===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh.1,v
retrieving revision 1.64.2.3
retrieving revision 1.64.2.4
diff -u -r1.64.2.3 -r1.64.2.4
--- src/usr.bin/ssh/ssh.1	2001/03/21 19:46:30	1.64.2.3
+++ src/usr.bin/ssh/ssh.1	2001/05/07 21:09:36	1.64.2.4
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.64.2.3 2001/03/21 19:46:30 jason Exp $
+.\" $OpenBSD: ssh.1,v 1.64.2.4 2001/05/07 21:09:36 jason Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -110,7 +110,7 @@
 This form of authentication alone is normally not
 allowed by the server because it is not secure.
 .Pp
-The second (and primary) authentication method is the
+The second authentication method is the
 .Pa rhosts
 or
 .Pa hosts.equiv
@@ -205,15 +205,22 @@
 .Ss SSH protocol version 2
 .Pp
 When a user connects using the protocol version 2
-different authentication methods are available:
-At first, the client attempts to authenticate using the public key method.
-If this method fails password authentication is tried.
+different authentication methods are available.
+Using the default values for
+.Cm PreferredAuthentications ,
+the client will try to authenticate first using the public key method;
+if this method fails password authentication is attempted,
+and finally if this method fails keyboard-interactive authentication
+is attempted.
+If this method fails password authentication is
+tried.
 .Pp
 The public key method is similar to RSA authentication described
-in the previous section except that the DSA or RSA algorithm is used
-instead.
-The client uses his private key
+in the previous section and allows the RSA or DSA algorithm to be used:
+The client uses his private key,
 .Pa $HOME/.ssh/id_dsa
+or
+.Pa $HOME/.ssh/id_rsa ,
 to sign the session identifier and sends the result to the server.
 The server checks whether the matching public key is listed in
 .Pa $HOME/.ssh/authorized_keys2
@@ -223,9 +230,11 @@
 .Pp
 If public key authentication fails or is not available a password
 can be sent encrypted to the remote host for proving the user's identity.
-This protocol 2 implementation does not yet support Kerberos or
-S/Key authentication.
 .Pp
+Additionally,
+.Nm
+supports hostbased or challenge response authentication.
+.Pp
 Protocol 2 provides additional mechanisms for confidentiality
 (the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour)
 and integrity (hmac-md5, hmac-sha1).
@@ -241,31 +250,8 @@
 the remote command or shell will be automatically encrypted.
 .Pp
 If a pseudo-terminal has been allocated (normal login session), the
-user can disconnect with
-.Ic ~. ,
-and suspend
-.Nm
-with
-.Ic ~^Z .
-All forwarded connections can be listed with
-.Ic ~#
-and if
-the session blocks waiting for forwarded X11 or TCP/IP
-connections to terminate, it can be backgrounded with
-.Ic ~&
-(this should not be used while the user shell is active, as it can cause the
-shell to hang).
-All available escapes can be listed with
-.Ic ~? .
+user may use the escape characters noted below.
 .Pp
-A single tilde character can be sent as
-.Ic ~~
-(or by following the tilde by a character other than those described above).
-The escape character must always follow a newline to be interpreted as
-special.
-The escape character can be changed in configuration files
-or on the command line.
-.Pp
 If no pseudo tty has been allocated, the
 session is transparent and can be used to reliably transfer binary
 data.
@@ -279,6 +265,42 @@
 of
 .Nm ssh .
 .Pp
+.Ss Escape Characters
+.Pp
+When a pseudo terminal has been requested, ssh supports a number of functions
+through the use of an escape character. 
+.Pp
+A single tilde character can be sent as
+.Ic ~~
+(or by following the tilde by a character other than those described above).
+The escape character must always follow a newline to be interpreted as
+special.
+The escape character can be changed in configuration files using the
+.Cm EscapeChar
+configuration directive or on the command line by the 
+.Fl e
+option.
+.Pp
+The supported escapes (assuming the default
+.Ql ~ )
+are:
+.Bl -tag -width Ds
+.It Cm ~.
+Disconnect
+.It Cm ~^Z
+Background ssh
+.It Cm ~#
+List forwarded connections
+.It Cm ~&
+Background ssh at logout when waiting for forwarded connection / X11 sessions
+to terminate (protocol version 1 only)
+.It Cm ~?
+Display a list of escape characters
+.It Cm ~R
+Request rekeying of the connection (only useful for SSH protocol version 2
+and if the peer supports it)
+.El
+.Pp
 .Ss X11 and TCP forwarding
 .Pp
 If the user is using X11 (the
@@ -558,6 +580,8 @@
 Port forwardings can also be specified in the configuration file.
 Privileged ports can be forwarded only when
 logging in as root on the remote machine.
+IPv6 addresses can be specified with an alternative syntax:
+.Ar port/host/hostport
 .It Fl 1
 Forces
 .Nm
@@ -630,6 +654,7 @@
 .Dq yes
 or
 .Dq no .
+This option applies to protocol version 1 only.
 .It Cm BatchMode
 If set to
 .Dq yes ,
@@ -640,16 +665,20 @@
 .Dq yes
 or
 .Dq no .
+The default is
+.Dq no .
 .It Cm CheckHostIP
 If this flag is set to
 .Dq yes ,
-ssh will additionally check the host ip address in the
+ssh will additionally check the host IP address in the
 .Pa known_hosts
 file.
 This allows ssh to detect if a host key changed due to DNS spoofing.
 If the option is set to
 .Dq no ,
 the check will not be executed.
+The default is
+.Dq yes .
 .It Cm Cipher
 Specifies the cipher to use for encrypting the session
 in protocol version 1.
@@ -668,8 +697,7 @@
 .Pp
 .Bd -literal
   ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
-    aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,
-    rijndael256-cbc,rijndael-cbc@lysator.liu.se''
+    aes192-cbc,aes256-cbc''
 .Ed
 .It Cm Compression
 Specifies whether to use compression.
@@ -677,24 +705,21 @@
 .Dq yes
 or
 .Dq no .
+The default is
+.Dq no .
 .It Cm CompressionLevel
-Specifies the compression level to use if compression is enable.
+Specifies the compression level to use if compression is enabled.
 The argument must be an integer from 1 (fast) to 9 (slow, best).
 The default level is 6, which is good for most applications.
 The meaning of the values is the same as in
 .Xr gzip 1 .
+Note that this option applies to protocol version 1 only.
 .It Cm ConnectionAttempts
 Specifies the number of tries (one per second) to make before falling
 back to rsh or exiting.
 The argument must be an integer.
 This may be useful in scripts if the connection sometimes fails.
-.It Cm PubkeyAuthentication
-Specifies whether to try public key authentication.
-The argument to this keyword must be
-.Dq yes
-or
-.Dq no .
-Note that this option applies to protocol version 2 only.
+The default is 4.
 .It Cm EscapeChar
 Sets the escape character (default:
 .Ql ~ ) .
@@ -720,6 +745,8 @@
 .Dq yes
 or
 .Dq no .
+The default is
+.Dq no .
 .It Cm ForwardAgent
 Specifies whether the connection to the authentication agent (if any)
 will be forwarded to the remote machine.
@@ -757,10 +784,27 @@
 Specifies a file to use for the protocol version 2 global
 host key database instead of
 .Pa /etc/ssh_known_hosts2 .
+.It Cm HostbasedAuthentication
+Specifies whether to try rhosts based authentication with public key
+authentication.
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq yes .
+This option applies to protocol version 2 only and
+is similar to
+.Cm RhostsRSAAuthentication .
+.It Cm HostKeyAlgorithms
+Specfies the protocol version 2 host key algorithms
+that the client wants to use in order of preference.
+The default for this option is:
+.Dq ssh-rsa,ssh-dss
 .It Cm HostKeyAlias
 Specifies an alias that should be used instead of the
 real host name when looking up or saving the host key
-in the known_hosts files.
+in the host key database files.
 This option is useful for tunneling ssh connections
 or if you have multiple servers running on a single host.
 .It Cm HostName
@@ -771,7 +815,7 @@
 .Cm HostName
 specifications).
 .It Cm IdentityFile
-Specifies the file from which the user's RSA authentication identity
+Specifies the file from which the user's RSA or DSA authentication identity
 is read (default
 .Pa $HOME/.ssh/identity
 in the user's home directory).
@@ -849,7 +893,8 @@
 .Dq yes
 or
 .Dq no .
-Note that this option applies to both protocol version 1 and 2.
+The default is
+.Dq yes .
 .It Cm Port
 Specifies the port number to connect on the remote host.
 Default is 22.
@@ -871,11 +916,11 @@
 .Dq 2 .
 Multiple versions must be comma-separated.
 The default is
-.Dq 1,2 .
+.Dq 2,1 .
 This means that
 .Nm
-tries version 1 and falls back to version 2
-if version 1 is not available.
+tries version 2 and falls back to version 1
+if version 2 is not available.
 .It Cm ProxyCommand
 Specifies the command to use to connect to the server.
 The command
@@ -901,6 +946,15 @@
 .Cm CheckHostIP
 is not available for connects with a proxy command.
 .Pp
+.It Cm PubkeyAuthentication
+Specifies whether to try public key authentication.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq yes .
+This option applies to protocol version 2 only.
 .It Cm RemoteForward
 Specifies that a TCP/IP port on the remote machine be forwarded over
 the secure channel to given host:port from the local machine.
@@ -918,19 +972,25 @@
 authentication time on slow connections when rhosts authentication is
 not used.
 Most servers do not permit RhostsAuthentication because it
-is not secure (see RhostsRSAAuthentication).
+is not secure (see 
+.Cm RhostsRSAAuthentication ).
 The argument to this keyword must be
 .Dq yes
 or
 .Dq no .
+The default is
+.Dq yes .
+This option applies to protocol version 1 only.
 .It Cm RhostsRSAAuthentication
 Specifies whether to try rhosts based authentication with RSA host
 authentication.
-This is the primary authentication method for most sites.
 The argument must be
 .Dq yes
 or
 .Dq no .
+The default is
+.Dq yes .
+This option applies to protocol version 1 only.
 .It Cm RSAAuthentication
 Specifies whether to try RSA authentication.
 The argument to this keyword must be
@@ -940,6 +1000,8 @@
 RSA authentication will only be
 attempted if the identity file exists, or an authentication agent is
 running.
+The default is
+.Dq yes .
 Note that this option applies to protocol version 1 only.
 .It Cm ChallengeResponseAuthentication
 Specifies whether to use challenge response authentication.
@@ -999,13 +1061,13 @@
 .Dq no .
 The default is
 .Dq no .
-Note that setting this option to
-.Dq no
-turns off
+Note that you need to set this option to
+.Dq yes
+if you want to use
 .Cm RhostsAuthentication
 and
 .Cm RhostsRSAAuthentication
-for older servers.
+with older servers.
 .It Cm User
 Specifies the user to log in as.
 This can be useful if you have a different user name on different machines.
@@ -1059,7 +1121,9 @@
 .Nm
 uses this special value to forward X11 connections over the secure
 channel.
-The user should normally not set DISPLAY explicitly, as that
+The user should normally not set
+.Ev DISPLAY
+explicitly, as that
 will render the X11 connection insecure (and will require the user to
 manually copy any required authorization cookies).
 .It Ev HOME
@@ -1118,8 +1182,9 @@
 for protocol version 2).
 See
 .Xr sshd 8 .
-.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa
-Contains the RSA and the DSA authentication identity of the user.
+.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa
+Contains the authentication identity of the user.
+They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively.
 These files
 contain sensitive data and should be readable by the user but not
 accessible by others (read/write/execute).
@@ -1129,7 +1194,7 @@
 It is possible to specify a passphrase when
 generating the key; the passphrase will be used to encrypt the
 sensitive part of this file using 3DES.
-.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub
+.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub
 Contains the public key for authentication (public part of the
 identity file in human-readable form).
 The contents of the
@@ -1137,13 +1202,15 @@
 file should be added to
 .Pa $HOME/.ssh/authorized_keys
 on all machines
-where you wish to log in using RSA authentication.
+where you wish to log in using protocol version 1 RSA authentication.
 The contents of the
 .Pa $HOME/.ssh/id_dsa.pub
+and
+.Pa $HOME/.ssh/id_rsa.pub
 file should be added to
 .Pa $HOME/.ssh/authorized_keys2
 on all machines
-where you wish to log in using DSA authentication.
+where you wish to log in using protocol version 2 DSA/RSA authentication.
 These files are not
 sensitive and can (but need not) be readable by anyone.
 These files are
@@ -1170,7 +1237,7 @@
 This file is not highly sensitive, but the recommended
 permissions are read/write for the user, and not accessible by others.
 .It Pa $HOME/.ssh/authorized_keys2
-Lists the public keys (DSA/RSA) that can be used for logging in as this user.
+Lists the public keys (RSA/DSA) that can be used for logging in as this user.
 This file is not highly sensitive, but the recommended
 permissions are read/write for the user, and not accessible by others.
 .It Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2
@@ -1178,7 +1245,7 @@
 .Pa /etc/ssh_known_hosts
 contains RSA and
 .Pa /etc/ssh_known_hosts2
-contains DSA or RSA keys for protocol version 2.
+contains RSA or DSA keys for protocol version 2.
 These files should be prepared by the
 system administrator to contain the public host keys of all machines in the
 organization.
@@ -1309,3 +1376,14 @@
 .Xr ssh-keygen 1 ,
 .Xr telnet 1 ,
 .Xr sshd 8
+.Rs
+.%A T. Ylonen
+.%A T. Kivinen
+.%A M. Saarinen
+.%A T. Rinne
+.%A S. Lehtinen
+.%T "SSH Protocol Architecture"
+.%N draft-ietf-secsh-architecture-07.txt
+.%D January 2001
+.%O work in progress material
+.Re