diff options
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 36 |
1 files changed, 31 insertions, 5 deletions
@@ -33,13 +33,13 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh.1,v 1.403 2019/06/12 11:31:50 jmc Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.410 2020/02/07 03:54:44 dtucker Exp $ |
37 | .Dd $Mdocdate: June 12 2019 $ | 37 | .Dd $Mdocdate: February 7 2020 $ |
38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
41 | .Nm ssh | 41 | .Nm ssh |
42 | .Nd OpenSSH SSH client (remote login program) | 42 | .Nd OpenSSH remote login client |
43 | .Sh SYNOPSIS | 43 | .Sh SYNOPSIS |
44 | .Nm ssh | 44 | .Nm ssh |
45 | .Op Fl 46AaCfGgKkMNnqsTtVvXxYy | 45 | .Op Fl 46AaCfGgKkMNnqsTtVvXxYy |
@@ -110,7 +110,8 @@ Forces | |||
110 | to use IPv6 addresses only. | 110 | to use IPv6 addresses only. |
111 | .Pp | 111 | .Pp |
112 | .It Fl A | 112 | .It Fl A |
113 | Enables forwarding of the authentication agent connection. | 113 | Enables forwarding of connections from an authentication agent such as |
114 | .Xr ssh-agent 1 . | ||
114 | This can also be specified on a per-host basis in a configuration file. | 115 | This can also be specified on a per-host basis in a configuration file. |
115 | .Pp | 116 | .Pp |
116 | Agent forwarding should be enabled with caution. | 117 | Agent forwarding should be enabled with caution. |
@@ -121,6 +122,9 @@ socket) can access the local agent through the forwarded connection. | |||
121 | An attacker cannot obtain key material from the agent, | 122 | An attacker cannot obtain key material from the agent, |
122 | however they can perform operations on the keys that enable them to | 123 | however they can perform operations on the keys that enable them to |
123 | authenticate using the identities loaded into the agent. | 124 | authenticate using the identities loaded into the agent. |
125 | A safer alternative may be to use a jump host | ||
126 | (see | ||
127 | .Fl J ) . | ||
124 | .Pp | 128 | .Pp |
125 | .It Fl a | 129 | .It Fl a |
126 | Disables forwarding of the authentication agent connection. | 130 | Disables forwarding of the authentication agent connection. |
@@ -279,7 +283,9 @@ public key authentication is read. | |||
279 | The default is | 283 | The default is |
280 | .Pa ~/.ssh/id_dsa , | 284 | .Pa ~/.ssh/id_dsa , |
281 | .Pa ~/.ssh/id_ecdsa , | 285 | .Pa ~/.ssh/id_ecdsa , |
282 | .Pa ~/.ssh/id_ed25519 | 286 | .Pa ~/.ssh/id_ecdsa_sk , |
287 | .Pa ~/.ssh/id_ed25519 , | ||
288 | .Pa ~/.ssh/id_ed25519_sk | ||
283 | and | 289 | and |
284 | .Pa ~/.ssh/id_rsa . | 290 | .Pa ~/.ssh/id_rsa . |
285 | Identity files may also be specified on | 291 | Identity files may also be specified on |
@@ -579,10 +585,18 @@ flag), | |||
579 | (certificate key types), | 585 | (certificate key types), |
580 | .Ar key-plain | 586 | .Ar key-plain |
581 | (non-certificate key types), | 587 | (non-certificate key types), |
588 | .Ar key-sig | ||
589 | (all key types and signature algorithms), | ||
582 | .Ar protocol-version | 590 | .Ar protocol-version |
583 | (supported SSH protocol versions), and | 591 | (supported SSH protocol versions), and |
584 | .Ar sig | 592 | .Ar sig |
585 | (supported signature algorithms). | 593 | (supported signature algorithms). |
594 | Alternatively, any keyword from | ||
595 | .Xr ssh_config 5 | ||
596 | or | ||
597 | .Xr sshd_config 5 | ||
598 | that takes an algorithm list may be used as an alias for the corresponding | ||
599 | query_option. | ||
586 | .Pp | 600 | .Pp |
587 | .It Fl q | 601 | .It Fl q |
588 | Quiet mode. | 602 | Quiet mode. |
@@ -896,8 +910,12 @@ This stores the private key in | |||
896 | (DSA), | 910 | (DSA), |
897 | .Pa ~/.ssh/id_ecdsa | 911 | .Pa ~/.ssh/id_ecdsa |
898 | (ECDSA), | 912 | (ECDSA), |
913 | .Pa ~/.ssh/id_ecdsa_sk | ||
914 | (authenticator-hosted ECDSA), | ||
899 | .Pa ~/.ssh/id_ed25519 | 915 | .Pa ~/.ssh/id_ed25519 |
900 | (Ed25519), | 916 | (Ed25519), |
917 | .Pa ~/.ssh/id_ed25519_sk | ||
918 | (authenticator-hosted Ed25519), | ||
901 | or | 919 | or |
902 | .Pa ~/.ssh/id_rsa | 920 | .Pa ~/.ssh/id_rsa |
903 | (RSA) | 921 | (RSA) |
@@ -906,8 +924,12 @@ and stores the public key in | |||
906 | (DSA), | 924 | (DSA), |
907 | .Pa ~/.ssh/id_ecdsa.pub | 925 | .Pa ~/.ssh/id_ecdsa.pub |
908 | (ECDSA), | 926 | (ECDSA), |
927 | .Pa ~/.ssh/id_ecdsa_sk.pub | ||
928 | (authenticator-hosted ECDSA), | ||
909 | .Pa ~/.ssh/id_ed25519.pub | 929 | .Pa ~/.ssh/id_ed25519.pub |
910 | (Ed25519), | 930 | (Ed25519), |
931 | .Pa ~/.ssh/id_ed25519_sk.pub | ||
932 | (authenticator-hosted Ed25519), | ||
911 | or | 933 | or |
912 | .Pa ~/.ssh/id_rsa.pub | 934 | .Pa ~/.ssh/id_rsa.pub |
913 | (RSA) | 935 | (RSA) |
@@ -1484,7 +1506,9 @@ above. | |||
1484 | .Pp | 1506 | .Pp |
1485 | .It Pa ~/.ssh/id_dsa | 1507 | .It Pa ~/.ssh/id_dsa |
1486 | .It Pa ~/.ssh/id_ecdsa | 1508 | .It Pa ~/.ssh/id_ecdsa |
1509 | .It Pa ~/.ssh/id_ecdsa_sk | ||
1487 | .It Pa ~/.ssh/id_ed25519 | 1510 | .It Pa ~/.ssh/id_ed25519 |
1511 | .It Pa ~/.ssh/id_ed25519_sk | ||
1488 | .It Pa ~/.ssh/id_rsa | 1512 | .It Pa ~/.ssh/id_rsa |
1489 | Contains the private key for authentication. | 1513 | Contains the private key for authentication. |
1490 | These files | 1514 | These files |
@@ -1498,7 +1522,9 @@ sensitive part of this file using AES-128. | |||
1498 | .Pp | 1522 | .Pp |
1499 | .It Pa ~/.ssh/id_dsa.pub | 1523 | .It Pa ~/.ssh/id_dsa.pub |
1500 | .It Pa ~/.ssh/id_ecdsa.pub | 1524 | .It Pa ~/.ssh/id_ecdsa.pub |
1525 | .It Pa ~/.ssh/id_ecdsa_sk.pub | ||
1501 | .It Pa ~/.ssh/id_ed25519.pub | 1526 | .It Pa ~/.ssh/id_ed25519.pub |
1527 | .It Pa ~/.ssh/id_ed25519_sk.pub | ||
1502 | .It Pa ~/.ssh/id_rsa.pub | 1528 | .It Pa ~/.ssh/id_rsa.pub |
1503 | Contains the public key for authentication. | 1529 | Contains the public key for authentication. |
1504 | These files are not | 1530 | These files are not |