diff options
Diffstat (limited to 'ssh.0')
| -rw-r--r-- | ssh.0 | 81 |
1 files changed, 35 insertions, 46 deletions
@@ -4,7 +4,7 @@ NAME ssh M-bM-^@M-^S OpenSSH SSH client (remote login program) SYNOPSIS - ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] + ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] @@ -28,10 +28,6 @@ DESCRIPTION The options are as follows: - -1 Forces ssh to try protocol version 1 only. - - -2 Forces ssh to try protocol version 2 only. - -4 Forces ssh to use IPv4 addresses only. -6 Forces ssh to use IPv6 addresses only. @@ -58,21 +54,16 @@ DESCRIPTION -C Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11, TCP and UNIX-domain connections). The compression algorithm is the same used by - gzip(1), and the M-bM-^@M-^\levelM-bM-^@M-^] can be controlled by the - CompressionLevel option for protocol version 1. Compression is - desirable on modem lines and other slow connections, but will - only slow down things on fast networks. The default value can be - set on a host-by-host basis in the configuration files; see the - Compression option. + gzip(1). Compression is desirable on modem lines and other slow + connections, but will only slow down things on fast networks. + The default value can be set on a host-by-host basis in the + configuration files; see the Compression option. -c cipher_spec Selects the cipher specification for encrypting the session. - - Protocol version 1 allows specification of a single cipher. The - supported values are M-bM-^@M-^\3desM-bM-^@M-^], M-bM-^@M-^\blowfishM-bM-^@M-^], and M-bM-^@M-^\desM-bM-^@M-^]. For protocol - version 2, cipher_spec is a comma-separated list of ciphers - listed in order of preference. See the Ciphers keyword in - ssh_config(5) for more information. + cipher_spec is a comma-separated list of ciphers listed in order + of preference. See the Ciphers keyword in ssh_config(5) for more + information. -D [bind_address:]port Specifies a local M-bM-^@M-^\dynamicM-bM-^@M-^] application-level port forwarding. @@ -137,10 +128,9 @@ DESCRIPTION -i identity_file Selects a file from which the identity (private key) for public - key authentication is read. The default is ~/.ssh/identity for - protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, - ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. - Identity files may also be specified on a per-host basis in the + key authentication is read. The default is ~/.ssh/id_dsa, + ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and ~/.ssh/id_rsa. Identity + files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). If no certificates have been explicitly specified by the @@ -243,11 +233,9 @@ DESCRIPTION CertificateFile ChallengeResponseAuthentication CheckHostIP - Cipher Ciphers ClearAllForwardings Compression - CompressionLevel ConnectionAttempts ConnectTimeout ControlMaster @@ -292,17 +280,15 @@ DESCRIPTION PKCS11Provider Port PreferredAuthentications - Protocol ProxyCommand ProxyJump ProxyUseFdpass PubkeyAcceptedKeyTypes PubkeyAuthentication RekeyLimit + RemoteCommand RemoteForward RequestTTY - RhostsRSAAuthentication - RSAAuthentication SendEnv ServerAliveInterval ServerAliveCountMax @@ -340,14 +326,20 @@ DESCRIPTION -R [bind_address:]port:local_socket -R remote_socket:host:hostport -R remote_socket:local_socket + -R [bind_address:]port Specifies that connections to the given TCP port or Unix socket - on the remote (server) host are to be forwarded to the given host - and port, or Unix socket, on the local side. This works by - allocating a socket to listen to either a TCP port or to a Unix - socket on the remote side. Whenever a connection is made to this - port or Unix socket, the connection is forwarded over the secure - channel, and a connection is made to either host port hostport, - or local_socket, from the local machine. + on the remote (server) host are to be forwarded to the local + side. + + This works by allocating a socket to listen to either a TCP port + or to a Unix socket on the remote side. Whenever a connection is + made to this port or Unix socket, the connection is forwarded + over the secure channel, and a connection is made from the local + machine to either an explicit destination specified by host port + hostport, or local_socket, or, if no explicit destination was + specified, ssh will act as a SOCKS 4/5 proxy and forward + connections to the destinations requested by the remote SOCKS + client. Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on @@ -438,12 +430,7 @@ DESCRIPTION and configuration options are described in ssh_config(5). AUTHENTICATION - The OpenSSH SSH client supports SSH protocols 1 and 2. The default is to - use protocol 2 only, though this can be changed via the Protocol option - in ssh_config(5) or the -1 and -2 options (see above). Protocol 1 should - not be used and is only offered to support legacy devices. It suffers - from a number of cryptographic weaknesses and doesn't support many of the - advanced features available for protocol 2. + The OpenSSH SSH client supports SSH protocol 2. The methods available for authentication are: GSSAPI-based authentication, host-based authentication, public key authentication, @@ -481,11 +468,15 @@ AUTHENTICATION proves that it has access to the private key and the server checks that the corresponding public key is authorized to accept the account. + The server may inform the client of errors that prevented public key + authentication from succeeding after authentication completes using a + different method. These may be viewed by increasing the LogLevel to + DEBUG or higher (e.g. by using the -v flag). + The user creates his/her key pair by running ssh-keygen(1). This stores - the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (DSA), - ~/.ssh/id_ecdsa (ECDSA), ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa - (RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1), - ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA), + the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA), + ~/.ssh/id_ed25519 (Ed25519), or ~/.ssh/id_rsa (RSA) and stores the public + key in ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA), ~/.ssh/id_ed25519.pub (Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's home directory. The user should then copy the public key to ~/.ssh/authorized_keys in his/her home directory on the remote machine. @@ -845,7 +836,6 @@ FILES Contains additional definitions for environment variables; see ENVIRONMENT, above. - ~/.ssh/identity ~/.ssh/id_dsa ~/.ssh/id_ecdsa ~/.ssh/id_ed25519 @@ -858,7 +848,6 @@ FILES will be used to encrypt the sensitive part of this file using 3DES. - ~/.ssh/identity.pub ~/.ssh/id_dsa.pub ~/.ssh/id_ecdsa.pub ~/.ssh/id_ed25519.pub @@ -968,4 +957,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 6.0 July 16, 2016 OpenBSD 6.0 +OpenBSD 6.2 September 21, 2017 OpenBSD 6.2 |