diff options
Diffstat (limited to 'ssh.0')
| -rw-r--r-- | ssh.0 | 75 |
1 files changed, 51 insertions, 24 deletions
| @@ -4,10 +4,10 @@ NAME | |||
| 4 | ssh - OpenSSH SSH client (remote login program) | 4 | ssh - OpenSSH SSH client (remote login program) |
| 5 | 5 | ||
| 6 | SYNOPSIS | 6 | SYNOPSIS |
| 7 | ssh [-1246AaCfgkNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] [-D port] | 7 | ssh [-1246AaCfgkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] |
| 8 | [-e escape_char] [-F configfile] [-i identity_file] | 8 | [-D port] [-e escape_char] [-F configfile] [-i identity_file] |
| 9 | [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option] | 9 | [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option] |
| 10 | [-p port] [-R port:host:hostport] [user@]hostname [command] | 10 | [-p port] [-R port:host:hostport] [-S ctl] [user@]hostname [command] |
| 11 | 11 | ||
| 12 | DESCRIPTION | 12 | DESCRIPTION |
| 13 | ssh (SSH client) is a program for logging into a remote machine and for | 13 | ssh (SSH client) is a program for logging into a remote machine and for |
| @@ -106,9 +106,9 @@ DESCRIPTION | |||
| 106 | tion. | 106 | tion. |
| 107 | 107 | ||
| 108 | Protocol 2 provides additional mechanisms for confidentiality (the traf- | 108 | Protocol 2 provides additional mechanisms for confidentiality (the traf- |
| 109 | fic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) and integrity | 109 | fic is encrypted using AES, 3DES, Blowfish, CAST128 or Arcfour) and in- |
| 110 | (hmac-md5, hmac-sha1). Note that protocol 1 lacks a strong mechanism for | 110 | tegrity (hmac-md5, hmac-sha1, hmac-ripemd160). Note that protocol 1 |
| 111 | ensuring the integrity of the connection. | 111 | lacks a strong mechanism for ensuring the integrity of the connection. |
| 112 | 112 | ||
| 113 | Login session and remote execution | 113 | Login session and remote execution |
| 114 | When the user's identity has been accepted by the server, the server ei- | 114 | When the user's identity has been accepted by the server, the server ei- |
| @@ -154,8 +154,10 @@ DESCRIPTION | |||
| 154 | ~B Send a BREAK to the remote system (only useful for SSH protocol | 154 | ~B Send a BREAK to the remote system (only useful for SSH protocol |
| 155 | version 2 and if the peer supports it). | 155 | version 2 and if the peer supports it). |
| 156 | 156 | ||
| 157 | ~C Open command line (only useful for adding port forwardings using | 157 | ~C Open command line. Currently this allows the addition of port |
| 158 | the -L and -R options). | 158 | forwardings using the -L and -R options (see below). It also al- |
| 159 | lows the cancellation of existing remote port-forwardings using | ||
| 160 | -KR hostport. Basic help is available, using the -h option. | ||
| 159 | 161 | ||
| 160 | ~R Request rekeying of the connection (only useful for SSH protocol | 162 | ~R Request rekeying of the connection (only useful for SSH protocol |
| 161 | version 2 and if the peer supports it). | 163 | version 2 and if the peer supports it). |
| @@ -206,6 +208,11 @@ DESCRIPTION | |||
| 206 | StrictHostKeyChecking option can be used to prevent logins to machines | 208 | StrictHostKeyChecking option can be used to prevent logins to machines |
| 207 | whose host key is not known or has changed. | 209 | whose host key is not known or has changed. |
| 208 | 210 | ||
| 211 | ssh can be configured to verify host identification using fingerprint re- | ||
| 212 | source records (SSHFP) published in DNS. The VerifyHostKeyDNS option can | ||
| 213 | be used to control how DNS lookups are performed. SSHFP resource records | ||
| 214 | can be generated using ssh-keygen(1). | ||
| 215 | |||
| 209 | The options are as follows: | 216 | The options are as follows: |
| 210 | 217 | ||
| 211 | -1 Forces ssh to try protocol version 1 only. | 218 | -1 Forces ssh to try protocol version 1 only. |
| @@ -243,20 +250,27 @@ DESCRIPTION | |||
| 243 | networks. The default value can be set on a host-by-host basis | 250 | networks. The default value can be set on a host-by-host basis |
| 244 | in the configuration files; see the Compression option. | 251 | in the configuration files; see the Compression option. |
| 245 | 252 | ||
| 246 | -c blowfish | 3des | des | ||
| 247 | Selects the cipher to use for encrypting the session. 3des is | ||
| 248 | used by default. It is believed to be secure. 3des (triple-des) | ||
| 249 | is an encrypt-decrypt-encrypt triple with three different keys. | ||
| 250 | blowfish is a fast block cipher; it appears very secure and is | ||
| 251 | much faster than 3des. des is only supported in the ssh client | ||
| 252 | for interoperability with legacy protocol 1 implementations that | ||
| 253 | do not support the 3des cipher. Its use is strongly discouraged | ||
| 254 | due to cryptographic weaknesses. | ||
| 255 | |||
| 256 | -c cipher_spec | 253 | -c cipher_spec |
| 257 | Additionally, for protocol version 2 a comma-separated list of | 254 | Selects the cipher specification for encrypting the session. |
| 258 | ciphers can be specified in order of preference. See Ciphers for | 255 | |
| 259 | more information. | 256 | Protocol version 1 allows specification of a single cipher. The |
| 257 | suported values are ``3des'', ``blowfish'' and ``des''. 3des | ||
| 258 | (triple-des) is an encrypt-decrypt-encrypt triple with three dif- | ||
| 259 | ferent keys. It is believed to be secure. blowfish is a fast | ||
| 260 | block cipher; it appears very secure and is much faster than | ||
| 261 | 3des. des is only supported in the ssh client for interoperabil- | ||
| 262 | ity with legacy protocol 1 implementations that do not support | ||
| 263 | the 3des cipher. Its use is strongly discouraged due to crypto- | ||
| 264 | graphic weaknesses. The default is ``3des''. | ||
| 265 | |||
| 266 | For protocol version 2 cipher_spec is a comma-separated list of | ||
| 267 | ciphers listed in order of preference. The supported ciphers are | ||
| 268 | ``3des-cbc'', ``aes128-cbc'', ``aes192-cbc'', ``aes256-cbc'', | ||
| 269 | ``aes128-ctr'', ``aes192-ctr'', ``aes256-ctr'', ``arcfour'', | ||
| 270 | ``blowfish-cbc'', and ``cast128-cbc''. The default is | ||
| 271 | |||
| 272 | ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour, | ||
| 273 | aes192-cbc,aes256-cbc'' | ||
| 260 | 274 | ||
| 261 | -D port | 275 | -D port |
| 262 | Specifies a local ``dynamic'' application-level port forwarding. | 276 | Specifies a local ``dynamic'' application-level port forwarding. |
| @@ -324,6 +338,10 @@ DESCRIPTION | |||
| 324 | Specifies the user to log in as on the remote machine. This also | 338 | Specifies the user to log in as on the remote machine. This also |
| 325 | may be specified on a per-host basis in the configuration file. | 339 | may be specified on a per-host basis in the configuration file. |
| 326 | 340 | ||
| 341 | -M Places the ssh client into ``master'' mode for connection shar- | ||
| 342 | ing. Refer to the description of ControlMaster in ssh_config(5) | ||
| 343 | for details. | ||
| 344 | |||
| 327 | -m mac_spec | 345 | -m mac_spec |
| 328 | Additionally, for protocol version 2 a comma-separated list of | 346 | Additionally, for protocol version 2 a comma-separated list of |
| 329 | MAC (message authentication code) algorithms can be specified in | 347 | MAC (message authentication code) algorithms can be specified in |
| @@ -358,7 +376,9 @@ DESCRIPTION | |||
| 358 | Compression | 376 | Compression |
| 359 | CompressionLevel | 377 | CompressionLevel |
| 360 | ConnectionAttempts | 378 | ConnectionAttempts |
| 361 | ConnectionTimeout | 379 | ConnectTimeout |
| 380 | ControlMaster | ||
| 381 | ControlPath | ||
| 362 | DynamicForward | 382 | DynamicForward |
| 363 | EscapeChar | 383 | EscapeChar |
| 364 | ForwardAgent | 384 | ForwardAgent |
| @@ -389,6 +409,7 @@ DESCRIPTION | |||
| 389 | RemoteForward | 409 | RemoteForward |
| 390 | RhostsRSAAuthentication | 410 | RhostsRSAAuthentication |
| 391 | RSAAuthentication | 411 | RSAAuthentication |
| 412 | SendEnv | ||
| 392 | ServerAliveInterval | 413 | ServerAliveInterval |
| 393 | ServerAliveCountMax | 414 | ServerAliveCountMax |
| 394 | SmartcardDevice | 415 | SmartcardDevice |
| @@ -419,6 +440,10 @@ DESCRIPTION | |||
| 419 | machine. IPv6 addresses can be specified with an alternative | 440 | machine. IPv6 addresses can be specified with an alternative |
| 420 | syntax: port/host/hostport. | 441 | syntax: port/host/hostport. |
| 421 | 442 | ||
| 443 | -S ctl Specifies the location of a control socket for connection shar- | ||
| 444 | ing. Refer to the description of ControlPath and ControlMaster | ||
| 445 | in ssh_config(5) for details. | ||
| 446 | |||
| 422 | -s May be used to request invocation of a subsystem on the remote | 447 | -s May be used to request invocation of a subsystem on the remote |
| 423 | system. Subsystems are a feature of the SSH2 protocol which fa- | 448 | system. Subsystems are a feature of the SSH2 protocol which fa- |
| 424 | cilitate the use of SSH as a secure transport for other applica- | 449 | cilitate the use of SSH as a secure transport for other applica- |
| @@ -549,7 +574,9 @@ FILES | |||
| 549 | 574 | ||
| 550 | $HOME/.ssh/config | 575 | $HOME/.ssh/config |
| 551 | This is the per-user configuration file. The file format and | 576 | This is the per-user configuration file. The file format and |
| 552 | configuration options are described in ssh_config(5). | 577 | configuration options are described in ssh_config(5). Because of |
| 578 | the potential for abuse, this file must have strict permissions: | ||
| 579 | read/write for the user, and not accessible by others. | ||
| 553 | 580 | ||
| 554 | $HOME/.ssh/authorized_keys | 581 | $HOME/.ssh/authorized_keys |
| 555 | Lists the public keys (RSA/DSA) that can be used for logging in | 582 | Lists the public keys (RSA/DSA) that can be used for logging in |
| @@ -666,4 +693,4 @@ AUTHORS | |||
| 666 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 693 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
| 667 | versions 1.5 and 2.0. | 694 | versions 1.5 and 2.0. |
| 668 | 695 | ||
| 669 | OpenBSD 3.5 September 25, 1999 11 | 696 | OpenBSD 3.6 September 25, 1999 11 |