1SSHD_CONFIG(5) BSD File Formats Manual SSHD_CONFIG(5)
2
4 sshd_config — OpenSSH SSH daemon configuration file
5
7 /etc/ssh/sshd_config
8
10 sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file
11 specified with -f on the command line). The file contains keyword-argu‐
12 ment pairs, one per line. Lines starting with ‘#’ and empty lines are
13 interpreted as comments. Arguments may optionally be enclosed in double
14 quotes (") in order to represent arguments containing spaces.
15
16 The possible keywords and their meanings are as follows (note that key‐
17 words are case-insensitive and arguments are case-sensitive):
18
19 AcceptEnv
20 Specifies what environment variables sent by the client will be
21 copied into the session's environ(7). See SendEnv in
22 ssh_config(5) for how to configure the client. Note that envi‐
23 ronment passing is only supported for protocol 2. Variables are
24 specified by name, which may contain the wildcard characters ‘*’
25 and ‘?’. Multiple environment variables may be separated by
26 whitespace or spread across multiple AcceptEnv directives. Be
27 warned that some environment variables could be used to bypass
28 restricted user environments. For this reason, care should be
29 taken in the use of this directive. The default is not to accept
30 any environment variables.
31
32 AddressFamily
33 Specifies which address family should be used by sshd(8). Valid
34 arguments are “any”, “inet” (use IPv4 only), or “inet6” (use IPv6
35 only). The default is “any”.
36
37 AllowGroups
38 This keyword can be followed by a list of group name patterns,
39 separated by spaces. If specified, login is allowed only for
40 users whose primary group or supplementary group list matches one
41 of the patterns. Only group names are valid; a numerical group
42 ID is not recognized. By default, login is allowed for all
43 groups. The allow/deny directives are processed in the following
44 order: DenyUsers, AllowUsers, DenyGroups, and finally
45 AllowGroups.
46
47 See PATTERNS in ssh_config(5) for more information on patterns.
48
49 AllowTcpForwarding
50 Specifies whether TCP forwarding is permitted. The default is
51 “yes”. Note that disabling TCP forwarding does not improve secu‐
52 rity unless users are also denied shell access, as they can
53 always install their own forwarders.
54
55 AllowUsers
56 This keyword can be followed by a list of user name patterns,
57 separated by spaces. If specified, login is allowed only for
58 user names that match one of the patterns. Only user names are
59 valid; a numerical user ID is not recognized. By default, login
60 is allowed for all users. If the pattern takes the form
61 USER@HOST then USER and HOST are separately checked, restricting
62 logins to particular users from particular hosts. The allow/deny
63 directives are processed in the following order: DenyUsers,
64 AllowUsers, DenyGroups, and finally AllowGroups.
65
66 See PATTERNS in ssh_config(5) for more information on patterns.
67
68 AuthorizedKeysFile
69 Specifies the file that contains the public keys that can be used
70 for user authentication. AuthorizedKeysFile may contain tokens
71 of the form %T which are substituted during connection setup.
72 The following tokens are defined: %% is replaced by a literal
73 '%', %h is replaced by the home directory of the user being
74 authenticated, and %u is replaced by the username of that user.
75 After expansion, AuthorizedKeysFile is taken to be an absolute
76 path or one relative to the user's home directory. The default
77 is “.ssh/authorized_keys”.
78
79 Banner In some jurisdictions, sending a warning message before authenti‐
80 cation may be relevant for getting legal protection. The con‐
81 tents of the specified file are sent to the remote user before
82 authentication is allowed. This option is only available for
83 protocol version 2. By default, no banner is displayed.
84
85 ChallengeResponseAuthentication
86 Specifies whether challenge-response authentication is allowed.
87 All authentication styles from login.conf(5) are supported. The
88 default is “yes”.
89
90 Ciphers
91 Specifies the ciphers allowed for protocol version 2. Multiple
92 ciphers must be comma-separated. The supported ciphers are
93 “3des-cbc”, “aes128-cbc”, “aes192-cbc”, “aes256-cbc”,
94 “aes128-ctr”, “aes192-ctr”, “aes256-ctr”, “arcfour128”,
95 “arcfour256”, “arcfour”, “blowfish-cbc”, and “cast128-cbc”. The
96 default is:
97
98 aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
99 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
100 aes192-ctr,aes256-ctr
101
102 ClientAliveCountMax
103 Sets the number of client alive messages (see below) which may be
104 sent without sshd(8) receiving any messages back from the client.
105 If this threshold is reached while client alive messages are
106 being sent, sshd will disconnect the client, terminating the ses‐
107 sion. It is important to note that the use of client alive mes‐
108 sages is very different from TCPKeepAlive (below). The client
109 alive messages are sent through the encrypted channel and there‐
110 fore will not be spoofable. The TCP keepalive option enabled by
111 TCPKeepAlive is spoofable. The client alive mechanism is valu‐
112 able when the client or server depend on knowing when a connec‐
113 tion has become inactive.
114
115 The default value is 3. If ClientAliveInterval (see below) is
116 set to 15, and ClientAliveCountMax is left at the default, unre‐
117 sponsive SSH clients will be disconnected after approximately 45
118 seconds. This option applies to protocol version 2 only.
119
120 ClientAliveInterval
121 Sets a timeout interval in seconds after which if no data has
122 been received from the client, sshd(8) will send a message
123 through the encrypted channel to request a response from the
124 client. The default is 0, indicating that these messages will
125 not be sent to the client. This option applies to protocol ver‐
126 sion 2 only.
127
128 Compression
129 Specifies whether compression is allowed, or delayed until the
130 user has authenticated successfully. The argument must be “yes”,
131 “delayed”, or “no”. The default is “delayed”.
132
133 DenyGroups
134 This keyword can be followed by a list of group name patterns,
135 separated by spaces. Login is disallowed for users whose primary
136 group or supplementary group list matches one of the patterns.
137 Only group names are valid; a numerical group ID is not recog‐
138 nized. By default, login is allowed for all groups. The
139 allow/deny directives are processed in the following order:
140 DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.
141
142 See PATTERNS in ssh_config(5) for more information on patterns.
143
144 DenyUsers
145 This keyword can be followed by a list of user name patterns,
146 separated by spaces. Login is disallowed for user names that
147 match one of the patterns. Only user names are valid; a numeri‐
148 cal user ID is not recognized. By default, login is allowed for
149 all users. If the pattern takes the form USER@HOST then USER and
150 HOST are separately checked, restricting logins to particular
151 users from particular hosts. The allow/deny directives are pro‐
152 cessed in the following order: DenyUsers, AllowUsers, DenyGroups,
153 and finally AllowGroups.
154
155 See PATTERNS in ssh_config(5) for more information on patterns.
156
157 ForceCommand
158 Forces the execution of the command specified by ForceCommand,
159 ignoring any command supplied by the client. The command is
160 invoked by using the user's login shell with the -c option. This
161 applies to shell, command, or subsystem execution. It is most
162 useful inside a Match block. The command originally supplied by
163 the client is available in the SSH_ORIGINAL_COMMAND environment
164 variable.
165
166 GatewayPorts
167 Specifies whether remote hosts are allowed to connect to ports
168 forwarded for the client. By default, sshd(8) binds remote port
169 forwardings to the loopback address. This prevents other remote
170 hosts from connecting to forwarded ports. GatewayPorts can be
171 used to specify that sshd should allow remote port forwardings to
172 bind to non-loopback addresses, thus allowing other hosts to con‐
173 nect. The argument may be “no” to force remote port forwardings
174 to be available to the local host only, “yes” to force remote
175 port forwardings to bind to the wildcard address, or
176 “clientspecified” to allow the client to select the address to
177 which the forwarding is bound. The default is “no”.
178
179 GSSAPIAuthentication
180 Specifies whether user authentication based on GSSAPI is allowed.
181 The default is “no”. Note that this option applies to protocol
182 version 2 only.
183
184 GSSAPICleanupCredentials
185 Specifies whether to automatically destroy the user's credentials
186 cache on logout. The default is “yes”. Note that this option
187 applies to protocol version 2 only.
188
189 HostbasedAuthentication
190 Specifies whether rhosts or /etc/hosts.equiv authentication
191 together with successful public key client host authentication is
192 allowed (host-based authentication). This option is similar to
193 RhostsRSAAuthentication and applies to protocol version 2 only.
194 The default is “no”.
195
196 HostbasedUsesNameFromPacketOnly
197 Specifies whether or not the server will attempt to perform a
198 reverse name lookup when matching the name in the ~/.shosts,
199 ~/.rhosts, and /etc/hosts.equiv files during
200 HostbasedAuthentication. A setting of “yes” means that sshd(8)
201 uses the name supplied by the client rather than attempting to
202 resolve the name from the TCP connection itself. The default is
203 “no”.
204
205 HostKey
206 Specifies a file containing a private host key used by SSH. The
207 default is /etc/ssh/ssh_host_key for protocol version 1, and
208 /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for pro‐
209 tocol version 2. Note that sshd(8) will refuse to use a file if
210 it is group/world-accessible. It is possible to have multiple
211 host key files. “rsa1” keys are used for version 1 and “dsa” or
212 “rsa” are used for version 2 of the SSH protocol.
213
214 IgnoreRhosts
215 Specifies that .rhosts and .shosts files will not be used in
216 RhostsRSAAuthentication or HostbasedAuthentication.
217
218 /etc/hosts.equiv and /etc/ssh/shosts.equiv are still used. The
219 default is “yes”.
220
221 IgnoreUserKnownHosts
222 Specifies whether sshd(8) should ignore the user's
223 ~/.ssh/known_hosts during RhostsRSAAuthentication or
224 HostbasedAuthentication. The default is “no”.
225
226 KerberosAuthentication
227 Specifies whether the password provided by the user for
228 PasswordAuthentication will be validated through the Kerberos
229 KDC. To use this option, the server needs a Kerberos servtab
230 which allows the verification of the KDC's identity. The default
231 is “no”.
232
233 KerberosGetAFSToken
234 If AFS is active and the user has a Kerberos 5 TGT, attempt to
235 acquire an AFS token before accessing the user's home directory.
236 The default is “no”.
237
238 KerberosOrLocalPasswd
239 If password authentication through Kerberos fails then the pass‐
240 word will be validated via any additional local mechanism such as
241 /etc/passwd. The default is “yes”.
242
243 KerberosTicketCleanup
244 Specifies whether to automatically destroy the user's ticket
245 cache file on logout. The default is “yes”.
246
247 KeyRegenerationInterval
248 In protocol version 1, the ephemeral server key is automatically
249 regenerated after this many seconds (if it has been used). The
250 purpose of regeneration is to prevent decrypting captured ses‐
251 sions by later breaking into the machine and stealing the keys.
252 The key is never stored anywhere. If the value is 0, the key is
253 never regenerated. The default is 3600 (seconds).
254
255 ListenAddress
256 Specifies the local addresses sshd(8) should listen on. The fol‐
257 lowing forms may be used:
258
259 ListenAddress host|IPv4_addr|IPv6_addr
260 ListenAddress host|IPv4_addr:port
261 ListenAddress [host|IPv6_addr]:port
262
263 If port is not specified, sshd will listen on the address and all
264 prior Port options specified. The default is to listen on all
265 local addresses. Multiple ListenAddress options are permitted.
266 Additionally, any Port options must precede this option for non-
267 port qualified addresses.
268
269 LoginGraceTime
270 The server disconnects after this time if the user has not suc‐
271 cessfully logged in. If the value is 0, there is no time limit.
272 The default is 120 seconds.
273
274 LogLevel
275 Gives the verbosity level that is used when logging messages from
276 sshd(8). The possible values are: QUIET, FATAL, ERROR, INFO,
277 VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. The default is INFO.
278 DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
279 higher levels of debugging output. Logging with a DEBUG level
280 violates the privacy of users and is not recommended.
281
282 MACs Specifies the available MAC (message authentication code) algo‐
283 rithms. The MAC algorithm is used in protocol version 2 for data
284 integrity protection. Multiple algorithms must be comma-sepa‐
285 rated. The default is:
286 “hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96”.
287
288 Match Introduces a conditional block. If all of the criteria on the
289 Match line are satisfied, the keywords on the following lines
290 override those set in the global section of the config file,
291 until either another Match line or the end of the file. The
292 arguments to Match are one or more criteria-pattern pairs. The
293 available criteria are User, Group, Host, and Address. Only a
294 subset of keywords may be used on the lines following a Match
295 keyword. Available keywords are AllowTcpForwarding,
296 ForceCommand, GatewayPorts, PermitOpen, X11DisplayOffset,
297 X11Forwarding, and X11UseLocalHost.
298
299 MaxAuthTries
300 Specifies the maximum number of authentication attempts permitted
301 per connection. Once the number of failures reaches half this
302 value, additional failures are logged. The default is 6.
303
304 MaxStartups
305 Specifies the maximum number of concurrent unauthenticated con‐
306 nections to the SSH daemon. Additional connections will be
307 dropped until authentication succeeds or the LoginGraceTime
308 expires for a connection. The default is 10.
309
310 Alternatively, random early drop can be enabled by specifying the
311 three colon separated values “start:rate:full” (e.g. "10:30:60").
312 sshd(8) will refuse connection attempts with a probability of
313 “rate/100” (30%) if there are currently “start” (10) unauthenti‐
314 cated connections. The probability increases linearly and all
315 connection attempts are refused if the number of unauthenticated
316 connections reaches “full” (60).
317
318 PasswordAuthentication
319 Specifies whether password authentication is allowed. The
320 default is “yes”.
321
322 PermitEmptyPasswords
323 When password authentication is allowed, it specifies whether the
324 server allows login to accounts with empty password strings. The
325 default is “no”.
326
327 PermitOpen
328 Specifies the destinations to which TCP port forwarding is per‐
329 mitted. The forwarding specification must be one of the follow‐
330 ing forms:
331
332 PermitOpen host:port
333 PermitOpen IPv4_addr:port
334 PermitOpen [IPv6_addr]:port
335
336 Multiple forwards may be specified by separating them with white‐
337 space. An argument of “any” can be used to remove all restric‐
338 tions and permit any forwarding requests. By default all port
339 forwarding requests are permitted.
340
341 PermitRootLogin
342 Specifies whether root can log in using ssh(1). The argument
343 must be “yes”, “without-password”, “forced-commands-only”, or
344 “no”. The default is “yes”.
345
346 If this option is set to “without-password”, password authentica‐
347 tion is disabled for root.
348
349 If this option is set to “forced-commands-only”, root login with
350 public key authentication will be allowed, but only if the
351 command option has been specified (which may be useful for taking
352 remote backups even if root login is normally not allowed). All
353 other authentication methods are disabled for root.
354
355 If this option is set to “no”, root is not allowed to log in.
356
357 PermitTunnel
358 Specifies whether tun(4) device forwarding is allowed. The argu‐
359 ment must be “yes”, “point-to-point” (layer 3), “ethernet” (layer
360 2), or “no”. Specifying “yes” permits both “point-to-point” and
361 “ethernet”. The default is “no”.
362
363 PermitUserEnvironment
364 Specifies whether ~/.ssh/environment and environment= options in
365 ~/.ssh/authorized_keys are processed by sshd(8). The default is
366 “no”. Enabling environment processing may enable users to bypass
367 access restrictions in some configurations using mechanisms such
368 as LD_PRELOAD.
369
370 PidFile
371 Specifies the file that contains the process ID of the SSH dae‐
372 mon. The default is /var/run/sshd.pid.
373
374 Port Specifies the port number that sshd(8) listens on. The default
375 is 22. Multiple options of this type are permitted. See also
376 ListenAddress.
377
378 PrintLastLog
379 Specifies whether sshd(8) should print the date and time of the
380 last user login when a user logs in interactively. The default
381 is “yes”.
382
383 PrintMotd
384 Specifies whether sshd(8) should print /etc/motd when a user logs
385 in interactively. (On some systems it is also printed by the
386 shell, /etc/profile, or equivalent.) The default is “yes”.
387
388 Protocol
389 Specifies the protocol versions sshd(8) supports. The possible
390 values are ‘1’ and ‘2’. Multiple versions must be comma-sepa‐
391 rated. The default is “2,1”. Note that the order of the proto‐
392 col list does not indicate preference, because the client selects
393 among multiple protocol versions offered by the server. Specify‐
394 ing “2,1” is identical to “1,2”.
395
396 PubkeyAuthentication
397 Specifies whether public key authentication is allowed. The
398 default is “yes”. Note that this option applies to protocol ver‐
399 sion 2 only.
400
401 RhostsRSAAuthentication
402 Specifies whether rhosts or /etc/hosts.equiv authentication
403 together with successful RSA host authentication is allowed. The
404 default is “no”. This option applies to protocol version 1 only.
405
406 RSAAuthentication
407 Specifies whether pure RSA authentication is allowed. The
408 default is “yes”. This option applies to protocol version 1
409 only.
410
411 ServerKeyBits
412 Defines the number of bits in the ephemeral protocol version 1
413 server key. The minimum value is 512, and the default is 768.
414
415 ShowPatchLevel
416 Specifies whether sshd will display the patch level of the binary
417 in the identification string. The patch level is set at compile-
418 time. The default is “no”. This option applies to protocol ver‐
419 sion 1 only.
420
421 StrictModes
422 Specifies whether sshd(8) should check file modes and ownership
423 of the user's files and home directory before accepting login.
424 This is normally desirable because novices sometimes accidentally
425 leave their directory or files world-writable. The default is
426 “yes”.
427
428 Subsystem
429 Configures an external subsystem (e.g. file transfer daemon).
430 Arguments should be a subsystem name and a command (with optional
431 arguments) to execute upon subsystem request. The command
432 sftp-server(8) implements the “sftp” file transfer subsystem. By
433 default no subsystems are defined. Note that this option applies
434 to protocol version 2 only.
435
436 SyslogFacility
437 Gives the facility code that is used when logging messages from
438 sshd(8). The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
439 LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
440 The default is AUTH.
441
442 TCPKeepAlive
443 Specifies whether the system should send TCP keepalive messages
444 to the other side. If they are sent, death of the connection or
445 crash of one of the machines will be properly noticed. However,
446 this means that connections will die if the route is down tempo‐
447 rarily, and some people find it annoying. On the other hand, if
448 TCP keepalives are not sent, sessions may hang indefinitely on
449 the server, leaving “ghost” users and consuming server resources.
450
451 The default is “yes” (to send TCP keepalive messages), and the
452 server will notice if the network goes down or the client host
453 crashes. This avoids infinitely hanging sessions.
454
455 To disable TCP keepalive messages, the value should be set to
456 “no”.
457
458 UseDNS Specifies whether sshd(8) should look up the remote host name and
459 check that the resolved host name for the remote IP address maps
460 back to the very same IP address. The default is “yes”.
461
462 UseLogin
463 Specifies whether login(1) is used for interactive login ses‐
464 sions. The default is “no”. Note that login(1) is never used
465 for remote command execution. Note also, that if this is
466 enabled, X11Forwarding will be disabled because login(1) does not
467 know how to handle xauth(1) cookies. If UsePrivilegeSeparation
468 is specified, it will be disabled after authentication.
469
470 UsePAM Enables the Pluggable Authentication Module interface. If set to
471 “yes” this will enable PAM authentication using
472 ChallengeResponseAuthentication and PasswordAuthentication in
473 addition to PAM account and session module processing for all
474 authentication types.
475
476 Because PAM challenge-response authentication usually serves an
477 equivalent role to password authentication, you should disable
478 either PasswordAuthentication or ChallengeResponseAuthentication.
479
480 If UsePAM is enabled, you will not be able to run sshd(8) as a
481 non-root user. The default is “no”.
482
483 UsePrivilegeSeparation
484 Specifies whether sshd(8) separates privileges by creating an
485 unprivileged child process to deal with incoming network traffic.
486 After successful authentication, another process will be created
487 that has the privilege of the authenticated user. The goal of
488 privilege separation is to prevent privilege escalation by con‐
489 taining any corruption within the unprivileged processes. The
490 default is “yes”.
491
492 X11DisplayOffset
493 Specifies the first display number available for sshd(8)'s X11
494 forwarding. This prevents sshd from interfering with real X11
495 servers. The default is 10.
496
497 X11Forwarding
498 Specifies whether X11 forwarding is permitted. The argument must
499 be “yes” or “no”. The default is “no”.
500
501 When X11 forwarding is enabled, there may be additional exposure
502 to the server and to client displays if the sshd(8) proxy display
503 is configured to listen on the wildcard address (see
504 X11UseLocalhost below), though this is not the default. Addi‐
505 tionally, the authentication spoofing and authentication data
506 verification and substitution occur on the client side. The
507 security risk of using X11 forwarding is that the client's X11
508 display server may be exposed to attack when the SSH client
509 requests forwarding (see the warnings for ForwardX11 in
510 ssh_config(5)). A system administrator may have a stance in
511 which they want to protect clients that may expose themselves to
512 attack by unwittingly requesting X11 forwarding, which can war‐
513 rant a “no” setting.
514
515 Note that disabling X11 forwarding does not prevent users from
516 forwarding X11 traffic, as users can always install their own
517 forwarders. X11 forwarding is automatically disabled if UseLogin
518 is enabled.
519
520 X11UseLocalhost
521 Specifies whether sshd(8) should bind the X11 forwarding server
522 to the loopback address or to the wildcard address. By default,
523 sshd binds the forwarding server to the loopback address and sets
524 the hostname part of the DISPLAY environment variable to
525 “localhost”. This prevents remote hosts from connecting to the
526 proxy display. However, some older X11 clients may not function
527 with this configuration. X11UseLocalhost may be set to “no” to
528 specify that the forwarding server should be bound to the wild‐
529 card address. The argument must be “yes” or “no”. The default
530 is “yes”.
531
532 XAuthLocation
533 Specifies the full pathname of the xauth(1) program. The default
534 is /usr/bin/xauth.
535
537 sshd(8) command-line arguments and configuration file options that spec‐
538 ify time may be expressed using a sequence of the form: time[qualifier],
539 where time is a positive integer value and qualifier is one of the fol‐
540 lowing:
541
542 ⟨none⟩ seconds
543 s | S seconds
544 m | M minutes
545 h | H hours
546 d | D days
547 w | W weeks
548
549 Each member of the sequence is added together to calculate the total time
550 value.
551
552 Time format examples:
553
554 600 600 seconds (10 minutes)
555 10m 10 minutes
556 1h30m 1 hour 30 minutes (90 minutes)
557
559 /etc/ssh/sshd_config
560 Contains configuration data for sshd(8). This file should be
561 writable by root only, but it is recommended (though not neces‐
562 sary) that it be world-readable.
563
565 sshd(8)
566
568 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
569 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
570 de Raadt and Dug Song removed many bugs, re-added newer features and cre‐
571 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
572 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
573 for privilege separation.
574
575BSD September 25, 1999 BSD