| version 1.1, 1999/09/26 20:53:37 |
version 1.2, 1999/09/26 22:30:06 |
|
|
| .\" |
.\" |
| .\" $Id$ |
.\" $Id$ |
| .\" |
.\" |
| .TH SSH 1 "November 8, 1995" "SSH" "SSH" |
.Dd September 25, 1999 |
| |
.Dt SSH 1 |
| .SH NAME |
.Os |
| ssh \- secure shell client (remote login program) |
.Sh NAME |
| |
.Nm ssh |
| .SH SYNOPSIS |
.Nd secure shell client (remote login program) |
| .B ssh |
.Sh SYNOPSIS |
| [\c |
.Nm ssh |
| .BI \-l \ login_name\fR\c |
.Op Fl l Ar login_name |
| ] |
.Ar hostname |
| .B hostname |
.Op Ar command |
| [\c |
.Pp |
| .IR command \c |
.Nm ssh |
| ] |
.Op Fl knqtvxXC |
| |
.Op Fl c Ar blowfish|idea|des|3des|none |
| .B ssh |
.Op Fl e Ar escape_char |
| [\c |
.Op Fl i Ar identity_file |
| .BR \-k \c |
.Op Fl l Ar login_name |
| ] |
.Op Fl o Ar option |
| [\c |
.Op Fl p Ar port |
| .B \-c |
.Op Fl L Ar port:host:hostport |
| \fIblowfish\fR\||\|\fIidea\fR\||\|\fIdes\fR\||\|\fI3des\fR\||\|\fInone\fR\c |
.Op Fl R Ar port:host:hostport |
| ] |
.Ar hostname |
| [\c |
.Op Ar command |
| .BI \-e \ escape_char\fR\c |
.Sh DESCRIPTION |
| ] |
.Nm |
| [\c |
|
| .BI \-i \ identity_file\fR\c |
|
| ] |
|
| [\c |
|
| .BI \-l \ login_name\fR\c |
|
| ] |
|
| [\c |
|
| .BR \-n \c |
|
| ] |
|
| [\c |
|
| .BI \-o \ option\fR\c |
|
| ] |
|
| [\c |
|
| .BI \-p \ port\fR\c |
|
| ] |
|
| [\c |
|
| .BR \-q \c |
|
| ] |
|
| [\c |
|
| .BR \-t \c |
|
| ] |
|
| [\c |
|
| .BR \-v \c |
|
| ] |
|
| [\c |
|
| .BR \-x \c |
|
| ] |
|
| [\c |
|
| .BR \-X \c |
|
| ] |
|
| [\c |
|
| .BR \-C \c |
|
| ] |
|
| [\c |
|
| .BI \-L \ port\fB:\fIhost\fB:\fIhostport\fR\c |
|
| ] |
|
| [\c |
|
| .BI \-R \ port\fB:\fIhost\fB:\fIhostport\fR\c |
|
| ] |
|
| .I hostname |
|
| [\c |
|
| .IR command \c |
|
| ] |
|
| |
|
| .SH DESCRIPTION |
|
| .LP |
|
| .B Ssh |
|
| (Secure Shell) a program for logging into a remote machine and for |
(Secure Shell) a program for logging into a remote machine and for |
| executing commands in a remote machine. It is intended to replace |
executing commands in a remote machine. It is intended to replace |
| rlogin and rsh, and provide secure encrypted communications between |
rlogin and rsh, and provide secure encrypted communications between |
| two untrusted hosts over an insecure network. X11 connections and |
two untrusted hosts over an insecure network. X11 connections and |
| arbitrary TCP/IP ports can also be forwarded over the secure channel. |
arbitrary TCP/IP ports can also be forwarded over the secure channel. |
| .LP |
.Pp |
| .B Ssh |
.Nm |
| connects and logs into the specified |
connects and logs into the specified |
| .IR hostname . |
.Ar hostname . |
| The user must prove |
The user must prove |
| his/her identity to the remote machine using one of several methods. |
his/her identity to the remote machine using one of several methods. |
| .LP |
.Pp |
| First, if the machine the user logs in from is listed in |
First, if the machine the user logs in from is listed in |
| .I /etc/hosts.equiv |
.Pa /etc/hosts.equiv |
| or |
or |
| .I /etc/shosts.equiv |
.Pa /etc/shosts.equiv |
| on the remote machine, and the user names are |
on the remote machine, and the user names are |
| the same on both sides, the user is immediately permitted to log in. |
the same on both sides, the user is immediately permitted to log in. |
| Second, if |
Second, if |
| .I \&\s+2.\s0rhosts |
.Pa \&.rhosts |
| or |
or |
| .I \&\s+2.\s0shosts |
.Pa \&.shosts |
| exists in the user's home directory on the |
exists in the user's home directory on the |
| remote machine and contains a line containing the name of the client |
remote machine and contains a line containing the name of the client |
| machine and the name of the user on that machine, the user is |
machine and the name of the user on that machine, the user is |
| permitted to log in. This form of authentication alone is normally not |
permitted to log in. This form of authentication alone is normally not |
| allowed by the server because it is not secure. |
allowed by the server because it is not secure. |
| .LP |
.Pp |
| The second (and primary) authentication method is the |
The second (and primary) authentication method is the |
| .B rhosts |
.Pa rhosts |
| or |
or |
| .B hosts.equiv |
.Pa hosts.equiv |
| method combined with RSA-based host authentication. It |
method combined with RSA-based host authentication. It |
| means that if the login would be permitted by |
means that if the login would be permitted by |
| .I \&\s+2.\s0rhosts\c |
.Pa \&.rhosts , |
| \|, |
.Pa \&.shosts , |
| .I \&\s+2.\s0shosts\c |
.Pa /etc/hosts.equiv , |
| \|, |
|
| .IR /etc/hosts.equiv\c |
|
| \|, |
|
| or |
or |
| .IR /etc/shosts.equiv ", |
.Pa /etc/shosts.equiv , |
| and additionally it can verify the client's |
and additionally it can verify the client's |
| host key (see |
host key (see |
| .I \&$HOME/\s+2.\s0ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
| and |
and |
| .I /etc/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
| in the |
in the |
| .B \s-1FILES\s0 |
.Sx FILES |
| section), only then login is |
section), only then login is |
| permitted. This authentication method closes security holes due to IP |
permitted. This authentication method closes security holes due to IP |
| spoofing, DNS spoofing and routing spoofing. [Note to the |
spoofing, DNS spoofing and routing spoofing. [Note to the |
| administrator: |
administrator: |
| .IR /etc/hosts.equiv ", |
.Pa /etc/hosts.equiv , |
| .IR \&\s+2.\s0rhosts ", |
.Pa \&.rhosts , |
| and the rlogin/rsh protocol in general, are inherently insecure and should be |
and the rlogin/rsh protocol in general, are inherently insecure and should be |
| disabled if security is desired.] |
disabled if security is desired.] |
| .LP |
.Pp |
| As a third authentication method, |
As a third authentication method, |
| .B ssh |
.Nm |
| supports RSA based authentication. |
supports RSA based authentication. |
| The scheme is based on public-key cryptography: there are cryptosystems |
The scheme is based on public-key cryptography: there are cryptosystems |
| where encryption and decryption are done using separate keys, and it |
where encryption and decryption are done using separate keys, and it |
|
|
| key pair for authentication purposes. The |
key pair for authentication purposes. The |
| server knows the public key, and only the user knows the private key. |
server knows the public key, and only the user knows the private key. |
| The file |
The file |
| .I \&$HOME/\s+2.\s0ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys |
| lists the public keys that are permitted for logging |
lists the public keys that are permitted for logging |
| in. When the user logs in, the |
in. When the user logs in, the |
| .B ssh |
.Nm |
| program tells the server which key pair it would like to use for |
program tells the server which key pair it would like to use for |
| authentication. The server checks if this key is permitted, and if |
authentication. The server checks if this key is permitted, and if |
| so, sends the user (actually the |
so, sends the user (actually the |
| .B ssh |
.Nm |
| program running on behalf of the user) a challenge, a random number, |
program running on behalf of the user) a challenge, a random number, |
| encrypted by the user's public key. The challenge can only be |
encrypted by the user's public key. The challenge can only be |
| decrypted using the proper private key. The user's client then decrypts the |
decrypted using the proper private key. The user's client then decrypts the |
| challenge using the private key, proving that he/she knows the private |
challenge using the private key, proving that he/she knows the private |
| key but without disclosing it to the server. |
key but without disclosing it to the server. |
| .LP |
.Pp |
| .B Ssh |
.Nm |
| implements the RSA authentication protocol automatically. The user |
implements the RSA authentication protocol automatically. The user |
| creates his/her RSA key pair by running |
creates his/her RSA key pair by running |
| .BR ssh-keygen (1). |
.Xr ssh-keygen 1 . |
| This stores the private key in |
This stores the private key in |
| .I \&\s+2.\s0ssh/identity |
.Pa \&.ssh/identity |
| and the public key in |
and the public key in |
| .I \&\s+2.\s0ssh/identity.pub |
.Pa \&.ssh/identity.pub |
| in the user's home directory. The user should then |
in the user's home directory. The user should then |
| copy the |
copy the |
| .I identity.pub |
.Pa identity.pub |
| to |
to |
| .I \&\s+2.\s0ssh/authorized_keys |
.Pa \&.ssh/authorized_keys |
| in his/her home directory on the remote machine (the |
in his/her home directory on the remote machine (the |
| .I authorized_keys |
.Pa authorized_keys |
| file corresponds to the conventional |
file corresponds to the conventional |
| .I \&\s+2.\s0rhosts |
.Pa \&.rhosts |
| file, and has one key |
file, and has one key |
| per line, though the lines can be very long). After this, the user |
per line, though the lines can be very long). After this, the user |
| can log in without giving the password. RSA authentication is much |
can log in without giving the password. RSA authentication is much |
| more secure than rhosts authentication. |
more secure than rhosts authentication. |
| .LP |
.Pp |
| The most convenient way to use RSA authentication may be with an |
The most convenient way to use RSA authentication may be with an |
| authentication agent. See |
authentication agent. See |
| .BR ssh-agent (1) |
.Xr ssh-agent 1 |
| for more information. |
for more information. |
| .LP |
.Pp |
| If other authentication methods fail, |
If other authentication methods fail, |
| .B ssh |
.Nm |
| prompts the user for a password. The password is sent to the remote |
prompts the user for a password. The password is sent to the remote |
| host for checking; however, since all communications are encrypted, |
host for checking; however, since all communications are encrypted, |
| the password cannot be seen by someone listening on the network. |
the password cannot be seen by someone listening on the network. |
| .LP |
.Pp |
| When the user's identity has been accepted by the server, the server |
When the user's identity has been accepted by the server, the server |
| either executes the given command, or logs into the machine and gives |
either executes the given command, or logs into the machine and gives |
| the user a normal shell on the remote machine. All communication with |
the user a normal shell on the remote machine. All communication with |
| the remote command or shell will be automatically encrypted. |
the remote command or shell will be automatically encrypted. |
| .LP |
.Pp |
| If a pseudo-terminal has been allocated (normal login session), the |
If a pseudo-terminal has been allocated (normal login session), the |
| user can disconnect with "~.", and suspend |
user can disconnect with |
| .B ssh |
.Ic ~. , |
| with "~^Z". All forwarded connections can be listed with "~#", and if |
and suspend |
| |
.Nm |
| |
with |
| |
.Ic ~^Z . |
| |
All forwarded connections can be listed with |
| |
.Ic ~# |
| |
and if |
| the session blocks waiting for forwarded X11 or TCP/IP |
the session blocks waiting for forwarded X11 or TCP/IP |
| connections to terminate, it can be backgrounded with "~&" (this |
connections to terminate, it can be backgrounded with |
| should not be used while the user shell is active, as it can cause the |
.Ic ~& |
| shell to hang). All available escapes can be listed with "~?". |
(this should not be used while the user shell is active, as it can cause the |
| .LP |
shell to hang). All available escapes can be listed with |
| A single tilde character can be sent as "~~" (or by |
.Ic ~? . |
| following the tilde by a character other than those described above). |
.Pp |
| |
A single tilde character can be sent as |
| |
.Ic ~~ |
| |
(or by following the tilde by a character other than those described above). |
| The escape character must always follow a newline to be interpreted as |
The escape character must always follow a newline to be interpreted as |
| special. The escape character can be changed in configuration files |
special. The escape character can be changed in configuration files |
| or on the command line. |
or on the command line. |
| .LP |
.Pp |
| If no pseudo tty has been allocated, the |
If no pseudo tty has been allocated, the |
| session is transparent and can be used to reliably transfer binary |
session is transparent and can be used to reliably transfer binary |
| data. On most systems, setting the escape character to ``none'' will |
data. On most systems, setting the escape character to |
| also make the session transparent even if a tty is used. |
.Dq none |
| .LP |
will also make the session transparent even if a tty is used. |
| |
.Pp |
| The session terminates when the command or shell in on the remote |
The session terminates when the command or shell in on the remote |
| machine exists and all X11 and TCP/IP connections have been closed. |
machine exists and all X11 and TCP/IP connections have been closed. |
| The exit status of the remote program is returned as the exit status |
The exit status of the remote program is returned as the exit status |
| of |
of |
| .B ssh. |
.Nm ssh . |
| .LP |
.Pp |
| If the user is using X11 (the |
If the user is using X11 (the |
| .B \s-1DISPLAY\s0 |
.Ev DISPLAY |
| environment variable is set), the connection to the X11 display is |
environment variable is set), the connection to the X11 display is |
| automatically forwarded to the remote side in such a way that any X11 |
automatically forwarded to the remote side in such a way that any X11 |
| programs started from the shell (or command) will go through the |
programs started from the shell (or command) will go through the |
| encrypted channel, and the connection to the real X server will be made |
encrypted channel, and the connection to the real X server will be made |
| from the local machine. The user should not manually set |
from the local machine. The user should not manually set |
| .BR \s-1DISPLAY\s0 ". |
.Ev DISPLAY . |
| Forwarding of X11 connections can be |
Forwarding of X11 connections can be |
| configured on the command line or in configuration files. |
configured on the command line or in configuration files. |
| .LP |
.Pp |
| The DISPLAY value set by |
The |
| .B ssh |
.Ev DISPLAY |
| |
value set by |
| |
.Nm |
| will point to the server machine, but with a display number greater |
will point to the server machine, but with a display number greater |
| than zero. This is normal, and happens because |
than zero. This is normal, and happens because |
| .B ssh |
.Nm |
| creates a "proxy" X server on the server machine for forwarding the |
creates a |
| |
.Dq proxy |
| |
X server on the server machine for forwarding the |
| connections over the encrypted channel. |
connections over the encrypted channel. |
| .LP |
.Pp |
| .B Ssh |
.Nm |
| will also automatically set up Xauthority data on the server machine. |
will also automatically set up Xauthority data on the server machine. |
| For this purpose, it will generate a random authorization cookie, |
For this purpose, it will generate a random authorization cookie, |
| store it in Xauthority on the server, and verify that any forwarded |
store it in Xauthority on the server, and verify that any forwarded |
| connections carry this cookie and replace it by the real cookie when |
connections carry this cookie and replace it by the real cookie when |
| the connection is opened. The real authentication cookie is never |
the connection is opened. The real authentication cookie is never |
| sent to the server machine (and no cookies are sent in the plain). |
sent to the server machine (and no cookies are sent in the plain). |
| .LP |
.Pp |
| If the user is using an authentication agent, the connection to the agent |
If the user is using an authentication agent, the connection to the agent |
| is automatically forwarded to the remote side unless disabled on |
is automatically forwarded to the remote side unless disabled on |
| command line or in a configuration file. |
command line or in a configuration file. |
| .LP |
.Pp |
| Forwarding of arbitrary TCP/IP connections over the secure channel can |
Forwarding of arbitrary TCP/IP connections over the secure channel can |
| be specified either on command line or in a configuration file. One |
be specified either on command line or in a configuration file. One |
| possible application of TCP/IP forwarding is a secure connection to an |
possible application of TCP/IP forwarding is a secure connection to an |
| electronic purse; another is going trough firewalls. |
electronic purse; another is going trough firewalls. |
| .LP |
.Pp |
| .B Ssh |
.Nm |
| automatically maintains and checks a database containing RSA-based |
automatically maintains and checks a database containing RSA-based |
| identifications for all hosts it has ever been used with. The |
identifications for all hosts it has ever been used with. The |
| database is stored in |
database is stored in |
| .I \&\s+2.\s0ssh/known_hosts |
.Pa \&.ssh/known_hosts |
| in the user's home directory. Additionally, the file |
in the user's home directory. Additionally, the file |
| .I /etc/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
| is automatically checked for known hosts. Any new hosts are |
is automatically checked for known hosts. Any new hosts are |
| automatically added to the user's file. If a host's identification |
automatically added to the user's file. If a host's identification |
| ever changes, |
ever changes, |
| .B ssh |
.Nm |
| warns about this and disables password authentication to prevent a |
warns about this and disables password authentication to prevent a |
| trojan horse from getting the user's password. Another purpose of |
trojan horse from getting the user's password. Another purpose of |
| this mechanism is to prevent man-in-the-middle attacks which could |
this mechanism is to prevent man-in-the-middle attacks which could |
| otherwise be used to circumvent the encryption. The |
otherwise be used to circumvent the encryption. The |
| .B StrictHostKeyChecking |
.Cm StrictHostKeyChecking |
| option (see below) can be used to prevent logins to machines whose |
option (see below) can be used to prevent logins to machines whose |
| host key is not known or has changed. |
host key is not known or has changed. |
| |
.Sh OPTIONS |
| |
.Bl -tag -width Ds |
| .ne 5 |
.It Fl c Ar blowfish|idea|des|3des|none |
| .SH OPTIONS |
|
| .TP |
|
| .BI \-c \ \fIblowfish\fR\||\|\fIidea\fR\||\|\fIdes\fR\||\|\fI3des\fR\||\|\fInone\fR |
|
| Selects the cipher to use for encrypting the session. |
Selects the cipher to use for encrypting the session. |
| .B \s-13DES\s0 |
.Ar 3des |
| is used by default. It is believed to be secure. |
is used by default. It is believed to be secure. |
| .B \s-1DES\s0 |
.Ar des |
| is the data encryption standard, but is breakable by |
is the data encryption standard, but is breakable by |
| governments, large corporations, and major criminal organizations. |
governments, large corporations, and major criminal organizations. |
| .B \s-13DES\s0 |
.Ar 3des |
| (triple-des) is encrypt-decrypt-encrypt triple with three different |
(triple-des) is encrypt-decrypt-encrypt triple with three different keys. |
| keys. It is presumably more secure than |
It is presumably more secure than DES. |
| DES. |
.Ar none |
| .B none |
|
| disables encryption entirely; it is only intended for debugging, and |
disables encryption entirely; it is only intended for debugging, and |
| it renders the connection insecure. |
it renders the connection insecure. |
| .ne 3 |
.It Fl e Ar ch|^ch|none |
| .TP |
Sets the escape character for sessions with a pty (default: |
| .B \-e \fIch\fR\||\|\fI^ch\fR\||\|\fInone\fR |
.Ql ~ ) . |
| Sets the escape character for sessions with a pty (default: ~). The |
The escape character is only recognized at the beginning of a line. The |
| escape character is only recognized at the beginning of a line. The |
escape character followed by a dot |
| escape character followed by a dot (.) closes the connection, followed |
.Pq Ql \&. |
| |
closes the connection, followed |
| by control-Z suspends the connection, and followed by itself sends the |
by control-Z suspends the connection, and followed by itself sends the |
| escape character once. Setting the character to 'none' disables any |
escape character once. Setting the character to |
| escapes and makes the session fully transparent. |
.Dq none |
| .ne 3 |
disables any escapes and makes the session fully transparent. |
| .TP |
.It Fl f |
| .B \-f |
Requests |
| Requests ssh to go to background after authentication. This is useful |
.Nm |
| if ssh is going to ask for passwords or passphrases, but the user |
to go to background after authentication. This is useful |
| |
if |
| |
.Nm |
| |
is going to ask for passwords or passphrases, but the user |
| wants it in the background. This implies |
wants it in the background. This implies |
| .B \-n. |
.Fl n . |
| The recommended way to start X11 programs at a remote site is with |
The recommended way to start X11 programs at a remote site is with |
| something like "ssh -f host xterm". |
something like |
| .ne 3 |
.Ic ssh -f host xterm . |
| .TP |
.It Fl i Ar identity_file |
| .BI \-i \ identity_file |
|
| Selects the file from which the identity (private key) for |
Selects the file from which the identity (private key) for |
| .B \s-1RSA\s0 |
RSA authentication is read. Default is |
| authentication is read. Default is |
.Pa \&.ssh/identity |
| .I \&\s+2.\s0ssh/identity |
|
| in the user's home directory. Identity files may also be specified on |
in the user's home directory. Identity files may also be specified on |
| a per-host basis in the configuration file. It is possible to have |
a per-host basis in the configuration file. It is possible to have |
| multiple \-i options (and multiple identities specified in |
multiple |
| |
.Fl i |
| |
options (and multiple identities specified in |
| configuration files). |
configuration files). |
| .ne 3 |
.It Fl k |
| .TP |
|
| .B \-k |
|
| Disables forwarding of Kerberos tickets / AFS tokens. This may |
Disables forwarding of Kerberos tickets / AFS tokens. This may |
| also be specified on a per-host basis in the configuration file. |
also be specified on a per-host basis in the configuration file. |
| .ne 3 |
.It Fl l Ar login_name |
| .TP |
|
| .BI -l \ login_name |
|
| Specifies the user to log in as on the remote machine. This may also |
Specifies the user to log in as on the remote machine. This may also |
| be specified on a per-host basis in the configuration file. |
be specified on a per-host basis in the configuration file. |
| .ne 3 |
.It Fl n |
| .TP |
Redirects stdin from |
| .B \-n |
.Pa /dev/null |
| Redirects stdin from /dev/null (actually, prevents reading from stdin). |
(actually, prevents reading from stdin). |
| This must be used when |
This must be used when |
| .B ssh |
.Nm |
| is run in the background. A common trick is to use this to run X11 |
is run in the background. A common trick is to use this to run X11 |
| programs in a remote machine. For example, "ssh -n shadows.cs.hut.fi |
programs in a remote machine. For example, |
| emacs &" will start an emacs on shadows.cs.hut.fi, and the X11 |
.Ic ssh -n shadows.cs.hut.fi emacs & |
| |
will start an emacs on shadows.cs.hut.fi, and the X11 |
| connection will be automatically forwarded over an encrypted channel. |
connection will be automatically forwarded over an encrypted channel. |
| The |
The |
| .B ssh |
.Nm |
| program will be put in the background. |
program will be put in the background. |
| (This does not work if |
(This does not work if |
| .B ssh |
.Nm |
| needs to ask for a password or passphrase; see also the -f option.) |
needs to ask for a password or passphrase; see also the |
| .ne 3 |
.Fl f |
| .TP |
option.) |
| .BI \-o "\ 'option' |
.It Fl o Ar option |
| Can be used to give options in the format used in the config file. |
Can be used to give options in the format used in the config file. |
| This is useful for specifying options for which there is no separate |
This is useful for specifying options for which there is no separate |
| command-line flag. The option has the same format as a line in the |
command-line flag. The option has the same format as a line in the |
| configuration file. |
configuration file. |
| .ne 3 |
.It Fl p Ar port |
| .TP |
|
| .BI \-p "\ port |
|
| Port to connect to on the remote host. This can be specified on a |
Port to connect to on the remote host. This can be specified on a |
| per-host basis in the configuration file. |
per-host basis in the configuration file. |
| .ne 3 |
.It Fl q |
| .TP |
|
| .B \-q |
|
| Quiet mode. Causes all warning and diagnostic messages to be |
Quiet mode. Causes all warning and diagnostic messages to be |
| suppressed. Only fatal errors are displayed. |
suppressed. Only fatal errors are displayed. |
| .ne 3 |
.It Fl t |
| .TP |
|
| .B \-t |
|
| Force pseudo-tty allocation. This can be used to execute arbitary |
Force pseudo-tty allocation. This can be used to execute arbitary |
| screen-based programs on a remote machine, which can be very useful |
screen-based programs on a remote machine, which can be very useful |
| e.g. when implementing menu services. |
e.g. when implementing menu services. |
| .ne 3 |
.It Fl v |
| .TP |
|
| .B \-v |
|
| Verbose mode. Causes |
Verbose mode. Causes |
| .B ssh |
.Nm |
| to print debugging messages about its progress. This is helpful in |
to print debugging messages about its progress. This is helpful in |
| debugging connection, authentication, and configuration problems. |
debugging connection, authentication, and configuration problems. |
| .ne 3 |
.It Fl x |
| .TP |
|
| .B \-x |
|
| Disables X11 forwarding. This can also be specified on a per-host |
Disables X11 forwarding. This can also be specified on a per-host |
| basis in a configuration file. |
basis in a configuration file. |
| .ne 3 |
.It Fl X |
| .TP |
|
| .B \-X |
|
| Enables X11 forwarding. |
Enables X11 forwarding. |
| .ne 3 |
.It Fl C |
| .TP |
|
| .B \-C |
|
| Requests compression of all data (including stdin, stdout, stderr, and |
Requests compression of all data (including stdin, stdout, stderr, and |
| data for forwarded X11 and TCP/IP connections). The compression |
data for forwarded X11 and TCP/IP connections). The compression |
| algorithm is the same used by gzip, and the "level" can be controlled |
algorithm is the same used by gzip, and the |
| by the |
.Dq level |
| .B CompressionLevel |
can be controlled by the |
| |
.Cm CompressionLevel |
| option (see below). Compression is desirable on modem lines and other |
option (see below). Compression is desirable on modem lines and other |
| slow connections, but will only slow down things on fast networks. |
slow connections, but will only slow down things on fast networks. |
| The default value can be set on a host-by-host basis in the |
The default value can be set on a host-by-host basis in the |
| configuration files; see the |
configuration files; see the |
| .B Compress |
.Cm Compress |
| option below. |
option below. |
| .ne 3 |
.It Fl L Ar port:host:hostport |
| .TP |
|
| .BI \-L "\ port:host:hostport |
|
| Specifies that the given port on the local (client) host is to be |
Specifies that the given port on the local (client) host is to be |
| forwarded to the given host and port on the remote side. This works |
forwarded to the given host and port on the remote side. This works |
| by allocating a socket to listen to |
by allocating a socket to listen to |
| .B port |
.Ar port |
| on the local side, and whenever a connection is made to this port, the |
on the local side, and whenever a connection is made to this port, the |
| connection is forwarded over the secure channel, and a connection is |
connection is forwarded over the secure channel, and a connection is |
| made to |
made to |
| .B host:hostport |
.Ar host:hostport |
| from the remote machine. Port forwardings can also be specified in the |
from the remote machine. Port forwardings can also be specified in the |
| configuration file. Only root can forward privileged ports. |
configuration file. Only root can forward privileged ports. |
| .ne 3 |
.It Fl R Ar port:host:hostport |
| .TP |
|
| .BI \-R "\ port:host:hostport |
|
| Specifies that the given port on the remote (server) host is to be |
Specifies that the given port on the remote (server) host is to be |
| forwarded to the given host and port on the local side. This works |
forwarded to the given host and port on the local side. This works |
| by allocating a socket to listen to |
by allocating a socket to listen to |
| .B port |
.Ar port |
| on the remote side, and whenever a connection is made to this port, the |
on the remote side, and whenever a connection is made to this port, the |
| connection is forwarded over the secure channel, and a connection is |
connection is forwarded over the secure channel, and a connection is |
| made to |
made to |
| .B host:hostport |
.Ar host:hostport |
| from the local machine. Port forwardings can also be specified in the |
from the local machine. Port forwardings can also be specified in the |
| configuration file. Privileged ports can be forwarded only when |
configuration file. Privileged ports can be forwarded only when |
| logging in as root on the remote machine. |
logging in as root on the remote machine. |
| |
.El |
| .SH CONFIGURATION FILES |
.Sh CONFIGURATION FILES |
| .LP |
.Nm |
| .B Ssh |
|
| obtains configuration data from the following sources (in this order): |
obtains configuration data from the following sources (in this order): |
| command line options, user's configuration file |
command line options, user's configuration file |
| (\fI\&$HOME/\s+2.\s0ssh/config\fR), and system-wide configuration file |
.Pq Pa $HOME/.ssh/config , |
| (\fI/etc/ssh_config\fR). For each parameter, the first obtained value |
and system-wide configuration file |
| |
.Pq Pa /etc/ssh_config . |
| |
For each parameter, the first obtained value |
| will be used. The configuration files contain sections bracketed by |
will be used. The configuration files contain sections bracketed by |
| "Host" specifications, and that section is only applied for hosts that |
"Host" specifications, and that section is only applied for hosts that |
| match one of the patterns given in the specification. The matched |
match one of the patterns given in the specification. The matched |
| host name is the one given on the command line. |
host name is the one given on the command line. |
| .LP |
.Pp |
| Since the first obtained value for each parameter is used, more |
Since the first obtained value for each parameter is used, more |
| host-specific declarations should be given near the beginning of the |
host-specific declarations should be given near the beginning of the |
| file, and general defaults at the end. |
file, and general defaults at the end. |
| .LP |
.Pp |
| The configuration file has the following format: |
The configuration file has the following format: |
| .IP |
.Pp |
| Empty lines and lines starting with '#' are comments. |
Empty lines and lines starting with |
| .IP |
.Ql # |
| Otherwise a line is of the format "keyword arguments". The possible |
are comments. |
| |
.Pp |
| |
Otherwise a line is of the format |
| |
.Dq keyword arguments . |
| |
The possible |
| keywords and their meanings are as follows (note that the |
keywords and their meanings are as follows (note that the |
| configuration files are case-sensitive): |
configuration files are case-sensitive): |
| .ne 3 |
.Bl -tag -width Ds |
| .TP |
.It Cm Host |
| .de YN |
|
| "\fByes\fR" or "\fBno\fR". |
|
| .. |
|
| |
|
| .B Host |
|
| Restricts the following declarations (up to the next |
Restricts the following declarations (up to the next |
| .B Host |
.Cm Host |
| keyword) to be only for those hosts that match one of the patterns |
keyword) to be only for those hosts that match one of the patterns |
| given after the keyword. '*' and '?' can be as wildcards in the |
given after the keyword. |
| patterns. A single '*' as a pattern can be used to provide global |
.Ql \&* |
| |
and |
| |
.Ql ? |
| |
can be used as wildcards in the |
| |
patterns. A single |
| |
.Ql \&* |
| |
as a pattern can be used to provide global |
| defaults for all hosts. The host is the |
defaults for all hosts. The host is the |
| .IR hostname |
.Ar hostname |
| argument given on the command line (i.e., the name is not converted to |
argument given on the command line (i.e., the name is not converted to |
| a canonicalized host name before matching). |
a canonicalized host name before matching). |
| .ne 3 |
.It Cm AFSTokenPassing |
| .TP |
|
| .B AFSTokenPassing |
|
| Specifies whether to pass AFS tokens to remote host. The argument to |
Specifies whether to pass AFS tokens to remote host. The argument to |
| this keyword must be |
this keyword must be |
| .YN |
.Dq yes |
| .ne 3 |
or |
| .TP |
.Dq no . |
| .B BatchMode |
.It Cm BatchMode |
| If set to "yes", passphrase/password querying will be disabled. This |
If set to |
| |
.Dq yes , |
| |
passphrase/password querying will be disabled. This |
| option is useful in scripts and other batch jobs where you have no |
option is useful in scripts and other batch jobs where you have no |
| user to supply the password. The argument must be |
user to supply the password. The argument must be |
| .YN |
.Dq yes |
| .ne 3 |
or |
| .TP |
.Dq no . |
| .B Cipher |
.It Cm Cipher |
| Specifies the cipher to use for encrypting the session. Currently, |
Specifies the cipher to use for encrypting the session. Currently, |
| .IR blowfish ", |
.Dq blowfish , |
| .IR idea ", |
.Dq idea , |
| .IR des ", |
.Dq des , |
| .IR 3des ", |
.Dq 3des , |
| and |
and |
| .I none |
.Dq none |
| are supported. The default is "3des". Using "none" (no encryption) is intended |
are supported. The default is |
| only for debugging, and will render the connection insecure. |
.Dq 3des . |
| .ne 3 |
Using |
| .TP |
.Dq none |
| .B Compression |
(no encryption) is intended only for debugging, and will render the connection |
| |
insecure. |
| |
.It Cm Compression |
| Specifies whether to use compression. The argument must be |
Specifies whether to use compression. The argument must be |
| .YN |
.Dq yes |
| .ne 3 |
or |
| .TP |
.Dq no . |
| .B CompressionLevel |
.It Cm CompressionLevel |
| Specifies the compression level to use if compression is enable. The |
Specifies the compression level to use if compression is enable. The |
| argument must be an integer from 1 (fast) to 9 (slow, best). The |
argument must be an integer from 1 (fast) to 9 (slow, best). The |
| default level is 6, which is good for most applications. The meaning |
default level is 6, which is good for most applications. The meaning |
| of the values is the same as in GNU GZIP. |
of the values is the same as in GNU GZIP. |
| .ne 3 |
.It Cm ConnectionAttempts |
| .TP |
|
| .B ConnectionAttempts |
|
| Specifies the number of tries (one per second) to make before falling |
Specifies the number of tries (one per second) to make before falling |
| back to rsh or exiting. The argument must be an integer. This may be |
back to rsh or exiting. The argument must be an integer. This may be |
| useful in scripts if the connection sometimes fails. |
useful in scripts if the connection sometimes fails. |
| .ne 3 |
.It Cm EscapeChar |
| .TP |
Sets the escape character (default: |
| .B EscapeChar |
.Ql ~ ) . |
| Sets the escape character (default: ~). The escape character can also |
The escape character can also |
| be set on the command line. The argument should be a single |
be set on the command line. The argument should be a single |
| character, '^' followed by a letter, or ``none'' to disable the escape |
character, |
| |
.Ql ^ |
| |
followed by a letter, or |
| |
.Dq none |
| |
to disable the escape |
| character entirely (making the connection transparent for binary |
character entirely (making the connection transparent for binary |
| data). |
data). |
| .ne 3 |
.It Cm FallBackToRsh |
| .TP |
|
| .B FallBackToRsh |
|
| Specifies that if connecting via |
Specifies that if connecting via |
| .B ssh |
.Nm |
| fails due to a connection refused error (there is no |
fails due to a connection refused error (there is no |
| .B sshd |
.Xr sshd 8 |
| listening on the remote host), |
listening on the remote host), |
| .B rsh |
.Xr rsh 1 |
| should automatically be used instead (after a suitable warning about |
should automatically be used instead (after a suitable warning about |
| the session being unencrypted). The argument must be |
the session being unencrypted). The argument must be |
| .YN |
.Dq yes |
| .ne 3 |
or |
| .TP |
.Dq no . |
| .B ForwardAgent |
.It Cm ForwardAgent |
| Specifies whether the connection to the authentication agent (if any) |
Specifies whether the connection to the authentication agent (if any) |
| will be forwarded to the remote machine. The argument must be |
will be forwarded to the remote machine. The argument must be |
| .YN |
.Dq yes |
| .ne 3 |
or |
| .TP |
.Dq no . |
| .B ForwardX11 |
.It Cm ForwardX11 |
| Specifies whether X11 connections will be automatically redirected |
Specifies whether X11 connections will be automatically redirected |
| over the secure channel and |
over the secure channel and |
| .B \s-1DISPLAY\s0 |
.Ev DISPLAY |
| set. The argument must be |
set. The argument must be |
| .YN |
.Dq yes |
| .ne 3 |
or |
| .TP |
.Dq no . |
| .B GlobalKnownHostsFile |
.It Cm GlobalKnownHostsFile |
| Specifies a file to use instead of |
Specifies a file to use instead of |
| .IR /etc/ssh_known_hosts ". |
.Pa /etc/ssh_known_hosts . |
| .ne 3 |
.It Cm HostName |
| .TP |
|
| .B HostName |
|
| Specifies the real host name to log into. This can be used to specify |
Specifies the real host name to log into. This can be used to specify |
| nicnames or abbreviations for hosts. Default is the name given on the |
nicnames or abbreviations for hosts. Default is the name given on the |
| command line. Numeric IP addresses are also permitted (both on the |
command line. Numeric IP addresses are also permitted (both on the |
| command line and in |
command line and in |
| .B HostName |
.Cm HostName |
| specifications). |
specifications). |
| .ne 3 |
.It Cm IdentityFile |
| .TP |
|
| .B IdentityFile |
|
| Specifies the file from which the user's RSA authentication identity |
Specifies the file from which the user's RSA authentication identity |
| is read (default \fI\s+2.\s0ssh/identity\fR in the user's home directory). |
is read (default |
| |
.Pa .ssh/identity |
| |
in the user's home directory). |
| Additionally, any identities represented by the authentication agent |
Additionally, any identities represented by the authentication agent |
| will be used for authentication. The file name may use the tilde |
will be used for authentication. The file name may use the tilde |
| syntax to refer to a user's home directory. It is possible to have |
syntax to refer to a user's home directory. It is possible to have |
| multiple identity files specified in configuration files; all these |
multiple identity files specified in configuration files; all these |
| identities will be tried in sequence. |
identities will be tried in sequence. |
| .ne 3 |
.It Cm KeepAlive |
| .TP |
|
| .B KeepAlive |
|
| Specifies whether the system should send keepalive messages to the |
Specifies whether the system should send keepalive messages to the |
| other side. If they are sent, death of the connection or crash of one |
other side. If they are sent, death of the connection or crash of one |
| of the machines will be properly noticed. However, this means that |
of the machines will be properly noticed. However, this means that |
| connections will die if the route is down temporarily, and some people |
connections will die if the route is down temporarily, and some people |
| find it annoying. |
find it annoying. |
| |
.Pp |
| The default is "yes" (to send keepalives), and the client will notice |
The default is |
| |
.Dq yes |
| |
(to send keepalives), and the client will notice |
| if the network goes down or the remote host dies. This is important |
if the network goes down or the remote host dies. This is important |
| in scripts, and many users want it too. |
in scripts, and many users want it too. |
| |
.Pp |
| To disable keepalives, the value should be set to "no" in both the |
To disable keepalives, the value should be set to |
| server and the client configuration files. |
.Dq no |
| .ne 3 |
in both the server and the client configuration files. |
| .TP |
.It Cm KerberosAuthentication |
| .B KerberosAuthentication |
|
| Specifies whether Kerberos authentication will be used. |
Specifies whether Kerberos authentication will be used. |
| .TP |
.It Cm KerberosTgtPassing |
| .B KerberosTgtPassing |
|
| Specifies whether a Kerberos TGT will be forwarded to the server. |
Specifies whether a Kerberos TGT will be forwarded to the server. |
| Note that TGT forwarding is normally not enabled in the server. |
Note that TGT forwarding is normally not enabled in the server. |
| .TP |
.It Cm LocalForward |
| .B LocalForward |
|
| Specifies that a TCP/IP port on the local machine be forwarded over |
Specifies that a TCP/IP port on the local machine be forwarded over |
| the secure channel to given host:port from the remote machine. The |
the secure channel to given host:port from the remote machine. The |
| first argument must be a port number, and the second must be |
first argument must be a port number, and the second must be |
| host:port. Multiple forwardings may be specified, and additional |
host:port. Multiple forwardings may be specified, and additional |
| forwardings can be given on the command line. Only the root can |
forwardings can be given on the command line. Only the root can |
| forward privileged ports. |
forward privileged ports. |
| .ne 3 |
.It Cm PasswordAuthentication |
| .TP |
|
| .B PasswordAuthentication |
|
| Specifies whether to use password authentication. The argument to |
Specifies whether to use password authentication. The argument to |
| this keyword must be |
this keyword must be |
| .YN |
.Dq yes |
| .ne 3 |
or |
| .TP |
.Dq no . |
| .B Port |
.It Cm Port |
| Specifies the port number to connect on the remote host. Default is |
Specifies the port number to connect on the remote host. Default is |
| 22. |
22. |
| .ne 3 |
.It Cm ProxyCommand |
| .TP |
|
| .B ProxyCommand |
|
| Specifies the command to use to connect to the server. The command |
Specifies the command to use to connect to the server. The command |
| string extends to the end of the line, and is executed with /bin/sh. |
string extends to the end of the line, and is executed with /bin/sh. |
| In the command string, %h will be substituted by the host name to |
In the command string, %h will be substituted by the host name to |
| connect and %p by the port. The command can be basically anything, |
connect and %p by the port. The command can be basically anything, |
| and should read from its stdin and write to its stdout. It should |
and should read from its stdin and write to its stdout. It should |
| eventually connect an |
eventually connect an |
| .B sshd |
.Xr sshd 8 |
| server running on some machine, or execute |
server running on some machine, or execute |
| "sshd -i" somewhere. Host key management will be done using the |
.Ic sshd -i |
| |
somewhere. Host key management will be done using the |
| HostName of the host being connected (defaulting to the name typed by |
HostName of the host being connected (defaulting to the name typed by |
| the user). |
the user). |
| |
.Pp |
| Note that |
Note that |
| .B ssh |
.Nm |
| can also be configured to support the SOCKS system using the |
can also be configured to support the SOCKS system using the |
| --with-socks compile-time configuration option. |
--with-socks compile-time configuration option. |
| .ne 3 |
.It Cm RemoteForward |
| .TP |
|
| .B RemoteForward |
|
| Specifies that a TCP/IP port on the remote machine be forwarded over |
Specifies that a TCP/IP port on the remote machine be forwarded over |
| the secure channel to given host:port from the local machine. The |
the secure channel to given host:port from the local machine. The |
| first argument must be a port number, and the second must be |
first argument must be a port number, and the second must be |
| host:port. Multiple forwardings may be specified, and additional |
host:port. Multiple forwardings may be specified, and additional |
| forwardings can be given on the command line. Only the root can |
forwardings can be given on the command line. Only the root can |
| forward privileged ports. |
forward privileged ports. |
| .ne 3 |
.It Cm RhostsAuthentication |
| .TP |
|
| .B RhostsAuthentication |
|
| Specifies whether to try rhosts based authentication. Note that this |
Specifies whether to try rhosts based authentication. Note that this |
| declaration only affects the client side and has no effect whatsoever |
declaration only affects the client side and has no effect whatsoever |
| on security. Disabling rhosts authentication may reduce |
on security. Disabling rhosts authentication may reduce |
|
|
| not used. Most servers do not permit RhostsAuthentication because it |
not used. Most servers do not permit RhostsAuthentication because it |
| is not secure (see RhostsRSAAuthentication). The argument to this |
is not secure (see RhostsRSAAuthentication). The argument to this |
| keyword must be |
keyword must be |
| .YN |
.Dq yes |
| .ne 3 |
or |
| .TP |
.Dq no . |
| .B RhostsRSAAuthentication |
.It Cm RhostsRSAAuthentication |
| Specifies whether to try rhosts based authentication with RSA host |
Specifies whether to try rhosts based authentication with RSA host |
| authentication. This is the primary authentication method for most |
authentication. This is the primary authentication method for most |
| sites. The argument must be |
sites. The argument must be |
| .YN |
.Dq yes |
| .ne 3 |
or |
| .TP |
.Dq no . |
| .B RSAAuthentication |
.It Cm RSAAuthentication |
| Specifies whether to try RSA authentication. The argument to this |
Specifies whether to try RSA authentication. The argument to this |
| keyword must be |
keyword must be |
| .YN |
.Dq yes |
| |
or |
| |
.Dq no . |
| RSA authentication will only be |
RSA authentication will only be |
| attempted if the identity file exists, or an authentication agent is |
attempted if the identity file exists, or an authentication agent is |
| running. |
running. |
| .ne 3 |
.It Cm StrictHostKeyChecking |
| .TP |
If this flag is set to |
| .B StrictHostKeyChecking |
.Dq yes , |
| If this flag is set to "yes", |
.Nm |
| .B ssh |
|
| ssh will never automatically add host keys to the |
ssh will never automatically add host keys to the |
| .I $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
| file, and refuses to connect hosts whose host key has changed. This |
file, and refuses to connect hosts whose host key has changed. This |
| provides maximum protection against trojan horse attacks. However, it |
provides maximum protection against trojan horse attacks. However, it |
| can be somewhat annoying if you don't have good |
can be somewhat annoying if you don't have good |
| .I /etc/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
| files installed and frequently |
files installed and frequently |
| connect new hosts. Basically this option forces the user to manually |
connect new hosts. Basically this option forces the user to manually |
| add any new hosts. Normally this option is disabled, and new hosts |
add any new hosts. Normally this option is disabled, and new hosts |
| will automatically be added to the known host files. The host keys of |
will automatically be added to the known host files. The host keys of |
| known hosts will be verified automatically in either case. The |
known hosts will be verified automatically in either case. The |
| argument must be |
argument must be |
| .YN |
.Dq yes |
| .ne3 |
or |
| .TP |
.Dq no . |
| .B User |
.It Cm User |
| Specifies the user to log in as. This can be useful if you have a |
Specifies the user to log in as. This can be useful if you have a |
| different user name in different machines. This saves the trouble of |
different user name in different machines. This saves the trouble of |
| having to remember to give the user name on the command line. |
having to remember to give the user name on the command line. |
| .ne 3 |
.It Cm UserKnownHostsFile |
| .TP |
Specifies a file to use instead of |
| .B UserKnownHostsFile |
.Pa $HOME/.ssh/known_hosts . |
| Specifies a file to use instead of \fI$HOME/\s+2.\s0ssh/known_hosts\fR. |
.It Cm UseRsh |
| .ne 3 |
|
| .TP |
|
| .B UseRsh |
|
| Specifies that rlogin/rsh should be used for this host. It is |
Specifies that rlogin/rsh should be used for this host. It is |
| possible that the host does not at all support the |
possible that the host does not at all support the |
| .B ssh |
.Nm |
| protocol. This causes |
protocol. This causes |
| .B ssh |
.Nm |
| to immediately exec |
to immediately exec |
| .B rsh. |
.Xr rsh 1 . |
| All other options (except |
All other options (except |
| .BR HostName ) |
.Cm HostName ) |
| are ignored if this has been specified. The argument must be |
are ignored if this has been specified. The argument must be |
| .YN |
.Dq yes |
| |
or |
| .SH ENVIRONMENT |
.Dq no . |
| .LP |
.Sh ENVIRONMENT |
| .B Ssh |
.Nm |
| will normally set the following environment variables: |
will normally set the following environment variables: |
| .TP |
.Bl -tag -width Ds |
| .B DISPLAY |
.It Ev DISPLAY |
| The DISPLAY variable indicates the location of the X11 server. It is |
The |
| |
.Ev DISPLAY |
| |
variable indicates the location of the X11 server. It is |
| automatically set by |
automatically set by |
| .B ssh |
.Nm |
| to point to a value of the form "hostname:n" where hostname indicates |
to point to a value of the form |
| |
.Dq hostname:n |
| |
where hostname indicates |
| the host where the shell runs, and n is an integer >= 1. Ssh uses |
the host where the shell runs, and n is an integer >= 1. Ssh uses |
| this special value to forward X11 connections over the secure |
this special value to forward X11 connections over the secure |
| channel. The user should normally not set DISPLAY explicitly, as that |
channel. The user should normally not set DISPLAY explicitly, as that |
| will render the X11 connection insecure (and will require the user to |
will render the X11 connection insecure (and will require the user to |
| manually copy any required authorization cookies). |
manually copy any required authorization cookies). |
| .ne 3 |
.It Ev HOME |
| .TP |
|
| .B HOME |
|
| Set to the path of the user's home directory. |
Set to the path of the user's home directory. |
| .ne 3 |
.It Ev LOGNAME |
| .TP |
Synonym for |
| .B LOGNAME |
.Ev USER ; set for compatibility with systems that use |
| Synonym for USER; set for compatibility with systems that use |
|
| this variable. |
this variable. |
| .ne 3 |
.It Ev MAIL |
| .TP |
|
| .B MAIL |
|
| Set to point the user's mailbox. |
Set to point the user's mailbox. |
| .ne 3 |
.It Ev PATH |
| .TP |
Set to the default |
| .B PATH |
.Ev PATH , |
| Set to the default PATH, as specified when compiling |
as specified when compiling |
| .B ssh |
.Nm |
| or, on some systems, |
or, on some systems, |
| .I /etc/environment |
.Pa /etc/environment |
| or |
or |
| .IR /etc/default/login ". |
.Pa /etc/default/login . |
| .ne 3 |
.It Ev SSH_AUTHENTICATION_FD |
| .TP |
|
| .B SSH_AUTHENTICATION_FD |
|
| This is set to an integer value if you are using the authentication |
This is set to an integer value if you are using the authentication |
| agent and a connection to it has been forwarded. The value indicates |
agent and a connection to it has been forwarded. The value indicates |
| a file descriptor number used for communicating with the agent. On |
a file descriptor number used for communicating with the agent. On |
| some systems, |
some systems, |
| .B SSH_AUTHENTICATION_SOCKET |
.Ev SSH_AUTHENTICATION_SOCKET |
| may be used instead to |
may be used instead to |
| indicate the path of a unix-domain socket used to communicate with the |
indicate the path of a unix-domain socket used to communicate with the |
| agent (this method is less secure, and is only used on systems that |
agent (this method is less secure, and is only used on systems that |
| don't support the first method). |
don't support the first method). |
| .ne 3 |
.It Ev SSH_CLIENT |
| .TP |
|
| .B SSH_CLIENT |
|
| Identifies the client end of the connection. The variable contains |
Identifies the client end of the connection. The variable contains |
| three space-separated values: client ip-address, client port number, |
three space-separated values: client ip-address, client port number, |
| and server port number. |
and server port number. |
| .ne 3 |
.It Ev SSH_TTY |
| .TP |
|
| .B SSH_TTY |
|
| This is set to the name of the tty (path to the device) associated |
This is set to the name of the tty (path to the device) associated |
| with the current shell or command. If the current session has no tty, |
with the current shell or command. If the current session has no tty, |
| this variable is not set. |
this variable is not set. |
| .ne 3 |
.It Ev TZ |
| .TP |
|
| .B TZ |
|
| The timezone variable is set to indicate the present timezone if it |
The timezone variable is set to indicate the present timezone if it |
| was set when the daemon was started (e.i., the daemon passes the value |
was set when the daemon was started (e.i., the daemon passes the value |
| on to new connections). |
on to new connections). |
| .ne 3 |
.It Ev USER |
| .TP |
|
| .B USER |
|
| Set to the name of the user logging in. |
Set to the name of the user logging in. |
| .LP |
.El |
| .RT |
.Pp |
| Additionally, |
Additionally, |
| .B ssh |
.Nm |
| reads |
reads |
| .I /etc/environment |
.Pa /etc/environment |
| and |
and |
| .IR $HOME/.ssh/environment ", |
.Pa $HOME/.ssh/environment , |
| and adds lines of |
and adds lines of the format |
| the format |
.Dq VARNAME=value |
| .I VARNAME=value |
|
| to the environment. Some systems may have |
to the environment. Some systems may have |
| still additional mechanisms for setting up the environment, such as |
still additional mechanisms for setting up the environment, such as |
| .I /etc/default/login |
.Pa /etc/default/login |
| on Solaris. |
on Solaris. |
| |
.Sh FILES |
| .ne 3 |
.Bl -tag -width $HOME/.ssh/known_hosts |
| .SH FILES |
.It Pa $HOME/.ssh/known_hosts |
| .TP |
|
| .I \&$HOME/\s+2.\s0ssh/known_hosts |
|
| Records host keys for all hosts the user has logged into (that are not |
Records host keys for all hosts the user has logged into (that are not |
| in \fI/etc/ssh_known_hosts\fR). See |
in |
| .B sshd |
.Pa /etc/ssh_known_hosts ) . |
| manual page. |
See |
| .ne 3 |
.Xr sshd 8 . |
| .TP |
.It Pa $HOME/.ssh/random_seed |
| .I \&$HOME/\s+2.\s0ssh/random_seed |
|
| Used for seeding the random number generator. This file contains |
Used for seeding the random number generator. This file contains |
| sensitive data and should read/write for the user and not accessible |
sensitive data and should read/write for the user and not accessible |
| for others. This file is created the first time the program is run |
for others. This file is created the first time the program is run |
| and updated automatically. The user should never need to read or |
and updated automatically. The user should never need to read or |
| modify this file. |
modify this file. |
| .ne 5 |
.It Pa $HOME/.ssh/identity |
| .TP |
|
| .I \&$HOME/\s+2.\s0ssh/identity |
|
| Contains the RSA authentication identity of the user. This file |
Contains the RSA authentication identity of the user. This file |
| contains sensitive data and should be readable by the user but not |
contains sensitive data and should be readable by the user but not |
| accessible by others. It is possible to specify a passphrase when |
accessible by others. It is possible to specify a passphrase when |
| generating the key; the passphrase will be used to encrypt the |
generating the key; the passphrase will be used to encrypt the |
| sensitive part of this file using |
sensitive part of this file using IDEA. |
| .BR \s-1IDEA\s0 ". |
.It Pa $HOME/.ssh/identity.pub |
| .ne 3 |
|
| .TP |
|
| .I \&$HOME/\s+2.\s0ssh/identity.pub |
|
| Contains the public key for authentication (public part of the |
Contains the public key for authentication (public part of the |
| identity file in human-readable form). The contents of this file |
identity file in human-readable form). The contents of this file |
| should be added to \fI$HOME/\s+2.\s0ssh/authorized_keys\fR on all machines |
should be added to |
| |
.Pa $HOME/.ssh/authorized_keys |
| |
on all machines |
| where you wish to log in using RSA authentication. This file is not |
where you wish to log in using RSA authentication. This file is not |
| sensitive and can (but need not) be readable by anyone. This file is |
sensitive and can (but need not) be readable by anyone. This file is |
| never used automatically and is not necessary; it is only provided for |
never used automatically and is not necessary; it is only provided for |
| the convenience of the user. |
the convenience of the user. |
| .ne 3 |
.It Pa $HOME/.ssh/config |
| .TP |
|
| .I \&$HOME/\s+2.\s0ssh/config |
|
| This is the per-user configuration file. The format of this file is |
This is the per-user configuration file. The format of this file is |
| described above. This file is used by the |
described above. This file is used by the |
| .B ssh |
.Nm |
| client. This file does not usually contain any sensitive information, |
client. This file does not usually contain any sensitive information, |
| but the recommended permissions are read/write for the user, and not |
but the recommended permissions are read/write for the user, and not |
| accessible by others. |
accessible by others. |
| .ne 3 |
.It Pa $HOME/.ssh/authorized_keys |
| .TP |
|
| .I \&$HOME/\s+2.\s0ssh/authorized_keys |
|
| Lists the RSA keys that can be used for logging in as this user. The |
Lists the RSA keys that can be used for logging in as this user. The |
| format of this file is described in the |
format of this file is described in the |
| .B sshd |
.Xr sshd 8 |
| manual page. In the simplest form the format is the same as the .pub |
manual page. In the simplest form the format is the same as the .pub |
| identity files (that is, each line contains the number of bits in |
identity files (that is, each line contains the number of bits in |
| modulus, public exponent, modulus, and comment fields, separated by |
modulus, public exponent, modulus, and comment fields, separated by |
| spaces). This file is not highly sensitive, but the recommended |
spaces). This file is not highly sensitive, but the recommended |
| permissions are read/write for the user, and not accessible by others. |
permissions are read/write for the user, and not accessible by others. |
| .ne 3 |
.It Pa /etc/ssh_known_hosts |
| .TP |
|
| .I /etc/ssh_known_hosts |
|
| Systemwide list of known host keys. This file should be prepared by the |
Systemwide list of known host keys. This file should be prepared by the |
| system administrator to contain the public host keys of all machines in the |
system administrator to contain the public host keys of all machines in the |
| organization. This file should be world-readable. This file contains |
organization. This file should be world-readable. This file contains |
|
|
| modulus, and optional comment field. When different names are used |
modulus, and optional comment field. When different names are used |
| for the same machine, all such names should be listed, separated by |
for the same machine, all such names should be listed, separated by |
| commas. The format is described on the |
commas. The format is described on the |
| .B sshd |
.Xr sshd 8 |
| manual page. |
manual page. |
| .IP |
.Pp |
| The canonical system name (as returned by name servers) is used by |
The canonical system name (as returned by name servers) is used by |
| .B sshd |
.Xr sshd 8 |
| to verify the client host when logging in; other names are needed because |
to verify the client host when logging in; other names are needed because |
| .B ssh |
.Nm |
| does not convert the user-supplied name to a canonical name before |
does not convert the user-supplied name to a canonical name before |
| checking the key, because someone with access to the name servers |
checking the key, because someone with access to the name servers |
| would then be able to fool host authentication. |
would then be able to fool host authentication. |
| .ne 3 |
.It Pa /etc/ssh_config |
| .TP |
|
| .I /etc/ssh_config |
|
| Systemwide configuration file. This file provides defaults for those |
Systemwide configuration file. This file provides defaults for those |
| values that are not specified in the user's configuration file, and |
values that are not specified in the user's configuration file, and |
| for those users who do not have a configuration file. This file must |
for those users who do not have a configuration file. This file must |
| be world-readable. |
be world-readable. |
| .ne 3 |
.It Pa $HOME/.rhosts |
| .TP |
This file is used in |
| .I $HOME/\s+2.\s0rhosts |
.Pa \&.rhosts |
| This file is used in \s+2.\s0rhosts authentication to list the |
authentication to list the |
| host/user pairs that are permitted to log in. (Note that this file is |
host/user pairs that are permitted to log in. (Note that this file is |
| also used by rlogin and rsh, which makes using this file insecure.) |
also used by rlogin and rsh, which makes using this file insecure.) |
| Each line of the file contains a host name (in the canonical form |
Each line of the file contains a host name (in the canonical form |
|
|
| separated by a space. One some machines this file may need to be |
separated by a space. One some machines this file may need to be |
| world-readable if the user's home directory is on a NFS partition, |
world-readable if the user's home directory is on a NFS partition, |
| because |
because |
| .B sshd |
.Xr sshd 8 |
| reads it as root. Additionally, this file must be owned by the user, |
reads it as root. Additionally, this file must be owned by the user, |
| and must not have write permissions for anyone else. The recommended |
and must not have write permissions for anyone else. The recommended |
| permission for most machines is read/write for the user, and not |
permission for most machines is read/write for the user, and not |
| accessible by others. |
accessible by others. |
| .IP |
.Pp |
| Note that by default |
Note that by default |
| .B sshd |
.Xr sshd 8 |
| will be installed so that it requires successful RSA host |
will be installed so that it requires successful RSA host |
| authentication before permitting \s+2.\s0rhosts authentication. If your |
authentication before permitting \s+2.\s0rhosts authentication. If your |
| server machine does not have the client's host key in |
server machine does not have the client's host key in |
| \fI/etc/ssh_known_hosts\fR, you can store it in |
.Pa /etc/ssh_known_hosts , |
| \fI$HOME/\s+2.\s0ssh/known_hosts\fR. The easiest way to do this is to |
you can store it in |
| |
.Pa $HOME/.ssh/known_hosts . |
| |
The easiest way to do this is to |
| connect back to the client from the server machine using ssh; this |
connect back to the client from the server machine using ssh; this |
| will automatically add the host key in \fI$HOME/\s+2.\s0ssh/known_hosts\fR. |
will automatically add the host key inxi |
| .ne 3 |
.Pa $HOME/.ssh/known_hosts . |
| .TP |
.It Pa $HOME/.shosts |
| .I $HOME/\s+2.\s0shosts |
This file is used exactly the same way as |
| This file is used exactly the same way as \s+2.\s0rhosts. The purpose for |
.Pa \&.rhosts . |
| |
The purpose for |
| having this file is to be able to use rhosts authentication with |
having this file is to be able to use rhosts authentication with |
| .B ssh |
.Nm |
| without permitting login with rlogin or rsh. |
without permitting login with |
| .ne 3 |
.Xr rlogin 1 |
| .TP |
or |
| .I /etc/hosts.equiv |
.Xr rsh 1 . |
| This file is used during \s+2.\s0rhosts authentication. It contains |
.It Pa /etc/hosts.equiv |
| |
This file is used during |
| |
.Pa \&.rhosts authentication. It contains |
| canonical hosts names, one per line (the full format is described on |
canonical hosts names, one per line (the full format is described on |
| the |
the |
| .B sshd |
.Xr sshd 8 |
| manual page). If the client host is found in this file, login is |
manual page). If the client host is found in this file, login is |
| automatically permitted provided client and server user names are the |
automatically permitted provided client and server user names are the |
| same. Additionally, successful RSA host authentication is normally |
same. Additionally, successful RSA host authentication is normally |
| required. This file should only be writable by root. |
required. This file should only be writable by root. |
| .TP |
.It Pa /etc/shosts.equiv |
| .I /etc/shosts.equiv |
|
| This file is processed exactly as |
This file is processed exactly as |
| .IR /etc/hosts.equiv ". |
.Pa /etc/hosts.equiv . |
| This file may be useful to permit logins using |
This file may be useful to permit logins using |
| .B ssh |
.Nm |
| but not using rsh/rlogin. |
but not using rsh/rlogin. |
| .ne 3 |
.It Pa /etc/sshrc |
| .TP |
|
| .I /etc/sshrc |
|
| Commands in this file are executed by |
Commands in this file are executed by |
| .B ssh |
.Nm |
| when the user logs in just before the user's shell (or command) is started. |
when the user logs in just before the user's shell (or command) is started. |
| See the |
See the |
| .B sshd |
.Xr sshd 8 |
| manual page for more information. |
manual page for more information. |
| .ne 3 |
.It Pa $HOME/.ssh/rc |
| .TP |
|
| .I $HOME/.ssh/rc |
|
| Commands in this file are executed by |
Commands in this file are executed by |
| .B ssh |
.Nm |
| when the user logs in just before the user's shell (or command) is |
when the user logs in just before the user's shell (or command) is |
| started. |
started. |
| See the |
See the |
| .B sshd |
.Xr sshd 8 |
| manual page for more information. |
manual page for more information. |
| |
.Sh INSTALLATION |
| .SH INSTALLATION |
.Nm |
| .LP |
|
| .B Ssh |
|
| is normally installed as suid root. It needs root privileges only for |
is normally installed as suid root. It needs root privileges only for |
| rhosts authentication (rhosts authentication requires that the |
rhosts authentication (rhosts authentication requires that the |
| connection must come from a privileged port, and allocating such a |
connection must come from a privileged port, and allocating such a |
| port requires root privileges). It also needs to be able to read |
port requires root privileges). It also needs to be able to read |
| \fI/etc/ssh_host_key\fR to perform |
.Pa /etc/ssh_host_key |
| .B \s-1RSA\s0 |
to perform RSA |
| host authentication. It is possible to use |
host authentication. It is possible to use |
| .B ssh |
.Nm |
| without root privileges, but rhosts authentication will then be |
without root privileges, but rhosts authentication will then be |
| disabled. |
disabled. |
| .B Ssh |
.Nm |
| drops any extra privileges immediately after the connection to the |
drops any extra privileges immediately after the connection to the |
| remote host has been made. |
remote host has been made. |
| .LP |
.Pp |
| Considerable work has been put into making |
Considerable work has been put into making |
| .B sshd |
.Xr sshd 8 |
| secure. However, if you find a security problem, please report it |
secure. However, if you find a security problem, please report it |
| immediately to <ssh-bugs@cs.hut.fi>. |
immediately to <ssh-bugs@cs.hut.fi>. |
| |
.Sh AUTHOR |
| |
|
| .SH AUTHOR |
|
| .LP |
|
| Tatu Ylonen <ylo@cs.hut.fi> |
Tatu Ylonen <ylo@cs.hut.fi> |
| .LP |
.Pp |
| Information about new releases, mailing lists, and other related |
Issues can be found from the SSH WWW home page: |
| issues can be found from the ssh WWW home page at |
.Pp |
| http://www.cs.hut.fi/ssh. |
.Dl http://www.cs.hut.fi/ssh |
| |
.Sh SEE ALSO |
| .SH SEE ALSO |
.Xr make-ssh-known-hosts 1 , |
| .BR sshd (8), |
.Xr rlogin 1 , |
| .BR ssh-keygen (1), |
.Xr rsh 1 , |
| .BR ssh-agent (1), |
.Xr scp 1 , |
| .BR ssh-add (1), |
.Xr ssh-add 1 , |
| .BR scp (1), |
.Xr ssh-agent 1 , |
| .BR make-ssh-known-hosts (1), |
.Xr ssh-keygen 1 , |
| .BR rlogin (1), |
.Xr telnet 1 , |
| .BR rsh (1), |
.Xr sshd 8 |
| .BR telnet (1) |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh