an
944 equivalent role to password authentication, you should disable
945 either PasswordAuthentication or ChallengeResponseAuthentication.
946 If UsePAM is enabled, you will not be able to run sshd(8) as a
948 non-root user. The default is no.
949 UsePrivilegeSeparation
951 Specifies whether sshd(8) separates privileges by creating an
952 unprivileged child process to deal with incoming network traffic.
953 After successful authentication, another process will be created
954 that has the privilege of the authenticated user. The goal of
955 privilege separation is to prevent privilege escalation by con‐
956 taining any corruption within the unprivileged processes. The
957 argument must be yes, no, or sandbox. If UsePrivilegeSeparation
958 is set to sandbox then the pre-authentication unprivileged
959 process is subject to additional restrictions. The default is
960 sandbox.
961 VersionAddendum
963 Optionally specifies additional text to append to the SSH proto‐
964 col banner sent by the server upon connection. The default is
965 none.
966 X11DisplayOffset
968 Specifies the first display number available for sshd(8)'s X11
969 forwarding. This prevents sshd from interfering with real X11
970 servers. The default is 10.
971 X11MaxDisplays
973 Specifies the maximum number of displays available for sshd(8)'s
974 X11 forwarding. This prevents sshd from exhausting local ports.
975 The default is 1000.
976 X11Forwarding
978 Specifies whether X11 forwarding is permitted. The argument must
979 be yes or no. The default is no.
980 When X11 forwarding is enabled, there may be additional exposure
982 to the server and to client displays if the sshd(8) proxy display
983 is configured to listen on the wildcard address (see
984 X11UseLocalhost), though this is not the default. Additionally,
985 the authentication spoofing and authentication data verification
986 and substitution occur on the client side. The security risk of
987 using X11 forwarding is that the client's X11 display server may
988 be exposed to attack when the SSH client requests forwarding (see
989 the warnings for ForwardX11 in ssh_config(5)). A system adminis‐
990 trator may have a stance in which they want to protect clients
991 that may expose themselves to attack by unwittingly requesting
992 X11 forwarding, which can warrant a no setting.
993 Note that disabling X11 forwarding does not prevent users from
995 forwarding X11 traffic, as users can always install their own
996 forwarders.
997 X11UseLocalhost
999 Specifies whether sshd(8) should bind the X11 forwarding server
1000 to the loopback address or to the wildcard address. By default,
1001 sshd binds the forwarding server to the loopback address and sets
1002 the hostname part of the DISPLAY environment variable to
1003 localhost. This prevents remote hosts from connecting to the
1004 proxy display. However, some older X11 clients may not function
1005 with this configuration. X11UseLocalhost may be set to no to
1006 specify that the forwarding server should be bound to the wild‐
1007 card address. The argument must be yes or no. The default is
1008 yes.
1009 XAuthLocation
1011 Specifies the full pathname of the xauth(1) program, or none to
1012 not use one. The default is /usr/bin/xauth.
1013
1015 sshd(8) command-line arguments and configuration file options that spec‐
1016 ify time may be expressed using a sequence of the form: time[qualifier],
1017 where time is a positive integer value and qualifier is one of the fol‐
1018 lowing:
1019 ⟨none⟩ seconds
1021 s | S seconds
1022 m | M minutes
1023 h | H hours
1024 d | D days
1025 w | W weeks
1026 Each member of the sequence is added together to calculate the total time
1028 value.
1029 Time format examples:
1031 600 600 seconds (10 minutes)
1033 10m 10 minutes
1034 1h30m 1 hour 30 minutes (90 minutes)
1035
1037 Arguments to some keywords can make use of tokens, which are expanded at
1038 runtime:
1039 %% A literal ‘%’.
1041 %F The fingerprint of the CA key.
1042 %f The fingerprint of the key or certificate.
1043 %h The home directory of the user.
1044 %i The key ID in the certificate.
1045 %K The base64-encoded CA key.
1046 %k The base64-encoded key or certificate for authentication.
1047 %s The serial number of the certificate.
1048 %T The type of the CA key.
1049 %t The key or certificate type.
1050 %u The username.
1051 AuthorizedKeysCommand accepts the tokens %%, %f, %h, %t, and %u.
1053 AuthorizedKeysFile accepts the tokens %%, %h, and %u.
1055 AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %K, %k, %h,
1057 %i, %s, %T, %t, and %u.
1058 AuthorizedPrincipalsFile accepts the tokens %%, %h, and %u.
1060 ChrootDirectory accepts the tokens %%, %h, and %u.
1062
1064 /etc/ssh/sshd_config
1065 Contains configuration data for sshd(8). This file should be
1066 writable by root only, but it is recommended (though not neces‐
1067 sary) that it be world-readable.
1068
1070 sftp-server(8), sshd(8)
1071
1073 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
1074 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
1075 de Raadt and Dug Song removed many bugs, re-added newer features and cre‐
1076 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
1077 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
1078 for privilege separation.
1079BSD June 21, 2019 BSD