Changeset View
Changeset View
Standalone View
Standalone View
crypto/openssh/sshd.8
Show All 28 Lines | |||||
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||||
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||||
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | ||||
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | ||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | ||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||||
.\" | .\" | ||||
.\" $OpenBSD: sshd.8,v 1.304 2018/07/22 12:16:59 dtucker Exp $ | .\" $OpenBSD: sshd.8,v 1.304 2018/07/22 12:16:59 dtucker Exp $ | ||||
.\" $FreeBSD$ | |||||
.Dd $Mdocdate: July 22 2018 $ | .Dd $Mdocdate: July 22 2018 $ | ||||
.Dt SSHD 8 | .Dt SSHD 8 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm sshd | .Nm sshd | ||||
.Nd OpenSSH SSH daemon | .Nd OpenSSH SSH daemon | ||||
.Sh SYNOPSIS | .Sh SYNOPSIS | ||||
.Nm sshd | .Nm sshd | ||||
Show All 15 Lines | |||||
.Xr ssh 1 . | .Xr ssh 1 . | ||||
Together these programs replace rlogin and rsh, | Together these programs replace rlogin and rsh, | ||||
and provide secure encrypted communications between two untrusted hosts | and provide secure encrypted communications between two untrusted hosts | ||||
over an insecure network. | over an insecure network. | ||||
.Pp | .Pp | ||||
.Nm | .Nm | ||||
listens for connections from clients. | listens for connections from clients. | ||||
It is normally started at boot from | It is normally started at boot from | ||||
.Pa /etc/rc . | .Pa /etc/rc.d/sshd . | ||||
It forks a new | It forks a new | ||||
daemon for each incoming connection. | daemon for each incoming connection. | ||||
The forked daemons handle | The forked daemons handle | ||||
key exchange, encryption, authentication, command execution, | key exchange, encryption, authentication, command execution, | ||||
and data exchange. | and data exchange. | ||||
.Pp | .Pp | ||||
.Nm | .Nm | ||||
can be configured using command-line options or a configuration file | can be configured using command-line options or a configuration file | ||||
▲ Show 20 Lines • Show All 250 Lines • ▼ Show 20 Lines | |||||
.Pa ~/.hushlogin ; | .Pa ~/.hushlogin ; | ||||
see the | see the | ||||
.Sx FILES | .Sx FILES | ||||
section). | section). | ||||
.It | .It | ||||
If the login is on a tty, records login time. | If the login is on a tty, records login time. | ||||
.It | .It | ||||
Checks | Checks | ||||
.Pa /etc/nologin ; | .Pa /etc/nologin and | ||||
if it exists, prints contents and quits | .Pa /var/run/nologin ; | ||||
if one exists, it prints the contents and quits | |||||
(unless root). | (unless root). | ||||
.It | .It | ||||
Changes to run with normal user privileges. | Changes to run with normal user privileges. | ||||
.It | .It | ||||
Sets up basic environment. | Sets up basic environment. | ||||
.It | .It | ||||
Reads the file | Reads the file | ||||
.Pa ~/.ssh/environment , | .Pa ~/.ssh/environment , | ||||
if it exists, and users are allowed to change their environment. | if it exists, and users are allowed to change their environment. | ||||
See the | See the | ||||
.Cm PermitUserEnvironment | .Cm PermitUserEnvironment | ||||
option in | option in | ||||
.Xr sshd_config 5 . | .Xr sshd_config 5 . | ||||
.It | .It | ||||
Changes to user's home directory. | Changes to user's home directory. | ||||
.It | .It | ||||
If | If | ||||
.Pa ~/.ssh/rc | .Pa ~/.ssh/rc | ||||
exists and the | exists and the | ||||
.Xr sshd_config 5 | .Xr sshd_config 5 | ||||
.Cm PermitUserRC | .Cm PermitUserRC | ||||
option is set, runs it; else if | option is set, runs it; else if | ||||
.Pa /etc/ssh/sshrc | .Pa /etc/ssh/sshrc | ||||
exists, runs | exists, runs | ||||
it; otherwise runs xauth. | it; otherwise runs | ||||
.Xr xauth 1 . | |||||
The | The | ||||
.Dq rc | .Dq rc | ||||
files are given the X11 | files are given the X11 | ||||
authentication protocol and cookie in standard input. | authentication protocol and cookie in standard input. | ||||
See | See | ||||
.Sx SSHRC , | .Sx SSHRC , | ||||
below. | below. | ||||
.It | .It | ||||
▲ Show 20 Lines • Show All 498 Lines • ▼ Show 20 Lines | |||||
can, but need not be, world-readable. | can, but need not be, world-readable. | ||||
.Pp | .Pp | ||||
.It Pa ~/.ssh/rc | .It Pa ~/.ssh/rc | ||||
Contains initialization routines to be run before | Contains initialization routines to be run before | ||||
the user's home directory becomes accessible. | the user's home directory becomes accessible. | ||||
This file should be writable only by the user, and need not be | This file should be writable only by the user, and need not be | ||||
readable by anyone else. | readable by anyone else. | ||||
.Pp | .Pp | ||||
.It Pa /etc/hosts.allow | |||||
.It Pa /etc/hosts.deny | |||||
Access controls that should be enforced by tcp-wrappers are defined here. | |||||
Further details are described in | |||||
.Xr hosts_access 5 . | |||||
.Pp | |||||
.It Pa /etc/hosts.equiv | .It Pa /etc/hosts.equiv | ||||
This file is for host-based authentication (see | This file is for host-based authentication (see | ||||
.Xr ssh 1 ) . | .Xr ssh 1 ) . | ||||
It should only be writable by root. | It should only be writable by root. | ||||
.Pp | .Pp | ||||
.It Pa /etc/moduli | .It Pa /etc/moduli | ||||
Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange" | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange" | ||||
key exchange method. | key exchange method. | ||||
▲ Show 20 Lines • Show All 86 Lines • ▼ Show 20 Lines | |||||
.Xr scp 1 , | .Xr scp 1 , | ||||
.Xr sftp 1 , | .Xr sftp 1 , | ||||
.Xr ssh 1 , | .Xr ssh 1 , | ||||
.Xr ssh-add 1 , | .Xr ssh-add 1 , | ||||
.Xr ssh-agent 1 , | .Xr ssh-agent 1 , | ||||
.Xr ssh-keygen 1 , | .Xr ssh-keygen 1 , | ||||
.Xr ssh-keyscan 1 , | .Xr ssh-keyscan 1 , | ||||
.Xr chroot 2 , | .Xr chroot 2 , | ||||
.Xr hosts_access 5 , | |||||
.Xr login.conf 5 , | .Xr login.conf 5 , | ||||
.Xr moduli 5 , | .Xr moduli 5 , | ||||
.Xr sshd_config 5 , | .Xr sshd_config 5 , | ||||
.Xr inetd 8 , | .Xr inetd 8 , | ||||
.Xr sftp-server 8 | .Xr sftp-server 8 | ||||
.Sh AUTHORS | .Sh AUTHORS | ||||
OpenSSH is a derivative of the original and free | OpenSSH is a derivative of the original and free | ||||
ssh 1.2.12 release by Tatu Ylonen. | ssh 1.2.12 release by Tatu Ylonen. | ||||
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, | Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, | ||||
Theo de Raadt and Dug Song | Theo de Raadt and Dug Song | ||||
removed many bugs, re-added newer features and | removed many bugs, re-added newer features and | ||||
created OpenSSH. | created OpenSSH. | ||||
Markus Friedl contributed the support for SSH | Markus Friedl contributed the support for SSH | ||||
protocol versions 1.5 and 2.0. | protocol versions 1.5 and 2.0. | ||||
Niels Provos and Markus Friedl contributed support | Niels Provos and Markus Friedl contributed support | ||||
for privilege separation. | for privilege separation. |