DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH
 

sshd_config(5)





NAME

       sshd_config - OpenSSH SSH daemon configuration file


SYNOPSIS

       /etc/ssh/sshd_config


DESCRIPTION

       sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file
       specified with -f on the command line).   The  file  contains  keyword-
       argument  pairs, one per line.  Lines starting with `#' and empty lines
       are interpreted as comments.  Arguments may optionally be  enclosed  in
       double quotes (") in order to represent arguments containing spaces.

       The possible keywords and their meanings are as follows (note that key-
       words are case-insensitive and arguments are case-sensitive):

       AcceptEnv
              Specifies what environment variables sent by the client will  be
              copied  into  the session's environ(7).  See SendEnv in ssh_con-
              fig(5) for how to configure the client.   The  TERM  environment
              variable  is  always sent whenever the client requests a pseudo-
              terminal as it is required by the protocol.  Variables are spec-
              ified by name, which may contain the wildcard characters `*' and
              `?'.  Multiple environment variables may be separated by  white-
              space or spread across multiple AcceptEnv directives.  Be warned
              that  some  environment  variables  could  be  used  to   bypass
              restricted  user  environments.  For this reason, care should be
              taken in the use of this  directive.   The  default  is  not  to
              accept any environment variables.

       AddressFamily
              Specifies which address family should be used by sshd(8).  Valid
              arguments are ``any'', ``inet'' (use IPv4  only),  or  ``inet6''
              (use IPv6 only).  The default is ``any''.

       AllowAgentForwarding
              Specifies  whether  ssh-agent(1)  forwarding  is permitted.  The
              default is ``yes''.  Note that disabling agent  forwarding  does
              not  improve security unless users are also denied shell access,
              as they can always install their own forwarders.

       AllowGroups
              This keyword can be followed by a list of group  name  patterns,
              separated  by  spaces.   If specified, login is allowed only for
              users whose primary group or supplementary  group  list  matches
              one  of  the  patterns.  Only group names are valid; a numerical
              group ID is not recognized.  By default, login  is  allowed  for
              all groups.  The allow/deny directives are processed in the fol-
              lowing order: DenyUsers,  AllowUsers,  DenyGroups,  and  finally
              AllowGroups.

              See  PATTERNS in ssh_config(5) for more information on patterns.

       AllowTcpForwarding
              Specifies whether TCP forwarding is  permitted.   The  available
              options  are  ``yes'' or ``all'' to allow TCP forwarding, ``no''
              to prevent all TCP forwarding, ``local'' to  allow  local  (from
              the  perspective  of  ssh(1))  forwarding  only or ``remote'' to
              allow remote forwarding only.  The  default  is  ``yes''.   Note
              that  disabling  TCP forwarding does not improve security unless
              users are also denied shell access, as they can  always  install
              their own forwarders.

       AllowStreamLocalForwarding
              Specifies whether StreamLocal (Unix-domain socket) forwarding is
              permitted.  The available options  are  ``yes''  or  ``all''  to
              allow  StreamLocal forwarding, ``no'' to prevent all StreamLocal
              forwarding, ``local'' to allow local (from  the  perspective  of
              ssh(1)) forwarding only or ``remote'' to allow remote forwarding
              only.  The default is ``yes''.  Note that disabling  StreamLocal
              forwarding  does  not  improve  security  unless  users are also
              denied shell access, as they can always install their  own  for-
              warders.

       AllowUsers
              This  keyword  can  be followed by a list of user name patterns,
              separated by spaces.  If specified, login is  allowed  only  for
              user  names that match one of the patterns.  Only user names are
              valid; a numerical user ID is not recognized.  By default, login
              is  allowed  for  all  users.   If  the  pattern  takes the form
              USER@HOST then USER and HOST are separately checked, restricting
              logins to particular users from particular hosts.  HOST criteria
              may  additionally   contain   addresses   to   match   in   CIDR
              address/masklen format.  The allow/deny directives are processed
              in the following order: DenyUsers, AllowUsers,  DenyGroups,  and
              finally AllowGroups.

              See  PATTERNS in ssh_config(5) for more information on patterns.

       AuthenticationMethods
              Specifies the authentication methods that must  be  successfully
              completed  for a user to be granted access.  This option must be
              followed by one or more comma-separated lists of  authentication
              method  names,  or  by the single string ``any'' to indicate the
              default behaviour of accepting any single authentication method.
              if  the  default  is  overridden, then successful authentication
              requires completion of every method in at  least  one  of  these
              lists.

              For  example, an argument of ``publickey,password publickey,key-
              board-interactive'' would require the user  to  complete  public
              key  authentication,  followed  by  either  password or keyboard
              interactive authentication.  Only methods that are next  in  one
              or more lists are offered at each stage, so for this example, it
              would not be possible to attempt password  or  keyboard-interac-
              tive authentication before public key.

              For  keyboard  interactive authentication it is also possible to
              restrict authentication to a  specific  device  by  appending  a
              colon followed by the device identifier ``bsdauth'', ``pam'', or
              ``skey'', depending on the server configuration.   For  example,
              ``keyboard-interactive:bsdauth''  would restrict keyboard inter-
              active authentication to the ``bsdauth'' device.

              If the ``publickey'' method is listed more  than  once,  sshd(8)
              verifies  that  keys  that  have  been used successfully are not
              reused for subsequent authentications.  For example, an  Authen-
              ticationMethods of ``publickey,publickey'' will require success-
              ful authentication using two different public keys.

              This option will yield a fatal error if enabled if protocol 1 is
              also  enabled.   Note  that  each  authentication  method listed
              should also be explicitly enabled  in  the  configuration.   The
              default  ``any'' is not to require multiple authentication; suc-
              cessful completion of a single authentication method  is  suffi-
              cient.

       AuthorizedKeysCommand
              Specifies  a  program  to  be  used to look up the user's public
              keys.  The program must be owned by root, not writable by  group
              or others and specified by an absolute path.

              Arguments  to  AuthorizedKeysCommand  may  be provided using the
              following tokens, which will  be  expanded  at  runtime:  %%  is
              replaced  by a literal '%', %u is replaced by the username being
              authenticated, %h is replaced by the home directory of the  user
              being  authenticated,  %t  is replaced with the key type offered
              for authentication, %f is replaced with the fingerprint  of  the
              key, and %k is replaced with the key being offered for authenti-
              cation.  If no arguments are specified then the username of  the
              target user will be supplied.

              The program should produce on standard output zero or more lines
              of authorized_keys output (see AUTHORIZED_KEYS in sshd(8)) .  If
              a  key  supplied  by AuthorizedKeysCommand does not successfully
              authenticate and authorize the user then public key  authentica-
              tion  continues  using  the  usual AuthorizedKeysFile files.  By
              default, no AuthorizedKeysCommand is run.

       AuthorizedKeysCommandUser
              Specifies the user under whose account the AuthorizedKeysCommand
              is  run.   It is recommended to use a dedicated user that has no
              other role on the host than running  authorized  keys  commands.
              If  AuthorizedKeysCommand is specified but AuthorizedKeysComman-
              dUser is not, then sshd(8) will refuse to start.

       AuthorizedKeysFile
              Specifies the file that contains the public  keys  that  can  be
              used  for  user  authentication.  The format is described in the
              AUTHORIZED_KEYS FILE FORMAT  section  of  sshd(8).   Authorized-
              KeysFile may contain tokens of the form %T which are substituted
              during connection setup.  The following tokens are  defined:  %%
              is  replaced by a literal '%', %h is replaced by the home direc-
              tory of the user being authenticated, and %u is replaced by  the
              username  of  that user.  After expansion, AuthorizedKeysFile is
              taken to be an absolute path or one relative to the user's  home
              directory.   Multiple  files  may be listed, separated by white-
              space.  Alternately this option may be set to ``none''  to  skip
              checking  for  user keys in files.  The default is ``.ssh/autho-
              rized_keys''.ssh/authorized_keys2 .

       AuthorizedPrincipalsCommand
              Specifies a program to be used to generate the list  of  allowed
              certificate  principals  as  per  AuthorizedPrincipalsFile.  The
              program must be owned by root, not writable by group  or  others
              and specified by an absolute path.

              Arguments  to  AuthorizedPrincipalsCommand may be provided using
              the following tokens, which will be expanded at runtime:  %%  is
              replaced  by a literal '%', %u is replaced by the username being
              authenticated and %h is replaced by the home  directory  of  the
              user being authenticated.

              The program should produce on standard output zero or more lines
              of AuthorizedPrincipalsFile output.  If either AuthorizedPrinci-
              palsCommand  or AuthorizedPrincipalsFile is specified, then cer-
              tificates offered by the client for authentication must  contain
              a  principal  that  is listed.  By default, no AuthorizedPrinci-
              palsCommand is run.

       AuthorizedPrincipalsCommandUser
              Specifies the user under  whose  account  the  AuthorizedPrinci-
              palsCommand  is  run.  It is recommended to use a dedicated user
              that has no other role on the host than running authorized prin-
              cipals  commands.   If  AuthorizedPrincipalsCommand is specified
              but AuthorizedPrincipalsCommandUser is not,  then  sshd(8)  will
              refuse to start.

       AuthorizedPrincipalsFile
              Specifies  a  file  that lists principal names that are accepted
              for certificate authentication.  When using certificates  signed
              by a key listed in TrustedUserCAKeys, this file lists names, one
              of which must appear in the certificate for it  to  be  accepted
              for  authentication.   Names are listed one per line preceded by
              key options (as described  in  AUTHORIZED_KEYS  FILE  FORMAT  in
              sshd(8))  .   Empty  lines  and  comments  starting with `#' are
              ignored.

              AuthorizedPrincipalsFile may contain tokens of the form %T which
              are  substituted  during connection setup.  The following tokens
              are defined: %% is replaced by a literal '%', %h is replaced  by
              the  home  directory  of the user being authenticated, and %u is
              replaced by the username of that user.  After expansion,  Autho-
              rizedPrincipalsFile is taken to be an absolute path or one rela-
              tive to the user's home directory.

              The default is ``none'', i.e. not to use a principals file -  in
              this  case,  the  username of the user must appear in a certifi-
              cate's principals list for it to be accepted.  Note that  Autho-
              rizedPrincipalsFile  is  only  used when authentication proceeds
              using a CA listed in TrustedUserCAKeys and is not consulted  for
              certification  authorities  trusted  via ~/.ssh/authorized_keys,
              though the principals= key option offers a similar facility (see
              sshd(8) for details).

       Banner The  contents  of the specified file are sent to the remote user
              before authentication is allowed.  If the argument  is  ``none''
              then  no  banner  is  displayed.   By default, no banner is dis-
              played.

       ChallengeResponseAuthentication
              Specifies whether challenge-response authentication  is  allowed
              (e.g.  via  PAM  or  through  authentication styles supported in
              login.conf(5)) The default is ``yes''.

       ChrootDirectory
              Specifies the pathname of a  directory  to  chroot(2)  to  after
              authentication.  At session startup sshd(8) checks that all com-
              ponents of the pathname are root-owned directories which are not
              writable  by any other user or group.  After the chroot, sshd(8)
              changes the working directory to the user's home directory.

              The pathname may contain the following tokens that are  expanded
              at  runtime  once the connecting user has been authenticated: %%
              is replaced by a literal '%', %h is replaced by the home  direc-
              tory  of the user being authenticated, and %u is replaced by the
              username of that user.

              The ChrootDirectory must contain the necessary files and  direc-
              tories  to  support the user's session.  For an interactive ses-
              sion this requires at least a shell, typically sh(1), and  basic
              /dev  nodes  such  as  null(4),  zero(4),  stdin(4),  stdout(4),
              stderr(4), and tty(4) devices.  For file transfer sessions using
              ``sftp'', no additional configuration of the environment is nec-
              essary if the in-process sftp server is  used,  though  sessions
              which  use logging may require /dev/log inside the chroot direc-
              tory on some operating systems (see sftp-server(8) for details).

              For safety, it is very important that the directory hierarchy be
              prevented from modification by other  processes  on  the  system
              (especially  those outside the jail).  Misconfiguration can lead
              to unsafe environments which sshd(8) cannot detect.

              The default is ``none'', indicating not to chroot(2).

       Ciphers
              Specifies the ciphers allowed.  Multiple ciphers must be  comma-
              separated.   If the specified value begins with a `+' character,
              then the specified ciphers will be appended to the  default  set
              instead of replacing them.

              The supported ciphers are:

              3des-cbc

              aes128-cbc

              aes192-cbc

              aes256-cbc

              aes128-ctr

              aes192-ctr

              aes256-ctr

              aes128-gcm@openssh.com

              aes256-gcm@openssh.com

              arcfour

              arcfour128

              arcfour256

              blowfish-cbc

              cast128-cbc

              chacha20-poly1305@openssh.com

              The default is:

              chacha20-poly1305@openssh.com,
              aes128-ctr,aes192-ctr,aes256-ctr,
              aes128-gcm@openssh.com,aes256-gcm@openssh.com

              The  list of available ciphers may also be obtained using the -Q
              option of ssh(1) with an argument of ``cipher''.

       ClientAliveCountMax
              Sets the number of client alive messages (see below)  which  may
              be  sent  without  sshd(8)  receiving any messages back from the
              client.  If this threshold is reached while  client  alive  mes-
              sages are being sent, sshd will disconnect the client, terminat-
              ing the session.  It is important to note that the use of client
              alive messages is very different from TCPKeepAlive (below).  The
              client alive messages are sent through the encrypted channel and
              therefore  will  not  be  spoofable.   The  TCP keepalive option
              enabled by TCPKeepAlive is spoofable.  The client  alive  mecha-
              nism  is  valuable  when  the client or server depend on knowing
              when a connection has become inactive.

              The default value is 3.  If ClientAliveInterval (see  below)  is
              set to 15, and ClientAliveCountMax is left at the default, unre-
              sponsive SSH clients will be disconnected after approximately 45
              seconds.

       ClientAliveInterval
              Sets  a  timeout  interval in seconds after which if no data has
              been received from the  client,  sshd(8)  will  send  a  message
              through  the  encrypted  channel  to request a response from the
              client.  The default is 0, indicating that these  messages  will
              not be sent to the client.

       Compression
              Specifies  whether  compression is allowed, or delayed until the
              user has  authenticated  successfully.   The  argument  must  be
              ``yes'', ``delayed'', or ``no''.  The default is ``delayed''.

       DenyGroups
              This  keyword  can be followed by a list of group name patterns,
              separated by spaces.  Login is disallowed for users  whose  pri-
              mary  group  or supplementary group list matches one of the pat-
              terns.  Only group names are valid; a numerical group ID is  not
              recognized.   By  default, login is allowed for all groups.  The
              allow/deny directives are  processed  in  the  following  order:
              DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.

              See  PATTERNS in ssh_config(5) for more information on patterns.

       DenyUsers
              This keyword can be followed by a list of  user  name  patterns,
              separated  by  spaces.   Login is disallowed for user names that
              match one of the patterns.  Only user names are valid; a numeri-
              cal user ID is not recognized.  By default, login is allowed for
              all users.  If the pattern takes the form  USER@HOST  then  USER
              and  HOST are separately checked, restricting logins to particu-
              lar users from particular hosts.  HOST criteria may additionally
              contain  addresses to match in CIDR address/masklen format.  The
              allow/deny directives are  processed  in  the  following  order:
              DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.

              See  PATTERNS in ssh_config(5) for more information on patterns.

       FingerprintHash
              Specifies the hash algorithm used when logging key fingerprints.
              Valid  options  are:  ``md5''  and  ``sha256''.   The default is
              ``md5''.

       ForceCommand
              Forces the execution of the command specified  by  ForceCommand,
              ignoring  any  command  supplied  by the client and ~/.ssh/rc if
              present.  The command is invoked by using the user's login shell
              with  the -c option.  This applies to shell, command, or subsys-
              tem execution.  It is most useful inside  a  Match  block.   The
              command  originally  supplied  by the client is available in the
              SSH_ORIGINAL_COMMAND environment variable.  Specifying a command
              of  ``internal-sftp''  will  force the use of an in-process sftp
              server that requires no support files when used  with  ChrootDi-
              rectory.  The default is ``none''.

       GatewayPorts
              Specifies  whether  remote hosts are allowed to connect to ports
              forwarded for the client.  By default, sshd(8) binds remote port
              forwardings to the loopback address.  This prevents other remote
              hosts from connecting to forwarded ports.  GatewayPorts  can  be
              used  to  specify that sshd should allow remote port forwardings
              to bind to non-loopback addresses, thus allowing other hosts  to
              connect.   The  argument may be ``no'' to force remote port for-
              wardings to be available to the  local  host  only,  ``yes''  to
              force  remote  port forwardings to bind to the wildcard address,
              or ``clientspecified'' to allow the client to select the address
              to which the forwarding is bound.  The default is ``no''.

       GSSAPIAuthentication
              Specifies   whether  user  authentication  based  on  GSSAPI  is
              allowed.  The default is ``no''.

       GSSAPICleanupCredentials
              Specifies whether to automatically destroy  the  user's  creden-
              tials cache on logout.  The default is ``yes''.

       GSSAPIStrictAcceptorCheck
              Determines whether to be strict about the identity of the GSSAPI
              acceptor a client authenticates against.  If set to ``yes'' then
              the  client  must  authenticate  against the host service on the
              current hostname.  If set to ``no'' then the client may  authen-
              ticate  against  any service key stored in the machine's default
              store.  This facility is provided to assist  with  operation  on
              multi homed machines.  The default is ``yes''.

       HostbasedAcceptedKeyTypes
              Specifies  the  key  types  that  will be accepted for hostbased
              authentication as a comma-separated pattern  list.   Alternately
              if  the  specified  value  begins with a `+' character, then the
              specified key types will be appended to the default set  instead
              of replacing them.  The default for this option is:

              ecdsa-sha2-nistp256-cert-v01@openssh.com,
              ecdsa-sha2-nistp384-cert-v01@openssh.com,
              ecdsa-sha2-nistp521-cert-v01@openssh.com,
              ssh-ed25519-cert-v01@openssh.com,
              ssh-rsa-cert-v01@openssh.com,
              ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
              ssh-ed25519,ssh-rsa

              The -Q option of ssh(1) may be used to list supported key types.

       HostbasedAuthentication
              Specifies  whether  rhosts  or  /etc/hosts.equiv  authentication
              together  with  successful public key client host authentication
              is allowed (host-based authentication).  The default is  ``no''.

       HostbasedUsesNameFromPacketOnly
              Specifies  whether  or  not the server will attempt to perform a
              reverse name lookup when matching the  name  in  the  ~/.shosts,
              ~/.rhosts,  and /etc/hosts.equiv files during HostbasedAuthenti-
              cation.  A setting of ``yes'' means that sshd(8) uses  the  name
              supplied  by  the  client  rather than attempting to resolve the
              name from the TCP connection itself.  The default is ``no''.

       HostCertificate
              Specifies a file containing a public host certificate.  The cer-
              tificate's  public  key  must  match  a private host key already
              specified by HostKey.  The default behaviour of sshd(8)  is  not
              to load any certificates.

       HostKey
              Specifies a file containing a private host key used by SSH.  The
              default is /etc/ssh/ssh_host_key for  protocol  version  1,  and
              /etc/ssh/ssh_host_dsa_key,          /etc/ssh/ssh_host_ecdsa_key,
              /etc/ssh/ssh_host_ed25519_key and /etc/ssh/ssh_host_rsa_key  for
              protocol version 2.

              Note   that  sshd(8)  will  refuse  to  use  a  file  if  it  is
              group/world-accessible and  that  the  HostKeyAlgorithms  option
              restricts which of the keys are actually used by sshd(8).

              It  is  possible to have multiple host key files.  ``rsa1'' keys
              are used for version 1 and ``dsa'',  ``ecdsa'',  ``ed25519''  or
              ``rsa''  are used for version 2 of the SSH protocol.  It is also
              possible to specify public host key files instead.  In this case
              operations  on  the  private  key  will  be delegated to an ssh-
              agent(1).

       HostKeyAgent
              Identifies the UNIX-domain socket used to  communicate  with  an
              agent  that  has access to the private host keys.  If the string
              ``SSH_AUTH_SOCK'' is specified, the location of the socket  will
              be read from the SSH_AUTH_SOCK environment variable.

       HostKeyAlgorithms
              Specifies  the  host key algorithms that the server offers.  The
              default for this option is:

              ecdsa-sha2-nistp256-cert-v01@openssh.com,
              ecdsa-sha2-nistp384-cert-v01@openssh.com,
              ecdsa-sha2-nistp521-cert-v01@openssh.com,
              ssh-ed25519-cert-v01@openssh.com,
              ssh-rsa-cert-v01@openssh.com,
              ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
              ssh-ed25519,ssh-rsa

              The list of available key types may also be obtained  using  the
              -Q option of ssh(1) with an argument of ``key''.

       IgnoreRhosts
              Specifies  that  .rhosts  and  .shosts files will not be used in
              RhostsRSAAuthentication or HostbasedAuthentication.

              /etc/hosts.equiv and /etc/ssh/shosts.equiv are still used.   The
              default is ``yes''.

       IgnoreUserKnownHosts
              Specifies    whether    sshd(8)   should   ignore   the   user's
              ~/.ssh/known_hosts  during  RhostsRSAAuthentication   or   Host-
              basedAuthentication.  The default is ``no''.

       IPQoS  Specifies the IPv4 type-of-service or DSCP class for the connec-
              tion.   Accepted  values  are  ``af11'',   ``af12'',   ``af13'',
              ``af21'',  ``af22'',  ``af23'',  ``af31'',  ``af32'',  ``af33'',
              ``af41'',  ``af42'',  ``af43'',   ``cs0'',   ``cs1'',   ``cs2'',
              ``cs3'',  ``cs4'',  ``cs5'',  ``cs6'', ``cs7'', ``ef'', ``lowde-
              lay'', ``throughput'',  ``reliability'',  or  a  numeric  value.
              This  option  may take one or two arguments, separated by white-
              space.  If one argument is specified, it is used as  the  packet
              class  unconditionally.   If two values are specified, the first
              is automatically selected for interactive sessions and the  sec-
              ond  for  non-interactive sessions.  The default is ``lowdelay''
              for interactive sessions and ``throughput'' for  non-interactive
              sessions.

       KbdInteractiveAuthentication
              Specifies  whether to allow keyboard-interactive authentication.
              The argument to this keyword must be  ``yes''  or  ``no''.   The
              default is to use whatever value ChallengeResponseAuthentication
              is set to (by default ``yes )''.

       KerberosAuthentication
              Specifies whether the password provided by the user for Passwor-
              dAuthentication  will be validated through the Kerberos KDC.  To
              use this option, the  server  needs  a  Kerberos  servtab  which
              allows  the  verification of the KDC's identity.  The default is
              ``no''.

       KerberosGetAFSToken
              If AFS is active and the user has a Kerberos 5 TGT,  attempt  to
              acquire an AFS token before accessing the user's home directory.
              The default is ``no''.

       KerberosOrLocalPasswd
              If password authentication through Kerberos fails then the pass-
              word  will  be validated via any additional local mechanism such
              as /etc/passwd.  The default is ``yes''.

       KerberosTicketCleanup
              Specifies whether to automatically  destroy  the  user's  ticket
              cache file on logout.  The default is ``yes''.

       KexAlgorithms
              Specifies the available KEX (Key Exchange) algorithms.  Multiple
              algorithms must be comma-separated.  Alternately if  the  speci-
              fied value begins with a `+' character, then the specified meth-
              ods will be appended to the default  set  instead  of  replacing
              them.  The supported algorithms are:

              curve25519-sha256@libssh.org

              diffie-hellman-group1-sha1

              diffie-hellman-group14-sha1

              diffie-hellman-group-exchange-sha1

              diffie-hellman-group-exchange-sha256

              ecdh-sha2-nistp256

              ecdh-sha2-nistp384

              ecdh-sha2-nistp521

              The default is:

              curve25519-sha256@libssh.org,
              ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
              diffie-hellman-group-exchange-sha256,
              diffie-hellman-group14-sha1

              The  list  of  available  key  exchange  algorithms  may also be
              obtained using the -Q option  of  ssh(1)  with  an  argument  of
              ``kex''.

       KeyRegenerationInterval
              In protocol version 1, the ephemeral server key is automatically
              regenerated after this many seconds (if it has been used).   The
              purpose  of  regeneration is to prevent decrypting captured ses-
              sions by later breaking into the machine and stealing the  keys.
              The key is never stored anywhere.  If the value is 0, the key is
              never regenerated.  The default is 3600 (seconds).

       ListenAddress
              Specifies the local addresses sshd(8)  should  listen  on.   The
              following forms may be used:

              ListenAddress host | ArIPv4_addr|IPv6_addr

              ListenAddress host | ArIPv4_addr:port

              ListenAddress [host | ArIPv6_addr]:port

              If  port  is  not specified, sshd will listen on the address and
              all Port options specified.  The default is  to  listen  on  all
              local  addresses.  Multiple ListenAddress options are permitted.

       LoginGraceTime
              The server disconnects after this time if the user has not  suc-
              cessfully logged in.  If the value is 0, there is no time limit.
              The default is 120 seconds.

       LogLevel
              Gives the verbosity level that is  used  when  logging  messages
              from  sshd(8).   The  possible  values are: QUIET, FATAL, ERROR,
              INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.   The  default
              is  INFO.   DEBUG  and DEBUG1 are equivalent.  DEBUG2 and DEBUG3
              each specify higher levels of debugging output.  Logging with  a
              DEBUG  level  violates  the  privacy  of users and is not recom-
              mended.

       MACs   Specifies the available MAC (message authentication code)  algo-
              rithms.   The  MAC  algorithm is used for data integrity protec-
              tion.  Multiple algorithms  must  be  comma-separated.   If  the
              specified  value begins with a `+' character, then the specified
              algorithms will be  appended  to  the  default  set  instead  of
              replacing them.

              The  algorithms  that  contain  ``-etm'' calculate the MAC after
              encryption (encrypt-then-mac).  These are considered  safer  and
              their use recommended.  The supported MACs are:

              hmac-md5

              hmac-md5-96

              hmac-ripemd160

              hmac-sha1

              hmac-sha1-96

              hmac-sha2-256

              hmac-sha2-512

              umac-64@openssh.com

              umac-128@openssh.com

              hmac-md5-etm@openssh.com

              hmac-md5-96-etm@openssh.com

              hmac-ripemd160-etm@openssh.com

              hmac-sha1-etm@openssh.com

              hmac-sha1-96-etm@openssh.com

              hmac-sha2-256-etm@openssh.com

              hmac-sha2-512-etm@openssh.com

              umac-64-etm@openssh.com

              umac-128-etm@openssh.com

              The default is:

              umac-64-etm@openssh.com,umac-128-etm@openssh.com,
              hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,
              hmac-sha1-etm@openssh.com,
              umac-64@openssh.com,umac-128@openssh.com,
              hmac-sha2-256,hmac-sha2-512,hmac-sha1

              The  list of available MAC algorithms may also be obtained using
              the -Q option of ssh(1) with an argument of ``mac''.

       Match  Introduces a conditional block.  If all of the criteria  on  the
              Match  line  are  satisfied, the keywords on the following lines
              override those set in the global section  of  the  config  file,
              until  either  another  Match line or the end of the file.  If a
              keyword appears in multiple Match  blocks  that  are  satisfied,
              only the first instance of the keyword is applied.

              The arguments to Match are one or more criteria-pattern pairs or
              the single token All which matches all criteria.  The  available
              criteria  are  User,  Group,  Host, LocalAddress, LocalPort, and
              Address.  The match patterns may consist of  single  entries  or
              comma-separated  lists  and  may  use  the wildcard and negation
              operators described in the PATTERNS section of ssh_config(5).

              The patterns in an Address  criteria  may  additionally  contain
              addresses   to   match  in  CIDR  address/masklen  format,  e.g.
              ``192.0.2.0/24'' or  ``3ffe:ffff::/32''.   Note  that  the  mask
              length  provided  must be consistent with the address - it is an
              error to specify a mask length that is too long for the  address
              or  one  with bits set in this host portion of the address.  For
              example, ``192.0.2.0/33'' and ``192.0.2.0/8'' respectively.

              Only a subset of keywords may be used on the lines  following  a
              Match keyword.  Available keywords are AcceptEnv, AllowAgentFor-
              warding, AllowGroups,  AllowStreamLocalForwarding,  AllowTcpFor-
              warding,  AllowUsers,  AuthenticationMethods, AuthorizedKeysCom-
              mand, AuthorizedKeysCommandUser, AuthorizedKeysFile, Authorized-
              PrincipalsCommand,  AuthorizedPrincipalsCommandUser, Authorized-
              PrincipalsFile, Banner, ChrootDirectory, DenyGroups,  DenyUsers,
              ForceCommand,  GatewayPorts,  GSSAPIAuthentication, HostbasedAc-
              ceptedKeyTypes,   HostbasedAuthentication,    HostbasedUsesName-
              FromPacketOnly,    IPQoS,   KbdInteractiveAuthentication,   Ker-
              berosAuthentication, MaxAuthTries, MaxSessions,  PasswordAuthen-
              tication,   PermitEmptyPasswords,  PermitOpen,  PermitRootLogin,
              PermitTTY, PermitTunnel,  PermitUserRC,  PubkeyAcceptedKeyTypes,
              PubkeyAuthentication,  RekeyLimit, RevokedKeys, RhostsRSAAuthen-
              tication, RSAAuthentication,  StreamLocalBindMask,  StreamLocal-
              BindUnlink,  TrustedUserCAKeys,  X11DisplayOffset, X11Forwarding
              and X11UseLocalHost.

       MaxAuthTries
              Specifies the maximum number of authentication attempts  permit-
              ted  per  connection.   Once the number of failures reaches half
              this value, additional failures are logged.  The default is 6.

       MaxSessions
              Specifies the maximum number of open shell, login  or  subsystem
              (e.g. sftp) sessions permitted per network connection.  Multiple
              sessions may be established by clients that  support  connection
              multiplexing.  Setting MaxSessions to 1 will effectively disable
              session multiplexing, whereas setting it to 0 will  prevent  all
              shell,  login and subsystem sessions while still permitting for-
              warding.  The default is 10.

       MaxStartups
              Specifies the maximum number of concurrent unauthenticated  con-
              nections  to  the  SSH  daemon.   Additional connections will be
              dropped until  authentication  succeeds  or  the  LoginGraceTime
              expires for a connection.  The default is 10:30:100.

              Alternatively,  random  early  drop can be enabled by specifying
              the  three  colon  separated  values  ``start:rate:full''  (e.g.
              "10:30:60").   sshd(8)  will  refuse  connection attempts with a
              probability  of  ``rate/100''  (30%)  if  there  are   currently
              ``start''  (10)  unauthenticated  connections.   The probability
              increases linearly and all connection attempts  are  refused  if
              the number of unauthenticated connections reaches ``full'' (60).

       PasswordAuthentication
              Specifies  whether  password  authentication  is  allowed.   The
              default is ``yes''.

       PermitEmptyPasswords
              When  password  authentication  is allowed, it specifies whether
              the server allows login to accounts with empty password strings.
              The default is ``no''.

       PermitOpen
              Specifies  the destinations to which TCP port forwarding is per-
              mitted.  The forwarding specification must be one of the follow-
              ing forms:

              PermitOpen host:port

              PermitOpen IPv4_addr:port

              PermitOpen [IPv6_addr]:port

              Multiple  forwards  may  be  specified  by  separating them with
              whitespace.  An argument of ``any'' can be used  to  remove  all
              restrictions and permit any forwarding requests.  An argument of
              ``none'' can be used to prohibit all forwarding  requests.   The
              wildcard  ``*''  can be used for host or port to allow all hosts
              or ports, respectively.  By default all port forwarding requests
              are permitted.

       PermitRootLogin
              Specifies  whether  root  can log in using ssh(1).  The argument
              must be  ``yes'',  ``prohibit-password'',  ``without-password'',
              ``forced-commands-only'', or ``no''.  The default is ``prohibit-
              password''.

              If this option is set  to  ``prohibit-password''  or  ``without-
              password'', password and keyboard-interactive authentication are
              disabled for root.

              If this option is set to  ``forced-commands-only'',  root  login
              with  public key authentication will be allowed, but only if the
              command option has been specified (which may be useful for  tak-
              ing  remote backups even if root login is normally not allowed).
              All other authentication methods are disabled for root.

              If this option is set to ``no'', root is not allowed to log  in.

       PermitTunnel
              Specifies  whether  tun(4)  device  forwarding  is allowed.  The
              argument must be ``yes'', ``point-to-point'' (layer 3), ``ether-
              net''  (layer  2),  or  ``no''.  Specifying ``yes'' permits both
              ``point-to-point'' and ``ethernet''.  The default is ``no''.

              Independent of this setting, the  permissions  of  the  selected
              tun(4) device must allow access to the user.

       PermitTTY
              Specifies  whether  pty(4) allocation is permitted.  The default
              is ``yes''.

       PermitUserEnvironment
              Specifies whether ~/.ssh/environment and environment= options in
              ~/.ssh/authorized_keys are processed by sshd(8).  The default is
              ``no''.  Enabling environment processing  may  enable  users  to
              bypass  access  restrictions in some configurations using mecha-
              nisms such as LD_PRELOAD.

       PermitUserRC
              Specifies whether any ~/.ssh/rc file is executed.   The  default
              is ``yes''.

       PidFile
              Specifies  the file that contains the process ID of the SSH dae-
              mon,  or  ``none''  to  not   write   one.    The   default   is
              /etc/sshd.pid.

       Port   Specifies  the port number that sshd(8) listens on.  The default
              is 22.  Multiple options of this type are permitted.   See  also
              ListenAddress.

       PrintLastLog
              Specifies  whether sshd(8) should print the date and time of the
              last user login when a user logs in interactively.  The  default
              is ``yes''.

       PrintMotd
              Specifies  whether  sshd(8)  should  print /etc/motd when a user
              logs in interactively.  (On some systems it is also  printed  by
              the   shell,  /etc/profile,  or  equivalent.)   The  default  is
              ``yes''.

       Protocol
              Specifies the protocol versions sshd(8) supports.  The  possible
              values  are  `1' and `2'.  Multiple versions must be comma-sepa-
              rated.  The default is `2'.  Protocol 1 suffers from a number of
              cryptographic  weaknesses  and  should  not be used.  It is only
              offered to support legacy devices.

              Note that the order of the protocol list does not indicate pref-
              erence,  because the client selects among multiple protocol ver-
              sions offered by the server.  Specifying ``2,1'' is identical to
              ``1,2''.

       PubkeyAcceptedKeyTypes
              Specifies  the  key  types  that will be accepted for public key
              authentication as a comma-separated pattern  list.   Alternately
              if  the  specified  value  begins with a `+' character, then the
              specified key types will be appended to the default set  instead
              of replacing them.  The default for this option is:

              ecdsa-sha2-nistp256-cert-v01@openssh.com,
              ecdsa-sha2-nistp384-cert-v01@openssh.com,
              ecdsa-sha2-nistp521-cert-v01@openssh.com,
              ssh-ed25519-cert-v01@openssh.com,
              ssh-rsa-cert-v01@openssh.com,
              ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
              ssh-ed25519,ssh-rsa

              The -Q option of ssh(1) may be used to list supported key types.

       PubkeyAuthentication
              Specifies whether public key  authentication  is  allowed.   The
              default is ``yes''.

       RekeyLimit
              Specifies  the  maximum  amount  of data that may be transmitted
              before the session key is renegotiated,  optionally  followed  a
              maximum  amount  of time that may pass before the session key is
              renegotiated.  The first argument is specified in bytes and  may
              have  a  suffix  of  `K',  `M',  or  `G'  to indicate Kilobytes,
              Megabytes, or Gigabytes, respectively.  The default  is  between
              `1G'  and  `4G',  depending  on the cipher.  The optional second
              value is specified in seconds and may use any of the units docu-
              mented  in  the  TIME  FORMATS  section.   The default value for
              RekeyLimit is ``default none'', which  means  that  rekeying  is
              performed  after  the  cipher's  default amount of data has been
              sent or received and no time based rekeying is done.

       RevokedKeys
              Specifies revoked public keys file, or ``none'' to not use  one.
              Keys  listed in this file will be refused for public key authen-
              tication.  Note that if this file is not readable,  then  public
              key  authentication  will be refused for all users.  Keys may be
              specified as a text file, listing one public key per line, or as
              an  OpenSSH  Key  Revocation List (KRL) as generated by ssh-key-
              gen(1).  For more information on KRLs, see  the  KEY  REVOCATION
              LISTS section in ssh-keygen(1).

       RhostsRSAAuthentication
              Specifies  whether  rhosts  or  /etc/hosts.equiv  authentication
              together with successful RSA  host  authentication  is  allowed.
              The  default is ``no''.  This option applies to protocol version
              1 only.

       RSAAuthentication
              Specifies whether  pure  RSA  authentication  is  allowed.   The
              default  is  ``yes''.  This option applies to protocol version 1
              only.

       ServerKeyBits
              Defines the number of bits in the ephemeral protocol  version  1
              server key.  The default and minimum value is 1024.

       StreamLocalBindMask
              Sets  the octal file creation mode mask (umask) used when creat-
              ing a Unix-domain socket file for local or remote port  forward-
              ing.   This  option  is only used for port forwarding to a Unix-
              domain socket file.

              The default value is 0177, which creates  a  Unix-domain  socket
              file that is readable and writable only by the owner.  Note that
              not all operating systems honor the  file  mode  on  Unix-domain
              socket files.

       StreamLocalBindUnlink
              Specifies  whether to remove an existing Unix-domain socket file
              for local or remote port forwarding before creating a  new  one.
              If  the  socket file already exists and StreamLocalBindUnlink is
              not enabled, sshd will be unable to  forward  the  port  to  the
              Unix-domain socket file.  This option is only used for port for-
              warding to a Unix-domain socket file.

              The argument must be ``yes'' or ``no''.  The default is  ``no''.

       StrictModes
              Specifies  whether sshd(8) should check file modes and ownership
              of the user's files and home directory before  accepting  login.
              This  is  normally  desirable because novices sometimes acciden-
              tally  leave  their  directory  or  files  world-writable.   The
              default  is ``yes''.  Note that this does not apply to ChrootDi-
              rectory, whose permissions and ownership  are  checked  uncondi-
              tionally.

       Subsystem
              Configures  an  external  subsystem (e.g. file transfer daemon).
              Arguments should  be  a  subsystem  name  and  a  command  (with
              optional arguments) to execute upon subsystem request.

              The command sftp-server(8) implements the ``sftp'' file transfer
              subsystem.

              Alternately the name ``internal-sftp'' implements an  in-process
              ``sftp'' server.  This may simplify configurations using Chroot-
              Directory to force a different filesystem root on clients.

              By default no subsystems are defined.

       SyslogFacility
              Gives the facility code that is used when logging messages  from
              sshd(8).   The  possible values are: DAEMON, USER, AUTH, LOCAL0,
              LOCAL1, LOCAL2, LOCAL3, LOCAL4,  LOCAL5,  LOCAL6,  LOCAL7.   The
              default is AUTH.

       TCPKeepAlive
              Specifies  whether the system should send TCP keepalive messages
              to the other side.  If they are sent, death of the connection or
              crash of one of the machines will be properly noticed.  However,
              this means that connections will die if the route is down tempo-
              rarily, and some people find it annoying.  On the other hand, if
              TCP keepalives are not sent, sessions may hang  indefinitely  on
              the   server,  leaving  ``ghost''  users  and  consuming  server
              resources.

              The default is ``yes'' (to send TCP keepalive messages), and the
              server  will  notice if the network goes down or the client host
              crashes.  This avoids infinitely hanging sessions.

              To disable TCP keepalive messages, the value should  be  set  to
              ``no''.

       TrustedUserCAKeys
              Specifies  a file containing public keys of certificate authori-
              ties that are trusted to sign user certificates for  authentica-
              tion, or ``none'' to not use one.  Keys are listed one per line;
              empty lines and comments starting with `#' are  allowed.   If  a
              certificate  is presented for authentication and has its signing
              CA key listed in this file, then it may be used for  authentica-
              tion  for  any user listed in the certificate's principals list.
              Note that certificates that lack a list of principals  will  not
              be  permitted  for  authentication using TrustedUserCAKeys.  For
              more details on certificates, see the  CERTIFICATES  section  in
              ssh-keygen(1).

       UseDNS Specifies  whether  sshd(8) should look up the remote host name,
              and to check that the resolved  host  name  for  the  remote  IP
              address maps back to the very same IP address.

              If  this  option  is  set  to  ``no''  (the  default)  then only
              addresses and not  host  names  may  be  used  in  ~/.ssh/autho-
              rized_keys from and sshd_config Match Host directives.

       UseLogin
              Specifies  whether  login(1)  is used for interactive login ses-
              sions.  The default is ``no''.  Note that login(1) is never used
              for  remote  command  execution.   Note  also,  that  if this is
              enabled, X11Forwarding will be disabled  because  login(1)  does
              not know how to handle xauth(1) cookies.  If UsePrivilegeSepara-
              tion is specified, it will be disabled after authentication.

       UsePAM Enables the Pluggable Authentication Module interface.   If  set
              to  ``yes''  this  will enable PAM authentication using Challen-
              geResponseAuthentication and PasswordAuthentication in  addition
              to PAM account and session module processing for all authentica-
              tion types.

              Because PAM challenge-response authentication usually serves  an
              equivalent  role  to password authentication, you should disable
              either  PasswordAuthentication  or  ChallengeResponseAuthentica-
              tion.

              If  UsePAM  is enabled, you will not be able to run sshd(8) as a
              non-root user.  The default is ``no''.

       UsePrivilegeSeparation
              Specifies whether sshd(8) separates privileges  by  creating  an
              unprivileged  child  process to deal with incoming network traf-
              fic.  After successful authentication, another process  will  be
              created  that  has the privilege of the authenticated user.  The
              goal of privilege separation is to prevent privilege  escalation
              by  containing any corruption within the unprivileged processes.
              The argument  must  be  ``yes'',  ``no'',  or  ``sandbox''.   If
              UsePrivilegeSeparation  is  set  to  ``sandbox''  then  the pre-
              authentication unprivileged process  is  subject  to  additional
              restrictions.  The default is ``sandbox''.

       VersionAddendum
              Optionally specifies additional text to append to the SSH proto-
              col banner sent by the server upon connection.  The  default  is
              ``none''.

       X11DisplayOffset
              Specifies  the  first  display number available for sshd(8)Ns 's
              X11 forwarding.  This prevents sshd from interfering  with  real
              X11 servers.  The default is 10.

       X11Forwarding
              Specifies  whether  X11  forwarding  is permitted.  The argument
              must be ``yes'' or ``no''.  The default is ``no''.

              When X11 forwarding is enabled, there may be additional exposure
              to  the  server and to client displays if the sshd(8) proxy dis-
              play is configured  to  listen  on  the  wildcard  address  (see
              X11UseLocalhost  below),  though this is not the default.  Addi-
              tionally, the authentication spoofing  and  authentication  data
              verification  and  substitution  occur  on the client side.  The
              security risk of using X11 forwarding is that the  client's  X11
              display  server  may  be  exposed  to attack when the SSH client
              requests forwarding (see the warnings for ForwardX11 in ssh_con-
              fig(5))  .   A  system  administrator may have a stance in which
              they want to protect  clients  that  may  expose  themselves  to
              attack  by unwittingly requesting X11 forwarding, which can war-
              rant a ``no'' setting.

              Note that disabling X11 forwarding does not prevent  users  from
              forwarding  X11  traffic,  as users can always install their own
              forwarders.  X11 forwarding is automatically disabled if  UseLo-
              gin is enabled.

       X11UseLocalhost
              Specifies  whether sshd(8) should bind the X11 forwarding server
              to the loopback address or to the wildcard address.  By default,
              sshd  binds  the  forwarding  server to the loopback address and
              sets the hostname part of the DISPLAY  environment  variable  to
              ``localhost''.   This  prevents  remote hosts from connecting to
              the proxy display.  However, some  older  X11  clients  may  not
              function with this configuration.  X11UseLocalhost may be set to
              ``no'' to specify that the forwarding server should be bound  to
              the  wildcard  address.  The argument must be ``yes'' or ``no''.
              The default is ``yes''.

       XAuthLocation
              Specifies the full pathname of the xauth(1) program, or ``none''
              to not use one.  The default is /usr/bin/X11/xauth.


TIME FORMATS

       sshd(8)  command-line  arguments  and  configuration  file options that
       specify time may be expressed using a sequence of the form: time[quali-
       fier,]  where  time is a positive integer value and qualifier is one of
       the following:

       <none> seconds

       s | S  seconds

       m | M  minutes

       h | H  hours

       d | D  days

       w | W  weeks

              Each member of the sequence is added together to  calculate  the
              total time value.

              Time format examples:

       600    600 seconds (10 minutes)

       10m    10 minutes

       1h30m  1 hour 30 minutes (90 minutes)


FILES

       /etc/ssh/sshd_config
              Contains  configuration  data  for sshd(8).  This file should be
              writable by root only, but it is recommended (though not  neces-
              sary) that it be world-readable.


SEE ALSO

       sshd(8)


AUTHORS

       OpenSSH  is a derivative of the original and free ssh 1.2.12 release by
       Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus  Friedl,  Niels  Provos,
       Theo  de  Raadt and Dug Song removed many bugs, re-added newer features
       and created OpenSSH.  Markus Friedl contributed  the  support  for  SSH
       protocol versions 1.5 and 2.0.  Niels Provos and Markus Friedl contrib-
       uted support for privilege separation.

                                 July 19 2016                   SSHD_CONFIG(5)

Man(1) output converted with man2html