=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh.1,v retrieving revision 1.167.4.3 retrieving revision 1.168 diff -u -r1.167.4.3 -r1.168 --- src/usr.bin/ssh/ssh.1 2004/03/04 18:18:16 1.167.4.3 +++ src/usr.bin/ssh/ssh.1 2003/03/28 10:11:43 1.168 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.167.4.3 2004/03/04 18:18:16 brad Exp $ +.\" $OpenBSD: ssh.1,v 1.168 2003/03/28 10:11:43 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -43,14 +43,22 @@ .Nd OpenSSH SSH client (remote login program) .Sh SYNOPSIS .Nm ssh -.Op Fl 1246AaCfgkNnqsTtVvXxY +.Op Fl l Ar login_name +.Ar hostname | user@hostname +.Op Ar command +.Pp +.Nm ssh +.Bk -words +.Op Fl afgknqstvxACNTX1246 .Op Fl b Ar bind_address .Op Fl c Ar cipher_spec -.Op Fl D Ar port .Op Fl e Ar escape_char -.Op Fl F Ar configfile .Op Fl i Ar identity_file -.Bk -words +.Op Fl l Ar login_name +.Op Fl m Ar mac_spec +.Op Fl o Ar option +.Op Fl p Ar port +.Op Fl F Ar configfile .Oo Fl L Xo .Sm off .Ar port : @@ -60,12 +68,7 @@ .Xc .Oc .Ek -.Op Fl l Ar login_name -.Op Fl m Ar mac_spec -.Op Fl o Ar option .Bk -words -.Op Fl p Ar port -.Ek .Oo Fl R Xo .Sm off .Ar port : @@ -74,34 +77,29 @@ .Sm on .Xc .Oc -.Oo Ar user Ns @ Oc Ns Ar hostname +.Op Fl D Ar port +.Ar hostname | user@hostname .Op Ar command +.Ek .Sh DESCRIPTION .Nm (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. -It is intended to replace rlogin and rsh, -and provide secure encrypted communications between +It is intended to replace +rlogin and rsh, and provide secure encrypted communications between two untrusted hosts over an insecure network. -X11 connections and arbitrary TCP/IP ports -can also be forwarded over the secure channel. +X11 connections and +arbitrary TCP/IP ports can also be forwarded over the secure channel. .Pp .Nm connects and logs into the specified -.Ar hostname -(with optional -.Ar user -name). +.Ar hostname . The user must prove his/her identity to the remote machine using one of several methods -depending on the protocol version used. +depending on the protocol version used: .Pp -If -.Ar command -is specified, -.Ar command -is executed on the remote host instead of a login shell. .Ss SSH protocol version 1 +.Pp First, if the machine the user logs in from is listed in .Pa /etc/hosts.equiv or @@ -109,9 +107,9 @@ on the remote machine, and the user names are the same on both sides, the user is immediately permitted to log in. Second, if -.Pa .rhosts +.Pa \&.rhosts or -.Pa .shosts +.Pa \&.shosts exists in the user's home directory on the remote machine and contains a line containing the name of the client machine and the name of the user on that machine, the user is @@ -120,9 +118,9 @@ allowed by the server because it is not secure. .Pp The second authentication method is the -.Em rhosts +.Pa rhosts or -.Em hosts.equiv +.Pa hosts.equiv method combined with RSA-based host authentication. It means that if the login would be permitted by .Pa $HOME/.rhosts , @@ -137,7 +135,7 @@ .Pa $HOME/.ssh/known_hosts in the .Sx FILES -section), only then is login permitted. +section), only then login is permitted. This authentication method closes security holes due to IP spoofing, DNS spoofing and routing spoofing. [Note to the administrator: @@ -156,23 +154,24 @@ The idea is that each user creates a public/private key pair for authentication purposes. The server knows the public key, and only the user knows the private key. -.Pp The file .Pa $HOME/.ssh/authorized_keys -lists the public keys that are permitted for logging in. +lists the public keys that are permitted for logging +in. When the user logs in, the .Nm program tells the server which key pair it would like to use for authentication. -The server checks if this key is permitted, and if so, -sends the user (actually the +The server checks if this key is permitted, and if +so, sends the user (actually the .Nm program running on behalf of the user) a challenge, a random number, encrypted by the user's public key. -The challenge can only be decrypted using the proper private key. -The user's client then decrypts the challenge using the private key, -proving that he/she knows the private key -but without disclosing it to the server. +The challenge can only be +decrypted using the proper private key. +The user's client then decrypts the +challenge using the private key, proving that he/she knows the private +key but without disclosing it to the server. .Pp .Nm implements the RSA authentication protocol automatically. @@ -180,7 +179,7 @@ .Xr ssh-keygen 1 . This stores the private key in .Pa $HOME/.ssh/identity -and stores the public key in +and the public key in .Pa $HOME/.ssh/identity.pub in the user's home directory. The user should then copy the @@ -194,9 +193,8 @@ file, and has one key per line, though the lines can be very long). After this, the user can log in without giving the password. -RSA authentication is much more secure than -.Em rhosts -authentication. +RSA authentication is much +more secure than rhosts authentication. .Pp The most convenient way to use RSA authentication may be with an authentication agent. @@ -210,14 +208,16 @@ The password is sent to the remote host for checking; however, since all communications are encrypted, the password cannot be seen by someone listening on the network. +.Pp .Ss SSH protocol version 2 -When a user connects using protocol version 2, +.Pp +When a user connects using protocol version 2 similar authentication methods are available. Using the default values for .Cm PreferredAuthentications , the client will try to authenticate first using the hostbased method; -if this method fails, public key authentication is attempted, -and finally if this method fails, keyboard-interactive and +if this method fails public key authentication is attempted, +and finally if this method fails keyboard-interactive and password authentication are tried. .Pp The public key method is similar to RSA authentication described @@ -233,8 +233,8 @@ The session identifier is derived from a shared Diffie-Hellman value and is only known to the client and the server. .Pp -If public key authentication fails or is not available, a password -can be sent encrypted to the remote host to prove the user's identity. +If public key authentication fails or is not available a password +can be sent encrypted to the remote host for proving the user's identity. .Pp Additionally, .Nm @@ -245,7 +245,9 @@ and integrity (hmac-md5, hmac-sha1). Note that protocol 1 lacks a strong mechanism for ensuring the integrity of the connection. +.Pp .Ss Login session and remote execution +.Pp When the user's identity has been accepted by the server, the server either executes the given command, or logs into the machine and gives the user a normal shell on the remote machine. @@ -255,21 +257,24 @@ If a pseudo-terminal has been allocated (normal login session), the user may use the escape characters noted below. .Pp -If no pseudo-tty has been allocated, -the session is transparent and can be used to reliably transfer binary data. +If no pseudo tty has been allocated, the +session is transparent and can be used to reliably transfer binary +data. On most systems, setting the escape character to .Dq none will also make the session transparent even if a tty is used. .Pp The session terminates when the command or shell on the remote machine exits and all X11 and TCP/IP connections have been closed. -The exit status of the remote program is returned as the exit status of +The exit status of the remote program is returned as the exit status +of .Nm ssh . +.Pp .Ss Escape Characters -When a pseudo-terminal has been requested, -.Nm -supports a number of functions through the use of an escape character. .Pp +When a pseudo terminal has been requested, ssh supports a number of functions +through the use of an escape character. +.Pp A single tilde character can be sent as .Ic ~~ or by following the tilde by a character other than those described below. @@ -286,37 +291,34 @@ are: .Bl -tag -width Ds .It Cm ~. -Disconnect. +Disconnect .It Cm ~^Z -Background -.Nm ssh . +Background ssh .It Cm ~# -List forwarded connections. +List forwarded connections .It Cm ~& -Background -.Nm -at logout when waiting for forwarded connection / X11 sessions to terminate. +Background ssh at logout when waiting for forwarded connection / X11 sessions +to terminate .It Cm ~? -Display a list of escape characters. -.It Cm ~B -Send a BREAK to the remote system -(only useful for SSH protocol version 2 and if the peer supports it). +Display a list of escape characters .It Cm ~C Open command line (only useful for adding port forwardings using the .Fl L and .Fl R -options). +options) .It Cm ~R -Request rekeying of the connection -(only useful for SSH protocol version 2 and if the peer supports it). +Request rekeying of the connection (only useful for SSH protocol version 2 +and if the peer supports it) .El +.Pp .Ss X11 and TCP forwarding +.Pp If the .Cm ForwardX11 variable is set to .Dq yes -(or see the description of the +(or, see the description of the .Fl X and .Fl x @@ -337,7 +339,8 @@ .Ev DISPLAY value set by .Nm -will point to the server machine, but with a display number greater than zero. +will point to the server machine, but with a display number greater +than zero. This is normal, and happens because .Nm creates a @@ -358,7 +361,7 @@ .Cm ForwardAgent variable is set to .Dq yes -(or see the description of the +(or, see the description of the .Fl A and .Fl a @@ -370,7 +373,9 @@ be specified either on the command line or in a configuration file. One possible application of TCP/IP forwarding is a secure connection to an electronic purse; another is going through firewalls. +.Pp .Ss Server authentication +.Pp .Nm automatically maintains and checks a database containing identifications for all hosts it has ever been used with. @@ -381,12 +386,14 @@ .Pa /etc/ssh/ssh_known_hosts is automatically checked for known hosts. Any new hosts are automatically added to the user's file. -If a host's identification ever changes, +If a host's identification +ever changes, .Nm warns about this and disables password authentication to prevent a trojan horse from getting the user's password. -Another purpose of this mechanism is to prevent man-in-the-middle attacks -which could otherwise be used to circumvent the encryption. +Another purpose of +this mechanism is to prevent man-in-the-middle attacks which could +otherwise be used to circumvent the encryption. The .Cm StrictHostKeyChecking option can be used to prevent logins to machines whose @@ -394,22 +401,8 @@ .Pp The options are as follows: .Bl -tag -width Ds -.It Fl 1 -Forces -.Nm -to try protocol version 1 only. -.It Fl 2 -Forces -.Nm -to try protocol version 2 only. -.It Fl 4 -Forces -.Nm -to use IPv4 addresses only. -.It Fl 6 -Forces -.Nm -to use IPv6 addresses only. +.It Fl a +Disables forwarding of the authentication agent connection. .It Fl A Enables forwarding of the authentication agent connection. This can also be specified on a per-host basis in a configuration file. @@ -421,28 +414,10 @@ An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent. -.It Fl a -Disables forwarding of the authentication agent connection. .It Fl b Ar bind_address Specify the interface to transmit from on machines with multiple interfaces or aliased addresses. -.It Fl C -Requests compression of all data (including stdin, stdout, stderr, and -data for forwarded X11 and TCP/IP connections). -The compression algorithm is the same used by -.Xr gzip 1 , -and the -.Dq level -can be controlled by the -.Cm CompressionLevel -option for protocol version 1. -Compression is desirable on modem lines and other -slow connections, but will only slow down things on fast networks. -The default value can be set on a host-by-host basis in the -configuration files; see the -.Cm Compression -option. -.It Fl c Ar blowfish | 3des | des +.It Fl c Ar blowfish|3des|des Selects the cipher to use for encrypting the session. .Ar 3des is used by default. @@ -450,7 +425,7 @@ .Ar 3des (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. .Ar blowfish -is a fast block cipher; it appears very secure and is much faster than +is a fast block cipher, it appears very secure and is much faster than .Ar 3des . .Ar des is only supported in the @@ -466,41 +441,18 @@ See .Cm Ciphers for more information. -.It Fl D Ar port -Specifies a local -.Dq dynamic -application-level port forwarding. -This works by allocating a socket to listen to -.Ar port -on the local side, and whenever a connection is made to this port, the -connection is forwarded over the secure channel, and the application -protocol is then used to determine where to connect to from the -remote machine. -Currently the SOCKS4 and SOCKS5 protocols are supported, and -.Nm -will act as a SOCKS server. -Only root can forward privileged ports. -Dynamic port forwardings can also be specified in the configuration file. -.It Fl e Ar ch | ^ch | none +.It Fl e Ar ch|^ch|none Sets the escape character for sessions with a pty (default: .Ql ~ ) . The escape character is only recognized at the beginning of a line. The escape character followed by a dot .Pq Ql \&. -closes the connection; -followed by control-Z suspends the connection; -and followed by itself sends the escape character once. +closes the connection, followed +by control-Z suspends the connection, and followed by itself sends the +escape character once. Setting the character to .Dq none disables any escapes and makes the session fully transparent. -.It Fl F Ar configfile -Specifies an alternative per-user configuration file. -If a configuration file is given on the command line, -the system-wide configuration file -.Pq Pa /etc/ssh/ssh_config -will be ignored. -The default for the per-user configuration file is -.Pa $HOME/.ssh/config . .It Fl f Requests .Nm @@ -516,12 +468,6 @@ .Ic ssh -f host xterm . .It Fl g Allows remote hosts to connect to local forwarded ports. -.It Fl I Ar smartcard_device -Specifies which smartcard device to use. -The argument is the device -.Nm -should use to communicate with a smartcard used for storing the user's -private RSA key. .It Fl i Ar identity_file Selects a file from which the identity (private key) for RSA or DSA authentication is read. @@ -538,33 +484,15 @@ .Fl i options (and multiple identities specified in configuration files). +.It Fl I Ar smartcard_device +Specifies which smartcard device to use. The argument is +the device +.Nm +should use to communicate with a smartcard used for storing the user's +private RSA key. .It Fl k -Disables forwarding (delegation) of GSSAPI credentials to the server. -.It Fl L Xo -.Sm off -.Ar port : host : hostport -.Sm on -.Xc -Specifies that the given port on the local (client) host is to be -forwarded to the given host and port on the remote side. -This works by allocating a socket to listen to -.Ar port -on the local side, and whenever a connection is made to this port, the -connection is forwarded over the secure channel, and a connection is -made to -.Ar host -port -.Ar hostport -from the remote machine. -Port forwardings can also be specified in the configuration file. -Only root can forward privileged ports. -IPv6 addresses can be specified with an alternative syntax: -.Sm off -.Xo -.Ar port No / Ar host No / -.Ar hostport . -.Xc -.Sm on +Disables forwarding of Kerberos tickets and AFS tokens. +This may also be specified on a per-host basis in the configuration file. .It Fl l Ar login_name Specifies the user to log in as on the remote machine. This also may be specified on a per-host basis in the configuration file. @@ -575,10 +503,6 @@ See the .Cm MACs keyword for more information. -.It Fl N -Do not execute a remote command. -This is useful for just forwarding ports -(protocol version 2 only). .It Fl n Redirects stdin from .Pa /dev/null @@ -599,66 +523,14 @@ needs to ask for a password or passphrase; see also the .Fl f option.) +.It Fl N +Do not execute a remote command. +This is useful for just forwarding ports +(protocol version 2 only). .It Fl o Ar option Can be used to give options in the format used in the configuration file. This is useful for specifying options for which there is no separate command-line flag. -For full details of the options listed below, and their possible values, see -.Xr ssh_config 5 . -.Pp -.Bl -tag -width Ds -offset indent -compact -.It AddressFamily -.It BatchMode -.It BindAddress -.It ChallengeResponseAuthentication -.It CheckHostIP -.It Cipher -.It Ciphers -.It ClearAllForwardings -.It Compression -.It CompressionLevel -.It ConnectionAttempts -.It ConnectionTimeout -.It DynamicForward -.It EscapeChar -.It ForwardAgent -.It ForwardX11 -.It ForwardX11Trusted -.It GatewayPorts -.It GlobalKnownHostsFile -.It GSSAPIAuthentication -.It GSSAPIDelegateCredentials -.It Host -.It HostbasedAuthentication -.It HostKeyAlgorithms -.It HostKeyAlias -.It HostName -.It IdentityFile -.It LocalForward -.It LogLevel -.It MACs -.It NoHostAuthenticationForLocalhost -.It NumberOfPasswordPrompts -.It PasswordAuthentication -.It Port -.It PreferredAuthentications -.It Protocol -.It ProxyCommand -.It PubkeyAuthentication -.It RemoteForward -.It RhostsRSAAuthentication -.It RSAAuthentication -.It ServerAliveInterval -.It ServerAliveCountMax -.It SmartcardDevice -.It StrictHostKeyChecking -.It TCPKeepAlive -.It UsePrivilegedPort -.It User -.It UserKnownHostsFile -.It VerifyHostKeyDNS -.It XAuthLocation -.El .It Fl p Ar port Port to connect to on the remote host. This can be specified on a @@ -666,40 +538,10 @@ .It Fl q Quiet mode. Causes all warning and diagnostic messages to be suppressed. -.It Fl R Xo -.Sm off -.Ar port : host : hostport -.Sm on -.Xc -Specifies that the given port on the remote (server) host is to be -forwarded to the given host and port on the local side. -This works by allocating a socket to listen to -.Ar port -on the remote side, and whenever a connection is made to this port, the -connection is forwarded over the secure channel, and a connection is -made to -.Ar host -port -.Ar hostport -from the local machine. -Port forwardings can also be specified in the configuration file. -Privileged ports can be forwarded only when -logging in as root on the remote machine. -IPv6 addresses can be specified with an alternative syntax: -.Sm off -.Xo -.Ar port No / Ar host No / -.Ar hostport . -.Xc -.Sm on .It Fl s -May be used to request invocation of a subsystem on the remote system. -Subsystems are a feature of the SSH2 protocol which facilitate the use -of SSH as a secure transport for other applications (eg.\& -.Xr sftp 1 ) . -The subsystem is specified as the remote command. -.It Fl T -Disable pseudo-tty allocation. +May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use +of SSH as a secure transport for other applications (eg. sftp). The +subsystem is specified as the remote command. .It Fl t Force pseudo-tty allocation. This can be used to execute arbitrary @@ -710,8 +552,8 @@ options force tty allocation, even if .Nm has no local tty. -.It Fl V -Display the version number and exit. +.It Fl T +Disable pseudo-tty allocation. .It Fl v Verbose mode. Causes @@ -721,8 +563,10 @@ debugging connection, authentication, and configuration problems. Multiple .Fl v -options increase the verbosity. -The maximum is 3. +options increases the verbosity. +Maximum is 3. +.It Fl x +Disables X11 forwarding. .It Fl X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. @@ -732,10 +576,94 @@ (for the user's X authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring. -.It Fl x -Disables X11 forwarding. -.It Fl Y -Enables trusted X11 forwarding. +.It Fl C +Requests compression of all data (including stdin, stdout, stderr, and +data for forwarded X11 and TCP/IP connections). +The compression algorithm is the same used by +.Xr gzip 1 , +and the +.Dq level +can be controlled by the +.Cm CompressionLevel +option for protocol version 1. +Compression is desirable on modem lines and other +slow connections, but will only slow down things on fast networks. +The default value can be set on a host-by-host basis in the +configuration files; see the +.Cm Compression +option. +.It Fl F Ar configfile +Specifies an alternative per-user configuration file. +If a configuration file is given on the command line, +the system-wide configuration file +.Pq Pa /etc/ssh/ssh_config +will be ignored. +The default for the per-user configuration file is +.Pa $HOME/.ssh/config . +.It Fl L Ar port:host:hostport +Specifies that the given port on the local (client) host is to be +forwarded to the given host and port on the remote side. +This works by allocating a socket to listen to +.Ar port +on the local side, and whenever a connection is made to this port, the +connection is forwarded over the secure channel, and a connection is +made to +.Ar host +port +.Ar hostport +from the remote machine. +Port forwardings can also be specified in the configuration file. +Only root can forward privileged ports. +IPv6 addresses can be specified with an alternative syntax: +.Ar port/host/hostport +.It Fl R Ar port:host:hostport +Specifies that the given port on the remote (server) host is to be +forwarded to the given host and port on the local side. +This works by allocating a socket to listen to +.Ar port +on the remote side, and whenever a connection is made to this port, the +connection is forwarded over the secure channel, and a connection is +made to +.Ar host +port +.Ar hostport +from the local machine. +Port forwardings can also be specified in the configuration file. +Privileged ports can be forwarded only when +logging in as root on the remote machine. +IPv6 addresses can be specified with an alternative syntax: +.Ar port/host/hostport +.It Fl D Ar port +Specifies a local +.Dq dynamic +application-level port forwarding. +This works by allocating a socket to listen to +.Ar port +on the local side, and whenever a connection is made to this port, the +connection is forwarded over the secure channel, and the application +protocol is then used to determine where to connect to from the +remote machine. +Currently the SOCKS4 protocol is supported, and +.Nm +will act as a SOCKS4 server. +Only root can forward privileged ports. +Dynamic port forwardings can also be specified in the configuration file. +.It Fl 1 +Forces +.Nm +to try protocol version 1 only. +.It Fl 2 +Forces +.Nm +to try protocol version 2 only. +.It Fl 4 +Forces +.Nm +to use IPv4 addresses only. +.It Fl 6 +Forces +.Nm +to use IPv6 addresses only. .El .Sh CONFIGURATION FILES .Nm @@ -746,7 +674,7 @@ .Sh ENVIRONMENT .Nm will normally set the following environment variables: -.Bl -tag -width LOGNAME +.Bl -tag -width Ds .It Ev DISPLAY The .Ev DISPLAY @@ -756,7 +684,7 @@ to point to a value of the form .Dq hostname:n where hostname indicates -the host where the shell runs, and n is an integer \*(Ge 1. +the host where the shell runs, and n is an integer >= 1. .Nm uses this special value to forward X11 connections over the secure channel. @@ -834,7 +762,7 @@ .Dq VARNAME=value to the environment if the file exists and if users are allowed to change their environment. -For more information, see the +See the .Cm PermitUserEnvironment option in .Xr sshd_config 5 . @@ -863,7 +791,7 @@ identity file in human-readable form). The contents of the .Pa $HOME/.ssh/identity.pub -file should be added to the file +file should be added to .Pa $HOME/.ssh/authorized_keys on all machines where the user wishes to log in using protocol version 1 RSA authentication. @@ -889,8 +817,7 @@ The format of this file is described in the .Xr sshd 8 manual page. -In the simplest form the format is the same as the -.Pa .pub +In the simplest form the format is the same as the .pub identity files. This file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. @@ -906,7 +833,7 @@ When different names are used for the same machine, all such names should be listed, separated by commas. -The format is described in the +The format is described on the .Xr sshd 8 manual page. .Pp @@ -946,7 +873,7 @@ is not setuid root. .It Pa $HOME/.rhosts This file is used in -.Em rhosts +.Pa \&.rhosts authentication to list the host/user pairs that are permitted to log in. (Note that this file is @@ -968,9 +895,7 @@ Note that by default .Xr sshd 8 will be installed so that it requires successful RSA host -authentication before permitting -.Em rhosts -authentication. +authentication before permitting \s+2.\s0rhosts authentication. If the server machine does not have the client's host key in .Pa /etc/ssh/ssh_known_hosts , it can be stored in @@ -981,20 +906,20 @@ .Pa $HOME/.ssh/known_hosts . .It Pa $HOME/.shosts This file is used exactly the same way as -.Pa .rhosts . +.Pa \&.rhosts . The purpose for having this file is to be able to use rhosts authentication with .Nm without permitting login with -.Xr rlogin +.Nm rlogin or .Xr rsh 1 . .It Pa /etc/hosts.equiv This file is used during -.Em rhosts -authentication. +.Pa \&.rhosts authentication. It contains -canonical hosts names, one per line (the full format is described in the +canonical hosts names, one per line (the full format is described on +the .Xr sshd 8 manual page). If the client host is found in this file, login is @@ -1033,8 +958,16 @@ .Nm exits with the exit status of the remote command or with 255 if an error occurred. +.Sh AUTHORS +OpenSSH is a derivative of the original and free +ssh 1.2.12 release by Tatu Ylonen. +Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, +Theo de Raadt and Dug Song +removed many bugs, re-added newer features and +created OpenSSH. +Markus Friedl contributed the support for SSH +protocol versions 1.5 and 2.0. .Sh SEE ALSO -.Xr gzip 1 , .Xr rsh 1 , .Xr scp 1 , .Xr sftp 1 , @@ -1042,7 +975,6 @@ .Xr ssh-agent 1 , .Xr ssh-keygen 1 , .Xr telnet 1 , -.Xr hosts.equiv 5 , .Xr ssh_config 5 , .Xr ssh-keysign 8 , .Xr sshd 8 @@ -1057,12 +989,3 @@ .%D January 2002 .%O work in progress material .Re -.Sh AUTHORS -OpenSSH is a derivative of the original and free -ssh 1.2.12 release by Tatu Ylonen. -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, -Theo de Raadt and Dug Song -removed many bugs, re-added newer features and -created OpenSSH. -Markus Friedl contributed the support for SSH -protocol versions 1.5 and 2.0.