lshd - secsh (SSH2) server

       The lsh program suite is written mainly by Niels Möller <nisse@lysator.liu.se>.

       This  man-page was originally written by J.H.M. Dassen (Ray) <jdassen@wi.LeidenUniv.nl>.  It was modified
       and updated for lsh 2.0 by Pontus Freyhult <pont_lsh@soua.net>

       The lsh suite of programs is distributed under the GNU  General  Public  License;  see  the  COPYING  and
       AUTHORS files in the source distribution for details.

CAUTION!Theinformationinthismanpagemaybeinvalidoroutdated.Forauthorativeinformationonlsh,pleaseseeit'sTexinfomanual(seetheSEEALSOsection).

       lshd is a server for the SSH-2 (secsh) protocol.

       Log messages are normally sent to syslog(3) when running in daemonic mode.

       See the --verbose , --trace and --debug options.

LSH_YARROW_SEED_FILE may be used to specify the random seed file.

       lshd  mimics  OpenSSH  behaviour  with  respect  to  SSH_CLIENT and SSH_TTY for processes it starts where
       applicable.

       lshd doesn't use any traditional configuration file, but must have a random seed file and the server key.
       By default

       /var/spool/lsh/yarrow-seed-file

       is used as random seed file (see ENVIRONMENT for changing this) and

       /etc/lsh_host_key

       is the default key file.

       /var/run/lshd.pid

       is used to store the process id of the server by default.

       Authorized keys are stored in the directory

       $HOME/.lsh/authorized_keys_sha1/

       lshd - secsh (SSH2) server

       Miscellaneous options:

       -h, --host-key=Key file
              Location of the server's private key.

       --interface=interface
              Listen on this network interface.

       -p, --port=Port
              Listen on this port.

       --debug
              Print huge amounts of debug information

       --log-file=File name
              Append messages to this file.

       -q, --quiet
              Suppress all warnings and diagnostic messages

       --trace
              Detailed trace

       -v, --verbose
              Verbose diagnostic messages

       Algorithm selection:

       -c, --crypto=Algorithm--hostkey-algorithm=Algorithm--list-algorithms
              List supported algorithms.

       -m, --mac=Algorithm-z, --compression[=Algorithm]
              Default is zlib.

       --banner-file=File name
              Banner file to send before handshake.

       Keyexchange options:

       --dh-keyexchange
              Enable DH support (default).

       --no-dh-keyexchange
              Disable DH support.

       --no-srp-keyexchange
              Disable experimental SRP support (default).

       --srp-keyexchange
              Enable experimental SRP support.

       User authentication options:

       --kerberos-passwords
              Recognize kerberos passwords, using the  helper  program  "/usr/local/sbin/lsh-krb-checkpw".  This
              option is experimental.

       --login-auth-mode
              Enable  a  telnet  like  mode  (accept  none-authentication  and  launch thelogin-shell, making it
              responsible for authenticating the user).

       --login-shell=Program
              Use this program as the login shell for all users.  (Experimental)

       --no-kerberos-passwords
              Don't recognize kerberos passwords (default behaviour).

       --no-login-auth-mode
              Disable login-auth-mode (default).

       --no-password
              Disable password user authentication.

       --no-publickey
              Disable publickey user authentication.

       --no-root-login
              Don't allow root to login (default).

       --password
              Enable password user authentication (default).

       --password-helper=Program
              Use the named helper program for password verification. (Experimental).

       --publickey
              Enable publickey user authentication (default).

       --root-login
              Allow root to login.

       Offered services:

       --no-pty-support
              Disable pty allocation.

       --no-tcpip-forward
              Disable tcpip forwarding.

       --no-x11-forward
              Disable x11 forwarding.

       --pty-support
              Enable pty allocation (default).

       --subsystems=List of subsystem names and programs
              For example `sftp=/usr/sbin/sftp-server,foosystem=/usr/bin/foo' (experimental).

       --tcpip-forward
              Enable tcpip forwarding (default).

       --x11-forward
              Enable x11 forwarding (default).

       Options controlling daemonic mode and related options:

       --daemonic
              Run in the background, redirect stdio to /dev/null, and chdir to /.--enable-core
              Dump core on fatal errors (disabled by default).

       --no-daemonic
              Run in the foreground, with messages to stderr (default).

       --no-pid-file
              Don't use any pid file. Default in non-daemonic mode.

       --no-syslog
              Don't use syslog (by default, syslog is used when running in daemonic mode).

       --pid-file=file name
              Create a pid file. When running in daemonic mode, the default is /var/run/lshd.pid.

       -?, --help
              Give this help list

       --usage
              Give a short usage message

       -V, --version
              Print program version

       Mandatory or optional arguments to long options are also mandatory  or  optional  for  any  corresponding
       short options.

       Report bugs to <bug-lsh@gnu.org>.

lsftp(1), lsh(1), lsh-authorize(1), lsh-keygen(1), lsh-make-seed(1), lsh-upgrade(1),  lsh-upgrade-key(1),
       lsh-writekey(1), secsh(5), sftp-server(8), syslogd(8)

       The  full  documentation  for  lsh  is  maintained as a Texinfo manual.  If the info and lsh programs are
       properly installed at your site, the command

              infolsh

       should give you access to the complete manual.

LSHD                                              NOVEMBER 2004                                          LSHD(8)

lshd [OPTION...]