1SSHD_CONFIG(5)              BSD File Formats Manual             SSHD_CONFIG(5)
2

NAME

4     sshd_config — OpenSSH SSH daemon configuration file
5

DESCRIPTION

7     sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file
8     specified with -f on the command line).  The file contains keyword-argu‐
9     ment pairs, one per line.  For each keyword, the first obtained value
10     will be used.  Lines starting with ‘#’ and empty lines are interpreted as
11     comments.  Arguments may optionally be enclosed in double quotes (") in
12     order to represent arguments containing spaces.
13
14     The possible keywords and their meanings are as follows (note that key‐
15     words are case-insensitive and arguments are case-sensitive):
16
17     AcceptEnv
18             Specifies what environment variables sent by the client will be
19             copied into the session's environ(7).  See SendEnv and SetEnv in
20             ssh_config(5) for how to configure the client.  The TERM environ‐
21             ment variable is always accepted whenever the client requests a
22             pseudo-terminal as it is required by the protocol.  Variables are
23             specified by name, which may contain the wildcard characters ‘*’
24             and ‘?’.  Multiple environment variables may be separated by
25             whitespace or spread across multiple AcceptEnv directives.  Be
26             warned that some environment variables could be used to bypass
27             restricted user environments.  For this reason, care should be
28             taken in the use of this directive.  The default is not to accept
29             any environment variables.
30
31     AddressFamily
32             Specifies which address family should be used by sshd(8).  Valid
33             arguments are any (the default), inet (use IPv4 only), or inet6
34             (use IPv6 only).
35
36     AllowAgentForwarding
37             Specifies whether ssh-agent(1) forwarding is permitted.  The
38             default is yes.  Note that disabling agent forwarding does not
39             improve security unless users are also denied shell access, as
40             they can always install their own forwarders.
41
42     AllowGroups
43             This keyword can be followed by a list of group name patterns,
44             separated by spaces.  If specified, login is allowed only for
45             users whose primary group or supplementary group list matches one
46             of the patterns.  Only group names are valid; a numerical group
47             ID is not recognized.  By default, login is allowed for all
48             groups.  The allow/deny directives are processed in the following
49             order: DenyUsers, AllowUsers, DenyGroups, and finally
50             AllowGroups.
51
52             See PATTERNS in ssh_config(5) for more information on patterns.
53
54     AllowStreamLocalForwarding
55             Specifies whether StreamLocal (Unix-domain socket) forwarding is
56             permitted.  The available options are yes (the default) or all to
57             allow StreamLocal forwarding, no to prevent all StreamLocal for‐
58             warding, local to allow local (from the perspective of ssh(1))
59             forwarding only or remote to allow remote forwarding only.  Note
60             that disabling StreamLocal forwarding does not improve security
61             unless users are also denied shell access, as they can always
62             install their own forwarders.
63
64     AllowTcpForwarding
65             Specifies whether TCP forwarding is permitted.  The available
66             options are yes (the default) or all to allow TCP forwarding, no
67             to prevent all TCP forwarding, local to allow local (from the
68             perspective of ssh(1)) forwarding only or remote to allow remote
69             forwarding only.  Note that disabling TCP forwarding does not
70             improve security unless users are also denied shell access, as
71             they can always install their own forwarders.
72
73     AllowUsers
74             This keyword can be followed by a list of user name patterns,
75             separated by spaces.  If specified, login is allowed only for
76             user names that match one of the patterns.  Only user names are
77             valid; a numerical user ID is not recognized.  By default, login
78             is allowed for all users.  If the pattern takes the form
79             USER@HOST then USER and HOST are separately checked, restricting
80             logins to particular users from particular hosts.  HOST criteria
81             may additionally contain addresses to match in CIDR
82             address/masklen format.  The allow/deny directives are processed
83             in the following order: DenyUsers, AllowUsers, DenyGroups, and
84             finally AllowGroups.
85
86             See PATTERNS in ssh_config(5) for more information on patterns.
87
88     AuthenticationMethods
89             Specifies the authentication methods that must be successfully
90             completed for a user to be granted access.  This option must be
91             followed by one or more lists of comma-separated authentication
92             method names, or by the single string any to indicate the default
93             behaviour of accepting any single authentication method.  If the
94             default is overridden, then successful authentication requires
95             completion of every method in at least one of these lists.
96
97             For example, "publickey,password publickey,keyboard-interactive"
98             would require the user to complete public key authentication,
99             followed by either password or keyboard interactive authentica‐
100             tion.  Only methods that are next in one or more lists are
101             offered at each stage, so for this example it would not be possi‐
102             ble to attempt password or keyboard-interactive authentication
103             before public key.
104
105             For keyboard interactive authentication it is also possible to
106             restrict authentication to a specific device by appending a colon
107             followed by the device identifier bsdauth or pam.  depending on
108             the server configuration.  For example,
109             "keyboard-interactive:bsdauth" would restrict keyboard interac‐
110             tive authentication to the bsdauth device.
111
112             If the publickey method is listed more than once, sshd(8) veri‐
113             fies that keys that have been used successfully are not reused
114             for subsequent authentications.  For example,
115             "publickey,publickey" requires successful authentication using
116             two different public keys.
117
118             Note that each authentication method listed should also be
119             explicitly enabled in the configuration.
120
121             The available authentication methods are: "gssapi-with-mic",
122             "hostbased", "keyboard-interactive", "none" (used for access to
123             password-less accounts when PermitEmptyPasswords is enabled),
124             "password" and "publickey".
125
126     AuthorizedKeysCommand
127             Specifies a program to be used to look up the user's public keys.
128             The program must be owned by root, not writable by group or oth‐
129             ers and specified by an absolute path.  Arguments to
130             AuthorizedKeysCommand accept the tokens described in the TOKENS
131             section.  If no arguments are specified then the username of the
132             target user is used.
133
134             The program should produce on standard output zero or more lines
135             of authorized_keys output (see AUTHORIZED_KEYS in sshd(8)).  If a
136             key supplied by AuthorizedKeysCommand does not successfully
137             authenticate and authorize the user then public key authentica‐
138             tion continues using the usual AuthorizedKeysFile files.  By
139             default, no AuthorizedKeysCommand is run.
140
141     AuthorizedKeysCommandUser
142             Specifies the user under whose account the AuthorizedKeysCommand
143             is run.  It is recommended to use a dedicated user that has no
144             other role on the host than running authorized keys commands.  If
145             AuthorizedKeysCommand is specified but AuthorizedKeysCommandUser
146             is not, then sshd(8) will refuse to start.
147
148     AuthorizedKeysFile
149             Specifies the file that contains the public keys used for user
150             authentication.  The format is described in the AUTHORIZED_KEYS
151             FILE FORMAT section of sshd(8).  Arguments to AuthorizedKeysFile
152             accept the tokens described in the TOKENS section.  After expan‐
153             sion, AuthorizedKeysFile is taken to be an absolute path or one
154             relative to the user's home directory.  Multiple files may be
155             listed, separated by whitespace.  Alternately this option may be
156             set to none to skip checking for user keys in files.  The default
157             is ".ssh/authorized_keys .ssh/authorized_keys2".
158
159     AuthorizedPrincipalsCommand
160             Specifies a program to be used to generate the list of allowed
161             certificate principals as per AuthorizedPrincipalsFile.  The pro‐
162             gram must be owned by root, not writable by group or others and
163             specified by an absolute path.  Arguments to
164             AuthorizedPrincipalsCommand accept the tokens described in the
165             TOKENS section.  If no arguments are specified then the username
166             of the target user is used.
167
168             The program should produce on standard output zero or more lines
169             of AuthorizedPrincipalsFile output.  If either
170             AuthorizedPrincipalsCommand or AuthorizedPrincipalsFile is speci‐
171             fied, then certificates offered by the client for authentication
172             must contain a principal that is listed.  By default, no
173             AuthorizedPrincipalsCommand is run.
174
175     AuthorizedPrincipalsCommandUser
176             Specifies the user under whose account the
177             AuthorizedPrincipalsCommand is run.  It is recommended to use a
178             dedicated user that has no other role on the host than running
179             authorized principals commands.  If AuthorizedPrincipalsCommand
180             is specified but AuthorizedPrincipalsCommandUser is not, then
181             sshd(8) will refuse to start.
182
183     AuthorizedPrincipalsFile
184             Specifies a file that lists principal names that are accepted for
185             certificate authentication.  When using certificates signed by a
186             key listed in TrustedUserCAKeys, this file lists names, one of
187             which must appear in the certificate for it to be accepted for
188             authentication.  Names are listed one per line preceded by key
189             options (as described in AUTHORIZED_KEYS FILE FORMAT in sshd(8)).
190             Empty lines and comments starting with ‘#’ are ignored.
191
192             Arguments to AuthorizedPrincipalsFile accept the tokens described
193             in the TOKENS section.  After expansion, AuthorizedPrincipalsFile
194             is taken to be an absolute path or one relative to the user's
195             home directory.  The default is none, i.e. not to use a princi‐
196             pals file – in this case, the username of the user must appear in
197             a certificate's principals list for it to be accepted.
198
199             Note that AuthorizedPrincipalsFile is only used when authentica‐
200             tion proceeds using a CA listed in TrustedUserCAKeys and is not
201             consulted for certification authorities trusted via
202             ~/.ssh/authorized_keys, though the principals= key option offers
203             a similar facility (see sshd(8) for details).
204
205     Banner  The contents of the specified file are sent to the remote user
206             before authentication is allowed.  If the argument is none then
207             no banner is displayed.  By default, no banner is displayed.
208
209     ChallengeResponseAuthentication
210             Specifies whether challenge-response authentication is allowed
211             (e.g. via PAM or through authentication styles supported in
212             login.conf(5)) The default is yes.
213
214     ChrootDirectory
215             Specifies the pathname of a directory to chroot(2) to after
216             authentication.  At session startup sshd(8) checks that all com‐
217             ponents of the pathname are root-owned directories which are not
218             writable by any other user or group.  After the chroot, sshd(8)
219             changes the working directory to the user's home directory.
220             Arguments to ChrootDirectory accept the tokens described in the
221             TOKENS section.
222
223             The ChrootDirectory must contain the necessary files and directo‐
224             ries to support the user's session.  For an interactive session
225             this requires at least a shell, typically sh(1), and basic /dev
226             nodes such as null(4), zero(4), stdin(4), stdout(4), stderr(4),
227             and tty(4) devices.  For file transfer sessions using SFTP no
228             additional configuration of the environment is necessary if the
229             in-process sftp-server is used, though sessions which use logging
230             may require /dev/log inside the chroot directory on some operat‐
231             ing systems (see sftp-server(8) for details).
232
233             For safety, it is very important that the directory hierarchy be
234             prevented from modification by other processes on the system
235             (especially those outside the jail).  Misconfiguration can lead
236             to unsafe environments which sshd(8) cannot detect.
237
238             The default is none, indicating not to chroot(2).
239
240     Ciphers
241             Specifies the ciphers allowed.  Multiple ciphers must be comma-
242             separated.  If the specified value begins with a ‘+’ character,
243             then the specified ciphers will be appended to the default set
244             instead of replacing them.  If the specified value begins with a
245             ‘-’ character, then the specified ciphers (including wildcards)
246             will be removed from the default set instead of replacing them.
247
248             The supported ciphers are:
249
250                   3des-cbc
251                   aes128-cbc
252                   aes192-cbc
253                   aes256-cbc
254                   aes128-ctr
255                   aes192-ctr
256                   aes256-ctr
257                   aes128-gcm@openssh.com
258                   aes256-gcm@openssh.com
259                   chacha20-poly1305@openssh.com
260
261             The default is:
262
263                   chacha20-poly1305@openssh.com,
264                   aes128-ctr,aes192-ctr,aes256-ctr,
265                   aes128-gcm@openssh.com,aes256-gcm@openssh.com
266
267             The list of available ciphers may also be obtained using "ssh -Q
268             cipher".
269
270     ClientAliveCountMax
271             Sets the number of client alive messages which may be sent with‐
272             out sshd(8) receiving any messages back from the client.  If this
273             threshold is reached while client alive messages are being sent,
274             sshd will disconnect the client, terminating the session.  It is
275             important to note that the use of client alive messages is very
276             different from TCPKeepAlive.  The client alive messages are sent
277             through the encrypted channel and therefore will not be spoofa‐
278             ble.  The TCP keepalive option enabled by TCPKeepAlive is spoofa‐
279             ble.  The client alive mechanism is valuable when the client or
280             server depend on knowing when a connection has become inactive.
281
282             The default value is 3.  If ClientAliveInterval is set to 15, and
283             ClientAliveCountMax is left at the default, unresponsive SSH
284             clients will be disconnected after approximately 45 seconds.
285
286     ClientAliveInterval
287             Sets a timeout interval in seconds after which if no data has
288             been received from the client, sshd(8) will send a message
289             through the encrypted channel to request a response from the
290             client.  The default is 0, indicating that these messages will
291             not be sent to the client.
292
293     Compression
294             Specifies whether compression is enabled after the user has
295             authenticated successfully.  The argument must be yes, delayed (a
296             legacy synonym for yes) or no.  The default is yes.
297
298     DenyGroups
299             This keyword can be followed by a list of group name patterns,
300             separated by spaces.  Login is disallowed for users whose primary
301             group or supplementary group list matches one of the patterns.
302             Only group names are valid; a numerical group ID is not recog‐
303             nized.  By default, login is allowed for all groups.  The
304             allow/deny directives are processed in the following order:
305             DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.
306
307             See PATTERNS in ssh_config(5) for more information on patterns.
308
309     DenyUsers
310             This keyword can be followed by a list of user name patterns,
311             separated by spaces.  Login is disallowed for user names that
312             match one of the patterns.  Only user names are valid; a numeri‐
313             cal user ID is not recognized.  By default, login is allowed for
314             all users.  If the pattern takes the form USER@HOST then USER and
315             HOST are separately checked, restricting logins to particular
316             users from particular hosts.  HOST criteria may additionally con‐
317             tain addresses to match in CIDR address/masklen format.  The
318             allow/deny directives are processed in the following order:
319             DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.
320
321             See PATTERNS in ssh_config(5) for more information on patterns.
322
323     DisableForwarding
324             Disables all forwarding features, including X11, ssh-agent(1),
325             TCP and StreamLocal.  This option overrides all other forwarding-
326             related options and may simplify restricted configurations.
327
328     ExposeAuthInfo
329             Writes a temporary file containing a list of authentication meth‐
330             ods and public credentials (e.g. keys) used to authenticate the
331             user.  The location of the file is exposed to the user session
332             through the SSH_USER_AUTH environment variable.  The default is
333             no.
334
335     FingerprintHash
336             Specifies the hash algorithm used when logging key fingerprints.
337             Valid options are: md5 and sha256.  The default is sha256.
338
339     ForceCommand
340             Forces the execution of the command specified by ForceCommand,
341             ignoring any command supplied by the client and ~/.ssh/rc if
342             present.  The command is invoked by using the user's login shell
343             with the -c option.  This applies to shell, command, or subsystem
344             execution.  It is most useful inside a Match block.  The command
345             originally supplied by the client is available in the
346             SSH_ORIGINAL_COMMAND environment variable.  Specifying a command
347             of internal-sftp will force the use of an in-process SFTP server
348             that requires no support files when used with ChrootDirectory.
349             The default is none.
350
351     GatewayPorts
352             Specifies whether remote hosts are allowed to connect to ports
353             forwarded for the client.  By default, sshd(8) binds remote port
354             forwardings to the loopback address.  This prevents other remote
355             hosts from connecting to forwarded ports.  GatewayPorts can be
356             used to specify that sshd should allow remote port forwardings to
357             bind to non-loopback addresses, thus allowing other hosts to con‐
358             nect.  The argument may be no to force remote port forwardings to
359             be available to the local host only, yes to force remote port
360             forwardings to bind to the wildcard address, or clientspecified
361             to allow the client to select the address to which the forwarding
362             is bound.  The default is no.
363
364     GSSAPIAuthentication
365             Specifies whether user authentication based on GSSAPI is allowed.
366             The default is no.
367
368     GSSAPICleanupCredentials
369             Specifies whether to automatically destroy the user's credentials
370             cache on logout.  The default is yes.
371
372     GSSAPIEnablek5users
373             Specifies whether to look at .k5users file for GSSAPI authentica‐
374             tion access control. Further details are described in ksu(1).
375             The default is no.
376
377     GSSAPIKeyExchange
378             Specifies whether key exchange based on GSSAPI is allowed. GSSAPI
379             key exchange doesn't rely on ssh keys to verify host identity.
380             The default is “no”.
381
382     GSSAPIStrictAcceptorCheck
383             Determines whether to be strict about the identity of the GSSAPI
384             acceptor a client authenticates against.  If set to yes then the
385             client must authenticate against the host service on the current
386             hostname.  If set to no then the client may authenticate against
387             any service key stored in the machine's default store.  This
388             facility is provided to assist with operation on multi homed
389             machines.  The default is yes.
390
391     GSSAPIStoreCredentialsOnRekey
392             Controls whether the user's GSSAPI credentials should be updated
393             following a successful connection rekeying. This option can be
394             used to accepted renewed or updated credentials from a compatible
395             client. The default is “no”.
396
397             For this to work GSSAPIKeyExchange needs to be enabled in the
398             server and also used by the client.
399
400     GSSAPIKexAlgorithms
401             The list of key exchange algorithms that are accepted by GSSAPI
402             key exchange. Possible values are
403
404                gss-gex-sha1-,
405                gss-group1-sha1-,
406                gss-group14-sha1-,
407                gss-group14-sha256-,
408                gss-group16-sha512-,
409                gss-nistp256-sha256-,
410                gss-curve25519-sha256-
411
412             The default is “gss-gex-sha1-,gss-group14-sha1-”.  This option
413             only applies to protocol version 2 connections using GSSAPI.
414
415     HostbasedAcceptedKeyTypes
416             Specifies the key types that will be accepted for hostbased
417             authentication as a list of comma-separated patterns.  Alter‐
418             nately if the specified value begins with a ‘+’ character, then
419             the specified key types will be appended to the default set
420             instead of replacing them.  If the specified value begins with a
421             ‘-’ character, then the specified key types (including wildcards)
422             will be removed from the default set instead of replacing them.
423             The default for this option is:
424
425                ecdsa-sha2-nistp256-cert-v01@openssh.com,
426                ecdsa-sha2-nistp384-cert-v01@openssh.com,
427                ecdsa-sha2-nistp521-cert-v01@openssh.com,
428                ssh-ed25519-cert-v01@openssh.com,
429                rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
430                ssh-rsa-cert-v01@openssh.com,
431                ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
432                ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
433
434             The list of available key types may also be obtained using "ssh
435             -Q key".
436
437     HostbasedAuthentication
438             Specifies whether rhosts or /etc/hosts.equiv authentication
439             together with successful public key client host authentication is
440             allowed (host-based authentication).  The default is no.
441
442     HostbasedUsesNameFromPacketOnly
443             Specifies whether or not the server will attempt to perform a
444             reverse name lookup when matching the name in the ~/.shosts,
445             ~/.rhosts, and /etc/hosts.equiv files during
446             HostbasedAuthentication.  A setting of yes means that sshd(8)
447             uses the name supplied by the client rather than attempting to
448             resolve the name from the TCP connection itself.  The default is
449             no.
450
451     HostCertificate
452             Specifies a file containing a public host certificate.  The cer‐
453             tificate's public key must match a private host key already spec‐
454             ified by HostKey.  The default behaviour of sshd(8) is not to
455             load any certificates.
456
457     HostKey
458             Specifies a file containing a private host key used by SSH.  The
459             defaults are /etc/ssh/ssh_host_ecdsa_key,
460             /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key.
461
462             Note that sshd(8) will refuse to use a file if it is group/world-
463             accessible and that the HostKeyAlgorithms option restricts which
464             of the keys are actually used by sshd(8).
465
466             It is possible to have multiple host key files.  It is also pos‐
467             sible to specify public host key files instead.  In this case
468             operations on the private key will be delegated to an
469             ssh-agent(1).
470
471     HostKeyAgent
472             Identifies the UNIX-domain socket used to communicate with an
473             agent that has access to the private host keys.  If the string
474             "SSH_AUTH_SOCK" is specified, the location of the socket will be
475             read from the SSH_AUTH_SOCK environment variable.
476
477     HostKeyAlgorithms
478             Specifies the host key algorithms that the server offers.  The
479             default for this option is:
480
481                ecdsa-sha2-nistp256-cert-v01@openssh.com,
482                ecdsa-sha2-nistp384-cert-v01@openssh.com,
483                ecdsa-sha2-nistp521-cert-v01@openssh.com,
484                ssh-ed25519-cert-v01@openssh.com,
485                rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
486                ssh-rsa-cert-v01@openssh.com,
487                ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
488                ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
489
490             The list of available key types may also be obtained using "ssh
491             -Q key".
492
493     IgnoreRhosts
494             Specifies that .rhosts and .shosts files will not be used in
495             HostbasedAuthentication.
496
497             /etc/hosts.equiv and /etc/ssh/shosts.equiv are still used.  The
498             default is yes.
499
500     IgnoreUserKnownHosts
501             Specifies whether sshd(8) should ignore the user's
502             ~/.ssh/known_hosts during HostbasedAuthentication and use only
503             the system-wide known hosts file /etc/ssh/known_hosts.  The
504             default is no.
505
506     IPQoS   Specifies the IPv4 type-of-service or DSCP class for the connec‐
507             tion.  Accepted values are af11, af12, af13, af21, af22, af23,
508             af31, af32, af33, af41, af42, af43, cs0, cs1, cs2, cs3, cs4, cs5,
509             cs6, cs7, ef, lowdelay, throughput, reliability, a numeric value,
510             or none to use the operating system default.  This option may
511             take one or two arguments, separated by whitespace.  If one argu‐
512             ment is specified, it is used as the packet class uncondition‐
513             ally.  If two values are specified, the first is automatically
514             selected for interactive sessions and the second for non-interac‐
515             tive sessions.  The default is af21 (Low-Latency Data) for inter‐
516             active sessions and cs1 (Lower Effort) for non-interactive ses‐
517             sions.
518
519     KbdInteractiveAuthentication
520             Specifies whether to allow keyboard-interactive authentication.
521             The argument to this keyword must be yes or no.  The default is
522             to use whatever value ChallengeResponseAuthentication is set to
523             (by default yes).
524
525     KerberosAuthentication
526             Specifies whether the password provided by the user for
527             PasswordAuthentication will be validated through the Kerberos
528             KDC.  To use this option, the server needs a Kerberos servtab
529             which allows the verification of the KDC's identity.  The default
530             is no.
531
532     KerberosGetAFSToken
533             If AFS is active and the user has a Kerberos 5 TGT, attempt to
534             acquire an AFS token before accessing the user's home directory.
535             The default is no.
536
537     KerberosOrLocalPasswd
538             If password authentication through Kerberos fails then the pass‐
539             word will be validated via any additional local mechanism such as
540             /etc/passwd.  The default is yes.
541
542     KerberosTicketCleanup
543             Specifies whether to automatically destroy the user's ticket
544             cache file on logout.  The default is yes.
545
546     KerberosUniqueCCache
547             Specifies whether to store the acquired tickets in the per-ses‐
548             sion credential cache under /tmp/ or whether to use per-user cre‐
549             dential cache as configured in /etc/krb5.conf.  The default value
550             no can lead to overwriting previous tickets by subseqent connec‐
551             tions to the same user account.
552
553     KerberosUseKuserok
554             Specifies whether to look at .k5login file for user's aliases.
555             The default is yes.
556
557     KexAlgorithms
558             Specifies the available KEX (Key Exchange) algorithms.  Multiple
559             algorithms must be comma-separated.  Alternately if the specified
560             value begins with a ‘+’ character, then the specified methods
561             will be appended to the default set instead of replacing them.
562             If the specified value begins with a ‘-’ character, then the
563             specified methods (including wildcards) will be removed from the
564             default set instead of replacing them.  The supported algorithms
565             are:
566
567                   curve25519-sha256
568                   curve25519-sha256@libssh.org
569                   diffie-hellman-group1-sha1
570                   diffie-hellman-group14-sha1
571                   diffie-hellman-group14-sha256
572                   diffie-hellman-group16-sha512
573                   diffie-hellman-group18-sha512
574                   diffie-hellman-group-exchange-sha1
575                   diffie-hellman-group-exchange-sha256
576                   ecdh-sha2-nistp256
577                   ecdh-sha2-nistp384
578                   ecdh-sha2-nistp521
579
580             The default is:
581
582                   curve25519-sha256,curve25519-sha256@libssh.org,
583                   ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
584                   diffie-hellman-group-exchange-sha256,
585                   diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
586                   diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
587
588             The list of available key exchange algorithms may also be
589             obtained using "ssh -Q kex".
590
591     ListenAddress
592             Specifies the local addresses sshd(8) should listen on.  The fol‐
593             lowing forms may be used:
594
595                   ListenAddress hostname|address [rdomain domain]
596                   ListenAddress hostname:port [rdomain domain]
597                   ListenAddress IPv4_address:port [rdomain domain]
598                   ListenAddress [hostname|address]:port [rdomain domain]
599
600             The optional rdomain qualifier requests sshd(8) listen in an
601             explicit routing domain.  If port is not specified, sshd will
602             listen on the address and all Port options specified.  The
603             default is to listen on all local addresses on the current
604             default routing domain.  Multiple ListenAddress options are per‐
605             mitted.  For more information on routing domains, see rdomain(4).
606
607     LoginGraceTime
608             The server disconnects after this time if the user has not suc‐
609             cessfully logged in.  If the value is 0, there is no time limit.
610             The default is 120 seconds.
611
612     LogLevel
613             Gives the verbosity level that is used when logging messages from
614             sshd(8).  The possible values are: QUIET, FATAL, ERROR, INFO,
615             VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.  The default is INFO.
616             DEBUG and DEBUG1 are equivalent.  DEBUG2 and DEBUG3 each specify
617             higher levels of debugging output.  Logging with a DEBUG level
618             violates the privacy of users and is not recommended.
619
620     MACs    Specifies the available MAC (message authentication code) algo‐
621             rithms.  The MAC algorithm is used for data integrity protection.
622             Multiple algorithms must be comma-separated.  If the specified
623             value begins with a ‘+’ character, then the specified algorithms
624             will be appended to the default set instead of replacing them.
625             If the specified value begins with a ‘-’ character, then the
626             specified algorithms (including wildcards) will be removed from
627             the default set instead of replacing them.
628
629             The algorithms that contain "-etm" calculate the MAC after
630             encryption (encrypt-then-mac).  These are considered safer and
631             their use recommended.  The supported MACs are:
632
633                   hmac-md5
634                   hmac-md5-96
635                   hmac-sha1
636                   hmac-sha1-96
637                   hmac-sha2-256
638                   hmac-sha2-512
639                   umac-64@openssh.com
640                   umac-128@openssh.com
641                   hmac-md5-etm@openssh.com
642                   hmac-md5-96-etm@openssh.com
643                   hmac-sha1-etm@openssh.com
644                   hmac-sha1-96-etm@openssh.com
645                   hmac-sha2-256-etm@openssh.com
646                   hmac-sha2-512-etm@openssh.com
647                   umac-64-etm@openssh.com
648                   umac-128-etm@openssh.com
649
650             The default is:
651
652                   umac-64-etm@openssh.com,umac-128-etm@openssh.com,
653                   hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
654                   hmac-sha1-etm@openssh.com,
655                   umac-64@openssh.com,umac-128@openssh.com,
656                   hmac-sha2-256,hmac-sha2-512,hmac-sha1
657
658             The list of available MAC algorithms may also be obtained using
659             "ssh -Q mac".
660
661     Match   Introduces a conditional block.  If all of the criteria on the
662             Match line are satisfied, the keywords on the following lines
663             override those set in the global section of the config file,
664             until either another Match line or the end of the file.  If a
665             keyword appears in multiple Match blocks that are satisfied, only
666             the first instance of the keyword is applied.
667
668             The arguments to Match are one or more criteria-pattern pairs or
669             the single token All which matches all criteria.  The available
670             criteria are User, Group, Host, LocalAddress, LocalPort, RDomain,
671             and Address (with RDomain representing the rdomain(4) on which
672             the connection was received.)
673
674             The match patterns may consist of single entries or comma-sepa‐
675             rated lists and may use the wildcard and negation operators
676             described in the PATTERNS section of ssh_config(5).
677
678             The patterns in an Address criteria may additionally contain
679             addresses to match in CIDR address/masklen format, such as
680             192.0.2.0/24 or 2001:db8::/32.  Note that the mask length pro‐
681             vided must be consistent with the address - it is an error to
682             specify a mask length that is too long for the address or one
683             with bits set in this host portion of the address.  For example,
684             192.0.2.0/33 and 192.0.2.0/8, respectively.
685
686             Only a subset of keywords may be used on the lines following a
687             Match keyword.  Available keywords are AcceptEnv,
688             AllowAgentForwarding, AllowGroups, AllowStreamLocalForwarding,
689             AllowTcpForwarding, AllowUsers, AuthenticationMethods,
690             AuthorizedKeysCommand, AuthorizedKeysCommandUser,
691             AuthorizedKeysFile, AuthorizedPrincipalsCommand,
692             AuthorizedPrincipalsCommandUser, AuthorizedPrincipalsFile,
693             Banner, ChrootDirectory, ClientAliveCountMax,
694             ClientAliveInterval, DenyGroups, DenyUsers, ForceCommand,
695             GatewayPorts, GSSAPIAuthentication, HostbasedAcceptedKeyTypes,
696             HostbasedAuthentication, HostbasedUsesNameFromPacketOnly, IPQoS,
697             KbdInteractiveAuthentication, KerberosAuthentication,
698             KerberosUseKuserok, LogLevel, MaxAuthTries, MaxSessions,
699             PasswordAuthentication, PermitEmptyPasswords, PermitListen,
700             PermitOpen, PermitRootLogin, PermitTTY, PermitTunnel,
701             PermitUserRC, PubkeyAcceptedKeyTypes, PubkeyAuthentication,
702             RekeyLimit, RevokedKeys, RDomain, SetEnv, StreamLocalBindMask,
703             StreamLocalBindUnlink, TrustedUserCAKeys, X11DisplayOffset,
704             X11MaxDisplays, X11Forwarding and X11UseLocalHost.
705
706     MaxAuthTries
707             Specifies the maximum number of authentication attempts permitted
708             per connection.  Once the number of failures reaches half this
709             value, additional failures are logged.  The default is 6.
710
711     MaxSessions
712             Specifies the maximum number of open shell, login or subsystem
713             (e.g. sftp) sessions permitted per network connection.  Multiple
714             sessions may be established by clients that support connection
715             multiplexing.  Setting MaxSessions to 1 will effectively disable
716             session multiplexing, whereas setting it to 0 will prevent all
717             shell, login and subsystem sessions while still permitting for‐
718             warding.  The default is 10.
719
720     MaxStartups
721             Specifies the maximum number of concurrent unauthenticated con‐
722             nections to the SSH daemon.  Additional connections will be
723             dropped until authentication succeeds or the LoginGraceTime
724             expires for a connection.  The default is 10:30:100.
725
726             Alternatively, random early drop can be enabled by specifying the
727             three colon separated values start:rate:full (e.g. "10:30:60").
728             sshd(8) will refuse connection attempts with a probability of
729             rate/100 (30%) if there are currently start (10) unauthenticated
730             connections.  The probability increases linearly and all connec‐
731             tion attempts are refused if the number of unauthenticated con‐
732             nections reaches full (60).
733
734     PasswordAuthentication
735             Specifies whether password authentication is allowed.  The
736             default is yes.
737
738     PermitEmptyPasswords
739             When password authentication is allowed, it specifies whether the
740             server allows login to accounts with empty password strings.  The
741             default is no.
742
743     PermitListen
744             Specifies the addresses/ports on which a remote TCP port forward‐
745             ing may listen.  The listen specification must be one of the fol‐
746             lowing forms:
747
748                   PermitListen port
749                   PermitListen host:port
750
751             Multiple permissions may be specified by separating them with
752             whitespace.  An argument of any can be used to remove all
753             restrictions and permit any listen requests.  An argument of none
754             can be used to prohibit all listen requests.  The host name may
755             contain wildcards as described in the PATTERNS section in
756             ssh_config(5).  The wildcard ‘*’ can also be used in place of a
757             port number to allow all ports.  By default all port forwarding
758             listen requests are permitted.  Note that the GatewayPorts option
759             may further restrict which addresses may be listened on.  Note
760             also that ssh(1) will request a listen host of “localhost” if no
761             listen host was specifically requested, and this this name is
762             treated differently to explicit localhost addresses of
763             “127.0.0.1” and “::1”.
764
765     PermitOpen
766             Specifies the destinations to which TCP port forwarding is per‐
767             mitted.  The forwarding specification must be one of the follow‐
768             ing forms:
769
770                   PermitOpen host:port
771                   PermitOpen IPv4_addr:port
772                   PermitOpen [IPv6_addr]:port
773
774             Multiple forwards may be specified by separating them with white‐
775             space.  An argument of any can be used to remove all restrictions
776             and permit any forwarding requests.  An argument of none can be
777             used to prohibit all forwarding requests.  The wildcard ‘*’ can
778             be used for host or port to allow all hosts or ports, respec‐
779             tively.  By default all port forwarding requests are permitted.
780
781     PermitRootLogin
782             Specifies whether root can log in using ssh(1).  The argument
783             must be yes, prohibit-password, forced-commands-only, or no.  The
784             default is prohibit-password.
785
786             If this option is set to prohibit-password (or its deprecated
787             alias, without-password), password and keyboard-interactive
788             authentication are disabled for root.
789
790             If this option is set to forced-commands-only, root login with
791             public key authentication will be allowed, but only if the
792             command option has been specified (which may be useful for taking
793             remote backups even if root login is normally not allowed).  All
794             other authentication methods are disabled for root.
795
796             If this option is set to no, root is not allowed to log in.
797
798     PermitTTY
799             Specifies whether pty(4) allocation is permitted.  The default is
800             yes.
801
802     PermitTunnel
803             Specifies whether tun(4) device forwarding is allowed.  The argu‐
804             ment must be yes, point-to-point (layer 3), ethernet (layer 2),
805             or no.  Specifying yes permits both point-to-point and ethernet.
806             The default is no.
807
808             Independent of this setting, the permissions of the selected
809             tun(4) device must allow access to the user.
810
811     PermitUserEnvironment
812             Specifies whether ~/.ssh/environment and environment= options in
813             ~/.ssh/authorized_keys are processed by sshd(8).  Valid options
814             are yes, no or a pattern-list specifying which environment vari‐
815             able names to accept (for example "LANG,LC_*").  The default is
816             no.  Enabling environment processing may enable users to bypass
817             access restrictions in some configurations using mechanisms such
818             as LD_PRELOAD.
819
820     PermitUserRC
821             Specifies whether any ~/.ssh/rc file is executed.  The default is
822             yes.
823
824     PidFile
825             Specifies the file that contains the process ID of the SSH dae‐
826             mon, or none to not write one.  The default is /var/run/sshd.pid.
827
828     Port    Specifies the port number that sshd(8) listens on.  The default
829             is 22.  Multiple options of this type are permitted.  See also
830             ListenAddress.
831
832     PrintLastLog
833             Specifies whether sshd(8) should print the date and time of the
834             last user login when a user logs in interactively.  The default
835             is yes.
836
837     PrintMotd
838             Specifies whether sshd(8) should print /etc/motd when a user logs
839             in interactively.  (On some systems it is also printed by the
840             shell, /etc/profile, or equivalent.)  The default is yes.
841
842     PubkeyAcceptedKeyTypes
843             Specifies the key types that will be accepted for public key
844             authentication as a list of comma-separated patterns.  Alter‐
845             nately if the specified value begins with a ‘+’ character, then
846             the specified key types will be appended to the default set
847             instead of replacing them.  If the specified value begins with a
848             ‘-’ character, then the specified key types (including wildcards)
849             will be removed from the default set instead of replacing them.
850             The default for this option is:
851
852                ecdsa-sha2-nistp256-cert-v01@openssh.com,
853                ecdsa-sha2-nistp384-cert-v01@openssh.com,
854                ecdsa-sha2-nistp521-cert-v01@openssh.com,
855                ssh-ed25519-cert-v01@openssh.com,
856                rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,
857                ssh-rsa-cert-v01@openssh.com,
858                ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
859                ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
860
861             The list of available key types may also be obtained using "ssh
862             -Q key".
863
864     PubkeyAuthentication
865             Specifies whether public key authentication is allowed.  The
866             default is yes.
867
868     RekeyLimit
869             Specifies the maximum amount of data that may be transmitted
870             before the session key is renegotiated, optionally followed a
871             maximum amount of time that may pass before the session key is
872             renegotiated.  The first argument is specified in bytes and may
873             have a suffix of ‘K’, ‘M’, or ‘G’ to indicate Kilobytes,
874             Megabytes, or Gigabytes, respectively.  The default is between
875             ‘1G’ and ‘4G’, depending on the cipher.  The optional second
876             value is specified in seconds and may use any of the units docu‐
877             mented in the TIME FORMATS section.  The default value for
878             RekeyLimit is default none, which means that rekeying is per‐
879             formed after the cipher's default amount of data has been sent or
880             received and no time based rekeying is done.
881
882     RevokedKeys
883             Specifies revoked public keys file, or none to not use one.  Keys
884             listed in this file will be refused for public key authentica‐
885             tion.  Note that if this file is not readable, then public key
886             authentication will be refused for all users.  Keys may be speci‐
887             fied as a text file, listing one public key per line, or as an
888             OpenSSH Key Revocation List (KRL) as generated by ssh-keygen(1).
889             For more information on KRLs, see the KEY REVOCATION LISTS sec‐
890             tion in ssh-keygen(1).
891
892     RDomain
893             Specifies an explicit routing domain that is applied after
894             authentication has completed.  The user session, as well and any
895             forwarded or listening IP sockets, will be bound to this
896             rdomain(4).  If the routing domain is set to %D, then the domain
897             in which the incoming connection was received will be applied.
898
899     SetEnv  Specifies one or more environment variables to set in child ses‐
900             sions started by sshd(8) as “NAME=VALUE”.  The environment value
901             may be quoted (e.g. if it contains whitespace characters).  Envi‐
902             ronment variables set by SetEnv override the default environment
903             and any variables specified by the user via AcceptEnv or
904             PermitUserEnvironment.
905
906     ShowPatchLevel
907             Specifies whether sshd will display the patch level of the binary
908             in the identification string.  The patch level is set at compile-
909             time.  The default is “no”.
910
911     StreamLocalBindMask
912             Sets the octal file creation mode mask (umask) used when creating
913             a Unix-domain socket file for local or remote port forwarding.
914             This option is only used for port forwarding to a Unix-domain
915             socket file.
916
917             The default value is 0177, which creates a Unix-domain socket
918             file that is readable and writable only by the owner.  Note that
919             not all operating systems honor the file mode on Unix-domain
920             socket files.
921
922     StreamLocalBindUnlink
923             Specifies whether to remove an existing Unix-domain socket file
924             for local or remote port forwarding before creating a new one.
925             If the socket file already exists and StreamLocalBindUnlink is
926             not enabled, sshd will be unable to forward the port to the Unix-
927             domain socket file.  This option is only used for port forwarding
928             to a Unix-domain socket file.
929
930             The argument must be yes or no.  The default is no.
931
932     StrictModes
933             Specifies whether sshd(8) should check file modes and ownership
934             of the user's files and home directory before accepting login.
935             This is normally desirable because novices sometimes accidentally
936             leave their directory or files world-writable.  The default is
937             yes.  Note that this does not apply to ChrootDirectory, whose
938             permissions and ownership are checked unconditionally.
939
940     Subsystem
941             Configures an external subsystem (e.g. file transfer daemon).
942             Arguments should be a subsystem name and a command (with optional
943             arguments) to execute upon subsystem request.
944
945             The command sftp-server implements the SFTP file transfer subsys‐
946             tem.
947
948             Alternately the name internal-sftp implements an in-process SFTP
949             server.  This may simplify configurations using ChrootDirectory
950             to force a different filesystem root on clients.
951
952             By default no subsystems are defined.
953
954     SyslogFacility
955             Gives the facility code that is used when logging messages from
956             sshd(8).  The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
957             LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
958             The default is AUTH.
959
960     TCPKeepAlive
961             Specifies whether the system should send TCP keepalive messages
962             to the other side.  If they are sent, death of the connection or
963             crash of one of the machines will be properly noticed.  However,
964             this means that connections will die if the route is down tempo‐
965             rarily, and some people find it annoying.  On the other hand, if
966             TCP keepalives are not sent, sessions may hang indefinitely on
967             the server, leaving "ghost" users and consuming server resources.
968
969             The default is yes (to send TCP keepalive messages), and the
970             server will notice if the network goes down or the client host
971             crashes.  This avoids infinitely hanging sessions.
972
973             To disable TCP keepalive messages, the value should be set to no.
974
975     TrustedUserCAKeys
976             Specifies a file containing public keys of certificate authori‐
977             ties that are trusted to sign user certificates for authentica‐
978             tion, or none to not use one.  Keys are listed one per line;
979             empty lines and comments starting with ‘#’ are allowed.  If a
980             certificate is presented for authentication and has its signing
981             CA key listed in this file, then it may be used for authentica‐
982             tion for any user listed in the certificate's principals list.
983             Note that certificates that lack a list of principals will not be
984             permitted for authentication using TrustedUserCAKeys.  For more
985             details on certificates, see the CERTIFICATES section in
986             ssh-keygen(1).
987
988     UseDNS  Specifies whether sshd(8) should look up the remote host name,
989             and to check that the resolved host name for the remote IP
990             address maps back to the very same IP address.
991
992             If this option is set to no (the default) then only addresses and
993             not host names may be used in ~/.ssh/authorized_keys from and
994             sshd_config Match Host directives.
995
996     UsePAM  Enables the Pluggable Authentication Module interface.  If set to
997             yes this will enable PAM authentication using
998             ChallengeResponseAuthentication and PasswordAuthentication in
999             addition to PAM account and session module processing for all
1000             authentication types.
1001
1002             Because PAM challenge-response authentication usually serves an
1003             equivalent role to password authentication, you should disable
1004             either PasswordAuthentication or ChallengeResponseAuthentication.
1005
1006             If UsePAM is enabled, you will not be able to run sshd(8) as a
1007             non-root user.  The default is no.
1008
1009     VersionAddendum
1010             Optionally specifies additional text to append to the SSH proto‐
1011             col banner sent by the server upon connection.  The default is
1012             none.
1013
1014     X11DisplayOffset
1015             Specifies the first display number available for sshd(8)'s X11
1016             forwarding.  This prevents sshd from interfering with real X11
1017             servers.  The default is 10.
1018
1019     X11MaxDisplays
1020             Specifies the maximum number of displays available for sshd(8)'s
1021             X11 forwarding.  This prevents sshd from exhausting local ports.
1022             The default is 1000.
1023
1024     X11Forwarding
1025             Specifies whether X11 forwarding is permitted.  The argument must
1026             be yes or no.  The default is no.
1027
1028             When X11 forwarding is enabled, there may be additional exposure
1029             to the server and to client displays if the sshd(8) proxy display
1030             is configured to listen on the wildcard address (see
1031             X11UseLocalhost), though this is not the default.  Additionally,
1032             the authentication spoofing and authentication data verification
1033             and substitution occur on the client side.  The security risk of
1034             using X11 forwarding is that the client's X11 display server may
1035             be exposed to attack when the SSH client requests forwarding (see
1036             the warnings for ForwardX11 in ssh_config(5)).  A system adminis‐
1037             trator may have a stance in which they want to protect clients
1038             that may expose themselves to attack by unwittingly requesting
1039             X11 forwarding, which can warrant a no setting.
1040
1041             Note that disabling X11 forwarding does not prevent users from
1042             forwarding X11 traffic, as users can always install their own
1043             forwarders.
1044
1045     X11UseLocalhost
1046             Specifies whether sshd(8) should bind the X11 forwarding server
1047             to the loopback address or to the wildcard address.  By default,
1048             sshd binds the forwarding server to the loopback address and sets
1049             the hostname part of the DISPLAY environment variable to
1050             localhost.  This prevents remote hosts from connecting to the
1051             proxy display.  However, some older X11 clients may not function
1052             with this configuration.  X11UseLocalhost may be set to no to
1053             specify that the forwarding server should be bound to the wild‐
1054             card address.  The argument must be yes or no.  The default is
1055             yes.
1056
1057     XAuthLocation
1058             Specifies the full pathname of the xauth(1) program, or none to
1059             not use one.  The default is /usr/bin/xauth.
1060

TIME FORMATS

1062     sshd(8) command-line arguments and configuration file options that spec‐
1063     ify time may be expressed using a sequence of the form: time[qualifier],
1064     where time is a positive integer value and qualifier is one of the fol‐
1065     lowing:
1066
1067none⟩  seconds
1068           s | S   seconds
1069           m | M   minutes
1070           h | H   hours
1071           d | D   days
1072           w | W   weeks
1073
1074     Each member of the sequence is added together to calculate the total time
1075     value.
1076
1077     Time format examples:
1078
1079           600     600 seconds (10 minutes)
1080           10m     10 minutes
1081           1h30m   1 hour 30 minutes (90 minutes)
1082

TOKENS

1084     Arguments to some keywords can make use of tokens, which are expanded at
1085     runtime:
1086
1087           %%    A literal ‘%’.
1088           %D    The routing domain in which the incoming connection was
1089                 received.
1090           %F    The fingerprint of the CA key.
1091           %f    The fingerprint of the key or certificate.
1092           %h    The home directory of the user.
1093           %i    The key ID in the certificate.
1094           %K    The base64-encoded CA key.
1095           %k    The base64-encoded key or certificate for authentication.
1096           %s    The serial number of the certificate.
1097           %T    The type of the CA key.
1098           %t    The key or certificate type.
1099           %U    The numeric user ID of the target user.
1100           %u    The username.
1101
1102     AuthorizedKeysCommand accepts the tokens %%, %f, %h, %k, %t, %U, and %u.
1103
1104     AuthorizedKeysFile accepts the tokens %%, %h, %U, and %u.
1105
1106     AuthorizedPrincipalsCommand accepts the tokens %%, %F, %f, %h, %i, %K,
1107     %k, %s, %T, %t, %U, and %u.
1108
1109     AuthorizedPrincipalsFile accepts the tokens %%, %h, %U, and %u.
1110
1111     ChrootDirectory accepts the tokens %%, %h, %U, and %u.
1112
1113     RoutingDomain accepts the token %D.
1114

FILES

1116     /etc/ssh/sshd_config
1117             Contains configuration data for sshd(8).  This file should be
1118             writable by root only, but it is recommended (though not neces‐
1119             sary) that it be world-readable.
1120

SEE ALSO

1122     sftp-server(8), sshd(8)
1123

AUTHORS

1125     OpenSSH is a derivative of the original and free ssh 1.2.12 release by
1126     Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
1127     de Raadt and Dug Song removed many bugs, re-added newer features and cre‐
1128     ated OpenSSH.  Markus Friedl contributed the support for SSH protocol
1129     versions 1.5 and 2.0.  Niels Provos and Markus Friedl contributed support
1130     for privilege separation.
1131
1132BSD                            October 26, 2019                            BSD
Impressum