| version 1.52, 2000/05/08 17:21:32 |
version 1.52.2.3, 2000/11/08 21:31:23 |
|
|
| .\" -*- nroff -*- |
.\" -*- nroff -*- |
| .\" |
.\" |
| .\" ssh.1.in |
|
| .\" |
|
| .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
.\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
| .\" |
|
| .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| .\" All rights reserved |
.\" All rights reserved |
| .\" |
.\" |
| .\" Created: Sat Apr 22 21:55:14 1995 ylo |
.\" As far as I am concerned, the code I have written for this software |
| |
.\" can be used freely for any purpose. Any derived versions of this |
| |
.\" software must be clearly marked as such, and if the derived work is |
| |
.\" incompatible with the protocol description in the RFC file, it must be |
| |
.\" called by a name other than "ssh" or "Secure Shell". |
| .\" |
.\" |
| .\" $Id$ |
.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. |
| |
.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. |
| |
.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. |
| .\" |
.\" |
| |
.\" Redistribution and use in source and binary forms, with or without |
| |
.\" modification, are permitted provided that the following conditions |
| |
.\" are met: |
| |
.\" 1. Redistributions of source code must retain the above copyright |
| |
.\" notice, this list of conditions and the following disclaimer. |
| |
.\" 2. Redistributions in binary form must reproduce the above copyright |
| |
.\" notice, this list of conditions and the following disclaimer in the |
| |
.\" documentation and/or other materials provided with the distribution. |
| |
.\" |
| |
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| |
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| |
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| |
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| |
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| |
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| |
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| |
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| |
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| |
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| |
.\" |
| |
.\" $OpenBSD$ |
| .Dd September 25, 1999 |
.Dd September 25, 1999 |
| .Dt SSH 1 |
.Dt SSH 1 |
| .Os |
.Os |
|
|
| .Op Ar command |
.Op Ar command |
| .Pp |
.Pp |
| .Nm ssh |
.Nm ssh |
| .Op Fl afgknqtvxCPX246 |
.Op Fl afgknqtvxACNPTX246 |
| .Op Fl c Ar cipher_spec |
.Op Fl c Ar cipher_spec |
| .Op Fl e Ar escape_char |
.Op Fl e Ar escape_char |
| .Op Fl i Ar identity_file |
.Op Fl i Ar identity_file |
|
|
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Fl a |
.It Fl a |
| Disables forwarding of the authentication agent connection. |
Disables forwarding of the authentication agent connection. |
| This may also be specified on a per-host basis in the configuration file. |
.It Fl A |
| |
Enables forwarding of the authentication agent connection. |
| |
This can also be specified on a per-host basis in a configuration file. |
| .It Fl c Ar blowfish|3des |
.It Fl c Ar blowfish|3des |
| Selects the cipher to use for encrypting the session. |
Selects the cipher to use for encrypting the session. |
| .Ar 3des |
.Ar 3des |
|
|
| (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. |
(triple-des) is an encrypt-decrypt-encrypt triple with three different keys. |
| It is presumably more secure than the |
It is presumably more secure than the |
| .Ar des |
.Ar des |
| cipher which is no longer supported in |
cipher which is no longer fully supported in |
| .Nm ssh . |
.Nm ssh . |
| .Ar blowfish |
.Ar blowfish |
| is a fast block cipher, it appears very secure and is much faster than |
is a fast block cipher, it appears very secure and is much faster than |
| .Ar 3des . |
.Ar 3des . |
| .It Fl c Ar "3des-cbc,blowfish-cbc,arcfour,cast128-cbc" |
.It Fl c Ar "3des-cbc,blowfish-cbc,arcfour,cast128-cbc" |
| Additionally, for protocol version 2 a comma-separated list of ciphers can |
Additionally, for protocol version 2 a comma-separated list of ciphers can |
| be specified in order of preference. Protocol version 2 supports |
be specified in order of preference. |
| 3DES, Blowfish and CAST128 in CBC mode and Arcfour. |
Protocol version 2 supports 3DES, Blowfish, and CAST128 in CBC mode |
| |
and Arcfour. |
| .It Fl e Ar ch|^ch|none |
.It Fl e Ar ch|^ch|none |
| Sets the escape character for sessions with a pty (default: |
Sets the escape character for sessions with a pty (default: |
| .Ql ~ ) . |
.Ql ~ ) . |
|
|
| needs to ask for a password or passphrase; see also the |
needs to ask for a password or passphrase; see also the |
| .Fl f |
.Fl f |
| option.) |
option.) |
| |
.It Fl N |
| |
Do not execute a remote command. |
| |
This is usefull if you just want to forward ports |
| |
(protocol version 2 only). |
| .It Fl o Ar option |
.It Fl o Ar option |
| Can be used to give options in the format used in the config file. |
Can be used to give options in the format used in the config file. |
| This is useful for specifying options for which there is no separate |
This is useful for specifying options for which there is no separate |
|
|
| This can be used to execute arbitrary |
This can be used to execute arbitrary |
| screen-based programs on a remote machine, which can be very useful, |
screen-based programs on a remote machine, which can be very useful, |
| e.g., when implementing menu services. |
e.g., when implementing menu services. |
| |
.It Fl T |
| |
Disable pseudo-tty allocation (protocol version 2 only). |
| .It Fl v |
.It Fl v |
| Verbose mode. |
Verbose mode. |
| Causes |
Causes |
|
|
| The verbose mode is also used to display |
The verbose mode is also used to display |
| .Xr skey 1 |
.Xr skey 1 |
| challenges, if the user entered "s/key" as password. |
challenges, if the user entered "s/key" as password. |
| |
Multiple -v options increases the verbosity. |
| |
Maximum is 3. |
| .It Fl x |
.It Fl x |
| Disables X11 forwarding. |
Disables X11 forwarding. |
| This can also be specified on a per-host basis in a configuration file. |
|
| .It Fl X |
.It Fl X |
| Enables X11 forwarding. |
Enables X11 forwarding. |
| |
This can also be specified on a per-host basis in a configuration file. |
| .It Fl C |
.It Fl C |
| Requests compression of all data (including stdin, stdout, stderr, and |
Requests compression of all data (including stdin, stdout, stderr, and |
| data for forwarded X11 and TCP/IP connections). |
data for forwarded X11 and TCP/IP connections). |
|
|
| .Dq no , |
.Dq no , |
| the check will not be executed. |
the check will not be executed. |
| .It Cm Cipher |
.It Cm Cipher |
| Specifies the cipher to use for encrypting the session. |
Specifies the cipher to use for encrypting the session |
| |
in protocol version 1. |
| Currently, |
Currently, |
| .Dq blowfish , |
.Dq blowfish |
| and |
and |
| .Dq 3des |
.Dq 3des |
| are supported. |
are supported. |
|
|
| in order of preference. |
in order of preference. |
| Multiple ciphers must be comma-separated. |
Multiple ciphers must be comma-separated. |
| The default is |
The default is |
| .Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc . |
.Dq 3des-cbc,blowfish-cbc,cast128-cbc,arcfour . |
| .It Cm Compression |
.It Cm Compression |
| Specifies whether to use compression. |
Specifies whether to use compression. |
| The argument must be |
The argument must be |
|
|
| .Dq yes |
.Dq yes |
| or |
or |
| .Dq no . |
.Dq no . |
| |
The default is |
| |
.Dq no . |
| .It Cm ForwardX11 |
.It Cm ForwardX11 |
| Specifies whether X11 connections will be automatically redirected |
Specifies whether X11 connections will be automatically redirected |
| over the secure channel and |
over the secure channel and |
|
|
| .Dq yes |
.Dq yes |
| or |
or |
| .Dq no . |
.Dq no . |
| |
.It Cm XAuthLocation |
| |
Specifies the location of the |
| |
.Xr xauth 1 |
| |
program. |
| |
The default is |
| |
.Pa /usr/X11R6/bin/xauth . |
| |
.El |
| .Sh ENVIRONMENT |
.Sh ENVIRONMENT |
| .Nm |
.Nm |
| will normally set the following environment variables: |
will normally set the following environment variables: |
|
|
| this variable is not set. |
this variable is not set. |
| .It Ev TZ |
.It Ev TZ |
| The timezone variable is set to indicate the present timezone if it |
The timezone variable is set to indicate the present timezone if it |
| was set when the daemon was started (e.i., the daemon passes the value |
was set when the daemon was started (i.e., the daemon passes the value |
| on to new connections). |
on to new connections). |
| .It Ev USER |
.It Ev USER |
| Set to the name of the user logging in. |
Set to the name of the user logging in. |
|
|
| .It Pa libcrypto.so.X.1 |
.It Pa libcrypto.so.X.1 |
| A version of this library which includes support for the RSA algorithm |
A version of this library which includes support for the RSA algorithm |
| is required for proper operation. |
is required for proper operation. |
| |
.El |
| .Sh AUTHOR |
.Sh AUTHOR |
| OpenSSH |
OpenSSH |
| is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen, |
is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen, |
|
|
| supports one-time password authentication with |
supports one-time password authentication with |
| .Xr skey 1 . |
.Xr skey 1 . |
| .El |
.El |
| .Pp |
|
| The libraries described in |
|
| .Xr ssl 8 |
|
| are required for proper operation. |
|
| .Pp |
.Pp |
| OpenSSH has been created by Aaron Campbell, Bob Beck, Markus Friedl, |
OpenSSH has been created by Aaron Campbell, Bob Beck, Markus Friedl, |
| Niels Provos, Theo de Raadt, and Dug Song. |
Niels Provos, Theo de Raadt, and Dug Song. |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh