version 1.64.2.2, 2001/02/19 17:19:32 |
version 1.64.2.3, 2001/03/21 19:46:30 |
|
|
.\" incompatible with the protocol description in the RFC file, it must be |
.\" incompatible with the protocol description in the RFC file, it must be |
.\" called by a name other than "ssh" or "Secure Shell". |
.\" called by a name other than "ssh" or "Secure Shell". |
.\" |
.\" |
.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. |
.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. |
.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. |
.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. |
.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. |
.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. |
.\" |
.\" |
.\" Redistribution and use in source and binary forms, with or without |
.\" Redistribution and use in source and binary forms, with or without |
.\" modification, are permitted provided that the following conditions |
.\" modification, are permitted provided that the following conditions |
|
|
.Os |
.Os |
.Sh NAME |
.Sh NAME |
.Nm ssh |
.Nm ssh |
.Nd OpenSSH secure shell client (remote login program) |
.Nd OpenSSH SSH client (remote login program) |
.Sh SYNOPSIS |
.Sh SYNOPSIS |
.Nm ssh |
.Nm ssh |
.Op Fl l Ar login_name |
.Op Fl l Ar login_name |
|
|
.Op Ar command |
.Op Ar command |
.Sh DESCRIPTION |
.Sh DESCRIPTION |
.Nm |
.Nm |
(Secure Shell) is a program for logging into a remote machine and for |
(SSH client) is a program for logging into a remote machine and for |
executing commands on a remote machine. |
executing commands on a remote machine. |
It is intended to replace |
It is intended to replace |
rlogin and rsh, and provide secure encrypted communications between |
rlogin and rsh, and provide secure encrypted communications between |
|
|
.Pp |
.Pp |
Protocol 2 provides additional mechanisms for confidentiality |
Protocol 2 provides additional mechanisms for confidentiality |
(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) |
(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) |
and integrity (hmac-sha1, hmac-md5). |
and integrity (hmac-md5, hmac-sha1). |
Note that protocol 1 lacks a strong mechanism for ensuring the |
Note that protocol 1 lacks a strong mechanism for ensuring the |
integrity of the connection. |
integrity of the connection. |
.Pp |
.Pp |
|
|
will also make the session transparent even if a tty is used. |
will also make the session transparent even if a tty is used. |
.Pp |
.Pp |
The session terminates when the command or shell on the remote |
The session terminates when the command or shell on the remote |
machine exists and all X11 and TCP/IP connections have been closed. |
machine exits and all X11 and TCP/IP connections have been closed. |
The exit status of the remote program is returned as the exit status |
The exit status of the remote program is returned as the exit status |
of |
of |
.Nm ssh . |
.Nm ssh . |
|
|
Forwarding of arbitrary TCP/IP connections over the secure channel can |
Forwarding of arbitrary TCP/IP connections over the secure channel can |
be specified either on command line or in a configuration file. |
be specified either on command line or in a configuration file. |
One possible application of TCP/IP forwarding is a secure connection to an |
One possible application of TCP/IP forwarding is a secure connection to an |
electronic purse; another is going trough firewalls. |
electronic purse; another is going through firewalls. |
.Pp |
.Pp |
.Ss Server authentication |
.Ss Server authentication |
.Pp |
.Pp |
|
|
The default is |
The default is |
.Pp |
.Pp |
.Bd -literal |
.Bd -literal |
``3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc, |
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, |
aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc, |
aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc, |
rijndael256-cbc,rijndael-cbc@lysator.liu.se'' |
rijndael256-cbc,rijndael-cbc@lysator.liu.se'' |
.Ed |
.Ed |
|
|
The default is |
The default is |
.Dq no . |
.Dq no . |
.It Cm GlobalKnownHostsFile |
.It Cm GlobalKnownHostsFile |
Specifies a file to use instead of |
Specifies a file to use for the protocol version 1 global |
|
host key database instead of |
.Pa /etc/ssh_known_hosts . |
.Pa /etc/ssh_known_hosts . |
|
.It Cm GlobalKnownHostsFile2 |
|
Specifies a file to use for the protocol version 2 global |
|
host key database instead of |
|
.Pa /etc/ssh_known_hosts2 . |
.It Cm HostKeyAlias |
.It Cm HostKeyAlias |
Specifies an alias that should be used instead of the |
Specifies an alias that should be used instead of the |
real host name when looking up or saving the host key |
real host name when looking up or saving the host key |
|
|
The default is |
The default is |
.Pp |
.Pp |
.Bd -literal |
.Bd -literal |
``hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com, |
``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com, |
hmac-sha1-96,hmac-md5-96'' |
hmac-sha1-96,hmac-md5-96'' |
.Ed |
.Ed |
.It Cm NumberOfPasswordPrompts |
.It Cm NumberOfPasswordPrompts |
|
|
.It Cm Port |
.It Cm Port |
Specifies the port number to connect on the remote host. |
Specifies the port number to connect on the remote host. |
Default is 22. |
Default is 22. |
|
.It Cm PreferredAuthentications |
|
Specifies the order in which the client should try protocol 2 |
|
authentication methods. This allows a client to prefer one method (e.g. |
|
.Cm keyboard-interactive ) |
|
over another method (e.g. |
|
.Cm password ) |
|
The default for this option is: |
|
.Dq publickey, password, keyboard-interactive |
.It Cm Protocol |
.It Cm Protocol |
Specifies the protocol versions |
Specifies the protocol versions |
.Nm |
.Nm |
|
|
or |
or |
.Dq no . |
.Dq no . |
The default is |
The default is |
.Dq yes . |
.Dq no . |
Note that setting this option to |
Note that setting this option to |
.Dq no |
.Dq no |
turns off |
turns off |
|
|
This saves the trouble of |
This saves the trouble of |
having to remember to give the user name on the command line. |
having to remember to give the user name on the command line. |
.It Cm UserKnownHostsFile |
.It Cm UserKnownHostsFile |
Specifies a file to use instead of |
Specifies a file to use for the protocol version 1 user |
|
host key database instead of |
.Pa $HOME/.ssh/known_hosts . |
.Pa $HOME/.ssh/known_hosts . |
|
.It Cm UserKnownHostsFile2 |
|
Specifies a file to use for the protocol version 2 user |
|
host key database instead of |
|
.Pa $HOME/.ssh/known_hosts2 . |
.It Cm UseRsh |
.It Cm UseRsh |
Specifies that rlogin/rsh should be used for this host. |
Specifies that rlogin/rsh should be used for this host. |
It is possible that the host does not at all support the |
It is possible that the host does not at all support the |
|
|
to the environment. |
to the environment. |
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Pa $HOME/.ssh/known_hosts |
.It Pa $HOME/.ssh/known_hosts, $HOME/.ssh/known_hosts2 |
Records host keys for all hosts the user has logged into (that are not |
Records host keys for all hosts the user has logged into (that are not |
in |
in |
.Pa /etc/ssh_known_hosts ) . |
.Pa /etc/ssh_known_hosts |
|
for protocol version 1 or |
|
.Pa /etc/ssh_known_hosts2 |
|
for protocol version 2). |
See |
See |
.Xr sshd 8 . |
.Xr sshd 8 . |
.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa |
.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa |
|
|
Each line of the file contains a host name (in the canonical form |
Each line of the file contains a host name (in the canonical form |
returned by name servers), and then a user name on that host, |
returned by name servers), and then a user name on that host, |
separated by a space. |
separated by a space. |
One some machines this file may need to be |
On some machines this file may need to be |
world-readable if the user's home directory is on a NFS partition, |
world-readable if the user's home directory is on a NFS partition, |
because |
because |
.Xr sshd 8 |
.Xr sshd 8 |
|
|
Contains additional definitions for environment variables, see section |
Contains additional definitions for environment variables, see section |
.Sx ENVIRONMENT |
.Sx ENVIRONMENT |
above. |
above. |
.It Pa libcrypto.so.X.1 |
|
A version of this library which includes support for the RSA algorithm |
|
is required for proper operation. |
|
.El |
.El |
.Sh AUTHORS |
.Sh AUTHORS |
OpenSSH is a derivative of the original and free |
OpenSSH is a derivative of the original and free |