summaryrefslogtreecommitdiff
path: root/ssh.1
diff options
context:
space:
mode:
Diffstat (limited to 'ssh.1')
-rw-r--r--ssh.11189
1 files changed, 679 insertions, 510 deletions
diff --git a/ssh.1 b/ssh.1
index 9ce28be69..f7c65a372 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.\" $OpenBSD: ssh.1,v 1.209 2005/07/06 09:33:05 dtucker Exp $ 37.\" $OpenBSD: ssh.1,v 1.253 2006/01/30 13:37:49 jmc Exp $
38.Dd September 25, 1999 38.Dd September 25, 1999
39.Dt SSH 1 39.Dt SSH 1
40.Os 40.Os
@@ -43,21 +43,29 @@
43.Nd OpenSSH SSH client (remote login program) 43.Nd OpenSSH SSH client (remote login program)
44.Sh SYNOPSIS 44.Sh SYNOPSIS
45.Nm ssh 45.Nm ssh
46.Bk -words
47.Op Fl 1246AaCfgkMNnqsTtVvXxY 46.Op Fl 1246AaCfgkMNnqsTtVvXxY
48.Op Fl b Ar bind_address 47.Op Fl b Ar bind_address
49.Op Fl c Ar cipher_spec 48.Op Fl c Ar cipher_spec
50.Op Fl D Ar port 49.Oo Fl D\ \&
50.Sm off
51.Oo Ar bind_address : Oc
52.Ar port
53.Sm on
54.Oc
51.Op Fl e Ar escape_char 55.Op Fl e Ar escape_char
52.Op Fl F Ar configfile 56.Op Fl F Ar configfile
57.Bk -words
53.Op Fl i Ar identity_file 58.Op Fl i Ar identity_file
59.Ek
54.Oo Fl L\ \& 60.Oo Fl L\ \&
55.Sm off 61.Sm off
56.Oo Ar bind_address : Oc 62.Oo Ar bind_address : Oc
57.Ar port : host : hostport 63.Ar port : host : hostport
58.Sm on 64.Sm on
59.Oc 65.Oc
66.Bk -words
60.Op Fl l Ar login_name 67.Op Fl l Ar login_name
68.Ek
61.Op Fl m Ar mac_spec 69.Op Fl m Ar mac_spec
62.Op Fl O Ar ctl_cmd 70.Op Fl O Ar ctl_cmd
63.Op Fl o Ar option 71.Op Fl o Ar option
@@ -69,6 +77,8 @@
69.Sm on 77.Sm on
70.Oc 78.Oc
71.Op Fl S Ar ctl_path 79.Op Fl S Ar ctl_path
80.Bk -words
81.Op Fl w Ar tunnel : Ns Ar tunnel
72.Oo Ar user Ns @ Oc Ns Ar hostname 82.Oo Ar user Ns @ Oc Ns Ar hostname
73.Op Ar command 83.Op Ar command
74.Ek 84.Ek
@@ -79,7 +89,7 @@ executing commands on a remote machine.
79It is intended to replace rlogin and rsh, 89It is intended to replace rlogin and rsh,
80and provide secure encrypted communications between 90and provide secure encrypted communications between
81two untrusted hosts over an insecure network. 91two untrusted hosts over an insecure network.
82X11 connections and arbitrary TCP/IP ports 92X11 connections and arbitrary TCP ports
83can also be forwarded over the secure channel. 93can also be forwarded over the secure channel.
84.Pp 94.Pp
85.Nm 95.Nm
@@ -90,306 +100,12 @@ connects and logs into the specified
90name). 100name).
91The user must prove 101The user must prove
92his/her identity to the remote machine using one of several methods 102his/her identity to the remote machine using one of several methods
93depending on the protocol version used. 103depending on the protocol version used (see below).
94.Pp 104.Pp
95If 105If
96.Ar command 106.Ar command
97is specified, 107is specified,
98.Ar command 108it is executed on the remote host instead of a login shell.
99is executed on the remote host instead of a login shell.
100.Ss SSH protocol version 1
101The first authentication method is the
102.Em rhosts
103or
104.Em hosts.equiv
105method combined with RSA-based host authentication.
106If the machine the user logs in from is listed in
107.Pa /etc/hosts.equiv
108or
109.Pa /etc/shosts.equiv
110on the remote machine, and the user names are
111the same on both sides, or if the files
112.Pa ~/.rhosts
113or
114.Pa ~/.shosts
115exist in the user's home directory on the
116remote machine and contain a line containing the name of the client
117machine and the name of the user on that machine, the user is
118considered for log in.
119Additionally, if the server can verify the client's
120host key (see
121.Pa /etc/ssh/ssh_known_hosts
122and
123.Pa ~/.ssh/known_hosts
124in the
125.Sx FILES
126section), only then is login permitted.
127This authentication method closes security holes due to IP
128spoofing, DNS spoofing and routing spoofing.
129[Note to the administrator:
130.Pa /etc/hosts.equiv ,
131.Pa ~/.rhosts ,
132and the rlogin/rsh protocol in general, are inherently insecure and should be
133disabled if security is desired.]
134.Pp
135As a second authentication method,
136.Nm
137supports RSA based authentication.
138The scheme is based on public-key cryptography: there are cryptosystems
139where encryption and decryption are done using separate keys, and it
140is not possible to derive the decryption key from the encryption key.
141RSA is one such system.
142The idea is that each user creates a public/private
143key pair for authentication purposes.
144The server knows the public key, and only the user knows the private key.
145.Pp
146The file
147.Pa ~/.ssh/authorized_keys
148lists the public keys that are permitted for logging in.
149When the user logs in, the
150.Nm
151program tells the server which key pair it would like to use for
152authentication.
153The server checks if this key is permitted, and if so,
154sends the user (actually the
155.Nm
156program running on behalf of the user) a challenge, a random number,
157encrypted by the user's public key.
158The challenge can only be decrypted using the proper private key.
159The user's client then decrypts the challenge using the private key,
160proving that he/she knows the private key
161but without disclosing it to the server.
162.Pp
163.Nm
164implements the RSA authentication protocol automatically.
165The user creates his/her RSA key pair by running
166.Xr ssh-keygen 1 .
167This stores the private key in
168.Pa ~/.ssh/identity
169and stores the public key in
170.Pa ~/.ssh/identity.pub
171in the user's home directory.
172The user should then copy the
173.Pa identity.pub
174to
175.Pa ~/.ssh/authorized_keys
176in his/her home directory on the remote machine (the
177.Pa authorized_keys
178file corresponds to the conventional
179.Pa ~/.rhosts
180file, and has one key
181per line, though the lines can be very long).
182After this, the user can log in without giving the password.
183.Pp
184The most convenient way to use RSA authentication may be with an
185authentication agent.
186See
187.Xr ssh-agent 1
188for more information.
189.Pp
190If other authentication methods fail,
191.Nm
192prompts the user for a password.
193The password is sent to the remote
194host for checking; however, since all communications are encrypted,
195the password cannot be seen by someone listening on the network.
196.Ss SSH protocol version 2
197When a user connects using protocol version 2,
198similar authentication methods are available.
199Using the default values for
200.Cm PreferredAuthentications ,
201the client will try to authenticate first using the hostbased method;
202if this method fails, public key authentication is attempted,
203and finally if this method fails, keyboard-interactive and
204password authentication are tried.
205.Pp
206The public key method is similar to RSA authentication described
207in the previous section and allows the RSA or DSA algorithm to be used:
208The client uses his private key,
209.Pa ~/.ssh/id_dsa
210or
211.Pa ~/.ssh/id_rsa ,
212to sign the session identifier and sends the result to the server.
213The server checks whether the matching public key is listed in
214.Pa ~/.ssh/authorized_keys
215and grants access if both the key is found and the signature is correct.
216The session identifier is derived from a shared Diffie-Hellman value
217and is only known to the client and the server.
218.Pp
219If public key authentication fails or is not available, a password
220can be sent encrypted to the remote host to prove the user's identity.
221.Pp
222Additionally,
223.Nm
224supports hostbased or challenge response authentication.
225.Pp
226Protocol 2 provides additional mechanisms for confidentiality
227(the traffic is encrypted using AES, 3DES, Blowfish, CAST128 or Arcfour)
228and integrity (hmac-md5, hmac-sha1, hmac-ripemd160).
229Note that protocol 1 lacks a strong mechanism for ensuring the
230integrity of the connection.
231.Ss Login session and remote execution
232When the user's identity has been accepted by the server, the server
233either executes the given command, or logs into the machine and gives
234the user a normal shell on the remote machine.
235All communication with
236the remote command or shell will be automatically encrypted.
237.Pp
238If a pseudo-terminal has been allocated (normal login session), the
239user may use the escape characters noted below.
240.Pp
241If no pseudo-tty has been allocated,
242the session is transparent and can be used to reliably transfer binary data.
243On most systems, setting the escape character to
244.Dq none
245will also make the session transparent even if a tty is used.
246.Pp
247The session terminates when the command or shell on the remote
248machine exits and all X11 and TCP/IP connections have been closed.
249The exit status of the remote program is returned as the exit status of
250.Nm ssh .
251.Ss Escape Characters
252When a pseudo-terminal has been requested,
253.Nm
254supports a number of functions through the use of an escape character.
255.Pp
256A single tilde character can be sent as
257.Ic ~~
258or by following the tilde by a character other than those described below.
259The escape character must always follow a newline to be interpreted as
260special.
261The escape character can be changed in configuration files using the
262.Cm EscapeChar
263configuration directive or on the command line by the
264.Fl e
265option.
266.Pp
267The supported escapes (assuming the default
268.Ql ~ )
269are:
270.Bl -tag -width Ds
271.It Cm ~.
272Disconnect.
273.It Cm ~^Z
274Background
275.Nm ssh .
276.It Cm ~#
277List forwarded connections.
278.It Cm ~&
279Background
280.Nm
281at logout when waiting for forwarded connection / X11 sessions to terminate.
282.It Cm ~?
283Display a list of escape characters.
284.It Cm ~B
285Send a BREAK to the remote system
286(only useful for SSH protocol version 2 and if the peer supports it).
287.It Cm ~C
288Open command line.
289Currently this allows the addition of port forwardings using the
290.Fl L
291and
292.Fl R
293options (see below).
294It also allows the cancellation of existing remote port-forwardings
295using
296.Fl KR Ar hostport .
297Basic help is available, using the
298.Fl h
299option.
300.It Cm ~R
301Request rekeying of the connection
302(only useful for SSH protocol version 2 and if the peer supports it).
303.El
304.Ss X11 and TCP forwarding
305If the
306.Cm ForwardX11
307variable is set to
308.Dq yes
309(or see the description of the
310.Fl X
311and
312.Fl x
313options described later)
314and the user is using X11 (the
315.Ev DISPLAY
316environment variable is set), the connection to the X11 display is
317automatically forwarded to the remote side in such a way that any X11
318programs started from the shell (or command) will go through the
319encrypted channel, and the connection to the real X server will be made
320from the local machine.
321The user should not manually set
322.Ev DISPLAY .
323Forwarding of X11 connections can be
324configured on the command line or in configuration files.
325.Pp
326The
327.Ev DISPLAY
328value set by
329.Nm
330will point to the server machine, but with a display number greater than zero.
331This is normal, and happens because
332.Nm
333creates a
334.Dq proxy
335X server on the server machine for forwarding the
336connections over the encrypted channel.
337.Pp
338.Nm
339will also automatically set up Xauthority data on the server machine.
340For this purpose, it will generate a random authorization cookie,
341store it in Xauthority on the server, and verify that any forwarded
342connections carry this cookie and replace it by the real cookie when
343the connection is opened.
344The real authentication cookie is never
345sent to the server machine (and no cookies are sent in the plain).
346.Pp
347If the
348.Cm ForwardAgent
349variable is set to
350.Dq yes
351(or see the description of the
352.Fl A
353and
354.Fl a
355options described later) and
356the user is using an authentication agent, the connection to the agent
357is automatically forwarded to the remote side.
358.Pp
359Forwarding of arbitrary TCP/IP connections over the secure channel can
360be specified either on the command line or in a configuration file.
361One possible application of TCP/IP forwarding is a secure connection to an
362electronic purse; another is going through firewalls.
363.Ss Server authentication
364.Nm
365automatically maintains and checks a database containing
366identifications for all hosts it has ever been used with.
367Host keys are stored in
368.Pa ~/.ssh/known_hosts
369in the user's home directory.
370Additionally, the file
371.Pa /etc/ssh/ssh_known_hosts
372is automatically checked for known hosts.
373Any new hosts are automatically added to the user's file.
374If a host's identification ever changes,
375.Nm
376warns about this and disables password authentication to prevent a
377trojan horse from getting the user's password.
378Another purpose of this mechanism is to prevent man-in-the-middle attacks
379which could otherwise be used to circumvent the encryption.
380The
381.Cm StrictHostKeyChecking
382option can be used to prevent logins to machines whose
383host key is not known or has changed.
384.Pp
385.Nm
386can be configured to verify host identification using fingerprint resource
387records (SSHFP) published in DNS.
388The
389.Cm VerifyHostKeyDNS
390option can be used to control how DNS lookups are performed.
391SSHFP resource records can be generated using
392.Xr ssh-keygen 1 .
393.Pp 109.Pp
394The options are as follows: 110The options are as follows:
395.Bl -tag -width Ds 111.Bl -tag -width Ds
@@ -430,7 +146,7 @@ of the connection.
430Only useful on systems with more than one address. 146Only useful on systems with more than one address.
431.It Fl C 147.It Fl C
432Requests compression of all data (including stdin, stdout, stderr, and 148Requests compression of all data (including stdin, stdout, stderr, and
433data for forwarded X11 and TCP/IP connections). 149data for forwarded X11 and TCP connections).
434The compression algorithm is the same used by 150The compression algorithm is the same used by
435.Xr gzip 1 , 151.Xr gzip 1 ,
436and the 152and the
@@ -448,9 +164,9 @@ option.
448Selects the cipher specification for encrypting the session. 164Selects the cipher specification for encrypting the session.
449.Pp 165.Pp
450Protocol version 1 allows specification of a single cipher. 166Protocol version 1 allows specification of a single cipher.
451The suported values are 167The supported values are
452.Dq 3des , 168.Dq 3des ,
453.Dq blowfish 169.Dq blowfish ,
454and 170and
455.Dq des . 171.Dq des .
456.Ar 3des 172.Ar 3des
@@ -470,37 +186,44 @@ Its use is strongly discouraged due to cryptographic weaknesses.
470The default is 186The default is
471.Dq 3des . 187.Dq 3des .
472.Pp 188.Pp
473For protocol version 2 189For protocol version 2,
474.Ar cipher_spec 190.Ar cipher_spec
475is a comma-separated list of ciphers 191is a comma-separated list of ciphers
476listed in order of preference. 192listed in order of preference.
477The supported ciphers are 193The supported ciphers are:
478.Dq 3des-cbc , 1943des-cbc,
479.Dq aes128-cbc , 195aes128-cbc,
480.Dq aes192-cbc , 196aes192-cbc,
481.Dq aes256-cbc , 197aes256-cbc,
482.Dq aes128-ctr , 198aes128-ctr,
483.Dq aes192-ctr , 199aes192-ctr,
484.Dq aes256-ctr , 200aes256-ctr,
485.Dq arcfour128 , 201arcfour128,
486.Dq arcfour256 , 202arcfour256,
487.Dq arcfour , 203arcfour,
488.Dq blowfish-cbc , 204blowfish-cbc,
489and 205and
490.Dq cast128-cbc . 206cast128-cbc.
491The default is 207The default is:
492.Bd -literal 208.Bd -literal -offset indent
493 ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128, 209aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
494 arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr, 210arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
495 aes192-ctr,aes256-ctr'' 211aes192-ctr,aes256-ctr
496.Ed 212.Ed
497.It Fl D Ar port 213.It Fl D Xo
214.Sm off
215.Oo Ar bind_address : Oc
216.Ar port
217.Sm on
218.Xc
498Specifies a local 219Specifies a local
499.Dq dynamic 220.Dq dynamic
500application-level port forwarding. 221application-level port forwarding.
501This works by allocating a socket to listen to 222This works by allocating a socket to listen to
502.Ar port 223.Ar port
503on the local side, and whenever a connection is made to this port, the 224on the local side, optionally bound to the specified
225.Ar bind_address .
226Whenever a connection is made to this port, the
504connection is forwarded over the secure channel, and the application 227connection is forwarded over the secure channel, and the application
505protocol is then used to determine where to connect to from the 228protocol is then used to determine where to connect to from the
506remote machine. 229remote machine.
@@ -509,7 +232,31 @@ Currently the SOCKS4 and SOCKS5 protocols are supported, and
509will act as a SOCKS server. 232will act as a SOCKS server.
510Only root can forward privileged ports. 233Only root can forward privileged ports.
511Dynamic port forwardings can also be specified in the configuration file. 234Dynamic port forwardings can also be specified in the configuration file.
512.It Fl e Ar ch | ^ch | none 235.Pp
236IPv6 addresses can be specified with an alternative syntax:
237.Sm off
238.Xo
239.Op Ar bind_address No /
240.Ar port
241.Xc
242.Sm on
243or by enclosing the address in square brackets.
244Only the superuser can forward privileged ports.
245By default, the local port is bound in accordance with the
246.Cm GatewayPorts
247setting.
248However, an explicit
249.Ar bind_address
250may be used to bind the connection to a specific address.
251The
252.Ar bind_address
253of
254.Dq localhost
255indicates that the listening port be bound for local use only, while an
256empty address or
257.Sq *
258indicates that the port should be available from all interfaces.
259.It Fl e Ar escape_char
513Sets the escape character for sessions with a pty (default: 260Sets the escape character for sessions with a pty (default:
514.Ql ~ ) . 261.Ql ~ ) .
515The escape character is only recognized at the beginning of a line. 262The escape character is only recognized at the beginning of a line.
@@ -545,11 +292,12 @@ something like
545.It Fl g 292.It Fl g
546Allows remote hosts to connect to local forwarded ports. 293Allows remote hosts to connect to local forwarded ports.
547.It Fl I Ar smartcard_device 294.It Fl I Ar smartcard_device
548Specifies which smartcard device to use. 295Specify the device
549The argument is the device
550.Nm 296.Nm
551should use to communicate with a smartcard used for storing the user's 297should use to communicate with a smartcard used for storing the user's
552private RSA key. 298private RSA key.
299This option is only available if support for smartcard devices
300is compiled in (default is no support).
553.It Fl i Ar identity_file 301.It Fl i Ar identity_file
554Selects a file from which the identity (private key) for 302Selects a file from which the identity (private key) for
555RSA or DSA authentication is read. 303RSA or DSA authentication is read.
@@ -621,6 +369,13 @@ Places the
621client into 369client into
622.Dq master 370.Dq master
623mode for connection sharing. 371mode for connection sharing.
372Multiple
373.Fl M
374options places
375.Nm
376into
377.Dq master
378mode with confirmation required before slave connections are accepted.
624Refer to the description of 379Refer to the description of
625.Cm ControlMaster 380.Cm ControlMaster
626in 381in
@@ -709,17 +464,20 @@ For full details of the options listed below, and their possible values, see
709.It IdentityFile 464.It IdentityFile
710.It IdentitiesOnly 465.It IdentitiesOnly
711.It KbdInteractiveDevices 466.It KbdInteractiveDevices
467.It LocalCommand
712.It LocalForward 468.It LocalForward
713.It LogLevel 469.It LogLevel
714.It MACs 470.It MACs
715.It NoHostAuthenticationForLocalhost 471.It NoHostAuthenticationForLocalhost
716.It NumberOfPasswordPrompts 472.It NumberOfPasswordPrompts
717.It PasswordAuthentication 473.It PasswordAuthentication
474.It PermitLocalCommand
718.It Port 475.It Port
719.It PreferredAuthentications 476.It PreferredAuthentications
720.It Protocol 477.It Protocol
721.It ProxyCommand 478.It ProxyCommand
722.It PubkeyAuthentication 479.It PubkeyAuthentication
480.It RekeyLimit
723.It RemoteForward 481.It RemoteForward
724.It RhostsRSAAuthentication 482.It RhostsRSAAuthentication
725.It RSAAuthentication 483.It RSAAuthentication
@@ -729,6 +487,8 @@ For full details of the options listed below, and their possible values, see
729.It SmartcardDevice 487.It SmartcardDevice
730.It StrictHostKeyChecking 488.It StrictHostKeyChecking
731.It TCPKeepAlive 489.It TCPKeepAlive
490.It Tunnel
491.It TunnelDevice
732.It UsePrivilegedPort 492.It UsePrivilegedPort
733.It User 493.It User
734.It UserKnownHostsFile 494.It UserKnownHostsFile
@@ -832,6 +592,24 @@ Multiple
832.Fl v 592.Fl v
833options increase the verbosity. 593options increase the verbosity.
834The maximum is 3. 594The maximum is 3.
595.It Fl w Ar tunnel : Ns Ar tunnel
596Requests a
597.Xr tun 4
598device on the client
599(first
600.Ar tunnel
601arg)
602and server
603(second
604.Ar tunnel
605arg).
606The devices may be specified by numerical ID or the keyword
607.Dq any ,
608which uses the next available tunnel device.
609See also the
610.Cm Tunnel
611directive in
612.Xr ssh_config 5 .
835.It Fl X 613.It Fl X
836Enables X11 forwarding. 614Enables X11 forwarding.
837This can also be specified on a per-host basis in a configuration file. 615This can also be specified on a per-host basis in a configuration file.
@@ -859,16 +637,474 @@ Enables trusted X11 forwarding.
859Trusted X11 forwardings are not subjected to the X11 SECURITY extension 637Trusted X11 forwardings are not subjected to the X11 SECURITY extension
860controls. 638controls.
861.El 639.El
862.Sh CONFIGURATION FILES 640.Pp
863.Nm 641.Nm
864may additionally obtain configuration data from 642may additionally obtain configuration data from
865a per-user configuration file and a system-wide configuration file. 643a per-user configuration file and a system-wide configuration file.
866The file format and configuration options are described in 644The file format and configuration options are described in
867.Xr ssh_config 5 . 645.Xr ssh_config 5 .
646.Pp
647.Nm
648exits with the exit status of the remote command or with 255
649if an error occurred.
650.Sh AUTHENTICATION
651The OpenSSH SSH client supports SSH protocols 1 and 2.
652Protocol 2 is the default, with
653.Nm
654falling back to protocol 1 if it detects protocol 2 is unsupported.
655These settings may be altered using the
656.Cm Protocol
657option in
658.Xr ssh_config 5 ,
659or enforced using the
660.Fl 1
661and
662.Fl 2
663options (see above).
664Both protocols support similar authentication methods,
665but protocol 2 is preferred since
666it provides additional mechanisms for confidentiality
667(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
668and integrity (hmac-md5, hmac-sha1, hmac-ripemd160).
669Protocol 1 lacks a strong mechanism for ensuring the
670integrity of the connection.
671.Pp
672The methods available for authentication are:
673host-based authentication,
674public key authentication,
675challenge-response authentication,
676and password authentication.
677Authentication methods are tried in the order specified above,
678though protocol 2 has a configuration option to change the default order:
679.Cm PreferredAuthentications .
680.Pp
681Host-based authentication works as follows:
682If the machine the user logs in from is listed in
683.Pa /etc/hosts.equiv
684or
685.Pa /etc/shosts.equiv
686on the remote machine, and the user names are
687the same on both sides, or if the files
688.Pa ~/.rhosts
689or
690.Pa ~/.shosts
691exist in the user's home directory on the
692remote machine and contain a line containing the name of the client
693machine and the name of the user on that machine, the user is
694considered for login.
695Additionally, the server
696.Em must
697be able to verify the client's
698host key (see the description of
699.Pa /etc/ssh/ssh_known_hosts
700and
701.Pa ~/.ssh/known_hosts ,
702below)
703for login to be permitted.
704This authentication method closes security holes due to IP
705spoofing, DNS spoofing, and routing spoofing.
706[Note to the administrator:
707.Pa /etc/hosts.equiv ,
708.Pa ~/.rhosts ,
709and the rlogin/rsh protocol in general, are inherently insecure and should be
710disabled if security is desired.]
711.Pp
712Public key authentication works as follows:
713The scheme is based on public-key cryptography,
714using cryptosystems
715where encryption and decryption are done using separate keys,
716and it is unfeasible to derive the decryption key from the encryption key.
717The idea is that each user creates a public/private
718key pair for authentication purposes.
719The server knows the public key, and only the user knows the private key.
720.Nm
721implements public key authentication protocol automatically,
722using either the RSA or DSA algorithms.
723Protocol 1 is restricted to using only RSA keys,
724but protocol 2 may use either.
725The
726.Sx HISTORY
727section of
728.Xr ssl 8
729contains a brief discussion of the two algorithms.
730.Pp
731The file
732.Pa ~/.ssh/authorized_keys
733lists the public keys that are permitted for logging in.
734When the user logs in, the
735.Nm
736program tells the server which key pair it would like to use for
737authentication.
738The client proves that it has access to the private key
739and the server checks that the corresponding public key
740is authorized to accept the account.
741.Pp
742The user creates his/her key pair by running
743.Xr ssh-keygen 1 .
744This stores the private key in
745.Pa ~/.ssh/identity
746(protocol 1),
747.Pa ~/.ssh/id_dsa
748(protocol 2 DSA),
749or
750.Pa ~/.ssh/id_rsa
751(protocol 2 RSA)
752and stores the public key in
753.Pa ~/.ssh/identity.pub
754(protocol 1),
755.Pa ~/.ssh/id_dsa.pub
756(protocol 2 DSA),
757or
758.Pa ~/.ssh/id_rsa.pub
759(protocol 2 RSA)
760in the user's home directory.
761The user should then copy the public key
762to
763.Pa ~/.ssh/authorized_keys
764in his/her home directory on the remote machine.
765The
766.Pa authorized_keys
767file corresponds to the conventional
768.Pa ~/.rhosts
769file, and has one key
770per line, though the lines can be very long.
771After this, the user can log in without giving the password.
772.Pp
773The most convenient way to use public key authentication may be with an
774authentication agent.
775See
776.Xr ssh-agent 1
777for more information.
778.Pp
779Challenge-response authentication works as follows:
780The server sends an arbitrary
781.Qq challenge
782text, and prompts for a response.
783Protocol 2 allows multiple challenges and responses;
784protocol 1 is restricted to just one challenge/response.
785Examples of challenge-response authentication include
786BSD Authentication (see
787.Xr login.conf 5 )
788and PAM (some non-OpenBSD systems).
789.Pp
790Finally, if other authentication methods fail,
791.Nm
792prompts the user for a password.
793The password is sent to the remote
794host for checking; however, since all communications are encrypted,
795the password cannot be seen by someone listening on the network.
796.Pp
797.Nm
798automatically maintains and checks a database containing
799identification for all hosts it has ever been used with.
800Host keys are stored in
801.Pa ~/.ssh/known_hosts
802in the user's home directory.
803Additionally, the file
804.Pa /etc/ssh/ssh_known_hosts
805is automatically checked for known hosts.
806Any new hosts are automatically added to the user's file.
807If a host's identification ever changes,
808.Nm
809warns about this and disables password authentication to prevent
810server spoofing or man-in-the-middle attacks,
811which could otherwise be used to circumvent the encryption.
812The
813.Cm StrictHostKeyChecking
814option can be used to control logins to machines whose
815host key is not known or has changed.
816.Pp
817When the user's identity has been accepted by the server, the server
818either executes the given command, or logs into the machine and gives
819the user a normal shell on the remote machine.
820All communication with
821the remote command or shell will be automatically encrypted.
822.Pp
823If a pseudo-terminal has been allocated (normal login session), the
824user may use the escape characters noted below.
825.Pp
826If no pseudo-tty has been allocated,
827the session is transparent and can be used to reliably transfer binary data.
828On most systems, setting the escape character to
829.Dq none
830will also make the session transparent even if a tty is used.
831.Pp
832The session terminates when the command or shell on the remote
833machine exits and all X11 and TCP connections have been closed.
834.Sh ESCAPE CHARACTERS
835When a pseudo-terminal has been requested,
836.Nm
837supports a number of functions through the use of an escape character.
838.Pp
839A single tilde character can be sent as
840.Ic ~~
841or by following the tilde by a character other than those described below.
842The escape character must always follow a newline to be interpreted as
843special.
844The escape character can be changed in configuration files using the
845.Cm EscapeChar
846configuration directive or on the command line by the
847.Fl e
848option.
849.Pp
850The supported escapes (assuming the default
851.Ql ~ )
852are:
853.Bl -tag -width Ds
854.It Cm ~.
855Disconnect.
856.It Cm ~^Z
857Background
858.Nm .
859.It Cm ~#
860List forwarded connections.
861.It Cm ~&
862Background
863.Nm
864at logout when waiting for forwarded connection / X11 sessions to terminate.
865.It Cm ~?
866Display a list of escape characters.
867.It Cm ~B
868Send a BREAK to the remote system
869(only useful for SSH protocol version 2 and if the peer supports it).
870.It Cm ~C
871Open command line.
872Currently this allows the addition of port forwardings using the
873.Fl L
874and
875.Fl R
876options (see above).
877It also allows the cancellation of existing remote port-forwardings
878using
879.Fl KR Ar hostport .
880.Ic !\& Ns Ar command
881allows the user to execute a local command if the
882.Ic PermitLocalCommand
883option is enabled in
884.Xr ssh_config 5 .
885Basic help is available, using the
886.Fl h
887option.
888.It Cm ~R
889Request rekeying of the connection
890(only useful for SSH protocol version 2 and if the peer supports it).
891.El
892.Sh TCP FORWARDING
893Forwarding of arbitrary TCP connections over the secure channel can
894be specified either on the command line or in a configuration file.
895One possible application of TCP forwarding is a secure connection to a
896mail server; another is going through firewalls.
897.Pp
898In the example below, we look at encrypting communication between
899an IRC client and server, even though the IRC server does not directly
900support encrypted communications.
901This works as follows:
902the user connects to the remote host using
903.Nm ,
904specifying a port to be used to forward connections
905to the remote server.
906After that it is possible to start the service which is to be encrypted
907on the client machine,
908connecting to the same local port,
909and
910.Nm
911will encrypt and forward the connection.
912.Pp
913The following example tunnels an IRC session from client machine
914.Dq 127.0.0.1
915(localhost)
916to remote server
917.Dq server.example.com :
918.Bd -literal -offset 4n
919$ ssh -f -L 1234:localhost:6667 server.example.com sleep 10
920$ irc -c '#users' -p 1234 pinky 127.0.0.1
921.Ed
922.Pp
923This tunnels a connection to IRC server
924.Dq server.example.com ,
925joining channel
926.Dq #users ,
927nickname
928.Dq pinky ,
929using port 1234.
930It doesn't matter which port is used,
931as long as it's greater than 1023
932(remember, only root can open sockets on privileged ports)
933and doesn't conflict with any ports already in use.
934The connection is forwarded to port 6667 on the remote server,
935since that's the standard port for IRC services.
936.Pp
937The
938.Fl f
939option backgrounds
940.Nm
941and the remote command
942.Dq sleep 10
943is specified to allow an amount of time
944(10 seconds, in the example)
945to start the service which is to be tunnelled.
946If no connections are made within the time specified,
947.Nm
948will exit.
949.Sh X11 FORWARDING
950If the
951.Cm ForwardX11
952variable is set to
953.Dq yes
954(or see the description of the
955.Fl X ,
956.Fl x ,
957and
958.Fl Y
959options above)
960and the user is using X11 (the
961.Ev DISPLAY
962environment variable is set), the connection to the X11 display is
963automatically forwarded to the remote side in such a way that any X11
964programs started from the shell (or command) will go through the
965encrypted channel, and the connection to the real X server will be made
966from the local machine.
967The user should not manually set
968.Ev DISPLAY .
969Forwarding of X11 connections can be
970configured on the command line or in configuration files.
971.Pp
972The
973.Ev DISPLAY
974value set by
975.Nm
976will point to the server machine, but with a display number greater than zero.
977This is normal, and happens because
978.Nm
979creates a
980.Dq proxy
981X server on the server machine for forwarding the
982connections over the encrypted channel.
983.Pp
984.Nm
985will also automatically set up Xauthority data on the server machine.
986For this purpose, it will generate a random authorization cookie,
987store it in Xauthority on the server, and verify that any forwarded
988connections carry this cookie and replace it by the real cookie when
989the connection is opened.
990The real authentication cookie is never
991sent to the server machine (and no cookies are sent in the plain).
992.Pp
993If the
994.Cm ForwardAgent
995variable is set to
996.Dq yes
997(or see the description of the
998.Fl A
999and
1000.Fl a
1001options above) and
1002the user is using an authentication agent, the connection to the agent
1003is automatically forwarded to the remote side.
1004.Sh VERIFYING HOST KEYS
1005When connecting to a server for the first time,
1006a fingerprint of the server's public key is presented to the user
1007(unless the option
1008.Cm StrictHostKeyChecking
1009has been disabled).
1010Fingerprints can be determined using
1011.Xr ssh-keygen 1 :
1012.Pp
1013.Dl $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
1014.Pp
1015If the fingerprint is already known,
1016it can be matched and verified,
1017and the key can be accepted.
1018If the fingerprint is unknown,
1019an alternative method of verification is available:
1020SSH fingerprints verified by DNS.
1021An additional resource record (RR),
1022SSHFP,
1023is added to a zonefile
1024and the connecting client is able to match the fingerprint
1025with that of the key presented.
1026.Pp
1027In this example, we are connecting a client to a server,
1028.Dq host.example.com .
1029The SSHFP resource records should first be added to the zonefile for
1030host.example.com:
1031.Bd -literal -offset indent
1032$ ssh-keygen -f /etc/ssh/ssh_host_rsa_key.pub -r host.example.com.
1033$ ssh-keygen -f /etc/ssh/ssh_host_dsa_key.pub -r host.example.com.
1034.Ed
1035.Pp
1036The output lines will have to be added to the zonefile.
1037To check that the zone is answering fingerprint queries:
1038.Pp
1039.Dl $ dig -t SSHFP host.example.com
1040.Pp
1041Finally the client connects:
1042.Bd -literal -offset indent
1043$ ssh -o "VerifyHostKeyDNS ask" host.example.com
1044[...]
1045Matching host key fingerprint found in DNS.
1046Are you sure you want to continue connecting (yes/no)?
1047.Ed
1048.Pp
1049See the
1050.Cm VerifyHostKeyDNS
1051option in
1052.Xr ssh_config 5
1053for more information.
1054.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
1055.Nm
1056contains support for Virtual Private Network (VPN) tunnelling
1057using the
1058.Xr tun 4
1059network pseudo-device,
1060allowing two networks to be joined securely.
1061The
1062.Xr sshd_config 5
1063configuration option
1064.Cm PermitTunnel
1065controls whether the server supports this,
1066and at what level (layer 2 or 3 traffic).
1067.Pp
1068The following example would connect client network 10.0.50.0/24
1069with remote network 10.0.99.0/24, provided that the SSH server
1070running on the gateway to the remote network,
1071at 192.168.1.15, allows it:
1072.Bd -literal -offset indent
1073# ssh -f -w 0:1 192.168.1.15 true
1074# ifconfig tun0 10.0.50.1 10.0.99.1 netmask 255.255.255.252
1075.Ed
1076.Pp
1077Client access may be more finely tuned via the
1078.Pa /root/.ssh/authorized_keys
1079file (see below) and the
1080.Cm PermitRootLogin
1081server option.
1082The following entry would permit connections on the first
1083.Xr tun 4
1084device from user
1085.Dq jane
1086and on the second device from user
1087.Dq john ,
1088if
1089.Cm PermitRootLogin
1090is set to
1091.Dq forced-commands-only :
1092.Bd -literal -offset 2n
1093tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
1094tunnel="2",command="sh /etc/netstart tun1" ssh-rsa ... john
1095.Ed
1096.Pp
1097Since a SSH-based setup entails a fair amount of overhead,
1098it may be more suited to temporary setups,
1099such as for wireless VPNs.
1100More permanent VPNs are better provided by tools such as
1101.Xr ipsecctl 8
1102and
1103.Xr isakmpd 8 .
868.Sh ENVIRONMENT 1104.Sh ENVIRONMENT
869.Nm 1105.Nm
870will normally set the following environment variables: 1106will normally set the following environment variables:
871.Bl -tag -width LOGNAME 1107.Bl -tag -width "SSH_ORIGINAL_COMMAND"
872.It Ev DISPLAY 1108.It Ev DISPLAY
873The 1109The
874.Ev DISPLAY 1110.Ev DISPLAY
@@ -876,9 +1112,12 @@ variable indicates the location of the X11 server.
876It is automatically set by 1112It is automatically set by
877.Nm 1113.Nm
878to point to a value of the form 1114to point to a value of the form
879.Dq hostname:n 1115.Dq hostname:n ,
880where hostname indicates 1116where
881the host where the shell runs, and n is an integer \*(Ge 1. 1117.Dq hostname
1118indicates the host where the shell runs, and
1119.Sq n
1120is an integer \*(Ge 1.
882.Nm 1121.Nm
883uses this special value to forward X11 connections over the secure 1122uses this special value to forward X11 connections over the secure
884channel. 1123channel.
@@ -899,7 +1138,7 @@ Set to the path of the user's mailbox.
899Set to the default 1138Set to the default
900.Ev PATH , 1139.Ev PATH ,
901as specified when compiling 1140as specified when compiling
902.Nm ssh . 1141.Nm .
903.It Ev SSH_ASKPASS 1142.It Ev SSH_ASKPASS
904If 1143If
905.Nm 1144.Nm
@@ -924,15 +1163,16 @@ may be necessary to redirect the input from
924.Pa /dev/null 1163.Pa /dev/null
925to make this work.) 1164to make this work.)
926.It Ev SSH_AUTH_SOCK 1165.It Ev SSH_AUTH_SOCK
927Identifies the path of a unix-domain socket used to communicate with the 1166Identifies the path of a
928agent. 1167.Ux Ns -domain
1168socket used to communicate with the agent.
929.It Ev SSH_CONNECTION 1169.It Ev SSH_CONNECTION
930Identifies the client and server ends of the connection. 1170Identifies the client and server ends of the connection.
931The variable contains 1171The variable contains
932four space-separated values: client ip-address, client port number, 1172four space-separated values: client IP address, client port number,
933server ip-address and server port number. 1173server IP address, and server port number.
934.It Ev SSH_ORIGINAL_COMMAND 1174.It Ev SSH_ORIGINAL_COMMAND
935The variable contains the original command line if a forced command 1175This variable contains the original command line if a forced command
936is executed. 1176is executed.
937It can be used to extract the original arguments. 1177It can be used to extract the original arguments.
938.It Ev SSH_TTY 1178.It Ev SSH_TTY
@@ -941,7 +1181,7 @@ with the current shell or command.
941If the current session has no tty, 1181If the current session has no tty,
942this variable is not set. 1182this variable is not set.
943.It Ev TZ 1183.It Ev TZ
944The timezone variable is set to indicate the present timezone if it 1184This variable is set to indicate the present time zone if it
945was set when the daemon was started (i.e., the daemon passes the value 1185was set when the daemon was started (i.e., the daemon passes the value
946on to new connections). 1186on to new connections).
947.It Ev USER 1187.It Ev USER
@@ -954,224 +1194,153 @@ reads
954.Pa ~/.ssh/environment , 1194.Pa ~/.ssh/environment ,
955and adds lines of the format 1195and adds lines of the format
956.Dq VARNAME=value 1196.Dq VARNAME=value
957to the environment if the file exists and if users are allowed to 1197to the environment if the file exists and users are allowed to
958change their environment. 1198change their environment.
959For more information, see the 1199For more information, see the
960.Cm PermitUserEnvironment 1200.Cm PermitUserEnvironment
961option in 1201option in
962.Xr sshd_config 5 . 1202.Xr sshd_config 5 .
963.Sh FILES 1203.Sh FILES
964.Bl -tag -width Ds 1204.Bl -tag -width Ds -compact
965.It Pa ~/.ssh/known_hosts 1205.It ~/.rhosts
966Records host keys for all hosts the user has logged into that are not 1206This file is used for host-based authentication (see above).
967in 1207On some machines this file may need to be
968.Pa /etc/ssh/ssh_known_hosts . 1208world-readable if the user's home directory is on an NFS partition,
969See 1209because
970.Xr sshd 8 . 1210.Xr sshd 8
971.It Pa ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_rsa 1211reads it as root.
972Contains the authentication identity of the user. 1212Additionally, this file must be owned by the user,
973They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. 1213and must not have write permissions for anyone else.
1214The recommended
1215permission for most machines is read/write for the user, and not
1216accessible by others.
1217.Pp
1218.It ~/.shosts
1219This file is used in exactly the same way as
1220.Pa .rhosts ,
1221but allows host-based authentication without permitting login with
1222rlogin/rsh.
1223.Pp
1224.It ~/.ssh/authorized_keys
1225Lists the public keys (RSA/DSA) that can be used for logging in as this user.
1226The format of this file is described in the
1227.Xr sshd 8
1228manual page.
1229This file is not highly sensitive, but the recommended
1230permissions are read/write for the user, and not accessible by others.
1231.Pp
1232.It ~/.ssh/config
1233This is the per-user configuration file.
1234The file format and configuration options are described in
1235.Xr ssh_config 5 .
1236Because of the potential for abuse, this file must have strict permissions:
1237read/write for the user, and not accessible by others.
1238It may be group-writable provided that the group in question contains only
1239the user.
1240.Pp
1241.It ~/.ssh/environment
1242Contains additional definitions for environment variables; see
1243.Sx ENVIRONMENT ,
1244above.
1245.Pp
1246.It ~/.ssh/identity
1247.It ~/.ssh/id_dsa
1248.It ~/.ssh/id_rsa
1249Contains the private key for authentication.
974These files 1250These files
975contain sensitive data and should be readable by the user but not 1251contain sensitive data and should be readable by the user but not
976accessible by others (read/write/execute). 1252accessible by others (read/write/execute).
977Note that
978.Nm 1253.Nm
979ignores a private key file if it is accessible by others. 1254will simply ignore a private key file if it is accessible by others.
980It is possible to specify a passphrase when 1255It is possible to specify a passphrase when
981generating the key; the passphrase will be used to encrypt the 1256generating the key which will be used to encrypt the
982sensitive part of this file using 3DES. 1257sensitive part of this file using 3DES.
983.It Pa ~/.ssh/identity.pub, ~/.ssh/id_dsa.pub, ~/.ssh/id_rsa.pub 1258.Pp
984Contains the public key for authentication (public part of the 1259.It ~/.ssh/identity.pub
985identity file in human-readable form). 1260.It ~/.ssh/id_dsa.pub
986The contents of the 1261.It ~/.ssh/id_rsa.pub
987.Pa ~/.ssh/identity.pub 1262Contains the public key for authentication.
988file should be added to the file
989.Pa ~/.ssh/authorized_keys
990on all machines
991where the user wishes to log in using protocol version 1 RSA authentication.
992The contents of the
993.Pa ~/.ssh/id_dsa.pub
994and
995.Pa ~/.ssh/id_rsa.pub
996file should be added to
997.Pa ~/.ssh/authorized_keys
998on all machines
999where the user wishes to log in using protocol version 2 DSA/RSA authentication.
1000These files are not 1263These files are not
1001sensitive and can (but need not) be readable by anyone. 1264sensitive and can (but need not) be readable by anyone.
1002These files are
1003never used automatically and are not necessary; they are only provided for
1004the convenience of the user.
1005.It Pa ~/.ssh/config
1006This is the per-user configuration file.
1007The file format and configuration options are described in
1008.Xr ssh_config 5 .
1009Because of the potential for abuse, this file must have strict permissions:
1010read/write for the user, and not accessible by others.
1011It may be group-writable provided that the group in question contains only
1012the user.
1013.It Pa ~/.ssh/authorized_keys
1014Lists the public keys (RSA/DSA) that can be used for logging in as this user.
1015The format of this file is described in the
1016.Xr sshd 8
1017manual page.
1018In the simplest form the format is the same as the
1019.Pa .pub
1020identity files.
1021This file is not highly sensitive, but the recommended
1022permissions are read/write for the user, and not accessible by others.
1023.It Pa /etc/ssh/ssh_known_hosts
1024Systemwide list of known host keys.
1025This file should be prepared by the
1026system administrator to contain the public host keys of all machines in the
1027organization.
1028This file should be world-readable.
1029This file contains
1030public keys, one per line, in the following format (fields separated
1031by spaces): system name, public key and optional comment field.
1032When different names are used
1033for the same machine, all such names should be listed, separated by
1034commas.
1035The format is described in the
1036.Xr sshd 8
1037manual page.
1038.Pp 1265.Pp
1039The canonical system name (as returned by name servers) is used by 1266.It ~/.ssh/known_hosts
1267Contains a list of host keys for all hosts the user has logged into
1268that are not already in the systemwide list of known host keys.
1269See
1040.Xr sshd 8 1270.Xr sshd 8
1041to verify the client host when logging in; other names are needed because 1271for further details of the format of this file.
1272.Pp
1273.It ~/.ssh/rc
1274Commands in this file are executed by
1042.Nm 1275.Nm
1043does not convert the user-supplied name to a canonical name before 1276when the user logs in, just before the user's shell (or command) is
1044checking the key, because someone with access to the name servers 1277started.
1045would then be able to fool host authentication. 1278See the
1279.Xr sshd 8
1280manual page for more information.
1281.Pp
1282.It /etc/hosts.equiv
1283This file is for host-based authentication (see above).
1284It should only be writable by root.
1285.Pp
1286.It /etc/shosts.equiv
1287This file is used in exactly the same way as
1288.Pa hosts.equiv ,
1289but allows host-based authentication without permitting login with
1290rlogin/rsh.
1291.Pp
1046.It Pa /etc/ssh/ssh_config 1292.It Pa /etc/ssh/ssh_config
1047Systemwide configuration file. 1293Systemwide configuration file.
1048The file format and configuration options are described in 1294The file format and configuration options are described in
1049.Xr ssh_config 5 . 1295.Xr ssh_config 5 .
1050.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key 1296.Pp
1297.It /etc/ssh/ssh_host_key
1298.It /etc/ssh/ssh_host_dsa_key
1299.It /etc/ssh/ssh_host_rsa_key
1051These three files contain the private parts of the host keys 1300These three files contain the private parts of the host keys
1052and are used for 1301and are used for host-based authentication.
1053.Cm RhostsRSAAuthentication 1302If protocol version 1 is used,
1054and
1055.Cm HostbasedAuthentication .
1056If the protocol version 1
1057.Cm RhostsRSAAuthentication
1058method is used,
1059.Nm 1303.Nm
1060must be setuid root, since the host key is readable only by root. 1304must be setuid root, since the host key is readable only by root.
1061For protocol version 2, 1305For protocol version 2,
1062.Nm 1306.Nm
1063uses 1307uses
1064.Xr ssh-keysign 8 1308.Xr ssh-keysign 8
1065to access the host keys for 1309to access the host keys,
1066.Cm HostbasedAuthentication . 1310eliminating the requirement that
1067This eliminates the requirement that
1068.Nm 1311.Nm
1069be setuid root when that authentication method is used. 1312be setuid root when host-based authentication is used.
1070By default 1313By default
1071.Nm 1314.Nm
1072is not setuid root. 1315is not setuid root.
1073.It Pa ~/.rhosts
1074This file is used in
1075.Cm RhostsRSAAuthentication
1076and
1077.Cm HostbasedAuthentication
1078authentication to list the
1079host/user pairs that are permitted to log in.
1080(Note that this file is
1081also used by rlogin and rsh, which makes using this file insecure.)
1082Each line of the file contains a host name (in the canonical form
1083returned by name servers), and then a user name on that host,
1084separated by a space.
1085On some machines this file may need to be
1086world-readable if the user's home directory is on a NFS partition,
1087because
1088.Xr sshd 8
1089reads it as root.
1090Additionally, this file must be owned by the user,
1091and must not have write permissions for anyone else.
1092The recommended
1093permission for most machines is read/write for the user, and not
1094accessible by others.
1095.Pp 1316.Pp
1096Note that 1317.It /etc/ssh/ssh_known_hosts
1097.Xr sshd 8 1318Systemwide list of known host keys.
1098allows authentication only in combination with client host key 1319This file should be prepared by the
1099authentication before permitting log in. 1320system administrator to contain the public host keys of all machines in the
1100If the server machine does not have the client's host key in 1321organization.
1101.Pa /etc/ssh/ssh_known_hosts , 1322It should be world-readable.
1102it can be stored in 1323See
1103.Pa ~/.ssh/known_hosts .
1104The easiest way to do this is to
1105connect back to the client from the server machine using ssh; this
1106will automatically add the host key to
1107.Pa ~/.ssh/known_hosts .
1108.It Pa ~/.shosts
1109This file is used exactly the same way as
1110.Pa .rhosts .
1111The purpose for
1112having this file is to be able to use
1113.Cm RhostsRSAAuthentication
1114and
1115.Cm HostbasedAuthentication
1116authentication without permitting login with
1117.Xr rlogin
1118or
1119.Xr rsh 1 .
1120.It Pa /etc/hosts.equiv
1121This file is used during
1122.Cm RhostsRSAAuthentication
1123and
1124.Cm HostbasedAuthentication
1125authentication.
1126It contains
1127canonical hosts names, one per line (the full format is described in the
1128.Xr sshd 8
1129manual page).
1130If the client host is found in this file, login is
1131automatically permitted provided client and server user names are the
1132same.
1133Additionally, successful client host key authentication is required.
1134This file should only be writable by root.
1135.It Pa /etc/shosts.equiv
1136This file is processed exactly as
1137.Pa /etc/hosts.equiv .
1138This file may be useful to permit logins using
1139.Nm
1140but not using rsh/rlogin.
1141.It Pa /etc/ssh/sshrc
1142Commands in this file are executed by
1143.Nm
1144when the user logs in just before the user's shell (or command) is started.
1145See the
1146.Xr sshd 8 1324.Xr sshd 8
1147manual page for more information. 1325for further details of the format of this file.
1148.It Pa ~/.ssh/rc 1326.Pp
1327.It /etc/ssh/sshrc
1149Commands in this file are executed by 1328Commands in this file are executed by
1150.Nm 1329.Nm
1151when the user logs in just before the user's shell (or command) is 1330when the user logs in, just before the user's shell (or command) is started.
1152started.
1153See the 1331See the
1154.Xr sshd 8 1332.Xr sshd 8
1155manual page for more information. 1333manual page for more information.
1156.It Pa ~/.ssh/environment
1157Contains additional definitions for environment variables, see section
1158.Sx ENVIRONMENT
1159above.
1160.El 1334.El
1161.Sh DIAGNOSTICS
1162.Nm
1163exits with the exit status of the remote command or with 255
1164if an error occurred.
1165.Sh SEE ALSO 1335.Sh SEE ALSO
1166.Xr gzip 1 ,
1167.Xr rsh 1 ,
1168.Xr scp 1 , 1336.Xr scp 1 ,
1169.Xr sftp 1 , 1337.Xr sftp 1 ,
1170.Xr ssh-add 1 , 1338.Xr ssh-add 1 ,
1171.Xr ssh-agent 1 , 1339.Xr ssh-agent 1 ,
1172.Xr ssh-argv0 1 , 1340.Xr ssh-argv0 1 ,
1173.Xr ssh-keygen 1 , 1341.Xr ssh-keygen 1 ,
1174.Xr telnet 1 , 1342.Xr ssh-keyscan 1 ,
1343.Xr tun 4 ,
1175.Xr hosts.equiv 5 , 1344.Xr hosts.equiv 5 ,
1176.Xr ssh_config 5 , 1345.Xr ssh_config 5 ,
1177.Xr ssh-keysign 8 , 1346.Xr ssh-keysign 8 ,