diff options
Diffstat (limited to 'ssh.0')
| -rw-r--r-- | ssh.0 | 47 |
1 files changed, 29 insertions, 18 deletions
| @@ -1,7 +1,7 @@ | |||
| 1 | SSH(1) General Commands Manual SSH(1) | 1 | SSH(1) General Commands Manual SSH(1) |
| 2 | 2 | ||
| 3 | NAME | 3 | NAME |
| 4 | ssh M-bM-^@M-^S OpenSSH SSH client (remote login program) | 4 | ssh M-bM-^@M-^S OpenSSH remote login client |
| 5 | 5 | ||
| 6 | SYNOPSIS | 6 | SYNOPSIS |
| 7 | ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] | 7 | ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] |
| @@ -33,9 +33,9 @@ DESCRIPTION | |||
| 33 | 33 | ||
| 34 | -6 Forces ssh to use IPv6 addresses only. | 34 | -6 Forces ssh to use IPv6 addresses only. |
| 35 | 35 | ||
| 36 | -A Enables forwarding of the authentication agent connection. This | 36 | -A Enables forwarding of connections from an authentication agent |
| 37 | can also be specified on a per-host basis in a configuration | 37 | such as ssh-agent(1). This can also be specified on a per-host |
| 38 | file. | 38 | basis in a configuration file. |
| 39 | 39 | ||
| 40 | Agent forwarding should be enabled with caution. Users with the | 40 | Agent forwarding should be enabled with caution. Users with the |
| 41 | ability to bypass file permissions on the remote host (for the | 41 | ability to bypass file permissions on the remote host (for the |
| @@ -43,7 +43,8 @@ DESCRIPTION | |||
| 43 | the forwarded connection. An attacker cannot obtain key material | 43 | the forwarded connection. An attacker cannot obtain key material |
| 44 | from the agent, however they can perform operations on the keys | 44 | from the agent, however they can perform operations on the keys |
| 45 | that enable them to authenticate using the identities loaded into | 45 | that enable them to authenticate using the identities loaded into |
| 46 | the agent. | 46 | the agent. A safer alternative may be to use a jump host (see |
| 47 | -J). | ||
| 47 | 48 | ||
| 48 | -a Disables forwarding of the authentication agent connection. | 49 | -a Disables forwarding of the authentication agent connection. |
| 49 | 50 | ||
| @@ -135,14 +136,14 @@ DESCRIPTION | |||
| 135 | -i identity_file | 136 | -i identity_file |
| 136 | Selects a file from which the identity (private key) for public | 137 | Selects a file from which the identity (private key) for public |
| 137 | key authentication is read. The default is ~/.ssh/id_dsa, | 138 | key authentication is read. The default is ~/.ssh/id_dsa, |
| 138 | ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa. Identity | 139 | ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, |
| 139 | files may also be specified on a per-host basis in the | 140 | ~/.ssh/id_ed25519_sk and ~/.ssh/id_rsa. Identity files may also |
| 140 | configuration file. It is possible to have multiple -i options | 141 | be specified on a per-host basis in the configuration file. It |
| 141 | (and multiple identities specified in configuration files). If | 142 | is possible to have multiple -i options (and multiple identities |
| 142 | no certificates have been explicitly specified by the | 143 | specified in configuration files). If no certificates have been |
| 143 | CertificateFile directive, ssh will also try to load certificate | 144 | explicitly specified by the CertificateFile directive, ssh will |
| 144 | information from the filename obtained by appending -cert.pub to | 145 | also try to load certificate information from the filename |
| 145 | identity filenames. | 146 | obtained by appending -cert.pub to identity filenames. |
| 146 | 147 | ||
| 147 | -J destination | 148 | -J destination |
| 148 | Connect to the target host by first making a ssh connection to | 149 | Connect to the target host by first making a ssh connection to |
| @@ -329,8 +330,11 @@ DESCRIPTION | |||
| 329 | for use with the -Q flag), mac (supported message integrity | 330 | for use with the -Q flag), mac (supported message integrity |
| 330 | codes), kex (key exchange algorithms), key (key types), key-cert | 331 | codes), kex (key exchange algorithms), key (key types), key-cert |
| 331 | (certificate key types), key-plain (non-certificate key types), | 332 | (certificate key types), key-plain (non-certificate key types), |
| 333 | key-sig (all key types and signature algorithms), | ||
| 332 | protocol-version (supported SSH protocol versions), and sig | 334 | protocol-version (supported SSH protocol versions), and sig |
| 333 | (supported signature algorithms). | 335 | (supported signature algorithms). Alternatively, any keyword |
| 336 | from ssh_config(5) or sshd_config(5) that takes an algorithm list | ||
| 337 | may be used as an alias for the corresponding query_option. | ||
| 334 | 338 | ||
| 335 | -q Quiet mode. Causes most warning and diagnostic messages to be | 339 | -q Quiet mode. Causes most warning and diagnostic messages to be |
| 336 | suppressed. | 340 | suppressed. |
| @@ -491,9 +495,12 @@ AUTHENTICATION | |||
| 491 | 495 | ||
| 492 | The user creates his/her key pair by running ssh-keygen(1). This stores | 496 | The user creates his/her key pair by running ssh-keygen(1). This stores |
| 493 | the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA), | 497 | the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA), |
| 494 | ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa (RSA) and stores the public | 498 | ~/.ssh/id_ecdsa_sk (authenticator-hosted ECDSA), ~/.ssh/id_ed25519 |
| 495 | key in ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA), | 499 | (Ed25519), ~/.ssh/id_ed25519_sk (authenticator-hosted Ed25519), or |
| 496 | ~/.ssh/id_ed25519.pub (Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's | 500 | ~/.ssh/id_rsa (RSA) and stores the public key in ~/.ssh/id_dsa.pub (DSA), |
| 501 | ~/.ssh/id_ecdsa.pub (ECDSA), ~/.ssh/id_ecdsa_sk.pub (authenticator-hosted | ||
| 502 | ECDSA), ~/.ssh/id_ed25519.pub (Ed25519), ~/.ssh/id_ed25519_sk.pub | ||
| 503 | (authenticator-hosted Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's | ||
| 497 | home directory. The user should then copy the public key to | 504 | home directory. The user should then copy the public key to |
| 498 | ~/.ssh/authorized_keys in his/her home directory on the remote machine. | 505 | ~/.ssh/authorized_keys in his/her home directory on the remote machine. |
| 499 | The authorized_keys file corresponds to the conventional ~/.rhosts file, | 506 | The authorized_keys file corresponds to the conventional ~/.rhosts file, |
| @@ -858,7 +865,9 @@ FILES | |||
| 858 | 865 | ||
| 859 | ~/.ssh/id_dsa | 866 | ~/.ssh/id_dsa |
| 860 | ~/.ssh/id_ecdsa | 867 | ~/.ssh/id_ecdsa |
| 868 | ~/.ssh/id_ecdsa_sk | ||
| 861 | ~/.ssh/id_ed25519 | 869 | ~/.ssh/id_ed25519 |
| 870 | ~/.ssh/id_ed25519_sk | ||
| 862 | ~/.ssh/id_rsa | 871 | ~/.ssh/id_rsa |
| 863 | Contains the private key for authentication. These files contain | 872 | Contains the private key for authentication. These files contain |
| 864 | sensitive data and should be readable by the user but not | 873 | sensitive data and should be readable by the user but not |
| @@ -870,7 +879,9 @@ FILES | |||
| 870 | 879 | ||
| 871 | ~/.ssh/id_dsa.pub | 880 | ~/.ssh/id_dsa.pub |
| 872 | ~/.ssh/id_ecdsa.pub | 881 | ~/.ssh/id_ecdsa.pub |
| 882 | ~/.ssh/id_ecdsa_sk.pub | ||
| 873 | ~/.ssh/id_ed25519.pub | 883 | ~/.ssh/id_ed25519.pub |
| 884 | ~/.ssh/id_ed25519_sk.pub | ||
| 874 | ~/.ssh/id_rsa.pub | 885 | ~/.ssh/id_rsa.pub |
| 875 | Contains the public key for authentication. These files are not | 886 | Contains the public key for authentication. These files are not |
| 876 | sensitive and can (but need not) be readable by anyone. | 887 | sensitive and can (but need not) be readable by anyone. |
| @@ -977,4 +988,4 @@ AUTHORS | |||
| 977 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 988 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
| 978 | versions 1.5 and 2.0. | 989 | versions 1.5 and 2.0. |
| 979 | 990 | ||
| 980 | OpenBSD 6.6 June 12, 2019 OpenBSD 6.6 | 991 | OpenBSD 6.6 February 7, 2020 OpenBSD 6.6 |