| version 1.209.2.1, 2006/02/03 03:01:57 |
version 1.209.2.2, 2006/10/06 03:19:33 |
|
|
| .Oc |
.Oc |
| .Op Fl S Ar ctl_path |
.Op Fl S Ar ctl_path |
| .Bk -words |
.Bk -words |
| .Op Fl w Ar tunnel : Ns Ar tunnel |
.Oo Fl w Ar local_tun Ns |
| |
.Op : Ns Ar remote_tun Oc |
| .Oo Ar user Ns @ Oc Ns Ar hostname |
.Oo Ar user Ns @ Oc Ns Ar hostname |
| .Op Ar command |
.Op Ar command |
| .Ek |
.Ek |
|
|
| .It ControlPath |
.It ControlPath |
| .It DynamicForward |
.It DynamicForward |
| .It EscapeChar |
.It EscapeChar |
| |
.It ExitOnForwardFailure |
| .It ForwardAgent |
.It ForwardAgent |
| .It ForwardX11 |
.It ForwardX11 |
| .It ForwardX11Trusted |
.It ForwardX11Trusted |
|
|
| Force pseudo-tty allocation. |
Force pseudo-tty allocation. |
| This can be used to execute arbitrary |
This can be used to execute arbitrary |
| screen-based programs on a remote machine, which can be very useful, |
screen-based programs on a remote machine, which can be very useful, |
| e.g., when implementing menu services. |
e.g. when implementing menu services. |
| Multiple |
Multiple |
| .Fl t |
.Fl t |
| options force tty allocation, even if |
options force tty allocation, even if |
|
|
| .Fl v |
.Fl v |
| options increase the verbosity. |
options increase the verbosity. |
| The maximum is 3. |
The maximum is 3. |
| .It Fl w Ar tunnel : Ns Ar tunnel |
.It Fl w Xo |
| Requests a |
.Ar local_tun Ns Op : Ns Ar remote_tun |
| |
.Xc |
| |
Requests |
| |
tunnel |
| |
device forwarding with the specified |
| .Xr tun 4 |
.Xr tun 4 |
| device on the client |
devices between the client |
| (first |
.Pq Ar local_tun |
| .Ar tunnel |
and the server |
| arg) |
.Pq Ar remote_tun . |
| and server |
.Pp |
| (second |
|
| .Ar tunnel |
|
| arg). |
|
| The devices may be specified by numerical ID or the keyword |
The devices may be specified by numerical ID or the keyword |
| .Dq any , |
.Dq any , |
| which uses the next available tunnel device. |
which uses the next available tunnel device. |
| |
If |
| |
.Ar remote_tun |
| |
is not specified, it defaults to |
| |
.Dq any . |
| See also the |
See also the |
| .Cm Tunnel |
.Cm Tunnel |
| directive in |
and |
| |
.Cm TunnelDevice |
| |
directives in |
| .Xr ssh_config 5 . |
.Xr ssh_config 5 . |
| |
If the |
| |
.Cm Tunnel |
| |
directive is unset, it is set to the default tunnel mode, which is |
| |
.Dq point-to-point . |
| .It Fl X |
.It Fl X |
| Enables X11 forwarding. |
Enables X11 forwarding. |
| This can also be specified on a per-host basis in a configuration file. |
This can also be specified on a per-host basis in a configuration file. |
|
|
| integrity of the connection. |
integrity of the connection. |
| .Pp |
.Pp |
| The methods available for authentication are: |
The methods available for authentication are: |
| |
GSSAPI-based authentication, |
| host-based authentication, |
host-based authentication, |
| public key authentication, |
public key authentication, |
| challenge-response authentication, |
challenge-response authentication, |
|
|
| options (see above). |
options (see above). |
| It also allows the cancellation of existing remote port-forwardings |
It also allows the cancellation of existing remote port-forwardings |
| using |
using |
| .Fl KR Ar hostport . |
.Sm off |
| |
.Fl KR Oo Ar bind_address : Oc Ar port . |
| |
.Sm on |
| .Ic !\& Ns Ar command |
.Ic !\& Ns Ar command |
| allows the user to execute a local command if the |
allows the user to execute a local command if the |
| .Ic PermitLocalCommand |
.Ic PermitLocalCommand |
|
|
| The SSHFP resource records should first be added to the zonefile for |
The SSHFP resource records should first be added to the zonefile for |
| host.example.com: |
host.example.com: |
| .Bd -literal -offset indent |
.Bd -literal -offset indent |
| $ ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r host.example.com. |
$ ssh-keygen -r host.example.com. |
| $ ssh-keygen -f /etc/ssh/ssh_host_dsa_key.pub -r host.example.com. |
|
| .Ed |
.Ed |
| .Pp |
.Pp |
| The output lines will have to be added to the zonefile. |
The output lines will have to be added to the zonefile. |
|
|
| file (see below) and the |
file (see below) and the |
| .Cm PermitRootLogin |
.Cm PermitRootLogin |
| server option. |
server option. |
| The following entry would permit connections on the first |
The following entry would permit connections on |
| .Xr tun 4 |
.Xr tun 4 |
| device from user |
device 1 from user |
| .Dq jane |
.Dq jane |
| and on the second device from user |
and on tun device 2 from user |
| .Dq john , |
.Dq john , |
| if |
if |
| .Cm PermitRootLogin |
.Cm PermitRootLogin |
|
|
| .Dq forced-commands-only : |
.Dq forced-commands-only : |
| .Bd -literal -offset 2n |
.Bd -literal -offset 2n |
| tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane |
tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane |
| tunnel="2",command="sh /etc/netstart tun1" ssh-rsa ... john |
tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john |
| .Ed |
.Ed |
| .Pp |
.Pp |
| Since a SSH-based setup entails a fair amount of overhead, |
Since a SSH-based setup entails a fair amount of overhead, |
|
|
| this variable is not set. |
this variable is not set. |
| .It Ev TZ |
.It Ev TZ |
| This variable is set to indicate the present time zone if it |
This variable is set to indicate the present time zone if it |
| was set when the daemon was started (i.e., the daemon passes the value |
was set when the daemon was started (i.e. the daemon passes the value |
| on to new connections). |
on to new connections). |
| .It Ev USER |
.It Ev USER |
| Set to the name of the user logging in. |
Set to the name of the user logging in. |
|
|
| .Xr ssh-keysign 8 , |
.Xr ssh-keysign 8 , |
| .Xr sshd 8 |
.Xr sshd 8 |
| .Rs |
.Rs |
| .%A T. Ylonen |
.%R RFC 4250 |
| .%A T. Kivinen |
.%T "The Secure Shell (SSH) Protocol Assigned Numbers" |
| .%A M. Saarinen |
.%D 2006 |
| .%A T. Rinne |
.Re |
| .%A S. Lehtinen |
.Rs |
| .%T "SSH Protocol Architecture" |
.%R RFC 4251 |
| .%N draft-ietf-secsh-architecture-12.txt |
.%T "The Secure Shell (SSH) Protocol Architecture" |
| .%D January 2002 |
.%D 2006 |
| .%O work in progress material |
.Re |
| |
.Rs |
| |
.%R RFC 4252 |
| |
.%T "The Secure Shell (SSH) Authentication Protocol" |
| |
.%D 2006 |
| |
.Re |
| |
.Rs |
| |
.%R RFC 4253 |
| |
.%T "The Secure Shell (SSH) Transport Layer Protocol" |
| |
.%D 2006 |
| |
.Re |
| |
.Rs |
| |
.%R RFC 4254 |
| |
.%T "The Secure Shell (SSH) Connection Protocol" |
| |
.%D 2006 |
| |
.Re |
| |
.Rs |
| |
.%R RFC 4255 |
| |
.%T "Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints" |
| |
.%D 2006 |
| |
.Re |
| |
.Rs |
| |
.%R RFC 4256 |
| |
.%T "Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)" |
| |
.%D 2006 |
| |
.Re |
| |
.Rs |
| |
.%R RFC 4335 |
| |
.%T "The Secure Shell (SSH) Session Channel Break Extension" |
| |
.%D 2006 |
| |
.Re |
| |
.Rs |
| |
.%R RFC 4344 |
| |
.%T "The Secure Shell (SSH) Transport Layer Encryption Modes" |
| |
.%D 2006 |
| |
.Re |
| |
.Rs |
| |
.%R RFC 4345 |
| |
.%T "Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol" |
| |
.%D 2006 |
| |
.Re |
| |
.Rs |
| |
.%R RFC 4419 |
| |
.%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol" |
| |
.%D 2006 |
| .Re |
.Re |
| .Sh AUTHORS |
.Sh AUTHORS |
| OpenSSH is a derivative of the original and free |
OpenSSH is a derivative of the original and free |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh