=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh.1,v retrieving revision 1.52 retrieving revision 1.52.2.3 diff -u -r1.52 -r1.52.2.3 --- src/usr.bin/ssh/ssh.1 2000/05/08 17:21:32 1.52 +++ src/usr.bin/ssh/ssh.1 2000/11/08 21:31:23 1.52.2.3 @@ -1,16 +1,40 @@ .\" -*- nroff -*- .\" -.\" ssh.1.in -.\" .\" Author: Tatu Ylonen -.\" .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland .\" All rights reserved .\" -.\" Created: Sat Apr 22 21:55:14 1995 ylo +.\" As far as I am concerned, the code I have written for this software +.\" can be used freely for any purpose. Any derived versions of this +.\" software must be clearly marked as such, and if the derived work is +.\" incompatible with the protocol description in the RFC file, it must be +.\" called by a name other than "ssh" or "Secure Shell". .\" -.\" $Id: ssh.1,v 1.52 2000/05/08 17:21:32 hugh Exp $ +.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. +.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. +.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. .\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" +.\" $OpenBSD: ssh.1,v 1.52.2.3 2000/11/08 21:31:23 jason Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -24,7 +48,7 @@ .Op Ar command .Pp .Nm ssh -.Op Fl afgknqtvxCPX246 +.Op Fl afgknqtvxACNPTX246 .Op Fl c Ar cipher_spec .Op Fl e Ar escape_char .Op Fl i Ar identity_file @@ -332,7 +356,9 @@ .Bl -tag -width Ds .It Fl a Disables forwarding of the authentication agent connection. -This may also be specified on a per-host basis in the configuration file. +.It Fl A +Enables forwarding of the authentication agent connection. +This can also be specified on a per-host basis in a configuration file. .It Fl c Ar blowfish|3des Selects the cipher to use for encrypting the session. .Ar 3des @@ -342,15 +368,16 @@ (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. It is presumably more secure than the .Ar des -cipher which is no longer supported in +cipher which is no longer fully supported in .Nm ssh . .Ar blowfish is a fast block cipher, it appears very secure and is much faster than .Ar 3des . .It Fl c Ar "3des-cbc,blowfish-cbc,arcfour,cast128-cbc" Additionally, for protocol version 2 a comma-separated list of ciphers can -be specified in order of preference. Protocol version 2 supports -3DES, Blowfish and CAST128 in CBC mode and Arcfour. +be specified in order of preference. +Protocol version 2 supports 3DES, Blowfish, and CAST128 in CBC mode +and Arcfour. .It Fl e Ar ch|^ch|none Sets the escape character for sessions with a pty (default: .Ql ~ ) . @@ -416,6 +443,10 @@ needs to ask for a password or passphrase; see also the .Fl f option.) +.It Fl N +Do not execute a remote command. +This is usefull if you just want to forward ports +(protocol version 2 only). .It Fl o Ar option Can be used to give options in the format used in the config file. This is useful for specifying options for which there is no separate @@ -442,6 +473,8 @@ This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g., when implementing menu services. +.It Fl T +Disable pseudo-tty allocation (protocol version 2 only). .It Fl v Verbose mode. Causes @@ -452,11 +485,13 @@ The verbose mode is also used to display .Xr skey 1 challenges, if the user entered "s/key" as password. +Multiple -v options increases the verbosity. +Maximum is 3. .It Fl x Disables X11 forwarding. -This can also be specified on a per-host basis in a configuration file. .It Fl X Enables X11 forwarding. +This can also be specified on a per-host basis in a configuration file. .It Fl C Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP/IP connections). @@ -593,9 +628,10 @@ .Dq no , the check will not be executed. .It Cm Cipher -Specifies the cipher to use for encrypting the session. +Specifies the cipher to use for encrypting the session +in protocol version 1. Currently, -.Dq blowfish , +.Dq blowfish and .Dq 3des are supported. @@ -606,7 +642,7 @@ in order of preference. Multiple ciphers must be comma-separated. The default is -.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc . +.Dq 3des-cbc,blowfish-cbc,cast128-cbc,arcfour . .It Cm Compression Specifies whether to use compression. The argument must be @@ -665,6 +701,8 @@ .Dq yes or .Dq no . +The default is +.Dq no . .It Cm ForwardX11 Specifies whether X11 connections will be automatically redirected over the secure channel and @@ -930,6 +968,13 @@ .Dq yes or .Dq no . +.It Cm XAuthLocation +Specifies the location of the +.Xr xauth 1 +program. +The default is +.Pa /usr/X11R6/bin/xauth . +.El .Sh ENVIRONMENT .Nm will normally set the following environment variables: @@ -978,7 +1023,7 @@ this variable is not set. .It Ev TZ The timezone variable is set to indicate the present timezone if it -was set when the daemon was started (e.i., the daemon passes the value +was set when the daemon was started (i.e., the daemon passes the value on to new connections). .It Ev USER Set to the name of the user logging in. @@ -1173,6 +1218,7 @@ .It Pa libcrypto.so.X.1 A version of this library which includes support for the RSA algorithm is required for proper operation. +.El .Sh AUTHOR OpenSSH is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen, @@ -1200,10 +1246,6 @@ supports one-time password authentication with .Xr skey 1 . .El -.Pp -The libraries described in -.Xr ssl 8 -are required for proper operation. .Pp OpenSSH has been created by Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song.