sshd_config man page on OpenServer

Man page or keyword search:  
man Server   5388 pages
apropos Keyword Search (all sections)
Output format
OpenServer logo
[printable version]

SSHD_CONFIG(5)							SSHD_CONFIG(5)

NAME
       sshd_config - OpenSSH SSH daemon configuration file

SYNOPSIS
       /etc/ssh/sshd_config

DESCRIPTION
       sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file
       specified with -f on the command line).	 The  file  contains  keyword-
       argument	 pairs, one per line.  Lines starting with `#' and empty lines
       are interpreted as comments.  Arguments may optionally be  enclosed  in
       double quotes (") in order to represent arguments containing spaces.

       The possible keywords and their meanings are as follows (note that key-
       words are case-insensitive and arguments are case-sensitive):

       AcceptEnv
	      Specifies what environment variables sent by the client will  be
	      copied  into  the session's environ(7).  See SendEnv in ssh_con-
	      fig(5) for how to configure the client.  Note  that  environment
	      passing  is only supported for protocol 2.  Variables are speci-
	      fied by name, which may contain the wildcard characters `*'  and
	      `?'.   Multiple environment variables may be separated by white-
	      space or spread across multiple AcceptEnv directives.  Be warned
	      that   some  environment	variables  could  be  used  to	bypass
	      restricted user environments.  For this reason, care  should  be
	      taken  in	 the  use  of  this  directive.	 The default is not to
	      accept any environment variables.

       AddressFamily
	      Specifies which address family should be used by sshd(8).	 Valid
	      arguments	 are  ``any'',	``inet'' (use IPv4 only), or ``inet6''
	      (use IPv6 only).	The default is ``any''.

       AllowGroups
	      This keyword can be followed by a list of group  name  patterns,
	      separated	 by  spaces.   If specified, login is allowed only for
	      users whose primary group or supplementary  group	 list  matches
	      one  of  the  patterns.  Only group names are valid; a numerical
	      group ID is not recognized.  By default, login  is  allowed  for
	      all groups.  The allow/deny directives are processed in the fol-
	      lowing order: DenyUsers,	AllowUsers,  DenyGroups,  and  finally
	      AllowGroups.

	      See  PATTERNS in ssh_config(5) for more information on patterns.

       AllowTcpForwarding
	      Specifies whether TCP forwarding is permitted.  The  default  is
	      ``yes''.	 Note  that  disabling TCP forwarding does not improve
	      security unless users are also denied shell access, as they  can
	      always install their own forwarders.

       AllowUsers
	      This  keyword  can  be followed by a list of user name patterns,
	      separated by spaces.  If specified, login is  allowed  only  for
	      user  names that match one of the patterns.  Only user names are
	      valid; a numerical user ID is not recognized.  By default, login
	      is  allowed  for	all  users.   If  the  pattern	takes the form
	      USER@HOST then USER and HOST are separately checked, restricting
	      logins   to   particular	 users	from  particular  hosts.   The
	      allow/deny directives are	 processed  in	the  following	order:
	      DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.

	      See  PATTERNS in ssh_config(5) for more information on patterns.

       AuthorizedKeysFile
	      Specifies the file that contains the public  keys	 that  can  be
	      used  for	 user  authentication.	AuthorizedKeysFile may contain
	      tokens of the form %T which are  substituted  during  connection
	      setup.   The  following  tokens are defined: %% is replaced by a
	      literal '%', %h is replaced by the home directory	 of  the  user
	      being  authenticated, and %u is replaced by the username of that
	      user.  After expansion, AuthorizedKeysFile is  taken  to	be  an
	      absolute path or one relative to the user's home directory.  The
	      default is ``.ssh/authorized_keys''.

       Banner In some jurisdictions, sending a warning message before  authen-
	      tication may be relevant for getting legal protection.  The con-
	      tents of the specified file are sent to the remote  user	before
	      authentication  is  allowed.   This option is only available for
	      protocol version 2.  By default, no banner is displayed.

       ChallengeResponseAuthentication
	      Specifies whether challenge-response authentication is  allowed.
	      All authentication styles from login.conf(5) are supported.  The
	      default is ``yes''.

       Ciphers
	      Specifies the ciphers allowed for protocol version 2.   Multiple
	      ciphers  must  be	 comma-separated.   The	 supported ciphers are
	      ``3des-cbc'',  ``aes128-cbc'',  ``aes192-cbc'',  ``aes256-cbc'',
	      ``aes128-ctr'',  ``aes192-ctr'', ``aes256-ctr'', ``arcfour128'',
	      ``arcfour256'',	  ``arcfour'',	    ``blowfish-cbc'',	   and
	      ``cast128-cbc''.	The default is:

	      aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
	      arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
	      aes192-ctr,aes256-ctr

       ClientAliveCountMax
	      Sets  the	 number of client alive messages (see below) which may
	      be sent without sshd(8) receiving any  messages  back  from  the
	      client.	If  this  threshold is reached while client alive mes-
	      sages are being sent, sshd will disconnect the client, terminat-
	      ing the session.	It is important to note that the use of client
	      alive messages is very different from TCPKeepAlive (below).  The
	      client alive messages are sent through the encrypted channel and
	      therefore will not  be  spoofable.   The	TCP  keepalive	option
	      enabled  by  TCPKeepAlive is spoofable.  The client alive mecha-
	      nism is valuable when the client or  server  depend  on  knowing
	      when a connection has become inactive.

	      The  default  value is 3.	 If ClientAliveInterval (see below) is
	      set to 15, and ClientAliveCountMax is left at the default, unre-
	      sponsive SSH clients will be disconnected after approximately 45
	      seconds.	This option applies to protocol version 2 only.

       ClientAliveInterval
	      Sets a timeout interval in seconds after which if	 no  data  has
	      been  received  from  the	 client,  sshd(8)  will send a message
	      through the encrypted channel to request	a  response  from  the
	      client.	The  default is 0, indicating that these messages will
	      not be sent to the client.  This option applies to protocol ver-
	      sion 2 only.

       Compression
	      Specifies	 whether  compression is allowed, or delayed until the
	      user has	authenticated  successfully.   The  argument  must  be
	      ``yes'', ``delayed'', or ``no''.	The default is ``delayed''.

       DenyGroups
	      This  keyword  can be followed by a list of group name patterns,
	      separated by spaces.  Login is disallowed for users  whose  pri-
	      mary  group  or supplementary group list matches one of the pat-
	      terns.  Only group names are valid; a numerical group ID is  not
	      recognized.   By	default, login is allowed for all groups.  The
	      allow/deny directives are	 processed  in	the  following	order:
	      DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups.

	      See  PATTERNS in ssh_config(5) for more information on patterns.

       DenyUsers
	      This keyword can be followed by a list of	 user  name  patterns,
	      separated	 by  spaces.   Login is disallowed for user names that
	      match one of the patterns.  Only user names are valid; a numeri-
	      cal user ID is not recognized.  By default, login is allowed for
	      all users.  If the pattern takes the form	 USER@HOST  then  USER
	      and  HOST are separately checked, restricting logins to particu-
	      lar users from particular hosts.	The allow/deny directives  are
	      processed	 in  the following order: DenyUsers, AllowUsers, Deny-
	      Groups, and finally AllowGroups.

	      See PATTERNS in ssh_config(5) for more information on  patterns.

       ForceCommand
	      Forces  the  execution of the command specified by ForceCommand,
	      ignoring any command supplied by the  client.   The  command  is
	      invoked  by  using  the  user's  login shell with the -c option.
	      This applies to shell, command, or subsystem execution.	It  is
	      most  useful  inside a Match block.  The command originally sup-
	      plied by the client is  available	 in  the  SSH_ORIGINAL_COMMAND
	      environment variable.

       GatewayPorts
	      Specifies	 whether  remote hosts are allowed to connect to ports
	      forwarded for the client.	 By default, sshd(8) binds remote port
	      forwardings to the loopback address.  This prevents other remote
	      hosts from connecting to forwarded ports.	 GatewayPorts  can  be
	      used  to	specify that sshd should allow remote port forwardings
	      to bind to non-loopback addresses, thus allowing other hosts  to
	      connect.	 The  argument may be ``no'' to force remote port for-
	      wardings to be available to the  local  host  only,  ``yes''  to
	      force  remote  port forwardings to bind to the wildcard address,
	      or ``clientspecified'' to allow the client to select the address
	      to which the forwarding is bound.	 The default is ``no''.

       GSSAPIAuthentication
	      Specifies	  whether  user	 authentication	 based	on  GSSAPI  is
	      allowed.	The default is ``no''.	Note that this option  applies
	      to protocol version 2 only.

       GSSAPICleanupCredentials
	      Specifies	 whether  to  automatically destroy the user's creden-
	      tials cache on logout.  The default is ``yes''.  Note that  this
	      option applies to protocol version 2 only.

       HostbasedAuthentication
	      Specifies	 whether  rhosts  or  /etc/hosts.equiv	authentication
	      together with successful public key client  host	authentication
	      is  allowed (host-based authentication).	This option is similar
	      to RhostsRSAAuthentication and applies  to  protocol  version  2
	      only.  The default is ``no''.

       HostbasedUsesNameFromPacketOnly
	      Specifies	 whether  or  not the server will attempt to perform a
	      reverse name lookup when matching the  name  in  the  ~/.shosts,
	      ~/.rhosts,  and /etc/hosts.equiv files during HostbasedAuthenti-
	      cation.  A setting of ``yes'' means that sshd(8) uses  the  name
	      supplied	by  the	 client	 rather than attempting to resolve the
	      name from the TCP connection itself.  The default is ``no''.

       HostKey
	      Specifies a file containing a private host key used by SSH.  The
	      default  is  /etc/ssh/ssh_host_key  for  protocol version 1, and
	      /etc/ssh/ssh_host_rsa_key and /etc/ssh/ssh_host_dsa_key for pro-
	      tocol version 2.	Note that sshd(8) will refuse to use a file if
	      it is group/world-accessible.  It is possible to	have  multiple
	      host  key	 files.	  ``rsa1''  keys  are  used  for version 1 and
	      ``dsa'' or ``rsa'' are used for version 2 of the SSH protocol.

       IgnoreRhosts
	      Specifies that .rhosts and .shosts files will  not  be  used  in
	      RhostsRSAAuthentication or HostbasedAuthentication.

	      /etc/hosts.equiv	and /etc/ssh/shosts.equiv are still used.  The
	      default is ``yes''.

       IgnoreUserKnownHosts
	      Specifies	  whether   sshd(8)   should   ignore	 the	user's
	      ~/.ssh/known_hosts   during   RhostsRSAAuthentication  or	 Host-
	      basedAuthentication.  The default is ``no''.

       KerberosAuthentication
	      Specifies whether the password provided by the user for Passwor-
	      dAuthentication  will be validated through the Kerberos KDC.  To
	      use this option, the  server  needs  a  Kerberos	servtab	 which
	      allows  the  verification of the KDC's identity.	The default is
	      ``no''.

       KerberosGetAFSToken
	      If AFS is active and the user has a Kerberos 5 TGT,  attempt  to
	      acquire an AFS token before accessing the user's home directory.
	      The default is ``no''.

       KerberosOrLocalPasswd
	      If password authentication through Kerberos fails then the pass-
	      word  will  be validated via any additional local mechanism such
	      as /etc/passwd.  The default is ``yes''.

       KerberosTicketCleanup
	      Specifies whether to automatically  destroy  the	user's	ticket
	      cache file on logout.  The default is ``yes''.

       KeyRegenerationInterval
	      In protocol version 1, the ephemeral server key is automatically
	      regenerated after this many seconds (if it has been used).   The
	      purpose  of  regeneration is to prevent decrypting captured ses-
	      sions by later breaking into the machine and stealing the	 keys.
	      The key is never stored anywhere.	 If the value is 0, the key is
	      never regenerated.  The default is 3600 (seconds).

       ListenAddress
	      Specifies the local addresses sshd(8)  should  listen  on.   The
	      following forms may be used:

	      ListenAddress host|IPv4_addr|IPv6_addr

	      ListenAddress host|IPv4_addr:port

	      ListenAddress [host|IPv6_addr]:port

	      If  port	is  not specified, sshd will listen on the address and
	      all prior Port options specified.	 The default is to  listen  on
	      all local addresses.  Multiple ListenAddress options are permit-
	      ted.  Additionally, any Port options must	 precede  this	option
	      for non-port qualified addresses.

       LoginGraceTime
	      The  server disconnects after this time if the user has not suc-
	      cessfully logged in.  If the value is 0, there is no time limit.
	      The default is 120 seconds.

       LogLevel
	      Gives  the  verbosity  level  that is used when logging messages
	      from sshd(8).  The possible values  are:	QUIET,	FATAL,	ERROR,
	      INFO,  VERBOSE,  DEBUG, DEBUG1, DEBUG2, and DEBUG3.  The default
	      is INFO.	DEBUG and DEBUG1 are equivalent.   DEBUG2  and	DEBUG3
	      each  specify higher levels of debugging output.	Logging with a
	      DEBUG level violates the privacy of  users  and  is  not	recom-
	      mended.

       MACs   Specifies	 the available MAC (message authentication code) algo-
	      rithms.  The MAC algorithm is used in  protocol  version	2  for
	      data  integrity  protection.  Multiple algorithms must be comma-
	      separated.    The	  default    is:    ``hmac-md5,hmac-sha1,hmac-
	      ripemd160,hmac-sha1-96,hmac-md5-96''.

       Match  Introduces  a  conditional block.	 If all of the criteria on the
	      Match line are satisfied, the keywords on	 the  following	 lines
	      override	those  set  in	the global section of the config file,
	      until either another Match line or the end  of  the  file.   The
	      arguments	 to Match are one or more criteria-pattern pairs.  The
	      available criteria are User, Group, Host, and Address.   Only  a
	      subset  of  keywords  may be used on the lines following a Match
	      keyword.	Available  keywords  are  AllowTcpForwarding,  Banner,
	      ForceCommand,  GatewayPorts,  GSSApiAuthentication,  KbdInterac-
	      tiveAuthentication, KerberosAuthentication,  PasswordAuthentica-
	      tion,  PermitOpen,  RhostsRSAAuthentication,  RSAAuthentication,
	      X11DisplayOffset, X11Forwarding, and X11UseLocalHost.

       MaxAuthTries
	      Specifies the maximum number of authentication attempts  permit-
	      ted  per	connection.   Once the number of failures reaches half
	      this value, additional failures are logged.  The default is 6.

       MaxStartups
	      Specifies the maximum number of concurrent unauthenticated  con-
	      nections	to  the	 SSH  daemon.	Additional connections will be
	      dropped until  authentication  succeeds  or  the	LoginGraceTime
	      expires for a connection.	 The default is 10.

	      Alternatively,  random  early  drop can be enabled by specifying
	      the  three  colon	 separated  values  ``start:rate:full''	 (e.g.
	      "10:30:60").   sshd(8)  will  refuse  connection attempts with a
	      probability  of  ``rate/100''  (30%)  if	there  are   currently
	      ``start''	 (10)  unauthenticated	connections.   The probability
	      increases linearly and all connection attempts  are  refused  if
	      the number of unauthenticated connections reaches ``full'' (60).

       PasswordAuthentication
	      Specifies	 whether  password  authentication  is	allowed.   The
	      default is ``yes''.

       PermitEmptyPasswords
	      When  password  authentication  is allowed, it specifies whether
	      the server allows login to accounts with empty password strings.
	      The default is ``no''.

       PermitOpen
	      Specifies	 the destinations to which TCP port forwarding is per-
	      mitted.  The forwarding specification must be one of the follow-
	      ing forms:

	      PermitOpen host:port

	      PermitOpen IPv4_addr:port

	      PermitOpen [IPv6_addr]:port

	      Multiple	forwards  may  be  specified  by  separating them with
	      whitespace.  An argument of ``any'' can be used  to  remove  all
	      restrictions and permit any forwarding requests.	By default all
	      port forwarding requests are permitted.

       PermitRootLogin
	      Specifies whether root can log in using  ssh(1).	 The  argument
	      must be ``yes'', ``without-password'', ``forced-commands-only'',
	      or ``no''.  The default is ``yes''.

	      If this option is set to ``without-password'', password  authen-
	      tication is disabled for root.

	      If  this	option	is set to ``forced-commands-only'', root login
	      with public key authentication will be allowed, but only if  the
	      command  option has been specified (which may be useful for tak-
	      ing remote backups even if root login is normally not  allowed).
	      All other authentication methods are disabled for root.

	      If  this option is set to ``no'', root is not allowed to log in.

       PermitTunnel
	      Specifies whether tun(4)	device	forwarding  is	allowed.   The
	      argument must be ``yes'', ``point-to-point'' (layer 3), ``ether-
	      net'' (layer 2), or ``no''.   Specifying	``yes''	 permits  both
	      ``point-to-point'' and ``ethernet''.  The default is ``no''.

       PermitUserEnvironment
	      Specifies whether ~/.ssh/environment and environment= options in
	      ~/.ssh/authorized_keys are processed by sshd(8).	The default is
	      ``no''.	Enabling  environment  processing  may enable users to
	      bypass access restrictions in some configurations	 using	mecha-
	      nisms such as LD_PRELOAD.

       PidFile
	      Specifies	 the file that contains the process ID of the SSH dae-
	      mon.  The default is /etc/sshd.pid.

       Port   Specifies the port number that sshd(8) listens on.  The  default
	      is  22.	Multiple options of this type are permitted.  See also
	      ListenAddress.

       PrintLastLog
	      Specifies whether sshd(8) should print the date and time of  the
	      last  user login when a user logs in interactively.  The default
	      is ``yes''.

       PrintMotd
	      Specifies whether sshd(8) should print  /etc/motd	 when  a  user
	      logs  in	interactively.	(On some systems it is also printed by
	      the  shell,  /etc/profile,  or  equivalent.)   The  default   is
	      ``yes''.

       Protocol
	      Specifies	 the protocol versions sshd(8) supports.  The possible
	      values are `1' and `2'.  Multiple versions must  be  comma-sepa-
	      rated.  The default is ``2,1''.  Note that the order of the pro-
	      tocol list does not  indicate  preference,  because  the	client
	      selects  among multiple protocol versions offered by the server.
	      Specifying ``2,1'' is identical to ``1,2''.

       PubkeyAuthentication
	      Specifies whether public key  authentication  is	allowed.   The
	      default  is  ``yes''.  Note that this option applies to protocol
	      version 2 only.

       RhostsRSAAuthentication
	      Specifies	 whether  rhosts  or  /etc/hosts.equiv	authentication
	      together	with  successful  RSA  host authentication is allowed.
	      The default is ``no''.  This option applies to protocol  version
	      1 only.

       RSAAuthentication
	      Specifies	 whether  pure	RSA  authentication  is	 allowed.  The
	      default is ``yes''.  This option applies to protocol  version  1
	      only.

       ServerKeyBits
	      Defines  the  number of bits in the ephemeral protocol version 1
	      server key.  The minimum value is 512, and the default is 768.

       StrictModes
	      Specifies whether sshd(8) should check file modes and  ownership
	      of  the  user's files and home directory before accepting login.
	      This is normally desirable because  novices  sometimes  acciden-
	      tally  leave  their  directory  or  files	 world-writable.   The
	      default is ``yes''.

       Subsystem
	      Configures an external subsystem (e.g.  file  transfer  daemon).
	      Arguments	 should	 be  a	subsystem  name	 and  a	 command (with
	      optional arguments) to execute upon subsystem request.  The com-
	      mand  sftp-server(8)  implements the ``sftp'' file transfer sub-
	      system.  By default no subsystems are defined.  Note  that  this
	      option applies to protocol version 2 only.

       SyslogFacility
	      Gives  the facility code that is used when logging messages from
	      sshd(8).	The possible values are: DAEMON, USER,	AUTH,  LOCAL0,
	      LOCAL1,  LOCAL2,	LOCAL3,	 LOCAL4,  LOCAL5, LOCAL6, LOCAL7.  The
	      default is AUTH.

       TCPKeepAlive
	      Specifies whether the system should send TCP keepalive  messages
	      to the other side.  If they are sent, death of the connection or
	      crash of one of the machines will be properly noticed.  However,
	      this means that connections will die if the route is down tempo-
	      rarily, and some people find it annoying.	 On the other hand, if
	      TCP  keepalives  are not sent, sessions may hang indefinitely on
	      the  server,  leaving  ``ghost''	users  and  consuming	server
	      resources.

	      The default is ``yes'' (to send TCP keepalive messages), and the
	      server will notice if the network goes down or the  client  host
	      crashes.	This avoids infinitely hanging sessions.

	      To  disable  TCP	keepalive messages, the value should be set to
	      ``no''.

       UseDNS Specifies whether sshd(8) should look up the  remote  host  name
	      and  check that the resolved host name for the remote IP address
	      maps back to the very same IP address.  The default is  ``yes''.

       UseLogin
	      Specifies	 whether  login(1)  is used for interactive login ses-
	      sions.  The default is ``no''.  Note that login(1) is never used
	      for  remote  command  execution.	 Note  also,  that  if this is
	      enabled, X11Forwarding will be disabled  because	login(1)  does
	      not know how to handle xauth(1) cookies.	If UsePrivilegeSepara-
	      tion is specified, it will be disabled after authentication.

       UsePAM Enables the Pluggable Authentication Module interface.   If  set
	      to  ``yes''  this	 will enable PAM authentication using Challen-
	      geResponseAuthentication and PasswordAuthentication in  addition
	      to PAM account and session module processing for all authentica-
	      tion types.

	      Because PAM challenge-response authentication usually serves  an
	      equivalent  role	to password authentication, you should disable
	      either  PasswordAuthentication  or  ChallengeResponseAuthentica-
	      tion.

	      If  UsePAM  is enabled, you will not be able to run sshd(8) as a
	      non-root user.  The default is ``no''.

       UsePrivilegeSeparation
	      Specifies whether sshd(8) separates privileges  by  creating  an
	      unprivileged  child  process to deal with incoming network traf-
	      fic.  After successful authentication, another process  will  be
	      created  that  has the privilege of the authenticated user.  The
	      goal of privilege separation is to prevent privilege  escalation
	      by  containing any corruption within the unprivileged processes.
	      The default is ``yes''.

       X11DisplayOffset
	      Specifies the first display number available  for	 sshd(8)Ns  's
	      X11  forwarding.	 This prevents sshd from interfering with real
	      X11 servers.  The default is 10.

       X11Forwarding
	      Specifies whether X11 forwarding	is  permitted.	 The  argument
	      must be ``yes'' or ``no''.  The default is ``no''.

	      When X11 forwarding is enabled, there may be additional exposure
	      to the server and to client displays if the sshd(8)  proxy  dis-
	      play  is	configured  to	listen	on  the	 wildcard address (see
	      X11UseLocalhost below), though this is not the  default.	 Addi-
	      tionally,	 the  authentication  spoofing and authentication data
	      verification and substitution occur on  the  client  side.   The
	      security	risk  of using X11 forwarding is that the client's X11
	      display server may be exposed to	attack	when  the  SSH	client
	      requests forwarding (see the warnings for ForwardX11 in ssh_con-
	      fig(5)) .	 A system administrator may have  a  stance  in	 which
	      they  want  to  protect  clients	that  may expose themselves to
	      attack by unwittingly requesting X11 forwarding, which can  war-
	      rant a ``no'' setting.

	      Note  that  disabling X11 forwarding does not prevent users from
	      forwarding X11 traffic, as users can always  install  their  own
	      forwarders.   X11 forwarding is automatically disabled if UseLo-
	      gin is enabled.

       X11UseLocalhost
	      Specifies whether sshd(8) should bind the X11 forwarding	server
	      to the loopback address or to the wildcard address.  By default,
	      sshd binds the forwarding server to  the	loopback  address  and
	      sets  the	 hostname  part of the DISPLAY environment variable to
	      ``localhost''.  This prevents remote hosts  from	connecting  to
	      the  proxy  display.   However,  some  older X11 clients may not
	      function with this configuration.	 X11UseLocalhost may be set to
	      ``no''  to specify that the forwarding server should be bound to
	      the wildcard address.  The argument must be ``yes''  or  ``no''.
	      The default is ``yes''.

       XAuthLocation
	      Specifies	 the  full  pathname  of  the  xauth(1)	 program.  The
	      default							    is
	      /uw7/uw714gwxlibs/native_build/xenv/usr/X11R6/bin/xauth.

TIME FORMATS
       sshd(8)	command-line  arguments	 and  configuration  file options that
       specify time may be expressed using a sequence of the form: time[quali-
       fier,]  where  time is a positive integer value and qualifier is one of
       the following:

       <none> seconds

       s | S  seconds

       m | M  minutes

       h | H  hours

       d | D  days

       w | W  weeks

	      Each member of the sequence is added together to	calculate  the
	      total time value.

	      Time format examples:

       600    600 seconds (10 minutes)

       10m    10 minutes

       1h30m  1 hour 30 minutes (90 minutes)

FILES
       /etc/ssh/sshd_config
	      Contains	configuration  data  for sshd(8).  This file should be
	      writable by root only, but it is recommended (though not	neces-
	      sary) that it be world-readable.

SEE ALSO
       sshd(8)

AUTHORS
       OpenSSH	is a derivative of the original and free ssh 1.2.12 release by
       Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus  Friedl,	Niels  Provos,
       Theo  de	 Raadt and Dug Song removed many bugs, re-added newer features
       and created OpenSSH.  Markus Friedl contributed	the  support  for  SSH
       protocol versions 1.5 and 2.0.  Niels Provos and Markus Friedl contrib-
       uted support for privilege separation.

			      September 25, 1999		SSHD_CONFIG(5)
[top]
                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 
More information is available in HTML format for server OpenServer

List of man pages available for OpenServer

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net