.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.136 2001/08/30 16:04:35 stevesk Exp $
+.\" $OpenBSD: ssh.1,v 1.140 2001/10/30 20:29:09 markus Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
List forwarded connections
.It Cm ~&
Background ssh at logout when waiting for forwarded connection / X11 sessions
-to terminate (protocol version 1 only)
+to terminate
.It Cm ~?
Display a list of escape characters
.It Cm ~R
option.)
.It Fl N
Do not execute a remote command.
-This is useful if you just want to forward ports
+This is useful for just forwarding ports
(protocol version 2 only).
.It Fl o Ar option
Can be used to give options in the format used in the configuration file.
per-host basis in the configuration file.
.It Fl P
Use a non-privileged port for outgoing connections.
-This can be used if your firewall does
+This can be used if a firewall does
not permit connections from privileged ports.
Note that this option turns off
.Cm RhostsAuthentication
If set to
.Dq yes ,
passphrase/password querying will be disabled.
-This option is useful in scripts and other batch jobs where you have no
-user to supply the password.
+This option is useful in scripts and other batch jobs where no user
+is present to supply the password.
The argument must be
.Dq yes
or
``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc''
.Ed
+.It Cm ClearAllForwardings
+Specifies that all local, remote and dynamic port forwardings
+specified in the configuration files or on the command line be
+cleared. This option is primarily useful when used from the
+.Nm
+command line to clear port forwardings set in
+configuration files, and is automatically set by
+.Xr scp 1
+and
+.Xr sftp 1 .
+The argument must be
+.Dq yes
+or
+.Dq no .
+The default is
+.Dq no .
.It Cm Compression
Specifies whether to use compression.
The argument must be
real host name when looking up or saving the host key
in the host key database files.
This option is useful for tunneling ssh connections
-or if you have multiple servers running on a single host.
+or for multiple servers running on a single host.
.It Cm HostName
Specifies the real host name to log into.
This can be used to specify nicknames or abbreviations for hosts.
Multiple algorithms must be comma-separated.
The default is
.Dq hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96 .
+.It Cm NoHostAuthenticationForLocalhost
+This option can be used if the home directory is shared across machines.
+In this case localhost will refer to a different machine on each of
+the machines and the user will get many warnings about changed host keys.
+However, this option disables host authentication for localhost.
+The argument to this keyword must be
+.Dq yes
+or
+.Dq no .
+The default is to check the host key for localhost.
.It Cm NumberOfPasswordPrompts
Specifies the number of password prompts before giving up.
The argument to this keyword must be an integer.
will never automatically add host keys to the
.Pa $HOME/.ssh/known_hosts
file, and refuses to connect to hosts whose host key has changed.
-This provides maximum protection against trojan horse attacks.
-However, it can be somewhat annoying if you don't have good
+This provides maximum protection against trojan horse attacks,
+however, can be annoying when the
.Pa /etc/ssh_known_hosts
-files installed and frequently
-connect to new hosts.
+file is poorly maintained, or connections to new hosts are
+frequently made.
This option forces the user to manually
add all new hosts.
If this flag is set to
.Dq no .
The default is
.Dq no .
-Note that you need to set this option to
+Note that this option must be set to
.Dq yes
-if you want to use
+if
.Cm RhostsAuthentication
and
.Cm RhostsRSAAuthentication
-with older servers.
+authentications are needed with older servers.
.It Cm User
Specifies the user to log in as.
-This can be useful if you have a different user name on different machines.
+This can be useful when a different user name is used on different machines.
This saves the trouble of
having to remember to give the user name on the command line.
.It Cm UserKnownHostsFile
file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
-where you wish to log in using protocol version 1 RSA authentication.
+where the user wishes to log in using protocol version 1 RSA authentication.
The contents of the
.Pa $HOME/.ssh/id_dsa.pub
and
file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
-where you wish to log in using protocol version 2 DSA/RSA authentication.
+where the user wishes to log in using protocol version 2 DSA/RSA authentication.
These files are not
sensitive and can (but need not) be readable by anyone.
These files are
.Xr sshd 8
will be installed so that it requires successful RSA host
authentication before permitting \s+2.\s0rhosts authentication.
-If your server machine does not have the client's host key in
+If the server machine does not have the client's host key in
.Pa /etc/ssh_known_hosts ,
-you can store it in
+it can be stored in
.Pa $HOME/.ssh/known_hosts .
The easiest way to do this is to
connect back to the client from the server machine using ssh; this
andersk / openssh.git / blobdiff