


SSHD(8)                        SSH                        SSHD(8)


NAME
       sshd - secure shell daemon


SYNOPSIS
       sshd [-b bits] [-d ] [-f config_file]
       [-g login_grace_time] [-h host_key_file] [-i ]
       [-k key_gen_time] [-p port] [-q ] [-V version]



DESCRIPTION
       Sshd  (Secure Shell Daemon) is the daemon program for ssh.
       Together these programs replace rlogin and  rsh  programs,
       and  provide  secure  encrypted communications between two
       untrusted hosts over an insecure  network.   The  programs
       are intended to be as easy to install and use as possible.

       Sshd is the  daemon  that  listens  for  connections  from
       clients.    It   is   normally   started   at   boot  from
       /etc/rc.local or equivalent.  It forks a  new  daemon  for
       each  incoming  connection.  The forked daemons handle key
       exchange, encryption, authentication,  command  execution,
       and data exchange.

       Sshd  works as follows.  Each host has a host-specific RSA
       key (normally 1024 bits) used to identify the host.  Addi-
       tionally,  when  the  daemon starts, it generates a server
       RSA key (normally 768 bits).  This key is normally  regen-
       erated every hour if it has been used, and is never stored
       on disk.

       Whenever a client connects the daemon,  the  daemon  sends
       its host and server public keys to the client.  The client
       compares the host key against its own database  to  verify
       that  it has not changed.  The client then generates a 256
       bit random number.  It encrypts this random  number  using
       both  the  host  key  and  the  server  key, and sends the
       encrypted number to the server.  Both sides then start  to
       use  this  random number as a session key which is used to
       encrypt all further communications in  the  session.   The
       rest  of  the  session  is  encrypted using a conventional
       cipher.  Currently, IDEA, DES, 3DES, ARCFOUR, and  TSS  (a
       fast home-grown algorithm) are supported.  IDEA is used by
       default.  The client selects the encryption  algorithm  to
       use from those offered by the server.

       Next,  the  server  and the client enter an authentication
       dialog.  The client tries  to  authenticate  itself  using
       .rhosts  authentication,  .rhosts  authentication combined
       with  RSA  host  authentication,  RSA   challenge-response
       authentication,  TIS channenge response authentication, or
       password based authentication.




SSH                      November 8, 1995                       1





SSHD(8)                        SSH                        SSHD(8)


       Rhosts authentication is normally disabled because  it  is
       fundamentally  insecure,  but can be enabled in the server
       configuration file if desired.   System  security  is  not
       improved  unless  rshd(8), rlogind(8), rexecd(8), and rexd
       (8) are disabled (thus completely disabling rlogin(1)  and
       rsh(1) into that machine).

       If  the client successfully authenticates itself, a dialog
       for preparing the session is entered.  At  this  time  the
       client  may  request  things like allocating a pseudo-tty,
       forwarding X11 connections, forwarding TCP/IP connections,
       or forwarding the authentication agent connection over the
       secure channel.

       Finally, the client either requests a shell  or  execution
       of a command.  The sides then enter session mode.  In this
       mode, either side may send data at any time, and such data
       is  forwarded  to/from  the shell or command on the server
       side, and the user terminal in the client side.

       When the user program terminates and all forwarded X11 and
       other  connections have been closed, the server sends com-
       mand exit status to the client, and both sides exit.

       Sshd can be configured using  command-line  options  or  a
       configuration  file.  Command-line options override values
       specified in the configuration file.

       Sshd rereads its configuration file  if  it  is  sent  the
       hangup signal, SIGHUP.


OPTIONS
       -b bits
              Specifies  the  number  of  bits  in the server key
              (default 768).

       -d     Debug mode.  The server sends verbose debug  output
              to  the  system log, and does not put itself in the
              background.  The server also will not fork and will
              only  process  one connection.  This option is only
              intended for debugging for the server.

       -f configuration_file
              Specifies the name of the configuration file.   The
              default is /etc/sshd_config.

       -g login_grace_time
              Gives  the  grace  time for clients to authenticate
              themselves (default 600 seconds).   If  the  client
              fails  to  authenticate  the  user within this many
              seconds, the server disconnects and exits.  A value
              of zero indicates no limit.




SSH                      November 8, 1995                       2





SSHD(8)                        SSH                        SSHD(8)


       -h host_key_file
              Specifies  the file from which the host key is read
              (default /etc/ssh_host_key).  This option  must  be
              given  if  sshd  is  not run as root (as the normal
              host file is normally not readable  by  anyone  but
              root).

       -i     Specifies  that sshd is being run from inetd.  Sshd
              is normally not run from inetd because it needs  to
              generate  the  server  key before it can respond to
              the client, and this  may  take  tens  of  seconds.
              Clients  would have to wait too long if the key was
              regenerated every time.  However,  with  small  key
              sizes (e.g.  512) using sshd from inetd may be fea-
              sible.

       -k key_gen_time
              Specifies how often the server key  is  regenerated
              (default  3600  seconds, or one hour).  The motiva-
              tion for regenerating the key fairly often is  that
              the  key is not stored anywhere, and after about an
              hour, it becomes impossible to recover the key  for
              decrypting  intercepted  communications even if the
              machine is cracked into or  physically  seized.   A
              value  of zero indicates that the key will never be
              regenerated.

       -p port
              Specifies the port on which the server listens  for
              connections (default 22).

       -q     Quiet  mode.   Nothing  is  sent to the system log.
              Normally the beginning, authentication, and  termi-
              nation of each connection is logged.

       -V     SSH  version  2  compatibility mode. Server assumes
              that SSH version 2 daemon has already read the ver-
              sion  number string from the client and this option
              gives the version string read from the client.


CONFIGURATION FILE
       Sshd reads configuration data  from  /etc/sshd_config  (or
       the file specified with -f on the command line).  The file
       contains keyword-value pairs, one per line.  Lines  start-
       ing  with '#' and empty lines are interpreted as comments.

       The following keywords are  possible.  Keywords  are  case
       insensitive.








SSH                      November 8, 1995                       3





SSHD(8)                        SSH                        SSHD(8)


       AllowGroups
              This keyword can be followed by any number of group
              name patterns, separated by spaces.  If  specified,
              login  is  allowed only if users primary group name
              matches one of the patterns. '*'  and  '?'  can  be
              used  as  wildcards  in  the  patterns. By default,
              logins as all users are allowed.

              Note that the all other login authentication  steps
              must  still  be sucessfully completed.  AllowGroups
              and DenyGroups are additional restrictions.


       AllowHosts
              This keyword can be followed by any number of  host
              name  patterns, separated by spaces.  If specified,
              login is allowed only from hosts whose name matches
              one  of  the  patterns.  '*' and '?' can be used as
              wildcards in the patterns.  Normal name servers are
              used to map the client's host into a canonical host
              name.  If the name cannot be mapped, its IP-address
              is used as the host name.  By default all hosts are
              allowed to connect.

              Note that  sshd  can  also  be  configured  to  use
              tcp_wrappers  using the --with-libwrap compile-time
              configuration option.


       AccountExpireWarningDays
              Specifies when to start print warning messages that
              the account is going to expire. The value is number
              of days before the account expiration. The  default
              value  is 14 days, and if set to 0 the warning mes-
              sages are disabled.


       AllowSHosts
              This keyword can be followed by any number of  host
              name  patterns,  separated by spaces. If specified,
              .shosts (and .rhosts and /etc/hosts.equiv)  entries
              are  only honoured for hosts whose name matches one
              of the patterns.   servers  are  used  to  map  the
              client's  host  into a canonical host name.  If the
              name cannot be mapped, its IP-address  is  used  as
              the host name.  By default all hosts are allowed to
              connect.


       AllowTcpForwarding
              Specifies whether tcp forwarding is permitted.  The
              default is "yes".  Note that disabling tcp forward-
              ing does not improve security in any way, as  users
              can always install their own forwarders.



SSH                      November 8, 1995                       4





SSHD(8)                        SSH                        SSHD(8)


       AllowUsers
              This  keyword can be followed by any number of user
              name patterns or user@host patterns,  separated  by
              spaces. Host name may be either the dns name or the
              ip address. If specified, login is allowed only  as
              users  whose  name matches one of the patterns. '*'
              and '?' can be used as wildcards in  the  patterns.
              By default, logins as all users are allowed.

              Note  that the all other login authentication steps
              must still be  sucessfully  completed.   AllowUsers
              and DenyUsers are additional restrictions.


       CheckMail
              Specifies  whether  sshd  should  print information
              whether you have new mail or not when a  user  logs
              in  interactively.   (On  some  systems  it is also
              printed by the shell, /etc/profile, or equivalent.)
              The default is "yes".




       DenyGroups
              This keyword can be followed by any number of group
              name patterns, separated by spaces.  If  specified,
              login  is  disallowed  if  users primary group name
              name matches any of the patterns.


       DenyHosts
              This keyword can be followed by any number of  host
              name  patterns, separated by spaces.  If specified,
              login is  disallowed  from  the  hosts  whose  name
              matches any of the patterns.


       DenySHosts
              This  keyword can be followed by any number of host
              name patterns, separated by spaces.  If  specified,
              .shosts  (and .rhosts and /etc/hosts.equiv) entries
              whose name matches any of the patterns are ignored.


       DenyUsers
              This  keyword can be followed by any number of user
              name patterns or user@host patterns,  separated  by
              spaces. Host name may be either the dns name or the
              ip address. If specified, login  is  disallowed  as
              users whose name matches any of the patterns.






SSH                      November 8, 1995                       5





SSHD(8)                        SSH                        SSHD(8)


       FascistLogging
              Specifies  whether to use verbose logging.  Verbose
              logging violates the privacy of users  and  is  not
              recommended.   The  argument  must be "yes" or "no"
              (without the quotes).  The default is "no".


       ForcedEmptyPasswdChange
              Specifies whether to force password change  if  the
              password  is  empty  (first  login). . The argument
              must be "yes" or "no"  (without  the  quotes).  The
              default is "no".


       ForcedPasswdChange
              Specifies  whether  to force password change if the
              password is expired.  The argument must be "yes" or
              "no" (without the quotes).  The default is "yes".


       HostKey
              Specifies  the file containing the private host key
              (default /etc/ssh_host_key).


       IdleTimeout time
              Sets idle timeout limit to time in  seconds  (s  or
              nothing  after  number),  in  minutes (m), in hours
              (h), in days (d), or in weeks (w).  If the  connec-
              tion  have  been  idle (all channels) for that long
              time the child process is killed with  SIGHUP,  and
              connection is closed down.


       IgnoreRhosts
              Specifies  that rhosts and shosts files will not be
              used  in  authentication.    /etc/hosts.equiv   and
              /etc/shosts.equiv  are  still used.  The default is
              "no".


       IgnoreRootRhosts
              Specifies that rhosts and shosts files will not  be
              used  in  authentication  for root.  The default is
              the value of IgnoreRhosts.


       KeepAlive
              Specifies whether the system should send  keepalive
              messages  to  the  other  side.   If they are sent,
              death of the connection or  crash  of  one  of  the
              machines  will  be properly noticed.  However, this
              means that connections will die  if  the  route  is
              down temporarily, and some people find it annoying.



SSH                      November 8, 1995                       6





SSHD(8)                        SSH                        SSHD(8)


              On the other hand, if keepalives are not send, ses-
              sions  may hang indefinitely on the server, leaving
              "ghost" users and consuming server resources.

              The default is "yes" (to send keepalives), and  the
              server  will notice if the network goes down or the
              client host reboots.  This avoids infinitely  hang-
              ing sessions.

              To  disable  keepalives, the value should be set to
              "no" in both the server and the  client  configura-
              tion files.


       KerberosAuthentication
              Specifies  whether  Kerberos  V5  authentication is
              allowed. This can be in  the  form  of  a  Kerberos
              ticket,  or  if  PasswordAuthentication is yes, the
              password provided by the  user  will  be  validated
              through  the  Kerberos  KDC or DCE Security Server.
              Default is yes.


       KerberosOrLocalPasswd
              If set then if password authentication through Ker-
              beros fails then the password will be validated via
              any additional local mechanism such as  /etc/passwd
              or SecurID. Default is no.


       KerberosTgtPassing
              Specifies  whether  a  Kerberos  V5 TGT may be for-
              warded to the server.  Default is yes.


       KeyRegenerationInterval
              The server key is automatically  regenerated  after
              this  many seconds (if it has been used).  The pur-
              pose of regeneration is to prevent decrypting  cap-
              tured  sessions  by later breaking into the machine
              and stealing the keys.  The  key  is  never  stored
              anywhere.   If  the  value  is  0, the key is never
              regenerated.  The default is 3600 (seconds).


       ListenAddress
              Specifies the ip address of the interface where the
              sshd server socket is bind.


       LoginGraceTime
              The  server disconnects after this time if the user
              has not successfully logged in.  If the value is 0,
              there  is  no  time  limit.   The  default  is  600



SSH                      November 8, 1995                       7





SSHD(8)                        SSH                        SSHD(8)


              (seconds).


       PasswordAuthentication
              Specifies  whether   password   authentication   is
              allowed.  The default is "yes".


       PasswordExpireWarningDays
              Specifies when to start print warning messages that
              the password is going to expire. The value is  num-
              ber  of  days  before  the password expiration. The
              default value is 14 days, and if set to 0 the warn-
              ing messages are disabled.


       PermitEmptyPasswords
              When  password authentication is allowed, it speci-
              fies whether the server allows  login  to  accounts
              with empty password strings.  The default is "yes".


       PermitRootLogin
              Specifies whether the root can log  in  using  ssh.
              May be set to "yes", "nopwd", or "no".  The default
              is "yes", allowing root logins through any  of  the
              authentication  types allowed for other users.  The
              "nopwd" value disables password-authenticated  root
              logins.    The  "no"  value  disables  root  logins
              through  any   of   the   authentication   methods.
              ("nopwd"  and "no" are equivalent unless you have a
              .rhosts, .shosts, or .ssh/authorized_keys  file  in
              the root home directory.)

              Root  login  with RSA authentication when the "com-
              mand" option has been  specified  will  be  allowed
              regardless  of the value of this setting (which may
              be useful for taking remote backups  even  if  root
              login is normally not allowed).


       PidFile
              Specifies  the  location of the file containing the
              process ID of  the  master  sshd  daemon  (default:
              /etc/sshd.pid  or  /var/run/sshd.pid,  depending on
              the system).


       Port   Specifies the port number  that  sshd  listens  on.
              The default is 22.


       PrintMotd
              Specifies  whether sshd should print /etc/motd when



SSH                      November 8, 1995                       8





SSHD(8)                        SSH                        SSHD(8)


              a user logs in interactively.  (On some systems  it
              is  also  printed  by  the  shell, /etc/profile, or
              equivalent.)  The default is "yes".


       QuietMode
              Specifies whether the system runs  in  quiet  mode.
              In quiet mode, nothing is logged in the system log,
              except fatal errors.  The default is "no".


       RandomSeed
              Specifies the file containing the random  seed  for
              the  server; this file is created automatically and
              updated regularly.  The  default  is  /etc/ssh_ran-
              dom_seed.


       RhostsAuthentication
              Specifies  whether  authentication  using rhosts or
              /etc/hosts.equiv files  is  sufficient.   Normally,
              this  method  should not be permitted because it is
              insecure.  RhostsRSAAuthentication should  be  used
              instead, because it performs RSA-based host authen-
              tication  in   addition   to   normal   rhosts   or
              /etc/hosts.equiv  authentication.   The  default is
              "no".


       RhostsRSAAuthentication
              Specifies  whether   rhosts   or   /etc/hosts.equiv
              authentication  together  with  successful RSA host
              authentication is allowed.  The default is "yes".


       RSAAuthentication
              Specifies  whether  pure  RSA   authentication   is
              allowed.  The default is "yes".


       ServerKeyBits
              Defines  the number of bits in the server key.  The
              minimum value is 512, and the default is 768.


       SilentDeny
              Specifies wheter denied (or  not  allowed)  connec-
              tions  are  denied silently (just close the connec-
              tion, no logging etc) or are  they  closed  cleanly
              (send error message and log connection attempt).


       StrictModes
              Specifies  whether  ssh should check file modes and



SSH                      November 8, 1995                       9





SSHD(8)                        SSH                        SSHD(8)


              ownership of the user's home directory  and  rhosts
              files  before  accepting  login.   This is normally
              desirable because  novices  sometimes  accidentally
              leave their directory or files world-writable.  The
              default is "yes".


       SyslogFacility
              Gives the facility code that is used  when  logging
              messages  from sshd.  The possible values are: DAE-
              MON, USER, AUTH, LOCAL0,  LOCAL1,  LOCAL2,  LOCAL3,
              LOCAL4,  LOCAL5,  LOCAL6,  LOCAL7.   The default is
              DAEMON.


       TISAuthentication
              Specifies wether authentication through TIS authsrv
              (8) is allowed. The default is "no".


       Umask  Sets  default umask for sshd and its childs. Remem-
              ber to add 0 in front of  the  number  to  make  it
              octal. Default is to not set umask at all.


       X11Forwarding
              Specifies whether X11 forwarding is permitted.  The
              default is "yes".  Note that disabling X11 forward-
              ing  does not improve security in any way, as users
              can always install their own forwarders.


       X11DisplayOffset
              Specifies the first display  number  available  for
              sshd's  X11  forwarding.  This  prevents  sshd from
              interfering with real X11 servers.


       XAuthLocation
              Specifies the default path to xauth program.


LOGIN PROCESS
       When a user successfully logs in, sshd does the following:

       1.     If  the  login is on a tty, and no command has been
              specified, prints last  login  time  and  /etc/motd
              (unless  prevented  in the configuration file or by
              $HOME/.hushlogin; see the FILES section).

       2.     If the login is on a tty, records login time.

       3.     Checks /etc/nologin; if it exists, prints  contents
              and quits (unless root).



SSH                      November 8, 1995                      10





SSHD(8)                        SSH                        SSHD(8)


       4.     Changes to run with normal user privileges.

       5.     Sets up basic environment.

       6.     Reads /etc/environment if it exists.

       7.     Reads $HOME/.ssh/environment if it exists.

       8.     Changes to user's home directory.

       9.     If  $HOME/.ssh/rc  exists, runs it (with the user's
              shell); else if /etc/sshrc exists,  runs  it  (with
              e:/usr/bin/sh.exe); otherwise runs xauth.  The "rc"
              files are given the X11 authentication protocol and
              cookie in standard input.

       10.    Runs user's shell or command.



AUTHORIZED_KEYS FILE FORMAT
       The  $HOME/.ssh/authorized_keys  file  lists  the RSA keys
       that are permitted for RSA authentication.  Each  line  of
       the  file contains one key (empty lines and lines starting
       with a '#' are ignored as comments).  Each  line  consists
       of  the  following  fields,  separated by spaces: options,
       bits, exponent, modulus, comment.  The  options  field  is
       optional;  its  presence is determined by whether the line
       starts with a number or not (the option field never starts
       with  a  number).  The bits, exponent, modulus and comment
       fields give the RSA key; the comment field is not used for
       anything  (but  may be convenient for the user to identify
       the key).

       Note that lines in this file are usually  several  hundred
       bytes  long  (because of the size of the RSA key modulus).
       You don't want to type them in; instead,  copy  the  iden-
       tity.pub file and edit it.

       The  options  (if  present)  consists  of  comma-separated
       option specifications.  No spaces  are  permitted,  except
       within  double quotes.  Option names are case insensitive.
       The following option specifications are supported:

         from="pattern-list"
              Specifies that in addition to  RSA  authentication,
              the  canonical name of the remote host must be pre-
              sent in the comma-separated list of  patterns  ('*'
              and  '?'  serve  as  wildcards).  The list may also
              contain patterns negated  by  prefixing  them  with
              '!';  if  the canonical host name matches a negated
              pattern, the key is not accepted.  The  purpose  of
              this option is to optionally increase security: RSA
              authentication by itself does not trust the network



SSH                      November 8, 1995                      11





SSHD(8)                        SSH                        SSHD(8)


              or name servers or anything (but the key); however,
              if somebody somehow steals the key, the key permits
              an  intruder  to log in from anywhere in the world.
              This additional option makes  using  a  stolen  key
              more  difficult  (name servers and/or routers would
              have to be compromised  in  addition  to  just  the
              key).

         command="command"
              Specifies  that  the  command  is executed whenever
              this key is used for authentication.   The  command
              supplied by the user (if any) is ignored.  The com-
              mand is run on a pty if the connection  requests  a
              pty;  otherwise  it  is run without a tty.  A quote
              may be included in the command by quoting it with a
              backslash.  This option might be useful to restrict
              certain RSA keys to perform just a specific  opera-
              tion.   An  example  might  be  a  key that permits
              remote backups but nothing else.  Notice  that  the
              client  may  specify  TCP/IP and/or X11 forwardings
              unless they are explicitly prohibited.

         environment="NAME=value"
              Specifies that the string is to  be  added  to  the
              environment  when logging in using this key.  Envi-
              ronment  variables  set  this  way  override  other
              default  environment  values.   Multiple options of
              this type are permitted.

         idle-timeout=time
              Sets idle timeout limit to time in  seconds  (s  or
              nothing  after  number),  in  minutes (m), in hours
              (h), in days (d), or in weeks (w).  If the  connec-
              tion  have  been  idle (all channels) for that long
              time the child process is killed with  SIGHUP,  and
              connection is closed down.

         no-port-forwarding
              Forbids TCP/IP forwarding when this key is used for
              authentication.  Any port forward requests  by  the
              client  will  return  an error.  This might be used
              e.g.  in connection with the command option.

         no-X11-forwarding
              Forbids X11 forwarding when this key  is  used  for
              authentication.   Any  X11  forward requests by the
              client will return an error.

         no-agent-forwarding
              Forbids authentication agent forwarding  when  this
              key is used for authentication.

         no-pty
              Prevents  tty  allocation  (a request to allocate a



SSH                      November 8, 1995                      12





SSHD(8)                        SSH                        SSHD(8)


              pty will fail).


   Examples
       1024 33 12121...312314325 ylo@foo.bar

       from="*.niksula.hut.fi,!pc.niksula.hut.fi"     1024     35
       23...2334 ylo@niksula

       command="dump   /home",no-pty,no-port-forwarding  1024  33
       23...2323 backup.hut.fi


SSH WITH TCP WRAPPERS
       When sshd is compiled with tcp  wrappers  libraries,  then
       the host.allow/deny files also controls who can connect to
       ports forwarded by sshd.

       The program names in the hosts.allow/deny files are  sshd-
       fwd-<portname>,  sshdfwd-<portnumber>, and sshdfwd-X11 for
       forwarded ports the ssh client or server is listening.

       If the port has name defined then you must use it.


SSH_KNOWN_HOSTS FILE FORMAT
       The /etc/ssh_known_hosts and $HOME/.ssh/known_hosts  files
       contain  host public keys for all known hosts.  The global
       file should be prepared by the admistrator (optional), and
       the  per-user  file  is maintained automatically: whenever
       the user connects an unknown host its key is added to  the
       per-user    file.    The   recommended   way   to   create
       /etc/ssh_known_hosts is to  use  the  make-ssh-known-hosts
       command.

       Each  line  in  these files contains the following fields:
       hostnames, bits, exponent, modulus, comment.   The  fields
       are separated by spaces.

       Hostnames  is  a comma-separated list of patterns ('*' and
       '?' act as wildcards); each pattern  in  turn  is  matched
       against  the  canonical  host  name (when authenticating a
       client) or against the user-supplied name (when  authenti-
       cating  a  server).  A pattern may also be preceded by '!'
       to indicate negation: if the host name matches  a  negated
       pattern,  it  is  not  accepted  (by that line) even if it
       matched another pattern on the line.

       Bits, exponent, and modulus are taken  directly  from  the
       host    key;    they    can   be   obtained   e.g.    from
       /etc/ssh_host_key.pub.  The optional comment field contin-
       ues to the end of the line, and is not used.

       Lines  starting  with  '#'  and empty lines are ignored as



SSH                      November 8, 1995                      13





SSHD(8)                        SSH                        SSHD(8)


       comments.

       When performing  host  authentication,  authentication  is
       accepted  if  any matching line has the proper key.  It is
       thus permissible (but not  recommended)  to  have  several
       lines  or  different  host  keys for the same names.  This
       will inevitably happen when short forms of host names from
       different  domains  are  put  in the file.  It is possible
       that the files contain conflicting information;  authenti-
       cation  is accepted if valid information can be found from
       either file.

       Note that the lines in these files are typically  hundreds
       of  characters long, and you definitely don't want to type
       in the host keys by hand.   Rather,  generate  them  by  a
       script   (see   make-ssh-known-hosts(1))   or   by  taking
       /etc/ssh_host_key.pub and adding the  host  names  at  the
       front.


   Examples
       closenet,closenet.hut.fi,...,130.233.208.41     1024    37
       159...93 closenet.hut.fi


FILES
       /etc/sshd_config
              Contains configuration data for  sshd.   This  file
              should  be  writable by root only, but it is recom-
              mended (though not necessary)  that  it  be  world-
              readable.

       /etc/ssh_host_key
              Contains  the  private  part of the host key.  This
              file is normally  created  automatically  by  "make
              install",  but  can  also be created manually using
              ssh-keygen(1).  This file should only be  owned  by
              root,  readable only by root, and not accessible to
              others.

       /etc/ssh_host_key.pub
              Contains the public part of  the  host  key.   This
              file  is  normally  created  automatically by "make
              install", but can also be created  manually.   This
              file  should be world-readable but writable only by
              root.  Its contents should match the private  part.
              This  file  is  not really used for anything; it is
              only provided for the convenience of  the  user  so
              its contents can be copied to known hosts files.

       /etc/ssh_random_seed
              This  file  contains  a  seed for the random number
              generator.  This file should only be accessible  by
              root.



SSH                      November 8, 1995                      14





SSHD(8)                        SSH                        SSHD(8)


       /etc/sshd.pid
              Contains  the  process id of the sshd listening for
              connections (if there are several  daemons  running
              concurrently for different ports, this contains the
              pid of the one started last).  The contents of this
              file are not sensitive; it can be world-readable.

       $HOME/.ssh/authorized_keys
              Lists the RSA keys that can be used to log into the
              user's account.  This file must be readable by root
              (which  may  on some machines imply it being world-
              readable if the user's home directory resides on an
              NFS  volume).   It  is  recommended  that it not be
              accessible by others.  The format of this  file  is
              described above.

       /etc/ssh_known_hosts and $HOME/.ssh/known_hosts
              These  files  are  consulted when using rhosts with
              RSA host authentication to check the public key  of
              the  host.   The key must be listed in one of these
              files to be accepted.  (The client  uses  the  same
              files  to verify that the remote host is the one we
              intended  to  connect.)   These  files  should   be
              writable      only      by      root/the     owner.
              /etc/ssh_known_hosts should be world-readable,  and
              $HOME/.ssh/known_hosts  can  but need not be world-
              readable.

       /etc/nologin
              If this file exists, sshd  refuses  to  let  anyone
              except  root  log in.  The contents of the file are
              displayed to anyone trying to log in, and  non-root
              connections are refused.  The file should be world-
              readable.

       $HOME/.rhosts
              This file contains host-username  pairs,  separated
              by  a  space,  one per line.  The given user on the
              corresponding host is permitted to log  in  without
              password.   The  same  file  is used by rlogind and
              rshd.  Ssh differs from rlogind and rshd in that it
              requires  RSA  host  authentication  in addition to
              validating the host name retrieved from domain name
              servers  (unless  compiled  with  the --with-rhosts
              configuration option).  The file must  be  writable
              only  by the user; it is recommended that it not be
              accessible by others.

              It is also possible to use netgroups in  the  file.
              Either  host  or  user  name  may  be  of  the form
              +@groupname to specify all hosts or  all  users  in
              the group.





SSH                      November 8, 1995                      15





SSHD(8)                        SSH                        SSHD(8)


       $HOME/.shosts
              For  ssh,  this  file  is  exactly  the same as for
              .rhosts.  However, this file is not used by  rlogin
              and  rshd,  so  using this permits access using ssh
              only.

       /etc/hosts.equiv
              This file is used  during  .rhosts  authentication.
              In  the  simplest  form,  this  file  contains host
              names, one per line.  Users on those hosts are per-
              mitted  to log in without a password, provided they
              have the same user name on both machines.  The host
              name  may  also  be  followed  by a user name; such
              users are permitted to log in as any user  on  this
              machine  (except  root).   Additionally, the syntax
              +@group can be used to specify netgroups.   Negated
              entries start with '-'.

              If  the client host/user is successfully matched in
              this file, login is  automatically  permitted  pro-
              vided  the  client  and  server  user names are the
              same.  Additionally, successful RSA host  authenti-
              cation  is  normally  required.   This file must be
              writable only by root; it is recommended that it be
              world-readable.

              Warning: It is almost never a good idea to use user
              names in hosts.equiv.  Beware that it really  means
              that the named user(s) can log in as anybody, which
              includes bin, daemon, adm, and other accounts  that
              own  critical  binaries  and  directories.  Using a
              user name practically grants the user root  access.
              The  only valid use for user names that I can think
              of is in negative entries.  Note that this  warning
              also applies to rsh/rlogin.

       /etc/shosts.equiv
              This  is  processed  exactly  as  /etc/hosts.equiv.
              However, this file may be  useful  in  environments
              that want to run both rsh/rlogin and ssh.

       /etc/environment
              This file is read into the environment at login (if
              it exists).  It can only contain empty lines,  com-
              ment  lines  (that  start with '#'), and assignment
              lines of the form name=value.  This  file  is  pro-
              cessed  in all environments (normal rsh/rlogin only
              process it on AIX and potentially some  other  sys-
              tems).   The  file should be writable only by root,
              and should be world-readable.

       $HOME/.ssh/environment
              This  file  is  read  into  the  environment  after
              /etc/environment.   It  has  the  same format.  The



SSH                      November 8, 1995                      16





SSHD(8)                        SSH                        SSHD(8)


              file should be writable only by the user;  it  need
              not be readable by anyone else.

       $HOME/.ssh/rc
              If  this  file  exists,  it  is run with the user's
              shell  after  reading  the  environment  files  but
              before  starting  the  user's shell or command.  If
              X11 spoofing is  in  use,  this  will  receive  the
              "proto  cookie" pair in standard input (and DISPLAY
              in environment).  This  must  call  xauth  in  that
              case.

              The primary purpose of this file is to run any ini-
              tialization routines which may be needed before the
              user's  home directory becomes accessible; AFS is a
              particular example of such an environment.

              This file will probably contain some initialization
              code  followed  by  something  similar to: "if read
              proto cookie; then echo add $DISPLAY $proto $cookie
              | xauth -q -; fi".

              If this file does not exist, /etc/sshrc is run, and
              if that does not exist either,  xauth  is  used  to
              store the cookie.

              This  file should be writable only by the user, and
              need not be readable by anyone else.

       /etc/sshrc
              Like $HOME/.ssh/rc, but run with e:/usr/bin/sh.exe.
              This can be used to specify machine-specific login-
              time initializations globally.  This file should be
              writable  only  by  root, and should be world-read-
              able.

       /etc/sshd_tis.map
              Establishes a mapping between a local username  and
              its  corresponding  name  in the TIS database. Each
              line contains the local name followed by a ":" fol-
              lowed  by  the corresponding name. If the file does
              not exist or the user is not found, the correspond-
              ing  name in the TIS database is supposed to be the
              same.


INSTALLATION
       Sshd is normally run as root.  If it is not run  as  root,
       it can only log in as the user it is running as, and pass-
       word authentication may not work if the system uses shadow
       passwords.   An  alternative  host  key  file must also be
       used.

       Sshd is normally started from /etc/rc.local or  equivalent



SSH                      November 8, 1995                      17





SSHD(8)                        SSH                        SSHD(8)


       at system boot.

       Considerable  work  has  been  put  to making sshd secure.
       However, if you find a security problem, please report  it
       immediately to <ssh-bugs@cs.hut.fi>.


AUTHOR
       Tatu Ylonen <ylo@ssh.fi>

       Information  about  new releases, mailing lists, and other
       related issues can be found from the ssh WWW home page  at
       http://www.cs.hut.fi/ssh.


SEE ALSO
       ssh(1),   make-ssh-known-hosts(1),   ssh-keygen(1),   ssh-
       agent(1), ssh-add(1), scp(1), rlogin(1), rsh(1)







































SSH                      November 8, 1995                      18


