version 1.139, 2001/10/01 21:51:16 |
version 1.139.2.4, 2002/05/17 00:03:24 |
|
|
.Pp |
.Pp |
.Ss SSH protocol version 2 |
.Ss SSH protocol version 2 |
.Pp |
.Pp |
When a user connects using the protocol version 2 |
When a user connects using protocol version 2 |
different authentication methods are available. |
similar authentication methods are available. |
Using the default values for |
Using the default values for |
.Cm PreferredAuthentications , |
.Cm PreferredAuthentications , |
the client will try to authenticate first using the hostbased method; |
the client will try to authenticate first using the hostbased method; |
|
|
List forwarded connections |
List forwarded connections |
.It Cm ~& |
.It Cm ~& |
Background ssh at logout when waiting for forwarded connection / X11 sessions |
Background ssh at logout when waiting for forwarded connection / X11 sessions |
to terminate (protocol version 1 only) |
to terminate |
.It Cm ~? |
.It Cm ~? |
Display a list of escape characters |
Display a list of escape characters |
|
.It Cm ~C |
|
Open command line (only useful for adding port forwardings using the |
|
.Fl L |
|
and |
|
.Fl R |
|
options) |
.It Cm ~R |
.It Cm ~R |
Request rekeying of the connection (only useful for SSH protocol version 2 |
Request rekeying of the connection (only useful for SSH protocol version 2 |
and if the peer supports it) |
and if the peer supports it) |
|
|
.It Fl g |
.It Fl g |
Allows remote hosts to connect to local forwarded ports. |
Allows remote hosts to connect to local forwarded ports. |
.It Fl i Ar identity_file |
.It Fl i Ar identity_file |
Selects the file from which the identity (private key) for |
Selects a file from which the identity (private key) for |
RSA or DSA authentication is read. |
RSA or DSA authentication is read. |
Default is |
The default is |
.Pa $HOME/.ssh/identity |
.Pa $HOME/.ssh/identity |
in the user's home directory. |
for protocol version 1, and |
|
.Pa $HOME/.ssh/id_rsa |
|
and |
|
.Pa $HOME/.ssh/id_dsa |
|
for protocol version 2. |
Identity files may also be specified on |
Identity files may also be specified on |
a per-host basis in the configuration file. |
a per-host basis in the configuration file. |
It is possible to have multiple |
It is possible to have multiple |
|
|
.It Fl q |
.It Fl q |
Quiet mode. |
Quiet mode. |
Causes all warning and diagnostic messages to be suppressed. |
Causes all warning and diagnostic messages to be suppressed. |
Only fatal errors are displayed. |
|
.It Fl s |
.It Fl s |
May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use |
May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use |
of SSH as a secure transport for other applications (eg. sftp). The |
of SSH as a secure transport for other applications (eg. sftp). The |
|
|
Specifies the protocol version 2 host key algorithms |
Specifies the protocol version 2 host key algorithms |
that the client wants to use in order of preference. |
that the client wants to use in order of preference. |
The default for this option is: |
The default for this option is: |
.Dq ssh-rsa,ssh-dss |
.Dq ssh-rsa,ssh-dss . |
.It Cm HostKeyAlias |
.It Cm HostKeyAlias |
Specifies an alias that should be used instead of the |
Specifies an alias that should be used instead of the |
real host name when looking up or saving the host key |
real host name when looking up or saving the host key |
|
|
.Cm HostName |
.Cm HostName |
specifications). |
specifications). |
.It Cm IdentityFile |
.It Cm IdentityFile |
Specifies the file from which the user's RSA or DSA authentication identity |
Specifies a file from which the user's RSA or DSA authentication identity |
is read (default |
is read. The default is |
.Pa $HOME/.ssh/identity |
.Pa $HOME/.ssh/identity |
in the user's home directory). |
for protocol version 1, and |
|
.Pa $HOME/.ssh/id_rsa |
|
and |
|
.Pa $HOME/.ssh/id_dsa |
|
for protocol version 2. |
Additionally, any identities represented by the authentication agent |
Additionally, any identities represented by the authentication agent |
will be used for authentication. |
will be used for authentication. |
The file name may use the tilde |
The file name may use the tilde |
|
|
multiple identity files specified in configuration files; all these |
multiple identity files specified in configuration files; all these |
identities will be tried in sequence. |
identities will be tried in sequence. |
.It Cm KeepAlive |
.It Cm KeepAlive |
Specifies whether the system should send keepalive messages to the |
Specifies whether the system should send TCP keepalive messages to the |
other side. |
other side. |
If they are sent, death of the connection or crash of one |
If they are sent, death of the connection or crash of one |
of the machines will be properly noticed. |
of the machines will be properly noticed. |
|
|
This is important in scripts, and many users want it too. |
This is important in scripts, and many users want it too. |
.Pp |
.Pp |
To disable keepalives, the value should be set to |
To disable keepalives, the value should be set to |
.Dq no |
.Dq no . |
in both the server and the client configuration files. |
|
.It Cm KerberosAuthentication |
.It Cm KerberosAuthentication |
Specifies whether Kerberos authentication will be used. |
Specifies whether Kerberos authentication will be used. |
The argument to this keyword must be |
The argument to this keyword must be |
|
|
Gives the verbosity level that is used when logging messages from |
Gives the verbosity level that is used when logging messages from |
.Nm ssh . |
.Nm ssh . |
The possible values are: |
The possible values are: |
QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG. |
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. |
The default is INFO. |
The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 |
|
and DEBUG3 each specify higher levels of verbose output. |
.It Cm MACs |
.It Cm MACs |
Specifies the MAC (message authentication code) algorithms |
Specifies the MAC (message authentication code) algorithms |
in order of preference. |
in order of preference. |
|
|
over another method (e.g. |
over another method (e.g. |
.Cm password ) |
.Cm password ) |
The default for this option is: |
The default for this option is: |
.Dq hostbased,publickey,keyboard-interactive,password |
.Dq hostbased,publickey,keyboard-interactive,password . |
.It Cm Protocol |
.It Cm Protocol |
Specifies the protocol versions |
Specifies the protocol versions |
.Nm |
.Nm |
|
|
values that are not specified in the user's configuration file, and |
values that are not specified in the user's configuration file, and |
for those users who do not have a configuration file. |
for those users who do not have a configuration file. |
This file must be world-readable. |
This file must be world-readable. |
|
.It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key |
|
These three files contain the private parts of the host keys |
|
and are used for |
|
.Cm RhostsRSAAuthentication |
|
and |
|
.Cm HostbasedAuthentication . |
|
Since they are readable only by root |
|
.Nm |
|
must be setuid root if these authentication methods are desired. |
.It Pa $HOME/.rhosts |
.It Pa $HOME/.rhosts |
This file is used in |
This file is used in |
.Pa \&.rhosts |
.Pa \&.rhosts |
|
|
having this file is to be able to use rhosts authentication with |
having this file is to be able to use rhosts authentication with |
.Nm |
.Nm |
without permitting login with |
without permitting login with |
.Xr rlogin 1 |
.Nm rlogin |
or |
or |
.Xr rsh 1 . |
.Xr rsh 1 . |
.It Pa /etc/hosts.equiv |
.It Pa /etc/hosts.equiv |
|
|
.Sx ENVIRONMENT |
.Sx ENVIRONMENT |
above. |
above. |
.El |
.El |
|
.Sh DIAGNOSTICS |
|
.Nm |
|
exits with the exit status of the remote command or with 255 |
|
if an error occurred. |
.Sh AUTHORS |
.Sh AUTHORS |
OpenSSH is a derivative of the original and free |
OpenSSH is a derivative of the original and free |
ssh 1.2.12 release by Tatu Ylonen. |
ssh 1.2.12 release by Tatu Ylonen. |
|
|
Markus Friedl contributed the support for SSH |
Markus Friedl contributed the support for SSH |
protocol versions 1.5 and 2.0. |
protocol versions 1.5 and 2.0. |
.Sh SEE ALSO |
.Sh SEE ALSO |
.Xr rlogin 1 , |
|
.Xr rsh 1 , |
.Xr rsh 1 , |
.Xr scp 1 , |
.Xr scp 1 , |
.Xr sftp 1 , |
.Xr sftp 1 , |
|
|
.%A T. Rinne |
.%A T. Rinne |
.%A S. Lehtinen |
.%A S. Lehtinen |
.%T "SSH Protocol Architecture" |
.%T "SSH Protocol Architecture" |
.%N draft-ietf-secsh-architecture-09.txt |
.%N draft-ietf-secsh-architecture-12.txt |
.%D July 2001 |
.%D January 2002 |
.%O work in progress material |
.%O work in progress material |
.Re |
.Re |