1SSHD_CONFIG(5)              BSD File Formats Manual             SSHD_CONFIG(5)
2

NAME

4     sshd_config — OpenSSH SSH daemon configuration file
5

DESCRIPTION

7     sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file
8     specified with -f on the command line).  The file contains keyword-argu‐
9     ment pairs, one per line.  For each keyword, the first obtained value
10     will be used.  Lines starting with ‘#’ and empty lines are interpreted as
11     comments.  Arguments may optionally be enclosed in double quotes (") in
12     order to represent arguments containing spaces.
13
14     The possible keywords and their meanings are as follows (note that key‐
15     words are case-insensitive and arguments are case-sensitive):
16
17     AcceptEnv
18             Specifies what environment variables sent by the client will be
19             copied into the session's environ(7).  See SendEnv and SetEnv in
20             ssh_config(5) for how to configure the client.  The TERM environ‐
21             ment variable is always accepted whenever the client requests a
22             pseudo-terminal as it is required by the protocol.  Variables are
23             specified by name, which may contain the wildcard characters ‘*’
24             and ‘?’.  Multiple environment variables may be separated by
25             whitespace or spread across multiple AcceptEnv directives.  Be
26             warned that some environment variables could be used to bypass
27             restricted user environments.  For this reason, care should be
28             taken in the use of this directive.  The default is not to accept
29             any environment variables.
30
31     AddressFamily
32             Specifies which address family should be used by sshd(8).  Valid
33             arguments are any (the default), inet (use IPv4 only), or inet6
34             (use IPv6 only).
35
36     AllowAgentForwarding
37             Specifies whether ssh-agent(1) forwarding is permitted.  The
38             default is yes.  Note that disabling agent forwarding does not
39             improve security unless users are also denied shell access, as
40             they can always install their own forwarders.
41
42     AllowGroups
43             This keyword can be followed by a list of group name patterns,
44             separated by spaces.  If specified, login is allowed only for
45             users whose primary group or supplementary group list matches one
46             of the patterns.  Only group names are valid; a numerical group
47             ID is not recognized.  By default, login is allowed for all
48             groups.  The allow/deny directives are processed in the following
49             order: DenyUsers, AllowUsers, DenyGroups, and finally
50             AllowGroups.
51
52             See PATTERNS in ssh_config(5) for more information on patterns.
53
54     AllowStreamLocalForwarding
55             Specifies whether StreamLocal (Unix-domain socket) forwarding is
56             permitted.  The available options are yes (the default) or all to
57             allow StreamLocal forwarding, no to prevent all StreamLocal for‐
58             warding, local to allow local (from the perspective of ssh(1))
59             forwarding only or remote to allow remote forwarding only.  Note
60             that disabling StreamLocal forwarding does not improve security
61             unless users are also denied shell access, as they can always
62             install their own forwarders.
63
64     AllowTcpForwarding
65             Specifies whether TCP forwarding is permitted.  The available
66             options are yes (the default) or all to allow TCP forwarding, no
67             to prevent all TCP forwarding, local to allow local (from the
68             perspective of ssh(1)) forwarding only or remote to allow remote
69             forwarding only.  Note that disabling TCP forwarding does not
70             improve security unless users are also denied shell access, as
71             they can always install their own forwarders.
72
73     AllowUsers
74             This keyword can be followed by a list of user name patterns,
75             separated by spaces.  If specified, login is allowed only for
76             user names that match one of the patterns.  Only user names are
77             valid; a numerical user ID is not recognized.  By default, login
78             is allowed for all users.  If the pattern takes the form
79             USER@HOST then USER and HOST are separately checked, restricting
80             logins to particular users from particular hosts.  HOST criteria
81             may additionally contain addresses to match in CIDR
82             address/masklen format.  The allow/deny directives are processed
83             in the following order: DenyUsers, AllowUsers, DenyGroups, and
84             finally AllowGroups.
85
86             See PATTERNS in ssh_config(5) for more information on patterns.
87
88     AuthenticationMethods
89             Specifies the authentication methods that must be successfully
90             completed for a user to be granted access.  This option must be
91             followed by one or more lists of comma-separated authentication
92             method names, or by the single string any to indicate the default
93             behaviour of accepting any single authentication method.  If the
94             default is overridden, then successful authentication requires
95             completion of every method in at least one of these lists.
96
97             For example, "publickey,password publickey,keyboard-interactive"
98             would require the user to complete public key authentication,
99             followed by either password or keyboard interactive authentica‐
100             tion.  Only methods that are next in one or more lists are
101             offered at each stage, so for this example it would not be possi‐
102             ble to attempt password or keyboard-interactive authentication
103             before public key.
104
105             For keyboard interactive authentication it is also possible to
106             restrict authentication to a specific device by appending a colon
107             followed by the device identifier bsdauth or pam.  depending on
108             the server configuration.  For example,
109             "keyboard-interactive:bsdauth" would restrict keyboard interac‐
110             tive authentication to the bsdauth device.
111
112             If the publickey method is listed more than once, sshd(8) veri‐
113             fies that keys that have been used successfully are not reused
114             for subsequent authentications.  For example,
115             "publickey,publickey" requires successful authentication using
116             two different public keys.
117
118             Note that each authentication method listed should also be
119             explicitly enabled in the configuration.
120
121             The available authentication methods are: "gssapi-with-mic",
122             "hostbased", "keyboard-interactive", "none" (used for access to
123             password-less accounts when PermitEmptyPasswords is enabled),
124             "password" and "publickey".
125
126     AuthorizedKeysCommand
127             Specifies a program to be used to look up the user's public keys.
128             The program must be owned by root, not writable by group or oth‐
129             ers and specified by an absolute path.  Arguments to
130             AuthorizedKeysCommand accept the tokens described in the TOKENS
131             section.  If no arguments are specified then the username of the
132             target user is used.
133
134             The program should produce on standard output zero or more lines
135             of authorized_keys output (see AUTHORIZED_KEYS in sshd(8)).  If a
136             key supplied by AuthorizedKeysCommand does not successfully
137             authenticate and authorize the user then public key authentica‐
138             tion continues using the usual AuthorizedKeysFile files.  By
139             default, no AuthorizedKeysCommand is run.
140
141     AuthorizedKeysCommandUser
142             Specifies the user under whose account the AuthorizedKeysCommand
143             is run.  It is recommended to use a dedicated user that has no
144             other role on the host than running authorized keys commands.  If
145             AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser
146             is not, then sshd(8) will refuse to start.
147
148     AuthorizedKeysFile
149             Specifies the file that contains the public keys used for user
150             authentication.  The format is described in the AUTHORIZED_KEYS
151             FILE FORMAT section of sshd(8).  Arguments to AuthorizedKeysFile
152             accept the tokens described in the TOKENS section.  After expan‐
153             sion, AuthorizedKeysFile is taken to be an absolute path or one
154             relative to the user's home directory.  Multiple files may be
155             listed, separated by whitespace.  Alternately this option may be
156             set to none to skip checking for user keys in files.  The default
157             is ".ssh/authorized_keys .ssh/authorized_keys2".
158
159     AuthorizedPrincipalsCommand
160             Specifies a program to be used to generate the list of allowed
161             certificate principals as per AuthorizedPrincipalsFile.  The pro‐
162             gram must be owned by root, not writable by group or others and
163             specified by an absolute path.  Arguments to
164             AuthorizedPrincipalsCommand accept the tokens described in the
165             TOKENS section.  If no arguments are specified then the username
166             of the target user is used.
167
168             The program should produce on standard output zero or more lines
169             of AuthorizedPrincipalsFile output.  If either
170             AuthorizedPrincipalsCommand or AuthorizedPrincipalsFile is speci‐
171             fied, then certificates offered by the client for authentication
172             must contain a principal that is listed.  By default, no
173             AuthorizedPrincipalsCommand is run.
174
175     AuthorizedPrincipalsCommandUser
176             Specifies the user under whose account the
177             AuthorizedPrincipalsCommand is run.  It is recommended to use a
178             dedicated user that has no other role on the host than running
179             authorized principals commands.  If AuthorizedPrincipalsCommand
180             is specified but AuthorizedPrincipalsCommandUser is not, then
181             sshd(8) will refuse to start.
182
183     AuthorizedPrincipalsFile
184             Specifies a file that lists principal names that are accepted for
185             certificate authentication.  When using certificates signed by a
186             key listed in TrustedUserCAKeys, this file lists names, one of
187             which must appear in the certificate for it to be accepted for
188             authentication.  Names are listed one per line preceded by key
189             options (as described in AUTHORIZED_KEYS FILE FORMAT in sshd(8)).
190             Empty lines and comments starting with ‘#’ are ignored.
191
192             Arguments to AuthorizedPrincipalsFile accept the tokens described
193             in the TOKENS section.  After expansion, AuthorizedPrincipalsFile
194             is taken to be an absolute path or one relative to the user's
195             home directory.  The default is none, i.e. not to use a princi‐
196             pals file – in this case, the username of the user must appear in
197             a certificate's principals list for it to be accepted.
198
199             Note that AuthorizedPrincipalsFile is only used when authentica‐
200             tion proceeds using a CA listed in TrustedUserCAKeys and is not
201             consulted for certification authorities trusted via
202             ~/.ssh/authorized_keys, though the principals= key option offers
203             a similar facility (see sshd(8) for details).
204
205     Banner  The contents of the specified file are sent to the remote user
206             before authentication is allowed.  If the argument is none then
207             no banner is displayed.  By default, no banner is displayed.
208
209     CASignatureAlgorithms
210             Specifies which algorithms are allowed for signing of certifi‐
211             cates by certificate authorities (CAs).  The default is:
212
213                   ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
214                   ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
215
216             Certificates signed using other algorithms will not be accepted
217             for public key or host-based authentication.
218
219     ChallengeResponseAuthentication
220             Specifies whether challenge-response authentication is allowed
221             (e.g. via PAM or through authentication styles supported in
222             login.conf(5)) The default is yes.
223
224     ChrootDirectory
225             Specifies the pathname of a directory to chroot(2) to after
226             authentication.  At session startup sshd(8) checks that all com‐
227             ponents of the pathname are root-owned directories which are not
228             writable by any other user or group.  After the chroot, sshd(8)
229             changes the working directory to the user's home directory.
230             Arguments to ChrootDirectory accept the tokens described in the
231             TOKENS section.
232
233             The ChrootDirectory must contain the necessary files and directo‐
234             ries to support the user's session.  For an interactive session
235             this requires at least a shell, typically sh(1), and basic /dev
236             nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4),
237             and tty(4) devices.  For file transfer sessions using SFTP no
238             additional configuration of the environment is necessary if the
239             in-process sftp-server is used, though sessions which use logging
240             may require /dev/log inside the chroot directory on some operat‐
241             ing systems (see sftp-server(8) for details).
242
243             For safety, it is very important that the directory hierarchy be
244             prevented from modification by other processes on the system
245             (especially those outside the jail).  Misconfiguration can lead
246             to unsafe environments which sshd(8) cannot detect.
247
248             The default is none, indicating not to chroot(2).
249
250     Ciphers
251             Specifies the ciphers allowed.  Multiple ciphers must be comma-
252             separated.  If the specified list begins with a ‘+’ character,
253             then the specified ciphers will be appended to the default set
254             instead of replacing them.  If the specified list begins with a
255             ‘-’ character, then the specified ciphers (including wildcards)
256             will be removed from the default set instead of replacing them.
257             If the specified list begins with a ‘^’ character, then the spec‐
258             ified ciphers will be placed at the head of the default set.
259
260             The supported ciphers are:
261
262                   3des-cbc
263                   aes128-cbc
264                   aes192-cbc
265                   aes256-cbc
266                   aes128-ctr
267                   aes192-ctr
268                   aes256-ctr
269                   aes128-gcm@openssh.com
270                   aes256-gcm@openssh.com
271                   chacha20-poly1305@openssh.com
272
273             The default is handled system-wide by crypto-policies(7).  To see
274             the defaults and how to modify this default, see manual page
275             update-crypto-policies(8).
276
277             The list of available ciphers may also be obtained using "ssh -Q
278             cipher".
279
280     ClientAliveCountMax
281             Sets the number of client alive messages which may be sent with‐
282             out sshd(8) receiving any messages back from the client.  If this
283             threshold is reached while client alive messages are being sent,
284             sshd will disconnect the client, terminating the session.  It is
285             important to note that the use of client alive messages is very
286             different from TCPKeepAlive.  The client alive messages are sent
287             through the encrypted channel and therefore will not be spoofa‐
288             ble.  The TCP keepalive option enabled by TCPKeepAlive is spoofa‐
289             ble.  The client alive mechanism is valuable when the client or
290             server depend on knowing when a connection has become unrespon‐
291             sive.
292
293             The default value is 3.  If ClientAliveInterval is set to 15, and
294             ClientAliveCountMax is left at the default, unresponsive SSH
295             clients will be disconnected after approximately 45 seconds.
296
297     ClientAliveInterval
298             Sets a timeout interval in seconds after which if no data has
299             been received from the client, sshd(8) will send a message
300             through the encrypted channel to request a response from the
301             client.  The default is 0, indicating that these messages will
302             not be sent to the client.
303
304     Compression
305             Specifies whether compression is enabled after the user has
306             authenticated successfully.  The argument must be yes, delayed (a
307             legacy synonym for yes) or no.  The default is yes.
308
309     DenyGroups
310             This keyword can be followed by a list of group name patterns,
311             separated by spaces.  Login is disallowed for users whose primary
312             group or supplementary group list matches one of the patterns.
313             Only group names are valid; a numerical group ID is not recog‐
314             nized.  By default, login is allowed for all groups.  The
315             allow/deny directives are processed in the following order:
316             DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.
317
318             See PATTERNS in ssh_config(5) for more information on patterns.
319
320     DenyUsers
321             This keyword can be followed by a list of user name patterns,
322             separated by spaces.  Login is disallowed for user names that
323             match one of the patterns.  Only user names are valid; a numeri‐
324             cal user ID is not recognized.  By default, login is allowed for
325             all users.  If the pattern takes the form USER@HOST then USER and
326             HOST are separately checked, restricting logins to particular
327             users from particular hosts.  HOST criteria may additionally con‐
328             tain addresses to match in CIDR address/masklen format.  The
329             allow/deny directives are processed in the following order:
330             DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.
331
332             See PATTERNS in ssh_config(5) for more information on patterns.
333
334     DisableForwarding
335             Disables all forwarding features, including X11, ssh-agent(1),
336             TCP and StreamLocal.  This option overrides all other forwarding-
337             related options and may simplify restricted configurations.
338
339     ExposeAuthInfo
340             Writes a temporary file containing a list of authentication meth‐
341             ods and public credentials (e.g. keys) used to authenticate the
342             user.  The location of the file is exposed to the user session
343             through the SSH_USER_AUTH environment variable.  The default is
344             no.
345
346     FingerprintHash
347             Specifies the hash algorithm used when logging key fingerprints.
348             Valid options are: md5 and sha256.  The default is sha256.
349
350     ForceCommand
351             Forces the execution of the command specified by ForceCommand,
352             ignoring any command supplied by the client and ~/.ssh/rc if
353             present.  The command is invoked by using the user's login shell
354             with the -c option.  This applies to shell, command, or subsystem
355             execution.  It is most useful inside a Match block.  The command
356             originally supplied by the client is available in the
357             SSH_ORIGINAL_COMMAND environment variable.  Specifying a command
358             of internal-sftp will force the use of an in-process SFTP server
359             that requires no support files when used with ChrootDirectory.
360             The default is none.
361
362     GatewayPorts
363             Specifies whether remote hosts are allowed to connect to ports
364             forwarded for the client.  By default, sshd(8) binds remote port
365             forwardings to the loopback address.  This prevents other remote
366             hosts from connecting to forwarded ports.  GatewayPorts can be
367             used to specify that sshd should allow remote port forwardings to
368             bind to non-loopback addresses, thus allowing other hosts to con‐
369             nect.  The argument may be no to force remote port forwardings to
370             be available to the local host only, yes to force remote port
371             forwardings to bind to the wildcard address, or clientspecified
372             to allow the client to select the address to which the forwarding
373             is bound.  The default is no.
374
375     GSSAPIAuthentication
376             Specifies whether user authentication based on GSSAPI is allowed.
377             The default is no.
378
379     GSSAPICleanupCredentials
380             Specifies whether to automatically destroy the user's credentials
381             cache on logout.  The default is yes.
382
383     GSSAPIEnablek5users
384             Specifies whether to look at .k5users file for GSSAPI authentica‐
385             tion access control. Further details are described in ksu(1).
386             The default is no.
387
388     GSSAPIKeyExchange
389             Specifies whether key exchange based on GSSAPI is allowed. GSSAPI
390             key exchange doesn't rely on ssh keys to verify host identity.
391             The default is no.
392
393     GSSAPIStrictAcceptorCheck
394             Determines whether to be strict about the identity of the GSSAPI
395             acceptor a client authenticates against.  If set to yes then the
396             client must authenticate against the host service on the current
397             hostname.  If set to no then the client may authenticate against
398             any service key stored in the machine's default store.  This
399             facility is provided to assist with operation on multi homed
400             machines.  The default is yes.
401
402     GSSAPIStoreCredentialsOnRekey
403             Controls whether the user's GSSAPI credentials should be updated
404             following a successful connection rekeying. This option can be
405             used to accepted renewed or updated credentials from a compatible
406             client. The default is “no”.
407
408             For this to work GSSAPIKeyExchange needs to be enabled in the
409             server and also used by the client.
410
411     GSSAPIKexAlgorithms
412             The list of key exchange algorithms that are accepted by GSSAPI
413             key exchange. Possible values are
414
415                gss-gex-sha1-,
416                gss-group1-sha1-,
417                gss-group14-sha1-,
418                gss-group14-sha256-,
419                gss-group16-sha512-,
420                gss-nistp256-sha256-,
421                gss-curve25519-sha256-
422
423             The default is handled system-wide by crypto-policies(7).  To see
424             the defaults and how to modify this default, see manual page
425             update-crypto-policies(8).  This option only applies to protocol
426             version 2 connections using GSSAPI.
427
428     HostbasedAcceptedKeyTypes
429             Specifies the key types that will be accepted for hostbased
430             authentication as a list of comma-separated patterns.  Alter‐
431             nately if the specified list begins with a ‘+’ character, then
432             the specified key types will be appended to the default set
433             instead of replacing them.  If the specified list begins with a
434             ‘-’ character, then the specified key types (including wildcards)
435             will be removed from the default set instead of replacing them.
436             If the specified list begins with a ‘^’ character, then the spec‐
437             ified key types will be placed at the head of the default set.
438             The default for this option is:
439
440                ecdsa-sha2-nistp256-cert-v01@openssh.com,
441                ecdsa-sha2-nistp384-cert-v01@openssh.com,
442                ecdsa-sha2-nistp521-cert-v01@openssh.com,
443                ssh-ed25519-cert-v01@openssh.com,
444                rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
445                ssh-rsa-cert-v01@openssh.com,
446                ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
447                ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
448
449             The list of available key types may also be obtained using "ssh
450             -Q key".
451
452     HostbasedAuthentication
453             Specifies whether rhosts or /etc/hosts.equiv authentication
454             together with successful public key client host authentication is
455             allowed (host-based authentication).  The default is no.
456
457     HostbasedUsesNameFromPacketOnly
458             Specifies whether or not the server will attempt to perform a
459             reverse name lookup when matching the name in the ~/.shosts,
460             ~/.rhosts, and /etc/hosts.equiv files during
461             HostbasedAuthentication.  A setting of yes means that sshd(8)
462             uses the name supplied by the client rather than attempting to
463             resolve the name from the TCP connection itself.  The default is
464             no.
465
466     HostCertificate
467             Specifies a file containing a public host certificate.  The cer‐
468             tificate's public key must match a private host key already spec‐
469             ified by HostKey.  The default behaviour of sshd(8) is not to
470             load any certificates.
471
472     HostKey
473             Specifies a file containing a private host key used by SSH.  The
474             defaults are /etc/ssh/ssh_host_ecdsa_key,
475             /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key.
476
477             Note that sshd(8) will refuse to use a file if it is group/world-
478             accessible and that the HostKeyAlgorithms option restricts which
479             of the keys are actually used by sshd(8).
480
481             It is possible to have multiple host key files.  It is also pos‐
482             sible to specify public host key files instead.  In this case
483             operations on the private key will be delegated to an
484             ssh-agent(1).
485
486     HostKeyAgent
487             Identifies the UNIX-domain socket used to communicate with an
488             agent that has access to the private host keys.  If the string
489             "SSH_AUTH_SOCK" is specified, the location of the socket will be
490             read from the SSH_AUTH_SOCK environment variable.
491
492     HostKeyAlgorithms
493             Specifies the host key algorithms that the server offers.  The
494             default is handled system-wide by crypto-policies(7).  To see the
495             defaults and how to modify this default, see manual page
496             update-crypto-policies(8).
497
498             The list of available key types may also be obtained using "ssh
499             -Q key".
500
501     IgnoreRhosts
502             Specifies that .rhosts and .shosts files will not be used in
503             HostbasedAuthentication.
504
505             /etc/hosts.equiv and /etc/ssh/shosts.equiv are still used.  The
506             default is yes.
507
508     IgnoreUserKnownHosts
509             Specifies whether sshd(8) should ignore the user's
510             ~/.ssh/known_hosts during HostbasedAuthentication and use only
511             the system-wide known hosts file /etc/ssh/known_hosts.  The
512             default is no.
513
514     IPQoS   Specifies the IPv4 type-of-service or DSCP class for the connec‐
515             tion.  Accepted values are af11, af12, af13, af21, af22, af23,
516             af31, af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, cs4, cs5,
517             cs6, cs7, ef, lowdelay, throughput, reliability, a numeric value,
518             or none to use the operating system default.  This option may
519             take one or two arguments, separated by whitespace.  If one argu‐
520             ment is specified, it is used as the packet class uncondition‐
521             ally.  If two values are specified, the first is automatically
522             selected for interactive sessions and the second for non-interac‐
523             tive sessions.  The default is af21 (Low-Latency Data) for inter‐
524             active sessions and cs1 (Lower Effort) for non-interactive ses‐
525             sions.
526
527     KbdInteractiveAuthentication
528             Specifies whether to allow keyboard-interactive authentication.
529             The argument to this keyword must be yes or no.  The default is
530             to use whatever value ChallengeResponseAuthentication is set to
531             (by default yes).
532
533     KerberosAuthentication
534             Specifies whether the password provided by the user for
535             PasswordAuthentication will be validated through the Kerberos
536             KDC.  To use this option, the server needs a Kerberos servtab
537             which allows the verification of the KDC's identity.  The default
538             is no.
539
540     KerberosGetAFSToken
541             If AFS is active and the user has a Kerberos 5 TGT, attempt to
542             acquire an AFS token before accessing the user's home directory.
543             The default is no.
544
545     KerberosOrLocalPasswd
546             If password authentication through Kerberos fails then the pass‐
547             word will be validated via any additional local mechanism such as
548             /etc/passwd.  The default is yes.
549
550     KerberosTicketCleanup
551             Specifies whether to automatically destroy the user's ticket
552             cache file on logout.  The default is yes.
553
554     KerberosUniqueCCache
555             Specifies whether to store the acquired tickets in the per-ses‐
556             sion credential cache under /tmp/ or whether to use per-user cre‐
557             dential cache as configured in /etc/krb5.conf.  The default value
558             no can lead to overwriting previous tickets by subseqent connec‐
559             tions to the same user account.
560
561     KerberosUseKuserok
562             Specifies whether to look at .k5login file for user's aliases.
563             The default is yes.
564
565     KexAlgorithms
566             Specifies the available KEX (Key Exchange) algorithms.  Multiple
567             algorithms must be comma-separated.  Alternately if the specified
568             list begins with a ‘+’ character, then the specified methods will
569             be appended to the default set instead of replacing them.  If the
570             specified list begins with a ‘-’ character, then the specified
571             methods (including wildcards) will be removed from the default
572             set instead of replacing them.  If the specified list begins with
573             a ‘^’ character, then the specified methods will be placed at the
574             head of the default set.  The supported algorithms are:
575
576                   curve25519-sha256
577                   curve25519-sha256@libssh.org
578                   diffie-hellman-group1-sha1
579                   diffie-hellman-group14-sha1
580                   diffie-hellman-group14-sha256
581                   diffie-hellman-group16-sha512
582                   diffie-hellman-group18-sha512
583                   diffie-hellman-group-exchange-sha1
584                   diffie-hellman-group-exchange-sha256
585                   ecdh-sha2-nistp256
586                   ecdh-sha2-nistp384
587                   ecdh-sha2-nistp521
588
589             The default is handled system-wide by crypto-policies(7).  To see
590             the defaults and how to modify this default, see manual page
591             update-crypto-policies(8).
592
593             The list of available key exchange algorithms may also be
594             obtained using "ssh -Q kex".
595
596     ListenAddress
597             Specifies the local addresses sshd(8) should listen on.  The fol‐
598             lowing forms may be used:
599
600                   ListenAddress hostname|address [rdomain domain]
601                   ListenAddress hostname:port [rdomain domain]
602                   ListenAddress IPv4_address:port [rdomain domain]
603                   ListenAddress [hostname|address]:port [rdomain domain]
604
605             The optional rdomain qualifier requests sshd(8) listen in an
606             explicit routing domain.  If port is not specified, sshd will
607             listen on the address and all Port options specified.  The
608             default is to listen on all local addresses on the current
609             default routing domain.  Multiple ListenAddress options are per‐
610             mitted.  For more information on routing domains, see rdomain(4).
611
612     LoginGraceTime
613             The server disconnects after this time if the user has not suc‐
614             cessfully logged in.  If the value is 0, there is no time limit.
615             The default is 120 seconds.
616
617     LogLevel
618             Gives the verbosity level that is used when logging messages from
619             sshd(8).  The possible values are: QUIET, FATAL, ERROR, INFO,
620             VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.  The default is INFO.
621             DEBUG and DEBUG1 are equivalent.  DEBUG2 and DEBUG3 each specify
622             higher levels of debugging output.  Logging with a DEBUG level
623             violates the privacy of users and is not recommended.
624
625     MACs    Specifies the available MAC (message authentication code) algo‐
626             rithms.  The MAC algorithm is used for data integrity protection.
627             Multiple algorithms must be comma-separated.  If the specified
628             list begins with a ‘+’ character, then the specified algorithms
629             will be appended to the default set instead of replacing them.
630             If the specified list begins with a ‘-’ character, then the spec‐
631             ified algorithms (including wildcards) will be removed from the
632             default set instead of replacing them.  If the specified list
633             begins with a ‘^’ character, then the specified algorithms will
634             be placed at the head of the default set.
635
636             The algorithms that contain "-etm" calculate the MAC after
637             encryption (encrypt-then-mac).  These are considered safer and
638             their use recommended.  The supported MACs are:
639
640                   hmac-md5
641                   hmac-md5-96
642                   hmac-sha1
643                   hmac-sha1-96
644                   hmac-sha2-256
645                   hmac-sha2-512
646                   umac-64@openssh.com
647                   umac-128@openssh.com
648                   hmac-md5-etm@openssh.com
649                   hmac-md5-96-etm@openssh.com
650                   hmac-sha1-etm@openssh.com
651                   hmac-sha1-96-etm@openssh.com
652                   hmac-sha2-256-etm@openssh.com
653                   hmac-sha2-512-etm@openssh.com
654                   umac-64-etm@openssh.com
655                   umac-128-etm@openssh.com
656
657             The default is handled system-wide by crypto-policies(7).  To see
658             the defaults and how to modify this default, see manual page
659             update-crypto-policies(8).
660
661             The list of available MAC algorithms may also be obtained using
662             "ssh -Q mac".
663
664     Match   Introduces a conditional block.  If all of the criteria on the
665             Match line are satisfied, the keywords on the following lines
666             override those set in the global section of the config file,
667             until either another Match line or the end of the file.  If a
668             keyword appears in multiple Match blocks that are satisfied, only
669             the first instance of the keyword is applied.
670
671             The arguments to Match are one or more criteria-pattern pairs or
672             the single token All which matches all criteria.  The available
673             criteria are User, Group, Host, LocalAddress, LocalPort, RDomain,
674             and Address (with RDomain representing the rdomain(4) on which
675             the connection was received).
676
677             The match patterns may consist of single entries or comma-sepa‐
678             rated lists and may use the wildcard and negation operators
679             described in the PATTERNS section of ssh_config(5).
680
681             The patterns in an Address criteria may additionally contain
682             addresses to match in CIDR address/masklen format, such as
683             192.0.2.0/24 or 2001:db8::/32.  Note that the mask length pro‐
684             vided must be consistent with the address - it is an error to
685             specify a mask length that is too long for the address or one
686             with bits set in this host portion of the address.  For example,
687             192.0.2.0/33 and 192.0.2.0/8, respectively.
688
689             Only a subset of keywords may be used on the lines following a
690             Match keyword.  Available keywords are AcceptEnv,
691             AllowAgentForwarding, AllowGroups, AllowStreamLocalForwarding,
692             AllowTcpForwarding, AllowUsers, AuthenticationMethods,
693             AuthorizedKeysCommand, AuthorizedKeysCommandUser,
694             AuthorizedKeysFile, AuthorizedPrincipalsCommand,
695             AuthorizedPrincipalsCommandUser, AuthorizedPrincipalsFile,
696             Banner, ChrootDirectory, ClientAliveCountMax,
697             ClientAliveInterval, DenyGroups, DenyUsers, ForceCommand,
698             GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes,
699             HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, IPQoS,
700             KbdInteractiveAuthentication, KerberosAuthentication,
701             KerberosUseKuserok, LogLevel, MaxAuthTries, MaxSessions,
702             PasswordAuthentication, PermitEmptyPasswords, PermitListen,
703             PermitOpen, PermitRootLogin, PermitTTY, PermitTunnel,
704             PermitUserRC, PubkeyAcceptedKeyTypes, PubkeyAuthentication,
705             RekeyLimit, RevokedKeys, RDomain, SetEnv, StreamLocalBindMask,
706             StreamLocalBindUnlink, TrustedUserCAKeys, X11DisplayOffset,
707             X11MaxDisplays, X11Forwarding and X11UseLocalhost.
708
709     MaxAuthTries
710             Specifies the maximum number of authentication attempts permitted
711             per connection.  Once the number of failures reaches half this
712             value, additional failures are logged.  The default is 6.
713
714     MaxSessions
715             Specifies the maximum number of open shell, login or subsystem
716             (e.g. sftp) sessions permitted per network connection.  Multiple
717             sessions may be established by clients that support connection
718             multiplexing.  Setting MaxSessions to 1 will effectively disable
719             session multiplexing, whereas setting it to 0 will prevent all
720             shell, login and subsystem sessions while still permitting for‐
721             warding.  The default is 10.
722
723     MaxStartups
724             Specifies the maximum number of concurrent unauthenticated con‐
725             nections to the SSH daemon.  Additional connections will be
726             dropped until authentication succeeds or the LoginGraceTime
727             expires for a connection.  The default is 10:30:100.
728
729             Alternatively, random early drop can be enabled by specifying the
730             three colon separated values start:rate:full (e.g. "10:30:60").
731             sshd(8) will refuse connection attempts with a probability of
732             rate/100 (30%) if there are currently start (10) unauthenticated
733             connections.  The probability increases linearly and all connec‐
734             tion attempts are refused if the number of unauthenticated con‐
735             nections reaches full (60).
736
737     PasswordAuthentication
738             Specifies whether password authentication is allowed.  The
739             default is yes.
740
741     PermitEmptyPasswords
742             When password authentication is allowed, it specifies whether the
743             server allows login to accounts with empty password strings.  The
744             default is no.
745
746     PermitListen
747             Specifies the addresses/ports on which a remote TCP port forward‐
748             ing may listen.  The listen specification must be one of the fol‐
749             lowing forms:
750
751                   PermitListen port
752                   PermitListen host:port
753
754             Multiple permissions may be specified by separating them with
755             whitespace.  An argument of any can be used to remove all
756             restrictions and permit any listen requests.  An argument of none
757             can be used to prohibit all listen requests.  The host name may
758             contain wildcards as described in the PATTERNS section in
759             ssh_config(5).  The wildcard ‘*’ can also be used in place of a
760             port number to allow all ports.  By default all port forwarding
761             listen requests are permitted.  Note that the GatewayPorts option
762             may further restrict which addresses may be listened on.  Note
763             also that ssh(1) will request a listen host of “localhost” if no
764             listen host was specifically requested, and this name is treated
765             differently to explicit localhost addresses of “127.0.0.1” and
766             “::1”.
767
768     PermitOpen
769             Specifies the destinations to which TCP port forwarding is per‐
770             mitted.  The forwarding specification must be one of the follow‐
771             ing forms:
772
773                   PermitOpen host:port
774                   PermitOpen IPv4_addr:port
775                   PermitOpen [IPv6_addr]:port
776
777             Multiple forwards may be specified by separating them with white‐
778             space.  An argument of any can be used to remove all restrictions
779             and permit any forwarding requests.  An argument of none can be
780             used to prohibit all forwarding requests.  The wildcard ‘*’ can
781             be used for host or port to allow all hosts or ports, respec‐
782             tively.  By default all port forwarding requests are permitted.
783
784     PermitRootLogin
785             Specifies whether root can log in using ssh(1).  The argument
786             must be yes, prohibit-password, forced-commands-only, or no.  The
787             default is prohibit-password.
788
789             If this option is set to prohibit-password (or its deprecated
790             alias, without-password), password and keyboard-interactive
791             authentication are disabled for root.
792
793             If this option is set to forced-commands-only, root login with
794             public key authentication will be allowed, but only if the
795             command option has been specified (which may be useful for taking
796             remote backups even if root login is normally not allowed).  All
797             other authentication methods are disabled for root.
798
799             If this option is set to no, root is not allowed to log in.
800
801     PermitTTY
802             Specifies whether pty(4) allocation is permitted.  The default is
803             yes.
804
805     PermitTunnel
806             Specifies whether tun(4) device forwarding is allowed.  The argu‐
807             ment must be yes, point-to-point (layer 3), ethernet (layer 2),
808             or no.  Specifying yes permits both point-to-point and ethernet.
809             The default is no.
810
811             Independent of this setting, the permissions of the selected
812             tun(4) device must allow access to the user.
813
814     PermitUserEnvironment
815             Specifies whether ~/.ssh/environment and environment= options in
816             ~/.ssh/authorized_keys are processed by sshd(8).  Valid options
817             are yes, no or a pattern-list specifying which environment vari‐
818             able names to accept (for example "LANG,LC_*").  The default is
819             no.  Enabling environment processing may enable users to bypass
820             access restrictions in some configurations using mechanisms such
821             as LD_PRELOAD.
822
823     PermitUserRC
824             Specifies whether any ~/.ssh/rc file is executed.  The default is
825             yes.
826
827     PidFile
828             Specifies the file that contains the process ID of the SSH dae‐
829             mon, or none to not write one.  The default is /var/run/sshd.pid.
830
831     Port    Specifies the port number that sshd(8) listens on.  The default
832             is 22.  Multiple options of this type are permitted.  See also
833             ListenAddress.
834
835     PrintLastLog
836             Specifies whether sshd(8) should print the date and time of the
837             last user login when a user logs in interactively.  The default
838             is yes.
839
840     PrintMotd
841             Specifies whether sshd(8) should print /etc/motd when a user logs
842             in interactively.  (On some systems it is also printed by the
843             shell, /etc/profile, or equivalent.)  The default is yes.
844
845     PubkeyAcceptedKeyTypes
846             Specifies the key types that will be accepted for public key
847             authentication as a list of comma-separated patterns.  Alter‐
848             nately if the specified list begins with a ‘+’ character, then
849             the specified key types will be appended to the default set
850             instead of replacing them.  If the specified list begins with a
851             ‘-’ character, then the specified key types (including wildcards)
852             will be removed from the default set instead of replacing them.
853             If the specified list begins with a ‘^’ character, then the spec‐
854             ified key types will be placed at the head of the default set.
855             The default is handled system-wide by crypto-policies(7).  To see
856             the defaults and how to modify this default, see manual page
857             update-crypto-policies(8).
858
859             The list of available key types may also be obtained using "ssh
860             -Q key".
861
862     PubkeyAuthentication
863             Specifies whether public key authentication is allowed.  The
864             default is yes.
865
866     RekeyLimit
867             Specifies the maximum amount of data that may be transmitted
868             before the session key is renegotiated, optionally followed a
869             maximum amount of time that may pass before the session key is
870             renegotiated.  The first argument is specified in bytes and may
871             have a suffix of ‘K’, ‘M’, or ‘G’ to indicate Kilobytes,
872             Megabytes, or Gigabytes, respectively.  The default is between
873             ‘1G’ and ‘4G’, depending on the cipher.  The optional second
874             value is specified in seconds and may use any of the units docu‐
875             mented in the TIME FORMATS section.  The default value for
876             RekeyLimit is default none, which means that rekeying is per‐
877             formed after the cipher's default amount of data has been sent or
878             received and no time based rekeying is done.
879
880     RevokedKeys
881             Specifies revoked public keys file, or none to not use one.  Keys
882             listed in this file will be refused for public key authentica‐
883             tion.  Note that if this file is not readable, then public key
884             authentication will be refused for all users.  Keys may be speci‐
885             fied as a text file, listing one public key per line, or as an
886             OpenSSH Key Revocation List (KRL) as generated by ssh-keygen(1).
887             For more information on KRLs, see the KEY REVOCATION LISTS sec‐
888             tion in ssh-keygen(1).
889
890     RDomain
891             Specifies an explicit routing domain that is applied after
892             authentication has completed.  The user session, as well and any
893             forwarded or listening IP sockets, will be bound to this
894             rdomain(4).  If the routing domain is set to %D, then the domain
895             in which the incoming connection was received will be applied.
896
897     SetEnv  Specifies one or more environment variables to set in child ses‐
898             sions started by sshd(8) as “NAME=VALUE”.  The environment value
899             may be quoted (e.g. if it contains whitespace characters).  Envi‐
900             ronment variables set by SetEnv override the default environment
901             and any variables specified by the user via AcceptEnv or
902             PermitUserEnvironment.
903
904     StreamLocalBindMask
905             Sets the octal file creation mode mask (umask) used when creating
906             a Unix-domain socket file for local or remote port forwarding.
907             This option is only used for port forwarding to a Unix-domain
908             socket file.
909
910             The default value is 0177, which creates a Unix-domain socket
911             file that is readable and writable only by the owner.  Note that
912             not all operating systems honor the file mode on Unix-domain
913             socket files.
914
915     StreamLocalBindUnlink
916             Specifies whether to remove an existing Unix-domain socket file
917             for local or remote port forwarding before creating a new one.
918             If the socket file already exists and StreamLocalBindUnlink is
919             not enabled, sshd will be unable to forward the port to the Unix-
920             domain socket file.  This option is only used for port forwarding
921             to a Unix-domain socket file.
922
923             The argument must be yes or no.  The default is no.
924
925     StrictModes
926             Specifies whether sshd(8) should check file modes and ownership
927             of the user's files and home directory before accepting login.
928             This is normally desirable because novices sometimes accidentally
929             leave their directory or files world-writable.  The default is
930             yes.  Note that this does not apply to ChrootDirectory, whose
931             permissions and ownership are checked unconditionally.
932
933     Subsystem
934             Configures an external subsystem (e.g. file transfer daemon).
935             Arguments should be a subsystem name and a command (with optional
936             arguments) to execute upon subsystem request.
937
938             The command sftp-server implements the SFTP file transfer subsys‐
939             tem.
940
941             Alternately the name internal-sftp implements an in-process SFTP
942             server.  This may simplify configurations using ChrootDirectory
943             to force a different filesystem root on clients.
944
945             By default no subsystems are defined.
946
947     SyslogFacility
948             Gives the facility code that is used when logging messages from
949             sshd(8).  The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
950             LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
951             The default is AUTH.
952
953     TCPKeepAlive
954             Specifies whether the system should send TCP keepalive messages
955             to the other side.  If they are sent, death of the connection or
956             crash of one of the machines will be properly noticed.  However,
957             this means that connections will die if the route is down tempo‐
958             rarily, and some people find it annoying.  On the other hand, if
959             TCP keepalives are not sent, sessions may hang indefinitely on
960             the server, leaving "ghost" users and consuming server resources.
961
962             The default is yes (to send TCP keepalive messages), and the
963             server will notice if the network goes down or the client host
964             crashes.  This avoids infinitely hanging sessions.
965
966             To disable TCP keepalive messages, the value should be set to no.
967
968     TrustedUserCAKeys
969             Specifies a file containing public keys of certificate authori‐
970             ties that are trusted to sign user certificates for authentica‐
971             tion, or none to not use one.  Keys are listed one per line;
972             empty lines and comments starting with ‘#’ are allowed.  If a
973             certificate is presented for authentication and has its signing
974             CA key listed in this file, then it may be used for authentica‐
975             tion for any user listed in the certificate's principals list.
976             Note that certificates that lack a list of principals will not be
977             permitted for authentication using TrustedUserCAKeys.  For more
978             details on certificates, see the CERTIFICATES section in
979             ssh-keygen(1).
980
981     UseDNS  Specifies whether sshd(8) should look up the remote host name,
982             and to check that the resolved host name for the remote IP
983             address maps back to the very same IP address.
984
985             If this option is set to no (the default) then only addresses and
986             not host names may be used in ~/.ssh/authorized_keys from and
987             sshd_config Match Host directives.
988
989     UsePAM  Enables the Pluggable Authentication Module interface.  If set to
990             yes this will enable PAM authentication using
991             ChallengeResponseAuthentication and PasswordAuthentication in
992             addition to PAM account and session module processing for all
993             authentication types.
994
995             Because PAM challenge-response authentication usually serves an
996             equivalent role to password authentication, you should disable
997             either PasswordAuthentication or ChallengeResponseAuthentication.
998
999             If UsePAM is enabled, you will not be able to run sshd(8) as a
1000             non-root user.  The default is no.
1001
1002     VersionAddendum
1003             Optionally specifies additional text to append to the SSH proto‐
1004             col banner sent by the server upon connection.  The default is
1005             none.
1006
1007     X11DisplayOffset
1008             Specifies the first display number available for sshd(8)'s X11
1009             forwarding.  This prevents sshd from interfering with real X11
1010             servers.  The default is 10.
1011
1012     X11MaxDisplays
1013             Specifies the maximum number of displays available for sshd(8)'s
1014             X11 forwarding.  This prevents sshd from exhausting local ports.
1015             The default is 1000.
1016
1017     X11Forwarding
1018             Specifies whether X11 forwarding is permitted.  The argument must
1019             be yes or no.  The default is no.
1020
1021             When X11 forwarding is enabled, there may be additional exposure
1022             to the server and to client displays if the sshd(8) proxy display
1023             is configured to listen on the wildcard address (see
1024             X11UseLocalhost), though this is not the default.  Additionally,
1025             the authentication spoofing and authentication data verification
1026             and substitution occur on the client side.  The security risk of
1027             using X11 forwarding is that the client's X11 display server may
1028             be exposed to attack when the SSH client requests forwarding (see
1029             the warnings for ForwardX11 in ssh_config(5)).  A system adminis‐
1030             trator may have a stance in which they want to protect clients
1031             that may expose themselves to attack by unwittingly requesting
1032             X11 forwarding, which can warrant a no setting.
1033
1034             Note that disabling X11 forwarding does not prevent users from
1035             forwarding X11 traffic, as users can always install their own
1036             forwarders.
1037
1038     X11UseLocalhost
1039             Specifies whether sshd(8) should bind the X11 forwarding server
1040             to the loopback address or to the wildcard address.  By default,
1041             sshd binds the forwarding server to the loopback address and sets
1042             the hostname part of the DISPLAY environment variable to
1043             localhost.  This prevents remote hosts from connecting to the
1044             proxy display.  However, some older X11 clients may not function
1045             with this configuration.  X11UseLocalhost may be set to no to
1046             specify that the forwarding server should be bound to the wild‐
1047             card address.  The argument must be yes or no.  The default is
1048             yes.
1049
1050     XAuthLocation
1051             Specifies the full pathname of the xauth(1) program, or none to
1052             not use one.  The default is /usr/bin/xauth.
1053

TIME FORMATS

1055     sshd(8) command-line arguments and configuration file options that spec‐
1056     ify time may be expressed using a sequence of the form: time[qualifier],
1057     where time is a positive integer value and qualifier is one of the fol‐
1058     lowing:
1059
1060none⟩  seconds
1061           s | S   seconds
1062           m | M   minutes
1063           h | H   hours
1064           d | D   days
1065           w | W   weeks
1066
1067     Each member of the sequence is added together to calculate the total time
1068     value.
1069
1070     Time format examples:
1071
1072           600     600 seconds (10 minutes)
1073           10m     10 minutes
1074           1h30m   1 hour 30 minutes (90 minutes)
1075

TOKENS

1077     Arguments to some keywords can make use of tokens, which are expanded at
1078     runtime:
1079
1080           %%    A literal ‘%’.
1081           %D    The routing domain in which the incoming connection was
1082                 received.
1083           %F    The fingerprint of the CA key.
1084           %f    The fingerprint of the key or certificate.
1085           %h    The home directory of the user.
1086           %i    The key ID in the certificate.
1087           %K    The base64-encoded CA key.
1088           %k    The base64-encoded key or certificate for authentication.
1089           %s    The serial number of the certificate.
1090           %T    The type of the CA key.
1091           %t    The key or certificate type.
1092           %U    The numeric user ID of the target user.
1093           %u    The username.
1094
1095     AuthorizedKeysCommand accepts the tokens %%, %f, %h, %k, %t, %U, and %u.
1096
1097     AuthorizedKeysFile accepts the tokens %%, %h, %U, and %u.
1098
1099     AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %h, %i, %K,
1100     %k, %s, %T, %t, %U, and %u.
1101
1102     AuthorizedPrincipalsFile accepts the tokens %%, %h, %U, and %u.
1103
1104     ChrootDirectory accepts the tokens %%, %h, %U, and %u.
1105
1106     RoutingDomain accepts the token %D.
1107

FILES

1109     /etc/ssh/sshd_config
1110             Contains configuration data for sshd(8).  This file should be
1111             writable by root only, but it is recommended (though not neces‐
1112             sary) that it be world-readable.
1113

SEE ALSO

1115     sftp-server(8), sshd(8)
1116

AUTHORS

1118     OpenSSH is a derivative of the original and free ssh 1.2.12 release by
1119     Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
1120     de Raadt and Dug Song removed many bugs, re-added newer features and cre‐
1121     ated OpenSSH.  Markus Friedl contributed the support for SSH protocol
1122     versions 1.5 and 2.0.  Niels Provos and Markus Friedl contributed support
1123     for privilege separation.
1124
1125BSD                            December 31, 2019                           BSD
Impressum