lshd.8 6.8 KB
Newer Older
J.H.M. Dassen's avatar
J.H.M. Dassen committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
.\" COPYRIGHT AND PERMISSION NOTICE
.\"
.\" Copyright (C) 1999 J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>
.\"
.\" Permission is granted to make and distribute verbatim copies of this
.\" manual provided the copyright notice and this permission notice are 
.\" preserved on all copies.
.\"
.\" Permission is granted to copy and distribute modified versions of this
.\" manual under the conditions for verbatim copying, provided that the
.\" entire resulting derived work is distributed under the terms of a 
.\" permission notice identical to this one.
.\"
.\" Permission is granted to copy and distribute translations of this manual
.\" into another language, under the above conditions for modified versions,
.\" except that this permission notice may be stated in a translation approved
.\" by the Free Software Foundation, Inc. <URL:http://www.fsf.org>
.\"
.\" END COPYRIGHT AND PERMISSION NOTICE
.\"
.\" If you make modified versions of this manual, please notify the current 
.\" maintainers of the package you received this manual from and make your
.\" modified versions available to them.
.\"
25
.TH LSHD 8 "NOVEMBER 2004" LSHD "Lsh Manuals"
J.H.M. Dassen's avatar
J.H.M. Dassen committed
26
.SH NAME
27
lshd \- secsh (SSH2) server
J.H.M. Dassen's avatar
J.H.M. Dassen committed
28
.SH SYNOPSIS
29
30
.B lshd
[\fIOPTION\fR...]
J.H.M. Dassen's avatar
J.H.M. Dassen committed
31
.SH DESCRIPTION
32
33
34
35
36
.B CAUTION! The information in this manpage may be invalid or outdated. For authorative
.B information on lsh, please see it's Texinfo manual (see the
.I SEE\ ALSO
.B section).

37
lshd is a server for the SSH-2 (secsh) protocol. 
J.H.M. Dassen's avatar
J.H.M. Dassen committed
38
.SH OPTIONS
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
.TP
Miscellaneous options:

.TP
\fB\-h\fR, \fB\-\-host\-key\fR=\fIKey\fR file
Location of the server's private key.
.TP
\fB\-\-interface\fR=\fIinterface\fR
Listen on this network interface.
.TP
\fB\-p\fR, \fB\-\-port\fR=\fIPort\fR
Listen on this port.
.TP
\fB\-\-debug\fR
Print huge amounts of debug information
.TP
\fB\-\-log\-file\fR=\fIFile\fR name
Append messages to this file.
.TP
\fB\-q\fR, \fB\-\-quiet\fR
Suppress all warnings and diagnostic messages
.TP
\fB\-\-trace\fR
Detailed trace
.TP
\fB\-v\fR, \fB\-\-verbose\fR
Verbose diagnostic messages
.TP
Algorithm selection:
.HP
\fB\-c\fR, \fB\-\-crypto\fR=\fIAlgorithm\fR
.HP
\fB\-\-hostkey\-algorithm\fR=\fIAlgorithm\fR
.TP
\fB\-\-list\-algorithms\fR
List supported algorithms.
.HP
\fB\-m\fR, \fB\-\-mac\fR=\fIAlgorithm\fR
.TP
\fB\-z\fR, \fB\-\-compression\fR[=\fIAlgorithm\fR]
Default is zlib.
.TP
\fB\-\-banner\-file\fR=\fIFile\fR name
Banner file to send before handshake.
.TP
Keyexchange options:
.TP
\fB\-\-dh\-keyexchange\fR
Enable DH support (default).
.TP
\fB\-\-no\-dh\-keyexchange\fR
Disable DH support.
.TP
\fB\-\-no\-srp\-keyexchange\fR
Disable experimental SRP support (default).
.TP
\fB\-\-srp\-keyexchange\fR
Enable experimental SRP support.
.TP
User authentication options:
.TP
\fB\-\-kerberos\-passwords\fR
Recognize kerberos passwords, using the helper
program "/usr/local/sbin/lsh-krb-checkpw". This
option is experimental.
.TP
\fB\-\-login\-auth\-mode\fR
Enable a telnet like mode (accept
none-authentication and launch thelogin-shell,
making it responsible for authenticating the
user).
.TP
\fB\-\-login\-shell\fR=\fIProgram\fR
Use this program as the login shell for all users.
(Experimental)
.TP
\fB\-\-no\-kerberos\-passwords\fR
Don't recognize kerberos passwords (default
behaviour).
.TP
\fB\-\-no\-login\-auth\-mode\fR
Disable login-auth-mode (default).
.TP
\fB\-\-no\-password\fR
Disable password user authentication.
.TP
\fB\-\-no\-publickey\fR
Disable publickey user authentication.
.TP
\fB\-\-no\-root\-login\fR
Don't allow root to login (default).
.TP
\fB\-\-password\fR
Enable password user authentication (default).
.TP
\fB\-\-password\-helper\fR=\fIProgram\fR
Use the named helper program for password
verification. (Experimental).
.TP
\fB\-\-publickey\fR
Enable publickey user authentication (default).
.TP
\fB\-\-root\-login\fR
Allow root to login.
.TP
Offered services:
.TP
\fB\-\-no\-pty\-support\fR
Disable pty allocation.
.TP
\fB\-\-no\-tcpip\-forward\fR
Disable tcpip forwarding.
.TP
\fB\-\-no\-x11\-forward\fR
Disable x11 forwarding.
.TP
\fB\-\-pty\-support\fR
Enable pty allocation (default).
.TP
\fB\-\-subsystems\fR=\fIList\fR of subsystem names and programs
For example
`sftp=/usr/sbin/sftp-server,foosystem=/usr/bin/foo'
(experimental).
.TP
\fB\-\-tcpip\-forward\fR
Enable tcpip forwarding (default).
.TP
\fB\-\-x11\-forward\fR
Enable x11 forwarding (default).
.TP
Options controlling daemonic mode and related options:
.TP
\fB\-\-daemonic\fR
Run in the background, redirect stdio to
/dev/null, and chdir to /.
.TP
\fB\-\-enable\-core\fR
Dump core on fatal errors (disabled by default).
.TP
\fB\-\-no\-daemonic\fR
Run in the foreground, with messages to stderr
(default).
.TP
\fB\-\-no\-pid\-file\fR
Don't use any pid file. Default in non-daemonic
mode.
.TP
\fB\-\-no\-syslog\fR
Don't use syslog (by default, syslog is used when
running in daemonic mode).
.TP
\fB\-\-pid\-file\fR=\fIfile\fR name
Create a pid file. When running in daemonic mode,
the default is /var/run/lshd.pid.
.TP
-?, \fB\-\-help\fR
Give this help list
.TP
\fB\-\-usage\fR
Give a short usage message
.TP
\fB\-V\fR, \fB\-\-version\fR
Print program version
.PP
Mandatory or optional arguments to long options are also mandatory or optional
for any corresponding short options.
J.H.M. Dassen's avatar
J.H.M. Dassen committed
205
.SH FILES
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
lshd doesn't use any traditional configuration file, but must have a random 
seed file and the server key.
By default 

/var/spool/lsh/yarrow-seed-file 

is used as random seed file (see 
.B ENVIRONMENT
for changing this) and

/etc/lsh_host_key

is the default key file.

/var/run/lshd.pid

is used to store the process id of the server by default.

Authorized keys are stored in the directory

$HOME/.lsh/authorized_keys_sha1/

J.H.M. Dassen's avatar
J.H.M. Dassen committed
228
.SH DIAGNOSTICS
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
Log messages are normally sent to syslog(3) when running in daemonic mode.

See the 
.B --verbose
,
.B --trace
and 
.B --debug
options.

.SH "REPORTING BUGS"
Report bugs to <bug-lsh@gnu.org>.


.SH ENVIRONMENT
.B LSH_YARROW_SEED_FILE
may be used to specify the random seed file.

lshd mimics OpenSSH behaviour with respect to 
.B SSH_CLIENT
and 
.B SSH_TTY
for processes it starts where applicable.

J.H.M. Dassen's avatar
J.H.M. Dassen committed
253
254
255
256
257
.SH COPYING
The lsh suite of programs is distributed under the GNU General Public
License; see the COPYING and AUTHORS files in the source distribution for
details.
.SH AUTHOR
258
The lsh program suite is written mainly by Niels M\[:o]ller <nisse@lysator.liu.se>.
259
260
261

This man-page was originally written by J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>. 
It was modified and updated for lsh 2.0 by Pontus Freyhult <pont_lsh@soua.net>
J.H.M. Dassen's avatar
J.H.M. Dassen committed
262
.SH "SEE ALSO"
263
.BR lsftp (1),
J.H.M. Dassen's avatar
J.H.M. Dassen committed
264
.BR lsh (1),
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
.BR lsh-authorize (1),
.BR lsh-keygen (1),
.BR lsh-make-seed (1),
.BR lsh-upgrade (1),
.BR lsh-upgrade-key (1),
.BR lsh-writekey (1),
.BR secsh (5),
.BR sftp-server (8),
.BR syslogd (8)

The full documentation for
.B lsh
is maintained as a Texinfo manual.  If the
.B info
and
.B lsh
programs are properly installed at your site, the command
.IP
.B info lsh
.PP
should give you access to the complete manual.