diff options
author | Damien Miller <djm@mindrot.org> | 2003-04-01 21:42:14 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2003-04-01 21:42:14 +1000 |
commit | 495dca35186a9a33c85a6fa2bcc1b127512bb688 (patch) | |
tree | 20392805c7b28713143bd8489a98b513a93d411a /ssh.1 | |
parent | f18462f5bff7265d151f9367d4dd2632a0b0fb25 (diff) |
- (djm) OpenBSD CVS Sync
- jmc@cvs.openbsd.org 2003/03/28 10:11:43
[scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5]
[ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8]
- killed whitespace
- new sentence new line
- .Bk for arguments
ok markus@
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 34 |
1 files changed, 20 insertions, 14 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.167 2002/09/27 15:46:21 stevesk Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.168 2003/03/28 10:11:43 jmc Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -48,6 +48,7 @@ | |||
48 | .Op Ar command | 48 | .Op Ar command |
49 | .Pp | 49 | .Pp |
50 | .Nm ssh | 50 | .Nm ssh |
51 | .Bk -words | ||
51 | .Op Fl afgknqstvxACNTX1246 | 52 | .Op Fl afgknqstvxACNTX1246 |
52 | .Op Fl b Ar bind_address | 53 | .Op Fl b Ar bind_address |
53 | .Op Fl c Ar cipher_spec | 54 | .Op Fl c Ar cipher_spec |
@@ -66,6 +67,8 @@ | |||
66 | .Sm on | 67 | .Sm on |
67 | .Xc | 68 | .Xc |
68 | .Oc | 69 | .Oc |
70 | .Ek | ||
71 | .Bk -words | ||
69 | .Oo Fl R Xo | 72 | .Oo Fl R Xo |
70 | .Sm off | 73 | .Sm off |
71 | .Ar port : | 74 | .Ar port : |
@@ -77,6 +80,7 @@ | |||
77 | .Op Fl D Ar port | 80 | .Op Fl D Ar port |
78 | .Ar hostname | user@hostname | 81 | .Ar hostname | user@hostname |
79 | .Op Ar command | 82 | .Op Ar command |
83 | .Ek | ||
80 | .Sh DESCRIPTION | 84 | .Sh DESCRIPTION |
81 | .Nm | 85 | .Nm |
82 | (SSH client) is a program for logging into a remote machine and for | 86 | (SSH client) is a program for logging into a remote machine and for |
@@ -361,7 +365,7 @@ variable is set to | |||
361 | .Fl A | 365 | .Fl A |
362 | and | 366 | and |
363 | .Fl a | 367 | .Fl a |
364 | options described later) and | 368 | options described later) and |
365 | the user is using an authentication agent, the connection to the agent | 369 | the user is using an authentication agent, the connection to the agent |
366 | is automatically forwarded to the remote side. | 370 | is automatically forwarded to the remote side. |
367 | .Pp | 371 | .Pp |
@@ -403,10 +407,11 @@ Disables forwarding of the authentication agent connection. | |||
403 | Enables forwarding of the authentication agent connection. | 407 | Enables forwarding of the authentication agent connection. |
404 | This can also be specified on a per-host basis in a configuration file. | 408 | This can also be specified on a per-host basis in a configuration file. |
405 | .Pp | 409 | .Pp |
406 | Agent forwarding should be enabled with caution. Users with the | 410 | Agent forwarding should be enabled with caution. |
407 | ability to bypass file permissions on the remote host (for the agent's | 411 | Users with the ability to bypass file permissions on the remote host |
408 | Unix-domain socket) can access the local agent through the forwarded | 412 | (for the agent's Unix-domain socket) |
409 | connection. An attacker cannot obtain key material from the agent, | 413 | can access the local agent through the forwarded connection. |
414 | An attacker cannot obtain key material from the agent, | ||
410 | however they can perform operations on the keys that enable them to | 415 | however they can perform operations on the keys that enable them to |
411 | authenticate using the identities loaded into the agent. | 416 | authenticate using the identities loaded into the agent. |
412 | .It Fl b Ar bind_address | 417 | .It Fl b Ar bind_address |
@@ -428,8 +433,8 @@ is only supported in the | |||
428 | client for interoperability with legacy protocol 1 implementations | 433 | client for interoperability with legacy protocol 1 implementations |
429 | that do not support the | 434 | that do not support the |
430 | .Ar 3des | 435 | .Ar 3des |
431 | cipher. Its use is strongly discouraged due to cryptographic | 436 | cipher. |
432 | weaknesses. | 437 | Its use is strongly discouraged due to cryptographic weaknesses. |
433 | .It Fl c Ar cipher_spec | 438 | .It Fl c Ar cipher_spec |
434 | Additionally, for protocol version 2 a comma-separated list of ciphers can | 439 | Additionally, for protocol version 2 a comma-separated list of ciphers can |
435 | be specified in order of preference. | 440 | be specified in order of preference. |
@@ -566,11 +571,11 @@ Disables X11 forwarding. | |||
566 | Enables X11 forwarding. | 571 | Enables X11 forwarding. |
567 | This can also be specified on a per-host basis in a configuration file. | 572 | This can also be specified on a per-host basis in a configuration file. |
568 | .Pp | 573 | .Pp |
569 | X11 forwarding should be enabled with caution. Users with the ability | 574 | X11 forwarding should be enabled with caution. |
570 | to bypass file permissions on the remote host (for the user's X | 575 | Users with the ability to bypass file permissions on the remote host |
571 | authorization database) can access the local X11 display through the | 576 | (for the user's X authorization database) |
572 | forwarded connection. An attacker may then be able to perform | 577 | can access the local X11 display through the forwarded connection. |
573 | activities such as keystroke monitoring. | 578 | An attacker may then be able to perform activities such as keystroke monitoring. |
574 | .It Fl C | 579 | .It Fl C |
575 | Requests compression of all data (including stdin, stdout, stderr, and | 580 | Requests compression of all data (including stdin, stdout, stderr, and |
576 | data for forwarded X11 and TCP/IP connections). | 581 | data for forwarded X11 and TCP/IP connections). |
@@ -637,7 +642,8 @@ This works by allocating a socket to listen to | |||
637 | on the local side, and whenever a connection is made to this port, the | 642 | on the local side, and whenever a connection is made to this port, the |
638 | connection is forwarded over the secure channel, and the application | 643 | connection is forwarded over the secure channel, and the application |
639 | protocol is then used to determine where to connect to from the | 644 | protocol is then used to determine where to connect to from the |
640 | remote machine. Currently the SOCKS4 protocol is supported, and | 645 | remote machine. |
646 | Currently the SOCKS4 protocol is supported, and | ||
641 | .Nm | 647 | .Nm |
642 | will act as a SOCKS4 server. | 648 | will act as a SOCKS4 server. |
643 | Only root can forward privileged ports. | 649 | Only root can forward privileged ports. |