diff options
author | Colin Watson <cjwatson@debian.org> | 2011-01-24 11:46:57 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2011-01-24 11:46:57 +0000 |
commit | 0970072c89b079b022538e3c366fbfa2c53fc821 (patch) | |
tree | b7024712d74234bb5a8b036ccbc9109e2e211296 /ssh.1 | |
parent | 4e8aa4da57000c7bba8e5c49163bc0c0ca383f78 (diff) | |
parent | 478ff799463ca926a8dfbabf058f4e84aaffc65a (diff) |
merge 5.7p1
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 85 |
1 files changed, 50 insertions, 35 deletions
@@ -1,4 +1,3 @@ | |||
1 | .\" -*- nroff -*- | ||
2 | .\" | 1 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 2 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -34,8 +33,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 35 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.308 2010/08/04 05:37:01 djm Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.316 2010/11/18 15:01:00 jmc Exp $ |
38 | .Dd $Mdocdate: August 4 2010 $ | 37 | .Dd $Mdocdate: November 18 2010 $ |
39 | .Dt SSH 1 | 38 | .Dt SSH 1 |
40 | .Os | 39 | .Os |
41 | .Sh NAME | 40 | .Sh NAME |
@@ -269,13 +268,14 @@ should use to communicate with a PKCS#11 token providing the user's | |||
269 | private RSA key. | 268 | private RSA key. |
270 | .It Fl i Ar identity_file | 269 | .It Fl i Ar identity_file |
271 | Selects a file from which the identity (private key) for | 270 | Selects a file from which the identity (private key) for |
272 | RSA or DSA authentication is read. | 271 | public key authentication is read. |
273 | The default is | 272 | The default is |
274 | .Pa ~/.ssh/identity | 273 | .Pa ~/.ssh/identity |
275 | for protocol version 1, and | 274 | for protocol version 1, and |
276 | .Pa ~/.ssh/id_rsa | 275 | .Pa ~/.ssh/id_dsa , |
276 | .Pa ~/.ssh/id_ecdsa | ||
277 | and | 277 | and |
278 | .Pa ~/.ssh/id_dsa | 278 | .Pa ~/.ssh/id_rsa |
279 | for protocol version 2. | 279 | for protocol version 2. |
280 | Identity files may also be specified on | 280 | Identity files may also be specified on |
281 | a per-host basis in the configuration file. | 281 | a per-host basis in the configuration file. |
@@ -435,7 +435,9 @@ For full details of the options listed below, and their possible values, see | |||
435 | .It HostName | 435 | .It HostName |
436 | .It IdentityFile | 436 | .It IdentityFile |
437 | .It IdentitiesOnly | 437 | .It IdentitiesOnly |
438 | .It IPQoS | ||
438 | .It KbdInteractiveDevices | 439 | .It KbdInteractiveDevices |
440 | .It KexAlgorithms | ||
439 | .It LocalCommand | 441 | .It LocalCommand |
440 | .It LocalForward | 442 | .It LocalForward |
441 | .It LogLevel | 443 | .It LogLevel |
@@ -646,10 +648,6 @@ may additionally obtain configuration data from | |||
646 | a per-user configuration file and a system-wide configuration file. | 648 | a per-user configuration file and a system-wide configuration file. |
647 | The file format and configuration options are described in | 649 | The file format and configuration options are described in |
648 | .Xr ssh_config 5 . | 650 | .Xr ssh_config 5 . |
649 | .Pp | ||
650 | .Nm | ||
651 | exits with the exit status of the remote command or with 255 | ||
652 | if an error occurred. | ||
653 | .Sh AUTHENTICATION | 651 | .Sh AUTHENTICATION |
654 | The OpenSSH SSH client supports SSH protocols 1 and 2. | 652 | The OpenSSH SSH client supports SSH protocols 1 and 2. |
655 | The default is to use protocol 2 only, | 653 | The default is to use protocol 2 only, |
@@ -721,14 +719,14 @@ key pair for authentication purposes. | |||
721 | The server knows the public key, and only the user knows the private key. | 719 | The server knows the public key, and only the user knows the private key. |
722 | .Nm | 720 | .Nm |
723 | implements public key authentication protocol automatically, | 721 | implements public key authentication protocol automatically, |
724 | using either the RSA or DSA algorithms. | 722 | using one of the DSA, ECDSA or RSA algorithms. |
725 | Protocol 1 is restricted to using only RSA keys, | 723 | Protocol 1 is restricted to using only RSA keys, |
726 | but protocol 2 may use either. | 724 | but protocol 2 may use any. |
727 | The | 725 | The |
728 | .Sx HISTORY | 726 | .Sx HISTORY |
729 | section of | 727 | section of |
730 | .Xr ssl 8 | 728 | .Xr ssl 8 |
731 | contains a brief discussion of the two algorithms. | 729 | contains a brief discussion of the DSA and RSA algorithms. |
732 | .Pp | 730 | .Pp |
733 | The file | 731 | The file |
734 | .Pa ~/.ssh/authorized_keys | 732 | .Pa ~/.ssh/authorized_keys |
@@ -748,6 +746,8 @@ This stores the private key in | |||
748 | (protocol 1), | 746 | (protocol 1), |
749 | .Pa ~/.ssh/id_dsa | 747 | .Pa ~/.ssh/id_dsa |
750 | (protocol 2 DSA), | 748 | (protocol 2 DSA), |
749 | .Pa ~/.ssh/id_ecdsa | ||
750 | (protocol 2 ECDSA), | ||
751 | or | 751 | or |
752 | .Pa ~/.ssh/id_rsa | 752 | .Pa ~/.ssh/id_rsa |
753 | (protocol 2 RSA) | 753 | (protocol 2 RSA) |
@@ -756,6 +756,8 @@ and stores the public key in | |||
756 | (protocol 1), | 756 | (protocol 1), |
757 | .Pa ~/.ssh/id_dsa.pub | 757 | .Pa ~/.ssh/id_dsa.pub |
758 | (protocol 2 DSA), | 758 | (protocol 2 DSA), |
759 | .Pa ~/.ssh/id_ecdsa.pub | ||
760 | (protocol 2 ECDSA), | ||
759 | or | 761 | or |
760 | .Pa ~/.ssh/id_rsa.pub | 762 | .Pa ~/.ssh/id_rsa.pub |
761 | (protocol 2 RSA) | 763 | (protocol 2 RSA) |
@@ -1250,7 +1252,7 @@ option in | |||
1250 | .Xr sshd_config 5 . | 1252 | .Xr sshd_config 5 . |
1251 | .Sh FILES | 1253 | .Sh FILES |
1252 | .Bl -tag -width Ds -compact | 1254 | .Bl -tag -width Ds -compact |
1253 | .It ~/.rhosts | 1255 | .It Pa ~/.rhosts |
1254 | This file is used for host-based authentication (see above). | 1256 | This file is used for host-based authentication (see above). |
1255 | On some machines this file may need to be | 1257 | On some machines this file may need to be |
1256 | world-readable if the user's home directory is on an NFS partition, | 1258 | world-readable if the user's home directory is on an NFS partition, |
@@ -1263,42 +1265,44 @@ The recommended | |||
1263 | permission for most machines is read/write for the user, and not | 1265 | permission for most machines is read/write for the user, and not |
1264 | accessible by others. | 1266 | accessible by others. |
1265 | .Pp | 1267 | .Pp |
1266 | .It ~/.shosts | 1268 | .It Pa ~/.shosts |
1267 | This file is used in exactly the same way as | 1269 | This file is used in exactly the same way as |
1268 | .Pa .rhosts , | 1270 | .Pa .rhosts , |
1269 | but allows host-based authentication without permitting login with | 1271 | but allows host-based authentication without permitting login with |
1270 | rlogin/rsh. | 1272 | rlogin/rsh. |
1271 | .Pp | 1273 | .Pp |
1272 | .It ~/.ssh/ | 1274 | .It Pa ~/.ssh/ |
1273 | This directory is the default location for all user-specific configuration | 1275 | This directory is the default location for all user-specific configuration |
1274 | and authentication information. | 1276 | and authentication information. |
1275 | There is no general requirement to keep the entire contents of this directory | 1277 | There is no general requirement to keep the entire contents of this directory |
1276 | secret, but the recommended permissions are read/write/execute for the user, | 1278 | secret, but the recommended permissions are read/write/execute for the user, |
1277 | and not accessible by others. | 1279 | and not accessible by others. |
1278 | .Pp | 1280 | .Pp |
1279 | .It ~/.ssh/authorized_keys | 1281 | .It Pa ~/.ssh/authorized_keys |
1280 | Lists the public keys (RSA/DSA) that can be used for logging in as this user. | 1282 | Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in as |
1283 | this user. | ||
1281 | The format of this file is described in the | 1284 | The format of this file is described in the |
1282 | .Xr sshd 8 | 1285 | .Xr sshd 8 |
1283 | manual page. | 1286 | manual page. |
1284 | This file is not highly sensitive, but the recommended | 1287 | This file is not highly sensitive, but the recommended |
1285 | permissions are read/write for the user, and not accessible by others. | 1288 | permissions are read/write for the user, and not accessible by others. |
1286 | .Pp | 1289 | .Pp |
1287 | .It ~/.ssh/config | 1290 | .It Pa ~/.ssh/config |
1288 | This is the per-user configuration file. | 1291 | This is the per-user configuration file. |
1289 | The file format and configuration options are described in | 1292 | The file format and configuration options are described in |
1290 | .Xr ssh_config 5 . | 1293 | .Xr ssh_config 5 . |
1291 | Because of the potential for abuse, this file must have strict permissions: | 1294 | Because of the potential for abuse, this file must have strict permissions: |
1292 | read/write for the user, and not accessible by others. | 1295 | read/write for the user, and not accessible by others. |
1293 | .Pp | 1296 | .Pp |
1294 | .It ~/.ssh/environment | 1297 | .It Pa ~/.ssh/environment |
1295 | Contains additional definitions for environment variables; see | 1298 | Contains additional definitions for environment variables; see |
1296 | .Sx ENVIRONMENT , | 1299 | .Sx ENVIRONMENT , |
1297 | above. | 1300 | above. |
1298 | .Pp | 1301 | .Pp |
1299 | .It ~/.ssh/identity | 1302 | .It Pa ~/.ssh/identity |
1300 | .It ~/.ssh/id_dsa | 1303 | .It Pa ~/.ssh/id_dsa |
1301 | .It ~/.ssh/id_rsa | 1304 | .It Pa ~/.ssh/id_ecdsa |
1305 | .It Pa ~/.ssh/id_rsa | ||
1302 | Contains the private key for authentication. | 1306 | Contains the private key for authentication. |
1303 | These files | 1307 | These files |
1304 | contain sensitive data and should be readable by the user but not | 1308 | contain sensitive data and should be readable by the user but not |
@@ -1309,21 +1313,22 @@ It is possible to specify a passphrase when | |||
1309 | generating the key which will be used to encrypt the | 1313 | generating the key which will be used to encrypt the |
1310 | sensitive part of this file using 3DES. | 1314 | sensitive part of this file using 3DES. |
1311 | .Pp | 1315 | .Pp |
1312 | .It ~/.ssh/identity.pub | 1316 | .It Pa ~/.ssh/identity.pub |
1313 | .It ~/.ssh/id_dsa.pub | 1317 | .It Pa ~/.ssh/id_dsa.pub |
1314 | .It ~/.ssh/id_rsa.pub | 1318 | .It Pa ~/.ssh/id_ecdsa.pub |
1319 | .It Pa ~/.ssh/id_rsa.pub | ||
1315 | Contains the public key for authentication. | 1320 | Contains the public key for authentication. |
1316 | These files are not | 1321 | These files are not |
1317 | sensitive and can (but need not) be readable by anyone. | 1322 | sensitive and can (but need not) be readable by anyone. |
1318 | .Pp | 1323 | .Pp |
1319 | .It ~/.ssh/known_hosts | 1324 | .It Pa ~/.ssh/known_hosts |
1320 | Contains a list of host keys for all hosts the user has logged into | 1325 | Contains a list of host keys for all hosts the user has logged into |
1321 | that are not already in the systemwide list of known host keys. | 1326 | that are not already in the systemwide list of known host keys. |
1322 | See | 1327 | See |
1323 | .Xr sshd 8 | 1328 | .Xr sshd 8 |
1324 | for further details of the format of this file. | 1329 | for further details of the format of this file. |
1325 | .Pp | 1330 | .Pp |
1326 | .It ~/.ssh/rc | 1331 | .It Pa ~/.ssh/rc |
1327 | Commands in this file are executed by | 1332 | Commands in this file are executed by |
1328 | .Nm | 1333 | .Nm |
1329 | when the user logs in, just before the user's shell (or command) is | 1334 | when the user logs in, just before the user's shell (or command) is |
@@ -1332,11 +1337,11 @@ See the | |||
1332 | .Xr sshd 8 | 1337 | .Xr sshd 8 |
1333 | manual page for more information. | 1338 | manual page for more information. |
1334 | .Pp | 1339 | .Pp |
1335 | .It /etc/hosts.equiv | 1340 | .It Pa /etc/hosts.equiv |
1336 | This file is for host-based authentication (see above). | 1341 | This file is for host-based authentication (see above). |
1337 | It should only be writable by root. | 1342 | It should only be writable by root. |
1338 | .Pp | 1343 | .Pp |
1339 | .It /etc/shosts.equiv | 1344 | .It Pa /etc/shosts.equiv |
1340 | This file is used in exactly the same way as | 1345 | This file is used in exactly the same way as |
1341 | .Pa hosts.equiv , | 1346 | .Pa hosts.equiv , |
1342 | but allows host-based authentication without permitting login with | 1347 | but allows host-based authentication without permitting login with |
@@ -1347,9 +1352,10 @@ Systemwide configuration file. | |||
1347 | The file format and configuration options are described in | 1352 | The file format and configuration options are described in |
1348 | .Xr ssh_config 5 . | 1353 | .Xr ssh_config 5 . |
1349 | .Pp | 1354 | .Pp |
1350 | .It /etc/ssh/ssh_host_key | 1355 | .It Pa /etc/ssh/ssh_host_key |
1351 | .It /etc/ssh/ssh_host_dsa_key | 1356 | .It Pa /etc/ssh/ssh_host_dsa_key |
1352 | .It /etc/ssh/ssh_host_rsa_key | 1357 | .It Pa /etc/ssh/ssh_host_ecdsa_key |
1358 | .It Pa /etc/ssh/ssh_host_rsa_key | ||
1353 | These three files contain the private parts of the host keys | 1359 | These three files contain the private parts of the host keys |
1354 | and are used for host-based authentication. | 1360 | and are used for host-based authentication. |
1355 | If protocol version 1 is used, | 1361 | If protocol version 1 is used, |
@@ -1367,7 +1373,7 @@ By default | |||
1367 | .Nm | 1373 | .Nm |
1368 | is not setuid root. | 1374 | is not setuid root. |
1369 | .Pp | 1375 | .Pp |
1370 | .It /etc/ssh/ssh_known_hosts | 1376 | .It Pa /etc/ssh/ssh_known_hosts |
1371 | Systemwide list of known host keys. | 1377 | Systemwide list of known host keys. |
1372 | This file should be prepared by the | 1378 | This file should be prepared by the |
1373 | system administrator to contain the public host keys of all machines in the | 1379 | system administrator to contain the public host keys of all machines in the |
@@ -1377,7 +1383,7 @@ See | |||
1377 | .Xr sshd 8 | 1383 | .Xr sshd 8 |
1378 | for further details of the format of this file. | 1384 | for further details of the format of this file. |
1379 | .Pp | 1385 | .Pp |
1380 | .It /etc/ssh/sshrc | 1386 | .It Pa /etc/ssh/sshrc |
1381 | Commands in this file are executed by | 1387 | Commands in this file are executed by |
1382 | .Nm | 1388 | .Nm |
1383 | when the user logs in, just before the user's shell (or command) is started. | 1389 | when the user logs in, just before the user's shell (or command) is started. |
@@ -1385,6 +1391,10 @@ See the | |||
1385 | .Xr sshd 8 | 1391 | .Xr sshd 8 |
1386 | manual page for more information. | 1392 | manual page for more information. |
1387 | .El | 1393 | .El |
1394 | .Sh EXIT STATUS | ||
1395 | .Nm | ||
1396 | exits with the exit status of the remote command or with 255 | ||
1397 | if an error occurred. | ||
1388 | .Sh SEE ALSO | 1398 | .Sh SEE ALSO |
1389 | .Xr scp 1 , | 1399 | .Xr scp 1 , |
1390 | .Xr sftp 1 , | 1400 | .Xr sftp 1 , |
@@ -1458,6 +1468,11 @@ manual page for more information. | |||
1458 | .%D 2006 | 1468 | .%D 2006 |
1459 | .Re | 1469 | .Re |
1460 | .Rs | 1470 | .Rs |
1471 | .%R RFC 5656 | ||
1472 | .%T "Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer" | ||
1473 | .%D 2009 | ||
1474 | .Re | ||
1475 | .Rs | ||
1461 | .%T "Hash Visualization: a New Technique to improve Real-World Security" | 1476 | .%T "Hash Visualization: a New Technique to improve Real-World Security" |
1462 | .%A A. Perrig | 1477 | .%A A. Perrig |
1463 | .%A D. Song | 1478 | .%A D. Song |