Show Contents / Index / Search

Files Used by the Server

The server uses system-wide files (in /etc/ssh2) for all connections. Files in user-specific directories ($HOME/.ssh2 by default) apply to connections from individual client users.

System-wide server files


The global server configuration file. This file must not be writable by group or other. For file format and supported settings see sshd2_config(5). Recommended permissions = 644.


The default private key of the public/private key pair used to identify the server to clients. This file should be readable and writable only by root. Recommended permissions = 600.


The default public key of the public/private key pair used to authenticate the server to clients. Recommended permissions = 644.


Directory for optional user-specific and host-specific subconfiguration files. Recommended permissions = 700.


User-specific and host-specific subconfiguration files. For details see SUBCONFIGURATION FILES in sshd2_config(5). Recommended permissions = 600.


Limits login to root. If this file exists, only root is allowed to login. The text of nologin is displayed to anyone else who attempts to log in.


Contains the PID of the process listening for incoming connections. The PID directory is determined by your operating system. The port number (22 by default) encoded in this name is determined by the value of the Port keyword. You can specify a different name or location using the PidFile keyword.


The message-of-the-day file. The text of this file is displayed when a user logs in. The PrintMotd keyword can be used to turn off this display.

User-specific server files


The default directory for user-specific files on the server. (You can specify a different location with the UserConfigDirectory keyword.) Recommended permissions = 700.


The default client authorization file. (You can specify a different file with the AuthorizationFile keyword.) This file is required for Secure Shell public key authentication of client users. Each user must have an authorization file in that user's directory. Recommended permissions = 600.

The file contains a list of key files that the server will use during public key authentication. If the key presented by the client doesn't match any of the keys listed in the authorization file, public key authentication fails. Keywords are not case sensitive and the pound sign (#) marks comment lines. The supported keywords are:


Specifies keys the server will accept for this user. The format for key entries is "key" followed by the name of a file that contains a public key. Keys are assumed to be in the user-specific configuration directory ($HOME/.ssh2 by default) unless you specify an absolute path. For example, the following lines authorize the user to authenticate using either of the specified keys.




Use this optional keyword to specify options that apply to the preceding key. Options must be configured on the line immediately following the line containing the key. The format is:

Options option_keyword="arg"

One option keyword is supported:

command command

The specified command is executed on the remote host, then the connection is closed. For example, with this configuration, the script "myscript" runs whenever is used for authentication.


options command="sh myscript"


If this file is present, it suppresses display of the user's last login, the message of the day, and the mail check.


If this file is present, it sets environment variables at login. (The keyword SettableEnvironmentVars controls which environment variables can be set.) Recommended permissions = 600. The pound sign (#) marks comment lines. The syntax is: