| version 1.139, 2001/10/01 21:51:16 |
version 1.139.2.2, 2002/03/07 17:37:47 |
|
|
| .Pa /etc/shosts.equiv , |
.Pa /etc/shosts.equiv , |
| and if additionally the server can verify the client's |
and if additionally the server can verify the client's |
| host key (see |
host key (see |
| .Pa /etc/ssh_known_hosts |
.Pa /etc/ssh/ssh_known_hosts |
| and |
and |
| .Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
| in the |
in the |
|
|
| .Pp |
.Pp |
| .Ss SSH protocol version 2 |
.Ss SSH protocol version 2 |
| .Pp |
.Pp |
| When a user connects using the protocol version 2 |
When a user connects using protocol version 2 |
| different authentication methods are available. |
similar authentication methods are available. |
| Using the default values for |
Using the default values for |
| .Cm PreferredAuthentications , |
.Cm PreferredAuthentications , |
| the client will try to authenticate first using the hostbased method; |
the client will try to authenticate first using the hostbased method; |
|
|
| List forwarded connections |
List forwarded connections |
| .It Cm ~& |
.It Cm ~& |
| Background ssh at logout when waiting for forwarded connection / X11 sessions |
Background ssh at logout when waiting for forwarded connection / X11 sessions |
| to terminate (protocol version 1 only) |
to terminate |
| .It Cm ~? |
.It Cm ~? |
| Display a list of escape characters |
Display a list of escape characters |
| .It Cm ~R |
.It Cm ~R |
|
|
| .Pa $HOME/.ssh/known_hosts |
.Pa $HOME/.ssh/known_hosts |
| in the user's home directory. |
in the user's home directory. |
| Additionally, the file |
Additionally, the file |
| .Pa /etc/ssh_known_hosts |
.Pa /etc/ssh/ssh_known_hosts |
| is automatically checked for known hosts. |
is automatically checked for known hosts. |
| Any new hosts are automatically added to the user's file. |
Any new hosts are automatically added to the user's file. |
| If a host's identification |
If a host's identification |
|
|
| .It Fl g |
.It Fl g |
| Allows remote hosts to connect to local forwarded ports. |
Allows remote hosts to connect to local forwarded ports. |
| .It Fl i Ar identity_file |
.It Fl i Ar identity_file |
| Selects the file from which the identity (private key) for |
Selects a file from which the identity (private key) for |
| RSA or DSA authentication is read. |
RSA or DSA authentication is read. |
| Default is |
The default is |
| .Pa $HOME/.ssh/identity |
.Pa $HOME/.ssh/identity |
| in the user's home directory. |
for protocol version 1, and |
| |
.Pa $HOME/.ssh/id_rsa |
| |
and |
| |
.Pa $HOME/.ssh/id_dsa |
| |
for protocol version 2. |
| Identity files may also be specified on |
Identity files may also be specified on |
| a per-host basis in the configuration file. |
a per-host basis in the configuration file. |
| It is possible to have multiple |
It is possible to have multiple |
|
|
| .It Fl q |
.It Fl q |
| Quiet mode. |
Quiet mode. |
| Causes all warning and diagnostic messages to be suppressed. |
Causes all warning and diagnostic messages to be suppressed. |
| Only fatal errors are displayed. |
|
| .It Fl s |
.It Fl s |
| May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use |
May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use |
| of SSH as a secure transport for other applications (eg. sftp). The |
of SSH as a secure transport for other applications (eg. sftp). The |
|
|
| Specifies an alternative per-user configuration file. |
Specifies an alternative per-user configuration file. |
| If a configuration file is given on the command line, |
If a configuration file is given on the command line, |
| the system-wide configuration file |
the system-wide configuration file |
| .Pq Pa /etc/ssh_config |
.Pq Pa /etc/ssh/ssh_config |
| will be ignored. |
will be ignored. |
| The default for the per-user configuration file is |
The default for the per-user configuration file is |
| .Pa $HOME/.ssh/config . |
.Pa $HOME/.ssh/config . |
|
|
| command line options, user's configuration file |
command line options, user's configuration file |
| .Pq Pa $HOME/.ssh/config , |
.Pq Pa $HOME/.ssh/config , |
| and system-wide configuration file |
and system-wide configuration file |
| .Pq Pa /etc/ssh_config . |
.Pq Pa /etc/ssh/ssh_config . |
| For each parameter, the first obtained value |
For each parameter, the first obtained value |
| will be used. |
will be used. |
| The configuration files contain sections bracketed by |
The configuration files contain sections bracketed by |
|
|
| .It Cm GlobalKnownHostsFile |
.It Cm GlobalKnownHostsFile |
| Specifies a file to use for the global |
Specifies a file to use for the global |
| host key database instead of |
host key database instead of |
| .Pa /etc/ssh_known_hosts . |
.Pa /etc/ssh/ssh_known_hosts . |
| .It Cm HostbasedAuthentication |
.It Cm HostbasedAuthentication |
| Specifies whether to try rhosts based authentication with public key |
Specifies whether to try rhosts based authentication with public key |
| authentication. |
authentication. |
|
|
| Specifies the protocol version 2 host key algorithms |
Specifies the protocol version 2 host key algorithms |
| that the client wants to use in order of preference. |
that the client wants to use in order of preference. |
| The default for this option is: |
The default for this option is: |
| .Dq ssh-rsa,ssh-dss |
.Dq ssh-rsa,ssh-dss . |
| .It Cm HostKeyAlias |
.It Cm HostKeyAlias |
| Specifies an alias that should be used instead of the |
Specifies an alias that should be used instead of the |
| real host name when looking up or saving the host key |
real host name when looking up or saving the host key |
|
|
| .Cm HostName |
.Cm HostName |
| specifications). |
specifications). |
| .It Cm IdentityFile |
.It Cm IdentityFile |
| Specifies the file from which the user's RSA or DSA authentication identity |
Specifies a file from which the user's RSA or DSA authentication identity |
| is read (default |
is read. The default is |
| .Pa $HOME/.ssh/identity |
.Pa $HOME/.ssh/identity |
| in the user's home directory). |
for protocol version 1, and |
| |
.Pa $HOME/.ssh/id_rsa |
| |
and |
| |
.Pa $HOME/.ssh/id_dsa |
| |
for protocol version 2. |
| Additionally, any identities represented by the authentication agent |
Additionally, any identities represented by the authentication agent |
| will be used for authentication. |
will be used for authentication. |
| The file name may use the tilde |
The file name may use the tilde |
|
|
| multiple identity files specified in configuration files; all these |
multiple identity files specified in configuration files; all these |
| identities will be tried in sequence. |
identities will be tried in sequence. |
| .It Cm KeepAlive |
.It Cm KeepAlive |
| Specifies whether the system should send keepalive messages to the |
Specifies whether the system should send TCP keepalive messages to the |
| other side. |
other side. |
| If they are sent, death of the connection or crash of one |
If they are sent, death of the connection or crash of one |
| of the machines will be properly noticed. |
of the machines will be properly noticed. |
|
|
| This is important in scripts, and many users want it too. |
This is important in scripts, and many users want it too. |
| .Pp |
.Pp |
| To disable keepalives, the value should be set to |
To disable keepalives, the value should be set to |
| .Dq no |
.Dq no . |
| in both the server and the client configuration files. |
|
| .It Cm KerberosAuthentication |
.It Cm KerberosAuthentication |
| Specifies whether Kerberos authentication will be used. |
Specifies whether Kerberos authentication will be used. |
| The argument to this keyword must be |
The argument to this keyword must be |
|
|
| Gives the verbosity level that is used when logging messages from |
Gives the verbosity level that is used when logging messages from |
| .Nm ssh . |
.Nm ssh . |
| The possible values are: |
The possible values are: |
| QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG. |
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. |
| The default is INFO. |
The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 |
| |
and DEBUG3 each specify higher levels of verbose output. |
| .It Cm MACs |
.It Cm MACs |
| Specifies the MAC (message authentication code) algorithms |
Specifies the MAC (message authentication code) algorithms |
| in order of preference. |
in order of preference. |
|
|
| over another method (e.g. |
over another method (e.g. |
| .Cm password ) |
.Cm password ) |
| The default for this option is: |
The default for this option is: |
| .Dq hostbased,publickey,keyboard-interactive,password |
.Dq hostbased,publickey,keyboard-interactive,password . |
| .It Cm Protocol |
.It Cm Protocol |
| Specifies the protocol versions |
Specifies the protocol versions |
| .Nm |
.Nm |
|
|
| file, and refuses to connect to hosts whose host key has changed. |
file, and refuses to connect to hosts whose host key has changed. |
| This provides maximum protection against trojan horse attacks, |
This provides maximum protection against trojan horse attacks, |
| however, can be annoying when the |
however, can be annoying when the |
| .Pa /etc/ssh_known_hosts |
.Pa /etc/ssh/ssh_known_hosts |
| file is poorly maintained, or connections to new hosts are |
file is poorly maintained, or connections to new hosts are |
| frequently made. |
frequently made. |
| This option forces the user to manually |
This option forces the user to manually |
|
|
| .It Pa $HOME/.ssh/known_hosts |
.It Pa $HOME/.ssh/known_hosts |
| Records host keys for all hosts the user has logged into that are not |
Records host keys for all hosts the user has logged into that are not |
| in |
in |
| .Pa /etc/ssh_known_hosts . |
.Pa /etc/ssh/ssh_known_hosts . |
| See |
See |
| .Xr sshd 8 . |
.Xr sshd 8 . |
| .It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa |
.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa |
|
|
| identity files. |
identity files. |
| This file is not highly sensitive, but the recommended |
This file is not highly sensitive, but the recommended |
| permissions are read/write for the user, and not accessible by others. |
permissions are read/write for the user, and not accessible by others. |
| .It Pa /etc/ssh_known_hosts |
.It Pa /etc/ssh/ssh_known_hosts |
| Systemwide list of known host keys. |
Systemwide list of known host keys. |
| This file should be prepared by the |
This file should be prepared by the |
| system administrator to contain the public host keys of all machines in the |
system administrator to contain the public host keys of all machines in the |
|
|
| does not convert the user-supplied name to a canonical name before |
does not convert the user-supplied name to a canonical name before |
| checking the key, because someone with access to the name servers |
checking the key, because someone with access to the name servers |
| would then be able to fool host authentication. |
would then be able to fool host authentication. |
| .It Pa /etc/ssh_config |
.It Pa /etc/ssh/ssh_config |
| Systemwide configuration file. |
Systemwide configuration file. |
| This file provides defaults for those |
This file provides defaults for those |
| values that are not specified in the user's configuration file, and |
values that are not specified in the user's configuration file, and |
| for those users who do not have a configuration file. |
for those users who do not have a configuration file. |
| This file must be world-readable. |
This file must be world-readable. |
| |
.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key |
| |
These three files contain the private parts of the host keys |
| |
and are used for |
| |
.Cm RhostsRSAAuthentication |
| |
and |
| |
.Cm HostbasedAuthentication . |
| |
Since they are readable only by root |
| |
.Nm |
| |
must be setuid root if these authentication methods are desired. |
| .It Pa $HOME/.rhosts |
.It Pa $HOME/.rhosts |
| This file is used in |
This file is used in |
| .Pa \&.rhosts |
.Pa \&.rhosts |
|
|
| will be installed so that it requires successful RSA host |
will be installed so that it requires successful RSA host |
| authentication before permitting \s+2.\s0rhosts authentication. |
authentication before permitting \s+2.\s0rhosts authentication. |
| If the server machine does not have the client's host key in |
If the server machine does not have the client's host key in |
| .Pa /etc/ssh_known_hosts , |
.Pa /etc/ssh/ssh_known_hosts , |
| it can be stored in |
it can be stored in |
| .Pa $HOME/.ssh/known_hosts . |
.Pa $HOME/.ssh/known_hosts . |
| The easiest way to do this is to |
The easiest way to do this is to |
|
|
| This file may be useful to permit logins using |
This file may be useful to permit logins using |
| .Nm |
.Nm |
| but not using rsh/rlogin. |
but not using rsh/rlogin. |
| .It Pa /etc/sshrc |
.It Pa /etc/ssh/sshrc |
| Commands in this file are executed by |
Commands in this file are executed by |
| .Nm |
.Nm |
| when the user logs in just before the user's shell (or command) is started. |
when the user logs in just before the user's shell (or command) is started. |
|
|
| .Sx ENVIRONMENT |
.Sx ENVIRONMENT |
| above. |
above. |
| .El |
.El |
| |
.Sh DIAGNOSTICS |
| |
.Nm |
| |
exits with the exit status of the remote command or with 255 |
| |
if an error occurred. |
| .Sh AUTHORS |
.Sh AUTHORS |
| OpenSSH is a derivative of the original and free |
OpenSSH is a derivative of the original and free |
| ssh 1.2.12 release by Tatu Ylonen. |
ssh 1.2.12 release by Tatu Ylonen. |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh