diff options
Diffstat (limited to 'ssh.0')
-rw-r--r-- | ssh.0 | 65 |
1 files changed, 38 insertions, 27 deletions
@@ -9,9 +9,9 @@ SYNOPSIS | |||
9 | [-F configfile] [-I pkcs11] [-i identity_file] | 9 | [-F configfile] [-I pkcs11] [-i identity_file] |
10 | [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] | 10 | [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] |
11 | [-O ctl_cmd] [-o option] [-p port] | 11 | [-O ctl_cmd] [-o option] [-p port] |
12 | [-Q cipher | cipher-auth | mac | kex | key] | ||
12 | [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] | 13 | [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] |
13 | [-w local_tun[:remote_tun]] [user@]hostname [command] | 14 | [-w local_tun[:remote_tun]] [user@]hostname [command] |
14 | ssh -Q protocol_feature | ||
15 | 15 | ||
16 | DESCRIPTION | 16 | DESCRIPTION |
17 | ssh (SSH client) is a program for logging into a remote machine and for | 17 | ssh (SSH client) is a program for logging into a remote machine and for |
@@ -142,13 +142,13 @@ DESCRIPTION | |||
142 | -i identity_file | 142 | -i identity_file |
143 | Selects a file from which the identity (private key) for public | 143 | Selects a file from which the identity (private key) for public |
144 | key authentication is read. The default is ~/.ssh/identity for | 144 | key authentication is read. The default is ~/.ssh/identity for |
145 | protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and | 145 | protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, |
146 | ~/.ssh/id_rsa for protocol version 2. Identity files may also be | 146 | ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. |
147 | specified on a per-host basis in the configuration file. It is | 147 | Identity files may also be specified on a per-host basis in the |
148 | possible to have multiple -i options (and multiple identities | 148 | configuration file. It is possible to have multiple -i options |
149 | specified in configuration files). ssh will also try to load | 149 | (and multiple identities specified in configuration files). ssh |
150 | certificate information from the filename obtained by appending | 150 | will also try to load certificate information from the filename |
151 | -cert.pub to identity filenames. | 151 | obtained by appending -cert.pub to identity filenames. |
152 | 152 | ||
153 | -K Enables GSSAPI-based authentication and forwarding (delegation) | 153 | -K Enables GSSAPI-based authentication and forwarding (delegation) |
154 | of GSSAPI credentials to the server. | 154 | of GSSAPI credentials to the server. |
@@ -222,6 +222,11 @@ DESCRIPTION | |||
222 | AddressFamily | 222 | AddressFamily |
223 | BatchMode | 223 | BatchMode |
224 | BindAddress | 224 | BindAddress |
225 | CanonicalDomains | ||
226 | CanonicalizeFallbackLocal | ||
227 | CanonicalizeHostname | ||
228 | CanonicalizeMaxDots | ||
229 | CanonicalizePermittedCNAMEs | ||
225 | ChallengeResponseAuthentication | 230 | ChallengeResponseAuthentication |
226 | CheckHostIP | 231 | CheckHostIP |
227 | Cipher | 232 | Cipher |
@@ -261,6 +266,7 @@ DESCRIPTION | |||
261 | LocalForward | 266 | LocalForward |
262 | LogLevel | 267 | LogLevel |
263 | MACs | 268 | MACs |
269 | Match | ||
264 | NoHostAuthenticationForLocalhost | 270 | NoHostAuthenticationForLocalhost |
265 | NumberOfPasswordPrompts | 271 | NumberOfPasswordPrompts |
266 | PasswordAuthentication | 272 | PasswordAuthentication |
@@ -270,6 +276,7 @@ DESCRIPTION | |||
270 | PreferredAuthentications | 276 | PreferredAuthentications |
271 | Protocol | 277 | Protocol |
272 | ProxyCommand | 278 | ProxyCommand |
279 | ProxyUseFdpass | ||
273 | PubkeyAuthentication | 280 | PubkeyAuthentication |
274 | RekeyLimit | 281 | RekeyLimit |
275 | RemoteForward | 282 | RemoteForward |
@@ -294,13 +301,12 @@ DESCRIPTION | |||
294 | Port to connect to on the remote host. This can be specified on | 301 | Port to connect to on the remote host. This can be specified on |
295 | a per-host basis in the configuration file. | 302 | a per-host basis in the configuration file. |
296 | 303 | ||
297 | -Q protocol_feature | 304 | -Q cipher | cipher-auth | mac | kex | key |
298 | Queries ssh for the algorithms supported for the specified | 305 | Queries ssh for the algorithms supported for the specified |
299 | version 2 protocol_feature. The queriable features are: | 306 | version 2. The available features are: cipher (supported |
300 | ``cipher'' (supported symmetric ciphers), ``MAC'' (supported | 307 | symmetric ciphers), cipher-auth (supported symmetric ciphers that |
301 | message integrity codes), ``KEX'' (key exchange algorithms), | 308 | support authenticated encryption), mac (supported message |
302 | ``key'' (key types). Protocol features are treated case- | 309 | integrity codes), kex (key exchange algorithms), key (key types). |
303 | insensitively. | ||
304 | 310 | ||
305 | -q Quiet mode. Causes most warning and diagnostic messages to be | 311 | -q Quiet mode. Causes most warning and diagnostic messages to be |
306 | suppressed. | 312 | suppressed. |
@@ -440,9 +446,10 @@ AUTHENTICATION | |||
440 | creates a public/private key pair for authentication purposes. The | 446 | creates a public/private key pair for authentication purposes. The |
441 | server knows the public key, and only the user knows the private key. | 447 | server knows the public key, and only the user knows the private key. |
442 | ssh implements public key authentication protocol automatically, using | 448 | ssh implements public key authentication protocol automatically, using |
443 | one of the DSA, ECDSA or RSA algorithms. Protocol 1 is restricted to | 449 | one of the DSA, ECDSA, ED25519 or RSA algorithms. Protocol 1 is |
444 | using only RSA keys, but protocol 2 may use any. The HISTORY section of | 450 | restricted to using only RSA keys, but protocol 2 may use any. The |
445 | ssl(8) contains a brief discussion of the DSA and RSA algorithms. | 451 | HISTORY section of ssl(8) contains a brief discussion of the DSA and RSA |
452 | algorithms. | ||
446 | 453 | ||
447 | The file ~/.ssh/authorized_keys lists the public keys that are permitted | 454 | The file ~/.ssh/authorized_keys lists the public keys that are permitted |
448 | for logging in. When the user logs in, the ssh program tells the server | 455 | for logging in. When the user logs in, the ssh program tells the server |
@@ -452,10 +459,11 @@ AUTHENTICATION | |||
452 | 459 | ||
453 | The user creates his/her key pair by running ssh-keygen(1). This stores | 460 | The user creates his/her key pair by running ssh-keygen(1). This stores |
454 | the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol | 461 | the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol |
455 | 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), or ~/.ssh/id_rsa (protocol 2 | 462 | 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), ~/.ssh/id_ed25519 (protocol 2 |
456 | RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1), | 463 | ED25519), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in |
457 | ~/.ssh/id_dsa.pub (protocol 2 DSA), ~/.ssh/id_ecdsa.pub (protocol 2 | 464 | ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), |
458 | ECDSA), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home | 465 | ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), ~/.ssh/id_ed25519.pub (protocol 2 |
466 | ED25519), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home | ||
459 | directory. The user should then copy the public key to | 467 | directory. The user should then copy the public key to |
460 | ~/.ssh/authorized_keys in his/her home directory on the remote machine. | 468 | ~/.ssh/authorized_keys in his/her home directory on the remote machine. |
461 | The authorized_keys file corresponds to the conventional ~/.rhosts file, | 469 | The authorized_keys file corresponds to the conventional ~/.rhosts file, |
@@ -791,11 +799,11 @@ FILES | |||
791 | for the user, and not accessible by others. | 799 | for the user, and not accessible by others. |
792 | 800 | ||
793 | ~/.ssh/authorized_keys | 801 | ~/.ssh/authorized_keys |
794 | Lists the public keys (DSA/ECDSA/RSA) that can be used for | 802 | Lists the public keys (DSA, ECDSA, ED25519, RSA) that can be used |
795 | logging in as this user. The format of this file is described in | 803 | for logging in as this user. The format of this file is |
796 | the sshd(8) manual page. This file is not highly sensitive, but | 804 | described in the sshd(8) manual page. This file is not highly |
797 | the recommended permissions are read/write for the user, and not | 805 | sensitive, but the recommended permissions are read/write for the |
798 | accessible by others. | 806 | user, and not accessible by others. |
799 | 807 | ||
800 | ~/.ssh/config | 808 | ~/.ssh/config |
801 | This is the per-user configuration file. The file format and | 809 | This is the per-user configuration file. The file format and |
@@ -810,6 +818,7 @@ FILES | |||
810 | ~/.ssh/identity | 818 | ~/.ssh/identity |
811 | ~/.ssh/id_dsa | 819 | ~/.ssh/id_dsa |
812 | ~/.ssh/id_ecdsa | 820 | ~/.ssh/id_ecdsa |
821 | ~/.ssh/id_ed25519 | ||
813 | ~/.ssh/id_rsa | 822 | ~/.ssh/id_rsa |
814 | Contains the private key for authentication. These files contain | 823 | Contains the private key for authentication. These files contain |
815 | sensitive data and should be readable by the user but not | 824 | sensitive data and should be readable by the user but not |
@@ -822,6 +831,7 @@ FILES | |||
822 | ~/.ssh/identity.pub | 831 | ~/.ssh/identity.pub |
823 | ~/.ssh/id_dsa.pub | 832 | ~/.ssh/id_dsa.pub |
824 | ~/.ssh/id_ecdsa.pub | 833 | ~/.ssh/id_ecdsa.pub |
834 | ~/.ssh/id_ed25519.pub | ||
825 | ~/.ssh/id_rsa.pub | 835 | ~/.ssh/id_rsa.pub |
826 | Contains the public key for authentication. These files are not | 836 | Contains the public key for authentication. These files are not |
827 | sensitive and can (but need not) be readable by anyone. | 837 | sensitive and can (but need not) be readable by anyone. |
@@ -853,6 +863,7 @@ FILES | |||
853 | /etc/ssh/ssh_host_key | 863 | /etc/ssh/ssh_host_key |
854 | /etc/ssh/ssh_host_dsa_key | 864 | /etc/ssh/ssh_host_dsa_key |
855 | /etc/ssh/ssh_host_ecdsa_key | 865 | /etc/ssh/ssh_host_ecdsa_key |
866 | /etc/ssh/ssh_host_ed25519_key | ||
856 | /etc/ssh/ssh_host_rsa_key | 867 | /etc/ssh/ssh_host_rsa_key |
857 | These files contain the private parts of the host keys and are | 868 | These files contain the private parts of the host keys and are |
858 | used for host-based authentication. If protocol version 1 is | 869 | used for host-based authentication. If protocol version 1 is |
@@ -932,4 +943,4 @@ AUTHORS | |||
932 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 943 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
933 | versions 1.5 and 2.0. | 944 | versions 1.5 and 2.0. |
934 | 945 | ||
935 | OpenBSD 5.4 July 18, 2013 OpenBSD 5.4 | 946 | OpenBSD 5.4 December 7, 2013 OpenBSD 5.4 |