| version 1.64.2.2, 2001/02/19 17:19:32 |
version 1.64.2.3, 2001/03/21 19:46:30 |
|
|
| .\" incompatible with the protocol description in the RFC file, it must be |
.\" incompatible with the protocol description in the RFC file, it must be |
| .\" called by a name other than "ssh" or "Secure Shell". |
.\" called by a name other than "ssh" or "Secure Shell". |
| .\" |
.\" |
| .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. |
.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. |
| .\" Copyright (c) 1999 Aaron Campbell. All rights reserved. |
.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. |
| .\" Copyright (c) 1999 Theo de Raadt. All rights reserved. |
.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. |
| .\" |
.\" |
| .\" Redistribution and use in source and binary forms, with or without |
.\" Redistribution and use in source and binary forms, with or without |
| .\" modification, are permitted provided that the following conditions |
.\" modification, are permitted provided that the following conditions |
|
|
| .Os |
.Os |
| .Sh NAME |
.Sh NAME |
| .Nm ssh |
.Nm ssh |
| .Nd OpenSSH secure shell client (remote login program) |
.Nd OpenSSH SSH client (remote login program) |
| .Sh SYNOPSIS |
.Sh SYNOPSIS |
| .Nm ssh |
.Nm ssh |
| .Op Fl l Ar login_name |
.Op Fl l Ar login_name |
|
|
| .Op Ar command |
.Op Ar command |
| .Sh DESCRIPTION |
.Sh DESCRIPTION |
| .Nm |
.Nm |
| (Secure Shell) is a program for logging into a remote machine and for |
(SSH client) is a program for logging into a remote machine and for |
| executing commands on a remote machine. |
executing commands on a remote machine. |
| It is intended to replace |
It is intended to replace |
| rlogin and rsh, and provide secure encrypted communications between |
rlogin and rsh, and provide secure encrypted communications between |
|
|
| .Pp |
.Pp |
| Protocol 2 provides additional mechanisms for confidentiality |
Protocol 2 provides additional mechanisms for confidentiality |
| (the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) |
(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) |
| and integrity (hmac-sha1, hmac-md5). |
and integrity (hmac-md5, hmac-sha1). |
| Note that protocol 1 lacks a strong mechanism for ensuring the |
Note that protocol 1 lacks a strong mechanism for ensuring the |
| integrity of the connection. |
integrity of the connection. |
| .Pp |
.Pp |
|
|
| will also make the session transparent even if a tty is used. |
will also make the session transparent even if a tty is used. |
| .Pp |
.Pp |
| The session terminates when the command or shell on the remote |
The session terminates when the command or shell on the remote |
| machine exists and all X11 and TCP/IP connections have been closed. |
machine exits and all X11 and TCP/IP connections have been closed. |
| The exit status of the remote program is returned as the exit status |
The exit status of the remote program is returned as the exit status |
| of |
of |
| .Nm ssh . |
.Nm ssh . |
|
|
| Forwarding of arbitrary TCP/IP connections over the secure channel can |
Forwarding of arbitrary TCP/IP connections over the secure channel can |
| be specified either on command line or in a configuration file. |
be specified either on command line or in a configuration file. |
| One possible application of TCP/IP forwarding is a secure connection to an |
One possible application of TCP/IP forwarding is a secure connection to an |
| electronic purse; another is going trough firewalls. |
electronic purse; another is going through firewalls. |
| .Pp |
.Pp |
| .Ss Server authentication |
.Ss Server authentication |
| .Pp |
.Pp |
|
|
| The default is |
The default is |
| .Pp |
.Pp |
| .Bd -literal |
.Bd -literal |
| ``3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc, |
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, |
| aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc, |
aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc, |
| rijndael256-cbc,rijndael-cbc@lysator.liu.se'' |
rijndael256-cbc,rijndael-cbc@lysator.liu.se'' |
| .Ed |
.Ed |
|
|
| The default is |
The default is |
| .Dq no . |
.Dq no . |
| .It Cm GlobalKnownHostsFile |
.It Cm GlobalKnownHostsFile |
| Specifies a file to use instead of |
Specifies a file to use for the protocol version 1 global |
| |
host key database instead of |
| .Pa /etc/ssh_known_hosts . |
.Pa /etc/ssh_known_hosts . |
| |
.It Cm GlobalKnownHostsFile2 |
| |
Specifies a file to use for the protocol version 2 global |
| |
host key database instead of |
| |
.Pa /etc/ssh_known_hosts2 . |
| .It Cm HostKeyAlias |
.It Cm HostKeyAlias |
| Specifies an alias that should be used instead of the |
Specifies an alias that should be used instead of the |
| real host name when looking up or saving the host key |
real host name when looking up or saving the host key |
|
|
| The default is |
The default is |
| .Pp |
.Pp |
| .Bd -literal |
.Bd -literal |
| ``hmac-sha1,hmac-md5,hmac-ripemd160,hmac-ripemd160@openssh.com, |
``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com, |
| hmac-sha1-96,hmac-md5-96'' |
hmac-sha1-96,hmac-md5-96'' |
| .Ed |
.Ed |
| .It Cm NumberOfPasswordPrompts |
.It Cm NumberOfPasswordPrompts |
|
|
| .It Cm Port |
.It Cm Port |
| Specifies the port number to connect on the remote host. |
Specifies the port number to connect on the remote host. |
| Default is 22. |
Default is 22. |
| |
.It Cm PreferredAuthentications |
| |
Specifies the order in which the client should try protocol 2 |
| |
authentication methods. This allows a client to prefer one method (e.g. |
| |
.Cm keyboard-interactive ) |
| |
over another method (e.g. |
| |
.Cm password ) |
| |
The default for this option is: |
| |
.Dq publickey, password, keyboard-interactive |
| .It Cm Protocol |
.It Cm Protocol |
| Specifies the protocol versions |
Specifies the protocol versions |
| .Nm |
.Nm |
|
|
| or |
or |
| .Dq no . |
.Dq no . |
| The default is |
The default is |
| .Dq yes . |
.Dq no . |
| Note that setting this option to |
Note that setting this option to |
| .Dq no |
.Dq no |
| turns off |
turns off |
|
|
| This saves the trouble of |
This saves the trouble of |
| having to remember to give the user name on the command line. |
having to remember to give the user name on the command line. |
| .It Cm UserKnownHostsFile |
.It Cm UserKnownHostsFile |
| Specifies a file to use instead of |
Specifies a file to use for the protocol version 1 user |
| |
host key database instead of |
| .Pa $HOME/.ssh/known_hosts . |
.Pa $HOME/.ssh/known_hosts . |
| |
.It Cm UserKnownHostsFile2 |
| |
Specifies a file to use for the protocol version 2 user |
| |
host key database instead of |
| |
.Pa $HOME/.ssh/known_hosts2 . |
| .It Cm UseRsh |
.It Cm UseRsh |
| Specifies that rlogin/rsh should be used for this host. |
Specifies that rlogin/rsh should be used for this host. |
| It is possible that the host does not at all support the |
It is possible that the host does not at all support the |
|
|
| to the environment. |
to the environment. |
| .Sh FILES |
.Sh FILES |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Pa $HOME/.ssh/known_hosts |
.It Pa $HOME/.ssh/known_hosts, $HOME/.ssh/known_hosts2 |
| Records host keys for all hosts the user has logged into (that are not |
Records host keys for all hosts the user has logged into (that are not |
| in |
in |
| .Pa /etc/ssh_known_hosts ) . |
.Pa /etc/ssh_known_hosts |
| |
for protocol version 1 or |
| |
.Pa /etc/ssh_known_hosts2 |
| |
for protocol version 2). |
| See |
See |
| .Xr sshd 8 . |
.Xr sshd 8 . |
| .It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa |
.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa |
|
|
| Each line of the file contains a host name (in the canonical form |
Each line of the file contains a host name (in the canonical form |
| returned by name servers), and then a user name on that host, |
returned by name servers), and then a user name on that host, |
| separated by a space. |
separated by a space. |
| One some machines this file may need to be |
On some machines this file may need to be |
| world-readable if the user's home directory is on a NFS partition, |
world-readable if the user's home directory is on a NFS partition, |
| because |
because |
| .Xr sshd 8 |
.Xr sshd 8 |
|
|
| Contains additional definitions for environment variables, see section |
Contains additional definitions for environment variables, see section |
| .Sx ENVIRONMENT |
.Sx ENVIRONMENT |
| above. |
above. |
| .It Pa libcrypto.so.X.1 |
|
| A version of this library which includes support for the RSA algorithm |
|
| is required for proper operation. |
|
| .El |
.El |
| .Sh AUTHORS |
.Sh AUTHORS |
| OpenSSH is a derivative of the original and free |
OpenSSH is a derivative of the original and free |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh