 |
Index for
Section 8 |
|
 |
Alphabetical
listing for S |
|
 |
Bottom of
page |
|
sshd2(8)
NAME
sshd2, sshd - Secure Shell daemon
SYNOPSIS
sshd2 [-D debug_level_spec] [-f file] [-h host_key_file] [-o keyword] [-p
port #] [-v] [-g login_grace_time] [-i] [-q]
OPTIONS
-D debug_level_spec
Prints extensive debug information to stderr. The debug_level_spec
argument is a number between 0 and 99, where 99 specifies that all
debug information should be displayed, or a comma-separated list of
assignments; for example, ModulePattern=debug_level. This option is
intended only for debugging the server.
-f file
Specifies the name of the configuration file. The default is
/etc/ssh2/sshd2_config.
-h host_key_file
Specifies the file from which the host key is read. The default file is
/etc/ssh2/hostkey. If the sshd2 daemon is not run as root, the default
host key file will be $HOME$/.ssh2/hostkey.
-o keyword
Specifies configuration keywords. This is useful for specifying
keywords for which there is no separate command-line flag. The -o
option has the same format as a line in the configuration file. Comment
lines are not accepted.
-p port #
Specifies the port on which the system listens for connections. The
default port is 22.
-v Displays information in verbose mode. This option can also be specified
in the configuration file.
-q Disables warning messages. This option can also be specified in the
configuration file.
-g login_grace_time
Gives the grace time for clients to authenticate themselves. If the
client fails to authenticate the user within this many seconds, the
system disconnects and exits. The default is 600 seconds. A value of
zero indicates no limit.
-i Specifies that the sshd2 daemon is being run from the inetd daemon.
DESCRIPTION
The sshd2 Secure Shell daemon. The sshd2 daemon must be running on the
Secure Shell server. The sshd2 daemon forks a new daemon for each incoming
client connection. The forked daemons handle key exchange, encryption,
authentication, command execution, and data exchange.
The sshd2 daemon can be configured using command-line options or in the
sshd2_config configuration file. Command-line options override values
specified in the configuration file.
The sshd2 daemon is normally run as root. If it is not run as root, it can
log in only as the user it is running as, and password authentication might
not work if the system uses shadow passwords. An alternative host key file
must also be used.
LOGIN PROCESS
When a user successfully logs in, the sshd2 daemon:
1. Changes to run with normal user privileges.
2. Sets up basic environment.
3. Changes to the user's home directory.
4. Runs the user's shell.
SSH WITH TCP WRAPPERS
When the sshd2 daemon is compiled with TCP wrapper libraries, the
hosts.allow and hosts.deny files control who can connect to ports forwarded
by the sshd2 daemon.
The names in the hosts.allow and hosts.deny files are sshd2, sshdfwd-
<portname>, and sshdfwd-X11 for forwarded ports on which the Secure Shell
client or server is listening.
If a port has a defined name, you must use it.
FILES
/etc/ssh2/sshd2_config
Contains sshd2 daemon configuration information. This file should be
writable by root only and readable by world (though not necessary).
/etc/ssh2/hostkey
Contains the private part of the host key. You can create this file by
using the ssh-keygen2 command. This file should only be owned by root,
readable only by root, and not accessible to others.
/etc/ssh2/hostkey.pub
Contains the public part of the host key. You can create this file by
using the ssh-keygen2 command. This file should be writable by root
only and readable by world.
/etc/ssh2/random_seed
Contains a seed for the random number generator. This file should be
accessible only by root.
$HOME/.ssh2/authorization
Contains information on how the server will verify the identity of an
user. See ssh2(1) for more information.
$HOME/.hushlogin
If this file exists, the sshd2 daemon will not print information during
login. (This information is normally the user's last login time,
message of the day, and mail check.)
/etc/nologin
If this file exists, the sshd2 daemon refuses to let anyone except root
log in. The contents of the file are displayed to anyone trying to log
in, and nonroot connections are refused. The file should be readable
by world.
$HOME/.rhosts
Contains a list of remote users who are not required to supply a
password when they use the ssh2 command to log in. Before the user can
log in, the sshd2 daemon requires public host key authentication in
addition to validating the host name retrieved from domain name
servers.
The file must be writable only by the user; it should not be accessible
by others. You can use +@group to specify a netgroup. Negated entries
start with a minus sign (-).
This file is also used by the rlogind and rshd daemons.
See .rhosts(4) for more information about the .rhosts file.
$HOME/.shosts
This file is the same as the .rhosts file except that only the sshd2
daemon uses it.
/etc/hosts.equiv
Contains the names of remote hosts and users that are equivalent to the
local host or user. An equivalent host or user is allowed to use the
ssh2 command to log in to such an account without supplying a password.
Additionally, successful host-based authentication is normally
required. This file must be writable only by root and should be
readable by world.
You can use +@group to specify a netgroup. Negated entries start with
a minus sign (-).
Note
The only valid use for user names should be in negated entries.
Specified user names in the hosts.equiv file can log in as anybody
including bin, daemon, adm, and other accounts that own critical
binaries and directories.
This file is also used by the rlogind and rshd daemons.
See hosts.equiv(4) for more information about the hosts.equiv file.
/etc/shosts.equiv
This file is the same as the hosts.equiv file except that only the
sshd2 daemon uses it.
$HOME/.ssh2/knownhosts/xxxxyyyy.pub
Contains the public host keys of hosts that users need to log in to
when using host based authentication.
The xxxx is the fully qualified domain name (FQDN) and yyyy is the
public key algorithm. Public key algorithms are ssh-dss and ssh-rsa.
For example, if the FQDN for a host is server1.foo.fi and it has a key
algorithm of ssh-dss, the host key would be server1.foo.fi.ssh-dss.pub
in the knownhosts directory.
A user must add the host name to a $HOME/.shosts file or an
$HOME/.rhosts file.
/etc/ssh2/knownhosts/xxxxyyyy.pub
Same as the $HOME/.ssh2/knownhosts/xxxxyyyy.pub file, but system-wide.
This file is overridden if the user puts a file with the same name in
the $HOME/.ssh2/knownhosts directory.
LEGAL NOTICES
SSH is a registered trademark of SSH Communication Security Ltd.
SEE ALSO
Commands: rcp(1), rlogin(1), rsh(1), scp2(1), sftp(1), ssh2(1), ssh-
agent2(1), ssh-add2(1), sshd2(8)
Files: sshd2_config(4)
|
Index for
Section 8 |
|
|
Alphabetical
listing for S |
|
 |
Top of
page |
|