diff options
author | Colin Watson <cjwatson@debian.org> | 2020-02-21 11:57:14 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2020-02-21 11:57:14 +0000 |
commit | f0de78bd4f29fa688c5df116f3f9cd43543a76d0 (patch) | |
tree | 856b0dee3f2764c13a32dad5ffe2424fab7fef41 /ssh.0 | |
parent | 4213eec74e74de6310c27a40c3e9759a08a73996 (diff) | |
parent | 8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8 (diff) |
Import openssh_8.2p1.orig.tar.gz
Diffstat (limited to 'ssh.0')
-rw-r--r-- | ssh.0 | 47 |
1 files changed, 29 insertions, 18 deletions
@@ -1,7 +1,7 @@ | |||
1 | SSH(1) General Commands Manual SSH(1) | 1 | SSH(1) General Commands Manual SSH(1) |
2 | 2 | ||
3 | NAME | 3 | NAME |
4 | ssh M-bM-^@M-^S OpenSSH SSH client (remote login program) | 4 | ssh M-bM-^@M-^S OpenSSH remote login client |
5 | 5 | ||
6 | SYNOPSIS | 6 | SYNOPSIS |
7 | ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] | 7 | ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] |
@@ -33,9 +33,9 @@ DESCRIPTION | |||
33 | 33 | ||
34 | -6 Forces ssh to use IPv6 addresses only. | 34 | -6 Forces ssh to use IPv6 addresses only. |
35 | 35 | ||
36 | -A Enables forwarding of the authentication agent connection. This | 36 | -A Enables forwarding of connections from an authentication agent |
37 | can also be specified on a per-host basis in a configuration | 37 | such as ssh-agent(1). This can also be specified on a per-host |
38 | file. | 38 | basis in a configuration file. |
39 | 39 | ||
40 | Agent forwarding should be enabled with caution. Users with the | 40 | Agent forwarding should be enabled with caution. Users with the |
41 | ability to bypass file permissions on the remote host (for the | 41 | ability to bypass file permissions on the remote host (for the |
@@ -43,7 +43,8 @@ DESCRIPTION | |||
43 | the forwarded connection. An attacker cannot obtain key material | 43 | the forwarded connection. An attacker cannot obtain key material |
44 | from the agent, however they can perform operations on the keys | 44 | from the agent, however they can perform operations on the keys |
45 | that enable them to authenticate using the identities loaded into | 45 | that enable them to authenticate using the identities loaded into |
46 | the agent. | 46 | the agent. A safer alternative may be to use a jump host (see |
47 | -J). | ||
47 | 48 | ||
48 | -a Disables forwarding of the authentication agent connection. | 49 | -a Disables forwarding of the authentication agent connection. |
49 | 50 | ||
@@ -135,14 +136,14 @@ DESCRIPTION | |||
135 | -i identity_file | 136 | -i identity_file |
136 | Selects a file from which the identity (private key) for public | 137 | Selects a file from which the identity (private key) for public |
137 | key authentication is read. The default is ~/.ssh/id_dsa, | 138 | key authentication is read. The default is ~/.ssh/id_dsa, |
138 | ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa. Identity | 139 | ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, |
139 | files may also be specified on a per-host basis in the | 140 | ~/.ssh/id_ed25519_sk and ~/.ssh/id_rsa. Identity files may also |
140 | configuration file. It is possible to have multiple -i options | 141 | be specified on a per-host basis in the configuration file. It |
141 | (and multiple identities specified in configuration files). If | 142 | is possible to have multiple -i options (and multiple identities |
142 | no certificates have been explicitly specified by the | 143 | specified in configuration files). If no certificates have been |
143 | CertificateFile directive, ssh will also try to load certificate | 144 | explicitly specified by the CertificateFile directive, ssh will |
144 | information from the filename obtained by appending -cert.pub to | 145 | also try to load certificate information from the filename |
145 | identity filenames. | 146 | obtained by appending -cert.pub to identity filenames. |
146 | 147 | ||
147 | -J destination | 148 | -J destination |
148 | Connect to the target host by first making a ssh connection to | 149 | Connect to the target host by first making a ssh connection to |
@@ -329,8 +330,11 @@ DESCRIPTION | |||
329 | for use with the -Q flag), mac (supported message integrity | 330 | for use with the -Q flag), mac (supported message integrity |
330 | codes), kex (key exchange algorithms), key (key types), key-cert | 331 | codes), kex (key exchange algorithms), key (key types), key-cert |
331 | (certificate key types), key-plain (non-certificate key types), | 332 | (certificate key types), key-plain (non-certificate key types), |
333 | key-sig (all key types and signature algorithms), | ||
332 | protocol-version (supported SSH protocol versions), and sig | 334 | protocol-version (supported SSH protocol versions), and sig |
333 | (supported signature algorithms). | 335 | (supported signature algorithms). Alternatively, any keyword |
336 | from ssh_config(5) or sshd_config(5) that takes an algorithm list | ||
337 | may be used as an alias for the corresponding query_option. | ||
334 | 338 | ||
335 | -q Quiet mode. Causes most warning and diagnostic messages to be | 339 | -q Quiet mode. Causes most warning and diagnostic messages to be |
336 | suppressed. | 340 | suppressed. |
@@ -491,9 +495,12 @@ AUTHENTICATION | |||
491 | 495 | ||
492 | The user creates his/her key pair by running ssh-keygen(1). This stores | 496 | The user creates his/her key pair by running ssh-keygen(1). This stores |
493 | the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA), | 497 | the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA), |
494 | ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa (RSA) and stores the public | 498 | ~/.ssh/id_ecdsa_sk (authenticator-hosted ECDSA), ~/.ssh/id_ed25519 |
495 | key in ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA), | 499 | (Ed25519), ~/.ssh/id_ed25519_sk (authenticator-hosted Ed25519), or |
496 | ~/.ssh/id_ed25519.pub (Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's | 500 | ~/.ssh/id_rsa (RSA) and stores the public key in ~/.ssh/id_dsa.pub (DSA), |
501 | ~/.ssh/id_ecdsa.pub (ECDSA), ~/.ssh/id_ecdsa_sk.pub (authenticator-hosted | ||
502 | ECDSA), ~/.ssh/id_ed25519.pub (Ed25519), ~/.ssh/id_ed25519_sk.pub | ||
503 | (authenticator-hosted Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's | ||
497 | home directory. The user should then copy the public key to | 504 | home directory. The user should then copy the public key to |
498 | ~/.ssh/authorized_keys in his/her home directory on the remote machine. | 505 | ~/.ssh/authorized_keys in his/her home directory on the remote machine. |
499 | The authorized_keys file corresponds to the conventional ~/.rhosts file, | 506 | The authorized_keys file corresponds to the conventional ~/.rhosts file, |
@@ -858,7 +865,9 @@ FILES | |||
858 | 865 | ||
859 | ~/.ssh/id_dsa | 866 | ~/.ssh/id_dsa |
860 | ~/.ssh/id_ecdsa | 867 | ~/.ssh/id_ecdsa |
868 | ~/.ssh/id_ecdsa_sk | ||
861 | ~/.ssh/id_ed25519 | 869 | ~/.ssh/id_ed25519 |
870 | ~/.ssh/id_ed25519_sk | ||
862 | ~/.ssh/id_rsa | 871 | ~/.ssh/id_rsa |
863 | Contains the private key for authentication. These files contain | 872 | Contains the private key for authentication. These files contain |
864 | sensitive data and should be readable by the user but not | 873 | sensitive data and should be readable by the user but not |
@@ -870,7 +879,9 @@ FILES | |||
870 | 879 | ||
871 | ~/.ssh/id_dsa.pub | 880 | ~/.ssh/id_dsa.pub |
872 | ~/.ssh/id_ecdsa.pub | 881 | ~/.ssh/id_ecdsa.pub |
882 | ~/.ssh/id_ecdsa_sk.pub | ||
873 | ~/.ssh/id_ed25519.pub | 883 | ~/.ssh/id_ed25519.pub |
884 | ~/.ssh/id_ed25519_sk.pub | ||
874 | ~/.ssh/id_rsa.pub | 885 | ~/.ssh/id_rsa.pub |
875 | Contains the public key for authentication. These files are not | 886 | Contains the public key for authentication. These files are not |
876 | sensitive and can (but need not) be readable by anyone. | 887 | sensitive and can (but need not) be readable by anyone. |
@@ -977,4 +988,4 @@ AUTHORS | |||
977 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 988 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
978 | versions 1.5 and 2.0. | 989 | versions 1.5 and 2.0. |
979 | 990 | ||
980 | OpenBSD 6.6 June 12, 2019 OpenBSD 6.6 | 991 | OpenBSD 6.6 February 7, 2020 OpenBSD 6.6 |