diff options
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 53 |
1 files changed, 29 insertions, 24 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.64 2000/10/16 21:46:31 markus Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.68 2000/11/12 19:50:38 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -209,9 +209,9 @@ At first, the client attempts to authenticate using the public key method. | |||
209 | If this method fails password authentication is tried. | 209 | If this method fails password authentication is tried. |
210 | .Pp | 210 | .Pp |
211 | The public key method is similar to RSA authentication described | 211 | The public key method is similar to RSA authentication described |
212 | in the previous section except that the DSA algorithm is used | 212 | in the previous section except that the DSA or RSA algorithm is used |
213 | instead of the patented RSA algorithm. | 213 | instead. |
214 | The client uses his private DSA key | 214 | The client uses his private key |
215 | .Pa $HOME/.ssh/id_dsa | 215 | .Pa $HOME/.ssh/id_dsa |
216 | to sign the session identifier and sends the result to the server. | 216 | to sign the session identifier and sends the result to the server. |
217 | The server checks whether the matching public key is listed in | 217 | The server checks whether the matching public key is listed in |
@@ -331,7 +331,7 @@ identifications for all hosts it has ever been used with. | |||
331 | RSA host keys are stored in | 331 | RSA host keys are stored in |
332 | .Pa $HOME/.ssh/known_hosts | 332 | .Pa $HOME/.ssh/known_hosts |
333 | and | 333 | and |
334 | DSA host keys are stored in | 334 | host keys used in the protocol version 2 are stored in |
335 | .Pa $HOME/.ssh/known_hosts2 | 335 | .Pa $HOME/.ssh/known_hosts2 |
336 | in the user's home directory. | 336 | in the user's home directory. |
337 | Additionally, the files | 337 | Additionally, the files |
@@ -352,7 +352,8 @@ The | |||
352 | .Cm StrictHostKeyChecking | 352 | .Cm StrictHostKeyChecking |
353 | option (see below) can be used to prevent logins to machines whose | 353 | option (see below) can be used to prevent logins to machines whose |
354 | host key is not known or has changed. | 354 | host key is not known or has changed. |
355 | .Sh OPTIONS | 355 | .Pp |
356 | The options are as follows: | ||
356 | .Bl -tag -width Ds | 357 | .Bl -tag -width Ds |
357 | .It Fl a | 358 | .It Fl a |
358 | Disables forwarding of the authentication agent connection. | 359 | Disables forwarding of the authentication agent connection. |
@@ -407,7 +408,7 @@ something like | |||
407 | Allows remote hosts to connect to local forwarded ports. | 408 | Allows remote hosts to connect to local forwarded ports. |
408 | .It Fl i Ar identity_file | 409 | .It Fl i Ar identity_file |
409 | Selects the file from which the identity (private key) for | 410 | Selects the file from which the identity (private key) for |
410 | RSA authentication is read. | 411 | RSA or DSA authentication is read. |
411 | Default is | 412 | Default is |
412 | .Pa $HOME/.ssh/identity | 413 | .Pa $HOME/.ssh/identity |
413 | in the user's home directory. | 414 | in the user's home directory. |
@@ -552,6 +553,22 @@ Forces | |||
552 | .Nm | 553 | .Nm |
553 | to use IPv6 addresses only. | 554 | to use IPv6 addresses only. |
554 | .El | 555 | .El |
556 | .Pp | ||
557 | If | ||
558 | .Nm | ||
559 | is not invoked with one of the standard program names | ||
560 | .Pf ( Dq ssh , | ||
561 | .Dq slogin , | ||
562 | .Dq rsh , | ||
563 | .Dq rlogin , | ||
564 | or | ||
565 | .Dq remsh ) , | ||
566 | it uses this name as its | ||
567 | .Ar hostname | ||
568 | argument. | ||
569 | This is consistent with traditional | ||
570 | .Xr rsh 1 | ||
571 | behavior. | ||
555 | .Sh CONFIGURATION FILES | 572 | .Sh CONFIGURATION FILES |
556 | .Nm | 573 | .Nm |
557 | obtains configuration data from the following sources (in this order): | 574 | obtains configuration data from the following sources (in this order): |
@@ -660,14 +677,12 @@ Specifies the number of tries (one per second) to make before falling | |||
660 | back to rsh or exiting. | 677 | back to rsh or exiting. |
661 | The argument must be an integer. | 678 | The argument must be an integer. |
662 | This may be useful in scripts if the connection sometimes fails. | 679 | This may be useful in scripts if the connection sometimes fails. |
663 | .It Cm DSAAuthentication | 680 | .It Cm PubkeyAuthentication |
664 | Specifies whether to try DSA authentication. | 681 | Specifies whether to try public key authentication. |
665 | The argument to this keyword must be | 682 | The argument to this keyword must be |
666 | .Dq yes | 683 | .Dq yes |
667 | or | 684 | or |
668 | .Dq no . | 685 | .Dq no . |
669 | DSA authentication will only be | ||
670 | attempted if a DSA identity file exists. | ||
671 | Note that this option applies to protocol version 2 only. | 686 | Note that this option applies to protocol version 2 only. |
672 | .It Cm EscapeChar | 687 | .It Cm EscapeChar |
673 | Sets the escape character (default: | 688 | Sets the escape character (default: |
@@ -745,16 +760,6 @@ syntax to refer to a user's home directory. | |||
745 | It is possible to have | 760 | It is possible to have |
746 | multiple identity files specified in configuration files; all these | 761 | multiple identity files specified in configuration files; all these |
747 | identities will be tried in sequence. | 762 | identities will be tried in sequence. |
748 | .It Cm IdentityFile2 | ||
749 | Specifies the file from which the user's DSA authentication identity | ||
750 | is read (default | ||
751 | .Pa $HOME/.ssh/id_dsa | ||
752 | in the user's home directory). | ||
753 | The file name may use the tilde | ||
754 | syntax to refer to a user's home directory. | ||
755 | It is possible to have | ||
756 | multiple identity files specified in configuration files; all these | ||
757 | identities will be tried in sequence. | ||
758 | .It Cm KeepAlive | 763 | .It Cm KeepAlive |
759 | Specifies whether the system should send keepalive messages to the | 764 | Specifies whether the system should send keepalive messages to the |
760 | other side. | 765 | other side. |
@@ -1096,7 +1101,7 @@ spaces). | |||
1096 | This file is not highly sensitive, but the recommended | 1101 | This file is not highly sensitive, but the recommended |
1097 | permissions are read/write for the user, and not accessible by others. | 1102 | permissions are read/write for the user, and not accessible by others. |
1098 | .It Pa $HOME/.ssh/authorized_keys2 | 1103 | .It Pa $HOME/.ssh/authorized_keys2 |
1099 | Lists the DSA keys that can be used for logging in as this user. | 1104 | Lists the public keys (DSA/RSA) that can be used for logging in as this user. |
1100 | This file is not highly sensitive, but the recommended | 1105 | This file is not highly sensitive, but the recommended |
1101 | permissions are read/write for the user, and not accessible by others. | 1106 | permissions are read/write for the user, and not accessible by others. |
1102 | .It Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2 | 1107 | .It Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2 |
@@ -1104,7 +1109,7 @@ Systemwide list of known host keys. | |||
1104 | .Pa /etc/ssh_known_hosts | 1109 | .Pa /etc/ssh_known_hosts |
1105 | contains RSA and | 1110 | contains RSA and |
1106 | .Pa /etc/ssh_known_hosts2 | 1111 | .Pa /etc/ssh_known_hosts2 |
1107 | contains DSA keys. | 1112 | contains DSA or RSA keys for protocol version 2. |
1108 | These files should be prepared by the | 1113 | These files should be prepared by the |
1109 | system administrator to contain the public host keys of all machines in the | 1114 | system administrator to contain the public host keys of all machines in the |
1110 | organization. | 1115 | organization. |
@@ -1219,7 +1224,7 @@ above. | |||
1219 | A version of this library which includes support for the RSA algorithm | 1224 | A version of this library which includes support for the RSA algorithm |
1220 | is required for proper operation. | 1225 | is required for proper operation. |
1221 | .El | 1226 | .El |
1222 | .Sh AUTHOR | 1227 | .Sh AUTHORS |
1223 | OpenSSH | 1228 | OpenSSH |
1224 | is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen, | 1229 | is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen, |
1225 | but with bugs removed and newer features re-added. | 1230 | but with bugs removed and newer features re-added. |