version 1.5, 2002/08/29 22:54:10 |
version 1.5.2.2, 2003/04/03 23:27:13 |
|
|
client for interoperability with legacy protocol 1 implementations |
client for interoperability with legacy protocol 1 implementations |
that do not support the |
that do not support the |
.Ar 3des |
.Ar 3des |
cipher. Its use is strongly discouraged due to cryptographic |
cipher. |
weaknesses. |
Its use is strongly discouraged due to cryptographic weaknesses. |
The default is |
The default is |
.Dq 3des . |
.Dq 3des . |
.It Cm Ciphers |
.It Cm Ciphers |
|
|
.It Cm ClearAllForwardings |
.It Cm ClearAllForwardings |
Specifies that all local, remote and dynamic port forwardings |
Specifies that all local, remote and dynamic port forwardings |
specified in the configuration files or on the command line be |
specified in the configuration files or on the command line be |
cleared. This option is primarily useful when used from the |
cleared. |
|
This option is primarily useful when used from the |
.Nm ssh |
.Nm ssh |
command line to clear port forwardings set in |
command line to clear port forwardings set in |
configuration files, and is automatically set by |
configuration files, and is automatically set by |
|
|
Specifies that a TCP/IP port on the local machine be forwarded |
Specifies that a TCP/IP port on the local machine be forwarded |
over the secure channel, and the application |
over the secure channel, and the application |
protocol is then used to determine where to connect to from the |
protocol is then used to determine where to connect to from the |
remote machine. The argument must be a port number. |
remote machine. |
|
The argument must be a port number. |
Currently the SOCKS4 protocol is supported, and |
Currently the SOCKS4 protocol is supported, and |
.Nm ssh |
.Nm ssh |
will act as a SOCKS4 server. |
will act as a SOCKS4 server. |
Multiple forwardings may be specified, and |
Multiple forwardings may be specified, and |
additional forwardings can be given on the command line. Only |
additional forwardings can be given on the command line. |
the superuser can forward privileged ports. |
Only the superuser can forward privileged ports. |
.It Cm EscapeChar |
.It Cm EscapeChar |
Sets the escape character (default: |
Sets the escape character (default: |
.Ql ~ ) . |
.Ql ~ ) . |
|
|
The default is |
The default is |
.Dq no . |
.Dq no . |
.Pp |
.Pp |
Agent forwarding should be enabled with caution. Users with the |
Agent forwarding should be enabled with caution. |
ability to bypass file permissions on the remote host (for the agent's |
Users with the ability to bypass file permissions on the remote host |
Unix-domain socket) can access the local agent through the forwarded |
(for the agent's Unix-domain socket) |
connection. An attacker cannot obtain key material from the agent, |
can access the local agent through the forwarded connection. |
|
An attacker cannot obtain key material from the agent, |
however they can perform operations on the keys that enable them to |
however they can perform operations on the keys that enable them to |
authenticate using the identities loaded into the agent. |
authenticate using the identities loaded into the agent. |
.It Cm ForwardX11 |
.It Cm ForwardX11 |
|
|
The default is |
The default is |
.Dq no . |
.Dq no . |
.Pp |
.Pp |
X11 forwarding should be enabled with caution. Users with the ability |
X11 forwarding should be enabled with caution. |
to bypass file permissions on the remote host (for the user's X |
Users with the ability to bypass file permissions on the remote host |
authorization database) can access the local X11 display through the |
(for the user's X authorization database) |
forwarded connection. An attacker may then be able to perform |
can access the local X11 display through the forwarded connection. |
activities such as keystroke monitoring. |
An attacker may then be able to perform activities such as keystroke monitoring. |
.It Cm GatewayPorts |
.It Cm GatewayPorts |
Specifies whether remote hosts are allowed to connect to local |
Specifies whether remote hosts are allowed to connect to local |
forwarded ports. |
forwarded ports. |
By default, |
By default, |
.Nm ssh |
.Nm ssh |
binds local port forwardings to the loopback address. This |
binds local port forwardings to the loopback address. |
prevents other remote hosts from connecting to forwarded ports. |
This prevents other remote hosts from connecting to forwarded ports. |
.Cm GatewayPorts |
.Cm GatewayPorts |
can be used to specify that |
can be used to specify that |
.Nm ssh |
.Nm ssh |
|
|
.Nm ssh . |
.Nm ssh . |
The possible values are: |
The possible values are: |
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. |
QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2 and DEBUG3. |
The default is INFO. DEBUG and DEBUG1 are equivalent. DEBUG2 |
The default is INFO. |
and DEBUG3 each specify higher levels of verbose output. |
DEBUG and DEBUG1 are equivalent. |
|
DEBUG2 and DEBUG3 each specify higher levels of verbose output. |
.It Cm MACs |
.It Cm MACs |
Specifies the MAC (message authentication code) algorithms |
Specifies the MAC (message authentication code) algorithms |
in order of preference. |
in order of preference. |
|
|
Host key management will be done using the |
Host key management will be done using the |
HostName of the host being connected (defaulting to the name typed by |
HostName of the host being connected (defaulting to the name typed by |
the user). |
the user). |
|
Setting the command to |
|
.Dq none |
|
disables this option entirely. |
Note that |
Note that |
.Cm CheckHostIP |
.Cm CheckHostIP |
is not available for connects with a proxy command. |
is not available for connects with a proxy command. |