| version 1.150.2.4, 2002/10/11 14:51:53 |
version 1.150.2.5, 2003/04/03 22:35:18 |
|
|
| .Op Ar command |
.Op Ar command |
| .Pp |
.Pp |
| .Nm ssh |
.Nm ssh |
| |
.Bk -words |
| .Op Fl afgknqstvxACNTX1246 |
.Op Fl afgknqstvxACNTX1246 |
| .Op Fl b Ar bind_address |
.Op Fl b Ar bind_address |
| .Op Fl c Ar cipher_spec |
.Op Fl c Ar cipher_spec |
|
|
| .Sm on |
.Sm on |
| .Xc |
.Xc |
| .Oc |
.Oc |
| |
.Ek |
| |
.Bk -words |
| .Oo Fl R Xo |
.Oo Fl R Xo |
| .Sm off |
.Sm off |
| .Ar port : |
.Ar port : |
|
|
| .Op Fl D Ar port |
.Op Fl D Ar port |
| .Ar hostname | user@hostname |
.Ar hostname | user@hostname |
| .Op Ar command |
.Op Ar command |
| |
.Ek |
| .Sh DESCRIPTION |
.Sh DESCRIPTION |
| .Nm |
.Nm |
| (SSH client) is a program for logging into a remote machine and for |
(SSH client) is a program for logging into a remote machine and for |
|
|
| .Fl A |
.Fl A |
| and |
and |
| .Fl a |
.Fl a |
| options described later) and |
options described later) and |
| the user is using an authentication agent, the connection to the agent |
the user is using an authentication agent, the connection to the agent |
| is automatically forwarded to the remote side. |
is automatically forwarded to the remote side. |
| .Pp |
.Pp |
|
|
| Enables forwarding of the authentication agent connection. |
Enables forwarding of the authentication agent connection. |
| This can also be specified on a per-host basis in a configuration file. |
This can also be specified on a per-host basis in a configuration file. |
| .Pp |
.Pp |
| Agent forwarding should be enabled with caution. Users with the |
Agent forwarding should be enabled with caution. |
| ability to bypass file permissions on the remote host (for the agent's |
Users with the ability to bypass file permissions on the remote host |
| Unix-domain socket) can access the local agent through the forwarded |
(for the agent's Unix-domain socket) |
| connection. An attacker cannot obtain key material from the agent, |
can access the local agent through the forwarded connection. |
| |
An attacker cannot obtain key material from the agent, |
| however they can perform operations on the keys that enable them to |
however they can perform operations on the keys that enable them to |
| authenticate using the identities loaded into the agent. |
authenticate using the identities loaded into the agent. |
| .It Fl b Ar bind_address |
.It Fl b Ar bind_address |
|
|
| client for interoperability with legacy protocol 1 implementations |
client for interoperability with legacy protocol 1 implementations |
| that do not support the |
that do not support the |
| .Ar 3des |
.Ar 3des |
| cipher. Its use is strongly discouraged due to cryptographic |
cipher. |
| weaknesses. |
Its use is strongly discouraged due to cryptographic weaknesses. |
| .It Fl c Ar cipher_spec |
.It Fl c Ar cipher_spec |
| Additionally, for protocol version 2 a comma-separated list of ciphers can |
Additionally, for protocol version 2 a comma-separated list of ciphers can |
| be specified in order of preference. |
be specified in order of preference. |
|
|
| Enables X11 forwarding. |
Enables X11 forwarding. |
| This can also be specified on a per-host basis in a configuration file. |
This can also be specified on a per-host basis in a configuration file. |
| .Pp |
.Pp |
| X11 forwarding should be enabled with caution. Users with the ability |
X11 forwarding should be enabled with caution. |
| to bypass file permissions on the remote host (for the user's X |
Users with the ability to bypass file permissions on the remote host |
| authorization database) can access the local X11 display through the |
(for the user's X authorization database) |
| forwarded connection. An attacker may then be able to perform |
can access the local X11 display through the forwarded connection. |
| activities such as keystroke monitoring. |
An attacker may then be able to perform activities such as keystroke monitoring. |
| .It Fl C |
.It Fl C |
| Requests compression of all data (including stdin, stdout, stderr, and |
Requests compression of all data (including stdin, stdout, stderr, and |
| data for forwarded X11 and TCP/IP connections). |
data for forwarded X11 and TCP/IP connections). |
|
|
| on the local side, and whenever a connection is made to this port, the |
on the local side, and whenever a connection is made to this port, the |
| connection is forwarded over the secure channel, and the application |
connection is forwarded over the secure channel, and the application |
| protocol is then used to determine where to connect to from the |
protocol is then used to determine where to connect to from the |
| remote machine. Currently the SOCKS4 protocol is supported, and |
remote machine. |
| |
Currently the SOCKS4 protocol is supported, and |
| .Nm |
.Nm |
| will act as a SOCKS4 server. |
will act as a SOCKS4 server. |
| Only root can forward privileged ports. |
Only root can forward privileged ports. |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh