version 1.150.2.4, 2002/10/11 14:51:53 |
version 1.150.2.5, 2003/04/03 22:35:18 |
|
|
.Op Ar command |
.Op Ar command |
.Pp |
.Pp |
.Nm ssh |
.Nm ssh |
|
.Bk -words |
.Op Fl afgknqstvxACNTX1246 |
.Op Fl afgknqstvxACNTX1246 |
.Op Fl b Ar bind_address |
.Op Fl b Ar bind_address |
.Op Fl c Ar cipher_spec |
.Op Fl c Ar cipher_spec |
|
|
.Sm on |
.Sm on |
.Xc |
.Xc |
.Oc |
.Oc |
|
.Ek |
|
.Bk -words |
.Oo Fl R Xo |
.Oo Fl R Xo |
.Sm off |
.Sm off |
.Ar port : |
.Ar port : |
|
|
.Op Fl D Ar port |
.Op Fl D Ar port |
.Ar hostname | user@hostname |
.Ar hostname | user@hostname |
.Op Ar command |
.Op Ar command |
|
.Ek |
.Sh DESCRIPTION |
.Sh DESCRIPTION |
.Nm |
.Nm |
(SSH client) is a program for logging into a remote machine and for |
(SSH client) is a program for logging into a remote machine and for |
|
|
.Fl A |
.Fl A |
and |
and |
.Fl a |
.Fl a |
options described later) and |
options described later) and |
the user is using an authentication agent, the connection to the agent |
the user is using an authentication agent, the connection to the agent |
is automatically forwarded to the remote side. |
is automatically forwarded to the remote side. |
.Pp |
.Pp |
|
|
Enables forwarding of the authentication agent connection. |
Enables forwarding of the authentication agent connection. |
This can also be specified on a per-host basis in a configuration file. |
This can also be specified on a per-host basis in a configuration file. |
.Pp |
.Pp |
Agent forwarding should be enabled with caution. Users with the |
Agent forwarding should be enabled with caution. |
ability to bypass file permissions on the remote host (for the agent's |
Users with the ability to bypass file permissions on the remote host |
Unix-domain socket) can access the local agent through the forwarded |
(for the agent's Unix-domain socket) |
connection. An attacker cannot obtain key material from the agent, |
can access the local agent through the forwarded connection. |
|
An attacker cannot obtain key material from the agent, |
however they can perform operations on the keys that enable them to |
however they can perform operations on the keys that enable them to |
authenticate using the identities loaded into the agent. |
authenticate using the identities loaded into the agent. |
.It Fl b Ar bind_address |
.It Fl b Ar bind_address |
|
|
client for interoperability with legacy protocol 1 implementations |
client for interoperability with legacy protocol 1 implementations |
that do not support the |
that do not support the |
.Ar 3des |
.Ar 3des |
cipher. Its use is strongly discouraged due to cryptographic |
cipher. |
weaknesses. |
Its use is strongly discouraged due to cryptographic weaknesses. |
.It Fl c Ar cipher_spec |
.It Fl c Ar cipher_spec |
Additionally, for protocol version 2 a comma-separated list of ciphers can |
Additionally, for protocol version 2 a comma-separated list of ciphers can |
be specified in order of preference. |
be specified in order of preference. |
|
|
Enables X11 forwarding. |
Enables X11 forwarding. |
This can also be specified on a per-host basis in a configuration file. |
This can also be specified on a per-host basis in a configuration file. |
.Pp |
.Pp |
X11 forwarding should be enabled with caution. Users with the ability |
X11 forwarding should be enabled with caution. |
to bypass file permissions on the remote host (for the user's X |
Users with the ability to bypass file permissions on the remote host |
authorization database) can access the local X11 display through the |
(for the user's X authorization database) |
forwarded connection. An attacker may then be able to perform |
can access the local X11 display through the forwarded connection. |
activities such as keystroke monitoring. |
An attacker may then be able to perform activities such as keystroke monitoring. |
.It Fl C |
.It Fl C |
Requests compression of all data (including stdin, stdout, stderr, and |
Requests compression of all data (including stdin, stdout, stderr, and |
data for forwarded X11 and TCP/IP connections). |
data for forwarded X11 and TCP/IP connections). |
|
|
on the local side, and whenever a connection is made to this port, the |
on the local side, and whenever a connection is made to this port, the |
connection is forwarded over the secure channel, and the application |
connection is forwarded over the secure channel, and the application |
protocol is then used to determine where to connect to from the |
protocol is then used to determine where to connect to from the |
remote machine. Currently the SOCKS4 protocol is supported, and |
remote machine. |
|
Currently the SOCKS4 protocol is supported, and |
.Nm |
.Nm |
will act as a SOCKS4 server. |
will act as a SOCKS4 server. |
Only root can forward privileged ports. |
Only root can forward privileged ports. |