diff options
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 57 |
1 files changed, 36 insertions, 21 deletions
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh.1,v 1.384 2017/09/21 19:16:53 markus Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.391 2018/02/23 07:38:09 jmc Exp $ |
37 | .Dd $Mdocdate: September 21 2017 $ | 37 | .Dd $Mdocdate: February 23 2018 $ |
38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -42,8 +42,8 @@ | |||
42 | .Nd OpenSSH SSH client (remote login program) | 42 | .Nd OpenSSH SSH client (remote login program) |
43 | .Sh SYNOPSIS | 43 | .Sh SYNOPSIS |
44 | .Nm ssh | 44 | .Nm ssh |
45 | .Bk -words | ||
46 | .Op Fl 46AaCfGgKkMNnqsTtVvXxYy | 45 | .Op Fl 46AaCfGgKkMNnqsTtVvXxYy |
46 | .Op Fl B Ar bind_interface | ||
47 | .Op Fl b Ar bind_address | 47 | .Op Fl b Ar bind_address |
48 | .Op Fl c Ar cipher_spec | 48 | .Op Fl c Ar cipher_spec |
49 | .Op Fl D Oo Ar bind_address : Oc Ns Ar port | 49 | .Op Fl D Oo Ar bind_address : Oc Ns Ar port |
@@ -52,7 +52,7 @@ | |||
52 | .Op Fl F Ar configfile | 52 | .Op Fl F Ar configfile |
53 | .Op Fl I Ar pkcs11 | 53 | .Op Fl I Ar pkcs11 |
54 | .Op Fl i Ar identity_file | 54 | .Op Fl i Ar identity_file |
55 | .Op Fl J Oo Ar user Ns @ Oc Ns Ar host Ns Op : Ns Ar port | 55 | .Op Fl J Ar destination |
56 | .Op Fl L Ar address | 56 | .Op Fl L Ar address |
57 | .Op Fl l Ar login_name | 57 | .Op Fl l Ar login_name |
58 | .Op Fl m Ar mac_spec | 58 | .Op Fl m Ar mac_spec |
@@ -64,9 +64,8 @@ | |||
64 | .Op Fl S Ar ctl_path | 64 | .Op Fl S Ar ctl_path |
65 | .Op Fl W Ar host : Ns Ar port | 65 | .Op Fl W Ar host : Ns Ar port |
66 | .Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun | 66 | .Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun |
67 | .Oo Ar user Ns @ Oc Ns Ar hostname | 67 | .Ar destination |
68 | .Op Ar command | 68 | .Op Ar command |
69 | .Ek | ||
70 | .Sh DESCRIPTION | 69 | .Sh DESCRIPTION |
71 | .Nm | 70 | .Nm |
72 | (SSH client) is a program for logging into a remote machine and for | 71 | (SSH client) is a program for logging into a remote machine and for |
@@ -79,15 +78,20 @@ sockets can also be forwarded over the secure channel. | |||
79 | .Pp | 78 | .Pp |
80 | .Nm | 79 | .Nm |
81 | connects and logs into the specified | 80 | connects and logs into the specified |
82 | .Ar hostname | 81 | .Ar destination , |
83 | (with optional | 82 | which may be specified as either |
84 | .Ar user | 83 | .Sm off |
85 | name). | 84 | .Oo user @ Oc hostname |
85 | .Sm on | ||
86 | or a URI of the form | ||
87 | .Sm off | ||
88 | .No ssh:// Oo user @ Oc hostname Op : port . | ||
89 | .Sm on | ||
86 | The user must prove | 90 | The user must prove |
87 | his/her identity to the remote machine using one of several methods | 91 | his/her identity to the remote machine using one of several methods |
88 | (see below). | 92 | (see below). |
89 | .Pp | 93 | .Pp |
90 | If | 94 | If a |
91 | .Ar command | 95 | .Ar command |
92 | is specified, | 96 | is specified, |
93 | it is executed on the remote host instead of a login shell. | 97 | it is executed on the remote host instead of a login shell. |
@@ -121,6 +125,12 @@ authenticate using the identities loaded into the agent. | |||
121 | .It Fl a | 125 | .It Fl a |
122 | Disables forwarding of the authentication agent connection. | 126 | Disables forwarding of the authentication agent connection. |
123 | .Pp | 127 | .Pp |
128 | .It Fl B Ar bind_interface | ||
129 | Bind to the address of | ||
130 | .Ar bind_interface | ||
131 | before attempting to connect to the destination host. | ||
132 | This is only useful on systems with more than one address. | ||
133 | .Pp | ||
124 | .It Fl b Ar bind_address | 134 | .It Fl b Ar bind_address |
125 | Use | 135 | Use |
126 | .Ar bind_address | 136 | .Ar bind_address |
@@ -287,17 +297,11 @@ by appending | |||
287 | .Pa -cert.pub | 297 | .Pa -cert.pub |
288 | to identity filenames. | 298 | to identity filenames. |
289 | .Pp | 299 | .Pp |
290 | .It Fl J Xo | 300 | .It Fl J Ar destination |
291 | .Sm off | ||
292 | .Op Ar user No @ | ||
293 | .Ar host | ||
294 | .Op : Ar port | ||
295 | .Sm on | ||
296 | .Xc | ||
297 | Connect to the target host by first making a | 301 | Connect to the target host by first making a |
298 | .Nm | 302 | .Nm |
299 | connection to the jump | 303 | connection to the jump host described by |
300 | .Ar host | 304 | .Ar destination |
301 | and then establishing a TCP forwarding to the ultimate destination from | 305 | and then establishing a TCP forwarding to the ultimate destination from |
302 | there. | 306 | there. |
303 | Multiple jump hops may be specified separated by comma characters. | 307 | Multiple jump hops may be specified separated by comma characters. |
@@ -1393,6 +1397,17 @@ This is set to the name of the tty (path to the device) associated | |||
1393 | with the current shell or command. | 1397 | with the current shell or command. |
1394 | If the current session has no tty, | 1398 | If the current session has no tty, |
1395 | this variable is not set. | 1399 | this variable is not set. |
1400 | .It Ev SSH_TUNNEL | ||
1401 | Optionally set by | ||
1402 | .Xr sshd 8 | ||
1403 | to contain the interface names assigned if tunnel forwarding was | ||
1404 | requested by the client. | ||
1405 | .It Ev SSH_USER_AUTH | ||
1406 | Optionally set by | ||
1407 | .Xr sshd 8 , | ||
1408 | this variable may contain a pathname to a file that lists the authentication | ||
1409 | methods successfully used when the session was established, including any | ||
1410 | public keys that were used. | ||
1396 | .It Ev TZ | 1411 | .It Ev TZ |
1397 | This variable is set to indicate the present time zone if it | 1412 | This variable is set to indicate the present time zone if it |
1398 | was set when the daemon was started (i.e. the daemon passes the value | 1413 | was set when the daemon was started (i.e. the daemon passes the value |
@@ -1474,7 +1489,7 @@ accessible by others (read/write/execute). | |||
1474 | will simply ignore a private key file if it is accessible by others. | 1489 | will simply ignore a private key file if it is accessible by others. |
1475 | It is possible to specify a passphrase when | 1490 | It is possible to specify a passphrase when |
1476 | generating the key which will be used to encrypt the | 1491 | generating the key which will be used to encrypt the |
1477 | sensitive part of this file using 3DES. | 1492 | sensitive part of this file using AES-128. |
1478 | .Pp | 1493 | .Pp |
1479 | .It Pa ~/.ssh/id_dsa.pub | 1494 | .It Pa ~/.ssh/id_dsa.pub |
1480 | .It Pa ~/.ssh/id_ecdsa.pub | 1495 | .It Pa ~/.ssh/id_ecdsa.pub |