diff options
Diffstat (limited to 'crypto/openssh/sshd_config.5')
-rw-r--r-- | crypto/openssh/sshd_config.5 | 962 |
1 files changed, 0 insertions, 962 deletions
diff --git a/crypto/openssh/sshd_config.5 b/crypto/openssh/sshd_config.5 deleted file mode 100644 index 2bcaf22..0000000 --- a/crypto/openssh/sshd_config.5 +++ /dev/null @@ -1,962 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Author: Tatu Ylonen <ylo@cs.hut.fi> -.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland -.\" All rights reserved -.\" -.\" As far as I am concerned, the code I have written for this software -.\" can be used freely for any purpose. Any derived versions of this -.\" software must be clearly marked as such, and if the derived work is -.\" incompatible with the protocol description in the RFC file, it must be -.\" called by a name other than "ssh" or "Secure Shell". -.\" -.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. -.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. -.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $OpenBSD: sshd_config.5,v 1.70 2006/08/21 08:14:01 dtucker Exp $ -.Dd September 25, 1999 -.Dt SSHD_CONFIG 5 -.Os -.Sh NAME -.Nm sshd_config -.Nd OpenSSH SSH daemon configuration file -.Sh SYNOPSIS -.Bl -tag -width Ds -compact -.It Pa /etc/ssh/sshd_config -.El -.Sh DESCRIPTION -.Xr sshd 8 -reads configuration data from -.Pa /etc/ssh/sshd_config -(or the file specified with -.Fl f -on the command line). -The file contains keyword-argument pairs, one per line. -Lines starting with -.Ql # -and empty lines are interpreted as comments. -Arguments may optionally be enclosed in double quotes -.Pq \&" -in order to represent arguments containing spaces. -.Pp -The possible -keywords and their meanings are as follows (note that -keywords are case-insensitive and arguments are case-sensitive): -.Bl -tag -width Ds -.It Cm AcceptEnv -Specifies what environment variables sent by the client will be copied into -the session's -.Xr environ 7 . -See -.Cm SendEnv -in -.Xr ssh_config 5 -for how to configure the client. -Note that environment passing is only supported for protocol 2. -Variables are specified by name, which may contain the wildcard characters -.Ql * -and -.Ql \&? . -Multiple environment variables may be separated by whitespace or spread -across multiple -.Cm AcceptEnv -directives. -Be warned that some environment variables could be used to bypass restricted -user environments. -For this reason, care should be taken in the use of this directive. -The default is not to accept any environment variables. -.It Cm AddressFamily -Specifies which address family should be used by -.Xr sshd 8 . -Valid arguments are -.Dq any , -.Dq inet -(use IPv4 only), or -.Dq inet6 -(use IPv6 only). -The default is -.Dq any . -.It Cm AllowGroups -This keyword can be followed by a list of group name patterns, separated -by spaces. -If specified, login is allowed only for users whose primary -group or supplementary group list matches one of the patterns. -Only group names are valid; a numerical group ID is not recognized. -By default, login is allowed for all groups. -The allow/deny directives are processed in the following order: -.Cm DenyUsers , -.Cm AllowUsers , -.Cm DenyGroups , -and finally -.Cm AllowGroups . -.Pp -See -.Sx PATTERNS -in -.Xr ssh_config 5 -for more information on patterns. -.It Cm AllowTcpForwarding -Specifies whether TCP forwarding is permitted. -The default is -.Dq yes . -Note that disabling TCP forwarding does not improve security unless -users are also denied shell access, as they can always install their -own forwarders. -.It Cm AllowUsers -This keyword can be followed by a list of user name patterns, separated -by spaces. -If specified, login is allowed only for user names that -match one of the patterns. -Only user names are valid; a numerical user ID is not recognized. -By default, login is allowed for all users. -If the pattern takes the form USER@HOST then USER and HOST -are separately checked, restricting logins to particular -users from particular hosts. -The allow/deny directives are processed in the following order: -.Cm DenyUsers , -.Cm AllowUsers , -.Cm DenyGroups , -and finally -.Cm AllowGroups . -.Pp -See -.Sx PATTERNS -in -.Xr ssh_config 5 -for more information on patterns. -.It Cm AuthorizedKeysFile -Specifies the file that contains the public keys that can be used -for user authentication. -.Cm AuthorizedKeysFile -may contain tokens of the form %T which are substituted during connection -setup. -The following tokens are defined: %% is replaced by a literal '%', -%h is replaced by the home directory of the user being authenticated, and -%u is replaced by the username of that user. -After expansion, -.Cm AuthorizedKeysFile -is taken to be an absolute path or one relative to the user's home -directory. -The default is -.Dq .ssh/authorized_keys . -.It Cm Banner -In some jurisdictions, sending a warning message before authentication -may be relevant for getting legal protection. -The contents of the specified file are sent to the remote user before -authentication is allowed. -This option is only available for protocol version 2. -By default, no banner is displayed. -.It Cm ChallengeResponseAuthentication -Specifies whether challenge-response authentication is allowed. -All authentication styles from -.Xr login.conf 5 -are supported. -The default is -.Dq yes . -.It Cm Ciphers -Specifies the ciphers allowed for protocol version 2. -Multiple ciphers must be comma-separated. -The supported ciphers are -.Dq 3des-cbc , -.Dq aes128-cbc , -.Dq aes192-cbc , -.Dq aes256-cbc , -.Dq aes128-ctr , -.Dq aes192-ctr , -.Dq aes256-ctr , -.Dq arcfour128 , -.Dq arcfour256 , -.Dq arcfour , -.Dq blowfish-cbc , -and -.Dq cast128-cbc . -The default is: -.Bd -literal -offset 3n -aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, -arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, -aes192-ctr,aes256-ctr -.Ed -.It Cm ClientAliveCountMax -Sets the number of client alive messages (see below) which may be -sent without -.Xr sshd 8 -receiving any messages back from the client. -If this threshold is reached while client alive messages are being sent, -sshd will disconnect the client, terminating the session. -It is important to note that the use of client alive messages is very -different from -.Cm TCPKeepAlive -(below). -The client alive messages are sent through the encrypted channel -and therefore will not be spoofable. -The TCP keepalive option enabled by -.Cm TCPKeepAlive -is spoofable. -The client alive mechanism is valuable when the client or -server depend on knowing when a connection has become inactive. -.Pp -The default value is 3. -If -.Cm ClientAliveInterval -(see below) is set to 15, and -.Cm ClientAliveCountMax -is left at the default, unresponsive SSH clients -will be disconnected after approximately 45 seconds. -This option applies to protocol version 2 only. -.It Cm ClientAliveInterval -Sets a timeout interval in seconds after which if no data has been received -from the client, -.Xr sshd 8 -will send a message through the encrypted -channel to request a response from the client. -The default -is 0, indicating that these messages will not be sent to the client. -This option applies to protocol version 2 only. -.It Cm Compression -Specifies whether compression is allowed, or delayed until -the user has authenticated successfully. -The argument must be -.Dq yes , -.Dq delayed , -or -.Dq no . -The default is -.Dq delayed . -.It Cm DenyGroups -This keyword can be followed by a list of group name patterns, separated -by spaces. -Login is disallowed for users whose primary group or supplementary -group list matches one of the patterns. -Only group names are valid; a numerical group ID is not recognized. -By default, login is allowed for all groups. -The allow/deny directives are processed in the following order: -.Cm DenyUsers , -.Cm AllowUsers , -.Cm DenyGroups , -and finally -.Cm AllowGroups . -.Pp -See -.Sx PATTERNS -in -.Xr ssh_config 5 -for more information on patterns. -.It Cm DenyUsers -This keyword can be followed by a list of user name patterns, separated -by spaces. -Login is disallowed for user names that match one of the patterns. -Only user names are valid; a numerical user ID is not recognized. -By default, login is allowed for all users. -If the pattern takes the form USER@HOST then USER and HOST -are separately checked, restricting logins to particular -users from particular hosts. -The allow/deny directives are processed in the following order: -.Cm DenyUsers , -.Cm AllowUsers , -.Cm DenyGroups , -and finally -.Cm AllowGroups . -.Pp -See -.Sx PATTERNS -in -.Xr ssh_config 5 -for more information on patterns. -.It Cm ForceCommand -Forces the execution of the command specified by -.Cm ForceCommand , -ignoring any command supplied by the client. -The command is invoked by using the user's login shell with the -c option. -This applies to shell, command, or subsystem execution. -It is most useful inside a -.Cm Match -block. -The command originally supplied by the client is available in the -.Ev SSH_ORIGINAL_COMMAND -environment variable. -.It Cm GatewayPorts -Specifies whether remote hosts are allowed to connect to ports -forwarded for the client. -By default, -.Xr sshd 8 -binds remote port forwardings to the loopback address. -This prevents other remote hosts from connecting to forwarded ports. -.Cm GatewayPorts -can be used to specify that sshd -should allow remote port forwardings to bind to non-loopback addresses, thus -allowing other hosts to connect. -The argument may be -.Dq no -to force remote port forwardings to be available to the local host only, -.Dq yes -to force remote port forwardings to bind to the wildcard address, or -.Dq clientspecified -to allow the client to select the address to which the forwarding is bound. -The default is -.Dq no . -.It Cm GSSAPIAuthentication -Specifies whether user authentication based on GSSAPI is allowed. -The default is -.Dq no . -Note that this option applies to protocol version 2 only. -.It Cm GSSAPICleanupCredentials -Specifies whether to automatically destroy the user's credentials cache -on logout. -The default is -.Dq yes . -Note that this option applies to protocol version 2 only. -.It Cm HostbasedAuthentication -Specifies whether rhosts or /etc/hosts.equiv authentication together -with successful public key client host authentication is allowed -(host-based authentication). -This option is similar to -.Cm RhostsRSAAuthentication -and applies to protocol version 2 only. -The default is -.Dq no . -.It Cm HostbasedUsesNameFromPacketOnly -Specifies whether or not the server will attempt to perform a reverse -name lookup when matching the name in the -.Pa ~/.shosts , -.Pa ~/.rhosts , -and -.Pa /etc/hosts.equiv -files during -.Cm HostbasedAuthentication . -A setting of -.Dq yes -means that -.Xr sshd 8 -uses the name supplied by the client rather than -attempting to resolve the name from the TCP connection itself. -The default is -.Dq no . -.It Cm HostKey -Specifies a file containing a private host key -used by SSH. -The default is -.Pa /etc/ssh/ssh_host_key -for protocol version 1, and -.Pa /etc/ssh/ssh_host_rsa_key -and -.Pa /etc/ssh/ssh_host_dsa_key -for protocol version 2. -Note that -.Xr sshd 8 -will refuse to use a file if it is group/world-accessible. -It is possible to have multiple host key files. -.Dq rsa1 -keys are used for version 1 and -.Dq dsa -or -.Dq rsa -are used for version 2 of the SSH protocol. -.It Cm IgnoreRhosts -Specifies that -.Pa .rhosts -and -.Pa .shosts -files will not be used in -.Cm RhostsRSAAuthentication -or -.Cm HostbasedAuthentication . -.Pp -.Pa /etc/hosts.equiv -and -.Pa /etc/shosts.equiv -are still used. -The default is -.Dq yes . -.It Cm IgnoreUserKnownHosts -Specifies whether -.Xr sshd 8 -should ignore the user's -.Pa ~/.ssh/known_hosts -during -.Cm RhostsRSAAuthentication -or -.Cm HostbasedAuthentication . -The default is -.Dq no . -.It Cm KerberosAuthentication -Specifies whether the password provided by the user for -.Cm PasswordAuthentication -will be validated through the Kerberos KDC. -To use this option, the server needs a -Kerberos servtab which allows the verification of the KDC's identity. -The default is -.Dq no . -.It Cm KerberosGetAFSToken -If AFS is active and the user has a Kerberos 5 TGT, attempt to acquire -an AFS token before accessing the user's home directory. -The default is -.Dq no . -.It Cm KerberosOrLocalPasswd -If password authentication through Kerberos fails then -the password will be validated via any additional local mechanism -such as -.Pa /etc/passwd . -The default is -.Dq yes . -.It Cm KerberosTicketCleanup -Specifies whether to automatically destroy the user's ticket cache -file on logout. -The default is -.Dq yes . -.It Cm KeyRegenerationInterval -In protocol version 1, the ephemeral server key is automatically regenerated -after this many seconds (if it has been used). -The purpose of regeneration is to prevent -decrypting captured sessions by later breaking into the machine and -stealing the keys. -The key is never stored anywhere. -If the value is 0, the key is never regenerated. -The default is 3600 (seconds). -.It Cm ListenAddress -Specifies the local addresses -.Xr sshd 8 -should listen on. -The following forms may be used: -.Pp -.Bl -item -offset indent -compact -.It -.Cm ListenAddress -.Sm off -.Ar host No | Ar IPv4_addr No | Ar IPv6_addr -.Sm on -.It -.Cm ListenAddress -.Sm off -.Ar host No | Ar IPv4_addr No : Ar port -.Sm on -.It -.Cm ListenAddress -.Sm off -.Oo -.Ar host No | Ar IPv6_addr Oc : Ar port -.Sm on -.El -.Pp -If -.Ar port -is not specified, -sshd will listen on the address and all prior -.Cm Port -options specified. -The default is to listen on all local addresses. -Multiple -.Cm ListenAddress -options are permitted. -Additionally, any -.Cm Port -options must precede this option for non-port qualified addresses. -.It Cm LoginGraceTime -The server disconnects after this time if the user has not -successfully logged in. -If the value is 0, there is no time limit. -The default is 120 seconds. -.It Cm LogLevel -Gives the verbosity level that is used when logging messages from -.Xr sshd 8 . -The possible values are: -QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. -The default is INFO. -DEBUG and DEBUG1 are equivalent. -DEBUG2 and DEBUG3 each specify higher levels of debugging output. -Logging with a DEBUG level violates the privacy of users and is not recommended. -.It Cm MACs -Specifies the available MAC (message authentication code) algorithms. -The MAC algorithm is used in protocol version 2 -for data integrity protection. -Multiple algorithms must be comma-separated. -The default is: -.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 . -.It Cm Match -Introduces a conditional block. -If all of the criteria on the -.Cm Match -line are satisfied, the keywords on the following lines override those -set in the global section of the config file, until either another -.Cm Match -line or the end of the file. -The arguments to -.Cm Match -are one or more criteria-pattern pairs. -The available criteria are -.Cm User , -.Cm Group , -.Cm Host , -and -.Cm Address . -Only a subset of keywords may be used on the lines following a -.Cm Match -keyword. -Available keywords are -.Cm AllowTcpForwarding , -.Cm ForceCommand , -.Cm GatewayPorts , -.Cm PermitOpen , -.Cm X11DisplayOffset , -.Cm X11Forwarding , -and -.Cm X11UseLocalHost . -.It Cm MaxAuthTries -Specifies the maximum number of authentication attempts permitted per -connection. -Once the number of failures reaches half this value, -additional failures are logged. -The default is 6. -.It Cm MaxStartups -Specifies the maximum number of concurrent unauthenticated connections to the -SSH daemon. -Additional connections will be dropped until authentication succeeds or the -.Cm LoginGraceTime -expires for a connection. -The default is 10. -.Pp -Alternatively, random early drop can be enabled by specifying -the three colon separated values -.Dq start:rate:full -(e.g. "10:30:60"). -.Xr sshd 8 -will refuse connection attempts with a probability of -.Dq rate/100 -(30%) -if there are currently -.Dq start -(10) -unauthenticated connections. -The probability increases linearly and all connection attempts -are refused if the number of unauthenticated connections reaches -.Dq full -(60). -.It Cm PasswordAuthentication -Specifies whether password authentication is allowed. -The default is -.Dq yes . -.It Cm PermitEmptyPasswords -When password authentication is allowed, it specifies whether the -server allows login to accounts with empty password strings. -The default is -.Dq no . -.It Cm PermitOpen -Specifies the destinations to which TCP port forwarding is permitted. -The forwarding specification must be one of the following forms: -.Pp -.Bl -item -offset indent -compact -.It -.Cm PermitOpen -.Sm off -.Ar host : port -.Sm on -.It -.Cm PermitOpen -.Sm off -.Ar IPv4_addr : port -.Sm on -.It -.Cm PermitOpen -.Sm off -.Ar \&[ IPv6_addr \&] : port -.Sm on -.El -.Pp -Multiple forwards may be specified by separating them with whitespace. -An argument of -.Dq any -can be used to remove all restrictions and permit any forwarding requests. -By default all port forwarding requests are permitted. -.It Cm PermitRootLogin -Specifies whether root can log in using -.Xr ssh 1 . -The argument must be -.Dq yes , -.Dq without-password , -.Dq forced-commands-only , -or -.Dq no . -The default is -.Dq yes . -.Pp -If this option is set to -.Dq without-password , -password authentication is disabled for root. -.Pp -If this option is set to -.Dq forced-commands-only , -root login with public key authentication will be allowed, -but only if the -.Ar command -option has been specified -(which may be useful for taking remote backups even if root login is -normally not allowed). -All other authentication methods are disabled for root. -.Pp -If this option is set to -.Dq no , -root is not allowed to log in. -.It Cm PermitTunnel -Specifies whether -.Xr tun 4 -device forwarding is allowed. -The argument must be -.Dq yes , -.Dq point-to-point -(layer 3), -.Dq ethernet -(layer 2), or -.Dq no . -Specifying -.Dq yes -permits both -.Dq point-to-point -and -.Dq ethernet . -The default is -.Dq no . -.It Cm PermitUserEnvironment -Specifies whether -.Pa ~/.ssh/environment -and -.Cm environment= -options in -.Pa ~/.ssh/authorized_keys -are processed by -.Xr sshd 8 . -The default is -.Dq no . -Enabling environment processing may enable users to bypass access -restrictions in some configurations using mechanisms such as -.Ev LD_PRELOAD . -.It Cm PidFile -Specifies the file that contains the process ID of the -SSH daemon. -The default is -.Pa /var/run/sshd.pid . -.It Cm Port -Specifies the port number that -.Xr sshd 8 -listens on. -The default is 22. -Multiple options of this type are permitted. -See also -.Cm ListenAddress . -.It Cm PrintLastLog -Specifies whether -.Xr sshd 8 -should print the date and time of the last user login when a user logs -in interactively. -The default is -.Dq yes . -.It Cm PrintMotd -Specifies whether -.Xr sshd 8 -should print -.Pa /etc/motd -when a user logs in interactively. -(On some systems it is also printed by the shell, -.Pa /etc/profile , -or equivalent.) -The default is -.Dq yes . -.It Cm Protocol -Specifies the protocol versions -.Xr sshd 8 -supports. -The possible values are -.Sq 1 -and -.Sq 2 . -Multiple versions must be comma-separated. -The default is -.Dq 2,1 . -Note that the order of the protocol list does not indicate preference, -because the client selects among multiple protocol versions offered -by the server. -Specifying -.Dq 2,1 -is identical to -.Dq 1,2 . -.It Cm PubkeyAuthentication -Specifies whether public key authentication is allowed. -The default is -.Dq yes . -Note that this option applies to protocol version 2 only. -.It Cm RhostsRSAAuthentication -Specifies whether rhosts or /etc/hosts.equiv authentication together -with successful RSA host authentication is allowed. -The default is -.Dq no . -This option applies to protocol version 1 only. -.It Cm RSAAuthentication -Specifies whether pure RSA authentication is allowed. -The default is -.Dq yes . -This option applies to protocol version 1 only. -.It Cm ServerKeyBits -Defines the number of bits in the ephemeral protocol version 1 server key. -The minimum value is 512, and the default is 768. -.It Cm StrictModes -Specifies whether -.Xr sshd 8 -should check file modes and ownership of the -user's files and home directory before accepting login. -This is normally desirable because novices sometimes accidentally leave their -directory or files world-writable. -The default is -.Dq yes . -.It Cm Subsystem -Configures an external subsystem (e.g. file transfer daemon). -Arguments should be a subsystem name and a command (with optional arguments) -to execute upon subsystem request. -The command -.Xr sftp-server 8 -implements the -.Dq sftp -file transfer subsystem. -By default no subsystems are defined. -Note that this option applies to protocol version 2 only. -.It Cm SyslogFacility -Gives the facility code that is used when logging messages from -.Xr sshd 8 . -The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, -LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. -The default is AUTH. -.It Cm TCPKeepAlive -Specifies whether the system should send TCP keepalive messages to the -other side. -If they are sent, death of the connection or crash of one -of the machines will be properly noticed. -However, this means that -connections will die if the route is down temporarily, and some people -find it annoying. -On the other hand, if TCP keepalives are not sent, -sessions may hang indefinitely on the server, leaving -.Dq ghost -users and consuming server resources. -.Pp -The default is -.Dq yes -(to send TCP keepalive messages), and the server will notice -if the network goes down or the client host crashes. -This avoids infinitely hanging sessions. -.Pp -To disable TCP keepalive messages, the value should be set to -.Dq no . -.It Cm UseDNS -Specifies whether -.Xr sshd 8 -should look up the remote host name and check that -the resolved host name for the remote IP address maps back to the -very same IP address. -The default is -.Dq yes . -.It Cm UseLogin -Specifies whether -.Xr login 1 -is used for interactive login sessions. -The default is -.Dq no . -Note that -.Xr login 1 -is never used for remote command execution. -Note also, that if this is enabled, -.Cm X11Forwarding -will be disabled because -.Xr login 1 -does not know how to handle -.Xr xauth 1 -cookies. -If -.Cm UsePrivilegeSeparation -is specified, it will be disabled after authentication. -.It Cm UsePAM -Enables the Pluggable Authentication Module interface. -If set to -.Dq yes -this will enable PAM authentication using -.Cm ChallengeResponseAuthentication -and -.Cm PasswordAuthentication -in addition to PAM account and session module processing for all -authentication types. -.Pp -Because PAM challenge-response authentication usually serves an equivalent -role to password authentication, you should disable either -.Cm PasswordAuthentication -or -.Cm ChallengeResponseAuthentication. -.Pp -If -.Cm UsePAM -is enabled, you will not be able to run -.Xr sshd 8 -as a non-root user. -The default is -.Dq no . -.It Cm UsePrivilegeSeparation -Specifies whether -.Xr sshd 8 -separates privileges by creating an unprivileged child process -to deal with incoming network traffic. -After successful authentication, another process will be created that has -the privilege of the authenticated user. -The goal of privilege separation is to prevent privilege -escalation by containing any corruption within the unprivileged processes. -The default is -.Dq yes . -.It Cm X11DisplayOffset -Specifies the first display number available for -.Xr sshd 8 Ns 's -X11 forwarding. -This prevents sshd from interfering with real X11 servers. -The default is 10. -.It Cm X11Forwarding -Specifies whether X11 forwarding is permitted. -The argument must be -.Dq yes -or -.Dq no . -The default is -.Dq no . -.Pp -When X11 forwarding is enabled, there may be additional exposure to -the server and to client displays if the -.Xr sshd 8 -proxy display is configured to listen on the wildcard address (see -.Cm X11UseLocalhost -below), though this is not the default. -Additionally, the authentication spoofing and authentication data -verification and substitution occur on the client side. -The security risk of using X11 forwarding is that the client's X11 -display server may be exposed to attack when the SSH client requests -forwarding (see the warnings for -.Cm ForwardX11 -in -.Xr ssh_config 5 ) . -A system administrator may have a stance in which they want to -protect clients that may expose themselves to attack by unwittingly -requesting X11 forwarding, which can warrant a -.Dq no -setting. -.Pp -Note that disabling X11 forwarding does not prevent users from -forwarding X11 traffic, as users can always install their own forwarders. -X11 forwarding is automatically disabled if -.Cm UseLogin -is enabled. -.It Cm X11UseLocalhost -Specifies whether -.Xr sshd 8 -should bind the X11 forwarding server to the loopback address or to -the wildcard address. -By default, -sshd binds the forwarding server to the loopback address and sets the -hostname part of the -.Ev DISPLAY -environment variable to -.Dq localhost . -This prevents remote hosts from connecting to the proxy display. -However, some older X11 clients may not function with this -configuration. -.Cm X11UseLocalhost -may be set to -.Dq no -to specify that the forwarding server should be bound to the wildcard -address. -The argument must be -.Dq yes -or -.Dq no . -The default is -.Dq yes . -.It Cm XAuthLocation -Specifies the full pathname of the -.Xr xauth 1 -program. -The default is -.Pa /usr/X11R6/bin/xauth . -.El -.Sh TIME FORMATS -.Xr sshd 8 -command-line arguments and configuration file options that specify time -may be expressed using a sequence of the form: -.Sm off -.Ar time Op Ar qualifier , -.Sm on -where -.Ar time -is a positive integer value and -.Ar qualifier -is one of the following: -.Pp -.Bl -tag -width Ds -compact -offset indent -.It Aq Cm none -seconds -.It Cm s | Cm S -seconds -.It Cm m | Cm M -minutes -.It Cm h | Cm H -hours -.It Cm d | Cm D -days -.It Cm w | Cm W -weeks -.El -.Pp -Each member of the sequence is added together to calculate -the total time value. -.Pp -Time format examples: -.Pp -.Bl -tag -width Ds -compact -offset indent -.It 600 -600 seconds (10 minutes) -.It 10m -10 minutes -.It 1h30m -1 hour 30 minutes (90 minutes) -.El -.Sh FILES -.Bl -tag -width Ds -.It Pa /etc/ssh/sshd_config -Contains configuration data for -.Xr sshd 8 . -This file should be writable by root only, but it is recommended -(though not necessary) that it be world-readable. -.El -.Sh SEE ALSO -.Xr sshd 8 -.Sh AUTHORS -OpenSSH is a derivative of the original and free -ssh 1.2.12 release by Tatu Ylonen. -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, -Theo de Raadt and Dug Song -removed many bugs, re-added newer features and -created OpenSSH. -Markus Friedl contributed the support for SSH -protocol versions 1.5 and 2.0. -Niels Provos and Markus Friedl contributed support -for privilege separation. |