X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/da0561ebfed59db0fc8bb64abd3dbaeb5a023c1d..0d942eff10bfa688efa701abf8a08fe8fcfe4f24:/ssh.1 diff --git a/ssh.1 b/ssh.1 index a65da561..a7e95c1f 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.166 2002/09/12 19:50:36 stevesk Exp $ +.\" $OpenBSD: ssh.1,v 1.169 2003/04/12 11:40:15 naddy Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -48,7 +48,8 @@ .Op Ar command .Pp .Nm ssh -.Op Fl afgknqstvxACNTX1246 +.Bk -words +.Op Fl afgknqstvxACNTVX1246 .Op Fl b Ar bind_address .Op Fl c Ar cipher_spec .Op Fl e Ar escape_char @@ -66,6 +67,8 @@ .Sm on .Xc .Oc +.Ek +.Bk -words .Oo Fl R Xo .Sm off .Ar port : @@ -77,6 +80,7 @@ .Op Fl D Ar port .Ar hostname | user@hostname .Op Ar command +.Ek .Sh DESCRIPTION .Nm (SSH client) is a program for logging into a remote machine and for @@ -361,7 +365,7 @@ variable is set to .Fl A and .Fl a -options described later) and +options described later) and the user is using an authentication agent, the connection to the agent is automatically forwarded to the remote side. .Pp @@ -403,10 +407,11 @@ Disables forwarding of the authentication agent connection. Enables forwarding of the authentication agent connection. This can also be specified on a per-host basis in a configuration file. .Pp -Agent forwarding should be enabled with caution. Users with the -ability to bypass file permissions on the remote host (for the agent's -Unix-domain socket) can access the local agent through the forwarded -connection. An attacker cannot obtain key material from the agent, +Agent forwarding should be enabled with caution. +Users with the ability to bypass file permissions on the remote host +(for the agent's Unix-domain socket) +can access the local agent through the forwarded connection. +An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent. .It Fl b Ar bind_address @@ -428,8 +433,8 @@ is only supported in the client for interoperability with legacy protocol 1 implementations that do not support the .Ar 3des -cipher. Its use is strongly discouraged due to cryptographic -weaknesses. +cipher. +Its use is strongly discouraged due to cryptographic weaknesses. .It Fl c Ar cipher_spec Additionally, for protocol version 2 a comma-separated list of ciphers can be specified in order of preference. @@ -558,19 +563,21 @@ This is helpful in debugging connection, authentication, and configuration problems. Multiple .Fl v -options increases the verbosity. -Maximum is 3. +options increase the verbosity. +The maximum is 3. +.It Fl V +Display the version number and exit. .It Fl x Disables X11 forwarding. .It Fl X Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. .Pp -X11 forwarding should be enabled with caution. Users with the ability -to bypass file permissions on the remote host (for the user's X -authorization database) can access the local X11 display through the -forwarded connection. An attacker may then be able to perform -activities such as keystroke monitoring. +X11 forwarding should be enabled with caution. +Users with the ability to bypass file permissions on the remote host +(for the user's X authorization database) +can access the local X11 display through the forwarded connection. +An attacker may then be able to perform activities such as keystroke monitoring. .It Fl C Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP/IP connections). @@ -580,7 +587,7 @@ and the .Dq level can be controlled by the .Cm CompressionLevel -option. +option for protocol version 1. Compression is desirable on modem lines and other slow connections, but will only slow down things on fast networks. The default value can be set on a host-by-host basis in the @@ -637,7 +644,8 @@ This works by allocating a socket to listen to on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the -remote machine. Currently the SOCKS4 protocol is supported, and +remote machine. +Currently the SOCKS4 protocol is supported, and .Nm will act as a SOCKS4 server. Only root can forward privileged ports.