version 1.167, 2002/09/27 15:46:21 |
version 1.167.2.2, 2003/09/16 21:20:28 |
|
|
.Op Ar command |
.Op Ar command |
.Pp |
.Pp |
.Nm ssh |
.Nm ssh |
.Op Fl afgknqstvxACNTX1246 |
.Bk -words |
|
.Op Fl afgknqstvxACNTVX1246 |
.Op Fl b Ar bind_address |
.Op Fl b Ar bind_address |
.Op Fl c Ar cipher_spec |
.Op Fl c Ar cipher_spec |
.Op Fl e Ar escape_char |
.Op Fl e Ar escape_char |
|
|
.Sm on |
.Sm on |
.Xc |
.Xc |
.Oc |
.Oc |
|
.Ek |
|
.Bk -words |
.Oo Fl R Xo |
.Oo Fl R Xo |
.Sm off |
.Sm off |
.Ar port : |
.Ar port : |
|
|
.Op Fl D Ar port |
.Op Fl D Ar port |
.Ar hostname | user@hostname |
.Ar hostname | user@hostname |
.Op Ar command |
.Op Ar command |
|
.Ek |
.Sh DESCRIPTION |
.Sh DESCRIPTION |
.Nm |
.Nm |
(SSH client) is a program for logging into a remote machine and for |
(SSH client) is a program for logging into a remote machine and for |
|
|
to terminate |
to terminate |
.It Cm ~? |
.It Cm ~? |
Display a list of escape characters |
Display a list of escape characters |
|
.It Cm ~B |
|
Send a BREAK to the remote system (only useful for SSH protocol version 2 |
|
and if the peer supports it) |
.It Cm ~C |
.It Cm ~C |
Open command line (only useful for adding port forwardings using the |
Open command line (only useful for adding port forwardings using the |
.Fl L |
.Fl L |
|
|
.Fl A |
.Fl A |
and |
and |
.Fl a |
.Fl a |
options described later) and |
options described later) and |
the user is using an authentication agent, the connection to the agent |
the user is using an authentication agent, the connection to the agent |
is automatically forwarded to the remote side. |
is automatically forwarded to the remote side. |
.Pp |
.Pp |
|
|
Enables forwarding of the authentication agent connection. |
Enables forwarding of the authentication agent connection. |
This can also be specified on a per-host basis in a configuration file. |
This can also be specified on a per-host basis in a configuration file. |
.Pp |
.Pp |
Agent forwarding should be enabled with caution. Users with the |
Agent forwarding should be enabled with caution. |
ability to bypass file permissions on the remote host (for the agent's |
Users with the ability to bypass file permissions on the remote host |
Unix-domain socket) can access the local agent through the forwarded |
(for the agent's Unix-domain socket) |
connection. An attacker cannot obtain key material from the agent, |
can access the local agent through the forwarded connection. |
|
An attacker cannot obtain key material from the agent, |
however they can perform operations on the keys that enable them to |
however they can perform operations on the keys that enable them to |
authenticate using the identities loaded into the agent. |
authenticate using the identities loaded into the agent. |
.It Fl b Ar bind_address |
.It Fl b Ar bind_address |
|
|
client for interoperability with legacy protocol 1 implementations |
client for interoperability with legacy protocol 1 implementations |
that do not support the |
that do not support the |
.Ar 3des |
.Ar 3des |
cipher. Its use is strongly discouraged due to cryptographic |
cipher. |
weaknesses. |
Its use is strongly discouraged due to cryptographic weaknesses. |
.It Fl c Ar cipher_spec |
.It Fl c Ar cipher_spec |
Additionally, for protocol version 2 a comma-separated list of ciphers can |
Additionally, for protocol version 2 a comma-separated list of ciphers can |
be specified in order of preference. |
be specified in order of preference. |
|
|
options (and multiple identities specified in |
options (and multiple identities specified in |
configuration files). |
configuration files). |
.It Fl I Ar smartcard_device |
.It Fl I Ar smartcard_device |
Specifies which smartcard device to use. The argument is |
Specifies which smartcard device to use. |
the device |
The argument is the device |
.Nm |
.Nm |
should use to communicate with a smartcard used for storing the user's |
should use to communicate with a smartcard used for storing the user's |
private RSA key. |
private RSA key. |
.It Fl k |
.It Fl k |
Disables forwarding of Kerberos tickets and AFS tokens. |
Disables forwarding of Kerberos tickets. |
This may also be specified on a per-host basis in the configuration file. |
This may also be specified on a per-host basis in the configuration file. |
.It Fl l Ar login_name |
.It Fl l Ar login_name |
Specifies the user to log in as on the remote machine. |
Specifies the user to log in as on the remote machine. |
|
|
Quiet mode. |
Quiet mode. |
Causes all warning and diagnostic messages to be suppressed. |
Causes all warning and diagnostic messages to be suppressed. |
.It Fl s |
.It Fl s |
May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use |
May be used to request invocation of a subsystem on the remote system. |
of SSH as a secure transport for other applications (eg. sftp). The |
Subsystems are a feature of the SSH2 protocol which facilitate the use |
subsystem is specified as the remote command. |
of SSH as a secure transport for other applications (eg. sftp). |
|
The subsystem is specified as the remote command. |
.It Fl t |
.It Fl t |
Force pseudo-tty allocation. |
Force pseudo-tty allocation. |
This can be used to execute arbitrary |
This can be used to execute arbitrary |
|
|
debugging connection, authentication, and configuration problems. |
debugging connection, authentication, and configuration problems. |
Multiple |
Multiple |
.Fl v |
.Fl v |
options increases the verbosity. |
options increase the verbosity. |
Maximum is 3. |
The maximum is 3. |
|
.It Fl V |
|
Display the version number and exit. |
.It Fl x |
.It Fl x |
Disables X11 forwarding. |
Disables X11 forwarding. |
.It Fl X |
.It Fl X |
Enables X11 forwarding. |
Enables X11 forwarding. |
This can also be specified on a per-host basis in a configuration file. |
This can also be specified on a per-host basis in a configuration file. |
.Pp |
.Pp |
X11 forwarding should be enabled with caution. Users with the ability |
X11 forwarding should be enabled with caution. |
to bypass file permissions on the remote host (for the user's X |
Users with the ability to bypass file permissions on the remote host |
authorization database) can access the local X11 display through the |
(for the user's X authorization database) |
forwarded connection. An attacker may then be able to perform |
can access the local X11 display through the forwarded connection. |
activities such as keystroke monitoring. |
An attacker may then be able to perform activities such as keystroke monitoring. |
.It Fl C |
.It Fl C |
Requests compression of all data (including stdin, stdout, stderr, and |
Requests compression of all data (including stdin, stdout, stderr, and |
data for forwarded X11 and TCP/IP connections). |
data for forwarded X11 and TCP/IP connections). |
|
|
on the local side, and whenever a connection is made to this port, the |
on the local side, and whenever a connection is made to this port, the |
connection is forwarded over the secure channel, and the application |
connection is forwarded over the secure channel, and the application |
protocol is then used to determine where to connect to from the |
protocol is then used to determine where to connect to from the |
remote machine. Currently the SOCKS4 protocol is supported, and |
remote machine. |
|
Currently the SOCKS4 and SOCKS5 protocols are supported, and |
.Nm |
.Nm |
will act as a SOCKS4 server. |
will act as a SOCKS server. |
Only root can forward privileged ports. |
Only root can forward privileged ports. |
Dynamic port forwardings can also be specified in the configuration file. |
Dynamic port forwardings can also be specified in the configuration file. |
.It Fl 1 |
.It Fl 1 |
|
|
.Xr rsh 1 . |
.Xr rsh 1 . |
.It Pa /etc/hosts.equiv |
.It Pa /etc/hosts.equiv |
This file is used during |
This file is used during |
.Pa \&.rhosts authentication. |
.Pa \&.rhosts |
|
authentication. |
It contains |
It contains |
canonical hosts names, one per line (the full format is described on |
canonical hosts names, one per line (the full format is described on |
the |
the |
|
|
.Nm |
.Nm |
exits with the exit status of the remote command or with 255 |
exits with the exit status of the remote command or with 255 |
if an error occurred. |
if an error occurred. |
.Sh AUTHORS |
|
OpenSSH is a derivative of the original and free |
|
ssh 1.2.12 release by Tatu Ylonen. |
|
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, |
|
Theo de Raadt and Dug Song |
|
removed many bugs, re-added newer features and |
|
created OpenSSH. |
|
Markus Friedl contributed the support for SSH |
|
protocol versions 1.5 and 2.0. |
|
.Sh SEE ALSO |
.Sh SEE ALSO |
.Xr rsh 1 , |
.Xr rsh 1 , |
.Xr scp 1 , |
.Xr scp 1 , |
|
|
.%D January 2002 |
.%D January 2002 |
.%O work in progress material |
.%O work in progress material |
.Re |
.Re |
|
.Sh AUTHORS |
|
OpenSSH is a derivative of the original and free |
|
ssh 1.2.12 release by Tatu Ylonen. |
|
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, |
|
Theo de Raadt and Dug Song |
|
removed many bugs, re-added newer features and |
|
created OpenSSH. |
|
Markus Friedl contributed the support for SSH |
|
protocol versions 1.5 and 2.0. |