diff options
Diffstat (limited to 'ssh.0')
| -rw-r--r-- | ssh.0 | 44 |
1 files changed, 21 insertions, 23 deletions
| @@ -130,7 +130,7 @@ DESCRIPTION | |||
| 130 | 130 | ||
| 131 | -I pkcs11 | 131 | -I pkcs11 |
| 132 | Specify the PKCS#11 shared library ssh should use to communicate | 132 | Specify the PKCS#11 shared library ssh should use to communicate |
| 133 | with a PKCS#11 token providing the user's private RSA key. | 133 | with a PKCS#11 token providing keys for user authentication. |
| 134 | 134 | ||
| 135 | -i identity_file | 135 | -i identity_file |
| 136 | Selects a file from which the identity (private key) for public | 136 | Selects a file from which the identity (private key) for public |
| @@ -150,6 +150,10 @@ DESCRIPTION | |||
| 150 | TCP forwarding to the ultimate destination from there. Multiple | 150 | TCP forwarding to the ultimate destination from there. Multiple |
| 151 | jump hops may be specified separated by comma characters. This | 151 | jump hops may be specified separated by comma characters. This |
| 152 | is a shortcut to specify a ProxyJump configuration directive. | 152 | is a shortcut to specify a ProxyJump configuration directive. |
| 153 | Note that configuration directives supplied on the command-line | ||
| 154 | generally apply to the destination host and not any specified | ||
| 155 | jump hosts. Use ~/.ssh/config to specify configuration for jump | ||
| 156 | hosts. | ||
| 153 | 157 | ||
| 154 | -K Enables GSSAPI-based authentication and forwarding (delegation) | 158 | -K Enables GSSAPI-based authentication and forwarding (delegation) |
| 155 | of GSSAPI credentials to the server. | 159 | of GSSAPI credentials to the server. |
| @@ -594,36 +598,30 @@ ESCAPE CHARACTERS | |||
| 594 | to stderr. | 598 | to stderr. |
| 595 | 599 | ||
| 596 | TCP FORWARDING | 600 | TCP FORWARDING |
| 597 | Forwarding of arbitrary TCP connections over the secure channel can be | 601 | Forwarding of arbitrary TCP connections over a secure channel can be |
| 598 | specified either on the command line or in a configuration file. One | 602 | specified either on the command line or in a configuration file. One |
| 599 | possible application of TCP forwarding is a secure connection to a mail | 603 | possible application of TCP forwarding is a secure connection to a mail |
| 600 | server; another is going through firewalls. | 604 | server; another is going through firewalls. |
| 601 | 605 | ||
| 602 | In the example below, we look at encrypting communication between an IRC | 606 | In the example below, we look at encrypting communication for an IRC |
| 603 | client and server, even though the IRC server does not directly support | 607 | client, even though the IRC server it connects to does not directly |
| 604 | encrypted communications. This works as follows: the user connects to | 608 | support encrypted communication. This works as follows: the user |
| 605 | the remote host using ssh, specifying a port to be used to forward | 609 | connects to the remote host using ssh, specifying the ports to be used to |
| 606 | connections to the remote server. After that it is possible to start the | 610 | forward the connection. After that it is possible to start the program |
| 607 | service which is to be encrypted on the client machine, connecting to the | 611 | locally, and ssh will encrypt and forward the connection to the remote |
| 608 | same local port, and ssh will encrypt and forward the connection. | 612 | server. |
| 609 | 613 | ||
| 610 | The following example tunnels an IRC session from client machine | 614 | The following example tunnels an IRC session from the client to an IRC |
| 611 | M-bM-^@M-^\127.0.0.1M-bM-^@M-^] (localhost) to remote server M-bM-^@M-^\server.example.comM-bM-^@M-^]: | 615 | server at M-bM-^@M-^\server.example.comM-bM-^@M-^], joining channel M-bM-^@M-^\#usersM-bM-^@M-^], nickname |
| 616 | M-bM-^@M-^\pinkyM-bM-^@M-^], using the standard IRC port, 6667: | ||
| 612 | 617 | ||
| 613 | $ ssh -f -L 1234:localhost:6667 server.example.com sleep 10 | 618 | $ ssh -f -L 6667:localhost:6667 server.example.com sleep 10 |
| 614 | $ irc -c '#users' -p 1234 pinky 127.0.0.1 | 619 | $ irc -c '#users' pinky IRC/127.0.0.1 |
| 615 | |||
| 616 | This tunnels a connection to IRC server M-bM-^@M-^\server.example.comM-bM-^@M-^], joining | ||
| 617 | channel M-bM-^@M-^\#usersM-bM-^@M-^], nickname M-bM-^@M-^\pinkyM-bM-^@M-^], using port 1234. It doesn't matter | ||
| 618 | which port is used, as long as it's greater than 1023 (remember, only | ||
| 619 | root can open sockets on privileged ports) and doesn't conflict with any | ||
| 620 | ports already in use. The connection is forwarded to port 6667 on the | ||
| 621 | remote server, since that's the standard port for IRC services. | ||
| 622 | 620 | ||
| 623 | The -f option backgrounds ssh and the remote command M-bM-^@M-^\sleep 10M-bM-^@M-^] is | 621 | The -f option backgrounds ssh and the remote command M-bM-^@M-^\sleep 10M-bM-^@M-^] is |
| 624 | specified to allow an amount of time (10 seconds, in the example) to | 622 | specified to allow an amount of time (10 seconds, in the example) to |
| 625 | start the service which is to be tunnelled. If no connections are made | 623 | start the program which is going to use the tunnel. If no connections |
| 626 | within the time specified, ssh will exit. | 624 | are made within the time specified, ssh will exit. |
| 627 | 625 | ||
| 628 | X11 FORWARDING | 626 | X11 FORWARDING |
| 629 | If the ForwardX11 variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or see the description of the | 627 | If the ForwardX11 variable is set to M-bM-^@M-^\yesM-bM-^@M-^] (or see the description of the |
| @@ -979,4 +977,4 @@ AUTHORS | |||
| 979 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 977 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
| 980 | versions 1.5 and 2.0. | 978 | versions 1.5 and 2.0. |
| 981 | 979 | ||
| 982 | OpenBSD 6.4 September 20, 2018 OpenBSD 6.4 | 980 | OpenBSD 6.5 March 16, 2019 OpenBSD 6.5 |