packages icon
 reads configuration data from (or the file specified with  on  the  command
 line).   The  file contains keyword-argument pairs, one per line.  For each
 keyword, the first obtained value will be used.  Lines  starting  with  and
 empty  lines  are  interpreted  as  comments.   Arguments may optionally be
 enclosed in double  quotes  in  order  to  represent  arguments  containing
 spaces.  The possible keywords and their meanings are as follows (note that
 keywords are case-insensitive and arguments are case-sensitive):  Specifies
 what  environment  variables  sent  by  the  client will be copied into the
 session's See and in for how to  configure  the  client.   The  environment
 variable  is always accepted whenever the client requests a pseudo-terminal
 as it is required by the protocol.  Variables are specified by name,  which
 may  contain the wildcard characters and Multiple environment variables may
 be separated by whitespace or spread across multiple directives.  Be warned
 that  some  environment  variables  could be used to bypass restricted user
 environments.  For this reason, care should be taken in  the  use  of  this
 directive.   The  default  is  not  to  accept  any  environment variables.
 Specifies which address family should be used by Valid arguments  are  (the
 default),   (use  IPv4  only),  or  (use  IPv6  only).   Specifies  whether
 forwarding  is  permitted.   The  default  is  Note  that  disabling  agent
 forwarding  does  not  improve  security unless users are also denied shell
 access, as they can always install their own forwarders.  This keyword  can
 be  followed  by  a  list  of group name patterns, separated by spaces.  If
 specified,  login  is  allowed  only  for  users  whose  primary  group  or
 supplementary group list matches one of the patterns.  Only group names are
 valid; a numerical group ID  is  not  recognized.   By  default,  login  is
 allowed  for all groups.  The allow/deny groups directives are processed in
 the following order: See PATTERNS in  for  more  information  on  patterns.
 Specifies whether StreamLocal (Unix-domain socket) forwarding is permitted.
 The available options are (the default) or to allow StreamLocal forwarding,
 to prevent all StreamLocal forwarding, to allow local (from the perspective
 of forwarding only or to allow remote forwarding only.  Note that disabling
 StreamLocal  forwarding  does  not  improve  security unless users are also
 denied shell access, as they  can  always  install  their  own  forwarders.
 Specifies  whether  TCP forwarding is permitted.  The available options are
 (the default) or to allow TCP forwarding, to prevent all TCP forwarding, to
 allow  local  (from  the  perspective of forwarding only or to allow remote
 forwarding only.  Note that  disabling  TCP  forwarding  does  not  improve
 security  unless  users  are  also  denied shell access, as they can always
 install their own forwarders.  This keyword can be followed by  a  list  of
 user  name  patterns,  separated by spaces.  If specified, login is allowed
 only for user names that match one of the patterns.  Only  user  names  are
 valid; a numerical user ID is not recognized.  By default, login is allowed
 for all users.  If the pattern takes the form USER@HOST then USER and  HOST
 are  separately  checked,  restricting  logins  to  particular  users  from
 particular hosts.  HOST criteria  may  additionally  contain  addresses  to
 match  in CIDR address/masklen format.  The allow/deny users directives are
 processed in the following order: See PATTERNS in for more  information  on
 patterns.   Specifies  the authentication methods that must be successfully
 completed for a user to be granted access.  This option must be followed by
 one or more lists of comma-separated authentication method names, or by the
 single string to indicate the default behaviour  of  accepting  any  single
 authentication  method.   If  the  default  is  overridden, then successful
 authentication requires completion of every method in at least one of these
 lists.   For  example,  would  require  the  user  to  complete  public key
 authentication,  followed  by  either  password  or  keyboard   interactive
 authentication.   Only  methods  that  are  next  in  one or more lists are
 offered at each stage, so for this example it  would  not  be  possible  to
 attempt  password or keyboard-interactive authentication before public key.
 For keyboard interactive authentication it is  also  possible  to  restrict
 authentication  to  a  specific device by appending a colon followed by the
 device identifier or depending on the server configuration.   For  example,
 would  restrict  keyboard interactive authentication to the device.  If the
 publickey method is listed more than once, verifies  that  keys  that  have
 been  used successfully are not reused for subsequent authentications.  For
 example, requires successful  authentication  using  two  different  public
 keys.    Note  that  each  authentication  method  listed  should  also  be
 explicitly enabled in  the  configuration.   The  available  authentication
 methods  are:  (used for access to password-less accounts when is enabled),
 and Specifies a program to be used to look up the user's public keys.   The
 program  must  be  owned  by  root,  not  writable  by  group or others and
 specified by an absolute path.  Arguments to accept the tokens described in
 the section.  If no arguments are specified then the username of the target
 user is used.  The program should produce on standard output zero  or  more
 lines  of authorized_keys output (see in is tried after the usual files and
 will not be executed if a matching key is found there.  By default,  no  is
 run.  Specifies the user under whose account the is run.  It is recommended
 to use a dedicated user that has no other role on  the  host  than  running
 authorized  keys commands.  If is specified but is not, then will refuse to
 start.  Specifies the file that contains the  public  keys  used  for  user
 authentication.  The format is described in the AUTHORIZED_KEYS FILE FORMAT
 section of Arguments to accept the tokens described in the section.   After
 expansion,  is  taken  to be an absolute path or one relative to the user's
 home directory.  Multiple files may be  listed,  separated  by  whitespace.
 Alternately  this  option  may  be set to to skip checking for user keys in
 files.  The default is Specifies a program to be used to generate the  list
 of allowed certificate principals as per The program must be owned by root,
 not writable by  group  or  others  and  specified  by  an  absolute  path.
 Arguments  to  accept the tokens described in the section.  If no arguments
 are specified then the username of the target user is  used.   The  program
 should  produce on standard output zero or more lines of output.  If either
 or is specified, then certificates offered by the client for authentication
 must contain a principal that is listed.  By default, no is run.  Specifies
 the user under whose account the is  run.   It  is  recommended  to  use  a
 dedicated  user  that has no other role on the host than running authorized
 principals commands.  If is specified but  is  not,  then  will  refuse  to
 start.   Specifies  a file that lists principal names that are accepted for
 certificate authentication.  When using certificates signed by a key listed
 in  this  file lists names, one of which must appear in the certificate for
 it to be accepted for  authentication.   Names  are  listed  one  per  line
 preceded  by  key  options  (as  described  in  in Empty lines and comments
 starting with are ignored.  Arguments to accept the tokens described in the
 section.   After expansion, is taken to be an absolute path or one relative
 to the user's home directory.  The default is i.e. not to use a  principals
 file  in this case, the username of the user must appear in a certificate's
 principals list for it to  be  accepted.   Note  that  is  only  used  when
 authentication  proceeds  using  a  CA  listed  in and is not consulted for
 certification authorities trusted  via  though  the  key  option  offers  a
 similar facility (see for details).  The contents of the specified file are
 sent to the remote user before authentication is allowed.  If the  argument
 is  then  no  banner  is  displayed.   By  default, no banner is displayed.
 Specifies which algorithms are  allowed  for  signing  of  certificates  by
 certificate  authorities (CAs).  The default is: ecdsa-sha2-nistp256,ecdsa-
 sha2-nistp384,ecdsa-sha2-nistp521,       ssh-ed25519,rsa-sha2-512,rsa-sha2-
 256,ssh-rsa Certificates signed using other algorithms will not be accepted
 for public key or host-based authentication.  Specifies whether  challenge-
 response  authentication is allowed (e.g. via PAM or through authentication
 styles supported in The default is Specifies the pathname of a directory to
 to  after authentication.  At session startup checks that all components of
 the pathname are root-owned directories which are not writable by any other
 user  or  group.   After  the  chroot, changes the working directory to the
 user's home directory.  Arguments to accept the  tokens  described  in  the
 section.   The  must contain the necessary files and directories to support
 the user's session.  For an interactive session this requires  at  least  a
 shell,  typically  and  basic nodes such as and devices.  For file transfer
 sessions using SFTP no  additional  configuration  of  the  environment  is
 necessary  if the in-process sftp-server is used, though sessions which use
 logging may require inside the chroot directory on some  operating  systems
 (see  for  details).   For  safety, it is very important that the directory
 hierarchy be prevented from modification by other processes on  the  system
 (especially  those  outside the jail).  Misconfiguration can lead to unsafe
 environments which  cannot  detect.   The  default  is  indicating  not  to
 Specifies  the  ciphers allowed.  Multiple ciphers must be comma-separated.
 If the specified list begins with a character, then the  specified  ciphers
 will  be  appended  to  the  default set instead of replacing them.  If the
 specified  list  begins  with  a  character,  then  the  specified  ciphers
 (including  wildcards)  will  be  removed  from  the default set instead of
 replacing them.  If the specified list begins with a  character,  then  the
 specified  ciphers  will  be  placed  at  the head of the default set.  The
 supported ciphers are: 3des-cbc aes128-cbc aes192-cbc aes256-cbc aes128-ctr
 aes192-ctr    aes256-ctr    aes128-gcm@openssh.com   aes256-gcm@openssh.com
 chacha20-poly1305@openssh.com      The      default      is:      chacha20-
 poly1305@openssh.com,       aes128-ctr,aes192-ctr,aes256-ctr,       aes128-
 gcm@openssh.com,aes256-gcm@openssh.com The list of  available  ciphers  may
 also  be  obtained using Sets the number of client alive messages which may
 be sent without receiving any messages  back  from  the  client.   If  this
 threshold  is reached while client alive messages are being sent, sshd will
 disconnect the client, terminating the session.  It is  important  to  note
 that  the  use  of  client alive messages is very different from The client
 alive messages are sent through the encrypted channel  and  therefore  will
 not  be  spoofable.  The TCP keepalive option enabled by is spoofable.  The
 client alive mechanism is valuable when the  client  or  server  depend  on
 knowing when a connection has become unresponsive.  The default value is 3.
 If is set to 15, and is left at the default, unresponsive SSH clients  will
 be  disconnected  after  approximately 45 seconds.  Setting a zero disables
 connection termination.  Sets a timeout interval in seconds after which  if
 no  data has been received from the client, will send a message through the
 encrypted channel to request a response from the client.  The default is 0,
 indicating  that  these messages will not be sent to the client.  Specifies
 whether  compression  is  enabled  after   the   user   has   authenticated
 successfully.  The argument must be (a legacy synonym for or The default is
 This keyword can be followed by a list of group name patterns, separated by
 spaces.  Login is disallowed for users whose primary group or supplementary
 group list matches one of the patterns.  Only  group  names  are  valid;  a
 numerical group ID is not recognized.  By default, login is allowed for all
 groups.  The allow/deny groups directives are processed  in  the  following
 order:  See PATTERNS in for more information on patterns.  This keyword can
 be followed by a list of user name patterns, separated by spaces.  Login is
 disallowed  for user names that match one of the patterns.  Only user names
 are valid; a numerical user ID is not recognized.   By  default,  login  is
 allowed  for  all users.  If the pattern takes the form USER@HOST then USER
 and HOST are separately checked, restricting  logins  to  particular  users
 from particular hosts.  HOST criteria may additionally contain addresses to
 match in CIDR address/masklen format.  The allow/deny users directives  are
 processed  in  the following order: See PATTERNS in for more information on
 patterns.   Disables  all  forwarding  features,  including  X11,  TCP  and
 StreamLocal.   This  option  overrides all other forwarding-related options
 and may  simplify  restricted  configurations.   Writes  a  temporary  file
 containing  a  list  of authentication methods and public credentials (e.g.
 keys) used to authenticate the user.  The location of the file  is  exposed
 to  the  user  session  through  the  environment variable.  The default is
 Specifies the hash algorithm used when  logging  key  fingerprints.   Valid
 options  are:  and  The  default  is  Forces  the  execution of the command
 specified by ignoring any command supplied by the client  and  if  present.
 The  command is invoked by using the user's login shell with the -c option.
 This applies to shell, command, or subsystem execution.  It is most  useful
 inside a block.  The command originally supplied by the client is available
 in the environment variable.  Specifying a command of will force the use of
 an in-process SFTP server that requires no support files when used with The
 default is Specifies whether remote hosts are allowed to connect  to  ports
 forwarded for the client.  By default, binds remote port forwardings to the
 loopback address.  This prevents other  remote  hosts  from  connecting  to
 forwarded ports.  can be used to specify that sshd should allow remote port
 forwardings to bind to non-loopback addresses, thus allowing other hosts to
 connect.   The  argument  may  be  to  force  remote port forwardings to be
 available to the local host only, to force remote port forwardings to  bind
 to  the  wildcard  address, or to allow the client to select the address to
 which the forwarding is bound.   The  default  is  Specifies  whether  user
 authentication  based  on  GSSAPI  is  allowed.   The  default is Specifies
 whether to automatically destroy the user's credentials  cache  on  logout.
 The  default  is  Determines whether to be strict about the identity of the
 GSSAPI acceptor a client authenticates against.  If set to then the  client
 must authenticate against the host service on the current hostname.  If set
 to then the client may authenticate against any service key stored  in  the
 machine's  default  store.   This  facility  is  provided  to  assist  with
 operation on multi homed machines.  The default is Specifies the key  types
 that  will  be  accepted  for  hostbased authentication as a list of comma-
 separated patterns.  Alternately  if  the  specified  list  begins  with  a
 character, then the specified key types will be appended to the default set
 instead of replacing them.  If the specified list begins with a  character,
 then the specified key types (including wildcards) will be removed from the
 default set instead of replacing them.  If the specified list begins with a
 character,  then  the specified key types will be placed at the head of the
 default set.  The default for  this  option  is:  ecdsa-sha2-nistp256-cert-
 v01@openssh.com,    ecdsa-sha2-nistp384-cert-v01@openssh.com,   ecdsa-sha2-
 nistp521-cert-v01@openssh.com, sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 ssh-ed25519-cert-v01@openssh.com,      sk-ssh-ed25519-cert-v01@openssh.com,
 rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com,  ssh-
 rsa-cert-v01@openssh.com,    ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-
 sha2-nistp521,   sk-ecdsa-sha2-nistp256@openssh.com,    ssh-ed25519,sk-ssh-
 ed25519@openssh.com,    rsa-sha2-512,rsa-sha2-256,ssh-rsa   The   list   of
 available key types may also be obtained using Specifies whether rhosts  or
 /etc/hosts.equiv  authentication together with successful public key client
 host authentication is allowed (host-based authentication).  The default is
 Specifies  whether or not the server will attempt to perform a reverse name
 lookup when matching the name in the and files during A  setting  of  means
 that uses the name supplied by the client rather than attempting to resolve
 the name from the TCP connection itself.  The default is Specifies  a  file
 containing  a  public  host certificate.  The certificate's public key must
 match a private host key already specified by The default behaviour  of  is
 not  to  load any certificates.  Specifies a file containing a private host
 key used by SSH.  The defaults are and Note that will refuse to use a  file
 if  it is group/world-accessible and that the option restricts which of the
 keys are actually used by It is possible to have multiple host  key  files.
 It is also possible to specify public host key files instead.  In this case
 operations on the private key will be delegated to an Identifies the  UNIX-
 domain  socket  used  to  communicate  with an agent that has access to the
 private host keys.  If the string is specified, the location of the  socket
 will  be  read  from  the  environment  variable.   Specifies  the host key
 algorithms that the server offers.  The default for this option is:  ecdsa-
 sha2-nistp256-cert-v01@openssh.com,               ecdsa-sha2-nistp384-cert-
 v01@openssh.com,  ecdsa-sha2-nistp521-cert-v01@openssh.com,  sk-ecdsa-sha2-
 nistp256-cert-v01@openssh.com,   ssh-ed25519-cert-v01@openssh.com,  sk-ssh-
 ed25519-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com,  rsa-sha2-
 256-cert-v01@openssh.com,     ssh-rsa-cert-v01@openssh.com,     ecdsa-sha2-
 nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,            sk-ecdsa-sha2-
 nistp256@openssh.com,   ssh-ed25519,sk-ssh-ed25519@openssh.com,   rsa-sha2-
 512,rsa-sha2-256,ssh-rsa The list  of  available  key  types  may  also  be
 obtained  using  Specifies  whether to ignore per-user and files during The
 system-wide and are still used regardless of this setting.  Accepted values
 are  (the default) to ignore all per-user files, to allow the use of but to
 ignore or to allow both and Specifies  whether  should  ignore  the  user's
 during and use only the system-wide known hosts file The default is Include
 the specified configuration file(s).  Multiple pathnames may  be  specified
 and  each pathname may contain wildcards.  Files without absolute paths are
 assumed to be in  An  directive  may  appear  inside  a  block  to  perform
 conditional  inclusion.   Specifies  the IPv4 type-of-service or DSCP class
 for the connection.  Accepted values are a numeric value,  or  to  use  the
 operating  system  default.   This  option  may  take one or two arguments,
 separated by whitespace.  If one argument is specified, it is used  as  the
 packet  class  unconditionally.   If two values are specified, the first is
 automatically selected for interactive sessions and  the  second  for  non-
 interactive  sessions.   The  default is (Low-Latency Data) for interactive
 sessions  and  (Lower  Effort)  for  non-interactive  sessions.   Specifies
 whether to allow keyboard-interactive authentication.  The argument to this
 keyword must be or The default is to use  whatever  value  is  set  to  (by
 default  Specifies  whether  the  password provided by the user for will be
 validated through the Kerberos KDC.  To use this option, the server needs a
 Kerberos  servtab which allows the verification of the KDC's identity.  The
 default is If AFS is active and the user has a Kerberos 5 TGT,  attempt  to
 acquire  an  AFS  token  before  accessing  the user's home directory.  The
 default is If password  authentication  through  Kerberos  fails  then  the
 password  will  be validated via any additional local mechanism such as The
 default is Specifies whether to automatically  destroy  the  user's  ticket
 cache  file  on  logout.   The  default is Specifies the available KEX (Key
 Exchange)  algorithms.   Multiple  algorithms  must   be   comma-separated.
 Alternately  if  the  specified  list  begins  with  a  character, then the
 specified methods will be appended to the default set instead of  replacing
 them.   If  the  specified list begins with a character, then the specified
 methods (including wildcards) will be removed from the default set  instead
 of replacing them.  If the specified list begins with a character, then the
 specified methods will be placed at the  head  of  the  default  set.   The
 supported  algorithms  are:  curve25519-sha256 curve25519-sha256@libssh.org
 diffie-hellman-group1-sha1   diffie-hellman-group14-sha1    diffie-hellman-
 group14-sha256  diffie-hellman-group16-sha512 diffie-hellman-group18-sha512
 diffie-hellman-group-exchange-sha1     diffie-hellman-group-exchange-sha256
 ecdh-sha2-nistp256           ecdh-sha2-nistp384          ecdh-sha2-nistp521
 sntrup4591761x25519-sha512@tinyssh.org   The   default   is:    curve25519-
 sha256,curve25519-sha256@libssh.org,          ecdh-sha2-nistp256,ecdh-sha2-
 nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256,  diffie-
 hellman-group16-sha512,diffie-hellman-group18-sha512,       diffie-hellman-
 group14-sha256 The list of available key exchange algorithms  may  also  be
 obtained  using  Specifies  the  local  addresses  should  listen  on.  The
 following forms may be used: The optional qualifier requests listen  in  an
 explicit  routing  domain.   If  is  not specified, sshd will listen on the
 address and all options specified.  The default is to listen on  all  local
 addresses  on  the  current  default  routing domain.  Multiple options are
 permitted.  For  more  information  on  routing  domains,  see  The  server
 disconnects after this time if the user has not successfully logged in.  If
 the value is 0, there is no time limit.  The default is 120 seconds.  Gives
 the  verbosity  level  that is used when logging messages from The possible
 values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2,  and
 DEBUG3.  The default is INFO.  DEBUG and DEBUG1 are equivalent.  DEBUG2 and
 DEBUG3 each specify higher levels of  debugging  output.   Logging  with  a
 DEBUG  level  violates  the  privacy  of  users  and  is  not  recommended.
 Specifies the available MAC (message authentication code) algorithms.   The
 MAC  algorithm  is used for data integrity protection.  Multiple algorithms
 must be comma-separated.  If the specified list begins  with  a  character,
 then  the  specified algorithms will be appended to the default set instead
 of replacing them.  If the specified list begins with a character, then the
 specified algorithms (including wildcards) will be removed from the default
 set instead of replacing  them.   If  the  specified  list  begins  with  a
 character,  then the specified algorithms will be placed at the head of the
 default  set.   The  algorithms  that  contain  calculate  the  MAC   after
 encryption  (encrypt-then-mac).   These  are considered safer and their use
 recommended.  The supported MACs are: hmac-md5 hmac-md5-96 hmac-sha1  hmac-
 sha1-96     hmac-sha2-256     hmac-sha2-512    umac-64@openssh.com    umac-
 128@openssh.com hmac-md5-etm@openssh.com hmac-md5-96-etm@openssh.com  hmac-
 sha1-etm@openssh.com       hmac-sha1-96-etm@openssh.com      hmac-sha2-256-
 etm@openssh.com    hmac-sha2-512-etm@openssh.com    umac-64-etm@openssh.com
 umac-128-etm@openssh.com  The default is: umac-64-etm@openssh.com,umac-128-
 etm@openssh.com,               hmac-sha2-256-etm@openssh.com,hmac-sha2-512-
 etm@openssh.com,    hmac-sha1-etm@openssh.com,    umac-64@openssh.com,umac-
 128@openssh.com,   hmac-sha2-256,hmac-sha2-512,hmac-sha1   The   list    of
 available   MAC   algorithms  may  also  be  obtained  using  Introduces  a
 conditional block.  If all of the criteria on the line are  satisfied,  the
 keywords on the following lines override those set in the global section of
 the config file, until either another line or the end of the  file.   If  a
 keyword  appears  in  multiple  blocks  that  are satisfied, only the first
 instance of the keyword is applied.  The  arguments  to  are  one  or  more
 criteria-pattern pairs or the single token which matches all criteria.  The
 available criteria are and (with representing the on which  the  connection
 was  received).  The match patterns may consist of single entries or comma-
 separated lists and may use the wildcard and negation  operators  described
 in  the  section  of  The  patterns in an criteria may additionally contain
 addresses to match in CIDR address/masklen format, such as 192.0.2.0/24  or
 2001:db8::/32.   Note that the mask length provided must be consistent with
 the address - it is an error to specify a mask length that is too long  for
 the  address or one with bits set in this host portion of the address.  For
 example, 192.0.2.0/33 and 192.0.2.0/8,  respectively.   Only  a  subset  of
 keywords  may be used on the lines following a keyword.  Available keywords
 are and Specifies the maximum number of authentication  attempts  permitted
 per  connection.   Once  the  number  of  failures reaches half this value,
 additional failures are logged.  The default is 6.  Specifies  the  maximum
 number of open shell, login or subsystem (e.g. sftp) sessions permitted per
 network connection.  Multiple sessions may be established by  clients  that
 support  connection  multiplexing.   Setting  to 1 will effectively disable
 session multiplexing, whereas setting it to 0 will prevent all shell, login
 and  subsystem  sessions while still permitting forwarding.  The default is
 10.  Specifies the maximum number of concurrent unauthenticated connections
 to   the   SSH  daemon.   Additional  connections  will  be  dropped  until
 authentication succeeds or the expires for a connection.   The  default  is
 10:30:100.   Alternatively,  random early drop can be enabled by specifying
 the three colon separated values start:rate:full (e.g.  "10:30:60").   will
 refuse  connection  attempts  with a probability of rate/100 (30%) if there
 are currently start  (10)  unauthenticated  connections.   The  probability
 increases linearly and all connection attempts are refused if the number of
 unauthenticated connections reaches full (60).  Specifies whether  password
 authentication  is allowed.  The default is When password authentication is
 allowed, it specifies whether the server  allows  login  to  accounts  with
 empty  password  strings.   The default is Specifies the addresses/ports on
 which a remote TCP port forwarding may listen.   The  listen  specification
 must  be  one of the following forms: Multiple permissions may be specified
 by separating them with whitespace.  An argument of can be used  to  remove
 all  restrictions  and  permit  any listen requests.  An argument of can be
 used to prohibit all listen requests.  The host name may contain  wildcards
 as  described  in  the PATTERNS section in The wildcard can also be used in
 place of a port number to allow all ports.  By default all port  forwarding
 listen  requests  are permitted.  Note that the option may further restrict
 which addresses may be listened on.  Note also that will request  a  listen
 host  of  if  no  listen  host was specifically requested, and this name is
 treated differently to explicit localhost addresses of  and  Specifies  the
 destinations  to  which  TCP  port forwarding is permitted.  The forwarding
 specification must be one of the following forms: Multiple forwards may  be
 specified  by  separating them with whitespace.  An argument of can be used
 to remove all restrictions and permit any forwarding requests.  An argument
 of  can  be  used to prohibit all forwarding requests.  The wildcard can be
 used for host or port to allow all hosts or ports respectively.  Otherwise,
 no pattern matching or address lookups are performed on supplied names.  By
 default all port forwarding requests are permitted.  Specifies whether root
 can  log  in using The argument must be or The default is If this option is
 set  to  (or  its  deprecated  alias,  password  and   keyboard-interactive
 authentication  are disabled for root.  If this option is set to root login
 with public key authentication will be allowed, but only if the option  has
 been  specified (which may be useful for taking remote backups even if root
 login is normally not  allowed).   All  other  authentication  methods  are
 disabled for root.  If this option is set to root is not allowed to log in.
 Specifies whether  allocation  is  permitted.   The  default  is  Specifies
 whether  device  forwarding  is  allowed.   The argument must be (layer 3),
 (layer 2), or Specifying permits both and The  default  is  Independent  of
 this  setting,  the permissions of the selected device must allow access to
 the user.  Specifies whether and options in are processed by Valid  options
 are or a pattern-list specifying which environment variable names to accept
 (for example The default is  Enabling  environment  processing  may  enable
 users to bypass access restrictions in some configurations using mechanisms
 such as Specifies whether any file is executed.  The default  is  Specifies
 the  file  that  contains the process ID of the SSH daemon, or to not write
 one.  The default is Specifies  the  port  number  that  listens  on.   The
 default  is  22.   Multiple  options  of this type are permitted.  See also
 Specifies whether should print the date and time of  the  last  user  login
 when a user logs in interactively.  The default is Specifies whether should
 print when a user logs in interactively.   (On  some  systems  it  is  also
 printed  by  the  shell,  or  equivalent.) The default is Specifies the key
 types that will be accepted for public key  authentication  as  a  list  of
 comma-separated  patterns.  Alternately if the specified list begins with a
 character, then the specified key types will be appended to the default set
 instead  of replacing them.  If the specified list begins with a character,
 then the specified key types (including wildcards) will be removed from the
 default set instead of replacing them.  If the specified list begins with a
 character, then the specified key types will be placed at the head  of  the
 default  set.   The  default  for this option is: ecdsa-sha2-nistp256-cert-
 v01@openssh.com,   ecdsa-sha2-nistp384-cert-v01@openssh.com,    ecdsa-sha2-
 nistp521-cert-v01@openssh.com, sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
 ssh-ed25519-cert-v01@openssh.com,      sk-ssh-ed25519-cert-v01@openssh.com,
 rsa-sha2-512-cert-v01@openssh.com,  rsa-sha2-256-cert-v01@openssh.com, ssh-
 rsa-cert-v01@openssh.com,    ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-
 sha2-nistp521,    sk-ecdsa-sha2-nistp256@openssh.com,   ssh-ed25519,sk-ssh-
 ed25519@openssh.com,   rsa-sha2-512,rsa-sha2-256,ssh-rsa   The   list    of
 available  key types may also be obtained using Sets one or more public key
 authentication options.  Two option keywords are currently supported:  (the
 default;  indicating  no  additional  options  are  enabled) and The option
 causes public key authentication using a FIDO authenticator algorithm (i.e.
 or to always require the signature to attest that a physically present user
 explicitly  confirmed  the  authentication   (usually   by   touching   the
 authenticator).   By default, requires user presence unless overridden with
 an authorized_keys option.  The flag disables this override.   This  option
 has  no  effect  for  other, non-authenticator public key types.  Specifies
 whether public key authentication is allowed.  The default is Specifies the
 maximum  amount  of  data that may be transmitted before the session key is
 renegotiated, optionally followed a maximum amount of time  that  may  pass
 before the session key is renegotiated.  The first argument is specified in
 bytes and may have a suffix of or  to  indicate  Kilobytes,  Megabytes,  or
 Gigabytes,  respectively.   The  default  is  between  and depending on the
 cipher.  The optional second value is specified in seconds and may use  any
 of  the  units  documented  in the section.  The default value for is which
 means that rekeying is performed after the cipher's default amount of  data
 has  been  sent  or received and no time based rekeying is done.  Specifies
 revoked public keys file, or to not use one.  Keys listed in this file will
 be  refused  for  public key authentication.  Note that if this file is not
 readable, then public key authentication will be  refused  for  all  users.
 Keys  may  be specified as a text file, listing one public key per line, or
 as  an  OpenSSH  Key  Revocation  List  (KRL)  as  generated  by  For  more
 information  on  KRLs, see the KEY REVOCATION LISTS section in Specifies an
 explicit routing domain that is applied after authentication has completed.
 The  user  session, as well and any forwarded or listening IP sockets, will
 be bound to this If the routing domain is set to then the domain  in  which
 the  incoming connection was received will be applied.  Specifies a path to
 a library that will be used when loading  FIDO  authenticator-hosted  keys,
 overriding  the  default  of using the built-in USB HID support.  Specifies
 one or more environment variables to set in child sessions  started  by  as
 The  environment  value  may  be  quoted  (e.g.  if  it contains whitespace
 characters).  Environment variables set by override the default environment
 and any variables specified by the user via or Sets the octal file creation
 mode mask used when creating a Unix-domain socket file for local or  remote
 port  forwarding.   This option is only used for port forwarding to a Unix-
 domain socket file.  The default value is 0177, which creates a Unix-domain
 socket file that is readable and writable only by the owner.  Note that not
 all operating systems honor the file  mode  on  Unix-domain  socket  files.
 Specifies  whether  to remove an existing Unix-domain socket file for local
 or remote port forwarding before creating a new one.  If  the  socket  file
 already  exists  and  is not enabled, will be unable to forward the port to
 the Unix-domain socket file.  This option is only used for port  forwarding
 to  a  Unix-domain  socket  file.   The  argument must be or The default is
 Specifies whether should check file modes and ownership of the user's files
 and  home  directory  before  accepting  login.  This is normally desirable
 because novices sometimes  accidentally  leave  their  directory  or  files
 world-writable.   The  default  is  Note  that this does not apply to whose
 permissions and  ownership  are  checked  unconditionally.   Configures  an
 external  subsystem  (e.g.  file  transfer  daemon).  Arguments should be a
 subsystem name and a command (with  optional  arguments)  to  execute  upon
 subsystem   request.    The  command  implements  the  SFTP  file  transfer
 subsystem.  Alternately the name  implements  an  in-process  SFTP  server.
 This may simplify configurations using to force a different filesystem root
 on clients.  By default no subsystems are defined.  Gives the facility code
 that  is  used  when logging messages from The possible values are: DAEMON,
 USER, AUTH, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
 The  default  is  AUTH.   Specifies  whether  the  system  should  send TCP
 keepalive messages to the other side.  If  they  are  sent,  death  of  the
 connection  or  crash  of  one  of  the  machines will be properly noticed.
 However, this means  that  connections  will  die  if  the  route  is  down
 temporarily,  and  some people find it annoying.  On the other hand, if TCP
 keepalives are not sent, sessions may  hang  indefinitely  on  the  server,
 leaving  users and consuming server resources.  The default is (to send TCP
 keepalive messages), and the server will notice if the network goes down or
 the  client  host  crashes.   This  avoids infinitely hanging sessions.  To
 disable TCP keepalive messages, the value should be set to Specifies a file
 containing  public keys of certificate authorities that are trusted to sign
 user certificates for authentication, or to not use one.  Keys  are  listed
 one  per  line;  empty  lines and comments starting with are allowed.  If a
 certificate is presented for authentication and  has  its  signing  CA  key
 listed  in  this  file, then it may be used for authentication for any user
 listed in the certificate's principals list.  Note that  certificates  that
 lack  a  list  of principals will not be permitted for authentication using
 For more details on certificates, see the CERTIFICATES section in Specifies
 whether should look up the remote host name, and to check that the resolved
 host name for the remote IP address maps back to the very same IP  address.
 If  this  option  is  set to (the default) then only addresses and not host
 names may be used in and directives.  Enables the Pluggable  Authentication
 Module  interface.  If set to this will enable PAM authentication using and
 in  addition  to  PAM  account  and  session  module  processing  for   all
 authentication   types.    Because  PAM  challenge-response  authentication
 usually serves an equivalent role to password  authentication,  you  should
 disable  either or If is enabled, you will not be able to run as a non-root
 user.  The default is Optionally specifies additional text to append to the
 SSH  protocol  banner  sent  by the server upon connection.  The default is
 Specifies the first display number  available  for  X11  forwarding.   This
 prevents  sshd  from interfering with real X11 servers.  The default is 10.
 Specifies whether X11 forwarding is permitted.  The argument must be or The
 default is When X11 forwarding is enabled, there may be additional exposure
 to the server and to client displays if the proxy display is configured  to
 listen  on  the  wildcard  address  (see  though  this  is not the default.
 Additionally,  the  authentication   spoofing   and   authentication   data
 verification  and substitution occur on the client side.  The security risk
 of using X11 forwarding is that the client's  X11  display  server  may  be
 exposed to attack when the SSH client requests forwarding (see the warnings
 for in A system administrator may have a  stance  in  which  they  want  to
 protect  clients  that  may  expose  themselves  to  attack  by unwittingly
 requesting  X11  forwarding,  which  can  warrant  a  setting.   Note  that
 disabling  X11  forwarding  does  not  prevent  users  from  forwarding X11
 traffic, as users can  always  install  their  own  forwarders.   Specifies
 whether should bind the X11 forwarding server to the loopback address or to
 the wildcard address.  By default, sshd binds the forwarding server to  the
 loopback  address and sets the hostname part of the environment variable to
 This prevents remote hosts from connecting to the proxy display.   However,
 some  older  X11  clients may not function with this configuration.  may be
 set to to specify that  the  forwarding  server  should  be  bound  to  the
 wildcard  address.   The  argument  must be or The default is Specifies the
 full pathname of the program, or to not use one.  The default  is  command-
 line  arguments  and  configuration  file  options that specify time may be
 expressed using a sequence of the form: where is a positive  integer  value
 and  is one of the following: seconds seconds minutes hours days weeks Each
 member of the sequence is added together to calculate the total time value.
 Time format examples: 600 seconds (10 minutes) 10 minutes 1 hour 30 minutes
 (90 minutes) Arguments to some keywords can make use of tokens,  which  are
 expanded  at  runtime:  A  literal The routing domain in which the incoming
 connection was received.  The fingerprint of the CA key.   The  fingerprint
 of  the key or certificate.  The home directory of the user.  The key ID in
 the certificate.  The base64-encoded CA key.   The  base64-encoded  key  or
 certificate for authentication.  The serial number of the certificate.  The
 type of the CA key.  The key or certificate type.  The numeric user  ID  of
 the target user.  The username.  accepts the tokens %%, %f, %h, %k, %t, %U,
 and %u.  accepts the tokens %%, %h, %U, and %u.  accepts the tokens %%, %F,
 %f, %h, %i, %K, %k, %s, %T, %t, %U, and %u.  accepts the tokens %%, %h, %U,
 and %u.  accepts the tokens %%, %h, %U, and  %u.   accepts  the  token  %D.
 Contains  configuration data for This file should be writable by root only,
 but it is recommended (though not necessary)  that  it  be  world-readable.
 OpenSSH  is a derivative of the original and free ssh 1.2.12 release by and
 removed  many  bugs,  re-added  newer   features   and   created   OpenSSH.
 contributed  the  support  for  SSH  protocol  versions  1.5  and 2.0.  and
 contributed support for privilege separation.