Secure Shell and Login Environment Variables

Language:

When the following Secure Shell keywords are not set in the sshd_config file, they obtain their value from equivalent entries in the /etc/default/login file.

Entry in `/etc/default/login`	Keyword and Value in `sshd_config`
`CONSOLE=*`	`PermitRootLogin=without-password`
`#CONSOLE=*`	`PermitRootLogin=yes`
`PASSREQ=YES`	`PermitEmptyPasswords=no`
`PASSREQ=NO`	`PermitEmptyPasswords=yes`
`#PASSREQ`	`PermitEmptyPasswords=no`
`TIMEOUT=seconds`	`LoginGraceTime=seconds`
`#TIMEOUT`	`LoginGraceTime=120`
`RETRIES` and `SYSLOG_FAILED_LOGINS`	Apply only to `password` and `keyboard-interactive` authentication methods

When the following variables are set by the initialization scripts from the user's login shell, the sshd daemon uses those values. When the variables are not set, the daemon uses the default value.

TIMEZONE: Controls the setting of the TZ environment variable. When not set, the sshd daemon uses value of TZ when the daemon was started.
ALTSHELL: Controls the setting of the SHELL environment variable. The default is ALTSHELL=YES, where the sshd daemon uses the value of the user's shell. When ALTSHELL=NO, the SHELL value is not set.
PATH: Controls the setting of the PATH environment variable. When the value is not set, the default path is /usr/bin.
SUPATH: Controls the setting of the PATH environment variable for root. When the value is not set, the default path is /usr/sbin:/usr/bin.

For more information, see the login(1) and sshd(1M) man pages.