version 1.1, 1999/09/26 20:53:37 |
version 1.2, 1999/09/26 22:30:06 |
|
|
.\" |
.\" |
.\" $Id$ |
.\" $Id$ |
.\" |
.\" |
.TH SSH 1 "November 8, 1995" "SSH" "SSH" |
.Dd September 25, 1999 |
|
.Dt SSH 1 |
.SH NAME |
.Os |
ssh \- secure shell client (remote login program) |
.Sh NAME |
|
.Nm ssh |
.SH SYNOPSIS |
.Nd secure shell client (remote login program) |
.B ssh |
.Sh SYNOPSIS |
[\c |
.Nm ssh |
.BI \-l \ login_name\fR\c |
.Op Fl l Ar login_name |
] |
.Ar hostname |
.B hostname |
.Op Ar command |
[\c |
.Pp |
.IR command \c |
.Nm ssh |
] |
.Op Fl knqtvxXC |
|
.Op Fl c Ar blowfish|idea|des|3des|none |
.B ssh |
.Op Fl e Ar escape_char |
[\c |
.Op Fl i Ar identity_file |
.BR \-k \c |
.Op Fl l Ar login_name |
] |
.Op Fl o Ar option |
[\c |
.Op Fl p Ar port |
.B \-c |
.Op Fl L Ar port:host:hostport |
\fIblowfish\fR\||\|\fIidea\fR\||\|\fIdes\fR\||\|\fI3des\fR\||\|\fInone\fR\c |
.Op Fl R Ar port:host:hostport |
] |
.Ar hostname |
[\c |
.Op Ar command |
.BI \-e \ escape_char\fR\c |
.Sh DESCRIPTION |
] |
.Nm |
[\c |
|
.BI \-i \ identity_file\fR\c |
|
] |
|
[\c |
|
.BI \-l \ login_name\fR\c |
|
] |
|
[\c |
|
.BR \-n \c |
|
] |
|
[\c |
|
.BI \-o \ option\fR\c |
|
] |
|
[\c |
|
.BI \-p \ port\fR\c |
|
] |
|
[\c |
|
.BR \-q \c |
|
] |
|
[\c |
|
.BR \-t \c |
|
] |
|
[\c |
|
.BR \-v \c |
|
] |
|
[\c |
|
.BR \-x \c |
|
] |
|
[\c |
|
.BR \-X \c |
|
] |
|
[\c |
|
.BR \-C \c |
|
] |
|
[\c |
|
.BI \-L \ port\fB:\fIhost\fB:\fIhostport\fR\c |
|
] |
|
[\c |
|
.BI \-R \ port\fB:\fIhost\fB:\fIhostport\fR\c |
|
] |
|
.I hostname |
|
[\c |
|
.IR command \c |
|
] |
|
|
|
.SH DESCRIPTION |
|
.LP |
|
.B Ssh |
|
(Secure Shell) a program for logging into a remote machine and for |
(Secure Shell) a program for logging into a remote machine and for |
executing commands in a remote machine. It is intended to replace |
executing commands in a remote machine. It is intended to replace |
rlogin and rsh, and provide secure encrypted communications between |
rlogin and rsh, and provide secure encrypted communications between |
two untrusted hosts over an insecure network. X11 connections and |
two untrusted hosts over an insecure network. X11 connections and |
arbitrary TCP/IP ports can also be forwarded over the secure channel. |
arbitrary TCP/IP ports can also be forwarded over the secure channel. |
.LP |
.Pp |
.B Ssh |
.Nm |
connects and logs into the specified |
connects and logs into the specified |
.IR hostname . |
.Ar hostname . |
The user must prove |
The user must prove |
his/her identity to the remote machine using one of several methods. |
his/her identity to the remote machine using one of several methods. |
.LP |
.Pp |
First, if the machine the user logs in from is listed in |
First, if the machine the user logs in from is listed in |
.I /etc/hosts.equiv |
.Pa /etc/hosts.equiv |
or |
or |
.I /etc/shosts.equiv |
.Pa /etc/shosts.equiv |
on the remote machine, and the user names are |
on the remote machine, and the user names are |
the same on both sides, the user is immediately permitted to log in. |
the same on both sides, the user is immediately permitted to log in. |
Second, if |
Second, if |
.I \&\s+2.\s0rhosts |
.Pa \&.rhosts |
or |
or |
.I \&\s+2.\s0shosts |
.Pa \&.shosts |
exists in the user's home directory on the |
exists in the user's home directory on the |
remote machine and contains a line containing the name of the client |
remote machine and contains a line containing the name of the client |
machine and the name of the user on that machine, the user is |
machine and the name of the user on that machine, the user is |
permitted to log in. This form of authentication alone is normally not |
permitted to log in. This form of authentication alone is normally not |
allowed by the server because it is not secure. |
allowed by the server because it is not secure. |
.LP |
.Pp |
The second (and primary) authentication method is the |
The second (and primary) authentication method is the |
.B rhosts |
.Pa rhosts |
or |
or |
.B hosts.equiv |
.Pa hosts.equiv |
method combined with RSA-based host authentication. It |
method combined with RSA-based host authentication. It |
means that if the login would be permitted by |
means that if the login would be permitted by |
.I \&\s+2.\s0rhosts\c |
.Pa \&.rhosts , |
\|, |
.Pa \&.shosts , |
.I \&\s+2.\s0shosts\c |
.Pa /etc/hosts.equiv , |
\|, |
|
.IR /etc/hosts.equiv\c |
|
\|, |
|
or |
or |
.IR /etc/shosts.equiv ", |
.Pa /etc/shosts.equiv , |
and additionally it can verify the client's |
and additionally it can verify the client's |
host key (see |
host key (see |
.I \&$HOME/\s+2.\s0ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
and |
and |
.I /etc/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
in the |
in the |
.B \s-1FILES\s0 |
.Sx FILES |
section), only then login is |
section), only then login is |
permitted. This authentication method closes security holes due to IP |
permitted. This authentication method closes security holes due to IP |
spoofing, DNS spoofing and routing spoofing. [Note to the |
spoofing, DNS spoofing and routing spoofing. [Note to the |
administrator: |
administrator: |
.IR /etc/hosts.equiv ", |
.Pa /etc/hosts.equiv , |
.IR \&\s+2.\s0rhosts ", |
.Pa \&.rhosts , |
and the rlogin/rsh protocol in general, are inherently insecure and should be |
and the rlogin/rsh protocol in general, are inherently insecure and should be |
disabled if security is desired.] |
disabled if security is desired.] |
.LP |
.Pp |
As a third authentication method, |
As a third authentication method, |
.B ssh |
.Nm |
supports RSA based authentication. |
supports RSA based authentication. |
The scheme is based on public-key cryptography: there are cryptosystems |
The scheme is based on public-key cryptography: there are cryptosystems |
where encryption and decryption are done using separate keys, and it |
where encryption and decryption are done using separate keys, and it |
|
|
key pair for authentication purposes. The |
key pair for authentication purposes. The |
server knows the public key, and only the user knows the private key. |
server knows the public key, and only the user knows the private key. |
The file |
The file |
.I \&$HOME/\s+2.\s0ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys |
lists the public keys that are permitted for logging |
lists the public keys that are permitted for logging |
in. When the user logs in, the |
in. When the user logs in, the |
.B ssh |
.Nm |
program tells the server which key pair it would like to use for |
program tells the server which key pair it would like to use for |
authentication. The server checks if this key is permitted, and if |
authentication. The server checks if this key is permitted, and if |
so, sends the user (actually the |
so, sends the user (actually the |
.B ssh |
.Nm |
program running on behalf of the user) a challenge, a random number, |
program running on behalf of the user) a challenge, a random number, |
encrypted by the user's public key. The challenge can only be |
encrypted by the user's public key. The challenge can only be |
decrypted using the proper private key. The user's client then decrypts the |
decrypted using the proper private key. The user's client then decrypts the |
challenge using the private key, proving that he/she knows the private |
challenge using the private key, proving that he/she knows the private |
key but without disclosing it to the server. |
key but without disclosing it to the server. |
.LP |
.Pp |
.B Ssh |
.Nm |
implements the RSA authentication protocol automatically. The user |
implements the RSA authentication protocol automatically. The user |
creates his/her RSA key pair by running |
creates his/her RSA key pair by running |
.BR ssh-keygen (1). |
.Xr ssh-keygen 1 . |
This stores the private key in |
This stores the private key in |
.I \&\s+2.\s0ssh/identity |
.Pa \&.ssh/identity |
and the public key in |
and the public key in |
.I \&\s+2.\s0ssh/identity.pub |
.Pa \&.ssh/identity.pub |
in the user's home directory. The user should then |
in the user's home directory. The user should then |
copy the |
copy the |
.I identity.pub |
.Pa identity.pub |
to |
to |
.I \&\s+2.\s0ssh/authorized_keys |
.Pa \&.ssh/authorized_keys |
in his/her home directory on the remote machine (the |
in his/her home directory on the remote machine (the |
.I authorized_keys |
.Pa authorized_keys |
file corresponds to the conventional |
file corresponds to the conventional |
.I \&\s+2.\s0rhosts |
.Pa \&.rhosts |
file, and has one key |
file, and has one key |
per line, though the lines can be very long). After this, the user |
per line, though the lines can be very long). After this, the user |
can log in without giving the password. RSA authentication is much |
can log in without giving the password. RSA authentication is much |
more secure than rhosts authentication. |
more secure than rhosts authentication. |
.LP |
.Pp |
The most convenient way to use RSA authentication may be with an |
The most convenient way to use RSA authentication may be with an |
authentication agent. See |
authentication agent. See |
.BR ssh-agent (1) |
.Xr ssh-agent 1 |
for more information. |
for more information. |
.LP |
.Pp |
If other authentication methods fail, |
If other authentication methods fail, |
.B ssh |
.Nm |
prompts the user for a password. The password is sent to the remote |
prompts the user for a password. The password is sent to the remote |
host for checking; however, since all communications are encrypted, |
host for checking; however, since all communications are encrypted, |
the password cannot be seen by someone listening on the network. |
the password cannot be seen by someone listening on the network. |
.LP |
.Pp |
When the user's identity has been accepted by the server, the server |
When the user's identity has been accepted by the server, the server |
either executes the given command, or logs into the machine and gives |
either executes the given command, or logs into the machine and gives |
the user a normal shell on the remote machine. All communication with |
the user a normal shell on the remote machine. All communication with |
the remote command or shell will be automatically encrypted. |
the remote command or shell will be automatically encrypted. |
.LP |
.Pp |
If a pseudo-terminal has been allocated (normal login session), the |
If a pseudo-terminal has been allocated (normal login session), the |
user can disconnect with "~.", and suspend |
user can disconnect with |
.B ssh |
.Ic ~. , |
with "~^Z". All forwarded connections can be listed with "~#", and if |
and suspend |
|
.Nm |
|
with |
|
.Ic ~^Z . |
|
All forwarded connections can be listed with |
|
.Ic ~# |
|
and if |
the session blocks waiting for forwarded X11 or TCP/IP |
the session blocks waiting for forwarded X11 or TCP/IP |
connections to terminate, it can be backgrounded with "~&" (this |
connections to terminate, it can be backgrounded with |
should not be used while the user shell is active, as it can cause the |
.Ic ~& |
shell to hang). All available escapes can be listed with "~?". |
(this should not be used while the user shell is active, as it can cause the |
.LP |
shell to hang). All available escapes can be listed with |
A single tilde character can be sent as "~~" (or by |
.Ic ~? . |
following the tilde by a character other than those described above). |
.Pp |
|
A single tilde character can be sent as |
|
.Ic ~~ |
|
(or by following the tilde by a character other than those described above). |
The escape character must always follow a newline to be interpreted as |
The escape character must always follow a newline to be interpreted as |
special. The escape character can be changed in configuration files |
special. The escape character can be changed in configuration files |
or on the command line. |
or on the command line. |
.LP |
.Pp |
If no pseudo tty has been allocated, the |
If no pseudo tty has been allocated, the |
session is transparent and can be used to reliably transfer binary |
session is transparent and can be used to reliably transfer binary |
data. On most systems, setting the escape character to ``none'' will |
data. On most systems, setting the escape character to |
also make the session transparent even if a tty is used. |
.Dq none |
.LP |
will also make the session transparent even if a tty is used. |
|
.Pp |
The session terminates when the command or shell in on the remote |
The session terminates when the command or shell in on the remote |
machine exists and all X11 and TCP/IP connections have been closed. |
machine exists and all X11 and TCP/IP connections have been closed. |
The exit status of the remote program is returned as the exit status |
The exit status of the remote program is returned as the exit status |
of |
of |
.B ssh. |
.Nm ssh . |
.LP |
.Pp |
If the user is using X11 (the |
If the user is using X11 (the |
.B \s-1DISPLAY\s0 |
.Ev DISPLAY |
environment variable is set), the connection to the X11 display is |
environment variable is set), the connection to the X11 display is |
automatically forwarded to the remote side in such a way that any X11 |
automatically forwarded to the remote side in such a way that any X11 |
programs started from the shell (or command) will go through the |
programs started from the shell (or command) will go through the |
encrypted channel, and the connection to the real X server will be made |
encrypted channel, and the connection to the real X server will be made |
from the local machine. The user should not manually set |
from the local machine. The user should not manually set |
.BR \s-1DISPLAY\s0 ". |
.Ev DISPLAY . |
Forwarding of X11 connections can be |
Forwarding of X11 connections can be |
configured on the command line or in configuration files. |
configured on the command line or in configuration files. |
.LP |
.Pp |
The DISPLAY value set by |
The |
.B ssh |
.Ev DISPLAY |
|
value set by |
|
.Nm |
will point to the server machine, but with a display number greater |
will point to the server machine, but with a display number greater |
than zero. This is normal, and happens because |
than zero. This is normal, and happens because |
.B ssh |
.Nm |
creates a "proxy" X server on the server machine for forwarding the |
creates a |
|
.Dq proxy |
|
X server on the server machine for forwarding the |
connections over the encrypted channel. |
connections over the encrypted channel. |
.LP |
.Pp |
.B Ssh |
.Nm |
will also automatically set up Xauthority data on the server machine. |
will also automatically set up Xauthority data on the server machine. |
For this purpose, it will generate a random authorization cookie, |
For this purpose, it will generate a random authorization cookie, |
store it in Xauthority on the server, and verify that any forwarded |
store it in Xauthority on the server, and verify that any forwarded |
connections carry this cookie and replace it by the real cookie when |
connections carry this cookie and replace it by the real cookie when |
the connection is opened. The real authentication cookie is never |
the connection is opened. The real authentication cookie is never |
sent to the server machine (and no cookies are sent in the plain). |
sent to the server machine (and no cookies are sent in the plain). |
.LP |
.Pp |
If the user is using an authentication agent, the connection to the agent |
If the user is using an authentication agent, the connection to the agent |
is automatically forwarded to the remote side unless disabled on |
is automatically forwarded to the remote side unless disabled on |
command line or in a configuration file. |
command line or in a configuration file. |
.LP |
.Pp |
Forwarding of arbitrary TCP/IP connections over the secure channel can |
Forwarding of arbitrary TCP/IP connections over the secure channel can |
be specified either on command line or in a configuration file. One |
be specified either on command line or in a configuration file. One |
possible application of TCP/IP forwarding is a secure connection to an |
possible application of TCP/IP forwarding is a secure connection to an |
electronic purse; another is going trough firewalls. |
electronic purse; another is going trough firewalls. |
.LP |
.Pp |
.B Ssh |
.Nm |
automatically maintains and checks a database containing RSA-based |
automatically maintains and checks a database containing RSA-based |
identifications for all hosts it has ever been used with. The |
identifications for all hosts it has ever been used with. The |
database is stored in |
database is stored in |
.I \&\s+2.\s0ssh/known_hosts |
.Pa \&.ssh/known_hosts |
in the user's home directory. Additionally, the file |
in the user's home directory. Additionally, the file |
.I /etc/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
is automatically checked for known hosts. Any new hosts are |
is automatically checked for known hosts. Any new hosts are |
automatically added to the user's file. If a host's identification |
automatically added to the user's file. If a host's identification |
ever changes, |
ever changes, |
.B ssh |
.Nm |
warns about this and disables password authentication to prevent a |
warns about this and disables password authentication to prevent a |
trojan horse from getting the user's password. Another purpose of |
trojan horse from getting the user's password. Another purpose of |
this mechanism is to prevent man-in-the-middle attacks which could |
this mechanism is to prevent man-in-the-middle attacks which could |
otherwise be used to circumvent the encryption. The |
otherwise be used to circumvent the encryption. The |
.B StrictHostKeyChecking |
.Cm StrictHostKeyChecking |
option (see below) can be used to prevent logins to machines whose |
option (see below) can be used to prevent logins to machines whose |
host key is not known or has changed. |
host key is not known or has changed. |
|
.Sh OPTIONS |
|
.Bl -tag -width Ds |
.ne 5 |
.It Fl c Ar blowfish|idea|des|3des|none |
.SH OPTIONS |
|
.TP |
|
.BI \-c \ \fIblowfish\fR\||\|\fIidea\fR\||\|\fIdes\fR\||\|\fI3des\fR\||\|\fInone\fR |
|
Selects the cipher to use for encrypting the session. |
Selects the cipher to use for encrypting the session. |
.B \s-13DES\s0 |
.Ar 3des |
is used by default. It is believed to be secure. |
is used by default. It is believed to be secure. |
.B \s-1DES\s0 |
.Ar des |
is the data encryption standard, but is breakable by |
is the data encryption standard, but is breakable by |
governments, large corporations, and major criminal organizations. |
governments, large corporations, and major criminal organizations. |
.B \s-13DES\s0 |
.Ar 3des |
(triple-des) is encrypt-decrypt-encrypt triple with three different |
(triple-des) is encrypt-decrypt-encrypt triple with three different keys. |
keys. It is presumably more secure than |
It is presumably more secure than DES. |
DES. |
.Ar none |
.B none |
|
disables encryption entirely; it is only intended for debugging, and |
disables encryption entirely; it is only intended for debugging, and |
it renders the connection insecure. |
it renders the connection insecure. |
.ne 3 |
.It Fl e Ar ch|^ch|none |
.TP |
Sets the escape character for sessions with a pty (default: |
.B \-e \fIch\fR\||\|\fI^ch\fR\||\|\fInone\fR |
.Ql ~ ) . |
Sets the escape character for sessions with a pty (default: ~). The |
The escape character is only recognized at the beginning of a line. The |
escape character is only recognized at the beginning of a line. The |
escape character followed by a dot |
escape character followed by a dot (.) closes the connection, followed |
.Pq Ql \&. |
|
closes the connection, followed |
by control-Z suspends the connection, and followed by itself sends the |
by control-Z suspends the connection, and followed by itself sends the |
escape character once. Setting the character to 'none' disables any |
escape character once. Setting the character to |
escapes and makes the session fully transparent. |
.Dq none |
.ne 3 |
disables any escapes and makes the session fully transparent. |
.TP |
.It Fl f |
.B \-f |
Requests |
Requests ssh to go to background after authentication. This is useful |
.Nm |
if ssh is going to ask for passwords or passphrases, but the user |
to go to background after authentication. This is useful |
|
if |
|
.Nm |
|
is going to ask for passwords or passphrases, but the user |
wants it in the background. This implies |
wants it in the background. This implies |
.B \-n. |
.Fl n . |
The recommended way to start X11 programs at a remote site is with |
The recommended way to start X11 programs at a remote site is with |
something like "ssh -f host xterm". |
something like |
.ne 3 |
.Ic ssh -f host xterm . |
.TP |
.It Fl i Ar identity_file |
.BI \-i \ identity_file |
|
Selects the file from which the identity (private key) for |
Selects the file from which the identity (private key) for |
.B \s-1RSA\s0 |
RSA authentication is read. Default is |
authentication is read. Default is |
.Pa \&.ssh/identity |
.I \&\s+2.\s0ssh/identity |
|
in the user's home directory. Identity files may also be specified on |
in the user's home directory. Identity files may also be specified on |
a per-host basis in the configuration file. It is possible to have |
a per-host basis in the configuration file. It is possible to have |
multiple \-i options (and multiple identities specified in |
multiple |
|
.Fl i |
|
options (and multiple identities specified in |
configuration files). |
configuration files). |
.ne 3 |
.It Fl k |
.TP |
|
.B \-k |
|
Disables forwarding of Kerberos tickets / AFS tokens. This may |
Disables forwarding of Kerberos tickets / AFS tokens. This may |
also be specified on a per-host basis in the configuration file. |
also be specified on a per-host basis in the configuration file. |
.ne 3 |
.It Fl l Ar login_name |
.TP |
|
.BI -l \ login_name |
|
Specifies the user to log in as on the remote machine. This may also |
Specifies the user to log in as on the remote machine. This may also |
be specified on a per-host basis in the configuration file. |
be specified on a per-host basis in the configuration file. |
.ne 3 |
.It Fl n |
.TP |
Redirects stdin from |
.B \-n |
.Pa /dev/null |
Redirects stdin from /dev/null (actually, prevents reading from stdin). |
(actually, prevents reading from stdin). |
This must be used when |
This must be used when |
.B ssh |
.Nm |
is run in the background. A common trick is to use this to run X11 |
is run in the background. A common trick is to use this to run X11 |
programs in a remote machine. For example, "ssh -n shadows.cs.hut.fi |
programs in a remote machine. For example, |
emacs &" will start an emacs on shadows.cs.hut.fi, and the X11 |
.Ic ssh -n shadows.cs.hut.fi emacs & |
|
will start an emacs on shadows.cs.hut.fi, and the X11 |
connection will be automatically forwarded over an encrypted channel. |
connection will be automatically forwarded over an encrypted channel. |
The |
The |
.B ssh |
.Nm |
program will be put in the background. |
program will be put in the background. |
(This does not work if |
(This does not work if |
.B ssh |
.Nm |
needs to ask for a password or passphrase; see also the -f option.) |
needs to ask for a password or passphrase; see also the |
.ne 3 |
.Fl f |
.TP |
option.) |
.BI \-o "\ 'option' |
.It Fl o Ar option |
Can be used to give options in the format used in the config file. |
Can be used to give options in the format used in the config file. |
This is useful for specifying options for which there is no separate |
This is useful for specifying options for which there is no separate |
command-line flag. The option has the same format as a line in the |
command-line flag. The option has the same format as a line in the |
configuration file. |
configuration file. |
.ne 3 |
.It Fl p Ar port |
.TP |
|
.BI \-p "\ port |
|
Port to connect to on the remote host. This can be specified on a |
Port to connect to on the remote host. This can be specified on a |
per-host basis in the configuration file. |
per-host basis in the configuration file. |
.ne 3 |
.It Fl q |
.TP |
|
.B \-q |
|
Quiet mode. Causes all warning and diagnostic messages to be |
Quiet mode. Causes all warning and diagnostic messages to be |
suppressed. Only fatal errors are displayed. |
suppressed. Only fatal errors are displayed. |
.ne 3 |
.It Fl t |
.TP |
|
.B \-t |
|
Force pseudo-tty allocation. This can be used to execute arbitary |
Force pseudo-tty allocation. This can be used to execute arbitary |
screen-based programs on a remote machine, which can be very useful |
screen-based programs on a remote machine, which can be very useful |
e.g. when implementing menu services. |
e.g. when implementing menu services. |
.ne 3 |
.It Fl v |
.TP |
|
.B \-v |
|
Verbose mode. Causes |
Verbose mode. Causes |
.B ssh |
.Nm |
to print debugging messages about its progress. This is helpful in |
to print debugging messages about its progress. This is helpful in |
debugging connection, authentication, and configuration problems. |
debugging connection, authentication, and configuration problems. |
.ne 3 |
.It Fl x |
.TP |
|
.B \-x |
|
Disables X11 forwarding. This can also be specified on a per-host |
Disables X11 forwarding. This can also be specified on a per-host |
basis in a configuration file. |
basis in a configuration file. |
.ne 3 |
.It Fl X |
.TP |
|
.B \-X |
|
Enables X11 forwarding. |
Enables X11 forwarding. |
.ne 3 |
.It Fl C |
.TP |
|
.B \-C |
|
Requests compression of all data (including stdin, stdout, stderr, and |
Requests compression of all data (including stdin, stdout, stderr, and |
data for forwarded X11 and TCP/IP connections). The compression |
data for forwarded X11 and TCP/IP connections). The compression |
algorithm is the same used by gzip, and the "level" can be controlled |
algorithm is the same used by gzip, and the |
by the |
.Dq level |
.B CompressionLevel |
can be controlled by the |
|
.Cm CompressionLevel |
option (see below). Compression is desirable on modem lines and other |
option (see below). Compression is desirable on modem lines and other |
slow connections, but will only slow down things on fast networks. |
slow connections, but will only slow down things on fast networks. |
The default value can be set on a host-by-host basis in the |
The default value can be set on a host-by-host basis in the |
configuration files; see the |
configuration files; see the |
.B Compress |
.Cm Compress |
option below. |
option below. |
.ne 3 |
.It Fl L Ar port:host:hostport |
.TP |
|
.BI \-L "\ port:host:hostport |
|
Specifies that the given port on the local (client) host is to be |
Specifies that the given port on the local (client) host is to be |
forwarded to the given host and port on the remote side. This works |
forwarded to the given host and port on the remote side. This works |
by allocating a socket to listen to |
by allocating a socket to listen to |
.B port |
.Ar port |
on the local side, and whenever a connection is made to this port, the |
on the local side, and whenever a connection is made to this port, the |
connection is forwarded over the secure channel, and a connection is |
connection is forwarded over the secure channel, and a connection is |
made to |
made to |
.B host:hostport |
.Ar host:hostport |
from the remote machine. Port forwardings can also be specified in the |
from the remote machine. Port forwardings can also be specified in the |
configuration file. Only root can forward privileged ports. |
configuration file. Only root can forward privileged ports. |
.ne 3 |
.It Fl R Ar port:host:hostport |
.TP |
|
.BI \-R "\ port:host:hostport |
|
Specifies that the given port on the remote (server) host is to be |
Specifies that the given port on the remote (server) host is to be |
forwarded to the given host and port on the local side. This works |
forwarded to the given host and port on the local side. This works |
by allocating a socket to listen to |
by allocating a socket to listen to |
.B port |
.Ar port |
on the remote side, and whenever a connection is made to this port, the |
on the remote side, and whenever a connection is made to this port, the |
connection is forwarded over the secure channel, and a connection is |
connection is forwarded over the secure channel, and a connection is |
made to |
made to |
.B host:hostport |
.Ar host:hostport |
from the local machine. Port forwardings can also be specified in the |
from the local machine. Port forwardings can also be specified in the |
configuration file. Privileged ports can be forwarded only when |
configuration file. Privileged ports can be forwarded only when |
logging in as root on the remote machine. |
logging in as root on the remote machine. |
|
.El |
.SH CONFIGURATION FILES |
.Sh CONFIGURATION FILES |
.LP |
.Nm |
.B Ssh |
|
obtains configuration data from the following sources (in this order): |
obtains configuration data from the following sources (in this order): |
command line options, user's configuration file |
command line options, user's configuration file |
(\fI\&$HOME/\s+2.\s0ssh/config\fR), and system-wide configuration file |
.Pq Pa $HOME/.ssh/config , |
(\fI/etc/ssh_config\fR). For each parameter, the first obtained value |
and system-wide configuration file |
|
.Pq Pa /etc/ssh_config . |
|
For each parameter, the first obtained value |
will be used. The configuration files contain sections bracketed by |
will be used. The configuration files contain sections bracketed by |
"Host" specifications, and that section is only applied for hosts that |
"Host" specifications, and that section is only applied for hosts that |
match one of the patterns given in the specification. The matched |
match one of the patterns given in the specification. The matched |
host name is the one given on the command line. |
host name is the one given on the command line. |
.LP |
.Pp |
Since the first obtained value for each parameter is used, more |
Since the first obtained value for each parameter is used, more |
host-specific declarations should be given near the beginning of the |
host-specific declarations should be given near the beginning of the |
file, and general defaults at the end. |
file, and general defaults at the end. |
.LP |
.Pp |
The configuration file has the following format: |
The configuration file has the following format: |
.IP |
.Pp |
Empty lines and lines starting with '#' are comments. |
Empty lines and lines starting with |
.IP |
.Ql # |
Otherwise a line is of the format "keyword arguments". The possible |
are comments. |
|
.Pp |
|
Otherwise a line is of the format |
|
.Dq keyword arguments . |
|
The possible |
keywords and their meanings are as follows (note that the |
keywords and their meanings are as follows (note that the |
configuration files are case-sensitive): |
configuration files are case-sensitive): |
.ne 3 |
.Bl -tag -width Ds |
.TP |
.It Cm Host |
.de YN |
|
"\fByes\fR" or "\fBno\fR". |
|
.. |
|
|
|
.B Host |
|
Restricts the following declarations (up to the next |
Restricts the following declarations (up to the next |
.B Host |
.Cm Host |
keyword) to be only for those hosts that match one of the patterns |
keyword) to be only for those hosts that match one of the patterns |
given after the keyword. '*' and '?' can be as wildcards in the |
given after the keyword. |
patterns. A single '*' as a pattern can be used to provide global |
.Ql \&* |
|
and |
|
.Ql ? |
|
can be used as wildcards in the |
|
patterns. A single |
|
.Ql \&* |
|
as a pattern can be used to provide global |
defaults for all hosts. The host is the |
defaults for all hosts. The host is the |
.IR hostname |
.Ar hostname |
argument given on the command line (i.e., the name is not converted to |
argument given on the command line (i.e., the name is not converted to |
a canonicalized host name before matching). |
a canonicalized host name before matching). |
.ne 3 |
.It Cm AFSTokenPassing |
.TP |
|
.B AFSTokenPassing |
|
Specifies whether to pass AFS tokens to remote host. The argument to |
Specifies whether to pass AFS tokens to remote host. The argument to |
this keyword must be |
this keyword must be |
.YN |
.Dq yes |
.ne 3 |
or |
.TP |
.Dq no . |
.B BatchMode |
.It Cm BatchMode |
If set to "yes", passphrase/password querying will be disabled. This |
If set to |
|
.Dq yes , |
|
passphrase/password querying will be disabled. This |
option is useful in scripts and other batch jobs where you have no |
option is useful in scripts and other batch jobs where you have no |
user to supply the password. The argument must be |
user to supply the password. The argument must be |
.YN |
.Dq yes |
.ne 3 |
or |
.TP |
.Dq no . |
.B Cipher |
.It Cm Cipher |
Specifies the cipher to use for encrypting the session. Currently, |
Specifies the cipher to use for encrypting the session. Currently, |
.IR blowfish ", |
.Dq blowfish , |
.IR idea ", |
.Dq idea , |
.IR des ", |
.Dq des , |
.IR 3des ", |
.Dq 3des , |
and |
and |
.I none |
.Dq none |
are supported. The default is "3des". Using "none" (no encryption) is intended |
are supported. The default is |
only for debugging, and will render the connection insecure. |
.Dq 3des . |
.ne 3 |
Using |
.TP |
.Dq none |
.B Compression |
(no encryption) is intended only for debugging, and will render the connection |
|
insecure. |
|
.It Cm Compression |
Specifies whether to use compression. The argument must be |
Specifies whether to use compression. The argument must be |
.YN |
.Dq yes |
.ne 3 |
or |
.TP |
.Dq no . |
.B CompressionLevel |
.It Cm CompressionLevel |
Specifies the compression level to use if compression is enable. The |
Specifies the compression level to use if compression is enable. The |
argument must be an integer from 1 (fast) to 9 (slow, best). The |
argument must be an integer from 1 (fast) to 9 (slow, best). The |
default level is 6, which is good for most applications. The meaning |
default level is 6, which is good for most applications. The meaning |
of the values is the same as in GNU GZIP. |
of the values is the same as in GNU GZIP. |
.ne 3 |
.It Cm ConnectionAttempts |
.TP |
|
.B ConnectionAttempts |
|
Specifies the number of tries (one per second) to make before falling |
Specifies the number of tries (one per second) to make before falling |
back to rsh or exiting. The argument must be an integer. This may be |
back to rsh or exiting. The argument must be an integer. This may be |
useful in scripts if the connection sometimes fails. |
useful in scripts if the connection sometimes fails. |
.ne 3 |
.It Cm EscapeChar |
.TP |
Sets the escape character (default: |
.B EscapeChar |
.Ql ~ ) . |
Sets the escape character (default: ~). The escape character can also |
The escape character can also |
be set on the command line. The argument should be a single |
be set on the command line. The argument should be a single |
character, '^' followed by a letter, or ``none'' to disable the escape |
character, |
|
.Ql ^ |
|
followed by a letter, or |
|
.Dq none |
|
to disable the escape |
character entirely (making the connection transparent for binary |
character entirely (making the connection transparent for binary |
data). |
data). |
.ne 3 |
.It Cm FallBackToRsh |
.TP |
|
.B FallBackToRsh |
|
Specifies that if connecting via |
Specifies that if connecting via |
.B ssh |
.Nm |
fails due to a connection refused error (there is no |
fails due to a connection refused error (there is no |
.B sshd |
.Xr sshd 8 |
listening on the remote host), |
listening on the remote host), |
.B rsh |
.Xr rsh 1 |
should automatically be used instead (after a suitable warning about |
should automatically be used instead (after a suitable warning about |
the session being unencrypted). The argument must be |
the session being unencrypted). The argument must be |
.YN |
.Dq yes |
.ne 3 |
or |
.TP |
.Dq no . |
.B ForwardAgent |
.It Cm ForwardAgent |
Specifies whether the connection to the authentication agent (if any) |
Specifies whether the connection to the authentication agent (if any) |
will be forwarded to the remote machine. The argument must be |
will be forwarded to the remote machine. The argument must be |
.YN |
.Dq yes |
.ne 3 |
or |
.TP |
.Dq no . |
.B ForwardX11 |
.It Cm ForwardX11 |
Specifies whether X11 connections will be automatically redirected |
Specifies whether X11 connections will be automatically redirected |
over the secure channel and |
over the secure channel and |
.B \s-1DISPLAY\s0 |
.Ev DISPLAY |
set. The argument must be |
set. The argument must be |
.YN |
.Dq yes |
.ne 3 |
or |
.TP |
.Dq no . |
.B GlobalKnownHostsFile |
.It Cm GlobalKnownHostsFile |
Specifies a file to use instead of |
Specifies a file to use instead of |
.IR /etc/ssh_known_hosts ". |
.Pa /etc/ssh_known_hosts . |
.ne 3 |
.It Cm HostName |
.TP |
|
.B HostName |
|
Specifies the real host name to log into. This can be used to specify |
Specifies the real host name to log into. This can be used to specify |
nicnames or abbreviations for hosts. Default is the name given on the |
nicnames or abbreviations for hosts. Default is the name given on the |
command line. Numeric IP addresses are also permitted (both on the |
command line. Numeric IP addresses are also permitted (both on the |
command line and in |
command line and in |
.B HostName |
.Cm HostName |
specifications). |
specifications). |
.ne 3 |
.It Cm IdentityFile |
.TP |
|
.B IdentityFile |
|
Specifies the file from which the user's RSA authentication identity |
Specifies the file from which the user's RSA authentication identity |
is read (default \fI\s+2.\s0ssh/identity\fR in the user's home directory). |
is read (default |
|
.Pa .ssh/identity |
|
in the user's home directory). |
Additionally, any identities represented by the authentication agent |
Additionally, any identities represented by the authentication agent |
will be used for authentication. The file name may use the tilde |
will be used for authentication. The file name may use the tilde |
syntax to refer to a user's home directory. It is possible to have |
syntax to refer to a user's home directory. It is possible to have |
multiple identity files specified in configuration files; all these |
multiple identity files specified in configuration files; all these |
identities will be tried in sequence. |
identities will be tried in sequence. |
.ne 3 |
.It Cm KeepAlive |
.TP |
|
.B KeepAlive |
|
Specifies whether the system should send keepalive messages to the |
Specifies whether the system should send keepalive messages to the |
other side. If they are sent, death of the connection or crash of one |
other side. If they are sent, death of the connection or crash of one |
of the machines will be properly noticed. However, this means that |
of the machines will be properly noticed. However, this means that |
connections will die if the route is down temporarily, and some people |
connections will die if the route is down temporarily, and some people |
find it annoying. |
find it annoying. |
|
.Pp |
The default is "yes" (to send keepalives), and the client will notice |
The default is |
|
.Dq yes |
|
(to send keepalives), and the client will notice |
if the network goes down or the remote host dies. This is important |
if the network goes down or the remote host dies. This is important |
in scripts, and many users want it too. |
in scripts, and many users want it too. |
|
.Pp |
To disable keepalives, the value should be set to "no" in both the |
To disable keepalives, the value should be set to |
server and the client configuration files. |
.Dq no |
.ne 3 |
in both the server and the client configuration files. |
.TP |
.It Cm KerberosAuthentication |
.B KerberosAuthentication |
|
Specifies whether Kerberos authentication will be used. |
Specifies whether Kerberos authentication will be used. |
.TP |
.It Cm KerberosTgtPassing |
.B KerberosTgtPassing |
|
Specifies whether a Kerberos TGT will be forwarded to the server. |
Specifies whether a Kerberos TGT will be forwarded to the server. |
Note that TGT forwarding is normally not enabled in the server. |
Note that TGT forwarding is normally not enabled in the server. |
.TP |
.It Cm LocalForward |
.B LocalForward |
|
Specifies that a TCP/IP port on the local machine be forwarded over |
Specifies that a TCP/IP port on the local machine be forwarded over |
the secure channel to given host:port from the remote machine. The |
the secure channel to given host:port from the remote machine. The |
first argument must be a port number, and the second must be |
first argument must be a port number, and the second must be |
host:port. Multiple forwardings may be specified, and additional |
host:port. Multiple forwardings may be specified, and additional |
forwardings can be given on the command line. Only the root can |
forwardings can be given on the command line. Only the root can |
forward privileged ports. |
forward privileged ports. |
.ne 3 |
.It Cm PasswordAuthentication |
.TP |
|
.B PasswordAuthentication |
|
Specifies whether to use password authentication. The argument to |
Specifies whether to use password authentication. The argument to |
this keyword must be |
this keyword must be |
.YN |
.Dq yes |
.ne 3 |
or |
.TP |
.Dq no . |
.B Port |
.It Cm Port |
Specifies the port number to connect on the remote host. Default is |
Specifies the port number to connect on the remote host. Default is |
22. |
22. |
.ne 3 |
.It Cm ProxyCommand |
.TP |
|
.B ProxyCommand |
|
Specifies the command to use to connect to the server. The command |
Specifies the command to use to connect to the server. The command |
string extends to the end of the line, and is executed with /bin/sh. |
string extends to the end of the line, and is executed with /bin/sh. |
In the command string, %h will be substituted by the host name to |
In the command string, %h will be substituted by the host name to |
connect and %p by the port. The command can be basically anything, |
connect and %p by the port. The command can be basically anything, |
and should read from its stdin and write to its stdout. It should |
and should read from its stdin and write to its stdout. It should |
eventually connect an |
eventually connect an |
.B sshd |
.Xr sshd 8 |
server running on some machine, or execute |
server running on some machine, or execute |
"sshd -i" somewhere. Host key management will be done using the |
.Ic sshd -i |
|
somewhere. Host key management will be done using the |
HostName of the host being connected (defaulting to the name typed by |
HostName of the host being connected (defaulting to the name typed by |
the user). |
the user). |
|
.Pp |
Note that |
Note that |
.B ssh |
.Nm |
can also be configured to support the SOCKS system using the |
can also be configured to support the SOCKS system using the |
--with-socks compile-time configuration option. |
--with-socks compile-time configuration option. |
.ne 3 |
.It Cm RemoteForward |
.TP |
|
.B RemoteForward |
|
Specifies that a TCP/IP port on the remote machine be forwarded over |
Specifies that a TCP/IP port on the remote machine be forwarded over |
the secure channel to given host:port from the local machine. The |
the secure channel to given host:port from the local machine. The |
first argument must be a port number, and the second must be |
first argument must be a port number, and the second must be |
host:port. Multiple forwardings may be specified, and additional |
host:port. Multiple forwardings may be specified, and additional |
forwardings can be given on the command line. Only the root can |
forwardings can be given on the command line. Only the root can |
forward privileged ports. |
forward privileged ports. |
.ne 3 |
.It Cm RhostsAuthentication |
.TP |
|
.B RhostsAuthentication |
|
Specifies whether to try rhosts based authentication. Note that this |
Specifies whether to try rhosts based authentication. Note that this |
declaration only affects the client side and has no effect whatsoever |
declaration only affects the client side and has no effect whatsoever |
on security. Disabling rhosts authentication may reduce |
on security. Disabling rhosts authentication may reduce |
|
|
not used. Most servers do not permit RhostsAuthentication because it |
not used. Most servers do not permit RhostsAuthentication because it |
is not secure (see RhostsRSAAuthentication). The argument to this |
is not secure (see RhostsRSAAuthentication). The argument to this |
keyword must be |
keyword must be |
.YN |
.Dq yes |
.ne 3 |
or |
.TP |
.Dq no . |
.B RhostsRSAAuthentication |
.It Cm RhostsRSAAuthentication |
Specifies whether to try rhosts based authentication with RSA host |
Specifies whether to try rhosts based authentication with RSA host |
authentication. This is the primary authentication method for most |
authentication. This is the primary authentication method for most |
sites. The argument must be |
sites. The argument must be |
.YN |
.Dq yes |
.ne 3 |
or |
.TP |
.Dq no . |
.B RSAAuthentication |
.It Cm RSAAuthentication |
Specifies whether to try RSA authentication. The argument to this |
Specifies whether to try RSA authentication. The argument to this |
keyword must be |
keyword must be |
.YN |
.Dq yes |
|
or |
|
.Dq no . |
RSA authentication will only be |
RSA authentication will only be |
attempted if the identity file exists, or an authentication agent is |
attempted if the identity file exists, or an authentication agent is |
running. |
running. |
.ne 3 |
.It Cm StrictHostKeyChecking |
.TP |
If this flag is set to |
.B StrictHostKeyChecking |
.Dq yes , |
If this flag is set to "yes", |
.Nm |
.B ssh |
|
ssh will never automatically add host keys to the |
ssh will never automatically add host keys to the |
.I $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
file, and refuses to connect hosts whose host key has changed. This |
file, and refuses to connect hosts whose host key has changed. This |
provides maximum protection against trojan horse attacks. However, it |
provides maximum protection against trojan horse attacks. However, it |
can be somewhat annoying if you don't have good |
can be somewhat annoying if you don't have good |
.I /etc/ssh_known_hosts |
.Pa /etc/ssh_known_hosts |
files installed and frequently |
files installed and frequently |
connect new hosts. Basically this option forces the user to manually |
connect new hosts. Basically this option forces the user to manually |
add any new hosts. Normally this option is disabled, and new hosts |
add any new hosts. Normally this option is disabled, and new hosts |
will automatically be added to the known host files. The host keys of |
will automatically be added to the known host files. The host keys of |
known hosts will be verified automatically in either case. The |
known hosts will be verified automatically in either case. The |
argument must be |
argument must be |
.YN |
.Dq yes |
.ne3 |
or |
.TP |
.Dq no . |
.B User |
.It Cm User |
Specifies the user to log in as. This can be useful if you have a |
Specifies the user to log in as. This can be useful if you have a |
different user name in different machines. This saves the trouble of |
different user name in different machines. This saves the trouble of |
having to remember to give the user name on the command line. |
having to remember to give the user name on the command line. |
.ne 3 |
.It Cm UserKnownHostsFile |
.TP |
Specifies a file to use instead of |
.B UserKnownHostsFile |
.Pa $HOME/.ssh/known_hosts . |
Specifies a file to use instead of \fI$HOME/\s+2.\s0ssh/known_hosts\fR. |
.It Cm UseRsh |
.ne 3 |
|
.TP |
|
.B UseRsh |
|
Specifies that rlogin/rsh should be used for this host. It is |
Specifies that rlogin/rsh should be used for this host. It is |
possible that the host does not at all support the |
possible that the host does not at all support the |
.B ssh |
.Nm |
protocol. This causes |
protocol. This causes |
.B ssh |
.Nm |
to immediately exec |
to immediately exec |
.B rsh. |
.Xr rsh 1 . |
All other options (except |
All other options (except |
.BR HostName ) |
.Cm HostName ) |
are ignored if this has been specified. The argument must be |
are ignored if this has been specified. The argument must be |
.YN |
.Dq yes |
|
or |
.SH ENVIRONMENT |
.Dq no . |
.LP |
.Sh ENVIRONMENT |
.B Ssh |
.Nm |
will normally set the following environment variables: |
will normally set the following environment variables: |
.TP |
.Bl -tag -width Ds |
.B DISPLAY |
.It Ev DISPLAY |
The DISPLAY variable indicates the location of the X11 server. It is |
The |
|
.Ev DISPLAY |
|
variable indicates the location of the X11 server. It is |
automatically set by |
automatically set by |
.B ssh |
.Nm |
to point to a value of the form "hostname:n" where hostname indicates |
to point to a value of the form |
|
.Dq hostname:n |
|
where hostname indicates |
the host where the shell runs, and n is an integer >= 1. Ssh uses |
the host where the shell runs, and n is an integer >= 1. Ssh uses |
this special value to forward X11 connections over the secure |
this special value to forward X11 connections over the secure |
channel. The user should normally not set DISPLAY explicitly, as that |
channel. The user should normally not set DISPLAY explicitly, as that |
will render the X11 connection insecure (and will require the user to |
will render the X11 connection insecure (and will require the user to |
manually copy any required authorization cookies). |
manually copy any required authorization cookies). |
.ne 3 |
.It Ev HOME |
.TP |
|
.B HOME |
|
Set to the path of the user's home directory. |
Set to the path of the user's home directory. |
.ne 3 |
.It Ev LOGNAME |
.TP |
Synonym for |
.B LOGNAME |
.Ev USER ; set for compatibility with systems that use |
Synonym for USER; set for compatibility with systems that use |
|
this variable. |
this variable. |
.ne 3 |
.It Ev MAIL |
.TP |
|
.B MAIL |
|
Set to point the user's mailbox. |
Set to point the user's mailbox. |
.ne 3 |
.It Ev PATH |
.TP |
Set to the default |
.B PATH |
.Ev PATH , |
Set to the default PATH, as specified when compiling |
as specified when compiling |
.B ssh |
.Nm |
or, on some systems, |
or, on some systems, |
.I /etc/environment |
.Pa /etc/environment |
or |
or |
.IR /etc/default/login ". |
.Pa /etc/default/login . |
.ne 3 |
.It Ev SSH_AUTHENTICATION_FD |
.TP |
|
.B SSH_AUTHENTICATION_FD |
|
This is set to an integer value if you are using the authentication |
This is set to an integer value if you are using the authentication |
agent and a connection to it has been forwarded. The value indicates |
agent and a connection to it has been forwarded. The value indicates |
a file descriptor number used for communicating with the agent. On |
a file descriptor number used for communicating with the agent. On |
some systems, |
some systems, |
.B SSH_AUTHENTICATION_SOCKET |
.Ev SSH_AUTHENTICATION_SOCKET |
may be used instead to |
may be used instead to |
indicate the path of a unix-domain socket used to communicate with the |
indicate the path of a unix-domain socket used to communicate with the |
agent (this method is less secure, and is only used on systems that |
agent (this method is less secure, and is only used on systems that |
don't support the first method). |
don't support the first method). |
.ne 3 |
.It Ev SSH_CLIENT |
.TP |
|
.B SSH_CLIENT |
|
Identifies the client end of the connection. The variable contains |
Identifies the client end of the connection. The variable contains |
three space-separated values: client ip-address, client port number, |
three space-separated values: client ip-address, client port number, |
and server port number. |
and server port number. |
.ne 3 |
.It Ev SSH_TTY |
.TP |
|
.B SSH_TTY |
|
This is set to the name of the tty (path to the device) associated |
This is set to the name of the tty (path to the device) associated |
with the current shell or command. If the current session has no tty, |
with the current shell or command. If the current session has no tty, |
this variable is not set. |
this variable is not set. |
.ne 3 |
.It Ev TZ |
.TP |
|
.B TZ |
|
The timezone variable is set to indicate the present timezone if it |
The timezone variable is set to indicate the present timezone if it |
was set when the daemon was started (e.i., the daemon passes the value |
was set when the daemon was started (e.i., the daemon passes the value |
on to new connections). |
on to new connections). |
.ne 3 |
.It Ev USER |
.TP |
|
.B USER |
|
Set to the name of the user logging in. |
Set to the name of the user logging in. |
.LP |
.El |
.RT |
.Pp |
Additionally, |
Additionally, |
.B ssh |
.Nm |
reads |
reads |
.I /etc/environment |
.Pa /etc/environment |
and |
and |
.IR $HOME/.ssh/environment ", |
.Pa $HOME/.ssh/environment , |
and adds lines of |
and adds lines of the format |
the format |
.Dq VARNAME=value |
.I VARNAME=value |
|
to the environment. Some systems may have |
to the environment. Some systems may have |
still additional mechanisms for setting up the environment, such as |
still additional mechanisms for setting up the environment, such as |
.I /etc/default/login |
.Pa /etc/default/login |
on Solaris. |
on Solaris. |
|
.Sh FILES |
.ne 3 |
.Bl -tag -width $HOME/.ssh/known_hosts |
.SH FILES |
.It Pa $HOME/.ssh/known_hosts |
.TP |
|
.I \&$HOME/\s+2.\s0ssh/known_hosts |
|
Records host keys for all hosts the user has logged into (that are not |
Records host keys for all hosts the user has logged into (that are not |
in \fI/etc/ssh_known_hosts\fR). See |
in |
.B sshd |
.Pa /etc/ssh_known_hosts ) . |
manual page. |
See |
.ne 3 |
.Xr sshd 8 . |
.TP |
.It Pa $HOME/.ssh/random_seed |
.I \&$HOME/\s+2.\s0ssh/random_seed |
|
Used for seeding the random number generator. This file contains |
Used for seeding the random number generator. This file contains |
sensitive data and should read/write for the user and not accessible |
sensitive data and should read/write for the user and not accessible |
for others. This file is created the first time the program is run |
for others. This file is created the first time the program is run |
and updated automatically. The user should never need to read or |
and updated automatically. The user should never need to read or |
modify this file. |
modify this file. |
.ne 5 |
.It Pa $HOME/.ssh/identity |
.TP |
|
.I \&$HOME/\s+2.\s0ssh/identity |
|
Contains the RSA authentication identity of the user. This file |
Contains the RSA authentication identity of the user. This file |
contains sensitive data and should be readable by the user but not |
contains sensitive data and should be readable by the user but not |
accessible by others. It is possible to specify a passphrase when |
accessible by others. It is possible to specify a passphrase when |
generating the key; the passphrase will be used to encrypt the |
generating the key; the passphrase will be used to encrypt the |
sensitive part of this file using |
sensitive part of this file using IDEA. |
.BR \s-1IDEA\s0 ". |
.It Pa $HOME/.ssh/identity.pub |
.ne 3 |
|
.TP |
|
.I \&$HOME/\s+2.\s0ssh/identity.pub |
|
Contains the public key for authentication (public part of the |
Contains the public key for authentication (public part of the |
identity file in human-readable form). The contents of this file |
identity file in human-readable form). The contents of this file |
should be added to \fI$HOME/\s+2.\s0ssh/authorized_keys\fR on all machines |
should be added to |
|
.Pa $HOME/.ssh/authorized_keys |
|
on all machines |
where you wish to log in using RSA authentication. This file is not |
where you wish to log in using RSA authentication. This file is not |
sensitive and can (but need not) be readable by anyone. This file is |
sensitive and can (but need not) be readable by anyone. This file is |
never used automatically and is not necessary; it is only provided for |
never used automatically and is not necessary; it is only provided for |
the convenience of the user. |
the convenience of the user. |
.ne 3 |
.It Pa $HOME/.ssh/config |
.TP |
|
.I \&$HOME/\s+2.\s0ssh/config |
|
This is the per-user configuration file. The format of this file is |
This is the per-user configuration file. The format of this file is |
described above. This file is used by the |
described above. This file is used by the |
.B ssh |
.Nm |
client. This file does not usually contain any sensitive information, |
client. This file does not usually contain any sensitive information, |
but the recommended permissions are read/write for the user, and not |
but the recommended permissions are read/write for the user, and not |
accessible by others. |
accessible by others. |
.ne 3 |
.It Pa $HOME/.ssh/authorized_keys |
.TP |
|
.I \&$HOME/\s+2.\s0ssh/authorized_keys |
|
Lists the RSA keys that can be used for logging in as this user. The |
Lists the RSA keys that can be used for logging in as this user. The |
format of this file is described in the |
format of this file is described in the |
.B sshd |
.Xr sshd 8 |
manual page. In the simplest form the format is the same as the .pub |
manual page. In the simplest form the format is the same as the .pub |
identity files (that is, each line contains the number of bits in |
identity files (that is, each line contains the number of bits in |
modulus, public exponent, modulus, and comment fields, separated by |
modulus, public exponent, modulus, and comment fields, separated by |
spaces). This file is not highly sensitive, but the recommended |
spaces). This file is not highly sensitive, but the recommended |
permissions are read/write for the user, and not accessible by others. |
permissions are read/write for the user, and not accessible by others. |
.ne 3 |
.It Pa /etc/ssh_known_hosts |
.TP |
|
.I /etc/ssh_known_hosts |
|
Systemwide list of known host keys. This file should be prepared by the |
Systemwide list of known host keys. This file should be prepared by the |
system administrator to contain the public host keys of all machines in the |
system administrator to contain the public host keys of all machines in the |
organization. This file should be world-readable. This file contains |
organization. This file should be world-readable. This file contains |
|
|
modulus, and optional comment field. When different names are used |
modulus, and optional comment field. When different names are used |
for the same machine, all such names should be listed, separated by |
for the same machine, all such names should be listed, separated by |
commas. The format is described on the |
commas. The format is described on the |
.B sshd |
.Xr sshd 8 |
manual page. |
manual page. |
.IP |
.Pp |
The canonical system name (as returned by name servers) is used by |
The canonical system name (as returned by name servers) is used by |
.B sshd |
.Xr sshd 8 |
to verify the client host when logging in; other names are needed because |
to verify the client host when logging in; other names are needed because |
.B ssh |
.Nm |
does not convert the user-supplied name to a canonical name before |
does not convert the user-supplied name to a canonical name before |
checking the key, because someone with access to the name servers |
checking the key, because someone with access to the name servers |
would then be able to fool host authentication. |
would then be able to fool host authentication. |
.ne 3 |
.It Pa /etc/ssh_config |
.TP |
|
.I /etc/ssh_config |
|
Systemwide configuration file. This file provides defaults for those |
Systemwide configuration file. This file provides defaults for those |
values that are not specified in the user's configuration file, and |
values that are not specified in the user's configuration file, and |
for those users who do not have a configuration file. This file must |
for those users who do not have a configuration file. This file must |
be world-readable. |
be world-readable. |
.ne 3 |
.It Pa $HOME/.rhosts |
.TP |
This file is used in |
.I $HOME/\s+2.\s0rhosts |
.Pa \&.rhosts |
This file is used in \s+2.\s0rhosts authentication to list the |
authentication to list the |
host/user pairs that are permitted to log in. (Note that this file is |
host/user pairs that are permitted to log in. (Note that this file is |
also used by rlogin and rsh, which makes using this file insecure.) |
also used by rlogin and rsh, which makes using this file insecure.) |
Each line of the file contains a host name (in the canonical form |
Each line of the file contains a host name (in the canonical form |
|
|
separated by a space. One some machines this file may need to be |
separated by a space. One some machines this file may need to be |
world-readable if the user's home directory is on a NFS partition, |
world-readable if the user's home directory is on a NFS partition, |
because |
because |
.B sshd |
.Xr sshd 8 |
reads it as root. Additionally, this file must be owned by the user, |
reads it as root. Additionally, this file must be owned by the user, |
and must not have write permissions for anyone else. The recommended |
and must not have write permissions for anyone else. The recommended |
permission for most machines is read/write for the user, and not |
permission for most machines is read/write for the user, and not |
accessible by others. |
accessible by others. |
.IP |
.Pp |
Note that by default |
Note that by default |
.B sshd |
.Xr sshd 8 |
will be installed so that it requires successful RSA host |
will be installed so that it requires successful RSA host |
authentication before permitting \s+2.\s0rhosts authentication. If your |
authentication before permitting \s+2.\s0rhosts authentication. If your |
server machine does not have the client's host key in |
server machine does not have the client's host key in |
\fI/etc/ssh_known_hosts\fR, you can store it in |
.Pa /etc/ssh_known_hosts , |
\fI$HOME/\s+2.\s0ssh/known_hosts\fR. The easiest way to do this is to |
you can store it in |
|
.Pa $HOME/.ssh/known_hosts . |
|
The easiest way to do this is to |
connect back to the client from the server machine using ssh; this |
connect back to the client from the server machine using ssh; this |
will automatically add the host key in \fI$HOME/\s+2.\s0ssh/known_hosts\fR. |
will automatically add the host key inxi |
.ne 3 |
.Pa $HOME/.ssh/known_hosts . |
.TP |
.It Pa $HOME/.shosts |
.I $HOME/\s+2.\s0shosts |
This file is used exactly the same way as |
This file is used exactly the same way as \s+2.\s0rhosts. The purpose for |
.Pa \&.rhosts . |
|
The purpose for |
having this file is to be able to use rhosts authentication with |
having this file is to be able to use rhosts authentication with |
.B ssh |
.Nm |
without permitting login with rlogin or rsh. |
without permitting login with |
.ne 3 |
.Xr rlogin 1 |
.TP |
or |
.I /etc/hosts.equiv |
.Xr rsh 1 . |
This file is used during \s+2.\s0rhosts authentication. It contains |
.It Pa /etc/hosts.equiv |
|
This file is used during |
|
.Pa \&.rhosts authentication. It contains |
canonical hosts names, one per line (the full format is described on |
canonical hosts names, one per line (the full format is described on |
the |
the |
.B sshd |
.Xr sshd 8 |
manual page). If the client host is found in this file, login is |
manual page). If the client host is found in this file, login is |
automatically permitted provided client and server user names are the |
automatically permitted provided client and server user names are the |
same. Additionally, successful RSA host authentication is normally |
same. Additionally, successful RSA host authentication is normally |
required. This file should only be writable by root. |
required. This file should only be writable by root. |
.TP |
.It Pa /etc/shosts.equiv |
.I /etc/shosts.equiv |
|
This file is processed exactly as |
This file is processed exactly as |
.IR /etc/hosts.equiv ". |
.Pa /etc/hosts.equiv . |
This file may be useful to permit logins using |
This file may be useful to permit logins using |
.B ssh |
.Nm |
but not using rsh/rlogin. |
but not using rsh/rlogin. |
.ne 3 |
.It Pa /etc/sshrc |
.TP |
|
.I /etc/sshrc |
|
Commands in this file are executed by |
Commands in this file are executed by |
.B ssh |
.Nm |
when the user logs in just before the user's shell (or command) is started. |
when the user logs in just before the user's shell (or command) is started. |
See the |
See the |
.B sshd |
.Xr sshd 8 |
manual page for more information. |
manual page for more information. |
.ne 3 |
.It Pa $HOME/.ssh/rc |
.TP |
|
.I $HOME/.ssh/rc |
|
Commands in this file are executed by |
Commands in this file are executed by |
.B ssh |
.Nm |
when the user logs in just before the user's shell (or command) is |
when the user logs in just before the user's shell (or command) is |
started. |
started. |
See the |
See the |
.B sshd |
.Xr sshd 8 |
manual page for more information. |
manual page for more information. |
|
.Sh INSTALLATION |
.SH INSTALLATION |
.Nm |
.LP |
|
.B Ssh |
|
is normally installed as suid root. It needs root privileges only for |
is normally installed as suid root. It needs root privileges only for |
rhosts authentication (rhosts authentication requires that the |
rhosts authentication (rhosts authentication requires that the |
connection must come from a privileged port, and allocating such a |
connection must come from a privileged port, and allocating such a |
port requires root privileges). It also needs to be able to read |
port requires root privileges). It also needs to be able to read |
\fI/etc/ssh_host_key\fR to perform |
.Pa /etc/ssh_host_key |
.B \s-1RSA\s0 |
to perform RSA |
host authentication. It is possible to use |
host authentication. It is possible to use |
.B ssh |
.Nm |
without root privileges, but rhosts authentication will then be |
without root privileges, but rhosts authentication will then be |
disabled. |
disabled. |
.B Ssh |
.Nm |
drops any extra privileges immediately after the connection to the |
drops any extra privileges immediately after the connection to the |
remote host has been made. |
remote host has been made. |
.LP |
.Pp |
Considerable work has been put into making |
Considerable work has been put into making |
.B sshd |
.Xr sshd 8 |
secure. However, if you find a security problem, please report it |
secure. However, if you find a security problem, please report it |
immediately to <ssh-bugs@cs.hut.fi>. |
immediately to <ssh-bugs@cs.hut.fi>. |
|
.Sh AUTHOR |
|
|
.SH AUTHOR |
|
.LP |
|
Tatu Ylonen <ylo@cs.hut.fi> |
Tatu Ylonen <ylo@cs.hut.fi> |
.LP |
.Pp |
Information about new releases, mailing lists, and other related |
Issues can be found from the SSH WWW home page: |
issues can be found from the ssh WWW home page at |
.Pp |
http://www.cs.hut.fi/ssh. |
.Dl http://www.cs.hut.fi/ssh |
|
.Sh SEE ALSO |
.SH SEE ALSO |
.Xr make-ssh-known-hosts 1 , |
.BR sshd (8), |
.Xr rlogin 1 , |
.BR ssh-keygen (1), |
.Xr rsh 1 , |
.BR ssh-agent (1), |
.Xr scp 1 , |
.BR ssh-add (1), |
.Xr ssh-add 1 , |
.BR scp (1), |
.Xr ssh-agent 1 , |
.BR make-ssh-known-hosts (1), |
.Xr ssh-keygen 1 , |
.BR rlogin (1), |
.Xr telnet 1 , |
.BR rsh (1), |
.Xr sshd 8 |
.BR telnet (1) |
|