File: [local] / www / openssh / manual.html (download) (as text)
Revision 1.47, Wed Jun 12 07:49:48 2019 UTC (4 years, 11 months ago) by bentley
Branch: MAIN
CVS Tags: HEAD
Changes since 1.46: +31 -25 lines
Clean up OpenSSH HTML.
|
<!doctype html>
<html lang=en>
<meta charset=utf-8>
<title>OpenSSH: Manual Pages</title>
<meta name="description" content="OpenSSH Manual Pages">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="canonical" href="https://www.openssh.com/manual.html">
<link rel="stylesheet" type="text/css" href="openbsd.css">
<h2 id=OpenBSD>
<a href="/">
<i>Open</i><b>SSH</b></a>
Manual Pages
</h2>
<hr>
<p>
Web manual pages are available from OpenBSD for the following commands.
These manual pages reflect the latest development release of OpenSSH.
<ul>
<li><a href="https://man.openbsd.org/ssh">ssh(1)</a>
— The basic rlogin/rsh-like client program
<li><a href="https://man.openbsd.org/sshd">sshd(8)</a>
— The daemon that permits you to log in
<li><a href="https://man.openbsd.org/ssh_config">ssh_config(5)</a>
— The client configuration file
<li><a href="https://man.openbsd.org/sshd_config">sshd_config(5)</a>
— The daemon configuration file
<li><a href="https://man.openbsd.org/ssh-agent">ssh-agent(1)</a>
— An authentication agent that can store private keys
<li><a href="https://man.openbsd.org/ssh-add">ssh-add(1)</a>
— Tool which adds keys to in the above agent
<li><a href="https://man.openbsd.org/sftp">sftp(1)</a>
— FTP-like program that works over SSH1 and SSH2 protocol
<li><a href="https://man.openbsd.org/scp">scp(1)</a>
— File copy program that acts like rcp
<li><a href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a>
— Key generation tool
<li><a href="https://man.openbsd.org/sftp-server">sftp-server(8)</a>
— SFTP server subsystem (started automatically by sshd)
<li><a href="https://man.openbsd.org/ssh-keyscan">ssh-keyscan(1)</a>
— Utility for gathering public host keys from a number of hosts
<li><a href="https://man.openbsd.org/ssh-keysign">ssh-keysign(8)</a>
— Helper program for host-based authentication
</ul>
<p>
The SSH2 protocol implemented in OpenSSH is
standardized by the IETF
<a href="https://www.ietf.org/html.charters/secsh-charter.html">secsh</a>
working group and is specified in several RFCs and drafts.
The overall structure of SSH2 is described in the
<a href="https://www.ietf.org/rfc/rfc4251.txt">architecture</a> RFC.
It is composed of three layered components:
<ul>
<li>
The
<a href="https://www.ietf.org/rfc/rfc4253.txt">transport layer</a>
provides algorithm negotiation and a key exchange.
The key exchange includes server authentication and
results in a cryptographically secured connection:
it provides integrity, confidentiality and optional compression.
<li>
The
<a href="https://www.ietf.org/rfc/rfc4252.txt">user authentication layer</a>
uses the established connection and relies on the services provided
by the transport layer.
It provides several mechanisms for user authentication.
These include traditional password authentication as well as public-key
or host-based authentication mechanisms.
<li> The
<a href="https://www.ietf.org/rfc/rfc4254.txt">connection layer</a>
multiplexes many different concurrent channels over the authenticated connection
and allows tunneling of login sessions and TCP-forwarding.
It provides a flow control service for these channels.
Additionally, various channel-specific options can be negotiated.
</ul>
<p>
Additional documents specify:
<ul>
<li> The
<a href="https://www.ietf.org/rfc/rfc4256.txt">interactive
authentication</a>
RFC provides support for new authentication schemes like S/Key
or TIS authentication.
<li> The SFTP file transfer protocol is specified in the
<a href="txt/draft-ietf-secsh-filexfer-02.txt">filexfer</a> draft.
OpenSSH implements a SFTP
<a href="https://man.openbsd.org/sftp">client</a> and
<a href="https://man.openbsd.org/sftp-server">server</a>.
<li> A file format for public keys is specified in the
<a href="txt/draft-ietf-secsh-publickeyfile-02.txt">publickeyfile</a> draft.
The command
<a href="https://man.openbsd.org/ssh-keygen">ssh-keygen(1)</a> can be used
to convert an OpenSSH public key to this file format.
<li> The
<a href="https://www.ietf.org/rfc/rfc4419.txt">Diffie-Hellman Group Exchange</a> allows clients to request more secure groups for the Diffie-Hellman key exchange.
<li>OpenSSH implemented a compression method "zlib@openssh.com" that delays
starting compression until after user authentication, to eliminate the
risk of pre-authentication attacks against the compression code. It is
described in
<a href="txt/draft-miller-secsh-compression-delayed-00.txt">draft-miller-secsh-compression-delayed-00.txt</a>.
<li>OpenSSH implements an additional MAC (Message Authentication Code)
"umac-64@openssh.com", which has superior performance to the ones specified
in RFC 4253. It is described in
<a href="txt/draft-miller-secsh-umac-01.txt">draft-miller-secsh-umac-01.txt</a>.
<li>The authentication agent protocol used by
<a href="https://man.openbsd.org/ssh-agent">ssh-agent</a> is documented in the
<a href="https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.agent?rev=HEAD">PROTOCOL.agent</a> file.
<li>OpenSSH makes various other minor extensions to and divergences from the
standard SSH protocols. These are documented in the
<a href="https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL?rev=HEAD">PROTOCOL</a> file.
</ul>
![[BACK]](/icons/back.gif){kind=icon}
Return to manual.html CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / www / openssh