- stevesk@cvs.openbsd.org 2002/06/20 19:56:07

     [ssh.1 sshd.8]
     move configuration file options from ssh.1/sshd.8 to
     ssh_config.5/sshd_config.5; ok deraadt@ millert@

5 files changed, 1356 insertions, 1192 deletions

diff --git a/ChangeLog b/ChangeLog
index 664f8626..7176fcb5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,10 @@
      make the monitor sync the transfer ssh1 session key;
      transfer keycontext only for RC4 (this is still depends on EVP
      implementation details and is broken).
+   - stevesk@cvs.openbsd.org 2002/06/20 19:56:07
+     [ssh.1 sshd.8]
+     move configuration file options from ssh.1/sshd.8 to
+     ssh_config.5/sshd_config.5; ok deraadt@ millert@
  - (bal) Cygwin special handling of empty passwords wrong.  Patch by
    vinschen@redhat.com
 
@@ -965,4 +969,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2226 2002/06/21 00:43:42 mouring Exp $
+$Id: ChangeLog,v 1.2227 2002/06/21 00:59:05 mouring Exp $
diff --git a/ssh.1 b/ssh.1
index 4bd0f074..8ada41f2 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.157 2002/06/19 00:27:55 deraadt Exp $
+.\" $OpenBSD: ssh.1,v 1.158 2002/06/20 19:56:07 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -384,7 +384,7 @@ this mechanism is to prevent man-in-the-middle attacks which could
 otherwise be used to circumvent the encryption.
 The
 .Cm StrictHostKeyChecking
-option (see below) can be used to prevent logins to machines whose
+option can be used to prevent logins to machines whose
 host key is not known or has changed.
 .Pp
 The options are as follows:
@@ -568,13 +568,13 @@ and the
 .Dq level
 can be controlled by the
 .Cm CompressionLevel
-option (see below).
+option.
 Compression is desirable on modem lines and other
 slow connections, but will only slow down things on fast networks.
 The default value can be set on a host-by-host basis in the
 configuration files; see the
 .Cm Compression
-option below.
+option.
 .It Fl F Ar configfile
 Specifies an alternative per-user configuration file.
 If a configuration file is given on the command line,
@@ -649,547 +649,10 @@ to use IPv6 addresses only.
 .El
 .Sh CONFIGURATION FILES
 .Nm
-obtains configuration data from the following sources in
-the following order:
-command line options, user's configuration file
-.Pq Pa $HOME/.ssh/config ,
-and system-wide configuration file
-.Pq Pa /etc/ssh/ssh_config .
-For each parameter, the first obtained value
-will be used.
-The configuration files contain sections bracketed by
-.Dq Host
-specifications, and that section is only applied for hosts that
-match one of the patterns given in the specification.
-The matched host name is the one given on the command line.
-.Pp
-Since the first obtained value for each parameter is used, more
-host-specific declarations should be given near the beginning of the
-file, and general defaults at the end.
-.Pp
-The configuration file has the following format:
-.Pp
-Empty lines and lines starting with
-.Ql #
-are comments.
-.Pp
-Otherwise a line is of the format
-.Dq keyword arguments .
-Configuration options may be separated by whitespace or
-optional whitespace and exactly one
-.Ql = ;
-the latter format is useful to avoid the need to quote whitespace
-when specifying configuration options using the
-.Nm ssh ,
-.Nm scp
-and
-.Nm sftp
-.Fl o
-option.
-.Pp
-The possible
-keywords and their meanings are as follows (note that
-keywords are case-insensitive and arguments are case-sensitive):
-.Bl -tag -width Ds
-.It Cm Host
-Restricts the following declarations (up to the next
-.Cm Host
-keyword) to be only for those hosts that match one of the patterns
-given after the keyword.
-.Ql \&*
-and
-.Ql ?
-can be used as wildcards in the
-patterns.
-A single
-.Ql \&*
-as a pattern can be used to provide global
-defaults for all hosts.
-The host is the
-.Ar hostname
-argument given on the command line (i.e., the name is not converted to
-a canonicalized host name before matching).
-.It Cm AFSTokenPassing
-Specifies whether to pass AFS tokens to remote host.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-This option applies to protocol version 1 only.
-.It Cm BatchMode
-If set to
-.Dq yes ,
-passphrase/password querying will be disabled.
-This option is useful in scripts and other batch jobs where no user
-is present to supply the password.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-.It Cm BindAddress
-Specify the interface to transmit from on machines with multiple
-interfaces or aliased addresses.
-Note that this option does not work if
-.Cm UsePrivilegedPort
-is set to
-.Dq yes .
-.It Cm ChallengeResponseAuthentication
-Specifies whether to use challenge response authentication.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq yes .
-.It Cm CheckHostIP
-If this flag is set to
-.Dq yes ,
-ssh will additionally check the host IP address in the
-.Pa known_hosts
-file.
-This allows ssh to detect if a host key changed due to DNS spoofing.
-If the option is set to
-.Dq no ,
-the check will not be executed.
-The default is
-.Dq yes .
-.It Cm Cipher
-Specifies the cipher to use for encrypting the session
-in protocol version 1.
-Currently,
-.Dq blowfish ,
-.Dq 3des ,
-and
-.Dq des
-are supported.
-.Ar des
-is only supported in the
-.Nm
-client for interoperability with legacy protocol 1 implementations
-that do not support the
-.Ar 3des
-cipher.  Its use is strongly discouraged due to cryptographic
-weaknesses.
-The default is
-.Dq 3des .
-.It Cm Ciphers
-Specifies the ciphers allowed for protocol version 2
-in order of preference.
-Multiple ciphers must be comma-separated.
-The default is
-.Pp
-.Bd -literal
-  ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
-    aes192-cbc,aes256-cbc''
-.Ed
-.It Cm ClearAllForwardings
-Specifies that all local, remote and dynamic port forwardings
-specified in the configuration files or on the command line be
-cleared.  This option is primarily useful when used from the
-.Nm
-command line to clear port forwardings set in
-configuration files, and is automatically set by
-.Xr scp 1
-and
-.Xr sftp 1 .
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-.It Cm Compression
-Specifies whether to use compression.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-.It Cm CompressionLevel
-Specifies the compression level to use if compression is enabled.
-The argument must be an integer from 1 (fast) to 9 (slow, best).
-The default level is 6, which is good for most applications.
-The meaning of the values is the same as in
-.Xr gzip 1 .
-Note that this option applies to protocol version 1 only.
-.It Cm ConnectionAttempts
-Specifies the number of tries (one per second) to make before exiting.
-The argument must be an integer.
-This may be useful in scripts if the connection sometimes fails.
-The default is 1.
-.It Cm DynamicForward
-Specifies that a TCP/IP port on the local machine be forwarded
-over the secure channel, and the application
-protocol is then used to determine where to connect to from the
-remote machine.  The argument must be a port number.
-Currently the SOCKS4 protocol is supported, and
-.Nm
-will act as a SOCKS4 server.
-Multiple forwardings may be specified, and
-additional forwardings can be given on the command line.  Only
-the superuser can forward privileged ports.
-.It Cm EscapeChar
-Sets the escape character (default:
-.Ql ~ ) .
-The escape character can also
-be set on the command line.
-The argument should be a single character,
-.Ql ^
-followed by a letter, or
-.Dq none
-to disable the escape
-character entirely (making the connection transparent for binary
-data).
-.It Cm ForwardAgent
-Specifies whether the connection to the authentication agent (if any)
-will be forwarded to the remote machine.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-.It Cm ForwardX11
-Specifies whether X11 connections will be automatically redirected
-over the secure channel and
-.Ev DISPLAY
-set.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-.It Cm GatewayPorts
-Specifies whether remote hosts are allowed to connect to local
-forwarded ports.
-By default,
-.Nm
-binds local port forwardings to the loopback address.  This
-prevents other remote hosts from connecting to forwarded ports.
-.Cm GatewayPorts
-can be used to specify that
-.Nm
-should bind local port forwardings to the wildcard address,
-thus allowing remote hosts to connect to forwarded ports.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-.It Cm GlobalKnownHostsFile
-Specifies a file to use for the global
-host key database instead of
-.Pa /etc/ssh/ssh_known_hosts .
-.It Cm HostbasedAuthentication
-Specifies whether to try rhosts based authentication with public key
-authentication.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-This option applies to protocol version 2 only and
-is similar to
-.Cm RhostsRSAAuthentication .
-.It Cm HostKeyAlgorithms
-Specifies the protocol version 2 host key algorithms
-that the client wants to use in order of preference.
-The default for this option is:
-.Dq ssh-rsa,ssh-dss .
-.It Cm HostKeyAlias
-Specifies an alias that should be used instead of the
-real host name when looking up or saving the host key
-in the host key database files.
-This option is useful for tunneling ssh connections
-or for multiple servers running on a single host.
-.It Cm HostName
-Specifies the real host name to log into.
-This can be used to specify nicknames or abbreviations for hosts.
-Default is the name given on the command line.
-Numeric IP addresses are also permitted (both on the command line and in
-.Cm HostName
-specifications).
-.It Cm IdentityFile
-Specifies a file from which the user's RSA or DSA authentication identity
-is read. The default is
-.Pa $HOME/.ssh/identity
-for protocol version 1, and
-.Pa $HOME/.ssh/id_rsa
-and
-.Pa $HOME/.ssh/id_dsa
-for protocol version 2.
-Additionally, any identities represented by the authentication agent
-will be used for authentication.
-The file name may use the tilde
-syntax to refer to a user's home directory.
-It is possible to have
-multiple identity files specified in configuration files; all these
-identities will be tried in sequence.
-.It Cm KeepAlive
-Specifies whether the system should send TCP keepalive messages to the
-other side.
-If they are sent, death of the connection or crash of one
-of the machines will be properly noticed.
-However, this means that
-connections will die if the route is down temporarily, and some people
-find it annoying.
-.Pp
-The default is
-.Dq yes
-(to send keepalives), and the client will notice
-if the network goes down or the remote host dies.
-This is important in scripts, and many users want it too.
-.Pp
-To disable keepalives, the value should be set to
-.Dq no .
-.It Cm KerberosAuthentication
-Specifies whether Kerberos authentication will be used.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-.It Cm KerberosTgtPassing
-Specifies whether a Kerberos TGT will be forwarded to the server.
-This will only work if the Kerberos server is actually an AFS kaserver.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-.It Cm LocalForward
-Specifies that a TCP/IP port on the local machine be forwarded over
-the secure channel to the specified host and port from the remote machine.
-The first argument must be a port number, and the second must be
-.Ar host:port .
-IPv6 addresses can be specified with an alternative syntax:
-.Ar host/port .
-Multiple forwardings may be specified, and additional
-forwardings can be given on the command line.
-Only the superuser can forward privileged ports.
-.It Cm LogLevel
-Gives the verbosity level that is used when logging messages from
-.Nm ssh .
-The possible values are:
-QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
-The default is INFO.  DEBUG and DEBUG1 are equivalent.  DEBUG2
-and DEBUG3 each specify higher levels of verbose output.
-.It Cm MACs
-Specifies the MAC (message authentication code) algorithms
-in order of preference.
-The MAC algorithm is used in protocol version 2
-for data integrity protection.
-Multiple algorithms must be comma-separated.
-The default is
-.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
-.It Cm NoHostAuthenticationForLocalhost
-This option can be used if the home directory is shared across machines.
-In this case localhost will refer to a different machine on each of
-the machines and the user will get many warnings about changed host keys.
-However, this option disables host authentication for localhost.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-The default is to check the host key for localhost.
-.It Cm NumberOfPasswordPrompts
-Specifies the number of password prompts before giving up.
-The argument to this keyword must be an integer.
-Default is 3.
-.It Cm PasswordAuthentication
-Specifies whether to use password authentication.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq yes .
-.It Cm Port
-Specifies the port number to connect on the remote host.
-Default is 22.
-.It Cm PreferredAuthentications
-Specifies the order in which the client should try protocol 2
-authentication methods. This allows a client to prefer one method (e.g.
-.Cm keyboard-interactive )
-over another method (e.g.
-.Cm password )
-The default for this option is:
-.Dq hostbased,publickey,keyboard-interactive,password .
-.It Cm Protocol
-Specifies the protocol versions
-.Nm
-should support in order of preference.
-The possible values are
-.Dq 1
-and
-.Dq 2 .
-Multiple versions must be comma-separated.
-The default is
-.Dq 2,1 .
-This means that
-.Nm
-tries version 2 and falls back to version 1
-if version 2 is not available.
-.It Cm ProxyCommand
-Specifies the command to use to connect to the server.
-The command
-string extends to the end of the line, and is executed with
-.Pa /bin/sh .
-In the command string,
-.Ql %h
-will be substituted by the host name to
-connect and
-.Ql %p
-by the port.
-The command can be basically anything,
-and should read from its standard input and write to its standard output.
-It should eventually connect an
-.Xr sshd 8
-server running on some machine, or execute
-.Ic sshd -i
-somewhere.
-Host key management will be done using the
-HostName of the host being connected (defaulting to the name typed by
-the user).
-Note that
-.Cm CheckHostIP
-is not available for connects with a proxy command.
-.Pp
-.It Cm PubkeyAuthentication
-Specifies whether to try public key authentication.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq yes .
-This option applies to protocol version 2 only.
-.It Cm RemoteForward
-Specifies that a TCP/IP port on the remote machine be forwarded over
-the secure channel to the specified host and port from the local machine.
-The first argument must be a port number, and the second must be
-.Ar host:port .
-IPv6 addresses can be specified with an alternative syntax:
-.Ar host/port .
-Multiple forwardings may be specified, and additional
-forwardings can be given on the command line.
-Only the superuser can forward privileged ports.
-.It Cm RhostsAuthentication
-Specifies whether to try rhosts based authentication.
-Note that this
-declaration only affects the client side and has no effect whatsoever
-on security.
-Most servers do not permit RhostsAuthentication because it
-is not secure (see
-.Cm RhostsRSAAuthentication ) .
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-This option applies to protocol version 1 only.
-.It Cm RhostsRSAAuthentication
-Specifies whether to try rhosts based authentication with RSA host
-authentication.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-This option applies to protocol version 1 only and requires
-.Nm
-to be setuid root.
-.It Cm RSAAuthentication
-Specifies whether to try RSA authentication.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-RSA authentication will only be
-attempted if the identity file exists, or an authentication agent is
-running.
-The default is
-.Dq yes .
-Note that this option applies to protocol version 1 only.
-.It Cm SmartcardDevice
-Specifies which smartcard device to use. The argument to this keyword is
-the device
-.Nm
-should use to communicate with a smartcard used for storing the user's
-private RSA key. By default, no device is specified and smartcard support
-is not activated.
-.It Cm StrictHostKeyChecking
-If this flag is set to
-.Dq yes ,
-.Nm
-will never automatically add host keys to the
-.Pa $HOME/.ssh/known_hosts
-file, and refuses to connect to hosts whose host key has changed.
-This provides maximum protection against trojan horse attacks,
-however, can be annoying when the
-.Pa /etc/ssh/ssh_known_hosts
-file is poorly maintained, or connections to new hosts are
-frequently made.
-This option forces the user to manually
-add all new hosts.
-If this flag is set to
-.Dq no ,
-.Nm
-will automatically add new host keys to the
-user known hosts files.
-If this flag is set to
-.Dq ask ,
-new host keys
-will be added to the user known host files only after the user
-has confirmed that is what they really want to do, and
-.Nm
-will refuse to connect to hosts whose host key has changed.
-The host keys of
-known hosts will be verified automatically in all cases.
-The argument must be
-.Dq yes ,
-.Dq no
-or
-.Dq ask .
-The default is
-.Dq ask .
-.It Cm UsePrivilegedPort
-Specifies whether to use a privileged port for outgoing connections.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-Note that this option must be set to
-.Dq yes
-if
-.Cm RhostsAuthentication
-and
-.Cm RhostsRSAAuthentication
-authentications are needed with older servers.
-.It Cm User
-Specifies the user to log in as.
-This can be useful when a different user name is used on different machines.
-This saves the trouble of
-having to remember to give the user name on the command line.
-.It Cm UserKnownHostsFile
-Specifies a file to use for the user
-host key database instead of
-.Pa $HOME/.ssh/known_hosts .
-.It Cm XAuthLocation
-Specifies the location of the
-.Xr xauth 1
-program.
-The default is
-.Pa /usr/X11R6/bin/xauth .
-.El
+may additionally obtain configuration data from
+a per-user configuration file and a system-wide configuration file.
+The file format and configuration options are described in
+.Xr ssh_config 5 .
 .Sh ENVIRONMENT
 .Nm
 will normally set the following environment variables:
@@ -1324,13 +787,8 @@ never used automatically and are not necessary; they are only provided for
 the convenience of the user.
 .It Pa $HOME/.ssh/config
 This is the per-user configuration file.
-The format of this file is described above.
-This file is used by the
-.Nm
-client.
-This file does not usually contain any sensitive information,
-but the recommended permissions are read/write for the user, and not
-accessible by others.
+The file format and configuration options are described in
+.Xr ssh_config 5 .
 .It Pa $HOME/.ssh/authorized_keys
 Lists the public keys (RSA/DSA) that can be used for logging in as this user.
 The format of this file is described in the
@@ -1365,10 +823,8 @@ checking the key, because someone with access to the name servers
 would then be able to fool host authentication.
 .It Pa /etc/ssh/ssh_config
 Systemwide configuration file.
-This file provides defaults for those
-values that are not specified in the user's configuration file, and
-for those users who do not have a configuration file.
-This file must be world-readable.
+The file format and configuration options are described in
+.Xr ssh_config 5 .
 .It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
 These three files contain the private parts of the host keys
 and are used for
@@ -1496,6 +952,7 @@ protocol versions 1.5 and 2.0.
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
 .Xr telnet 1 ,
+.Xr ssh_config 4 ,
 .Xr ssh-keysign 8,
 .Xr sshd 8
 .Rs
diff --git a/ssh_config.5 b/ssh_config.5
new file mode 100644
index 00000000..53cb0fe9
--- /dev/null
+++ b/ssh_config.5
@@ -0,0 +1,621 @@
+.\"  -*- nroff -*-
+.\"
+.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
+.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+.\"                    All rights reserved
+.\"
+.\" As far as I am concerned, the code I have written for this software
+.\" can be used freely for any purpose.  Any derived versions of this
+.\" software must be clearly marked as such, and if the derived work is
+.\" incompatible with the protocol description in the RFC file, it must be
+.\" called by a name other than "ssh" or "Secure Shell".
+.\"
+.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
+.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
+.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $OpenBSD: ssh_config.5,v 1.1 2002/06/20 19:56:07 stevesk Exp $
+.Dd September 25, 1999
+.Dt SSH_CONFIG 5
+.Os
+.Sh NAME
+.Nm ssh_config
+.Nd OpenSSH SSH client configuration files
+.Sh SYNOPSIS
+.Bl -tag -width Ds -compact
+.It Pa $HOME/.ssh/config
+.It Pa /etc/ssh/ssh_config
+.El
+.Sh DESCRIPTION
+.Nm ssh
+obtains configuration data from the following sources in
+the following order:
+command line options, user's configuration file
+.Pq Pa $HOME/.ssh/config ,
+and system-wide configuration file
+.Pq Pa /etc/ssh/ssh_config .
+.Pp
+For each parameter, the first obtained value
+will be used.
+The configuration files contain sections bracketed by
+.Dq Host
+specifications, and that section is only applied for hosts that
+match one of the patterns given in the specification.
+The matched host name is the one given on the command line.
+.Pp
+Since the first obtained value for each parameter is used, more
+host-specific declarations should be given near the beginning of the
+file, and general defaults at the end.
+.Pp
+The configuration file has the following format:
+.Pp
+Empty lines and lines starting with
+.Ql #
+are comments.
+.Pp
+Otherwise a line is of the format
+.Dq keyword arguments .
+Configuration options may be separated by whitespace or
+optional whitespace and exactly one
+.Ql = ;
+the latter format is useful to avoid the need to quote whitespace
+when specifying configuration options using the
+.Nm ssh ,
+.Nm scp
+and
+.Nm sftp
+.Fl o
+option.
+.Pp
+The possible
+keywords and their meanings are as follows (note that
+keywords are case-insensitive and arguments are case-sensitive):
+.Bl -tag -width Ds
+.It Cm Host
+Restricts the following declarations (up to the next
+.Cm Host
+keyword) to be only for those hosts that match one of the patterns
+given after the keyword.
+.Ql \&*
+and
+.Ql ?
+can be used as wildcards in the
+patterns.
+A single
+.Ql \&*
+as a pattern can be used to provide global
+defaults for all hosts.
+The host is the
+.Ar hostname
+argument given on the command line (i.e., the name is not converted to
+a canonicalized host name before matching).
+.It Cm AFSTokenPassing
+Specifies whether to pass AFS tokens to remote host.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+This option applies to protocol version 1 only.
+.It Cm BatchMode
+If set to
+.Dq yes ,
+passphrase/password querying will be disabled.
+This option is useful in scripts and other batch jobs where no user
+is present to supply the password.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
+.It Cm BindAddress
+Specify the interface to transmit from on machines with multiple
+interfaces or aliased addresses.
+Note that this option does not work if
+.Cm UsePrivilegedPort
+is set to
+.Dq yes .
+.It Cm ChallengeResponseAuthentication
+Specifies whether to use challenge response authentication.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq yes .
+.It Cm CheckHostIP
+If this flag is set to
+.Dq yes ,
+ssh will additionally check the host IP address in the
+.Pa known_hosts
+file.
+This allows ssh to detect if a host key changed due to DNS spoofing.
+If the option is set to
+.Dq no ,
+the check will not be executed.
+The default is
+.Dq yes .
+.It Cm Cipher
+Specifies the cipher to use for encrypting the session
+in protocol version 1.
+Currently,
+.Dq blowfish ,
+.Dq 3des ,
+and
+.Dq des
+are supported.
+.Ar des
+is only supported in the
+.Nm ssh
+client for interoperability with legacy protocol 1 implementations
+that do not support the
+.Ar 3des
+cipher.  Its use is strongly discouraged due to cryptographic
+weaknesses.
+The default is
+.Dq 3des .
+.It Cm Ciphers
+Specifies the ciphers allowed for protocol version 2
+in order of preference.
+Multiple ciphers must be comma-separated.
+The default is
+.Pp
+.Bd -literal
+  ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
+    aes192-cbc,aes256-cbc''
+.Ed
+.It Cm ClearAllForwardings
+Specifies that all local, remote and dynamic port forwardings
+specified in the configuration files or on the command line be
+cleared.  This option is primarily useful when used from the
+.Nm ssh
+command line to clear port forwardings set in
+configuration files, and is automatically set by
+.Xr scp 1
+and
+.Xr sftp 1 .
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
+.It Cm Compression
+Specifies whether to use compression.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
+.It Cm CompressionLevel
+Specifies the compression level to use if compression is enabled.
+The argument must be an integer from 1 (fast) to 9 (slow, best).
+The default level is 6, which is good for most applications.
+The meaning of the values is the same as in
+.Xr gzip 1 .
+Note that this option applies to protocol version 1 only.
+.It Cm ConnectionAttempts
+Specifies the number of tries (one per second) to make before exiting.
+The argument must be an integer.
+This may be useful in scripts if the connection sometimes fails.
+The default is 1.
+.It Cm DynamicForward
+Specifies that a TCP/IP port on the local machine be forwarded
+over the secure channel, and the application
+protocol is then used to determine where to connect to from the
+remote machine.  The argument must be a port number.
+Currently the SOCKS4 protocol is supported, and
+.Nm ssh
+will act as a SOCKS4 server.
+Multiple forwardings may be specified, and
+additional forwardings can be given on the command line.  Only
+the superuser can forward privileged ports.
+.It Cm EscapeChar
+Sets the escape character (default:
+.Ql ~ ) .
+The escape character can also
+be set on the command line.
+The argument should be a single character,
+.Ql ^
+followed by a letter, or
+.Dq none
+to disable the escape
+character entirely (making the connection transparent for binary
+data).
+.It Cm ForwardAgent
+Specifies whether the connection to the authentication agent (if any)
+will be forwarded to the remote machine.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
+.It Cm ForwardX11
+Specifies whether X11 connections will be automatically redirected
+over the secure channel and
+.Ev DISPLAY
+set.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
+.It Cm GatewayPorts
+Specifies whether remote hosts are allowed to connect to local
+forwarded ports.
+By default,
+.Nm ssh
+binds local port forwardings to the loopback address.  This
+prevents other remote hosts from connecting to forwarded ports.
+.Cm GatewayPorts
+can be used to specify that
+.Nm ssh
+should bind local port forwardings to the wildcard address,
+thus allowing remote hosts to connect to forwarded ports.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
+.It Cm GlobalKnownHostsFile
+Specifies a file to use for the global
+host key database instead of
+.Pa /etc/ssh/ssh_known_hosts .
+.It Cm HostbasedAuthentication
+Specifies whether to try rhosts based authentication with public key
+authentication.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
+This option applies to protocol version 2 only and
+is similar to
+.Cm RhostsRSAAuthentication .
+.It Cm HostKeyAlgorithms
+Specifies the protocol version 2 host key algorithms
+that the client wants to use in order of preference.
+The default for this option is:
+.Dq ssh-rsa,ssh-dss .
+.It Cm HostKeyAlias
+Specifies an alias that should be used instead of the
+real host name when looking up or saving the host key
+in the host key database files.
+This option is useful for tunneling ssh connections
+or for multiple servers running on a single host.
+.It Cm HostName
+Specifies the real host name to log into.
+This can be used to specify nicknames or abbreviations for hosts.
+Default is the name given on the command line.
+Numeric IP addresses are also permitted (both on the command line and in
+.Cm HostName
+specifications).
+.It Cm IdentityFile
+Specifies a file from which the user's RSA or DSA authentication identity
+is read. The default is
+.Pa $HOME/.ssh/identity
+for protocol version 1, and
+.Pa $HOME/.ssh/id_rsa
+and
+.Pa $HOME/.ssh/id_dsa
+for protocol version 2.
+Additionally, any identities represented by the authentication agent
+will be used for authentication.
+The file name may use the tilde
+syntax to refer to a user's home directory.
+It is possible to have
+multiple identity files specified in configuration files; all these
+identities will be tried in sequence.
+.It Cm KeepAlive
+Specifies whether the system should send TCP keepalive messages to the
+other side.
+If they are sent, death of the connection or crash of one
+of the machines will be properly noticed.
+However, this means that
+connections will die if the route is down temporarily, and some people
+find it annoying.
+.Pp
+The default is
+.Dq yes
+(to send keepalives), and the client will notice
+if the network goes down or the remote host dies.
+This is important in scripts, and many users want it too.
+.Pp
+To disable keepalives, the value should be set to
+.Dq no .
+.It Cm KerberosAuthentication
+Specifies whether Kerberos authentication will be used.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+.It Cm KerberosTgtPassing
+Specifies whether a Kerberos TGT will be forwarded to the server.
+This will only work if the Kerberos server is actually an AFS kaserver.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+.It Cm LocalForward
+Specifies that a TCP/IP port on the local machine be forwarded over
+the secure channel to the specified host and port from the remote machine.
+The first argument must be a port number, and the second must be
+.Ar host:port .
+IPv6 addresses can be specified with an alternative syntax:
+.Ar host/port .
+Multiple forwardings may be specified, and additional
+forwardings can be given on the command line.
+Only the superuser can forward privileged ports.
+.It Cm LogLevel
+Gives the verbosity level that is used when logging messages from
+.Nm ssh .
+The possible values are:
+QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
+The default is INFO.  DEBUG and DEBUG1 are equivalent.  DEBUG2
+and DEBUG3 each specify higher levels of verbose output.
+.It Cm MACs
+Specifies the MAC (message authentication code) algorithms
+in order of preference.
+The MAC algorithm is used in protocol version 2
+for data integrity protection.
+Multiple algorithms must be comma-separated.
+The default is
+.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
+.It Cm NoHostAuthenticationForLocalhost
+This option can be used if the home directory is shared across machines.
+In this case localhost will refer to a different machine on each of
+the machines and the user will get many warnings about changed host keys.
+However, this option disables host authentication for localhost.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+The default is to check the host key for localhost.
+.It Cm NumberOfPasswordPrompts
+Specifies the number of password prompts before giving up.
+The argument to this keyword must be an integer.
+Default is 3.
+.It Cm PasswordAuthentication
+Specifies whether to use password authentication.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq yes .
+.It Cm Port
+Specifies the port number to connect on the remote host.
+Default is 22.
+.It Cm PreferredAuthentications
+Specifies the order in which the client should try protocol 2
+authentication methods. This allows a client to prefer one method (e.g.
+.Cm keyboard-interactive )
+over another method (e.g.
+.Cm password )
+The default for this option is:
+.Dq hostbased,publickey,keyboard-interactive,password .
+.It Cm Protocol
+Specifies the protocol versions
+.Nm ssh
+should support in order of preference.
+The possible values are
+.Dq 1
+and
+.Dq 2 .
+Multiple versions must be comma-separated.
+The default is
+.Dq 2,1 .
+This means that
+.Nm ssh
+tries version 2 and falls back to version 1
+if version 2 is not available.
+.It Cm ProxyCommand
+Specifies the command to use to connect to the server.
+The command
+string extends to the end of the line, and is executed with
+.Pa /bin/sh .
+In the command string,
+.Ql %h
+will be substituted by the host name to
+connect and
+.Ql %p
+by the port.
+The command can be basically anything,
+and should read from its standard input and write to its standard output.
+It should eventually connect an
+.Xr sshd 8
+server running on some machine, or execute
+.Ic sshd -i
+somewhere.
+Host key management will be done using the
+HostName of the host being connected (defaulting to the name typed by
+the user).
+Note that
+.Cm CheckHostIP
+is not available for connects with a proxy command.
+.Pp
+.It Cm PubkeyAuthentication
+Specifies whether to try public key authentication.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq yes .
+This option applies to protocol version 2 only.
+.It Cm RemoteForward
+Specifies that a TCP/IP port on the remote machine be forwarded over
+the secure channel to the specified host and port from the local machine.
+The first argument must be a port number, and the second must be
+.Ar host:port .
+IPv6 addresses can be specified with an alternative syntax:
+.Ar host/port .
+Multiple forwardings may be specified, and additional
+forwardings can be given on the command line.
+Only the superuser can forward privileged ports.
+.It Cm RhostsAuthentication
+Specifies whether to try rhosts based authentication.
+Note that this
+declaration only affects the client side and has no effect whatsoever
+on security.
+Most servers do not permit RhostsAuthentication because it
+is not secure (see
+.Cm RhostsRSAAuthentication ) .
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
+This option applies to protocol version 1 only.
+.It Cm RhostsRSAAuthentication
+Specifies whether to try rhosts based authentication with RSA host
+authentication.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
+This option applies to protocol version 1 only and requires
+.Nm ssh
+to be setuid root.
+.It Cm RSAAuthentication
+Specifies whether to try RSA authentication.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+RSA authentication will only be
+attempted if the identity file exists, or an authentication agent is
+running.
+The default is
+.Dq yes .
+Note that this option applies to protocol version 1 only.
+.It Cm SmartcardDevice
+Specifies which smartcard device to use. The argument to this keyword is
+the device
+.Nm ssh
+should use to communicate with a smartcard used for storing the user's
+private RSA key. By default, no device is specified and smartcard support
+is not activated.
+.It Cm StrictHostKeyChecking
+If this flag is set to
+.Dq yes ,
+.Nm ssh
+will never automatically add host keys to the
+.Pa $HOME/.ssh/known_hosts
+file, and refuses to connect to hosts whose host key has changed.
+This provides maximum protection against trojan horse attacks,
+however, can be annoying when the
+.Pa /etc/ssh/ssh_known_hosts
+file is poorly maintained, or connections to new hosts are
+frequently made.
+This option forces the user to manually
+add all new hosts.
+If this flag is set to
+.Dq no ,
+.Nm ssh
+will automatically add new host keys to the
+user known hosts files.
+If this flag is set to
+.Dq ask ,
+new host keys
+will be added to the user known host files only after the user
+has confirmed that is what they really want to do, and
+.Nm ssh
+will refuse to connect to hosts whose host key has changed.
+The host keys of
+known hosts will be verified automatically in all cases.
+The argument must be
+.Dq yes ,
+.Dq no
+or
+.Dq ask .
+The default is
+.Dq ask .
+.It Cm UsePrivilegedPort
+Specifies whether to use a privileged port for outgoing connections.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
+Note that this option must be set to
+.Dq yes
+if
+.Cm RhostsAuthentication
+and
+.Cm RhostsRSAAuthentication
+authentications are needed with older servers.
+.It Cm User
+Specifies the user to log in as.
+This can be useful when a different user name is used on different machines.
+This saves the trouble of
+having to remember to give the user name on the command line.
+.It Cm UserKnownHostsFile
+Specifies a file to use for the user
+host key database instead of
+.Pa $HOME/.ssh/known_hosts .
+.It Cm XAuthLocation
+Specifies the location of the
+.Xr xauth 1
+program.
+The default is
+.Pa /usr/X11R6/bin/xauth .
+.El
+.Sh FILES
+.Bl -tag -width Ds
+.It Pa $HOME/.ssh/config
+This is the per-user configuration file.
+The format of this file is described above.
+This file is used by the
+.Nm ssh
+client.
+This file does not usually contain any sensitive information,
+but the recommended permissions are read/write for the user, and not
+accessible by others.
+.It Pa /etc/ssh/ssh_config
+Systemwide configuration file.
+This file provides defaults for those
+values that are not specified in the user's configuration file, and
+for those users who do not have a configuration file.
+This file must be world-readable.
+.El
+.Sh AUTHORS
+OpenSSH is a derivative of the original and free
+ssh 1.2.12 release by Tatu Ylonen.
+Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
+Theo de Raadt and Dug Song
+removed many bugs, re-added newer features and
+created OpenSSH.
+Markus Friedl contributed the support for SSH
+protocol versions 1.5 and 2.0.
+.Sh SEE ALSO
+.Xr ssh 1
diff --git a/sshd.8 b/sshd.8
index aae973c5..22f81432 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.183 2002/05/29 03:06:30 stevesk Exp $
+.\" $OpenBSD: sshd.8,v 1.184 2002/06/20 19:56:07 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSHD 8
 .Os
@@ -320,638 +320,8 @@ reads configuration data from
 (or the file specified with
 .Fl f
 on the command line).
-The file contains keyword-argument pairs, one per line.
-Lines starting with
-.Ql #
-and empty lines are interpreted as comments.
-.Pp
-The possible
-keywords and their meanings are as follows (note that
-keywords are case-insensitive and arguments are case-sensitive):
-.Bl -tag -width Ds
-.It Cm AFSTokenPassing
-Specifies whether an AFS token may be forwarded to the server.
-Default is
-.Dq no .
-.It Cm AllowGroups
-This keyword can be followed by a list of group name patterns, separated
-by spaces.
-If specified, login is allowed only for users whose primary
-group or supplementary group list matches one of the patterns.
-.Ql \&*
-and
-.Ql ?
-can be used as
-wildcards in the patterns.
-Only group names are valid; a numerical group ID is not recognized.
-By default, login is allowed for all groups.
-.Pp
-.It Cm AllowTcpForwarding
-Specifies whether TCP forwarding is permitted.
-The default is
-.Dq yes .
-Note that disabling TCP forwarding does not improve security unless
-users are also denied shell access, as they can always install their
-own forwarders.
-.Pp
-.It Cm AllowUsers
-This keyword can be followed by a list of user name patterns, separated
-by spaces.
-If specified, login is allowed only for users names that
-match one of the patterns.
-.Ql \&*
-and
-.Ql ?
-can be used as
-wildcards in the patterns.
-Only user names are valid; a numerical user ID is not recognized.
-By default, login is allowed for all users.
-If the pattern takes the form USER@HOST then USER and HOST
-are separately checked, restricting logins to particular
-users from particular hosts.
-.Pp
-.It Cm AuthorizedKeysFile
-Specifies the file that contains the public keys that can be used
-for user authentication.
-.Cm AuthorizedKeysFile
-may contain tokens of the form %T which are substituted during connection
-set-up. The following tokens are defined: %% is replaced by a literal '%',
-%h is replaced by the home directory of the user being authenticated and
-%u is replaced by the username of that user.
-After expansion,
-.Cm AuthorizedKeysFile
-is taken to be an absolute path or one relative to the user's home
-directory.
-The default is
-.Dq .ssh/authorized_keys .
-.It Cm Banner
-In some jurisdictions, sending a warning message before authentication
-may be relevant for getting legal protection.
-The contents of the specified file are sent to the remote user before
-authentication is allowed.
-This option is only available for protocol version 2.
-By default, no banner is displayed.
-.Pp
-.It Cm ChallengeResponseAuthentication
-Specifies whether challenge response authentication is allowed.
-All authentication styles from
-.Xr login.conf 5
-are supported.
-The default is
-.Dq yes .
-.It Cm Ciphers
-Specifies the ciphers allowed for protocol version 2.
-Multiple ciphers must be comma-separated.
-The default is
-.Pp
-.Bd -literal
-  ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
-    aes192-cbc,aes256-cbc''
-.Ed
-.It Cm ClientAliveInterval
-Sets a timeout interval in seconds after which if no data has been received
-from the client,
-.Nm
-will send a message through the encrypted
-channel to request a response from the client.
-The default
-is 0, indicating that these messages will not be sent to the client.
-This option applies to protocol version 2 only.
-.It Cm ClientAliveCountMax
-Sets the number of client alive messages (see above) which may be
-sent without
-.Nm
-receiving any messages back from the client. If this threshold is
-reached while client alive messages are being sent,
-.Nm
-will disconnect the client, terminating the session. It is important
-to note that the use of client alive messages is very different from
-.Cm KeepAlive
-(below). The client alive messages are sent through the
-encrypted channel and therefore will not be spoofable. The TCP keepalive
-option enabled by
-.Cm KeepAlive
-is spoofable. The client alive mechanism is valuable when the client or
-server depend on knowing when a connection has become inactive.
-.Pp
-The default value is 3. If
-.Cm ClientAliveInterval
-(above) is set to 15, and
-.Cm ClientAliveCountMax
-is left at the default, unresponsive ssh clients
-will be disconnected after approximately 45 seconds.
-.It Cm DenyGroups
-This keyword can be followed by a list of group name patterns, separated
-by spaces.
-Login is disallowed for users whose primary group or supplementary
-group list matches one of the patterns.
-.Ql \&*
-and
-.Ql ?
-can be used as
-wildcards in the patterns.
-Only group names are valid; a numerical group ID is not recognized.
-By default, login is allowed for all groups.
-.Pp
-.It Cm DenyUsers
-This keyword can be followed by a list of user name patterns, separated
-by spaces.
-Login is disallowed for user names that match one of the patterns.
-.Ql \&*
-and
-.Ql ?
-can be used as wildcards in the patterns.
-Only user names are valid; a numerical user ID is not recognized.
-By default, login is allowed for all users.
-If the pattern takes the form USER@HOST then USER and HOST
-are separately checked, restricting logins to particular
-users from particular hosts.
-.It Cm GatewayPorts
-Specifies whether remote hosts are allowed to connect to ports
-forwarded for the client.
-By default,
-.Nm
-binds remote port forwardings to the loopback address.  This
-prevents other remote hosts from connecting to forwarded ports.
-.Cm GatewayPorts
-can be used to specify that
-.Nm
-should bind remote port forwardings to the wildcard address,
-thus allowing remote hosts to connect to forwarded ports.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq no .
-.It Cm HostbasedAuthentication
-Specifies whether rhosts or /etc/hosts.equiv authentication together
-with successful public key client host authentication is allowed
-(hostbased authentication).
-This option is similar to
-.Cm RhostsRSAAuthentication
-and applies to protocol version 2 only.
-The default is
-.Dq no .
-.It Cm HostKey
-Specifies a file containing a private host key
-used by SSH.
-The default is
-.Pa /etc/ssh/ssh_host_key
-for protocol version 1, and
-.Pa /etc/ssh/ssh_host_rsa_key
-and
-.Pa /etc/ssh/ssh_host_dsa_key
-for protocol version 2.
-Note that
-.Nm
-will refuse to use a file if it is group/world-accessible.
-It is possible to have multiple host key files.
-.Dq rsa1
-keys are used for version 1 and
-.Dq dsa
-or
-.Dq rsa
-are used for version 2 of the SSH protocol.
-.It Cm IgnoreRhosts
-Specifies that
-.Pa .rhosts
-and
-.Pa .shosts
-files will not be used in
-.Cm RhostsAuthentication ,
-.Cm RhostsRSAAuthentication
-or
-.Cm HostbasedAuthentication .
-.Pp
-.Pa /etc/hosts.equiv
-and
-.Pa /etc/shosts.equiv
-are still used.
-The default is
-.Dq yes .
-.It Cm IgnoreUserKnownHosts
-Specifies whether
-.Nm
-should ignore the user's
-.Pa $HOME/.ssh/known_hosts
-during
-.Cm RhostsRSAAuthentication
-or
-.Cm HostbasedAuthentication .
-The default is
-.Dq no .
-.It Cm KeepAlive
-Specifies whether the system should send TCP keepalive messages to the
-other side.
-If they are sent, death of the connection or crash of one
-of the machines will be properly noticed.
-However, this means that
-connections will die if the route is down temporarily, and some people
-find it annoying.
-On the other hand, if keepalives are not sent,
-sessions may hang indefinitely on the server, leaving
-.Dq ghost
-users and consuming server resources.
-.Pp
-The default is
-.Dq yes
-(to send keepalives), and the server will notice
-if the network goes down or the client host crashes.
-This avoids infinitely hanging sessions.
-.Pp
-To disable keepalives, the value should be set to
-.Dq no .
-.It Cm KerberosAuthentication
-Specifies whether Kerberos authentication is allowed.
-This can be in the form of a Kerberos ticket, or if
-.Cm PasswordAuthentication
-is yes, the password provided by the user will be validated through
-the Kerberos KDC.
-To use this option, the server needs a
-Kerberos servtab which allows the verification of the KDC's identity.
-Default is
-.Dq no .
-.It Cm KerberosOrLocalPasswd
-If set then if password authentication through Kerberos fails then
-the password will be validated via any additional local mechanism
-such as
-.Pa /etc/passwd .
-Default is
-.Dq yes .
-.It Cm KerberosTgtPassing
-Specifies whether a Kerberos TGT may be forwarded to the server.
-Default is
-.Dq no ,
-as this only works when the Kerberos KDC is actually an AFS kaserver.
-.It Cm KerberosTicketCleanup
-Specifies whether to automatically destroy the user's ticket cache
-file on logout.
-Default is
-.Dq yes .
-.It Cm KeyRegenerationInterval
-In protocol version 1, the ephemeral server key is automatically regenerated
-after this many seconds (if it has been used).
-The purpose of regeneration is to prevent
-decrypting captured sessions by later breaking into the machine and
-stealing the keys.
-The key is never stored anywhere.
-If the value is 0, the key is never regenerated.
-The default is 3600 (seconds).
-.It Cm ListenAddress
-Specifies the local addresses
-.Nm
-should listen on.
-The following forms may be used:
-.Pp
-.Bl -item -offset indent -compact
-.It
-.Cm ListenAddress
-.Sm off
-.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
-.Sm on
-.It
-.Cm ListenAddress
-.Sm off
-.Ar host No | Ar IPv4_addr No : Ar port
-.Sm on
-.It
-.Cm ListenAddress
-.Sm off
-.Oo
-.Ar host No | Ar IPv6_addr Oc : Ar port
-.Sm on
-.El
-.Pp
-If
-.Ar port
-is not specified,
-.Nm
-will listen on the address and all prior
-.Cm Port
-options specified. The default is to listen on all local
-addresses.  Multiple
-.Cm ListenAddress
-options are permitted. Additionally, any
-.Cm Port
-options must precede this option for non port qualified addresses.
-.It Cm LoginGraceTime
-The server disconnects after this time if the user has not
-successfully logged in.
-If the value is 0, there is no time limit.
-The default is 600 (seconds).
-.It Cm LogLevel
-Gives the verbosity level that is used when logging messages from
-.Nm sshd .
-The possible values are:
-QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
-The default is INFO.  DEBUG and DEBUG1 are equivalent.  DEBUG2
-and DEBUG3 each specify higher levels of debugging output.
-Logging with a DEBUG level violates the privacy of users
-and is not recommended.
-.It Cm MACs
-Specifies the available MAC (message authentication code) algorithms.
-The MAC algorithm is used in protocol version 2
-for data integrity protection.
-Multiple algorithms must be comma-separated.
-The default is
-.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
-.It Cm MaxStartups
-Specifies the maximum number of concurrent unauthenticated connections to the
-.Nm
-daemon.
-Additional connections will be dropped until authentication succeeds or the
-.Cm LoginGraceTime
-expires for a connection.
-The default is 10.
-.Pp
-Alternatively, random early drop can be enabled by specifying
-the three colon separated values
-.Dq start:rate:full
-(e.g., "10:30:60").
-.Nm
-will refuse connection attempts with a probability of
-.Dq rate/100
-(30%)
-if there are currently
-.Dq start
-(10)
-unauthenticated connections.
-The probability increases linearly and all connection attempts
-are refused if the number of unauthenticated connections reaches
-.Dq full
-(60).
-.It Cm PAMAuthenticationViaKbdInt
-Specifies whether PAM challenge response authentication is allowed. This
-allows the use of most PAM challenge response authentication modules, but 
-it will allow password authentication regardless of whether 
-.Cm PasswordAuthentication
-is disabled.
-The default is
-.Dq no .
-.It Cm PasswordAuthentication
-Specifies whether password authentication is allowed.
-The default is
-.Dq yes .
-.It Cm PermitEmptyPasswords
-When password authentication is allowed, it specifies whether the
-server allows login to accounts with empty password strings.
-The default is
-.Dq no .
-.It Cm PermitRootLogin
-Specifies whether root can login using
-.Xr ssh 1 .
-The argument must be
-.Dq yes ,
-.Dq without-password ,
-.Dq forced-commands-only
-or
-.Dq no .
-The default is
-.Dq yes .
-.Pp
-If this option is set to
-.Dq without-password
-password authentication is disabled for root.
-.Pp
-If this option is set to
-.Dq forced-commands-only
-root login with public key authentication will be allowed,
-but only if the
-.Ar command
-option has been specified
-(which may be useful for taking remote backups even if root login is
-normally not allowed). All other authentication methods are disabled
-for root.
-.Pp
-If this option is set to
-.Dq no
-root is not allowed to login.
-.It Cm PidFile
-Specifies the file that contains the process identifier of the
-.Nm
-daemon.
-The default is
-.Pa /var/run/sshd.pid .
-.It Cm Port
-Specifies the port number that
-.Nm
-listens on.
-The default is 22.
-Multiple options of this type are permitted.
-See also
-.Cm ListenAddress .
-.It Cm PrintLastLog
-Specifies whether
-.Nm
-should print the date and time when the user last logged in.
-The default is
-.Dq yes .
-.It Cm PrintMotd
-Specifies whether
-.Nm
-should print
-.Pa /etc/motd
-when a user logs in interactively.
-(On some systems it is also printed by the shell,
-.Pa /etc/profile ,
-or equivalent.)
-The default is
-.Dq yes .
-.It Cm Protocol
-Specifies the protocol versions
-.Nm
-should support.
-The possible values are
-.Dq 1
-and
-.Dq 2 .
-Multiple versions must be comma-separated.
-The default is
-.Dq 2,1 .
-.It Cm PubkeyAuthentication
-Specifies whether public key authentication is allowed.
-The default is
-.Dq yes .
-Note that this option applies to protocol version 2 only.
-.It Cm RhostsAuthentication
-Specifies whether authentication using rhosts or /etc/hosts.equiv
-files is sufficient.
-Normally, this method should not be permitted because it is insecure.
-.Cm RhostsRSAAuthentication
-should be used
-instead, because it performs RSA-based host authentication in addition
-to normal rhosts or /etc/hosts.equiv authentication.
-The default is
-.Dq no .
-This option applies to protocol version 1 only.
-.It Cm RhostsRSAAuthentication
-Specifies whether rhosts or /etc/hosts.equiv authentication together
-with successful RSA host authentication is allowed.
-The default is
-.Dq no .
-This option applies to protocol version 1 only.
-.It Cm RSAAuthentication
-Specifies whether pure RSA authentication is allowed.
-The default is
-.Dq yes .
-This option applies to protocol version 1 only.
-.It Cm ServerKeyBits
-Defines the number of bits in the ephemeral protocol version 1 server key.
-The minimum value is 512, and the default is 768.
-.It Cm StrictModes
-Specifies whether
-.Nm
-should check file modes and ownership of the
-user's files and home directory before accepting login.
-This is normally desirable because novices sometimes accidentally leave their
-directory or files world-writable.
-The default is
-.Dq yes .
-.It Cm Subsystem
-Configures an external subsystem (e.g., file transfer daemon).
-Arguments should be a subsystem name and a command to execute upon subsystem
-request.
-The command
-.Xr sftp-server 8
-implements the
-.Dq sftp
-file transfer subsystem.
-By default no subsystems are defined.
-Note that this option applies to protocol version 2 only.
-.It Cm SyslogFacility
-Gives the facility code that is used when logging messages from
-.Nm sshd .
-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
-LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
-The default is AUTH.
-.It Cm UseLogin
-Specifies whether
-.Xr login 1
-is used for interactive login sessions.
-The default is
-.Dq no .
-Note that
-.Xr login 1
-is never used for remote command execution.
-Note also, that if this is enabled,
-.Cm X11Forwarding
-will be disabled because
-.Xr login 1
-does not know how to handle
-.Xr xauth 1
-cookies.  If
-.Cm UsePrivilegeSeparation
-is specified, it will be disabled after authentication.
-.It Cm UsePrivilegeSeparation
-Specifies whether
-.Nm
-separated privileges by creating an unprivileged child process
-to deal with incoming network traffic.  After successful authentication,
-another process will be created that has the privilege of the authenticated
-user.  The goal of privilege separation is to prevent privilege
-escalation by containing any corruption within the unprivileged processes.
-The default is
-.Dq yes .
-.It Cm VerifyReverseMapping
-Specifies whether
-.Nm
-should try to verify the remote host name and check that
-the resolved host name for the remote IP address maps back to the
-very same IP address.
-The default is
-.Dq no .
-.It Cm X11DisplayOffset
-Specifies the first display number available for
-.Nm sshd Ns 's
-X11 forwarding.
-This prevents
-.Nm
-from interfering with real X11 servers.
-The default is 10.
-.It Cm X11Forwarding
-Specifies whether X11 forwarding is permitted.
-The default is
-.Dq no .
-Note that disabling X11 forwarding does not improve security in any
-way, as users can always install their own forwarders.
-X11 forwarding is automatically disabled if
-.Cm UseLogin
-is enabled.
-.It Cm X11UseLocalhost
-Specifies whether
-.Nm
-should bind the X11 forwarding server to the loopback address or to
-the wildcard address.  By default,
-.Nm
-binds the forwarding server to the loopback address and sets the
-hostname part of the
-.Ev DISPLAY
-environment variable to
-.Dq localhost .
-This prevents remote hosts from connecting to the fake display.
-However, some older X11 clients may not function with this
-configuration.
-.Cm X11UseLocalhost
-may be set to
-.Dq no
-to specify that the forwarding server should be bound to the wildcard
-address.
-The argument must be
-.Dq yes
-or
-.Dq no .
-The default is
-.Dq yes .
-.It Cm XAuthLocation
-Specifies the location of the
-.Xr xauth 1
-program.
-The default is
-.Pa /usr/X11R6/bin/xauth .
-.El
-.Ss Time Formats
-.Pp
-.Nm
-command-line arguments and configuration file options that specify time
-may be expressed using a sequence of the form:
-.Sm off
-.Ar time Oo Ar qualifier Oc ,
-.Sm on
-where
-.Ar time
-is a positive integer value and
-.Ar qualifier
-is one of the following:
-.Pp
-.Bl -tag -width Ds -compact -offset indent
-.It Cm <none>
-seconds
-.It Cm s | Cm S
-seconds
-.It Cm m | Cm M
-minutes
-.It Cm h | Cm H
-hours
-.It Cm d | Cm D
-days
-.It Cm w | Cm W
-weeks
-.El
-.Pp
-Each member of the sequence is added together to calculate
-the total time value.
-.Pp
-Time format examples:
-.Pp
-.Bl -tag -width Ds -compact -offset indent
-.It 600
-600 seconds (10 minutes)
-.It 10m
-10 minutes
-.It 1h30m
-1 hour 30 minutes (90 minutes)
-.El
+The file format and configuration options are described in
+.Xr sshd_config 5 .
 .Sh LOGIN PROCESS
 When a user successfully logs in,
 .Nm
@@ -1187,8 +557,8 @@ cvs.openbsd.org,199.185.137.3 ssh-rsa AAAA1234.....=
 .It Pa /etc/ssh/sshd_config
 Contains configuration data for
 .Nm sshd .
-This file should be writable by root only, but it is recommended
-(though not necessary) that it be world-readable.
+The file format and configuration options are described in
+.Xr sshd_config 5 .
 .It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
 These three files contain the private parts of the host keys.
 These files should only be owned by root, readable only by root, and not
@@ -1389,6 +759,7 @@ for privilege separation.
 .Xr ssh-keygen 1 ,
 .Xr login.conf 5 ,
 .Xr moduli 5 ,
+.Xr sshd_config 5 ,
 .Xr sftp-server 8
 .Rs
 .%A T. Ylonen
diff --git a/sshd_config.5 b/sshd_config.5
new file mode 100644
index 00000000..1aecd485
--- /dev/null
+++ b/sshd_config.5
@@ -0,0 +1,711 @@
+.\"  -*- nroff -*-
+.\"
+.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
+.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
+.\"                    All rights reserved
+.\"
+.\" As far as I am concerned, the code I have written for this software
+.\" can be used freely for any purpose.  Any derived versions of this
+.\" software must be clearly marked as such, and if the derived work is
+.\" incompatible with the protocol description in the RFC file, it must be
+.\" called by a name other than "ssh" or "Secure Shell".
+.\"
+.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
+.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
+.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\"    notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\"    notice, this list of conditions and the following disclaimer in the
+.\"    documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\"
+.\" $OpenBSD: sshd_config.5,v 1.3 2002/06/20 23:37:12 markus Exp $
+.Dd September 25, 1999
+.Dt SSHD_CONFIG 5
+.Os
+.Sh NAME
+.Nm sshd_config
+.Nd OpenSSH SSH daemon configuration file
+.Sh SYNOPSIS
+.Bl -tag -width Ds -compact
+.It Pa /etc/ssh/sshd_config
+.El
+.Sh DESCRIPTION
+.Nm sshd
+reads configuration data from
+.Pa /etc/ssh/sshd_config
+(or the file specified with
+.Fl f
+on the command line).
+The file contains keyword-argument pairs, one per line.
+Lines starting with
+.Ql #
+and empty lines are interpreted as comments.
+.Pp
+The possible
+keywords and their meanings are as follows (note that
+keywords are case-insensitive and arguments are case-sensitive):
+.Bl -tag -width Ds
+.It Cm AFSTokenPassing
+Specifies whether an AFS token may be forwarded to the server.
+Default is
+.Dq no .
+.It Cm AllowGroups
+This keyword can be followed by a list of group name patterns, separated
+by spaces.
+If specified, login is allowed only for users whose primary
+group or supplementary group list matches one of the patterns.
+.Ql \&*
+and
+.Ql ?
+can be used as
+wildcards in the patterns.
+Only group names are valid; a numerical group ID is not recognized.
+By default, login is allowed for all groups.
+.Pp
+.It Cm AllowTcpForwarding
+Specifies whether TCP forwarding is permitted.
+The default is
+.Dq yes .
+Note that disabling TCP forwarding does not improve security unless
+users are also denied shell access, as they can always install their
+own forwarders.
+.Pp
+.It Cm AllowUsers
+This keyword can be followed by a list of user name patterns, separated
+by spaces.
+If specified, login is allowed only for users names that
+match one of the patterns.
+.Ql \&*
+and
+.Ql ?
+can be used as
+wildcards in the patterns.
+Only user names are valid; a numerical user ID is not recognized.
+By default, login is allowed for all users.
+If the pattern takes the form USER@HOST then USER and HOST
+are separately checked, restricting logins to particular
+users from particular hosts.
+.Pp
+.It Cm AuthorizedKeysFile
+Specifies the file that contains the public keys that can be used
+for user authentication.
+.Cm AuthorizedKeysFile
+may contain tokens of the form %T which are substituted during connection
+set-up. The following tokens are defined: %% is replaced by a literal '%',
+%h is replaced by the home directory of the user being authenticated and
+%u is replaced by the username of that user.
+After expansion,
+.Cm AuthorizedKeysFile
+is taken to be an absolute path or one relative to the user's home
+directory.
+The default is
+.Dq .ssh/authorized_keys .
+.It Cm Banner
+In some jurisdictions, sending a warning message before authentication
+may be relevant for getting legal protection.
+The contents of the specified file are sent to the remote user before
+authentication is allowed.
+This option is only available for protocol version 2.
+By default, no banner is displayed.
+.Pp
+.It Cm ChallengeResponseAuthentication
+Specifies whether challenge response authentication is allowed.
+All authentication styles from
+.Xr login.conf 5
+are supported.
+The default is
+.Dq yes .
+.It Cm Ciphers
+Specifies the ciphers allowed for protocol version 2.
+Multiple ciphers must be comma-separated.
+The default is
+.Pp
+.Bd -literal
+  ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
+    aes192-cbc,aes256-cbc''
+.Ed
+.It Cm ClientAliveInterval
+Sets a timeout interval in seconds after which if no data has been received
+from the client,
+.Nm sshd
+will send a message through the encrypted
+channel to request a response from the client.
+The default
+is 0, indicating that these messages will not be sent to the client.
+This option applies to protocol version 2 only.
+.It Cm ClientAliveCountMax
+Sets the number of client alive messages (see above) which may be
+sent without
+.Nm sshd
+receiving any messages back from the client. If this threshold is
+reached while client alive messages are being sent,
+.Nm sshd
+will disconnect the client, terminating the session. It is important
+to note that the use of client alive messages is very different from
+.Cm KeepAlive
+(below). The client alive messages are sent through the
+encrypted channel and therefore will not be spoofable. The TCP keepalive
+option enabled by
+.Cm KeepAlive
+is spoofable. The client alive mechanism is valuable when the client or
+server depend on knowing when a connection has become inactive.
+.Pp
+The default value is 3. If
+.Cm ClientAliveInterval
+(above) is set to 15, and
+.Cm ClientAliveCountMax
+is left at the default, unresponsive ssh clients
+will be disconnected after approximately 45 seconds.
+.It Cm Compression
+Specifies whether compression is allowed.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq yes .
+.It Cm DenyGroups
+This keyword can be followed by a list of group name patterns, separated
+by spaces.
+Login is disallowed for users whose primary group or supplementary
+group list matches one of the patterns.
+.Ql \&*
+and
+.Ql ?
+can be used as
+wildcards in the patterns.
+Only group names are valid; a numerical group ID is not recognized.
+By default, login is allowed for all groups.
+.Pp
+.It Cm DenyUsers
+This keyword can be followed by a list of user name patterns, separated
+by spaces.
+Login is disallowed for user names that match one of the patterns.
+.Ql \&*
+and
+.Ql ?
+can be used as wildcards in the patterns.
+Only user names are valid; a numerical user ID is not recognized.
+By default, login is allowed for all users.
+If the pattern takes the form USER@HOST then USER and HOST
+are separately checked, restricting logins to particular
+users from particular hosts.
+.It Cm GatewayPorts
+Specifies whether remote hosts are allowed to connect to ports
+forwarded for the client.
+By default,
+.Nm sshd
+binds remote port forwardings to the loopback address.  This
+prevents other remote hosts from connecting to forwarded ports.
+.Cm GatewayPorts
+can be used to specify that
+.Nm sshd
+should bind remote port forwardings to the wildcard address,
+thus allowing remote hosts to connect to forwarded ports.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
+.It Cm HostbasedAuthentication
+Specifies whether rhosts or /etc/hosts.equiv authentication together
+with successful public key client host authentication is allowed
+(hostbased authentication).
+This option is similar to
+.Cm RhostsRSAAuthentication
+and applies to protocol version 2 only.
+The default is
+.Dq no .
+.It Cm HostKey
+Specifies a file containing a private host key
+used by SSH.
+The default is
+.Pa /etc/ssh/ssh_host_key
+for protocol version 1, and
+.Pa /etc/ssh/ssh_host_rsa_key
+and
+.Pa /etc/ssh/ssh_host_dsa_key
+for protocol version 2.
+Note that
+.Nm sshd
+will refuse to use a file if it is group/world-accessible.
+It is possible to have multiple host key files.
+.Dq rsa1
+keys are used for version 1 and
+.Dq dsa
+or
+.Dq rsa
+are used for version 2 of the SSH protocol.
+.It Cm IgnoreRhosts
+Specifies that
+.Pa .rhosts
+and
+.Pa .shosts
+files will not be used in
+.Cm RhostsAuthentication ,
+.Cm RhostsRSAAuthentication
+or
+.Cm HostbasedAuthentication .
+.Pp
+.Pa /etc/hosts.equiv
+and
+.Pa /etc/shosts.equiv
+are still used.
+The default is
+.Dq yes .
+.It Cm IgnoreUserKnownHosts
+Specifies whether
+.Nm sshd
+should ignore the user's
+.Pa $HOME/.ssh/known_hosts
+during
+.Cm RhostsRSAAuthentication
+or
+.Cm HostbasedAuthentication .
+The default is
+.Dq no .
+.It Cm KeepAlive
+Specifies whether the system should send TCP keepalive messages to the
+other side.
+If they are sent, death of the connection or crash of one
+of the machines will be properly noticed.
+However, this means that
+connections will die if the route is down temporarily, and some people
+find it annoying.
+On the other hand, if keepalives are not sent,
+sessions may hang indefinitely on the server, leaving
+.Dq ghost
+users and consuming server resources.
+.Pp
+The default is
+.Dq yes
+(to send keepalives), and the server will notice
+if the network goes down or the client host crashes.
+This avoids infinitely hanging sessions.
+.Pp
+To disable keepalives, the value should be set to
+.Dq no .
+.It Cm KerberosAuthentication
+Specifies whether Kerberos authentication is allowed.
+This can be in the form of a Kerberos ticket, or if
+.It Cm PAMAuthenticationViaKbdInt
+Specifies whether PAM challenge response authentication is allowed. This
+allows the use of most PAM challenge response authentication modules, but
+it will allow password authentication regardless of whether
+.Cm PasswordAuthentication
+is yes, the password provided by the user will be validated through
+the Kerberos KDC.
+To use this option, the server needs a
+Kerberos servtab which allows the verification of the KDC's identity.
+Default is
+.Dq no .
+.It Cm KerberosOrLocalPasswd
+If set then if password authentication through Kerberos fails then
+the password will be validated via any additional local mechanism
+such as
+.Pa /etc/passwd .
+Default is
+.Dq yes .
+.It Cm KerberosTgtPassing
+Specifies whether a Kerberos TGT may be forwarded to the server.
+Default is
+.Dq no ,
+as this only works when the Kerberos KDC is actually an AFS kaserver.
+.It Cm KerberosTicketCleanup
+Specifies whether to automatically destroy the user's ticket cache
+file on logout.
+Default is
+.Dq yes .
+.It Cm KeyRegenerationInterval
+In protocol version 1, the ephemeral server key is automatically regenerated
+after this many seconds (if it has been used).
+The purpose of regeneration is to prevent
+decrypting captured sessions by later breaking into the machine and
+stealing the keys.
+The key is never stored anywhere.
+If the value is 0, the key is never regenerated.
+The default is 3600 (seconds).
+.It Cm ListenAddress
+Specifies the local addresses
+.Nm sshd
+should listen on.
+The following forms may be used:
+.Pp
+.Bl -item -offset indent -compact
+.It
+.Cm ListenAddress
+.Sm off
+.Ar host No | Ar IPv4_addr No | Ar IPv6_addr
+.Sm on
+.It
+.Cm ListenAddress
+.Sm off
+.Ar host No | Ar IPv4_addr No : Ar port
+.Sm on
+.It
+.Cm ListenAddress
+.Sm off
+.Oo
+.Ar host No | Ar IPv6_addr Oc : Ar port
+.Sm on
+.El
+.Pp
+If
+.Ar port
+is not specified,
+.Nm sshd
+will listen on the address and all prior
+.Cm Port
+options specified. The default is to listen on all local
+addresses.  Multiple
+.Cm ListenAddress
+options are permitted. Additionally, any
+.Cm Port
+options must precede this option for non port qualified addresses.
+.It Cm LoginGraceTime
+The server disconnects after this time if the user has not
+successfully logged in.
+If the value is 0, there is no time limit.
+The default is 600 (seconds).
+.It Cm LogLevel
+Gives the verbosity level that is used when logging messages from
+.Nm sshd .
+The possible values are:
+QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3.
+The default is INFO.  DEBUG and DEBUG1 are equivalent.  DEBUG2
+and DEBUG3 each specify higher levels of debugging output.
+Logging with a DEBUG level violates the privacy of users
+and is not recommended.
+.It Cm MACs
+Specifies the available MAC (message authentication code) algorithms.
+The MAC algorithm is used in protocol version 2
+for data integrity protection.
+Multiple algorithms must be comma-separated.
+The default is
+.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
+.It Cm MaxStartups
+Specifies the maximum number of concurrent unauthenticated connections to the
+.Nm sshd
+daemon.
+Additional connections will be dropped until authentication succeeds or the
+.Cm LoginGraceTime
+expires for a connection.
+The default is 10.
+.Pp
+Alternatively, random early drop can be enabled by specifying
+the three colon separated values
+.Dq start:rate:full
+(e.g., "10:30:60").
+.Nm sshd
+will refuse connection attempts with a probability of
+.Dq rate/100
+(30%)
+if there are currently
+.Dq start
+(10)
+unauthenticated connections.
+The probability increases linearly and all connection attempts
+are refused if the number of unauthenticated connections reaches
+.Dq full
+(60).
+.It Cm PasswordAuthentication
+Specifies whether password authentication is allowed.
+The default is
+.Dq yes .
+.It Cm PermitEmptyPasswords
+When password authentication is allowed, it specifies whether the
+server allows login to accounts with empty password strings.
+The default is
+.Dq no .
+.It Cm PermitRootLogin
+Specifies whether root can login using
+.Xr ssh 1 .
+The argument must be
+.Dq yes ,
+.Dq without-password ,
+.Dq forced-commands-only
+or
+.Dq no .
+The default is
+.Dq yes .
+.Pp
+If this option is set to
+.Dq without-password
+password authentication is disabled for root.
+.Pp
+If this option is set to
+.Dq forced-commands-only
+root login with public key authentication will be allowed,
+but only if the
+.Ar command
+option has been specified
+(which may be useful for taking remote backups even if root login is
+normally not allowed). All other authentication methods are disabled
+for root.
+.Pp
+If this option is set to
+.Dq no
+root is not allowed to login.
+.It Cm PidFile
+Specifies the file that contains the process identifier of the
+.Nm sshd
+daemon.
+The default is
+.Pa /var/run/sshd.pid .
+.It Cm Port
+Specifies the port number that
+.Nm sshd
+listens on.
+The default is 22.
+Multiple options of this type are permitted.
+See also
+.Cm ListenAddress .
+.It Cm PrintLastLog
+Specifies whether
+.Nm sshd
+should print the date and time when the user last logged in.
+The default is
+.Dq yes .
+.It Cm PrintMotd
+Specifies whether
+.Nm sshd
+should print
+.Pa /etc/motd
+when a user logs in interactively.
+(On some systems it is also printed by the shell,
+.Pa /etc/profile ,
+or equivalent.)
+The default is
+.Dq yes .
+.It Cm Protocol
+Specifies the protocol versions
+.Nm sshd
+should support.
+The possible values are
+.Dq 1
+and
+.Dq 2 .
+Multiple versions must be comma-separated.
+The default is
+.Dq 2,1 .
+.It Cm PubkeyAuthentication
+Specifies whether public key authentication is allowed.
+The default is
+.Dq yes .
+Note that this option applies to protocol version 2 only.
+.It Cm RhostsAuthentication
+Specifies whether authentication using rhosts or /etc/hosts.equiv
+files is sufficient.
+Normally, this method should not be permitted because it is insecure.
+.Cm RhostsRSAAuthentication
+should be used
+instead, because it performs RSA-based host authentication in addition
+to normal rhosts or /etc/hosts.equiv authentication.
+The default is
+.Dq no .
+This option applies to protocol version 1 only.
+.It Cm RhostsRSAAuthentication
+Specifies whether rhosts or /etc/hosts.equiv authentication together
+with successful RSA host authentication is allowed.
+The default is
+.Dq no .
+This option applies to protocol version 1 only.
+.It Cm RSAAuthentication
+Specifies whether pure RSA authentication is allowed.
+The default is
+.Dq yes .
+This option applies to protocol version 1 only.
+.It Cm ServerKeyBits
+Defines the number of bits in the ephemeral protocol version 1 server key.
+The minimum value is 512, and the default is 768.
+.It Cm StrictModes
+Specifies whether
+.Nm sshd
+should check file modes and ownership of the
+user's files and home directory before accepting login.
+This is normally desirable because novices sometimes accidentally leave their
+directory or files world-writable.
+The default is
+.Dq yes .
+.It Cm Subsystem
+Configures an external subsystem (e.g., file transfer daemon).
+Arguments should be a subsystem name and a command to execute upon subsystem
+request.
+The command
+.Xr sftp-server 8
+implements the
+.Dq sftp
+file transfer subsystem.
+By default no subsystems are defined.
+Note that this option applies to protocol version 2 only.
+.It Cm SyslogFacility
+Gives the facility code that is used when logging messages from
+.Nm sshd .
+The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
+LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+The default is AUTH.
+.It Cm UseLogin
+Specifies whether
+.Xr login 1
+is used for interactive login sessions.
+The default is
+.Dq no .
+Note that
+.Xr login 1
+is never used for remote command execution.
+Note also, that if this is enabled,
+.Cm X11Forwarding
+will be disabled because
+.Xr login 1
+does not know how to handle
+.Xr xauth 1
+cookies.  If
+.Cm UsePrivilegeSeparation
+is specified, it will be disabled after authentication.
+.It Cm UsePrivilegeSeparation
+Specifies whether
+.Nm sshd
+separates privileges by creating an unprivileged child process
+to deal with incoming network traffic.  After successful authentication,
+another process will be created that has the privilege of the authenticated
+user.  The goal of privilege separation is to prevent privilege
+escalation by containing any corruption within the unprivileged processes.
+The default is
+.Dq yes .
+.It Cm VerifyReverseMapping
+Specifies whether
+.Nm sshd
+should try to verify the remote host name and check that
+the resolved host name for the remote IP address maps back to the
+very same IP address.
+The default is
+.Dq no .
+.It Cm X11DisplayOffset
+Specifies the first display number available for
+.Nm sshd Ns 's
+X11 forwarding.
+This prevents
+.Nm sshd
+from interfering with real X11 servers.
+The default is 10.
+.It Cm X11Forwarding
+Specifies whether X11 forwarding is permitted.
+The default is
+.Dq no .
+Note that disabling X11 forwarding does not improve security in any
+way, as users can always install their own forwarders.
+X11 forwarding is automatically disabled if
+.Cm UseLogin
+is enabled.
+.It Cm X11UseLocalhost
+Specifies whether
+.Nm sshd
+should bind the X11 forwarding server to the loopback address or to
+the wildcard address.  By default,
+.Nm sshd
+binds the forwarding server to the loopback address and sets the
+hostname part of the
+.Ev DISPLAY
+environment variable to
+.Dq localhost .
+This prevents remote hosts from connecting to the fake display.
+However, some older X11 clients may not function with this
+configuration.
+.Cm X11UseLocalhost
+may be set to
+.Dq no
+to specify that the forwarding server should be bound to the wildcard
+address.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq yes .
+.It Cm XAuthLocation
+Specifies the location of the
+.Xr xauth 1
+program.
+The default is
+.Pa /usr/X11R6/bin/xauth .
+.El
+.Ss Time Formats
+.Pp
+.Nm sshd
+command-line arguments and configuration file options that specify time
+may be expressed using a sequence of the form:
+.Sm off
+.Ar time Oo Ar qualifier Oc ,
+.Sm on
+where
+.Ar time
+is a positive integer value and
+.Ar qualifier
+is one of the following:
+.Pp
+.Bl -tag -width Ds -compact -offset indent
+.It Cm <none>
+seconds
+.It Cm s | Cm S
+seconds
+.It Cm m | Cm M
+minutes
+.It Cm h | Cm H
+hours
+.It Cm d | Cm D
+days
+.It Cm w | Cm W
+weeks
+.El
+.Pp
+Each member of the sequence is added together to calculate
+the total time value.
+.Pp
+Time format examples:
+.Pp
+.Bl -tag -width Ds -compact -offset indent
+.It 600
+600 seconds (10 minutes)
+.It 10m
+10 minutes
+.It 1h30m
+1 hour 30 minutes (90 minutes)
+.El
+.Sh FILES
+.Bl -tag -width Ds
+.It Pa /etc/ssh/sshd_config
+Contains configuration data for
+.Nm sshd .
+This file should be writable by root only, but it is recommended
+(though not necessary) that it be world-readable.
+.El
+.Sh AUTHORS
+OpenSSH is a derivative of the original and free
+ssh 1.2.12 release by Tatu Ylonen.
+Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
+Theo de Raadt and Dug Song
+removed many bugs, re-added newer features and
+created OpenSSH.
+Markus Friedl contributed the support for SSH
+protocol versions 1.5 and 2.0.
+Niels Provos and Markus Friedl contributed support
+for privilege separation.
+.Sh SEE ALSO
+.Xr sshd 8