.\" incompatible with the protocol description in the RFC file, it must be
.\" called by a name other than "ssh" or "Secure Shell".
.\"
-.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
-.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
-.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
+.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
+.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
+.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.76 2001/01/07 11:28:06 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.102 2001/04/10 09:13:22 itojun Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
.Sh NAME
.Nm ssh
-.Nd OpenSSH secure shell client (remote login program)
+.Nd OpenSSH SSH client (remote login program)
.Sh SYNOPSIS
.Nm ssh
.Op Fl l Ar login_name
.Op Ar command
.Pp
.Nm ssh
-.Op Fl afgknqtvxACNPTX246
+.Op Fl afgknqstvxACNPTX1246
.Op Fl c Ar cipher_spec
.Op Fl e Ar escape_char
.Op Fl i Ar identity_file
.Op Fl l Ar login_name
+.Op Fl m Ar mac_spec
.Op Fl o Ar option
.Op Fl p Ar port
.Oo Fl L Xo
.Op Ar command
.Sh DESCRIPTION
.Nm
-(Secure Shell) is a program for logging into a remote machine and for
+(SSH client) is a program for logging into a remote machine and for
executing commands on a remote machine.
It is intended to replace
rlogin and rsh, and provide secure encrypted communications between
The public key method is similar to RSA authentication described
in the previous section except that the DSA or RSA algorithm is used
instead.
-The client uses his private key
+The client uses his private key,
.Pa $HOME/.ssh/id_dsa
+or
+.Pa $HOME/.ssh/id_rsa ,
to sign the session identifier and sends the result to the server.
The server checks whether the matching public key is listed in
.Pa $HOME/.ssh/authorized_keys2
.Pp
Protocol 2 provides additional mechanisms for confidentiality
(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour)
-and integrity (hmac-sha1, hmac-md5).
+and integrity (hmac-md5, hmac-sha1).
Note that protocol 1 lacks a strong mechanism for ensuring the
integrity of the connection.
.Pp
will also make the session transparent even if a tty is used.
.Pp
The session terminates when the command or shell on the remote
-machine exists and all X11 and TCP/IP connections have been closed.
+machine exits and all X11 and TCP/IP connections have been closed.
The exit status of the remote program is returned as the exit status
of
.Nm ssh .
Forwarding of arbitrary TCP/IP connections over the secure channel can
be specified either on command line or in a configuration file.
One possible application of TCP/IP forwarding is a secure connection to an
-electronic purse; another is going trough firewalls.
+electronic purse; another is going through firewalls.
.Pp
.Ss Server authentication
.Pp
.Ar blowfish
is a fast block cipher, it appears very secure and is much faster than
.Ar 3des .
-.It Fl c Ar "3des-cbc,blowfish-cbc,arcfour,cast128-cbc"
+.It Fl c Ar cipher_spec
Additionally, for protocol version 2 a comma-separated list of ciphers can
be specified in order of preference.
-Protocol version 2 supports 3DES, Blowfish, and CAST128 in CBC mode
-and Arcfour.
+See
+.Cm Ciphers
+for more information.
.It Fl e Ar ch|^ch|none
Sets the escape character for sessions with a pty (default:
.Ql ~ ) .
.It Fl l Ar login_name
Specifies the user to log in as on the remote machine.
This also may be specified on a per-host basis in the configuration file.
+.It Fl m Ar mac_spec
+Additionally, for protocol version 2 a comma-separated list of MAC
+(message authentication code) algorithms can
+be specified in order of preference.
+See the
+.Cm MACs
+keyword for more information.
.It Fl n
Redirects stdin from
.Pa /dev/null
Quiet mode.
Causes all warning and diagnostic messages to be suppressed.
Only fatal errors are displayed.
+.It Fl s
+May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use
+of SSH as a secure transport for other application (eg. sftp). The
+subsystem is specified as the remote command.
.It Fl t
Force pseudo-tty allocation.
This can be used to execute arbitrary
Port forwardings can also be specified in the configuration file.
Privileged ports can be forwarded only when
logging in as root on the remote machine.
+.It Fl 1
+Forces
+.Nm
+to try protocol version 1 only.
.It Fl 2
Forces
.Nm
.Nm
to use IPv6 addresses only.
.El
-.Pp
-If
-.Nm
-is not invoked with one of the standard program names
-.Pf ( Dq ssh ,
-.Dq slogin ,
-.Dq rsh ,
-.Dq rlogin ,
-or
-.Dq remsh ) ,
-it uses this name as its
-.Ar hostname
-argument.
-This is consistent with traditional
-.Xr rsh 1
-behavior.
.Sh CONFIGURATION FILES
.Nm
obtains configuration data from the following sources (in this order):
.Dq yes
or
.Dq no .
+The default is
+.Dq no .
.It Cm CheckHostIP
If this flag is set to
.Dq yes ,
-ssh will additionally check the host ip address in the
+ssh will additionally check the host IP address in the
.Pa known_hosts
file.
This allows ssh to detect if a host key changed due to DNS spoofing.
If the option is set to
.Dq no ,
the check will not be executed.
+The default is
+.Dq yes .
.It Cm Cipher
Specifies the cipher to use for encrypting the session
in protocol version 1.
in order of preference.
Multiple ciphers must be comma-separated.
The default is
-.Dq 3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes128-cbc .
+.Pp
+.Bd -literal
+ ``aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
+ aes192-cbc,aes256-cbc,rijndael128-cbc,rijndael192-cbc,
+ rijndael256-cbc,rijndael-cbc@lysator.liu.se''
+.Ed
.It Cm Compression
Specifies whether to use compression.
The argument must be
.Dq yes
or
.Dq no .
+The default is
+.Dq no .
.It Cm CompressionLevel
-Specifies the compression level to use if compression is enable.
+Specifies the compression level to use if compression is enabled.
The argument must be an integer from 1 (fast) to 9 (slow, best).
The default level is 6, which is good for most applications.
The meaning of the values is the same as in
back to rsh or exiting.
The argument must be an integer.
This may be useful in scripts if the connection sometimes fails.
+The default is 4.
.It Cm PubkeyAuthentication
Specifies whether to try public key authentication.
The argument to this keyword must be
.Dq yes
or
.Dq no .
+The default is
+.Dq yes .
Note that this option applies to protocol version 2 only.
.It Cm EscapeChar
Sets the escape character (default:
.Dq yes
or
.Dq no .
+The default is
+.Dq no .
.It Cm ForwardAgent
Specifies whether the connection to the authentication agent (if any)
will be forwarded to the remote machine.
The default is
.Dq no .
.It Cm GlobalKnownHostsFile
-Specifies a file to use instead of
+Specifies a file to use for the protocol version 1 global
+host key database instead of
.Pa /etc/ssh_known_hosts .
+.It Cm GlobalKnownHostsFile2
+Specifies a file to use for the protocol version 2 global
+host key database instead of
+.Pa /etc/ssh_known_hosts2 .
.It Cm HostKeyAlias
Specifies an alias that should be used instead of the
real host name when looking up or saving the host key
-the kown_hosts files.
-This option is useful for tunneling ssh connection
+in the known_hosts files.
+This option is useful for tunneling ssh connections
or if you have multiple servers running on a single host.
.It Cm HostName
Specifies the real host name to log into.
Gives the verbosity level that is used when logging messages from
.Nm ssh .
The possible values are:
-QUIET, FATAL, ERROR, NOTICE, VERBOSE and DEBUG.
-The default is NOTICE.
+QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
+The default is INFO.
+.It Cm MACs
+Specifies the MAC (message authentication code) algorithms
+in order of preference.
+The MAC algorithm is used in protocol version 2
+for data integrity protection.
+Multiple algorithms must be comma-separated.
+The default is
+.Pp
+.Bd -literal
+ ``hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,
+ hmac-sha1-96,hmac-md5-96''
+.Ed
.It Cm NumberOfPasswordPrompts
Specifies the number of password prompts before giving up.
The argument to this keyword must be an integer.
.Dq yes
or
.Dq no .
+The default is
+.Dq yes .
Note that this option applies to both protocol version 1 and 2.
.It Cm Port
Specifies the port number to connect on the remote host.
Default is 22.
+.It Cm PreferredAuthentications
+Specifies the order in which the client should try protocol 2
+authentication methods. This allows a client to prefer one method (e.g.
+.Cm keyboard-interactive )
+over another method (e.g.
+.Cm password )
+The default for this option is:
+.Dq publickey, password, keyboard-interactive
.It Cm Protocol
Specifies the protocol versions
.Nm
.Dq 2 .
Multiple versions must be comma-separated.
The default is
-.Dq 1,2 .
+.Dq 2,1 .
This means that
.Nm
-tries version 1 and falls back to version 2
-if version 1 is not available.
+tries version 2 and falls back to version 1
+if version 2 is not available.
.It Cm ProxyCommand
Specifies the command to use to connect to the server.
The command
.Dq yes
or
.Dq no .
+The default is
+.Dq yes .
.It Cm RhostsRSAAuthentication
Specifies whether to try rhosts based authentication with RSA host
authentication.
-This is the primary authentication method for most sites.
The argument must be
.Dq yes
or
.Dq no .
+The default is
+.Dq yes .
.It Cm RSAAuthentication
Specifies whether to try RSA authentication.
The argument to this keyword must be
RSA authentication will only be
attempted if the identity file exists, or an authentication agent is
running.
+The default is
+.Dq yes .
Note that this option applies to protocol version 1 only.
-.It Cm SkeyAuthentication
-Specifies whether to use
+.It Cm ChallengeResponseAuthentication
+Specifies whether to use challenge response authentication.
+Currently there is only support for
.Xr skey 1
authentication.
The argument to this keyword must be
If this flag is set to
.Dq yes ,
.Nm
-ssh will never automatically add host keys to the
+will never automatically add host keys to the
.Pa $HOME/.ssh/known_hosts
and
.Pa $HOME/.ssh/known_hosts2
-files, and refuses to connect hosts whose host key has changed.
+files, and refuses to connect to hosts whose host key has changed.
This provides maximum protection against trojan horse attacks.
However, it can be somewhat annoying if you don't have good
.Pa /etc/ssh_known_hosts
and
.Pa /etc/ssh_known_hosts2
files installed and frequently
-connect new hosts.
-Basically this option forces the user to manually
-add any new hosts.
-Normally this option is disabled, and new hosts
-will automatically be added to the known host files.
+connect to new hosts.
+This option forces the user to manually
+add all new hosts.
+If this flag is set to
+.Dq no ,
+.Nm
+will automatically add new host keys to the
+user known hosts files.
+If this flag is set to
+.Dq ask ,
+new host keys
+will be added to the user known host files only after the user
+has confirmed that is what they really want to do, and
+.Nm
+will refuse to connect to hosts whose host key has changed.
The host keys of
-known hosts will be verified automatically in either case.
+known hosts will be verified automatically in all cases.
The argument must be
-.Dq yes
+.Dq yes ,
+.Dq no
or
-.Dq no .
+.Dq ask .
+The default is
+.Dq ask .
.It Cm UsePrivilegedPort
Specifies whether to use a privileged port for outgoing connections.
The argument must be
or
.Dq no .
The default is
-.Dq yes .
+.Dq no .
Note that setting this option to
.Dq no
turns off
This saves the trouble of
having to remember to give the user name on the command line.
.It Cm UserKnownHostsFile
-Specifies a file to use instead of
+Specifies a file to use for the protocol version 1 user
+host key database instead of
.Pa $HOME/.ssh/known_hosts .
+.It Cm UserKnownHostsFile2
+Specifies a file to use for the protocol version 2 user
+host key database instead of
+.Pa $HOME/.ssh/known_hosts2 .
.It Cm UseRsh
Specifies that rlogin/rsh should be used for this host.
It is possible that the host does not at all support the
to the environment.
.Sh FILES
.Bl -tag -width Ds
-.It Pa $HOME/.ssh/known_hosts
+.It Pa $HOME/.ssh/known_hosts, $HOME/.ssh/known_hosts2
Records host keys for all hosts the user has logged into (that are not
in
-.Pa /etc/ssh_known_hosts ) .
+.Pa /etc/ssh_known_hosts
+for protocol version 1 or
+.Pa /etc/ssh_known_hosts2
+for protocol version 2).
See
.Xr sshd 8 .
-.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa
-Contains the RSA and the DSA authentication identity of the user.
+.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa
+Contains the authentication identity of the user.
+They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively.
These files
contain sensitive data and should be readable by the user but not
accessible by others (read/write/execute).
It is possible to specify a passphrase when
generating the key; the passphrase will be used to encrypt the
sensitive part of this file using 3DES.
-.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub
+.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub
Contains the public key for authentication (public part of the
identity file in human-readable form).
The contents of the
file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
-where you wish to log in using RSA authentication.
+where you wish to log in using protocol version 1 RSA authentication.
The contents of the
.Pa $HOME/.ssh/id_dsa.pub
+and
+.Pa $HOME/.ssh/id_rsa.pub
file should be added to
.Pa $HOME/.ssh/authorized_keys2
on all machines
-where you wish to log in using DSA authentication.
+where you wish to log in using protocol version 2 DSA/RSA authentication.
These files are not
sensitive and can (but need not) be readable by anyone.
These files are
-never used automatically and are not necessary; they is only provided for
+never used automatically and are not necessary; they are only provided for
the convenience of the user.
.It Pa $HOME/.ssh/config
This is the per-user configuration file.
Each line of the file contains a host name (in the canonical form
returned by name servers), and then a user name on that host,
separated by a space.
-One some machines this file may need to be
+On some machines this file may need to be
world-readable if the user's home directory is on a NFS partition,
because
.Xr sshd 8
Contains additional definitions for environment variables, see section
.Sx ENVIRONMENT
above.
-.It Pa libcrypto.so.X.1
-A version of this library which includes support for the RSA algorithm
-is required for proper operation.
.El
.Sh AUTHORS
-OpenSSH
-is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen,
-but with bugs removed and newer features re-added.
-Rapidly after the
-1.2.12 release, newer versions of the original ssh bore successively
-more restrictive licenses, and thus demand for a free version was born.
-.Pp
-This version of OpenSSH
-.Bl -bullet
-.It
-has all components of a restrictive nature (i.e., patents, see
-.Xr ssl 8 )
-directly removed from the source code; any licensed or patented components
-are chosen from
-external libraries.
-.It
-has been updated to support SSH protocol 1.5 and 2, making it compatible with
-all other SSH clients and servers.
-.It
-contains added support for
-.Xr kerberos 8
-authentication and ticket passing.
-.It
-supports one-time password authentication with
-.Xr skey 1 .
-.El
-.Pp
-OpenSSH has been created by Aaron Campbell, Bob Beck, Markus Friedl,
-Niels Provos, Theo de Raadt, and Dug Song.
-.Pp
-The support for SSH protocol 2 was written by Markus Friedl.
+OpenSSH is a derivative of the original and free
+ssh 1.2.12 release by Tatu Ylonen.
+Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
+Theo de Raadt and Dug Song
+removed many bugs, re-added newer features and
+created OpenSSH.
+Markus Friedl contributed the support for SSH
+protocol versions 1.5 and 2.0.
.Sh SEE ALSO
.Xr rlogin 1 ,
.Xr rsh 1 ,
.Xr scp 1 ,
+.Xr sftp 1 ,
.Xr ssh-add 1 ,
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
.Xr telnet 1 ,
-.Xr sshd 8 ,
-.Xr ssl 8
+.Xr sshd 8