version 1.139.2.6, 2002/06/26 18:22:36 |
version 1.139.2.7, 2002/10/11 14:53:07 |
|
|
.Op Ar command |
.Op Ar command |
.Pp |
.Pp |
.Nm ssh |
.Nm ssh |
.Op Fl afgknqstvxACNPTX1246 |
.Op Fl afgknqstvxACNTX1246 |
.Op Fl b Ar bind_address |
.Op Fl b Ar bind_address |
.Op Fl c Ar cipher_spec |
.Op Fl c Ar cipher_spec |
.Op Fl e Ar escape_char |
.Op Fl e Ar escape_char |
|
|
The real authentication cookie is never |
The real authentication cookie is never |
sent to the server machine (and no cookies are sent in the plain). |
sent to the server machine (and no cookies are sent in the plain). |
.Pp |
.Pp |
If the user is using an authentication agent, the connection to the agent |
If the |
is automatically forwarded to the remote side unless disabled on |
.Cm ForwardAgent |
the command line or in a configuration file. |
variable is set to |
|
.Dq yes |
|
(or, see the description of the |
|
.Fl A |
|
and |
|
.Fl a |
|
options described later) and |
|
the user is using an authentication agent, the connection to the agent |
|
is automatically forwarded to the remote side. |
.Pp |
.Pp |
Forwarding of arbitrary TCP/IP connections over the secure channel can |
Forwarding of arbitrary TCP/IP connections over the secure channel can |
be specified either on the command line or in a configuration file. |
be specified either on the command line or in a configuration file. |
|
|
.It Fl A |
.It Fl A |
Enables forwarding of the authentication agent connection. |
Enables forwarding of the authentication agent connection. |
This can also be specified on a per-host basis in a configuration file. |
This can also be specified on a per-host basis in a configuration file. |
|
.Pp |
|
Agent forwarding should be enabled with caution. Users with the |
|
ability to bypass file permissions on the remote host (for the agent's |
|
Unix-domain socket) can access the local agent through the forwarded |
|
connection. An attacker cannot obtain key material from the agent, |
|
however they can perform operations on the keys that enable them to |
|
authenticate using the identities loaded into the agent. |
.It Fl b Ar bind_address |
.It Fl b Ar bind_address |
Specify the interface to transmit from on machines with multiple |
Specify the interface to transmit from on machines with multiple |
interfaces or aliased addresses. |
interfaces or aliased addresses. |
|
|
Port to connect to on the remote host. |
Port to connect to on the remote host. |
This can be specified on a |
This can be specified on a |
per-host basis in the configuration file. |
per-host basis in the configuration file. |
.It Fl P |
|
Use a non-privileged port for outgoing connections. |
|
This can be used if a firewall does |
|
not permit connections from privileged ports. |
|
Note that this option turns off |
|
.Cm RhostsAuthentication |
|
and |
|
.Cm RhostsRSAAuthentication |
|
for older servers. |
|
.It Fl q |
.It Fl q |
Quiet mode. |
Quiet mode. |
Causes all warning and diagnostic messages to be suppressed. |
Causes all warning and diagnostic messages to be suppressed. |
|
|
.It Fl X |
.It Fl X |
Enables X11 forwarding. |
Enables X11 forwarding. |
This can also be specified on a per-host basis in a configuration file. |
This can also be specified on a per-host basis in a configuration file. |
|
.Pp |
|
X11 forwarding should be enabled with caution. Users with the ability |
|
to bypass file permissions on the remote host (for the user's X |
|
authorization database) can access the local X11 display through the |
|
forwarded connection. An attacker may then be able to perform |
|
activities such as keystroke monitoring. |
.It Fl C |
.It Fl C |
Requests compression of all data (including stdin, stdout, stderr, and |
Requests compression of all data (including stdin, stdout, stderr, and |
data for forwarded X11 and TCP/IP connections). |
data for forwarded X11 and TCP/IP connections). |
|
|
.Dq level |
.Dq level |
can be controlled by the |
can be controlled by the |
.Cm CompressionLevel |
.Cm CompressionLevel |
option. |
option for protocol version 1. |
Compression is desirable on modem lines and other |
Compression is desirable on modem lines and other |
slow connections, but will only slow down things on fast networks. |
slow connections, but will only slow down things on fast networks. |
The default value can be set on a host-by-host basis in the |
The default value can be set on a host-by-host basis in the |
|
|
.It Ev SSH_AUTH_SOCK |
.It Ev SSH_AUTH_SOCK |
Identifies the path of a unix-domain socket used to communicate with the |
Identifies the path of a unix-domain socket used to communicate with the |
agent. |
agent. |
.It Ev SSH_CLIENT |
.It Ev SSH_CONNECTION |
Identifies the client end of the connection. |
Identifies the client and server ends of the connection. |
The variable contains |
The variable contains |
three space-separated values: client ip-address, client port number, |
four space-separated values: client ip-address, client port number, |
and server port number. |
server ip-address and server port number. |
.It Ev SSH_ORIGINAL_COMMAND |
.It Ev SSH_ORIGINAL_COMMAND |
The variable contains the original command line if a forced command |
The variable contains the original command line if a forced command |
is executed. |
is executed. |
|
|
.Pa $HOME/.ssh/environment , |
.Pa $HOME/.ssh/environment , |
and adds lines of the format |
and adds lines of the format |
.Dq VARNAME=value |
.Dq VARNAME=value |
to the environment. |
to the environment if the file exists and if users are allowed to |
|
change their environment. |
|
See the |
|
.Cm PermitUserEnvironment |
|
option in |
|
.Xr sshd_config 5 . |
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Pa $HOME/.ssh/known_hosts |
.It Pa $HOME/.ssh/known_hosts |