summaryrefslogtreecommitdiff
path: root/ssh.0
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2017-10-04 11:23:58 +0100
committerColin Watson <cjwatson@debian.org>2017-10-05 23:58:12 +0100
commit0556ea972b15607b7e13ff31bc05840881c91dd3 (patch)
treed6b8d48062d0278b5ae0eeff42d0e9afa9f26860 /ssh.0
parentdb2122d97eb1ecdd8d99b7bf79b0dd2b5addfd92 (diff)
parent801a62eedaaf47b20dbf4b426dc3e084bf0c8d49 (diff)
New upstream release (7.6p1)
Diffstat (limited to 'ssh.0')
-rw-r--r--ssh.081
1 files changed, 35 insertions, 46 deletions
diff --git a/ssh.0 b/ssh.0
index 67ce809bb..f920dd97e 100644
--- a/ssh.0
+++ b/ssh.0
@@ -4,7 +4,7 @@ NAME
4 ssh M-bM-^@M-^S OpenSSH SSH client (remote login program) 4 ssh M-bM-^@M-^S OpenSSH SSH client (remote login program)
5 5
6SYNOPSIS 6SYNOPSIS
7 ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] 7 ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]
8 [-D [bind_address:]port] [-E log_file] [-e escape_char] 8 [-D [bind_address:]port] [-E log_file] [-e escape_char]
9 [-F configfile] [-I pkcs11] [-i identity_file] 9 [-F configfile] [-I pkcs11] [-i identity_file]
10 [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] 10 [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]
@@ -28,10 +28,6 @@ DESCRIPTION
28 28
29 The options are as follows: 29 The options are as follows:
30 30
31 -1 Forces ssh to try protocol version 1 only.
32
33 -2 Forces ssh to try protocol version 2 only.
34
35 -4 Forces ssh to use IPv4 addresses only. 31 -4 Forces ssh to use IPv4 addresses only.
36 32
37 -6 Forces ssh to use IPv6 addresses only. 33 -6 Forces ssh to use IPv6 addresses only.
@@ -58,21 +54,16 @@ DESCRIPTION
58 -C Requests compression of all data (including stdin, stdout, 54 -C Requests compression of all data (including stdin, stdout,
59 stderr, and data for forwarded X11, TCP and UNIX-domain 55 stderr, and data for forwarded X11, TCP and UNIX-domain
60 connections). The compression algorithm is the same used by 56 connections). The compression algorithm is the same used by
61 gzip(1), and the M-bM-^@M-^\levelM-bM-^@M-^] can be controlled by the 57 gzip(1). Compression is desirable on modem lines and other slow
62 CompressionLevel option for protocol version 1. Compression is 58 connections, but will only slow down things on fast networks.
63 desirable on modem lines and other slow connections, but will 59 The default value can be set on a host-by-host basis in the
64 only slow down things on fast networks. The default value can be 60 configuration files; see the Compression option.
65 set on a host-by-host basis in the configuration files; see the
66 Compression option.
67 61
68 -c cipher_spec 62 -c cipher_spec
69 Selects the cipher specification for encrypting the session. 63 Selects the cipher specification for encrypting the session.
70 64 cipher_spec is a comma-separated list of ciphers listed in order
71 Protocol version 1 allows specification of a single cipher. The 65 of preference. See the Ciphers keyword in ssh_config(5) for more
72 supported values are M-bM-^@M-^\3desM-bM-^@M-^], M-bM-^@M-^\blowfishM-bM-^@M-^], and M-bM-^@M-^\desM-bM-^@M-^]. For protocol 66 information.
73 version 2, cipher_spec is a comma-separated list of ciphers
74 listed in order of preference. See the Ciphers keyword in
75 ssh_config(5) for more information.
76 67
77 -D [bind_address:]port 68 -D [bind_address:]port
78 Specifies a local M-bM-^@M-^\dynamicM-bM-^@M-^] application-level port forwarding. 69 Specifies a local M-bM-^@M-^\dynamicM-bM-^@M-^] application-level port forwarding.
@@ -137,10 +128,9 @@ DESCRIPTION
137 128
138 -i identity_file 129 -i identity_file
139 Selects a file from which the identity (private key) for public 130 Selects a file from which the identity (private key) for public
140 key authentication is read. The default is ~/.ssh/identity for 131 key authentication is read. The default is ~/.ssh/id_dsa,
141 protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, 132 ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa. Identity
142 ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. 133 files may also be specified on a per-host basis in the
143 Identity files may also be specified on a per-host basis in the
144 configuration file. It is possible to have multiple -i options 134 configuration file. It is possible to have multiple -i options
145 (and multiple identities specified in configuration files). If 135 (and multiple identities specified in configuration files). If
146 no certificates have been explicitly specified by the 136 no certificates have been explicitly specified by the
@@ -243,11 +233,9 @@ DESCRIPTION
243 CertificateFile 233 CertificateFile
244 ChallengeResponseAuthentication 234 ChallengeResponseAuthentication
245 CheckHostIP 235 CheckHostIP
246 Cipher
247 Ciphers 236 Ciphers
248 ClearAllForwardings 237 ClearAllForwardings
249 Compression 238 Compression
250 CompressionLevel
251 ConnectionAttempts 239 ConnectionAttempts
252 ConnectTimeout 240 ConnectTimeout
253 ControlMaster 241 ControlMaster
@@ -292,17 +280,15 @@ DESCRIPTION
292 PKCS11Provider 280 PKCS11Provider
293 Port 281 Port
294 PreferredAuthentications 282 PreferredAuthentications
295 Protocol
296 ProxyCommand 283 ProxyCommand
297 ProxyJump 284 ProxyJump
298 ProxyUseFdpass 285 ProxyUseFdpass
299 PubkeyAcceptedKeyTypes 286 PubkeyAcceptedKeyTypes
300 PubkeyAuthentication 287 PubkeyAuthentication
301 RekeyLimit 288 RekeyLimit
289 RemoteCommand
302 RemoteForward 290 RemoteForward
303 RequestTTY 291 RequestTTY
304 RhostsRSAAuthentication
305 RSAAuthentication
306 SendEnv 292 SendEnv
307 ServerAliveInterval 293 ServerAliveInterval
308 ServerAliveCountMax 294 ServerAliveCountMax
@@ -340,14 +326,20 @@ DESCRIPTION
340 -R [bind_address:]port:local_socket 326 -R [bind_address:]port:local_socket
341 -R remote_socket:host:hostport 327 -R remote_socket:host:hostport
342 -R remote_socket:local_socket 328 -R remote_socket:local_socket
329 -R [bind_address:]port
343 Specifies that connections to the given TCP port or Unix socket 330 Specifies that connections to the given TCP port or Unix socket
344 on the remote (server) host are to be forwarded to the given host 331 on the remote (server) host are to be forwarded to the local
345 and port, or Unix socket, on the local side. This works by 332 side.
346 allocating a socket to listen to either a TCP port or to a Unix 333
347 socket on the remote side. Whenever a connection is made to this 334 This works by allocating a socket to listen to either a TCP port
348 port or Unix socket, the connection is forwarded over the secure 335 or to a Unix socket on the remote side. Whenever a connection is
349 channel, and a connection is made to either host port hostport, 336 made to this port or Unix socket, the connection is forwarded
350 or local_socket, from the local machine. 337 over the secure channel, and a connection is made from the local
338 machine to either an explicit destination specified by host port
339 hostport, or local_socket, or, if no explicit destination was
340 specified, ssh will act as a SOCKS 4/5 proxy and forward
341 connections to the destinations requested by the remote SOCKS
342 client.
351 343
352 Port forwardings can also be specified in the configuration file. 344 Port forwardings can also be specified in the configuration file.
353 Privileged ports can be forwarded only when logging in as root on 345 Privileged ports can be forwarded only when logging in as root on
@@ -438,12 +430,7 @@ DESCRIPTION
438 and configuration options are described in ssh_config(5). 430 and configuration options are described in ssh_config(5).
439 431
440AUTHENTICATION 432AUTHENTICATION
441 The OpenSSH SSH client supports SSH protocols 1 and 2. The default is to 433 The OpenSSH SSH client supports SSH protocol 2.
442 use protocol 2 only, though this can be changed via the Protocol option
443 in ssh_config(5) or the -1 and -2 options (see above). Protocol 1 should
444 not be used and is only offered to support legacy devices. It suffers
445 from a number of cryptographic weaknesses and doesn't support many of the
446 advanced features available for protocol 2.
447 434
448 The methods available for authentication are: GSSAPI-based 435 The methods available for authentication are: GSSAPI-based
449 authentication, host-based authentication, public key authentication, 436 authentication, host-based authentication, public key authentication,
@@ -481,11 +468,15 @@ AUTHENTICATION
481 proves that it has access to the private key and the server checks that 468 proves that it has access to the private key and the server checks that
482 the corresponding public key is authorized to accept the account. 469 the corresponding public key is authorized to accept the account.
483 470
471 The server may inform the client of errors that prevented public key
472 authentication from succeeding after authentication completes using a
473 different method. These may be viewed by increasing the LogLevel to
474 DEBUG or higher (e.g. by using the -v flag).
475
484 The user creates his/her key pair by running ssh-keygen(1). This stores 476 The user creates his/her key pair by running ssh-keygen(1). This stores
485 the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (DSA), 477 the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA),
486 ~/.ssh/id_ecdsa (ECDSA), ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa 478 ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa (RSA) and stores the public
487 (RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1), 479 key in ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA),
488 ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA),
489 ~/.ssh/id_ed25519.pub (Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's 480 ~/.ssh/id_ed25519.pub (Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's
490 home directory. The user should then copy the public key to 481 home directory. The user should then copy the public key to
491 ~/.ssh/authorized_keys in his/her home directory on the remote machine. 482 ~/.ssh/authorized_keys in his/her home directory on the remote machine.
@@ -845,7 +836,6 @@ FILES
845 Contains additional definitions for environment variables; see 836 Contains additional definitions for environment variables; see
846 ENVIRONMENT, above. 837 ENVIRONMENT, above.
847 838
848 ~/.ssh/identity
849 ~/.ssh/id_dsa 839 ~/.ssh/id_dsa
850 ~/.ssh/id_ecdsa 840 ~/.ssh/id_ecdsa
851 ~/.ssh/id_ed25519 841 ~/.ssh/id_ed25519
@@ -858,7 +848,6 @@ FILES
858 will be used to encrypt the sensitive part of this file using 848 will be used to encrypt the sensitive part of this file using
859 3DES. 849 3DES.
860 850
861 ~/.ssh/identity.pub
862 ~/.ssh/id_dsa.pub 851 ~/.ssh/id_dsa.pub
863 ~/.ssh/id_ecdsa.pub 852 ~/.ssh/id_ecdsa.pub
864 ~/.ssh/id_ed25519.pub 853 ~/.ssh/id_ed25519.pub
@@ -968,4 +957,4 @@ AUTHORS
968 created OpenSSH. Markus Friedl contributed the support for SSH protocol 957 created OpenSSH. Markus Friedl contributed the support for SSH protocol
969 versions 1.5 and 2.0. 958 versions 1.5 and 2.0.
970 959
971OpenBSD 6.0 July 16, 2016 OpenBSD 6.0 960OpenBSD 6.2 September 21, 2017 OpenBSD 6.2