diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-10 00:18:28 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2014-02-10 00:18:28 +0000 |
commit | 9a975a9faed7c4f334e8c8490db3e77e102f2b21 (patch) | |
tree | 764a885ec9a963f6a8b15de6e1765f16b9ac4738 /ssh.1 | |
parent | ee196dab7c5f97f0b80c8099343a375bead92010 (diff) | |
parent | cdb6c90811caa5df2df856be9b0b16db020fe31d (diff) |
Import openssh_6.5p1.orig.tar.gz
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 55 |
1 files changed, 36 insertions, 19 deletions
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh.1,v 1.334 2013/07/18 01:12:26 djm Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.343 2013/12/07 11:58:46 naddy Exp $ |
37 | .Dd $Mdocdate: July 18 2013 $ | 37 | .Dd $Mdocdate: December 7 2013 $ |
38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -58,6 +58,7 @@ | |||
58 | .Op Fl O Ar ctl_cmd | 58 | .Op Fl O Ar ctl_cmd |
59 | .Op Fl o Ar option | 59 | .Op Fl o Ar option |
60 | .Op Fl p Ar port | 60 | .Op Fl p Ar port |
61 | .Op Fl Q Cm cipher | cipher-auth | mac | kex | key | ||
61 | .Op Fl R Oo Ar bind_address : Oc Ns Ar port : Ns Ar host : Ns Ar hostport | 62 | .Op Fl R Oo Ar bind_address : Oc Ns Ar port : Ns Ar host : Ns Ar hostport |
62 | .Op Fl S Ar ctl_path | 63 | .Op Fl S Ar ctl_path |
63 | .Op Fl W Ar host : Ns Ar port | 64 | .Op Fl W Ar host : Ns Ar port |
@@ -65,8 +66,6 @@ | |||
65 | .Oo Ar user Ns @ Oc Ns Ar hostname | 66 | .Oo Ar user Ns @ Oc Ns Ar hostname |
66 | .Op Ar command | 67 | .Op Ar command |
67 | .Ek | 68 | .Ek |
68 | .Nm | ||
69 | .Fl Q Ar protocol_feature | ||
70 | .Sh DESCRIPTION | 69 | .Sh DESCRIPTION |
71 | .Nm | 70 | .Nm |
72 | (SSH client) is a program for logging into a remote machine and for | 71 | (SSH client) is a program for logging into a remote machine and for |
@@ -280,7 +279,8 @@ The default is | |||
280 | .Pa ~/.ssh/identity | 279 | .Pa ~/.ssh/identity |
281 | for protocol version 1, and | 280 | for protocol version 1, and |
282 | .Pa ~/.ssh/id_dsa , | 281 | .Pa ~/.ssh/id_dsa , |
283 | .Pa ~/.ssh/id_ecdsa | 282 | .Pa ~/.ssh/id_ecdsa , |
283 | .Pa ~/.ssh/id_ed25519 | ||
284 | and | 284 | and |
285 | .Pa ~/.ssh/id_rsa | 285 | .Pa ~/.ssh/id_rsa |
286 | for protocol version 2. | 286 | for protocol version 2. |
@@ -417,6 +417,11 @@ For full details of the options listed below, and their possible values, see | |||
417 | .It AddressFamily | 417 | .It AddressFamily |
418 | .It BatchMode | 418 | .It BatchMode |
419 | .It BindAddress | 419 | .It BindAddress |
420 | .It CanonicalDomains | ||
421 | .It CanonicalizeFallbackLocal | ||
422 | .It CanonicalizeHostname | ||
423 | .It CanonicalizeMaxDots | ||
424 | .It CanonicalizePermittedCNAMEs | ||
420 | .It ChallengeResponseAuthentication | 425 | .It ChallengeResponseAuthentication |
421 | .It CheckHostIP | 426 | .It CheckHostIP |
422 | .It Cipher | 427 | .It Cipher |
@@ -456,6 +461,7 @@ For full details of the options listed below, and their possible values, see | |||
456 | .It LocalForward | 461 | .It LocalForward |
457 | .It LogLevel | 462 | .It LogLevel |
458 | .It MACs | 463 | .It MACs |
464 | .It Match | ||
459 | .It NoHostAuthenticationForLocalhost | 465 | .It NoHostAuthenticationForLocalhost |
460 | .It NumberOfPasswordPrompts | 466 | .It NumberOfPasswordPrompts |
461 | .It PasswordAuthentication | 467 | .It PasswordAuthentication |
@@ -465,6 +471,7 @@ For full details of the options listed below, and their possible values, see | |||
465 | .It PreferredAuthentications | 471 | .It PreferredAuthentications |
466 | .It Protocol | 472 | .It Protocol |
467 | .It ProxyCommand | 473 | .It ProxyCommand |
474 | .It ProxyUseFdpass | ||
468 | .It PubkeyAuthentication | 475 | .It PubkeyAuthentication |
469 | .It RekeyLimit | 476 | .It RekeyLimit |
470 | .It RemoteForward | 477 | .It RemoteForward |
@@ -489,21 +496,21 @@ For full details of the options listed below, and their possible values, see | |||
489 | Port to connect to on the remote host. | 496 | Port to connect to on the remote host. |
490 | This can be specified on a | 497 | This can be specified on a |
491 | per-host basis in the configuration file. | 498 | per-host basis in the configuration file. |
492 | .It Fl Q Ar protocol_feature | 499 | .It Fl Q Cm cipher | cipher-auth | mac | kex | key |
493 | Queries | 500 | Queries |
494 | .Nm | 501 | .Nm |
495 | for the algorithms supported for the specified version 2 | 502 | for the algorithms supported for the specified version 2. |
496 | .Ar protocol_feature . | 503 | The available features are: |
497 | The queriable features are: | 504 | .Ar cipher |
498 | .Dq cipher | ||
499 | (supported symmetric ciphers), | 505 | (supported symmetric ciphers), |
500 | .Dq MAC | 506 | .Ar cipher-auth |
507 | (supported symmetric ciphers that support authenticated encryption), | ||
508 | .Ar mac | ||
501 | (supported message integrity codes), | 509 | (supported message integrity codes), |
502 | .Dq KEX | 510 | .Ar kex |
503 | (key exchange algorithms), | 511 | (key exchange algorithms), |
504 | .Dq key | 512 | .Ar key |
505 | (key types). | 513 | (key types). |
506 | Protocol features are treated case-insensitively. | ||
507 | .It Fl q | 514 | .It Fl q |
508 | Quiet mode. | 515 | Quiet mode. |
509 | Causes most warning and diagnostic messages to be suppressed. | 516 | Causes most warning and diagnostic messages to be suppressed. |
@@ -751,7 +758,7 @@ key pair for authentication purposes. | |||
751 | The server knows the public key, and only the user knows the private key. | 758 | The server knows the public key, and only the user knows the private key. |
752 | .Nm | 759 | .Nm |
753 | implements public key authentication protocol automatically, | 760 | implements public key authentication protocol automatically, |
754 | using one of the DSA, ECDSA or RSA algorithms. | 761 | using one of the DSA, ECDSA, ED25519 or RSA algorithms. |
755 | Protocol 1 is restricted to using only RSA keys, | 762 | Protocol 1 is restricted to using only RSA keys, |
756 | but protocol 2 may use any. | 763 | but protocol 2 may use any. |
757 | The HISTORY section of | 764 | The HISTORY section of |
@@ -778,6 +785,8 @@ This stores the private key in | |||
778 | (protocol 2 DSA), | 785 | (protocol 2 DSA), |
779 | .Pa ~/.ssh/id_ecdsa | 786 | .Pa ~/.ssh/id_ecdsa |
780 | (protocol 2 ECDSA), | 787 | (protocol 2 ECDSA), |
788 | .Pa ~/.ssh/id_ed25519 | ||
789 | (protocol 2 ED25519), | ||
781 | or | 790 | or |
782 | .Pa ~/.ssh/id_rsa | 791 | .Pa ~/.ssh/id_rsa |
783 | (protocol 2 RSA) | 792 | (protocol 2 RSA) |
@@ -788,6 +797,8 @@ and stores the public key in | |||
788 | (protocol 2 DSA), | 797 | (protocol 2 DSA), |
789 | .Pa ~/.ssh/id_ecdsa.pub | 798 | .Pa ~/.ssh/id_ecdsa.pub |
790 | (protocol 2 ECDSA), | 799 | (protocol 2 ECDSA), |
800 | .Pa ~/.ssh/id_ed25519.pub | ||
801 | (protocol 2 ED25519), | ||
791 | or | 802 | or |
792 | .Pa ~/.ssh/id_rsa.pub | 803 | .Pa ~/.ssh/id_rsa.pub |
793 | (protocol 2 RSA) | 804 | (protocol 2 RSA) |
@@ -827,9 +838,12 @@ text, and prompts for a response. | |||
827 | Protocol 2 allows multiple challenges and responses; | 838 | Protocol 2 allows multiple challenges and responses; |
828 | protocol 1 is restricted to just one challenge/response. | 839 | protocol 1 is restricted to just one challenge/response. |
829 | Examples of challenge-response authentication include | 840 | Examples of challenge-response authentication include |
830 | BSD Authentication (see | 841 | .Bx |
842 | Authentication (see | ||
831 | .Xr login.conf 5 ) | 843 | .Xr login.conf 5 ) |
832 | and PAM (some non-OpenBSD systems). | 844 | and PAM (some |
845 | .Pf non- Ox | ||
846 | systems). | ||
833 | .Pp | 847 | .Pp |
834 | Finally, if other authentication methods fail, | 848 | Finally, if other authentication methods fail, |
835 | .Nm | 849 | .Nm |
@@ -1324,8 +1338,8 @@ secret, but the recommended permissions are read/write/execute for the user, | |||
1324 | and not accessible by others. | 1338 | and not accessible by others. |
1325 | .Pp | 1339 | .Pp |
1326 | .It Pa ~/.ssh/authorized_keys | 1340 | .It Pa ~/.ssh/authorized_keys |
1327 | Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in as | 1341 | Lists the public keys (DSA, ECDSA, ED25519, RSA) |
1328 | this user. | 1342 | that can be used for logging in as this user. |
1329 | The format of this file is described in the | 1343 | The format of this file is described in the |
1330 | .Xr sshd 8 | 1344 | .Xr sshd 8 |
1331 | manual page. | 1345 | manual page. |
@@ -1347,6 +1361,7 @@ above. | |||
1347 | .It Pa ~/.ssh/identity | 1361 | .It Pa ~/.ssh/identity |
1348 | .It Pa ~/.ssh/id_dsa | 1362 | .It Pa ~/.ssh/id_dsa |
1349 | .It Pa ~/.ssh/id_ecdsa | 1363 | .It Pa ~/.ssh/id_ecdsa |
1364 | .It Pa ~/.ssh/id_ed25519 | ||
1350 | .It Pa ~/.ssh/id_rsa | 1365 | .It Pa ~/.ssh/id_rsa |
1351 | Contains the private key for authentication. | 1366 | Contains the private key for authentication. |
1352 | These files | 1367 | These files |
@@ -1361,6 +1376,7 @@ sensitive part of this file using 3DES. | |||
1361 | .It Pa ~/.ssh/identity.pub | 1376 | .It Pa ~/.ssh/identity.pub |
1362 | .It Pa ~/.ssh/id_dsa.pub | 1377 | .It Pa ~/.ssh/id_dsa.pub |
1363 | .It Pa ~/.ssh/id_ecdsa.pub | 1378 | .It Pa ~/.ssh/id_ecdsa.pub |
1379 | .It Pa ~/.ssh/id_ed25519.pub | ||
1364 | .It Pa ~/.ssh/id_rsa.pub | 1380 | .It Pa ~/.ssh/id_rsa.pub |
1365 | Contains the public key for authentication. | 1381 | Contains the public key for authentication. |
1366 | These files are not | 1382 | These files are not |
@@ -1400,6 +1416,7 @@ The file format and configuration options are described in | |||
1400 | .It Pa /etc/ssh/ssh_host_key | 1416 | .It Pa /etc/ssh/ssh_host_key |
1401 | .It Pa /etc/ssh/ssh_host_dsa_key | 1417 | .It Pa /etc/ssh/ssh_host_dsa_key |
1402 | .It Pa /etc/ssh/ssh_host_ecdsa_key | 1418 | .It Pa /etc/ssh/ssh_host_ecdsa_key |
1419 | .It Pa /etc/ssh/ssh_host_ed25519_key | ||
1403 | .It Pa /etc/ssh/ssh_host_rsa_key | 1420 | .It Pa /etc/ssh/ssh_host_rsa_key |
1404 | These files contain the private parts of the host keys | 1421 | These files contain the private parts of the host keys |
1405 | and are used for host-based authentication. | 1422 | and are used for host-based authentication. |