diff options
author | Colin Watson <cjwatson@debian.org> | 2017-10-04 11:23:58 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2017-10-05 23:58:12 +0100 |
commit | 0556ea972b15607b7e13ff31bc05840881c91dd3 (patch) | |
tree | d6b8d48062d0278b5ae0eeff42d0e9afa9f26860 /ssh.0 | |
parent | db2122d97eb1ecdd8d99b7bf79b0dd2b5addfd92 (diff) | |
parent | 801a62eedaaf47b20dbf4b426dc3e084bf0c8d49 (diff) |
New upstream release (7.6p1)
Diffstat (limited to 'ssh.0')
-rw-r--r-- | ssh.0 | 81 |
1 files changed, 35 insertions, 46 deletions
@@ -4,7 +4,7 @@ NAME | |||
4 | ssh M-bM-^@M-^S OpenSSH SSH client (remote login program) | 4 | ssh M-bM-^@M-^S OpenSSH SSH client (remote login program) |
5 | 5 | ||
6 | SYNOPSIS | 6 | SYNOPSIS |
7 | ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] | 7 | ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] |
8 | [-D [bind_address:]port] [-E log_file] [-e escape_char] | 8 | [-D [bind_address:]port] [-E log_file] [-e escape_char] |
9 | [-F configfile] [-I pkcs11] [-i identity_file] | 9 | [-F configfile] [-I pkcs11] [-i identity_file] |
10 | [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] | 10 | [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] |
@@ -28,10 +28,6 @@ DESCRIPTION | |||
28 | 28 | ||
29 | The options are as follows: | 29 | The options are as follows: |
30 | 30 | ||
31 | -1 Forces ssh to try protocol version 1 only. | ||
32 | |||
33 | -2 Forces ssh to try protocol version 2 only. | ||
34 | |||
35 | -4 Forces ssh to use IPv4 addresses only. | 31 | -4 Forces ssh to use IPv4 addresses only. |
36 | 32 | ||
37 | -6 Forces ssh to use IPv6 addresses only. | 33 | -6 Forces ssh to use IPv6 addresses only. |
@@ -58,21 +54,16 @@ DESCRIPTION | |||
58 | -C Requests compression of all data (including stdin, stdout, | 54 | -C Requests compression of all data (including stdin, stdout, |
59 | stderr, and data for forwarded X11, TCP and UNIX-domain | 55 | stderr, and data for forwarded X11, TCP and UNIX-domain |
60 | connections). The compression algorithm is the same used by | 56 | connections). The compression algorithm is the same used by |
61 | gzip(1), and the M-bM-^@M-^\levelM-bM-^@M-^] can be controlled by the | 57 | gzip(1). Compression is desirable on modem lines and other slow |
62 | CompressionLevel option for protocol version 1. Compression is | 58 | connections, but will only slow down things on fast networks. |
63 | desirable on modem lines and other slow connections, but will | 59 | The default value can be set on a host-by-host basis in the |
64 | only slow down things on fast networks. The default value can be | 60 | configuration files; see the Compression option. |
65 | set on a host-by-host basis in the configuration files; see the | ||
66 | Compression option. | ||
67 | 61 | ||
68 | -c cipher_spec | 62 | -c cipher_spec |
69 | Selects the cipher specification for encrypting the session. | 63 | Selects the cipher specification for encrypting the session. |
70 | 64 | cipher_spec is a comma-separated list of ciphers listed in order | |
71 | Protocol version 1 allows specification of a single cipher. The | 65 | of preference. See the Ciphers keyword in ssh_config(5) for more |
72 | supported values are M-bM-^@M-^\3desM-bM-^@M-^], M-bM-^@M-^\blowfishM-bM-^@M-^], and M-bM-^@M-^\desM-bM-^@M-^]. For protocol | 66 | information. |
73 | version 2, cipher_spec is a comma-separated list of ciphers | ||
74 | listed in order of preference. See the Ciphers keyword in | ||
75 | ssh_config(5) for more information. | ||
76 | 67 | ||
77 | -D [bind_address:]port | 68 | -D [bind_address:]port |
78 | Specifies a local M-bM-^@M-^\dynamicM-bM-^@M-^] application-level port forwarding. | 69 | Specifies a local M-bM-^@M-^\dynamicM-bM-^@M-^] application-level port forwarding. |
@@ -137,10 +128,9 @@ DESCRIPTION | |||
137 | 128 | ||
138 | -i identity_file | 129 | -i identity_file |
139 | Selects a file from which the identity (private key) for public | 130 | Selects a file from which the identity (private key) for public |
140 | key authentication is read. The default is ~/.ssh/identity for | 131 | key authentication is read. The default is ~/.ssh/id_dsa, |
141 | protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, | 132 | ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa. Identity |
142 | ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. | 133 | files may also be specified on a per-host basis in the |
143 | Identity files may also be specified on a per-host basis in the | ||
144 | configuration file. It is possible to have multiple -i options | 134 | configuration file. It is possible to have multiple -i options |
145 | (and multiple identities specified in configuration files). If | 135 | (and multiple identities specified in configuration files). If |
146 | no certificates have been explicitly specified by the | 136 | no certificates have been explicitly specified by the |
@@ -243,11 +233,9 @@ DESCRIPTION | |||
243 | CertificateFile | 233 | CertificateFile |
244 | ChallengeResponseAuthentication | 234 | ChallengeResponseAuthentication |
245 | CheckHostIP | 235 | CheckHostIP |
246 | Cipher | ||
247 | Ciphers | 236 | Ciphers |
248 | ClearAllForwardings | 237 | ClearAllForwardings |
249 | Compression | 238 | Compression |
250 | CompressionLevel | ||
251 | ConnectionAttempts | 239 | ConnectionAttempts |
252 | ConnectTimeout | 240 | ConnectTimeout |
253 | ControlMaster | 241 | ControlMaster |
@@ -292,17 +280,15 @@ DESCRIPTION | |||
292 | PKCS11Provider | 280 | PKCS11Provider |
293 | Port | 281 | Port |
294 | PreferredAuthentications | 282 | PreferredAuthentications |
295 | Protocol | ||
296 | ProxyCommand | 283 | ProxyCommand |
297 | ProxyJump | 284 | ProxyJump |
298 | ProxyUseFdpass | 285 | ProxyUseFdpass |
299 | PubkeyAcceptedKeyTypes | 286 | PubkeyAcceptedKeyTypes |
300 | PubkeyAuthentication | 287 | PubkeyAuthentication |
301 | RekeyLimit | 288 | RekeyLimit |
289 | RemoteCommand | ||
302 | RemoteForward | 290 | RemoteForward |
303 | RequestTTY | 291 | RequestTTY |
304 | RhostsRSAAuthentication | ||
305 | RSAAuthentication | ||
306 | SendEnv | 292 | SendEnv |
307 | ServerAliveInterval | 293 | ServerAliveInterval |
308 | ServerAliveCountMax | 294 | ServerAliveCountMax |
@@ -340,14 +326,20 @@ DESCRIPTION | |||
340 | -R [bind_address:]port:local_socket | 326 | -R [bind_address:]port:local_socket |
341 | -R remote_socket:host:hostport | 327 | -R remote_socket:host:hostport |
342 | -R remote_socket:local_socket | 328 | -R remote_socket:local_socket |
329 | -R [bind_address:]port | ||
343 | Specifies that connections to the given TCP port or Unix socket | 330 | Specifies that connections to the given TCP port or Unix socket |
344 | on the remote (server) host are to be forwarded to the given host | 331 | on the remote (server) host are to be forwarded to the local |
345 | and port, or Unix socket, on the local side. This works by | 332 | side. |
346 | allocating a socket to listen to either a TCP port or to a Unix | 333 | |
347 | socket on the remote side. Whenever a connection is made to this | 334 | This works by allocating a socket to listen to either a TCP port |
348 | port or Unix socket, the connection is forwarded over the secure | 335 | or to a Unix socket on the remote side. Whenever a connection is |
349 | channel, and a connection is made to either host port hostport, | 336 | made to this port or Unix socket, the connection is forwarded |
350 | or local_socket, from the local machine. | 337 | over the secure channel, and a connection is made from the local |
338 | machine to either an explicit destination specified by host port | ||
339 | hostport, or local_socket, or, if no explicit destination was | ||
340 | specified, ssh will act as a SOCKS 4/5 proxy and forward | ||
341 | connections to the destinations requested by the remote SOCKS | ||
342 | client. | ||
351 | 343 | ||
352 | Port forwardings can also be specified in the configuration file. | 344 | Port forwardings can also be specified in the configuration file. |
353 | Privileged ports can be forwarded only when logging in as root on | 345 | Privileged ports can be forwarded only when logging in as root on |
@@ -438,12 +430,7 @@ DESCRIPTION | |||
438 | and configuration options are described in ssh_config(5). | 430 | and configuration options are described in ssh_config(5). |
439 | 431 | ||
440 | AUTHENTICATION | 432 | AUTHENTICATION |
441 | The OpenSSH SSH client supports SSH protocols 1 and 2. The default is to | 433 | The OpenSSH SSH client supports SSH protocol 2. |
442 | use protocol 2 only, though this can be changed via the Protocol option | ||
443 | in ssh_config(5) or the -1 and -2 options (see above). Protocol 1 should | ||
444 | not be used and is only offered to support legacy devices. It suffers | ||
445 | from a number of cryptographic weaknesses and doesn't support many of the | ||
446 | advanced features available for protocol 2. | ||
447 | 434 | ||
448 | The methods available for authentication are: GSSAPI-based | 435 | The methods available for authentication are: GSSAPI-based |
449 | authentication, host-based authentication, public key authentication, | 436 | authentication, host-based authentication, public key authentication, |
@@ -481,11 +468,15 @@ AUTHENTICATION | |||
481 | proves that it has access to the private key and the server checks that | 468 | proves that it has access to the private key and the server checks that |
482 | the corresponding public key is authorized to accept the account. | 469 | the corresponding public key is authorized to accept the account. |
483 | 470 | ||
471 | The server may inform the client of errors that prevented public key | ||
472 | authentication from succeeding after authentication completes using a | ||
473 | different method. These may be viewed by increasing the LogLevel to | ||
474 | DEBUG or higher (e.g. by using the -v flag). | ||
475 | |||
484 | The user creates his/her key pair by running ssh-keygen(1). This stores | 476 | The user creates his/her key pair by running ssh-keygen(1). This stores |
485 | the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (DSA), | 477 | the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA), |
486 | ~/.ssh/id_ecdsa (ECDSA), ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa | 478 | ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa (RSA) and stores the public |
487 | (RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1), | 479 | key in ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA), |
488 | ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA), | ||
489 | ~/.ssh/id_ed25519.pub (Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's | 480 | ~/.ssh/id_ed25519.pub (Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's |
490 | home directory. The user should then copy the public key to | 481 | home directory. The user should then copy the public key to |
491 | ~/.ssh/authorized_keys in his/her home directory on the remote machine. | 482 | ~/.ssh/authorized_keys in his/her home directory on the remote machine. |
@@ -845,7 +836,6 @@ FILES | |||
845 | Contains additional definitions for environment variables; see | 836 | Contains additional definitions for environment variables; see |
846 | ENVIRONMENT, above. | 837 | ENVIRONMENT, above. |
847 | 838 | ||
848 | ~/.ssh/identity | ||
849 | ~/.ssh/id_dsa | 839 | ~/.ssh/id_dsa |
850 | ~/.ssh/id_ecdsa | 840 | ~/.ssh/id_ecdsa |
851 | ~/.ssh/id_ed25519 | 841 | ~/.ssh/id_ed25519 |
@@ -858,7 +848,6 @@ FILES | |||
858 | will be used to encrypt the sensitive part of this file using | 848 | will be used to encrypt the sensitive part of this file using |
859 | 3DES. | 849 | 3DES. |
860 | 850 | ||
861 | ~/.ssh/identity.pub | ||
862 | ~/.ssh/id_dsa.pub | 851 | ~/.ssh/id_dsa.pub |
863 | ~/.ssh/id_ecdsa.pub | 852 | ~/.ssh/id_ecdsa.pub |
864 | ~/.ssh/id_ed25519.pub | 853 | ~/.ssh/id_ed25519.pub |
@@ -968,4 +957,4 @@ AUTHORS | |||
968 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 957 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
969 | versions 1.5 and 2.0. | 958 | versions 1.5 and 2.0. |
970 | 959 | ||
971 | OpenBSD 6.0 July 16, 2016 OpenBSD 6.0 | 960 | OpenBSD 6.2 September 21, 2017 OpenBSD 6.2 |