version 1.376, 2016/07/16 06:57:55 |
version 1.377, 2017/04/30 23:18:22 |
|
|
.Sh SYNOPSIS |
.Sh SYNOPSIS |
.Nm ssh |
.Nm ssh |
.Bk -words |
.Bk -words |
.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy |
.Op Fl 46AaCfGgKkMNnqsTtVvXxYy |
.Op Fl b Ar bind_address |
.Op Fl b Ar bind_address |
.Op Fl c Ar cipher_spec |
.Op Fl c Ar cipher_spec |
.Op Fl D Oo Ar bind_address : Oc Ns Ar port |
.Op Fl D Oo Ar bind_address : Oc Ns Ar port |
|
|
The options are as follows: |
The options are as follows: |
.Pp |
.Pp |
.Bl -tag -width Ds -compact |
.Bl -tag -width Ds -compact |
.It Fl 1 |
|
Forces |
|
.Nm |
|
to try protocol version 1 only. |
|
.Pp |
|
.It Fl 2 |
|
Forces |
|
.Nm |
|
to try protocol version 2 only. |
|
.Pp |
|
.It Fl 4 |
.It Fl 4 |
Forces |
Forces |
.Nm |
.Nm |
|
|
.Ux Ns -domain |
.Ux Ns -domain |
connections). |
connections). |
The compression algorithm is the same used by |
The compression algorithm is the same used by |
.Xr gzip 1 , |
.Xr gzip 1 . |
and the |
|
.Dq level |
|
can be controlled by the |
|
.Cm CompressionLevel |
|
option for protocol version 1. |
|
Compression is desirable on modem lines and other |
Compression is desirable on modem lines and other |
slow connections, but will only slow down things on fast networks. |
slow connections, but will only slow down things on fast networks. |
The default value can be set on a host-by-host basis in the |
The default value can be set on a host-by-host basis in the |
|
|
.Pp |
.Pp |
.It Fl c Ar cipher_spec |
.It Fl c Ar cipher_spec |
Selects the cipher specification for encrypting the session. |
Selects the cipher specification for encrypting the session. |
.Pp |
|
Protocol version 1 allows specification of a single cipher. |
|
The supported values are |
|
.Dq 3des , |
|
.Dq blowfish , |
|
and |
|
.Dq des . |
|
For protocol version 2, |
|
.Ar cipher_spec |
.Ar cipher_spec |
is a comma-separated list of ciphers |
is a comma-separated list of ciphers |
listed in order of preference. |
listed in order of preference. |
|
|
Selects a file from which the identity (private key) for |
Selects a file from which the identity (private key) for |
public key authentication is read. |
public key authentication is read. |
The default is |
The default is |
.Pa ~/.ssh/identity |
|
for protocol version 1, and |
|
.Pa ~/.ssh/id_dsa , |
.Pa ~/.ssh/id_dsa , |
.Pa ~/.ssh/id_ecdsa , |
.Pa ~/.ssh/id_ecdsa , |
.Pa ~/.ssh/id_ed25519 |
.Pa ~/.ssh/id_ed25519 |
|
|
.It Ciphers |
.It Ciphers |
.It ClearAllForwardings |
.It ClearAllForwardings |
.It Compression |
.It Compression |
.It CompressionLevel |
|
.It ConnectionAttempts |
.It ConnectionAttempts |
.It ConnectTimeout |
.It ConnectTimeout |
.It ControlMaster |
.It ControlMaster |
|
|
.It PKCS11Provider |
.It PKCS11Provider |
.It Port |
.It Port |
.It PreferredAuthentications |
.It PreferredAuthentications |
.It Protocol |
|
.It ProxyCommand |
.It ProxyCommand |
.It ProxyJump |
.It ProxyJump |
.It ProxyUseFdpass |
.It ProxyUseFdpass |
|
|
.It RekeyLimit |
.It RekeyLimit |
.It RemoteForward |
.It RemoteForward |
.It RequestTTY |
.It RequestTTY |
.It RhostsRSAAuthentication |
|
.It RSAAuthentication |
|
.It SendEnv |
.It SendEnv |
.It ServerAliveInterval |
.It ServerAliveInterval |
.It ServerAliveCountMax |
.It ServerAliveCountMax |
|
|
The file format and configuration options are described in |
The file format and configuration options are described in |
.Xr ssh_config 5 . |
.Xr ssh_config 5 . |
.Sh AUTHENTICATION |
.Sh AUTHENTICATION |
The OpenSSH SSH client supports SSH protocols 1 and 2. |
The OpenSSH SSH client supports SSH protocol 2. |
The default is to use protocol 2 only, |
|
though this can be changed via the |
|
.Cm Protocol |
|
option in |
|
.Xr ssh_config 5 |
|
or the |
|
.Fl 1 |
|
and |
|
.Fl 2 |
|
options (see above). |
|
Protocol 1 should not be used |
|
and is only offered to support legacy devices. |
|
It suffers from a number of cryptographic weaknesses |
|
and doesn't support many of the advanced features available for protocol 2. |
|
.Pp |
.Pp |
The methods available for authentication are: |
The methods available for authentication are: |
GSSAPI-based authentication, |
GSSAPI-based authentication, |
|
|
The user creates his/her key pair by running |
The user creates his/her key pair by running |
.Xr ssh-keygen 1 . |
.Xr ssh-keygen 1 . |
This stores the private key in |
This stores the private key in |
.Pa ~/.ssh/identity |
|
(protocol 1), |
|
.Pa ~/.ssh/id_dsa |
.Pa ~/.ssh/id_dsa |
(DSA), |
(DSA), |
.Pa ~/.ssh/id_ecdsa |
.Pa ~/.ssh/id_ecdsa |
|
|
.Pa ~/.ssh/id_rsa |
.Pa ~/.ssh/id_rsa |
(RSA) |
(RSA) |
and stores the public key in |
and stores the public key in |
.Pa ~/.ssh/identity.pub |
|
(protocol 1), |
|
.Pa ~/.ssh/id_dsa.pub |
.Pa ~/.ssh/id_dsa.pub |
(DSA), |
(DSA), |
.Pa ~/.ssh/id_ecdsa.pub |
.Pa ~/.ssh/id_ecdsa.pub |