=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh.1,v retrieving revision 1.209.2.1 retrieving revision 1.209.2.2 diff -u -r1.209.2.1 -r1.209.2.2 --- src/usr.bin/ssh/ssh.1 2006/02/03 03:01:57 1.209.2.1 +++ src/usr.bin/ssh/ssh.1 2006/10/06 03:19:33 1.209.2.2 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.209.2.1 2006/02/03 03:01:57 brad Exp $ +.\" $OpenBSD: ssh.1,v 1.209.2.2 2006/10/06 03:19:33 brad Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -78,7 +78,8 @@ .Oc .Op Fl S Ar ctl_path .Bk -words -.Op Fl w Ar tunnel : Ns Ar tunnel +.Oo Fl w Ar local_tun Ns +.Op : Ns Ar remote_tun Oc .Oo Ar user Ns @ Oc Ns Ar hostname .Op Ar command .Ek @@ -448,6 +449,7 @@ .It ControlPath .It DynamicForward .It EscapeChar +.It ExitOnForwardFailure .It ForwardAgent .It ForwardX11 .It ForwardX11Trusted @@ -569,7 +571,7 @@ Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, -e.g., when implementing menu services. +e.g. when implementing menu services. Multiple .Fl t options force tty allocation, even if @@ -588,24 +590,35 @@ .Fl v options increase the verbosity. The maximum is 3. -.It Fl w Ar tunnel : Ns Ar tunnel -Requests a +.It Fl w Xo +.Ar local_tun Ns Op : Ns Ar remote_tun +.Xc +Requests +tunnel +device forwarding with the specified .Xr tun 4 -device on the client -(first -.Ar tunnel -arg) -and server -(second -.Ar tunnel -arg). +devices between the client +.Pq Ar local_tun +and the server +.Pq Ar remote_tun . +.Pp The devices may be specified by numerical ID or the keyword .Dq any , which uses the next available tunnel device. +If +.Ar remote_tun +is not specified, it defaults to +.Dq any . See also the .Cm Tunnel -directive in +and +.Cm TunnelDevice +directives in .Xr ssh_config 5 . +If the +.Cm Tunnel +directive is unset, it is set to the default tunnel mode, which is +.Dq point-to-point . .It Fl X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. @@ -666,6 +679,7 @@ integrity of the connection. .Pp The methods available for authentication are: +GSSAPI-based authentication, host-based authentication, public key authentication, challenge-response authentication, @@ -872,7 +886,9 @@ options (see above). It also allows the cancellation of existing remote port-forwardings using -.Fl KR Ar hostport . +.Sm off +.Fl KR Oo Ar bind_address : Oc Ar port . +.Sm on .Ic !\& Ns Ar command allows the user to execute a local command if the .Ic PermitLocalCommand @@ -1025,8 +1041,7 @@ The SSHFP resource records should first be added to the zonefile for host.example.com: .Bd -literal -offset indent -$ ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r host.example.com. -$ ssh-keygen -f /etc/ssh/ssh_host_dsa_key.pub -r host.example.com. +$ ssh-keygen -r host.example.com. .Ed .Pp The output lines will have to be added to the zonefile. @@ -1075,11 +1090,11 @@ file (see below) and the .Cm PermitRootLogin server option. -The following entry would permit connections on the first +The following entry would permit connections on .Xr tun 4 -device from user +device 1 from user .Dq jane -and on the second device from user +and on tun device 2 from user .Dq john , if .Cm PermitRootLogin @@ -1087,7 +1102,7 @@ .Dq forced-commands-only : .Bd -literal -offset 2n tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane -tunnel="2",command="sh /etc/netstart tun1" ssh-rsa ... john +tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john .Ed .Pp Since a SSH-based setup entails a fair amount of overhead, @@ -1178,7 +1193,7 @@ this variable is not set. .It Ev TZ This variable is set to indicate the present time zone if it -was set when the daemon was started (i.e., the daemon passes the value +was set when the daemon was started (i.e. the daemon passes the value on to new connections). .It Ev USER Set to the name of the user logging in. @@ -1339,15 +1354,59 @@ .Xr ssh-keysign 8 , .Xr sshd 8 .Rs -.%A T. Ylonen -.%A T. Kivinen -.%A M. Saarinen -.%A T. Rinne -.%A S. Lehtinen -.%T "SSH Protocol Architecture" -.%N draft-ietf-secsh-architecture-12.txt -.%D January 2002 -.%O work in progress material +.%R RFC 4250 +.%T "The Secure Shell (SSH) Protocol Assigned Numbers" +.%D 2006 +.Re +.Rs +.%R RFC 4251 +.%T "The Secure Shell (SSH) Protocol Architecture" +.%D 2006 +.Re +.Rs +.%R RFC 4252 +.%T "The Secure Shell (SSH) Authentication Protocol" +.%D 2006 +.Re +.Rs +.%R RFC 4253 +.%T "The Secure Shell (SSH) Transport Layer Protocol" +.%D 2006 +.Re +.Rs +.%R RFC 4254 +.%T "The Secure Shell (SSH) Connection Protocol" +.%D 2006 +.Re +.Rs +.%R RFC 4255 +.%T "Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints" +.%D 2006 +.Re +.Rs +.%R RFC 4256 +.%T "Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)" +.%D 2006 +.Re +.Rs +.%R RFC 4335 +.%T "The Secure Shell (SSH) Session Channel Break Extension" +.%D 2006 +.Re +.Rs +.%R RFC 4344 +.%T "The Secure Shell (SSH) Transport Layer Encryption Modes" +.%D 2006 +.Re +.Rs +.%R RFC 4345 +.%T "Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol" +.%D 2006 +.Re +.Rs +.%R RFC 4419 +.%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol" +.%D 2006 .Re .Sh AUTHORS OpenSSH is a derivative of the original and free