X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/1d1ffb876ba515d13d488979fc6c752c1289aebb..22d89d24e31f308cfaf0407fd29451f042ebb8d6:/ssh.1 diff --git a/ssh.1 b/ssh.1 index 662e4082..57867822 100644 --- a/ssh.1 +++ b/ssh.1 @@ -1,15 +1,38 @@ .\" -*- nroff -*- .\" -.\" ssh.1.in -.\" .\" Author: Tatu Ylonen -.\" .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland .\" All rights reserved .\" -.\" Created: Sat Apr 22 21:55:14 1995 ylo +.\" As far as I am concerned, the code I have written for this software +.\" can be used freely for any purpose. Any derived versions of this +.\" software must be clearly marked as such, and if the derived work is +.\" incompatible with the protocol description in the RFC file, it must be +.\" called by a name other than "ssh" or "Secure Shell". +.\" +.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. +.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. +.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. .\" -.\" $Id$ +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR +.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES +.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. +.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, +.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT +.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF +.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" .Dd September 25, 1999 .Dt SSH 1 @@ -24,8 +47,8 @@ .Op Ar command .Pp .Nm ssh -.Op Fl afgknqtvxCPX246 -.Op Fl c Ar blowfish | 3des +.Op Fl afgknqtvxACNPTX246 +.Op Fl c Ar cipher_spec .Op Fl e Ar escape_char .Op Fl i Ar identity_file .Op Fl l Ar login_name @@ -202,7 +225,7 @@ This protocol 2 implementation does not yet support Kerberos or S/Key authentication. .Pp Protocol 2 provides additional mechanisms for confidentiality -(the traffic is encrypted using 3DES, blowfish, cast128 or arcfour) +(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) and integrity (hmac-sha1, hmac-md5). Note that protocol 1 lacks a strong mechanism for ensuring the integrity of the connection. @@ -332,7 +355,9 @@ host key is not known or has changed. .Bl -tag -width Ds .It Fl a Disables forwarding of the authentication agent connection. -This may also be specified on a per-host basis in the configuration file. +.It Fl A +Enables forwarding of the authentication agent connection. +This can also be specified on a per-host basis in a configuration file. .It Fl c Ar blowfish|3des Selects the cipher to use for encrypting the session. .Ar 3des @@ -342,10 +367,15 @@ It is believed to be secure. (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. It is presumably more secure than the .Ar des -cipher which is no longer supported in ssh. +cipher which is no longer supported in +.Nm ssh . .Ar blowfish is a fast block cipher, it appears very secure and is much faster than .Ar 3des . +.It Fl c Ar "3des-cbc,blowfish-cbc,arcfour,cast128-cbc" +Additionally, for protocol version 2 a comma-separated list of ciphers can +be specified in order of preference. Protocol version 2 supports +3DES, Blowfish and CAST128 in CBC mode and Arcfour. .It Fl e Ar ch|^ch|none Sets the escape character for sessions with a pty (default: .Ql ~ ) . @@ -411,6 +441,10 @@ program will be put in the background. needs to ask for a password or passphrase; see also the .Fl f option.) +.It Fl N +Do not execute a remote command. +This is usefull if you just want to forward ports +(protocol version 2 only). .It Fl o Ar option Can be used to give options in the format used in the config file. This is useful for specifying options for which there is no separate @@ -437,6 +471,8 @@ Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g., when implementing menu services. +.It Fl T +Disable pseudo-tty allocation (protocol version 2 only). .It Fl v Verbose mode. Causes @@ -447,11 +483,12 @@ debugging connection, authentication, and configuration problems. The verbose mode is also used to display .Xr skey 1 challenges, if the user entered "s/key" as password. +Multiple -v options increases the verbosity. Maximum is 3. .It Fl x Disables X11 forwarding. -This can also be specified on a per-host basis in a configuration file. .It Fl X Enables X11 forwarding. +This can also be specified on a per-host basis in a configuration file. .It Fl C Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP/IP connections). @@ -601,7 +638,7 @@ Specifies the ciphers allowed for protocol version 2 in order of preference. Multiple ciphers must be comma-separated. The default is -.Dq blowfish-cbc,3des-cbc,arcfour,cast128-cbc . +.Dq 3des-cbc,blowfish-cbc,arcfour,cast128-cbc . .It Cm Compression Specifies whether to use compression. The argument must be @@ -660,6 +697,8 @@ The argument must be .Dq yes or .Dq no . +The default is +.Dq no . .It Cm ForwardX11 Specifies whether X11 connections will be automatically redirected over the secure channel and @@ -785,7 +824,7 @@ The default is This means that .Nm tries version 1 and falls back to version 2 -if version 1 is no available. +if version 1 is not available. .It Cm ProxyCommand Specifies the command to use to connect to the server. The command @@ -925,6 +964,13 @@ The argument must be .Dq yes or .Dq no . +.It Cm XAuthLocation +Specifies the location of the +.Xr xauth 1 +program. +The default is +.Pa /usr/X11R6/bin/xauth . +.El .Sh ENVIRONMENT .Nm will normally set the following environment variables: @@ -973,7 +1019,7 @@ If the current session has no tty, this variable is not set. .It Ev TZ The timezone variable is set to indicate the present timezone if it -was set when the daemon was started (e.i., the daemon passes the value +was set when the daemon was started (i.e., the daemon passes the value on to new connections). .It Ev USER Set to the name of the user logging in. @@ -1168,6 +1214,7 @@ above. .It Pa libcrypto.so.X.1 A version of this library which includes support for the RSA algorithm is required for proper operation. +.El .Sh AUTHOR OpenSSH is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen, @@ -1179,7 +1226,8 @@ more restrictive licenses, and thus demand for a free version was born. This version of OpenSSH .Bl -bullet .It -has all components of a restrictive nature (i.e., patents) +has all components of a restrictive nature (i.e., patents, see +.Xr crypto 3 ) directly removed from the source code; any licensed or patented components are chosen from external libraries. @@ -1208,3 +1256,4 @@ The support for SSH protocol 2 was written by Markus Friedl. .Xr ssh-keygen 1 , .Xr telnet 1 , .Xr sshd 8 , +.Xr crypto 3