| ssh.1 (ee21a45f81a0d84007f4e9b4175b9eb4727a96ee) | ssh.1 (a82e551f0fd24a72fde2fc9145eef2c270cda9c0) |
|---|---|
| 1.\" -*- nroff -*- 2.\" 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5.\" All rights reserved 6.\" 7.\" As far as I am concerned, the code I have written for this software 8.\" can be used freely for any purpose. Any derived versions of this --- 21 unchanged lines hidden (view full) --- 30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" 37.\" $OpenBSD: ssh.1,v 1.160 2002/06/22 11:51:39 naddy Exp $ | 1.\" -*- nroff -*- 2.\" 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5.\" All rights reserved 6.\" 7.\" As far as I am concerned, the code I have written for this software 8.\" can be used freely for any purpose. Any derived versions of this --- 21 unchanged lines hidden (view full) --- 30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" 37.\" $OpenBSD: ssh.1,v 1.160 2002/06/22 11:51:39 naddy Exp $ |
| 38.\" $FreeBSD$ |
|
| 38.Dd September 25, 1999 39.Dt SSH 1 40.Os 41.Sh NAME 42.Nm ssh 43.Nd OpenSSH SSH client (remote login program) 44.Sh SYNOPSIS 45.Nm ssh --- 48 unchanged lines hidden (view full) --- 94his/her identity to the remote machine using one of several methods 95depending on the protocol version used: 96.Pp 97.Ss SSH protocol version 1 98.Pp 99First, if the machine the user logs in from is listed in 100.Pa /etc/hosts.equiv 101or | 39.Dd September 25, 1999 40.Dt SSH 1 41.Os 42.Sh NAME 43.Nm ssh 44.Nd OpenSSH SSH client (remote login program) 45.Sh SYNOPSIS 46.Nm ssh --- 48 unchanged lines hidden (view full) --- 95his/her identity to the remote machine using one of several methods 96depending on the protocol version used: 97.Pp 98.Ss SSH protocol version 1 99.Pp 100First, if the machine the user logs in from is listed in 101.Pa /etc/hosts.equiv 102or |
| 102.Pa /etc/shosts.equiv | 103.Pa /etc/ssh/shosts.equiv |
| 103on the remote machine, and the user names are 104the same on both sides, the user is immediately permitted to log in. 105Second, if 106.Pa \&.rhosts 107or 108.Pa \&.shosts 109exists in the user's home directory on the 110remote machine and contains a line containing the name of the client --- 7 unchanged lines hidden (view full) --- 118or 119.Pa hosts.equiv 120method combined with RSA-based host authentication. 121It means that if the login would be permitted by 122.Pa $HOME/.rhosts , 123.Pa $HOME/.shosts , 124.Pa /etc/hosts.equiv , 125or | 104on the remote machine, and the user names are 105the same on both sides, the user is immediately permitted to log in. 106Second, if 107.Pa \&.rhosts 108or 109.Pa \&.shosts 110exists in the user's home directory on the 111remote machine and contains a line containing the name of the client --- 7 unchanged lines hidden (view full) --- 119or 120.Pa hosts.equiv 121method combined with RSA-based host authentication. 122It means that if the login would be permitted by 123.Pa $HOME/.rhosts , 124.Pa $HOME/.shosts , 125.Pa /etc/hosts.equiv , 126or |
| 126.Pa /etc/shosts.equiv , | 127.Pa /etc/ssh/shosts.equiv , |
| 127and if additionally the server can verify the client's 128host key (see 129.Pa /etc/ssh/ssh_known_hosts 130and 131.Pa $HOME/.ssh/known_hosts 132in the 133.Sx FILES 134section), only then login is permitted. --- 190 unchanged lines hidden (view full) --- 325automatically forwarded to the remote side in such a way that any X11 326programs started from the shell (or command) will go through the 327encrypted channel, and the connection to the real X server will be made 328from the local machine. 329The user should not manually set 330.Ev DISPLAY . 331Forwarding of X11 connections can be 332configured on the command line or in configuration files. | 128and if additionally the server can verify the client's 129host key (see 130.Pa /etc/ssh/ssh_known_hosts 131and 132.Pa $HOME/.ssh/known_hosts 133in the 134.Sx FILES 135section), only then login is permitted. --- 190 unchanged lines hidden (view full) --- 326automatically forwarded to the remote side in such a way that any X11 327programs started from the shell (or command) will go through the 328encrypted channel, and the connection to the real X server will be made 329from the local machine. 330The user should not manually set 331.Ev DISPLAY . 332Forwarding of X11 connections can be 333configured on the command line or in configuration files. |
| 334Take note that X11 forwarding can represent a security hazard. |
|
| 333.Pp 334The 335.Ev DISPLAY 336value set by 337.Nm 338will point to the server machine, but with a display number greater 339than zero. 340This is normal, and happens because --- 320 unchanged lines hidden (view full) --- 661The 662.Ev DISPLAY 663variable indicates the location of the X11 server. 664It is automatically set by 665.Nm 666to point to a value of the form 667.Dq hostname:n 668where hostname indicates | 335.Pp 336The 337.Ev DISPLAY 338value set by 339.Nm 340will point to the server machine, but with a display number greater 341than zero. 342This is normal, and happens because --- 320 unchanged lines hidden (view full) --- 663The 664.Ev DISPLAY 665variable indicates the location of the X11 server. 666It is automatically set by 667.Nm 668to point to a value of the form 669.Dq hostname:n 670where hostname indicates |
| 669the host where the shell runs, and n is an integer >= 1. | 671the host where the shell runs, and n is an integer \*(>= 1. |
| 670.Nm 671uses this special value to forward X11 connections over the secure 672channel. 673The user should normally not set 674.Ev DISPLAY 675explicitly, as that 676will render the X11 connection insecure (and will require the user to 677manually copy any required authorization cookies). --- 210 unchanged lines hidden (view full) --- 888having this file is to be able to use rhosts authentication with 889.Nm 890without permitting login with 891.Nm rlogin 892or 893.Xr rsh 1 . 894.It Pa /etc/hosts.equiv 895This file is used during | 672.Nm 673uses this special value to forward X11 connections over the secure 674channel. 675The user should normally not set 676.Ev DISPLAY 677explicitly, as that 678will render the X11 connection insecure (and will require the user to 679manually copy any required authorization cookies). --- 210 unchanged lines hidden (view full) --- 890having this file is to be able to use rhosts authentication with 891.Nm 892without permitting login with 893.Nm rlogin 894or 895.Xr rsh 1 . 896.It Pa /etc/hosts.equiv 897This file is used during |
| 896.Pa \&.rhosts authentication. | 898.Pa \&.rhosts 899authentication. |
| 897It contains 898canonical hosts names, one per line (the full format is described on 899the 900.Xr sshd 8 901manual page). 902If the client host is found in this file, login is 903automatically permitted provided client and server user names are the 904same. 905Additionally, successful RSA host authentication is normally 906required. 907This file should only be writable by root. | 900It contains 901canonical hosts names, one per line (the full format is described on 902the 903.Xr sshd 8 904manual page). 905If the client host is found in this file, login is 906automatically permitted provided client and server user names are the 907same. 908Additionally, successful RSA host authentication is normally 909required. 910This file should only be writable by root. |
| 908.It Pa /etc/shosts.equiv | 911.It Pa /etc/ssh/shosts.equiv |
| 909This file is processed exactly as 910.Pa /etc/hosts.equiv . 911This file may be useful to permit logins using 912.Nm 913but not using rsh/rlogin. 914.It Pa /etc/ssh/sshrc 915Commands in this file are executed by 916.Nm --- 52 unchanged lines hidden --- | 912This file is processed exactly as 913.Pa /etc/hosts.equiv . 914This file may be useful to permit logins using 915.Nm 916but not using rsh/rlogin. 917.It Pa /etc/ssh/sshrc 918Commands in this file are executed by 919.Nm --- 52 unchanged lines hidden --- |