| version 1.196, 2004/08/30 21:22:49 |
version 1.196.2.1, 2005/03/10 16:28:28 |
|
|
| .Nd OpenSSH SSH client (remote login program) |
.Nd OpenSSH SSH client (remote login program) |
| .Sh SYNOPSIS |
.Sh SYNOPSIS |
| .Nm ssh |
.Nm ssh |
| |
.Bk -words |
| .Op Fl 1246AaCfgkMNnqsTtVvXxY |
.Op Fl 1246AaCfgkMNnqsTtVvXxY |
| .Op Fl b Ar bind_address |
.Op Fl b Ar bind_address |
| .Op Fl c Ar cipher_spec |
.Op Fl c Ar cipher_spec |
| .Bk -words |
|
| .Op Fl D Ar port |
.Op Fl D Ar port |
| .Op Fl e Ar escape_char |
.Op Fl e Ar escape_char |
| .Op Fl F Ar configfile |
.Op Fl F Ar configfile |
| .Op Fl i Ar identity_file |
.Op Fl i Ar identity_file |
| .Oo Fl L Xo |
.Oo Fl L\ \& |
| .Sm off |
.Sm off |
| .Ar port : |
.Oo Ar bind_address : Oc |
| .Ar host : |
.Ar port : host : hostport |
| .Ar hostport |
|
| .Sm on |
.Sm on |
| .Xc |
|
| .Oc |
.Oc |
| .Ek |
|
| .Op Fl l Ar login_name |
.Op Fl l Ar login_name |
| .Op Fl m Ar mac_spec |
.Op Fl m Ar mac_spec |
| |
.Op Fl O Ar ctl_cmd |
| .Op Fl o Ar option |
.Op Fl o Ar option |
| .Bk -words |
|
| .Op Fl p Ar port |
.Op Fl p Ar port |
| .Ek |
.Oo Fl R\ \& |
| .Oo Fl R Xo |
|
| .Sm off |
.Sm off |
| .Ar port : |
.Oo Ar bind_address : Oc |
| .Ar host : |
.Ar port : host : hostport |
| .Ar hostport |
|
| .Sm on |
.Sm on |
| .Xc |
|
| .Oc |
.Oc |
| .Op Fl S Ar ctl |
.Op Fl S Ar ctl_path |
| .Oo Ar user Ns @ Oc Ns Ar hostname |
.Oo Ar user Ns @ Oc Ns Ar hostname |
| .Op Ar command |
.Op Ar command |
| |
.Ek |
| .Sh DESCRIPTION |
.Sh DESCRIPTION |
| .Nm |
.Nm |
| (SSH client) is a program for logging into a remote machine and for |
(SSH client) is a program for logging into a remote machine and for |
|
|
| Disables forwarding (delegation) of GSSAPI credentials to the server. |
Disables forwarding (delegation) of GSSAPI credentials to the server. |
| .It Fl L Xo |
.It Fl L Xo |
| .Sm off |
.Sm off |
| |
.Oo Ar bind_address : Oc |
| .Ar port : host : hostport |
.Ar port : host : hostport |
| .Sm on |
.Sm on |
| .Xc |
.Xc |
|
|
| forwarded to the given host and port on the remote side. |
forwarded to the given host and port on the remote side. |
| This works by allocating a socket to listen to |
This works by allocating a socket to listen to |
| .Ar port |
.Ar port |
| on the local side, and whenever a connection is made to this port, the |
on the local side, optionally bound to the specified |
| |
.Ar bind_address . |
| |
Whenever a connection is made to this port, the |
| connection is forwarded over the secure channel, and a connection is |
connection is forwarded over the secure channel, and a connection is |
| made to |
made to |
| .Ar host |
.Ar host |
|
|
| .Ar hostport |
.Ar hostport |
| from the remote machine. |
from the remote machine. |
| Port forwardings can also be specified in the configuration file. |
Port forwardings can also be specified in the configuration file. |
| Only root can forward privileged ports. |
|
| IPv6 addresses can be specified with an alternative syntax: |
IPv6 addresses can be specified with an alternative syntax: |
| .Sm off |
.Sm off |
| .Xo |
.Xo |
| |
.Op Ar bind_address No / |
| .Ar port No / Ar host No / |
.Ar port No / Ar host No / |
| .Ar hostport . |
.Ar hostport |
| .Xc |
.Xc |
| .Sm on |
.Sm on |
| |
or by enclosing the address in square brackets. |
| |
Only the superuser can forward privileged ports. |
| |
By default, the local port is bound in accordance with the |
| |
.Cm GatewayPorts |
| |
setting. |
| |
However, an explicit |
| |
.Ar bind_address |
| |
may be used to bind the connection to a specific address. |
| |
The |
| |
.Ar bind_address |
| |
of |
| |
.Dq localhost |
| |
indicates that the listening port be bound for local use only, while an |
| |
empty address or |
| |
.Sq * |
| |
indicates that the port should be available from all interfaces. |
| .It Fl l Ar login_name |
.It Fl l Ar login_name |
| Specifies the user to log in as on the remote machine. |
Specifies the user to log in as on the remote machine. |
| This also may be specified on a per-host basis in the configuration file. |
This also may be specified on a per-host basis in the configuration file. |
|
|
| needs to ask for a password or passphrase; see also the |
needs to ask for a password or passphrase; see also the |
| .Fl f |
.Fl f |
| option.) |
option.) |
| |
.It Fl O Ar ctl_cmd |
| |
Control an active connection multiplexing master process. |
| |
When the |
| |
.Fl O |
| |
option is specified, the |
| |
.Ar ctl_cmd |
| |
argument is interpreted and passed to the master process. |
| |
Valid commands are: |
| |
.Dq check |
| |
(check that the master process is running) and |
| |
.Dq exit |
| |
(request the master to exit). |
| .It Fl o Ar option |
.It Fl o Ar option |
| Can be used to give options in the format used in the configuration file. |
Can be used to give options in the format used in the configuration file. |
| This is useful for specifying options for which there is no separate |
This is useful for specifying options for which there is no separate |
|
|
| .It GlobalKnownHostsFile |
.It GlobalKnownHostsFile |
| .It GSSAPIAuthentication |
.It GSSAPIAuthentication |
| .It GSSAPIDelegateCredentials |
.It GSSAPIDelegateCredentials |
| |
.It HashKnownHosts |
| .It Host |
.It Host |
| .It HostbasedAuthentication |
.It HostbasedAuthentication |
| .It HostKeyAlgorithms |
.It HostKeyAlgorithms |
|
|
| .It HostName |
.It HostName |
| .It IdentityFile |
.It IdentityFile |
| .It IdentitiesOnly |
.It IdentitiesOnly |
| |
.It KbdInteractiveDevices |
| .It LocalForward |
.It LocalForward |
| .It LogLevel |
.It LogLevel |
| .It MACs |
.It MACs |
|
|
| Causes all warning and diagnostic messages to be suppressed. |
Causes all warning and diagnostic messages to be suppressed. |
| .It Fl R Xo |
.It Fl R Xo |
| .Sm off |
.Sm off |
| |
.Oo Ar bind_address : Oc |
| .Ar port : host : hostport |
.Ar port : host : hostport |
| .Sm on |
.Sm on |
| .Xc |
.Xc |
|
|
| port |
port |
| .Ar hostport |
.Ar hostport |
| from the local machine. |
from the local machine. |
| |
.Pp |
| Port forwardings can also be specified in the configuration file. |
Port forwardings can also be specified in the configuration file. |
| Privileged ports can be forwarded only when |
Privileged ports can be forwarded only when |
| logging in as root on the remote machine. |
logging in as root on the remote machine. |
| IPv6 addresses can be specified with an alternative syntax: |
IPv6 addresses can be specified by enclosing the address in square braces or |
| |
using an alternative syntax: |
| .Sm off |
.Sm off |
| .Xo |
.Xo |
| .Ar port No / Ar host No / |
.Op Ar bind_address No / |
| .Ar hostport . |
.Ar host No / Ar port No / |
| .Xc |
.Ar hostport |
| |
.Xc . |
| .Sm on |
.Sm on |
| .It Fl S Ar ctl |
.Pp |
| |
By default, the listening socket on the server will be bound to the loopback |
| |
interface only. |
| |
This may be overriden by specifying a |
| |
.Ar bind_address . |
| |
An empty |
| |
.Ar bind_address , |
| |
or the address |
| |
.Ql * , |
| |
indicates that the remote socket should listen on all interfaces. |
| |
Specifying a remote |
| |
.Ar bind_address |
| |
will only succeed if the server's |
| |
.Cm GatewayPorts |
| |
option is enabled (see |
| |
.Xr sshd_config 5 ) . |
| |
.It Fl S Ar ctl_path |
| Specifies the location of a control socket for connection sharing. |
Specifies the location of a control socket for connection sharing. |
| Refer to the description of |
Refer to the description of |
| .Cm ControlPath |
.Cm ControlPath |
|
|
| (for the user's X authorization database) |
(for the user's X authorization database) |
| can access the local X11 display through the forwarded connection. |
can access the local X11 display through the forwarded connection. |
| An attacker may then be able to perform activities such as keystroke monitoring. |
An attacker may then be able to perform activities such as keystroke monitoring. |
| |
.Pp |
| |
For this reason, X11 forwarding is subjected to X11 SECURITY extension |
| |
restrictions by default. |
| |
Please refer to the |
| |
.Nm |
| |
.Fl Y |
| |
option and the |
| |
.Cm ForwardX11Trusted |
| |
directive in |
| |
.Xr ssh_config 5 |
| |
for more information. |
| .It Fl x |
.It Fl x |
| Disables X11 forwarding. |
Disables X11 forwarding. |
| .It Fl Y |
.It Fl Y |
| Enables trusted X11 forwarding. |
Enables trusted X11 forwarding. |
| |
Trusted X11 forwardings are not subjected to the X11 SECURITY extension |
| |
controls. |
| .El |
.El |
| .Sh CONFIGURATION FILES |
.Sh CONFIGURATION FILES |
| .Nm |
.Nm |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh