diff options
Diffstat (limited to 'ssh.0')
-rw-r--r-- | ssh.0 | 70 |
1 files changed, 41 insertions, 29 deletions
@@ -6,12 +6,11 @@ NAME | |||
6 | SYNOPSIS | 6 | SYNOPSIS |
7 | ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] | 7 | ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] |
8 | [-D [bind_address:]port] [-E log_file] [-e escape_char] | 8 | [-D [bind_address:]port] [-E log_file] [-e escape_char] |
9 | [-F configfile] [-I pkcs11] [-i identity_file] | 9 | [-F configfile] [-I pkcs11] [-i identity_file] [-L address] |
10 | [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] | 10 | [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] |
11 | [-O ctl_cmd] [-o option] [-p port] | ||
12 | [-Q cipher | cipher-auth | mac | kex | key | protocol-version] | 11 | [-Q cipher | cipher-auth | mac | kex | key | protocol-version] |
13 | [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] | 12 | [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] |
14 | [-w local_tun[:remote_tun]] [user@]hostname [command] | 13 | [user@]hostname [command] |
15 | 14 | ||
16 | DESCRIPTION | 15 | DESCRIPTION |
17 | ssh (SSH client) is a program for logging into a remote machine and for | 16 | ssh (SSH client) is a program for logging into a remote machine and for |
@@ -156,22 +155,29 @@ DESCRIPTION | |||
156 | server. | 155 | server. |
157 | 156 | ||
158 | -L [bind_address:]port:host:hostport | 157 | -L [bind_address:]port:host:hostport |
159 | Specifies that the given port on the local (client) host is to be | 158 | -L [bind_address:]port:remote_socket |
160 | forwarded to the given host and port on the remote side. This | 159 | -L local_socket:host:hostport |
161 | works by allocating a socket to listen to port on the local side, | 160 | -L local_socket:remote_socket |
162 | optionally bound to the specified bind_address. Whenever a | 161 | Specifies that connections to the given TCP port or Unix socket |
163 | connection is made to this port, the connection is forwarded over | 162 | on the local (client) host are to be forwarded to the given host |
164 | the secure channel, and a connection is made to host port | 163 | and port, or Unix socket, on the remote side. This works by |
165 | hostport from the remote machine. Port forwardings can also be | 164 | allocating a socket to listen to either a TCP port on the local |
166 | specified in the configuration file. IPv6 addresses can be | 165 | side, optionally bound to the specified bind_address, or to a |
167 | specified by enclosing the address in square brackets. Only the | 166 | Unix socket. Whenever a connection is made to the local port or |
168 | superuser can forward privileged ports. By default, the local | 167 | socket, the connection is forwarded over the secure channel, and |
169 | port is bound in accordance with the GatewayPorts setting. | 168 | a connection is made to either host port hostport, or the Unix |
170 | However, an explicit bind_address may be used to bind the | 169 | socket remote_socket, from the remote machine. |
171 | connection to a specific address. The bind_address of | 170 | |
172 | M-bM-^@M-^\localhostM-bM-^@M-^] indicates that the listening port be bound for local | 171 | Port forwardings can also be specified in the configuration file. |
173 | use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates that the port | 172 | Only the superuser can forward privileged ports. IPv6 addresses |
174 | should be available from all interfaces. | 173 | can be specified by enclosing the address in square brackets. |
174 | |||
175 | By default, the local port is bound in accordance with the | ||
176 | GatewayPorts setting. However, an explicit bind_address may be | ||
177 | used to bind the connection to a specific address. The | ||
178 | bind_address of M-bM-^@M-^\localhostM-bM-^@M-^] indicates that the listening port be | ||
179 | bound for local use only, while an empty address or M-bM-^@M-^X*M-bM-^@M-^Y indicates | ||
180 | that the port should be available from all interfaces. | ||
175 | 181 | ||
176 | -l login_name | 182 | -l login_name |
177 | Specifies the user to log in as on the remote machine. This also | 183 | Specifies the user to log in as on the remote machine. This also |
@@ -278,6 +284,7 @@ DESCRIPTION | |||
278 | Protocol | 284 | Protocol |
279 | ProxyCommand | 285 | ProxyCommand |
280 | ProxyUseFdpass | 286 | ProxyUseFdpass |
287 | PubkeyAcceptedKeyTypes | ||
281 | PubkeyAuthentication | 288 | PubkeyAuthentication |
282 | RekeyLimit | 289 | RekeyLimit |
283 | RemoteForward | 290 | RemoteForward |
@@ -317,19 +324,24 @@ DESCRIPTION | |||
317 | suppressed. | 324 | suppressed. |
318 | 325 | ||
319 | -R [bind_address:]port:host:hostport | 326 | -R [bind_address:]port:host:hostport |
320 | Specifies that the given port on the remote (server) host is to | 327 | -R [bind_address:]port:local_socket |
321 | be forwarded to the given host and port on the local side. This | 328 | -R remote_socket:host:hostport |
322 | works by allocating a socket to listen to port on the remote | 329 | -R remote_socket:local_socket |
323 | side, and whenever a connection is made to this port, the | 330 | Specifies that connections to the given TCP port or Unix socket |
324 | connection is forwarded over the secure channel, and a connection | 331 | on the remote (server) host are to be forwarded to the given host |
325 | is made to host port hostport from the local machine. | 332 | and port, or Unix socket, on the local side. This works by |
333 | allocating a socket to listen to either a TCP port or to a Unix | ||
334 | socket on the remote side. Whenever a connection is made to this | ||
335 | port or Unix socket, the connection is forwarded over the secure | ||
336 | channel, and a connection is made to either host port hostport, | ||
337 | or local_socket, from the local machine. | ||
326 | 338 | ||
327 | Port forwardings can also be specified in the configuration file. | 339 | Port forwardings can also be specified in the configuration file. |
328 | Privileged ports can be forwarded only when logging in as root on | 340 | Privileged ports can be forwarded only when logging in as root on |
329 | the remote machine. IPv6 addresses can be specified by enclosing | 341 | the remote machine. IPv6 addresses can be specified by enclosing |
330 | the address in square brackets. | 342 | the address in square brackets. |
331 | 343 | ||
332 | By default, the listening socket on the server will be bound to | 344 | By default, TCP listening sockets on the server will be bound to |
333 | the loopback interface only. This may be overridden by | 345 | the loopback interface only. This may be overridden by |
334 | specifying a bind_address. An empty bind_address, or the address | 346 | specifying a bind_address. An empty bind_address, or the address |
335 | M-bM-^@M-^X*M-bM-^@M-^Y, indicates that the remote socket should listen on all | 347 | M-bM-^@M-^X*M-bM-^@M-^Y, indicates that the remote socket should listen on all |
@@ -957,4 +969,4 @@ AUTHORS | |||
957 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 969 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
958 | versions 1.5 and 2.0. | 970 | versions 1.5 and 2.0. |
959 | 971 | ||
960 | OpenBSD 5.7 May 22, 2015 OpenBSD 5.7 | 972 | OpenBSD 5.8 July 20, 2015 OpenBSD 5.8 |