sshd Keywords

OpenSSH

Tectia

Keyword

Value

Meaning

#

Any text

Comment line

 

AcceptEnv

Variables

Copy client environment variables to server

 

AllowAgentForwarding

Yes/no

Same as ForwardAgent

 

AllowedAuthentications

Auth types

Permitted authentication techniques

AllowGroups

Group list

Access control by Unix group

 

AllowHosts

Host list

Access control by hostname

 

AllowSHosts

Host list

Access control via .shosts

AllowTcpForwarding

Yes/no

Enable TCP port forwarding

 

AllowTcpForwardingForUsers

User list

Per user forwarding

 

AllowTcpForwardingForGroups

Group list

Per group forwarding

AllowUsers

User list

Access control by username

 

AllowX11Forwarding

Yes/no

Same as ForwardX11

 

AuthInteractiveFailureTimeout

Seconds

 
 

AuthKbdInt.NumOptional

# submethods

Set number of optional submethods required for authentication

 

AuthKbdInt.Optional

Auth methods

Set optional authentication submethods for keyboard-interactive auth

 

AuthKbdInt.Plugin

Filename

Path to plugin for keyboard-interactive auth

 

AuthKbdInt.RADIUS.NASIdentifier

 

Client identifier for RADIUS keyboard-interactive authentication

 

AuthKbdInt.RADIUS.Server

Server spec

RADIUS server for keyboard-interactive auth

 

AuthKbdInt.Required

Auth methods

Set required authentication submethods for keyboard-interactive auth

 

AuthKbdInt.Retries

# retries

Permitted retries for keyboard-interactive auth

 

AuthorizationFile

Filename

Location of authorization file

 

AuthorizedKeysFile

Filename

Location of authorization file

 

AuthPassword.ChangePlugin

Filename

Location of password-change plugin program

 

AuthPublicKey.MaxSize

# bytes

Max size of public key

 

AuthPublicKey.MinSize

# bytes

Min size of public key

2

 

Banner

Filename

Location of banner file

 

BannerMessageFile

Filename

Location of banner file

 

Cert.RSA.Compat.HashScheme

md5/sha1

Set hash compatibility

 

CertdListenerPath

Filename

Location of certificate validation daemon

 

ChallengeResponseAuthentication

Yes/no

Permit Challenge-Response authentication

CheckMail

Yes/no

Check new mail on login

 

ChRootGroups

Group list

Run chroot() on login

 

ChRootUsers

User list

Run chroot() on login

2

Ciphers

Cipher list

Select encryption ciphers

 

ClientAliveCountMax

# messages

Upper limit on client-alive messages

 

ClientAliveInterval

Time

Frequency of sending client-alive messages

 

Compression

Yes/no

Enable compression

DenyGroups

Group list

Access control by Unix group

 

DenyHosts

Host list

Access control by hostname

 

DenySHosts

Host list

Access control via .shosts

 

DenyTcpForwardingForUsers

User list

Per user forwarding

 

DenyTcpForwardingForGroups

Group list

Per group forwarding

DenyUsers

User list

Access control by username

 

DisableVersionFallback

Yes/no

Compatibility with old versions of software

 

ExternalAuthorizationProgram

Filename

Location of authorization program

 

ForwardACL

Forwarding spec

Access control over port forwarding

 

ForwardAgent

Yes/no

Enable agent forwarding

ForwardX11

Yes/no

Enable X forwarding

 

GatewayPorts

Yes/no

Gateway all locally forwarded ports

 

GSSAPI.AllowedMethods

kerberos

Permitted GSSAPI methods

 

GSSAPI.AllowOldMethodWhichIsInsecure

Yes/no

Use fallback code for old GSSAPI methods

 

GSSAPI.Dlls

Directory

Path to GSSAPI libraries

2

 

GSSAPIAuthentication

Yes/no

Enable GSSAPI authentication

2

 

GSSAPICleanupCredentials

Yes/no

Destroy credentials on logout

2

 

HostbasedAuthentication

Yes/no

Enable hostbase authentication

 

HostbasedAuthForceClientHostnameDNSMatch

Yes/no

Fail authentication on DNS mismatch

 

HostCertificateFile

Filename

Location of X.509 certificate key file

 

HostKey

Filename

Location of host key file

 

HostKeyEkInitString

Init string

Initialization string for external host key provider

 

HostKeyEkProvider

Provider spec

External host key provider

 

HostKeyEkTimeOut

Time

External host key provider timeout

 

HostKeyFile

Filename

Location of host key file

 

HostSpecificConfig

Filename

Location of subconfiguration file for hosts

 

IdleTimeout

Time

Set idle timeout

 

IgnoreLoginRestrictions.PasswordExpiration

Yes/no

Ignore password-expiration policy of operating system

 

IgnoreLoginRestrictions.Rlogin.AIX

Yes/no

Ignore remote login restriction on IBM AIX

IgnoreRhosts

Yes/no

Ignore .rhosts files

 

IgnoreRootRhosts

Yes/no

Ignore .rhosts for root

 

IgnoreUserKnownHosts

Yes/no

Ignore user's known-hosts keys

 

KeepAlive

Yes/no

Send keepalive packets

 

KerberosAuthentication

Yes/no

Permit Kerberos authentication

 

KerberosGetAFSToken

Yes/no

Attempt to get AFS tokens (Kerberos)

 

KerberosOrLocalPasswd

Yes/no

Kerberos fallback authentication

 

KerberosTicketCleanup

Yes/no

Destroy ticket cache on logout

 

KeyRegenerationInterval

Time

Key regeneration interval

ListenAddress

IP address

Listen on given interface

LoginGraceTime

Time

Time limit for authentication

 

LogLevel

Syslog level

Set syslog level

Macs

Algorithm

Select MAC algorithm

 

MaxAuthTries

# attempts

Maximum number of authentication attempts per connection

 

MaxBroadcastsPerSecond

# broadcasts

Listen for UDP broadcasts

 

MaxConnections

# connections

Maximum # of simultaneous connections

 

MaxStartups

# connections

Maximum # of simultaneous connections

 

NoDelay

Yes/no

Enable Nagle Algorithm

 

PasswordAuthentication

Yes/no

Permit password authentication

 

PasswordGuesses

# guesses

Limit # of password tries

  

PasswordExpireWarningDays

# days

Warn user before expiration

PermitEmptyPasswords

Yes/no

Permit empty passwords

PermitRootLogin

Yes/no/nopwd

Permit superuser logins

 

PermitUserEnvironment

Yes/no

Permit users to set environment variables

 

PGPPublicKeyFile

Filename

Default location of PGP public-key file for authentication

 

PidFile

Filename

Location of pid file

Port

Port number

Select server port number

 

PrintLastLog

Yes/no

Print date/time of last login

PrintMotd

Yes/no

Print message of the day

 

Protocol

1/2/1,2

Permit SSH-1,SSH-2 connections

 

ProxyServer

Server spec

Set SOCKS server

2

 

PubKeyAuthentication

Yes/no

Permit public-key authentication

 

PublicHostKeyFile

Filename

Location of public host key

 

QuietMode

Yes/no

Quiet mode

  

RandomSeed

Filename

Location of random seed file

 

RandomSeedFile

Filename

Location of random seed file

 

RekeyIntervalSeconds

Seconds

Frequency of rekeying

 

RequiredAuthentications

Auth types

Required authentication techniques

 

RequireReverseMapping

Yes/no

Do reverse DNS lookup

 

ResolveClientHostName

Yes/no

Should server resolve client IP addresses

1

 

RhostsRSAAuthentication

Yes/no

Permit combined authentication

1

 

RSAAuthentication

Yes/no

Permit public-key authentication

 

ServerKeyBits

# bits

# of bits in server key

 

SettableEnvironmentVariables

Patterns

Environment variables that may be set in server

 

SftpSysLogFacility

Syslog level

Set syslog level for sftp

 

SkeyAuthentication

Yes/no

Permit S/Key authentication

 

Ssh1Compatibility

Yes/no

Enable SSH1 compatibility

 

Sshd1ConfigFile

Filename

Configuration file for SSH-1 sessions

 

Sshd1Path

Filename

Path to sshd1

 

SocksServer

 

Same as ProxyServer

StrictModes

Yes/no

Strict file/directory permissions

 

Subsystem-name

Name | URL

Define a subsystem

 

Subsystem

Name

Define a subsystem

SyslogFacility

Syslog level

Set syslog level

 

Terminal.AllowGroups

Group list

AllowGroups for terminal access

 

Terminal.AllowUsers

User list

AllowUsers for terminal access

 

Terminal.DenyGroups

Group list

DenyGroups for terminal access

 

Terminal.DenyUsers

User list

DenyUsers for terminal access

 

TCPKeepAlive

Yes/no

Send keepalive packets

 

UseDNS

Yes/no

Do reverse DNS lookups

 

UseLogin

Yes/no

Select login program

 

UsePAM

Yes/no

Use Pluggable Authentication Modules (PAM)

 

UsePrivilegeSeparation

Yes/no

Enable privilege separation

 

UserConfigDirectory

Directory name

Location of user SSH2 directories

 

UserKnownHosts

Yes/no

Respect ~/.ssh2/knownhosts

 

UserSpecificConfig

Filename

Location of subconfiguration file for users

 

UseSOCKS5

Yes/no

Use SOCKS5 instead of SOCKS4

 

VerboseMode

Yes/no

Verbose mode

X11Forwarding

Yes/no

Same as ForwardX11

 

X11DisplayOffset

# offset

Limit X displays for SSH

 

X11UseLocalhost

Yes/no

Bind X server to loopback or wildcard address

 

XAuthLocation

Filename

Location of xauth

 

XAuthPath

Filename

Location of xauth