sshd2, sshd - Secure shell daemon
sshd2 [-d debug_level_spec] [-f config_file] [-h
host_key_file] [-o options] [-p port ] [-v] [-g
login_grace_time] [-i] [-q]
Sends extensive debug information to stderr. The
debug_level_spec argument is a number between 0 and 99,
where 99 specifies that all debug information should be
displayed, or it can be a comma-separated list of assignments,
such as ModulePattern=debug_level. This option is
intended only for debugging the server. Specifies the
name of the configuration file. The default is
/etc/ssh2/sshd2_config. If this is specified, the default
configuration file is not read. Specifies the file from
which the host key is read. The default file is
/etc/ssh2/hostkey. If the sshd2 daemon is not run as root,
the default host key file will be $HOME$/.ssh2/hostkey.
Specifies configuration keywords. This is useful for specifying
keywords for which there is no separate commandline
flag. The -o option has the same format as a line in
the configuration file. Comment lines are not accepted.
Where applicable, the egrep regex format is used. Specifies
the port on which the system listens for connections.
The default port is 22. Enables the verbose mode, and
displays verbose debugging messages. This option can also
be specified in the configuration file. Enables quiet
mode. Nothing is sent to the system log. Normally the
beginning, authentication, and termination of each connection
is logged. This option can also be specified in
the configuration file. Gives the grace time for clients
to authenticate themselves. The default is 600 seconds.
If the client fails to authenticate the user within the
specified time, the system disconnects and exits. A value
of zero indicates no limit. Specifies that the sshd2 daemon
is being run from the inetd daemon.
The sshd2 Secure Shell daemon runs on the Secure Shell
server. It is normally run as root, and is the server
counterpart for ssh2. Together, these programs replace
and extend the rlogin and rsh services, and provide secure
encrypted communication channels between two hosts connected
over an insecure network. They are intended to be
easy to install and use.
The sshd2 daemon is normally started at boot time from
/etc/rc.local or its equivalent. It forks a new daemon
for each incoming connection. The forked daemons handle
key exchange, encryption, authentication, command execution,
and data exchange.
The sshd2 daemon can be configured using command-line
options or a configuration file. Command-line options
override values specified in the configuration file. The
sshd2 daemon reads configuration data from the
/etc/ssh2/sshd2_config file (or the file specified with
the -f option on the command line). The file contains
keyword-value pairs, one per line. Lines starting with
the pound (#) sign and empty lines are interpreted as
comments.
Subconfiguration files can also be specified in the
main configuration file. However, if changes are made in
the main configuration file, the sshd2 daemon must be
restarted.
LOGIN PROCESS [Toc] [Back]
When a user successfully logs in, the sshd2 daemon takes
the following steps: Changes the process to run with normal
user privileges. Sets up basic environment. Reads
the /etc/environment file if it exists. Changes to the
user's home directory. Runs the user's shell or command.
SSH WITH TCP WRAPPERS [Toc] [Back]
When the sshd2 daemon compiles with TCP wrapper libraries,
the hosts.allow and hosts.deny files control who can connect
to ports forwarded by the sshd2 daemon.
The names in the hosts.allow and hosts.deny files are
sshd2, sshdfwd-<portname>, and sshdfwd-X11 for forwarded
ports on which the Secure Shell client or server is listening.
If a port has a defined name, you must use it.
Contains sshd2 daemon configuration information. This file
should be writable by root only and readable by world
(though not necessary). Contains the private part of the
host key. You can create this file automatically by running
the make install command or manually by using the
ssh-keygen2 command. This file contains vital cryptographic
information, and should only be read or modified
by root. Contains the public part of the host key. You
can create this file automatically by running the make
install command or manually by using the ssh-keygen2 command.
This file should be writable by root only and readable
by world. Contains a seed for the random number generator.
This file should be accessible only by root.
Contains information on how the server will verify the
identity of an user. See ssh2(1) for more information.
If this file exists, the sshd2 daemon will not print
information during login. (This information is normally
the user's last login time, message of the day, and mail
check.) If this file exists, the sshd2 daemon refuses to
let anyone except root log in. The contents of the file
are displayed to anyone trying to log in. The file should
be readable by world. Contains a list of remote users who
are not required to supply a password when they use the
ssh2 command to log in. Before the user can log in, the
sshd2 daemon requires public host key authentication in
addition to validating the host name retrieved from domain
name servers.
The file must be writable only by the user; it
should not be accessible by others. You can use
+@group to specify a netgroup.
This file is also used by the rlogind and rshd daemons.
See for more information about the file. This file
is the same as the file, except it allows access
only through ssh2. Contains the names of remote
hosts and users that are equivalent to the local
host or user. An equivalent host or user is allowed
to use the ssh2 command to log in to such an
account without supplying a password, provided they
have the same user name on both machines. Additionally,
successful host-based authentication is normally
required. This file must be writable only by
root and should be readable by world.
You can use +@group to specify a netgroup. Negated
entries start with a minus sign (-).
Note
The only valid use for user names should be in
negated entries. Specified user names in the
hosts.equiv file can log in as anybody including
bin, daemon, adm, and other accounts that own critical
binaries and directories.
See hosts.equiv(4) for more information about the
hosts.equiv file. This file is the same as the
hosts.equiv file except it allows access only
through ssh2. Contains the public host keys of
hosts that users need to log in to when using host
based authentication.
The xxxx is the fully qualified domain name (FQDN)
and yyyy is the public key algorithm. Public key
algorithms are ssh-dss and ssh-rsa. For example,
if the FQDN for a host is server1.foo.fi and it has
a key algorithm of ssh-dss, the host key would be
server1.foo.fi.ssh-dss.pub in the knownhosts directory.
A user must add the host name to a $HOME/.shosts
file or an $HOME/.rhosts file. If the user name is
the same in both hosts, it is adequate to put the
public host key in /etc/ssh2/knownhosts and add the
host's name to /etc/shosts.equiv (or
/etc/hosts.equiv). Same as the $HOME/.ssh2/knownhosts/xxxxyyyy.pub
file, but system-wide. This file
is overridden if the user puts a file with the same
name in the $HOME/.ssh2/knownhosts directory.
SSH is a registered trademark of SSH Communication Security
Ltd.
Commands: rcp(1), rlogin(1), rsh(1), scp2(1), sftp(1),
ssh2(1), ssh-agent2(1), ssh-add2(1), ssh-keygen2(1), telnet(1), sshd2(8), sshd2-check-conf(8)
Files: sshd2_config(4)
sshd2(8)
[ Back ] |
