diff options
Diffstat (limited to 'ssh.0')
-rw-r--r-- | ssh.0 | 51 |
1 files changed, 30 insertions, 21 deletions
@@ -354,9 +354,9 @@ DESCRIPTION | |||
354 | applications (eg. sftp(1)). The subsystem is specified as the | 354 | applications (eg. sftp(1)). The subsystem is specified as the |
355 | remote command. | 355 | remote command. |
356 | 356 | ||
357 | -T Disable pseudo-tty allocation. | 357 | -T Disable pseudo-terminal allocation. |
358 | 358 | ||
359 | -t Force pseudo-tty allocation. This can be used to execute | 359 | -t Force pseudo-terminal allocation. This can be used to execute |
360 | arbitrary screen-based programs on a remote machine, which can be | 360 | arbitrary screen-based programs on a remote machine, which can be |
361 | very useful, e.g. when implementing menu services. Multiple -t | 361 | very useful, e.g. when implementing menu services. Multiple -t |
362 | options force tty allocation, even if ssh has no local tty. | 362 | options force tty allocation, even if ssh has no local tty. |
@@ -510,17 +510,22 @@ AUTHENTICATION | |||
510 | whose host key is not known or has changed. | 510 | whose host key is not known or has changed. |
511 | 511 | ||
512 | When the user's identity has been accepted by the server, the server | 512 | When the user's identity has been accepted by the server, the server |
513 | either executes the given command, or logs into the machine and gives the | 513 | either executes the given command in a non-interactive session or, if no |
514 | user a normal shell on the remote machine. All communication with the | 514 | command has been specified, logs into the machine and gives the user a |
515 | normal shell as an interactive session. All communication with the | ||
515 | remote command or shell will be automatically encrypted. | 516 | remote command or shell will be automatically encrypted. |
516 | 517 | ||
517 | If a pseudo-terminal has been allocated (normal login session), the user | 518 | If an interactive session is requested ssh by default will only request a |
518 | may use the escape characters noted below. | 519 | pseudo-terminal (pty) for interactive sessions when the client has one. |
520 | The flags -T and -t can be used to override this behaviour. | ||
519 | 521 | ||
520 | If no pseudo-tty has been allocated, the session is transparent and can | 522 | If a pseudo-terminal has been allocated the user may use the escape |
521 | be used to reliably transfer binary data. On most systems, setting the | 523 | characters noted below. |
522 | escape character to M-bM-^@M-^\noneM-bM-^@M-^] will also make the session transparent even if | 524 | |
523 | a tty is used. | 525 | If no pseudo-terminal has been allocated, the session is transparent and |
526 | can be used to reliably transfer binary data. On most systems, setting | ||
527 | the escape character to M-bM-^@M-^\noneM-bM-^@M-^] will also make the session transparent | ||
528 | even if a tty is used. | ||
524 | 529 | ||
525 | The session terminates when the command or shell on the remote machine | 530 | The session terminates when the command or shell on the remote machine |
526 | exits and all X11 and TCP connections have been closed. | 531 | exits and all X11 and TCP connections have been closed. |
@@ -638,16 +643,20 @@ VERIFYING HOST KEYS | |||
638 | $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key | 643 | $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key |
639 | 644 | ||
640 | If the fingerprint is already known, it can be matched and the key can be | 645 | If the fingerprint is already known, it can be matched and the key can be |
641 | accepted or rejected. Because of the difficulty of comparing host keys | 646 | accepted or rejected. If only legacy (MD5) fingerprints for the server |
642 | just by looking at fingerprint strings, there is also support to compare | 647 | are available, the ssh-keygen(1) -E option may be used to downgrade the |
643 | host keys visually, using random art. By setting the VisualHostKey | 648 | fingerprint algorithm to match. |
644 | option to M-bM-^@M-^\yesM-bM-^@M-^], a small ASCII graphic gets displayed on every login to a | 649 | |
645 | server, no matter if the session itself is interactive or not. By | 650 | Because of the difficulty of comparing host keys just by looking at |
646 | learning the pattern a known server produces, a user can easily find out | 651 | fingerprint strings, there is also support to compare host keys visually, |
647 | that the host key has changed when a completely different pattern is | 652 | using random art. By setting the VisualHostKey option to M-bM-^@M-^\yesM-bM-^@M-^], a small |
648 | displayed. Because these patterns are not unambiguous however, a pattern | 653 | ASCII graphic gets displayed on every login to a server, no matter if the |
649 | that looks similar to the pattern remembered only gives a good | 654 | session itself is interactive or not. By learning the pattern a known |
650 | probability that the host key is the same, not guaranteed proof. | 655 | server produces, a user can easily find out that the host key has changed |
656 | when a completely different pattern is displayed. Because these patterns | ||
657 | are not unambiguous however, a pattern that looks similar to the pattern | ||
658 | remembered only gives a good probability that the host key is the same, | ||
659 | not guaranteed proof. | ||
651 | 660 | ||
652 | To get a listing of the fingerprints along with their random art for all | 661 | To get a listing of the fingerprints along with their random art for all |
653 | known hosts, the following command line can be used: | 662 | known hosts, the following command line can be used: |
@@ -948,4 +957,4 @@ AUTHORS | |||
948 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 957 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
949 | versions 1.5 and 2.0. | 958 | versions 1.5 and 2.0. |
950 | 959 | ||
951 | OpenBSD 5.7 March 3, 2015 OpenBSD 5.7 | 960 | OpenBSD 5.7 May 22, 2015 OpenBSD 5.7 |