=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh.1,v retrieving revision 1.139 retrieving revision 1.139.2.4 diff -u -r1.139 -r1.139.2.4 --- src/usr.bin/ssh/ssh.1 2001/10/01 21:51:16 1.139 +++ src/usr.bin/ssh/ssh.1 2002/05/17 00:03:24 1.139.2.4 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.139 2001/10/01 21:51:16 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.139.2.4 2002/05/17 00:03:24 miod Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -207,8 +207,8 @@ .Pp .Ss SSH protocol version 2 .Pp -When a user connects using the protocol version 2 -different authentication methods are available. +When a user connects using protocol version 2 +similar authentication methods are available. Using the default values for .Cm PreferredAuthentications , the client will try to authenticate first using the hostbased method; @@ -294,9 +294,15 @@ List forwarded connections .It Cm ~& Background ssh at logout when waiting for forwarded connection / X11 sessions -to terminate (protocol version 1 only) +to terminate .It Cm ~? Display a list of escape characters +.It Cm ~C +Open command line (only useful for adding port forwardings using the +.Fl L +and +.Fl R +options) .It Cm ~R Request rekeying of the connection (only useful for SSH protocol version 2 and if the peer supports it) @@ -443,11 +449,15 @@ .It Fl g Allows remote hosts to connect to local forwarded ports. .It Fl i Ar identity_file -Selects the file from which the identity (private key) for +Selects a file from which the identity (private key) for RSA or DSA authentication is read. -Default is +The default is .Pa $HOME/.ssh/identity -in the user's home directory. +for protocol version 1, and +.Pa $HOME/.ssh/id_rsa +and +.Pa $HOME/.ssh/id_dsa +for protocol version 2. Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple @@ -517,7 +527,6 @@ .It Fl q Quiet mode. Causes all warning and diagnostic messages to be suppressed. -Only fatal errors are displayed. .It Fl s May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use of SSH as a secure transport for other applications (eg. sftp). The @@ -900,7 +909,7 @@ Specifies the protocol version 2 host key algorithms that the client wants to use in order of preference. The default for this option is: -.Dq ssh-rsa,ssh-dss +.Dq ssh-rsa,ssh-dss . .It Cm HostKeyAlias Specifies an alias that should be used instead of the real host name when looking up or saving the host key @@ -915,10 +924,14 @@ .Cm HostName specifications). .It Cm IdentityFile -Specifies the file from which the user's RSA or DSA authentication identity -is read (default +Specifies a file from which the user's RSA or DSA authentication identity +is read. The default is .Pa $HOME/.ssh/identity -in the user's home directory). +for protocol version 1, and +.Pa $HOME/.ssh/id_rsa +and +.Pa $HOME/.ssh/id_dsa +for protocol version 2. Additionally, any identities represented by the authentication agent will be used for authentication. The file name may use the tilde @@ -927,7 +940,7 @@ multiple identity files specified in configuration files; all these identities will be tried in sequence. .It Cm KeepAlive -Specifies whether the system should send keepalive messages to the +Specifies whether the system should send TCP keepalive messages to the other side. If they are sent, death of the connection or crash of one of the machines will be properly noticed. @@ -942,8 +955,7 @@ This is important in scripts, and many users want it too. .Pp To disable keepalives, the value should be set to -.Dq no -in both the server and the client configuration files. +.Dq no . .It Cm KerberosAuthentication Specifies whether Kerberos authentication will be used. The argument to this keyword must be @@ -971,8 +983,9 @@ Gives the verbosity level that is used when logging messages from .Nm ssh . The possible values are: -QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG. -The default is INFO. +QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. +The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 +and DEBUG3 each specify higher levels of verbose output. .It Cm MACs Specifies the MAC (message authentication code) algorithms in order of preference. @@ -1013,7 +1026,7 @@ over another method (e.g. .Cm password ) The default for this option is: -.Dq hostbased,publickey,keyboard-interactive,password +.Dq hostbased,publickey,keyboard-interactive,password . .It Cm Protocol Specifies the protocol versions .Nm @@ -1389,6 +1402,15 @@ values that are not specified in the user's configuration file, and for those users who do not have a configuration file. This file must be world-readable. +.It Pa /etc/ssh_host_key, /etc/ssh_host_dsa_key, /etc/ssh_host_rsa_key +These three files contain the private parts of the host keys +and are used for +.Cm RhostsRSAAuthentication +and +.Cm HostbasedAuthentication . +Since they are readable only by root +.Nm +must be setuid root if these authentication methods are desired. .It Pa $HOME/.rhosts This file is used in .Pa \&.rhosts @@ -1429,7 +1451,7 @@ having this file is to be able to use rhosts authentication with .Nm without permitting login with -.Xr rlogin 1 +.Nm rlogin or .Xr rsh 1 . .It Pa /etc/hosts.equiv @@ -1472,6 +1494,10 @@ .Sx ENVIRONMENT above. .El +.Sh DIAGNOSTICS +.Nm +exits with the exit status of the remote command or with 255 +if an error occurred. .Sh AUTHORS OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. @@ -1482,7 +1508,6 @@ Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. .Sh SEE ALSO -.Xr rlogin 1 , .Xr rsh 1 , .Xr scp 1 , .Xr sftp 1 , @@ -1498,7 +1523,7 @@ .%A T. Rinne .%A S. Lehtinen .%T "SSH Protocol Architecture" -.%N draft-ietf-secsh-architecture-09.txt -.%D July 2001 +.%N draft-ietf-secsh-architecture-12.txt +.%D January 2002 .%O work in progress material .Re