1sshd_config(4)                   File Formats                   sshd_config(4)
2
3
4

NAME

6       sshd_config - sshd configuration file
7

SYNOPSIS

9       /etc/ssh/sshd_config
10
11

DESCRIPTION

13       The  sshd(1M) daemon reads configuration data from /etc/ssh/sshd_config
14       (or the file specified with sshd -f on the command line). The file con‐
15       tains  keyword-value  pairs,  one per line. A line starting with a hash
16       mark (#) and empty lines are interpreted as comments.
17
18
19       The sshd_config file supports the following keywords. Unless  otherwise
20       noted, keywords and their arguments are case-insensitive.
21
22       AllowGroups
23
24           This  keyword can be followed by a number of group names, separated
25           by spaces. If specified, login is allowed only for users whose pri‐
26           mary group or supplementary group list matches one of the patterns.
27           Asterisk (*) and question mark (?) can be used as wildcards in  the
28           patterns.  Only  group names are valid; a numerical group ID is not
29           recognized. By default, login is allowed regardless of the  primary
30           group.
31
32
33       AllowTcpForwarding
34
35           Specifies  whether TCP forwarding is permitted. The default is yes.
36           Disabling TCP forwarding does not improve security unless users are
37           also denied shell access, as they can always install their own for‐
38           warders.
39
40
41       AllowUsers
42
43           This keyword can be followed by a number of user  names,  separated
44           by  spaces. If specified, login is allowed only for user names that
45           match one of the patterns. Asterisk (*) and question mark  (?)  can
46           be  used as wildcards in the patterns. Only user names are valid; a
47           numerical user ID is not recognized. By default  login  is  allowed
48           regardless of the user name.
49
50           If  a specified pattern takes the form user@host then user and host
51           are checked separately, restricting logins to particular users from
52           particular hosts.
53
54
55       AuthorizedKeysFile
56
57           Specifies  the  file that contains the public keys that can be used
58           for user authentication. AuthorizedKeysFile can contain  tokens  of
59           the  form  %T,  which are substituted during connection set-up. The
60           following tokens are defined: %% is replaced by a literal %, %h  is
61           replaced  by the home directory of the user being authenticated and
62           %u is replaced by the  username  of  that  user.  After  expansion,
63           AuthorizedKeysFile  is taken to be an absolute path or one relative
64           to the user's home directory. The default is .ssh/authorized_keys.
65
66
67       Banner
68
69           In some jurisdictions, sending a warning message before authentica‐
70           tion  can be relevant for getting legal protection. The contents of
71           the specified file are sent to the remote user  before  authentica‐
72           tion is allowed. This option is only available for protocol version
73           2. By default, no banner is displayed.
74
75
76       ChrootDirectory
77
78           Specifies a path to chroot(2) to after authentication.  This  path,
79           and all its components, must be root-owned directories that are not
80           writable by any other user or group.
81
82           The server always tries to change  to  the  user's  home  directory
83           locally  under  the  chrooted environment but a failure to do so is
84           not considered an error. In addition, the path  might  contain  the
85           following  tokens  that are expanded at runtime once the connecting
86           user has been authenticated: %% is replaced by a literal %,  %h  is
87           replaced by the home directory of the user being authenticated, and
88           %u is replaced by the username of that user.
89
90           The ChrootDirectory must contain the necessary files  and  directo‐
91           ries  to support the user's session. For an interactive SSH session
92           this requires at least a user's shell, shared libraries  needed  by
93           the  shell,  dynamic  linker, and possibly basic /dev nodes such as
94           null, zero, stdin, stdout, stderr, random, and  tty.  Additionally,
95           terminal databases are needed for screen oriented applications. For
96           file transfer sessions using sftp with the SSH protocol version  2,
97           no  additional configuration of the environment is necessary if the
98           in-process sftp server is used. See Subsystem for details.
99
100           The default is not to chroot(2).
101
102
103       Ciphers
104
105           Specifies the ciphers allowed for protocol version 2. Cipher order‐
106           ing  on  the  server side is not relevant. Multiple ciphers must be
107           comma separated.
108
109           Valid ciphers are: aes128-ctr, aes192-ctr, aes256-ctr,  aes128-cbc,
110           aes192-cbc,  aes256-cbc, arcfour, arcfour128, arcfour256, 3des-cbc,
111           and blowfish-cbc.
112
113           The default cipher list is:
114
115             aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,
116             arcfour256,arcfour
117
118
119           Using CBC modes on the server side is not recommended due to poten‐
120           tial security issues in connection with the SSH protocol version 2.
121
122
123       ClientAliveCountMax
124
125           Sets  the  number  of client alive messages, (see ClientAliveInter‐
126           val), that can be sent without sshd  receiving  any  messages  back
127           from  the  client.  If this threshold is reached while client alive
128           messages are being sent, sshd disconnects the  client,  terminating
129           the  session.  The  use  of client alive messages is very different
130           from KeepAlive. The client alive  messages  are  sent  through  the
131           encrypted   channel  and  therefore  are  not  spoofable.  The  TCP
132           keepalive option enabled by  KeepAlive  is  spoofable.  The  client
133           alive mechanism is valuable when a client or server depend on know‐
134           ing when a connection has become inactive.
135
136           The default value is 3. If ClientAliveInterval is set  to  15,  and
137           ClientAliveCountMax  is  left  at  the  default,  unresponsive  ssh
138           clients are disconnected after approximately 45 seconds.
139
140
141       ClientAliveInterval
142
143           Sets a timeout interval in seconds after which, if no data has been
144           received  from  the  client,  sshd  sends  a  message  through  the
145           encrypted channel to  request  a  response  from  the  client.  The
146           default  is  0,  indicating that these messages are not sent to the
147           client. This option applies only to protocol version 2.
148
149
150       Compression
151
152           Controls whether the server allows the client to negotiate the  use
153           of compression. The default is yes.
154
155
156       DenyGroups
157
158           Can  be  followed  by a number of group names, separated by spaces.
159           Users whose primary group matches  one  of  the  patterns  are  not
160           allowed  to  log in. Asterisk (*) and question mark (?) can be used
161           as wildcards in the patterns. Only group names are valid; a numeri‐
162           cal  group  ID  is  not  recognized.  By  default, login is allowed
163           regardless of the primary group.
164
165
166       DenyUsers
167
168           Can be followed by a number of user  names,  separated  by  spaces.
169           Login  is disallowed for user names that match one of the patterns.
170           Asterisk (*) and question mark (?) can be used as wildcards in  the
171           patterns.  Only  user  names  are valid; a numerical user ID is not
172           recognized. By default, login is allowed  regardless  of  the  user
173           name.
174
175           If  a specified pattern takes the form user@host then user and host
176           are checked separately, disallowing logins to particular users from
177           particular hosts.
178
179
180       GatewayPorts
181
182           Specifies whether remote hosts are allowed to connect to ports for‐
183           warded for the client. By default, sshd binds remote port  forward‐
184           ings to the loopback address. This prevents other remote hosts from
185           connecting to forwarded ports. GatewayPorts can be used to  specify
186           that  sshd  should  bind  remote  port  forwardings to the wildcard
187           address, thus allowing remote hosts to connect to forwarded ports.
188
189           The argument can be no to  force  remote  port  forwardings  to  be
190           available to the local host only, yes to force remote port forward‐
191           ings to bind to the wildcard address, or clientspecified  to  allow
192           the  client to select the address to which the forwarding is bound.
193           The default is no. See also RemoteForward in ssh_config(4).
194
195
196       GSSAPIAuthentication
197
198           Enables/disables GSS-API user authentication. The default is yes.
199
200           Currently sshd authorizes client user principals to  user  accounts
201           as  follows:  if  the  principal  name  matches  the requested user
202           account, then  the  principal  is  authorized.  Otherwise,  GSS-API
203           authentication fails.
204
205
206       GSSAPIKeyExchange
207
208           Enables/disables  GSS-API-authenticated  key exchanges. The default
209           is yes.
210
211           This option also enables the use of the GSS-API to authenticate the
212           user  to  server  after  the key exchange. GSS-API key exchange can
213           succeed but the subsequent authentication using the GSS-API fail if
214           the  server does not authorize the user's GSS principal name to the
215           target user account.
216
217           Currently sshd authorizes client user principals to  user  accounts
218           as  follows:  if  the  principal  name  matches  the requested user
219           account, then  the  principal  is  authorized.  Otherwise,  GSS-API
220           authentication fails.
221
222
223       GSSAPIStoreDelegatedCredentials
224
225           Enables/disables  the  use  of delegated GSS-API credentials on the
226           server-side. The default is yes.
227
228           Specifically, this option, when enabled, causes the server to store
229           delegated GSS-API credentials in the user's default GSS-API creden‐
230           tial  store   (which   for   the   Kerberos   V   mechanism   means
231           /tmp/krb5cc_<uid>).
232
233           Note -
234
235             sshd  does  not take any steps to explicitly destroy stored dele‐
236             gated GSS-API credentials upon logout. It is  the  responsibility
237             of PAM modules to destroy credentials associated with a session.
238
239
240       HostbasedAuthentication
241
242           Specifies  whether  to  try rhosts-based authentication with public
243           key authentication. The argument must be yes or no. The default  is
244           no.  This  option applies to protocol version 2 only and is similar
245           to RhostsRSAAuthentication. See sshd(1M) for guidelines on  setting
246           up host-based authentication.
247
248
249       HostbasedUsesNameFromPacketOnly
250
251           Controls  which  hostname  is  searched for in the files ~/.shosts,
252           /etc/shosts.equiv, and /etc/hosts.equiv. If this parameter  is  set
253           to  yes, the server uses the name the client claimed for itself and
254           signed with that host's key. If set to no, the default, the  server
255           uses the name to which the client's IP address resolves.
256
257           Setting  this  parameter  to  no disables host-based authentication
258           when using NAT or when the client gets  to  the  server  indirectly
259           through a port-forwarding firewall.
260
261
262       HostKey
263
264           Specifies the file containing the private host key used by SSH. The
265           default  is  /etc/ssh/ssh_host_key  for  protocol  version  1,  and
266           /etc/ssh/ssh_host_rsa_key  and /etc/ssh/ssh_host_dsa_key for proto‐
267           col version 2. sshd refuses to use a file  if  it  is  group/world-
268           accessible.  It  is  possible to have multiple host key files. rsa1
269           keys are used for version 1 and dsa or rsa are used for  version  2
270           of the SSH protocol.
271
272
273       IgnoreRhosts
274
275           Specifies  that .rhosts and .shosts files are not used in authenti‐
276           cation. /etc/hosts.equiv and /etc/shosts.equiv are still used.  The
277           default  is yes. This parameter applies to both protocol versions 1
278           and 2.
279
280
281       IgnoreUserKnownHosts
282
283           Specifies    whether    sshd    should    ignore     the     user's
284           $HOME/.ssh/known_hosts  during RhostsRSAAuthentication. The default
285           is no. This parameter applies to both protocol versions 1 and 2.
286
287
288       KbdInteractiveAuthentication
289
290           Specifies whether authentication by means of the "keyboard-interac‐
291           tive"  authentication method (and PAM) is allowed. Defaults to yes.
292           (Deprecated: this parameter can only be set to yes.)
293
294
295       KeepAlive
296
297           Specifies whether the system should send keepalive messages to  the
298           other  side.  If they are sent, death of the connection or crash of
299           one of the machines is properly noticed. However, this  means  that
300           connections  die  if the route is down temporarily, which can be an
301           annoyance. On the other hand, if keepalives are not sent,  sessions
302           can  hang  indefinitely on the server, leaving ghost users and con‐
303           suming server resources.
304
305           The default is yes (to send keepalives), and the server notices  if
306           the  network  goes down or the client host reboots. This avoids in‐
307           finitely hanging sessions.
308
309           To disable keepalives, the value should be set to no  in  both  the
310           server and the client configuration files.
311
312
313       KeyRegenerationInterval
314
315           In  protocol  version  1, the ephemeral server key is automatically
316           regenerated after this many seconds (if it has been used). The pur‐
317           pose  of regeneration is to prevent decrypting captured sessions by
318           later breaking into the machine and stealing the keys. The  key  is
319           never stored anywhere. If the value is 0, the key is never regener‐
320           ated. The default is 3600 (seconds).
321
322
323       ListenAddress
324
325           Specifies what local address sshd should listen on.  The  following
326           forms can be used:
327
328             ListenAddress host|IPv4_addr|IPv6_addr
329             ListenAddress host|IPv4_addr:port
330             ListenAddress [host|IPv6_addr]:port
331
332           If port is not specified, sshd listens on the address and all prior
333           Port options specified. The default  is  to  listen  on  all  local
334           addresses.  Multiple ListenAddress options are permitted. Addition‐
335           ally, any Port options must precede this option for non-port quali‐
336           fied addresses.
337
338           The  default  is to listen on all local addresses. Multiple options
339           of this type are permitted. Additionally, the  Ports  options  must
340           precede this option.
341
342
343       LoginGraceTime
344
345           The server disconnects after this time (in seconds) if the user has
346           not successfully logged in. If the value is 0,  there  is  no  time
347           limit. The default is 120 (seconds).
348
349
350       LogLevel
351
352           Gives  the  verbosity level that is used when logging messages from
353           sshd. The possible values are: QUIET, FATAL, ERROR, INFO,  VERBOSE,
354           DEBUG,  DEBUG1, DEBUG2, and DEBUG3. The default is INFO. DEBUG2 and
355           DEBUG3 each specify higher levels of debugging output. Logging with
356           level DEBUG violates the privacy of users and is not recommended.
357
358
359       LookupClientHostnames
360
361           Specifies whether or not to lookup the names of client's addresses.
362           Defaults to yes.
363
364
365       MACs
366
367           Specifies the available MAC  (message  authentication  code)  algo‐
368           rithms.  The  MAC  algorithm is used in protocol version 2 for data
369           integrity protection. Multiple algorithms must be  comma-separated.
370           The default is hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96.
371
372
373       MaxStartups
374
375           Specifies  the maximum number of concurrent unauthenticated connec‐
376           tions to the sshd daemon. Additional connections are dropped  until
377           authentication succeeds or the LoginGraceTime expires for a connec‐
378           tion. The default is 10.
379
380           Alternatively, random early drop can be enabled by  specifying  the
381           three   colon-separated   values   start:rate:full   (for  example,
382           10:30:60).  Referring  to  this  example,  sshd  refuse  connection
383           attempts  with  a  probability  of rate/100 (30% in our example) if
384           there are currently 10 (from the start field) unauthenticated  con‐
385           nections.  The  probability  increases  linearly and all connection
386           attempts are refused if the number of  unauthenticated  connections
387           reaches full (60 in our example).
388
389
390       PasswordAuthentication
391
392           Specifies  whether  password authentication is allowed. The default
393           is yes. This option applies to both protocol versions 1 and 2.
394
395
396       PermitEmptyPasswords
397
398           When password or keyboard-interactive authentication is allowed, it
399           specifies  whether  the  server allows login to accounts with empty
400           password strings.
401
402           If not set  then  the  /etc/default/login  PASSREQ  value  is  used
403           instead.
404
405           PASSREQ=no  is  equivalent to PermitEmptyPasswords yes. PASSREQ=yes
406           is equivalent to PermitEmptyPasswords no. If  neither  PermitEmpty‐
407           Passwords or PASSREQ are set the default is no.
408
409
410       PermitRootLogin
411
412           Specifies  whether  the  root can log in using ssh(1). The argument
413           must be yes, without-password, forced-commands-only, or  no.  with‐
414           out-password  means  that  root  cannot  be authenticated using the
415           "password" or "keyboard-interactive" methods  (see  description  of
416           KbdInteractiveAuthentication).   forced-commands-only   means  that
417           authentication is allowed only for publickey (for  SSHv2,  or  RSA,
418           for  SSHv1) and only if the matching authorized_keys entry for root
419           has a command=<cmd> option.
420
421           In Solaris, the default /etc/ssh/sshd_config file is  shipped  with
422           PermitRootLogin set to no. If unset by the administrator, then CON‐
423           SOLE parameter from /etc/default/login supplies the  default  value
424           as  follows:  if the CONSOLE parameter is not commented out (it can
425           even be empty, that is, "CONSOLE="), then without-password is  used
426           as default value. If CONSOLE is commented out, then the default for
427           PermitRootLogin is yes.
428
429           The without-password and forced-commands-only settings  are  useful
430           for,  for  example,  performing  remote  administration and backups
431           using trusted public keys for authentication of the remote  client,
432           without allowing access to the root account using passwords.
433
434
435       PermitUserEnvironment
436
437           Specifies  whether  a  user's ~/.ssh/environment on the server side
438           and environment options in the  AuthorizedKeysFile  file  are  pro‐
439           cessed  by sshd. The default is no. Enabling environment processing
440           can enable users to bypass access restrictions in  some  configura‐
441           tions using mechanisms such as LD_PRELOAD.
442
443           Environment  setting  from  a  relevant entry in AuthorizedKeysFile
444           file is processed only if the user was authenticated using the pub‐
445           lic  key  authentication  method.  Of the two files used, values of
446           variables set in ~/.ssh/environment are of higher priority.
447
448
449       PidFile
450
451           Allows you to specify  an  alternative  to  /var/run/sshd.pid,  the
452           default  file for storing the PID of the sshd listening for connec‐
453           tions. See sshd(1M).
454
455
456       Port
457
458           Specifies the port number that sshd listens on. The default is  22.
459           Multiple  options  of  this  type are permitted. See also ListenAd‐
460           dress.
461
462
463       PrintLastLog
464
465           Specifies whether sshd should display the date and  time  when  the
466           user last logged in. The default is yes.
467
468
469       PrintMotd
470
471           Specifies  whether  sshd  should  display the contents of /etc/motd
472           when a user logs in interactively. (On some systems it is also dis‐
473           played by the shell or a shell startup file, such as /etc/profile.)
474           The default is yes.
475
476
477       Protocol
478
479           Specifies the protocol versions sshd should  support  in  order  of
480           preference. The possible values are 1 and 2. Multiple versions must
481           be comma-separated. The default is 2,1. This means that  ssh  tries
482           version  2  and  falls back to version 1 if version 2 is not avail‐
483           able.
484
485
486       PubkeyAuthentication
487
488           Specifies whether public key authentication is allowed. The default
489           is yes. This option applies to protocol version 2 only.
490
491
492       RhostsAuthentication
493
494           Specifies  whether  authentication using rhosts or /etc/hosts.equiv
495           files is sufficient. Normally, this method should not be  permitted
496           because  it  is  insecure.  RhostsRSAAuthentication  should be used
497           instead, because it performs RSA-based host authentication in addi‐
498           tion  to  normal  rhosts  or  /etc/hosts.equiv  authentication. The
499           default is no. This parameter applies only to protocol version 1.
500
501
502       RhostsRSAAuthentication
503
504           Specifies  whether  rhosts   or   /etc/hosts.equiv   authentication
505           together  with  successful  RSA host authentication is allowed. The
506           default is no. This parameter applies only to protocol version 1.
507
508
509       RSAAuthentication
510
511           Specifies whether pure RSA authentication is allowed.  The  default
512           is yes. This option applies to protocol version 1 only.
513
514
515       ServerKeyBits
516
517           Defines  the  number  of  bits  in the ephemeral protocol version 1
518           server key. The minimum value is 512, and the default is 768.
519
520
521       StrictModes
522
523           Specifies whether sshd should check file modes and ownership of the
524           user's  files  and  home  directory before accepting login. This is
525           normally desirable because  novices  sometimes  accidentally  leave
526           their directory or files world-writable. The default is yes.
527
528
529       Subsystem
530
531           Configures an external subsystem (for example, a file transfer dae‐
532           mon). Arguments should be a subsystem name and a command to execute
533           upon  subsystem request. The command sftp-server(1M) implements the
534           sftp file transfer subsystem.
535
536           Alternately, the name internal-sftp implements an  in-process  sftp
537           server.  This  can simplify configurations using ChrootDirectory to
538           force a different filesystem root on clients.
539
540           By default, no subsystems are defined. This option applies to  pro‐
541           tocol version 2 only.
542
543
544       SyslogFacility
545
546           Gives  the  facility  code  that is used when logging messages from
547           sshd. The possible values are: DAEMON, USER, AUTH, LOCAL0,  LOCAL1,
548           LOCAL2,  LOCAL3, LOCAL4, LOCAL5, LOCAL6, and LOCAL7. The default is
549           AUTH.
550
551
552       UseOpenSSLEngine
553
554           Specifies whether sshd should use the OpenSSL  PKCS#11  engine  for
555           offloading cryptographic operations to the Cryptographic Framework.
556           Cryptographic operations are accelerated according to the available
557           installed  plug-ins.  When  no  suitable  plug-ins are present this
558           option does not have an effect. The default is yes.
559
560
561       VerifyReverseMapping
562
563           Specifies whether sshd should try to verify the  remote  host  name
564           and  check  that  the  resolved host name for the remote IP address
565           maps back to the very same IP address. (A yes setting  means  "ver‐
566           ify".) Setting this parameter to no can be useful where DNS servers
567           might be down and thus cause sshd to  spend  much  time  trying  to
568           resolve  the  client's IP address to a name. This feature is useful
569           for Internet-facing servers. The default is no.
570
571
572       X11DisplayOffset
573
574           Specifies the first display number available for  sshd's  X11  for‐
575           warding. This prevents sshd from interfering with real X11 servers.
576           The default is 10.
577
578
579       X11Forwarding
580
581           Specifies whether X11 forwarding is permitted. The default is  yes.
582           Disabling  X11  forwarding does not improve security in any way, as
583           users can always install their own forwarders.
584
585           When X11 forwarding is enabled, there can be additional exposure to
586           the server and to client displays if the sshd proxy display is con‐
587           figured to listen on the wildcard  address  (see  X11UseLocalhost).
588           However,  this is not the default. Additionally, the authentication
589           spoofing and  authentication  data  verification  and  substitution
590           occur on the client side. The security risk of using X11 forwarding
591           is that the client's X11 display server can be  exposed  to  attack
592           when  the ssh client requests forwarding (see the warnings for For‐
593           wardX11 in ssh_config(4)). A system administrator who wants to pro‐
594           tect  clients  that  expose  themselves  to  attack  by unwittingly
595           requesting X11 forwarding, should specify a no setting.
596
597           Disabling X11 forwarding does not prevent users from forwarding X11
598           traffic, as users can always install their own forwarders.
599
600
601       X11UseLocalhost
602
603           Specifies whether sshd should bind the X11 forwarding server to the
604           loopback address or to the wildcard address. By default, sshd binds
605           the forwarding server to the loopback address and sets the hostname
606           part of the DISPLAY environment variable to  localhost.  This  pre‐
607           vents  remote  hosts from connecting to the proxy display. However,
608           some older X11 clients might not function with this  configuration.
609           X11UseLocalhost  can  be  set  to no to specify that the forwarding
610           server should be bound to the wildcard address. The  argument  must
611           be yes or no. The default is yes.
612
613
614       XAuthLocation
615
616           Specifies  the  location  of  the  xauth(1) program. The default is
617           /usr/X11/bin/xauth and sshd attempts to open it when X11 forwarding
618           is enabled.
619
620
621   Time Formats
622       sshd command-line arguments and configuration file options that specify
623       time can be expressed using a sequence of  the  form:  time[qualifier,]
624       where time is a positive integer value and qualifier is one of the fol‐
625       lowing:
626
627       <none>    seconds
628
629
630       s | S     seconds
631
632
633       m | M     minutes
634
635
636       h | H     hours
637
638
639       d | D     days
640
641
642       w |       weeks
643
644
645
646       Each element of the sequence is added together to calculate  the  total
647       time value. For example:
648
649       600      600 seconds (10 minutes)
650
651
652       10m      10 minutes
653
654
655       1h30m    1 hour, 30 minutes (90 minutes)
656
657

FILES

659       /etc/ssh/sshd_config    Contains configuration data for sshd. This file
660                               should be writable by root only, but it is rec‐
661                               ommended  (though  not  necessary)  that  it be
662                               world-readable.
663
664

ATTRIBUTES

666       See attributes(5) for descriptions of the following attributes:
667
668
669
670
671       ┌─────────────────────────────┬─────────────────────────────┐
672       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
673       ├─────────────────────────────┼─────────────────────────────┤
674       │Availability                 │SUNWsshu                     │
675       ├─────────────────────────────┼─────────────────────────────┤
676       │Interface Stability          │Uncommitted                  │
677       └─────────────────────────────┴─────────────────────────────┘
678

SEE ALSO

680       login(1),  sshd(1M),  chroot(2),  ssh_config(4),  attributes(5),   ker‐
681       beros(5)
682

AUTHORS

684       OpenSSH  is a derivative of the original and free ssh 1.2.12 release by
685       Tatu Ylonen. Aaron Campbell, Bob Beck,  Markus  Friedl,  Niels  Provos,
686       Theo  de  Raadt,  and  Dug Song removed many bugs, re-added recent fea‐
687       tures, and created OpenSSH. Markus Friedl contributed the  support  for
688       SSH  protocol versions 1.5 and 2.0. Niels Provos and Markus Friedl con‐
689       tributed support for privilege separation.
690
691
692
693SunOS 5.11                        26 Mar 2009                   sshd_config(4)
Impressum