| version 1.167, 2002/09/27 15:46:21 |
version 1.167.4.2, 2003/09/16 20:50:44 |
|
|
| .Op Ar command |
.Op Ar command |
| .Pp |
.Pp |
| .Nm ssh |
.Nm ssh |
| .Op Fl afgknqstvxACNTX1246 |
.Bk -words |
| |
.Op Fl afgknqstvxACNTVX1246 |
| .Op Fl b Ar bind_address |
.Op Fl b Ar bind_address |
| .Op Fl c Ar cipher_spec |
.Op Fl c Ar cipher_spec |
| .Op Fl e Ar escape_char |
.Op Fl e Ar escape_char |
|
|
| .Sm on |
.Sm on |
| .Xc |
.Xc |
| .Oc |
.Oc |
| |
.Ek |
| |
.Bk -words |
| .Oo Fl R Xo |
.Oo Fl R Xo |
| .Sm off |
.Sm off |
| .Ar port : |
.Ar port : |
|
|
| .Op Fl D Ar port |
.Op Fl D Ar port |
| .Ar hostname | user@hostname |
.Ar hostname | user@hostname |
| .Op Ar command |
.Op Ar command |
| |
.Ek |
| .Sh DESCRIPTION |
.Sh DESCRIPTION |
| .Nm |
.Nm |
| (SSH client) is a program for logging into a remote machine and for |
(SSH client) is a program for logging into a remote machine and for |
|
|
| to terminate |
to terminate |
| .It Cm ~? |
.It Cm ~? |
| Display a list of escape characters |
Display a list of escape characters |
| |
.It Cm ~B |
| |
Send a BREAK to the remote system (only useful for SSH protocol version 2 |
| |
and if the peer supports it) |
| .It Cm ~C |
.It Cm ~C |
| Open command line (only useful for adding port forwardings using the |
Open command line (only useful for adding port forwardings using the |
| .Fl L |
.Fl L |
|
|
| .Fl A |
.Fl A |
| and |
and |
| .Fl a |
.Fl a |
| options described later) and |
options described later) and |
| the user is using an authentication agent, the connection to the agent |
the user is using an authentication agent, the connection to the agent |
| is automatically forwarded to the remote side. |
is automatically forwarded to the remote side. |
| .Pp |
.Pp |
|
|
| Enables forwarding of the authentication agent connection. |
Enables forwarding of the authentication agent connection. |
| This can also be specified on a per-host basis in a configuration file. |
This can also be specified on a per-host basis in a configuration file. |
| .Pp |
.Pp |
| Agent forwarding should be enabled with caution. Users with the |
Agent forwarding should be enabled with caution. |
| ability to bypass file permissions on the remote host (for the agent's |
Users with the ability to bypass file permissions on the remote host |
| Unix-domain socket) can access the local agent through the forwarded |
(for the agent's Unix-domain socket) |
| connection. An attacker cannot obtain key material from the agent, |
can access the local agent through the forwarded connection. |
| |
An attacker cannot obtain key material from the agent, |
| however they can perform operations on the keys that enable them to |
however they can perform operations on the keys that enable them to |
| authenticate using the identities loaded into the agent. |
authenticate using the identities loaded into the agent. |
| .It Fl b Ar bind_address |
.It Fl b Ar bind_address |
|
|
| client for interoperability with legacy protocol 1 implementations |
client for interoperability with legacy protocol 1 implementations |
| that do not support the |
that do not support the |
| .Ar 3des |
.Ar 3des |
| cipher. Its use is strongly discouraged due to cryptographic |
cipher. |
| weaknesses. |
Its use is strongly discouraged due to cryptographic weaknesses. |
| .It Fl c Ar cipher_spec |
.It Fl c Ar cipher_spec |
| Additionally, for protocol version 2 a comma-separated list of ciphers can |
Additionally, for protocol version 2 a comma-separated list of ciphers can |
| be specified in order of preference. |
be specified in order of preference. |
|
|
| options (and multiple identities specified in |
options (and multiple identities specified in |
| configuration files). |
configuration files). |
| .It Fl I Ar smartcard_device |
.It Fl I Ar smartcard_device |
| Specifies which smartcard device to use. The argument is |
Specifies which smartcard device to use. |
| the device |
The argument is the device |
| .Nm |
.Nm |
| should use to communicate with a smartcard used for storing the user's |
should use to communicate with a smartcard used for storing the user's |
| private RSA key. |
private RSA key. |
| .It Fl k |
.It Fl k |
| Disables forwarding of Kerberos tickets and AFS tokens. |
Disables forwarding of Kerberos tickets. |
| This may also be specified on a per-host basis in the configuration file. |
This may also be specified on a per-host basis in the configuration file. |
| .It Fl l Ar login_name |
.It Fl l Ar login_name |
| Specifies the user to log in as on the remote machine. |
Specifies the user to log in as on the remote machine. |
|
|
| Quiet mode. |
Quiet mode. |
| Causes all warning and diagnostic messages to be suppressed. |
Causes all warning and diagnostic messages to be suppressed. |
| .It Fl s |
.It Fl s |
| May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use |
May be used to request invocation of a subsystem on the remote system. |
| of SSH as a secure transport for other applications (eg. sftp). The |
Subsystems are a feature of the SSH2 protocol which facilitate the use |
| subsystem is specified as the remote command. |
of SSH as a secure transport for other applications (eg. sftp). |
| |
The subsystem is specified as the remote command. |
| .It Fl t |
.It Fl t |
| Force pseudo-tty allocation. |
Force pseudo-tty allocation. |
| This can be used to execute arbitrary |
This can be used to execute arbitrary |
|
|
| debugging connection, authentication, and configuration problems. |
debugging connection, authentication, and configuration problems. |
| Multiple |
Multiple |
| .Fl v |
.Fl v |
| options increases the verbosity. |
options increase the verbosity. |
| Maximum is 3. |
The maximum is 3. |
| |
.It Fl V |
| |
Display the version number and exit. |
| .It Fl x |
.It Fl x |
| Disables X11 forwarding. |
Disables X11 forwarding. |
| .It Fl X |
.It Fl X |
| Enables X11 forwarding. |
Enables X11 forwarding. |
| This can also be specified on a per-host basis in a configuration file. |
This can also be specified on a per-host basis in a configuration file. |
| .Pp |
.Pp |
| X11 forwarding should be enabled with caution. Users with the ability |
X11 forwarding should be enabled with caution. |
| to bypass file permissions on the remote host (for the user's X |
Users with the ability to bypass file permissions on the remote host |
| authorization database) can access the local X11 display through the |
(for the user's X authorization database) |
| forwarded connection. An attacker may then be able to perform |
can access the local X11 display through the forwarded connection. |
| activities such as keystroke monitoring. |
An attacker may then be able to perform activities such as keystroke monitoring. |
| .It Fl C |
.It Fl C |
| Requests compression of all data (including stdin, stdout, stderr, and |
Requests compression of all data (including stdin, stdout, stderr, and |
| data for forwarded X11 and TCP/IP connections). |
data for forwarded X11 and TCP/IP connections). |
|
|
| on the local side, and whenever a connection is made to this port, the |
on the local side, and whenever a connection is made to this port, the |
| connection is forwarded over the secure channel, and the application |
connection is forwarded over the secure channel, and the application |
| protocol is then used to determine where to connect to from the |
protocol is then used to determine where to connect to from the |
| remote machine. Currently the SOCKS4 protocol is supported, and |
remote machine. |
| |
Currently the SOCKS4 and SOCKS5 protocols are supported, and |
| .Nm |
.Nm |
| will act as a SOCKS4 server. |
will act as a SOCKS server. |
| Only root can forward privileged ports. |
Only root can forward privileged ports. |
| Dynamic port forwardings can also be specified in the configuration file. |
Dynamic port forwardings can also be specified in the configuration file. |
| .It Fl 1 |
.It Fl 1 |
|
|
| .Xr rsh 1 . |
.Xr rsh 1 . |
| .It Pa /etc/hosts.equiv |
.It Pa /etc/hosts.equiv |
| This file is used during |
This file is used during |
| .Pa \&.rhosts authentication. |
.Pa \&.rhosts |
| |
authentication. |
| It contains |
It contains |
| canonical hosts names, one per line (the full format is described on |
canonical hosts names, one per line (the full format is described on |
| the |
the |
|
|
| .Nm |
.Nm |
| exits with the exit status of the remote command or with 255 |
exits with the exit status of the remote command or with 255 |
| if an error occurred. |
if an error occurred. |
| .Sh AUTHORS |
|
| OpenSSH is a derivative of the original and free |
|
| ssh 1.2.12 release by Tatu Ylonen. |
|
| Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, |
|
| Theo de Raadt and Dug Song |
|
| removed many bugs, re-added newer features and |
|
| created OpenSSH. |
|
| Markus Friedl contributed the support for SSH |
|
| protocol versions 1.5 and 2.0. |
|
| .Sh SEE ALSO |
.Sh SEE ALSO |
| .Xr rsh 1 , |
.Xr rsh 1 , |
| .Xr scp 1 , |
.Xr scp 1 , |
|
|
| .%D January 2002 |
.%D January 2002 |
| .%O work in progress material |
.%O work in progress material |
| .Re |
.Re |
| |
.Sh AUTHORS |
| |
OpenSSH is a derivative of the original and free |
| |
ssh 1.2.12 release by Tatu Ylonen. |
| |
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, |
| |
Theo de Raadt and Dug Song |
| |
removed many bugs, re-added newer features and |
| |
created OpenSSH. |
| |
Markus Friedl contributed the support for SSH |
| |
protocol versions 1.5 and 2.0. |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh