summaryrefslogtreecommitdiff
path: root/openssh.1
diff options
context:
space:
mode:
Diffstat (limited to 'openssh.1')
-rw-r--r--openssh.1966
1 files changed, 966 insertions, 0 deletions
diff --git a/openssh.1 b/openssh.1
new file mode 100644
index 000000000..21a4e63cb
--- /dev/null
+++ b/openssh.1
@@ -0,0 +1,966 @@
1.\" -*- nroff -*-
2.\"
3.\" ssh.1.in
4.\"
5.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
6.\"
7.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
8.\" All rights reserved
9.\"
10.\" Created: Sat Apr 22 21:55:14 1995 ylo
11.\"
12.\" $Id: openssh.1,v 1.1 1999/10/28 04:03:14 damien Exp $
13.\"
14.Dd September 25, 1999
15.Dt SSH 1
16.Os
17.Sh NAME
18.Nm ssh
19.Nd OpenSSH secure shell client (remote login program)
20.Sh SYNOPSIS
21.Nm ssh
22.Op Fl l Ar login_name
23.Op Ar hostname | user@hostname
24.Op Ar command
25.Pp
26.Nm ssh
27.Op Fl afgknqtvxCPX
28.Op Fl c Ar blowfish | 3des
29.Op Fl e Ar escape_char
30.Op Fl i Ar identity_file
31.Op Fl l Ar login_name
32.Op Fl o Ar option
33.Op Fl p Ar port
34.Oo Fl L Xo
35.Sm off
36.Ar host :
37.Ar port :
38.Ar hostport
39.Sm on
40.Xc
41.Oc
42.Oo Fl R Xo
43.Sm off
44.Ar host :
45.Ar port :
46.Ar hostport
47.Sm on
48.Xc
49.Oc
50.Op Ar hostname | user@hostname
51.Op Ar command
52.Sh DESCRIPTION
53.Nm
54(Secure Shell) is a program for logging into a remote machine and for
55executing commands on a remote machine. It is intended to replace
56rlogin and rsh, and provide secure encrypted communications between
57two untrusted hosts over an insecure network. X11 connections and
58arbitrary TCP/IP ports can also be forwarded over the secure channel.
59.Pp
60.Nm
61connects and logs into the specified
62.Ar hostname .
63The user must prove
64his/her identity to the remote machine using one of several methods.
65.Pp
66First, if the machine the user logs in from is listed in
67.Pa /etc/hosts.equiv
68or
69.Pa /etc/openssh/shosts.equiv
70on the remote machine, and the user names are
71the same on both sides, the user is immediately permitted to log in.
72Second, if
73.Pa \&.rhosts
74or
75.Pa \&.shosts
76exists in the user's home directory on the
77remote machine and contains a line containing the name of the client
78machine and the name of the user on that machine, the user is
79permitted to log in. This form of authentication alone is normally not
80allowed by the server because it is not secure.
81.Pp
82The second (and primary) authentication method is the
83.Pa rhosts
84or
85.Pa hosts.equiv
86method combined with RSA-based host authentication. It
87means that if the login would be permitted by
88.Pa \&.rhosts ,
89.Pa \&.shosts ,
90.Pa /etc/hosts.equiv ,
91or
92.Pa /etc/openssh/shosts.equiv ,
93and if additionally the server can verify the client's
94host key (see
95.Pa /etc/openssh/ssh_known_hosts
96in the
97.Sx FILES
98section), only then login is
99permitted. This authentication method closes security holes due to IP
100spoofing, DNS spoofing and routing spoofing. [Note to the
101administrator:
102.Pa /etc/hosts.equiv ,
103.Pa \&.rhosts ,
104and the rlogin/rsh protocol in general, are inherently insecure and should be
105disabled if security is desired.]
106.Pp
107As a third authentication method,
108.Nm
109supports RSA based authentication.
110The scheme is based on public-key cryptography: there are cryptosystems
111where encryption and decryption are done using separate keys, and it
112is not possible to derive the decryption key from the encryption key.
113RSA is one such system. The idea is that each user creates a public/private
114key pair for authentication purposes. The
115server knows the public key, and only the user knows the private key.
116The file
117.Pa $HOME/.ssh/authorized_keys
118lists the public keys that are permitted for logging
119in. When the user logs in, the
120.Nm
121program tells the server which key pair it would like to use for
122authentication. The server checks if this key is permitted, and if
123so, sends the user (actually the
124.Nm
125program running on behalf of the user) a challenge, a random number,
126encrypted by the user's public key. The challenge can only be
127decrypted using the proper private key. The user's client then decrypts the
128challenge using the private key, proving that he/she knows the private
129key but without disclosing it to the server.
130.Pp
131.Nm
132implements the RSA authentication protocol automatically. The user
133creates his/her RSA key pair by running
134.Xr ssh-keygen 1 .
135This stores the private key in
136.Pa \&.ssh/identity
137and the public key in
138.Pa \&.ssh/identity.pub
139in the user's home directory. The user should then
140copy the
141.Pa identity.pub
142to
143.Pa \&.ssh/authorized_keys
144in his/her home directory on the remote machine (the
145.Pa authorized_keys
146file corresponds to the conventional
147.Pa \&.rhosts
148file, and has one key
149per line, though the lines can be very long). After this, the user
150can log in without giving the password. RSA authentication is much
151more secure than rhosts authentication.
152.Pp
153The most convenient way to use RSA authentication may be with an
154authentication agent. See
155.Xr ssh-agent 1
156for more information.
157.Pp
158If other authentication methods fail,
159.Nm
160prompts the user for a password. The password is sent to the remote
161host for checking; however, since all communications are encrypted,
162the password cannot be seen by someone listening on the network.
163.Pp
164When the user's identity has been accepted by the server, the server
165either executes the given command, or logs into the machine and gives
166the user a normal shell on the remote machine. All communication with
167the remote command or shell will be automatically encrypted.
168.Pp
169If a pseudo-terminal has been allocated (normal login session), the
170user can disconnect with
171.Ic ~. ,
172and suspend
173.Nm
174with
175.Ic ~^Z .
176All forwarded connections can be listed with
177.Ic ~#
178and if
179the session blocks waiting for forwarded X11 or TCP/IP
180connections to terminate, it can be backgrounded with
181.Ic ~&
182(this should not be used while the user shell is active, as it can cause the
183shell to hang). All available escapes can be listed with
184.Ic ~? .
185.Pp
186A single tilde character can be sent as
187.Ic ~~
188(or by following the tilde by a character other than those described above).
189The escape character must always follow a newline to be interpreted as
190special. The escape character can be changed in configuration files
191or on the command line.
192.Pp
193If no pseudo tty has been allocated, the
194session is transparent and can be used to reliably transfer binary
195data. On most systems, setting the escape character to
196.Dq none
197will also make the session transparent even if a tty is used.
198.Pp
199The session terminates when the command or shell in on the remote
200machine exists and all X11 and TCP/IP connections have been closed.
201The exit status of the remote program is returned as the exit status
202of
203.Nm ssh .
204.Pp
205If the user is using X11 (the
206.Ev DISPLAY
207environment variable is set), the connection to the X11 display is
208automatically forwarded to the remote side in such a way that any X11
209programs started from the shell (or command) will go through the
210encrypted channel, and the connection to the real X server will be made
211from the local machine. The user should not manually set
212.Ev DISPLAY .
213Forwarding of X11 connections can be
214configured on the command line or in configuration files.
215.Pp
216The
217.Ev DISPLAY
218value set by
219.Nm
220will point to the server machine, but with a display number greater
221than zero. This is normal, and happens because
222.Nm
223creates a
224.Dq proxy
225X server on the server machine for forwarding the
226connections over the encrypted channel.
227.Pp
228.Nm
229will also automatically set up Xauthority data on the server machine.
230For this purpose, it will generate a random authorization cookie,
231store it in Xauthority on the server, and verify that any forwarded
232connections carry this cookie and replace it by the real cookie when
233the connection is opened. The real authentication cookie is never
234sent to the server machine (and no cookies are sent in the plain).
235.Pp
236If the user is using an authentication agent, the connection to the agent
237is automatically forwarded to the remote side unless disabled on
238command line or in a configuration file.
239.Pp
240Forwarding of arbitrary TCP/IP connections over the secure channel can
241be specified either on command line or in a configuration file. One
242possible application of TCP/IP forwarding is a secure connection to an
243electronic purse; another is going trough firewalls.
244.Pp
245.Nm
246automatically maintains and checks a database containing RSA-based
247identifications for all hosts it has ever been used with. The
248database is stored in
249.Pa \&.ssh/known_hosts
250in the user's home directory. Additionally, the file
251.Pa /etc/openssh/ssh_known_hosts
252is automatically checked for known hosts. Any new hosts are
253automatically added to the user's file. If a host's identification
254ever changes,
255.Nm
256warns about this and disables password authentication to prevent a
257trojan horse from getting the user's password. Another purpose of
258this mechanism is to prevent man-in-the-middle attacks which could
259otherwise be used to circumvent the encryption. The
260.Cm StrictHostKeyChecking
261option (see below) can be used to prevent logins to machines whose
262host key is not known or has changed.
263.Sh OPTIONS
264.Bl -tag -width Ds
265.It Fl a
266Disables forwarding of the authentication agent connection. This may
267also be specified on a per-host basis in the configuration file.
268.It Fl c Ar blowfish|3des
269Selects the cipher to use for encrypting the session.
270.Ar 3des
271is used by default. It is believed to be secure.
272.Ar 3des
273(triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
274It is presumably more secure than the
275.Ar des
276cipher which is no longer supported in ssh.
277.Ar blowfish
278is a fast block cipher, it appears very secure and is much faster than
279.Ar 3des .
280.It Fl e Ar ch|^ch|none
281Sets the escape character for sessions with a pty (default:
282.Ql ~ ) .
283The escape character is only recognized at the beginning of a line. The
284escape character followed by a dot
285.Pq Ql \&.
286closes the connection, followed
287by control-Z suspends the connection, and followed by itself sends the
288escape character once. Setting the character to
289.Dq none
290disables any escapes and makes the session fully transparent.
291.It Fl f
292Requests
293.Nm
294to go to background after authentication. This is useful
295if
296.Nm
297is going to ask for passwords or passphrases, but the user
298wants it in the background. This implies
299.Fl n .
300The recommended way to start X11 programs at a remote site is with
301something like
302.Ic ssh -f host xterm .
303.It Fl i Ar identity_file
304Selects the file from which the identity (private key) for
305RSA authentication is read. Default is
306.Pa \&.ssh/identity
307in the user's home directory. Identity files may also be specified on
308a per-host basis in the configuration file. It is possible to have
309multiple
310.Fl i
311options (and multiple identities specified in
312configuration files).
313.It Fl g
314Allows remote hosts to connect to local forwarded ports.
315.It Fl k
316Disables forwarding of Kerberos tickets and AFS tokens. This may
317also be specified on a per-host basis in the configuration file.
318.It Fl l Ar login_name
319Specifies the user to log in as on the remote machine. This may also
320be specified on a per-host basis in the configuration file.
321.It Fl n
322Redirects stdin from
323.Pa /dev/null
324(actually, prevents reading from stdin).
325This must be used when
326.Nm
327is run in the background. A common trick is to use this to run X11
328programs in a remote machine. For example,
329.Ic ssh -n shadows.cs.hut.fi emacs &
330will start an emacs on shadows.cs.hut.fi, and the X11
331connection will be automatically forwarded over an encrypted channel.
332The
333.Nm
334program will be put in the background.
335(This does not work if
336.Nm
337needs to ask for a password or passphrase; see also the
338.Fl f
339option.)
340.It Fl o Ar option
341Can be used to give options in the format used in the config file.
342This is useful for specifying options for which there is no separate
343command-line flag. The option has the same format as a line in the
344configuration file.
345.It Fl p Ar port
346Port to connect to on the remote host. This can be specified on a
347per-host basis in the configuration file.
348.It Fl P
349Use a non-privileged port for outgoing connections.
350This can be used if your firewall does
351not permit connections from privileged ports.
352Note that this option turns of
353.Cm RhostsAuthentication
354and
355.Cm RhostsRSAAuthentication .
356.It Fl q
357Quiet mode. Causes all warning and diagnostic messages to be
358suppressed. Only fatal errors are displayed.
359.It Fl t
360Force pseudo-tty allocation. This can be used to execute arbitary
361screen-based programs on a remote machine, which can be very useful
362e.g. when implementing menu services.
363.It Fl v
364Verbose mode. Causes
365.Nm
366to print debugging messages about its progress. This is helpful in
367debugging connection, authentication, and configuration problems.
368The verbose mode is also used to display
369.Xr skey 1
370challenges, if the user entered "s/key" as password.
371.It Fl x
372Disables X11 forwarding. This can also be specified on a per-host
373basis in a configuration file.
374.It Fl X
375Enables X11 forwarding.
376.It Fl C
377Requests compression of all data (including stdin, stdout, stderr, and
378data for forwarded X11 and TCP/IP connections). The compression
379algorithm is the same used by gzip, and the
380.Dq level
381can be controlled by the
382.Cm CompressionLevel
383option (see below). Compression is desirable on modem lines and other
384slow connections, but will only slow down things on fast networks.
385The default value can be set on a host-by-host basis in the
386configuration files; see the
387.Cm Compress
388option below.
389.It Fl L Ar port:host:hostport
390Specifies that the given port on the local (client) host is to be
391forwarded to the given host and port on the remote side. This works
392by allocating a socket to listen to
393.Ar port
394on the local side, and whenever a connection is made to this port, the
395connection is forwarded over the secure channel, and a connection is
396made to
397.Ar host:hostport
398from the remote machine. Port forwardings can also be specified in the
399configuration file. Only root can forward privileged ports.
400.It Fl R Ar port:host:hostport
401Specifies that the given port on the remote (server) host is to be
402forwarded to the given host and port on the local side. This works
403by allocating a socket to listen to
404.Ar port
405on the remote side, and whenever a connection is made to this port, the
406connection is forwarded over the secure channel, and a connection is
407made to
408.Ar host:hostport
409from the local machine. Port forwardings can also be specified in the
410configuration file. Privileged ports can be forwarded only when
411logging in as root on the remote machine.
412.El
413.Sh CONFIGURATION FILES
414.Nm
415obtains configuration data from the following sources (in this order):
416command line options, user's configuration file
417.Pq Pa $HOME/.ssh/config ,
418and system-wide configuration file
419.Pq Pa /etc/openssh/ssh_config .
420For each parameter, the first obtained value
421will be used. The configuration files contain sections bracketed by
422"Host" specifications, and that section is only applied for hosts that
423match one of the patterns given in the specification. The matched
424host name is the one given on the command line.
425.Pp
426Since the first obtained value for each parameter is used, more
427host-specific declarations should be given near the beginning of the
428file, and general defaults at the end.
429.Pp
430The configuration file has the following format:
431.Pp
432Empty lines and lines starting with
433.Ql #
434are comments.
435.Pp
436Otherwise a line is of the format
437.Dq keyword arguments .
438The possible
439keywords and their meanings are as follows (note that the
440configuration files are case-sensitive):
441.Bl -tag -width Ds
442.It Cm Host
443Restricts the following declarations (up to the next
444.Cm Host
445keyword) to be only for those hosts that match one of the patterns
446given after the keyword.
447.Ql \&*
448and
449.Ql ?
450can be used as wildcards in the
451patterns. A single
452.Ql \&*
453as a pattern can be used to provide global
454defaults for all hosts. The host is the
455.Ar hostname
456argument given on the command line (i.e., the name is not converted to
457a canonicalized host name before matching).
458.It Cm AFSTokenPassing
459Specifies whether to pass AFS tokens to remote host. The argument to
460this keyword must be
461.Dq yes
462or
463.Dq no .
464.It Cm BatchMode
465If set to
466.Dq yes ,
467passphrase/password querying will be disabled. This
468option is useful in scripts and other batch jobs where you have no
469user to supply the password. The argument must be
470.Dq yes
471or
472.Dq no .
473.It Cm Cipher
474Specifies the cipher to use for encrypting the session. Currently,
475.Dq blowfish ,
476and
477.Dq 3des
478are supported. The default is
479.Dq 3des .
480.It Cm Compression
481Specifies whether to use compression. The argument must be
482.Dq yes
483or
484.Dq no .
485.It Cm CompressionLevel
486Specifies the compression level to use if compression is enable. The
487argument must be an integer from 1 (fast) to 9 (slow, best). The
488default level is 6, which is good for most applications. The meaning
489of the values is the same as in GNU GZIP.
490.It Cm ConnectionAttempts
491Specifies the number of tries (one per second) to make before falling
492back to rsh or exiting. The argument must be an integer. This may be
493useful in scripts if the connection sometimes fails.
494.It Cm EscapeChar
495Sets the escape character (default:
496.Ql ~ ) .
497The escape character can also
498be set on the command line. The argument should be a single
499character,
500.Ql ^
501followed by a letter, or
502.Dq none
503to disable the escape
504character entirely (making the connection transparent for binary
505data).
506.It Cm FallBackToRsh
507Specifies that if connecting via
508.Nm
509fails due to a connection refused error (there is no
510.Xr sshd 8
511listening on the remote host),
512.Xr rsh 1
513should automatically be used instead (after a suitable warning about
514the session being unencrypted). The argument must be
515.Dq yes
516or
517.Dq no .
518.It Cm ForwardAgent
519Specifies whether the connection to the authentication agent (if any)
520will be forwarded to the remote machine. The argument must be
521.Dq yes
522or
523.Dq no .
524.It Cm ForwardX11
525Specifies whether X11 connections will be automatically redirected
526over the secure channel and
527.Ev DISPLAY
528set. The argument must be
529.Dq yes
530or
531.Dq no .
532.It Cm GatewayPorts
533Specifies whether remote hosts are allowed to connect to local
534forwarded ports.
535The argument must be
536.Dq yes
537or
538.Dq no .
539The default is
540.Dq no .
541.It Cm GlobalKnownHostsFile
542Specifies a file to use instead of
543.Pa /etc/openssh/ssh_known_hosts .
544.It Cm HostName
545Specifies the real host name to log into. This can be used to specify
546nicnames or abbreviations for hosts. Default is the name given on the
547command line. Numeric IP addresses are also permitted (both on the
548command line and in
549.Cm HostName
550specifications).
551.It Cm IdentityFile
552Specifies the file from which the user's RSA authentication identity
553is read (default
554.Pa .ssh/identity
555in the user's home directory).
556Additionally, any identities represented by the authentication agent
557will be used for authentication. The file name may use the tilde
558syntax to refer to a user's home directory. It is possible to have
559multiple identity files specified in configuration files; all these
560identities will be tried in sequence.
561.It Cm KeepAlive
562Specifies whether the system should send keepalive messages to the
563other side. If they are sent, death of the connection or crash of one
564of the machines will be properly noticed. However, this means that
565connections will die if the route is down temporarily, and some people
566find it annoying.
567.Pp
568The default is
569.Dq yes
570(to send keepalives), and the client will notice
571if the network goes down or the remote host dies. This is important
572in scripts, and many users want it too.
573.Pp
574To disable keepalives, the value should be set to
575.Dq no
576in both the server and the client configuration files.
577.It Cm KerberosAuthentication
578Specifies whether Kerberos authentication will be used. The argument to
579this keyword must be
580.Dq yes
581or
582.Dq no .
583.It Cm KerberosTgtPassing
584Specifies whether a Kerberos TGT will be forwarded to the server. This
585will only work if the Kerberos server is actually an AFS kaserver. The
586argument to this keyword must be
587.Dq yes
588or
589.Dq no .
590.It Cm LocalForward
591Specifies that a TCP/IP port on the local machine be forwarded over
592the secure channel to given host:port from the remote machine. The
593first argument must be a port number, and the second must be
594host:port. Multiple forwardings may be specified, and additional
595forwardings can be given on the command line. Only the root can
596forward privileged ports.
597.It Cm PasswordAuthentication
598Specifies whether to use password authentication. The argument to
599this keyword must be
600.Dq yes
601or
602.Dq no .
603.It Cm NumberOfPasswordPrompts
604Specifies the number of password prompts before giving up. The
605argument to this keyword must be an integer. Default is 3.
606.It Cm Port
607Specifies the port number to connect on the remote host. Default is
60822.
609.It Cm ProxyCommand
610Specifies the command to use to connect to the server. The command
611string extends to the end of the line, and is executed with /bin/sh.
612In the command string, %h will be substituted by the host name to
613connect and %p by the port. The command can be basically anything,
614and should read from its stdin and write to its stdout. It should
615eventually connect an
616.Xr sshd 8
617server running on some machine, or execute
618.Ic sshd -i
619somewhere. Host key management will be done using the
620HostName of the host being connected (defaulting to the name typed by
621the user).
622.Pp
623.It Cm RemoteForward
624Specifies that a TCP/IP port on the remote machine be forwarded over
625the secure channel to given host:port from the local machine. The
626first argument must be a port number, and the second must be
627host:port. Multiple forwardings may be specified, and additional
628forwardings can be given on the command line. Only the root can
629forward privileged ports.
630.It Cm RhostsAuthentication
631Specifies whether to try rhosts based authentication. Note that this
632declaration only affects the client side and has no effect whatsoever
633on security. Disabling rhosts authentication may reduce
634authentication time on slow connections when rhosts authentication is
635not used. Most servers do not permit RhostsAuthentication because it
636is not secure (see RhostsRSAAuthentication). The argument to this
637keyword must be
638.Dq yes
639or
640.Dq no .
641.It Cm RhostsRSAAuthentication
642Specifies whether to try rhosts based authentication with RSA host
643authentication. This is the primary authentication method for most
644sites. The argument must be
645.Dq yes
646or
647.Dq no .
648.It Cm RSAAuthentication
649Specifies whether to try RSA authentication. The argument to this
650keyword must be
651.Dq yes
652or
653.Dq no .
654RSA authentication will only be
655attempted if the identity file exists, or an authentication agent is
656running.
657.It Cm CheckHostIP
658If this flag is set to
659.Dq yes ,
660ssh will additionally check the host ip address in the
661.Pa known_hosts
662file. This allows ssh to detect if a host key changed due to DNS spoofing.
663If the option is set to
664.Dq no ,
665the check will not be executed.
666.It Cm StrictHostKeyChecking
667If this flag is set to
668.Dq yes ,
669.Nm
670ssh will never automatically add host keys to the
671.Pa $HOME/.ssh/known_hosts
672file, and refuses to connect hosts whose host key has changed. This
673provides maximum protection against trojan horse attacks. However, it
674can be somewhat annoying if you don't have good
675.Pa /etc/openssh/ssh_known_hosts
676files installed and frequently
677connect new hosts. Basically this option forces the user to manually
678add any new hosts. Normally this option is disabled, and new hosts
679will automatically be added to the known host files. The host keys of
680known hosts will be verified automatically in either case. The
681argument must be
682.Dq yes
683or
684.Dq no .
685.It Cm User
686Specifies the user to log in as. This can be useful if you have a
687different user name in different machines. This saves the trouble of
688having to remember to give the user name on the command line.
689.It Cm UserKnownHostsFile
690Specifies a file to use instead of
691.Pa $HOME/.ssh/known_hosts .
692.It Cm UsePrivilegedPort
693Specifies whether to use a privileged port for outgoing connections.
694The argument must be
695.Dq yes
696or
697.Dq no .
698The default is
699.Dq yes .
700Note that setting this option to
701.Dq no
702turns of
703.Cm RhostsAuthentication
704and
705.Cm RhostsRSAAuthentication .
706.It Cm UseRsh
707Specifies that rlogin/rsh should be used for this host. It is
708possible that the host does not at all support the
709.Nm
710protocol. This causes
711.Nm
712to immediately exec
713.Xr rsh 1 .
714All other options (except
715.Cm HostName )
716are ignored if this has been specified. The argument must be
717.Dq yes
718or
719.Dq no .
720.Sh ENVIRONMENT
721.Nm
722will normally set the following environment variables:
723.Bl -tag -width Ds
724.It Ev DISPLAY
725The
726.Ev DISPLAY
727variable indicates the location of the X11 server. It is
728automatically set by
729.Nm
730to point to a value of the form
731.Dq hostname:n
732where hostname indicates
733the host where the shell runs, and n is an integer >= 1. Ssh uses
734this special value to forward X11 connections over the secure
735channel. The user should normally not set DISPLAY explicitly, as that
736will render the X11 connection insecure (and will require the user to
737manually copy any required authorization cookies).
738.It Ev HOME
739Set to the path of the user's home directory.
740.It Ev LOGNAME
741Synonym for
742.Ev USER ;
743set for compatibility with systems that use this variable.
744.It Ev MAIL
745Set to point the user's mailbox.
746.It Ev PATH
747Set to the default
748.Ev PATH ,
749as specified when compiling
750.Nm ssh .
751.It Ev SSH_AUTH_SOCK
752indicates the path of a unix-domain socket used to communicate with the
753agent.
754.It Ev SSH_CLIENT
755Identifies the client end of the connection. The variable contains
756three space-separated values: client ip-address, client port number,
757and server port number.
758.It Ev SSH_TTY
759This is set to the name of the tty (path to the device) associated
760with the current shell or command. If the current session has no tty,
761this variable is not set.
762.It Ev TZ
763The timezone variable is set to indicate the present timezone if it
764was set when the daemon was started (e.i., the daemon passes the value
765on to new connections).
766.It Ev USER
767Set to the name of the user logging in.
768.El
769.Pp
770Additionally,
771.Nm
772reads
773.Pa $HOME/.ssh/environment ,
774and adds lines of the format
775.Dq VARNAME=value
776to the environment.
777.Sh FILES
778.Bl -tag -width $HOME/.ssh/known_hosts
779.It Pa $HOME/.ssh/known_hosts
780Records host keys for all hosts the user has logged into (that are not
781in
782.Pa /etc/openssh/ssh_known_hosts ) .
783See
784.Xr sshd 8 .
785.It Pa $HOME/.ssh/random_seed
786Used for seeding the random number generator. This file contains
787sensitive data and should read/write for the user and not accessible
788for others. This file is created the first time the program is run
789and updated automatically. The user should never need to read or
790modify this file.
791.It Pa $HOME/.ssh/identity
792Contains the RSA authentication identity of the user. This file
793contains sensitive data and should be readable by the user but not
794accessible by others (read/write/execute).
795Note that
796.Nm
797ignores this file if it is accessible by others.
798It is possible to specify a passphrase when
799generating the key; the passphrase will be used to encrypt the
800sensitive part of this file using 3DES.
801.It Pa $HOME/.ssh/identity.pub
802Contains the public key for authentication (public part of the
803identity file in human-readable form). The contents of this file
804should be added to
805.Pa $HOME/.ssh/authorized_keys
806on all machines
807where you wish to log in using RSA authentication. This file is not
808sensitive and can (but need not) be readable by anyone. This file is
809never used automatically and is not necessary; it is only provided for
810the convenience of the user.
811.It Pa $HOME/.ssh/config
812This is the per-user configuration file. The format of this file is
813described above. This file is used by the
814.Nm
815client. This file does not usually contain any sensitive information,
816but the recommended permissions are read/write for the user, and not
817accessible by others.
818.It Pa $HOME/.ssh/authorized_keys
819Lists the RSA keys that can be used for logging in as this user. The
820format of this file is described in the
821.Xr sshd 8
822manual page. In the simplest form the format is the same as the .pub
823identity files (that is, each line contains the number of bits in
824modulus, public exponent, modulus, and comment fields, separated by
825spaces). This file is not highly sensitive, but the recommended
826permissions are read/write for the user, and not accessible by others.
827.It Pa /etc/openssh/ssh_known_hosts
828Systemwide list of known host keys. This file should be prepared by the
829system administrator to contain the public host keys of all machines in the
830organization. This file should be world-readable. This file contains
831public keys, one per line, in the following format (fields separated
832by spaces): system name, number of bits in modulus, public exponent,
833modulus, and optional comment field. When different names are used
834for the same machine, all such names should be listed, separated by
835commas. The format is described on the
836.Xr sshd 8
837manual page.
838.Pp
839The canonical system name (as returned by name servers) is used by
840.Xr sshd 8
841to verify the client host when logging in; other names are needed because
842.Nm
843does not convert the user-supplied name to a canonical name before
844checking the key, because someone with access to the name servers
845would then be able to fool host authentication.
846.It Pa /etc/openssh/ssh_config
847Systemwide configuration file. This file provides defaults for those
848values that are not specified in the user's configuration file, and
849for those users who do not have a configuration file. This file must
850be world-readable.
851.It Pa $HOME/.rhosts
852This file is used in
853.Pa \&.rhosts
854authentication to list the
855host/user pairs that are permitted to log in. (Note that this file is
856also used by rlogin and rsh, which makes using this file insecure.)
857Each line of the file contains a host name (in the canonical form
858returned by name servers), and then a user name on that host,
859separated by a space. One some machines this file may need to be
860world-readable if the user's home directory is on a NFS partition,
861because
862.Xr sshd 8
863reads it as root. Additionally, this file must be owned by the user,
864and must not have write permissions for anyone else. The recommended
865permission for most machines is read/write for the user, and not
866accessible by others.
867.Pp
868Note that by default
869.Xr sshd 8
870will be installed so that it requires successful RSA host
871authentication before permitting \s+2.\s0rhosts authentication. If your
872server machine does not have the client's host key in
873.Pa /etc/openssh/ssh_known_hosts ,
874you can store it in
875.Pa $HOME/.ssh/known_hosts .
876The easiest way to do this is to
877connect back to the client from the server machine using ssh; this
878will automatically add the host key inxi
879.Pa $HOME/.ssh/known_hosts .
880.It Pa $HOME/.shosts
881This file is used exactly the same way as
882.Pa \&.rhosts .
883The purpose for
884having this file is to be able to use rhosts authentication with
885.Nm
886without permitting login with
887.Xr rlogin 1
888or
889.Xr rsh 1 .
890.It Pa /etc/hosts.equiv
891This file is used during
892.Pa \&.rhosts authentication. It contains
893canonical hosts names, one per line (the full format is described on
894the
895.Xr sshd 8
896manual page). If the client host is found in this file, login is
897automatically permitted provided client and server user names are the
898same. Additionally, successful RSA host authentication is normally
899required. This file should only be writable by root.
900.It Pa /etc/openssh/shosts.equiv
901This file is processed exactly as
902.Pa /etc/hosts.equiv .
903This file may be useful to permit logins using
904.Nm
905but not using rsh/rlogin.
906.It Pa /etc/openssh/sshrc
907Commands in this file are executed by
908.Nm
909when the user logs in just before the user's shell (or command) is started.
910See the
911.Xr sshd 8
912manual page for more information.
913.It Pa $HOME/.ssh/rc
914Commands in this file are executed by
915.Nm
916when the user logs in just before the user's shell (or command) is
917started.
918See the
919.Xr sshd 8
920manual page for more information.
921.It Pa libcrypto.so.X.1
922A version of this library which includes support for the RSA algorithm
923is required for proper operation.
924.Sh AUTHOR
925Tatu Ylonen <ylo@cs.hut.fi>
926.Pp
927Issues can be found from the SSH WWW home page:
928.Pp
929.Dl http://www.cs.hut.fi/ssh
930.Pp
931OpenSSH
932is a derivative of the original (free) ssh 1.2.12 release, but with bugs
933removed and newer features re-added. Rapidly after the 1.2.12 release,
934newer versions bore successively more restrictive licenses. This version
935of OpenSSH
936.Bl -bullet
937.It
938has all components of a restrictive nature (ie. patents, see
939.Xr ssl 8 )
940directly removed from the source code; any licensed or patented components
941are chosen from
942external libraries.
943.It
944has been updated to support ssh protocol 1.5.
945.It
946contains added support for
947.Xr kerberos 8
948authentication and ticket passing.
949.It
950supports one-time password authentication with
951.Xr skey 1 .
952.El
953.Pp
954The libraries described in
955.Xr ssl 8
956are required for proper operation.
957.Sh SEE ALSO
958.Xr rlogin 1 ,
959.Xr rsh 1 ,
960.Xr scp 1 ,
961.Xr ssh-add 1 ,
962.Xr ssh-agent 1 ,
963.Xr ssh-keygen 1 ,
964.Xr telnet 1 ,
965.Xr sshd 8 ,
966.Xr ssl 8