| version 1.1.1.22, 2021/04/19 14:38:29 |
version 1.1.1.23, 2021/09/02 11:22:30 |
|
|
| .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| .\" |
.\" |
| .\" $OpenBSD: sshd.8,v 1.314 2021/04/03 05:46:41 djm Exp $ |
.\" $OpenBSD: sshd.8,v 1.316 2021/07/30 14:28:13 jmc Exp $ |
| .Dd $Mdocdate: April 3 2021 $ |
.Dd $Mdocdate: July 30 2021 $ |
| .Dt SSHD 8 |
.Dt SSHD 8 |
| .Os |
.Os |
| .Sh NAME |
.Sh NAME |
|
|
| .Nm |
.Nm |
| (OpenSSH Daemon) is the daemon program for |
(OpenSSH Daemon) is the daemon program for |
| .Xr ssh 1 . |
.Xr ssh 1 . |
| Together these programs replace rlogin and rsh, |
It provides secure encrypted communications between two untrusted hosts |
| and provide secure encrypted communications between two untrusted hosts |
|
| over an insecure network. |
over an insecure network. |
| .Pp |
.Pp |
| .Nm |
.Nm |
| Line 107 supplied in any order, either with multi |
|
| Line 106 supplied in any order, either with multi |
|
| .Fl C |
.Fl C |
| options or as a comma-separated list. |
options or as a comma-separated list. |
| The keywords are |
The keywords are |
| .Dq addr, |
.Dq addr , |
| .Dq user , |
.Dq user , |
| .Dq host , |
.Dq host , |
| .Dq laddr , |
.Dq laddr , |
| Line 135 This allows easy monitoring of |
|
| Line 134 This allows easy monitoring of |
|
| Debug mode. |
Debug mode. |
| The server sends verbose debug output to standard error, |
The server sends verbose debug output to standard error, |
| and does not put itself in the background. |
and does not put itself in the background. |
| The server also will not fork and will only process one connection. |
The server also will not |
| |
.Xr fork 2 |
| |
and will only process one connection. |
| This option is only intended for debugging for the server. |
This option is only intended for debugging for the server. |
| Multiple |
Multiple |
| .Fl d |
.Fl d |
|
|
| option is set, runs it; else if |
option is set, runs it; else if |
| .Pa /etc/ssh/sshrc |
.Pa /etc/ssh/sshrc |
| exists, runs |
exists, runs |
| it; otherwise runs xauth. |
it; otherwise runs |
| |
.Xr xauth 1 . |
| The |
The |
| .Dq rc |
.Dq rc |
| files are given the X11 |
files are given the X11 |
|
|
| .Pp |
.Pp |
| An example authorized_keys file: |
An example authorized_keys file: |
| .Bd -literal -offset 3n |
.Bd -literal -offset 3n |
| # Comments allowed at start of line |
# Comments are allowed at start of line. Blank lines are allowed. |
| ssh-rsa AAAAB3Nza...LiPk== user@example.net |
# Plain key, no restrictions |
| from="*.sales.example.net,!pc.sales.example.net" ssh-rsa |
ssh-rsa ... |
| AAAAB2...19Q== john@example.net |
# Forced command, disable PTY and all forwarding |
| command="dump /home",no-pty,no-port-forwarding ssh-rsa |
restrict,command="dump /home" ssh-rsa ... |
| AAAAC3...51R== example.net |
# Restriction of ssh -L forwarding destinations |
| permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa |
permitopen="192.0.2.1:80",permitopen="192.0.2.2:25" ssh-rsa ... |
| AAAAB5...21S== |
# Restriction of ssh -R forwarding listeners |
| permitlisten="localhost:8080",permitopen="localhost:22000" ssh-rsa |
permitlisten="localhost:8080",permitlisten="[::1]:22000" ssh-rsa ... |
| AAAAB5...21S== |
# Configuration for tunnel forwarding |
| tunnel="0",command="sh /etc/netstart tun0" ssh-rsa AAAA...== |
tunnel="0",command="sh /etc/netstart tun0" ssh-rsa ... |
| jane@example.net |
# Override of restriction to allow PTY allocation |
| restrict,command="uptime" ssh-rsa AAAA1C8...32Tv== |
restrict,pty,command="nethack" ssh-rsa ... |
| user@example.net |
# Allow FIDO key without requiring touch |
| restrict,pty,command="nethack" ssh-rsa AAAA1f8...IrrC5== |
no-touch-required sk-ecdsa-sha2-nistp256@openssh.com ... |
| user@example.net |
# Require user-verification (e.g. PIN or biometric) for FIDO key |
| no-touch-required sk-ecdsa-sha2-nistp256@openssh.com AAAAInN...Ko== |
verify-required sk-ecdsa-sha2-nistp256@openssh.com ... |
| user@example.net |
# Trust CA key, allow touch-less FIDO if requested in certificate |
| |
cert-authority,no-touch-required,principals="user_a" ssh-rsa ... |
| .Ed |
.Ed |
| .Sh SSH_KNOWN_HOSTS FILE FORMAT |
.Sh SSH_KNOWN_HOSTS FILE FORMAT |
| The |
The |
![[BACK]](/icons/back.gif){kind=icon}
Return to sshd.8 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [cvs.NetBSD.org] / src / crypto / external / bsd / openssh / dist