13.15 sshd Command Line Options

-4

Forces connections using IPv4 addresses only. You can also configure IP address requirements using the AddressFamily keyword.

-6

Forces connections using IPv6 addresses only. You can also configure IP address requirements using the AddressFamily keyword.

-b

When this option is specified sshd doesn't detach and doesn't become a daemon. This can be used for monitoring.

-d level

Sets the debug level and sends debug output to stderr. Use 1, 2, 3, or 99. (Values 4-98 are accepted, but are equivalent to 3.) With this option sshd logs information for only one client connection, and terminates after the client connection closes.

Note: Setting logging to 99 can increase your security risk. At this level, information leakage is a concern, as unencrypted protocol information may be written out. Also, the volume of information written may fill up disk space rapidly, potentially causing the host or Reflection for Secure IT to stop responding.

-D level

Sets the debug level and sends debug output to a file. Use 1, 2, 3, or 99. (Values 4-98 are accepted, but are equivalent to 3.) With this option, sshd does not terminate after a client connection closes. This setting can only be used by root.

Note: Setting logging to 99 can increase your security risk. At this level, information leakage is a concern, as unencrypted protocol information may be written out. Also, the volume of information written may fill up disk space rapidly, potentially causing the host or Reflection for Secure IT to stop responding.

The output file is located in /etc/ssh2/logs and uses a file name in the form: debugYYMMDD_HHMMSS_uniqueID, where YY=year, MM=month, DD=day, HH=hour, MM=minutes, SS=seconds, and uniqueID is a unique value that ensures that servers started at the same time use different logs.

-f config_file

Specifies an alternate name and location for the server configuration file. The server reads the specified file instead of the default file. (The default configuration file is /etc/ssh2/sshd2_config.)

-g login_timeout

Sets the number of seconds allowed for client authentication. If the client fails to authenticate the user within the specified number of seconds, the server disconnects and exits. Use zero (0) to set no limit.

-m file

Use this option to migrate settings from a F-Secure configuration file or a prior version of Reflection for Secure IT. The specified should be the name of the server configuration file to be migrated.

-h host_key_file

Specifies the filename and location of the private key used to authenticate the server. If the path is not fully qualified, the path is assumed to be relative to /etc/ssh2. The default is /etc/ssh2/hostkey.

-o option

Sets any option that can be configured using a configuration file keyword. For a list of keywords and their meanings, see sshd2_config(5). Options configured on the command line override options configured in the configuration file. Syntax alternatives are shown below. Use quotation marks to contain expressions that include spaces.

-o key1=value
-o key1="sample value"
-o "key1 value"
-o key=value1,value2
-o key="value1, value2"

To configure multiple options, use multiple -o switches.

-o key1=value -o key2=value
-p port

Specifies the port on which the server listens. The default is 22, which is the standard port for Secure Shell connections. The command line value overrides any value set in the configuration file. Only one port is allowed; if you configure multiple ports, the last configured port is used.

-q

Enables quiet mode. In this mode only errors are logged to the system log. (Both -d and -D are ignored if -q is used on the same command line.)

-v

Sets the debug level to verbose mode, which is equivalent to using '-d 2'.

-V

Displays product name and version information and exits. If other options are specified on the command line, they are ignored.