Lines Matching +full:host +full:- +full:only
65 .Op Fl W Ar host : Ns Ar port
78 .Ux Ns -domain
99 it will be executed on the remote host instead of a login shell.
108 .Bl -tag -width Ds -compact
112 to use IPv4 addresses only.
117 to use IPv6 addresses only.
121 .Xr ssh-agent 1 .
122 This can also be specified on a per-host basis in a configuration file.
125 Users with the ability to bypass file permissions on the remote host
127 .Ux Ns -domain
132 A safer alternative may be to use a jump host
142 before attempting to connect to the destination host.
143 This is only useful on systems with more than one address.
150 Only useful on systems with more than one address.
155 .Ux Ns -domain
160 slow connections, but will only slow down things on fast networks.
161 The default value can be set on a host-by-host basis in the
170 is a comma-separated list of ciphers
186 application-level port forwarding.
198 Only root can forward privileged ports.
202 Only the superuser can forward privileged ports.
213 indicates that the listening port be bound for local use only, while an
226 The escape character is only recognized at the beginning of a line.
230 followed by control-Z suspends the connection;
237 Specifies an alternative per-user configuration file.
239 the system-wide configuration file
242 The default for the per-user configuration file is
260 .Ic ssh -f host xterm .
280 .Cm Host
301 .Xr ssh-agent 1
312 a per-host basis in the configuration file.
323 .Pa -cert.pub
327 Connect to the target host by first making an
329 connection to the jump host described by
337 Note that configuration directives supplied on the command-line generally
338 apply to the destination host and not any specified jump hosts.
344 Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI
353 .Ar port : host : hostport
364 .Ar local_socket : host : hostport
373 (client) host are to be forwarded to the given host and port, or Unix socket,
383 .Ar host
391 Only the superuser can forward privileged ports.
404 indicates that the listening port be bound for local use only, while an
411 This also may be specified on a per-host basis in the configuration file.
426 .Xr ssh-askpass 1
436 A comma-separated list of MAC (message authentication code) algorithms,
462 .Ic ssh -n shadows.cs.hut.fi emacs &
501 command-line flag.
505 .Bl -tag -width Ds -offset indent -compact
541 .It Host
609 Port to connect to on the remote host.
611 per-host basis in the configuration file.
617 .Ar cipher-auth
629 .Ar key-ca-sign
631 .Ar key-cert
633 .Ar key-plain
634 (non-certificate key types),
635 .Ar key-sig
637 .Ar protocol-version
655 .Ar port : host : hostport
666 .Ar remote_socket : host : hostport
681 (server) host are to be forwarded to the local side.
689 .Ar host
700 Privileged ports can be forwarded only when
705 interface only.
715 will only succeed if the server's
727 .Ic -O forward ,
756 Disable pseudo-terminal allocation.
759 Force pseudo-terminal allocation.
761 screen-based programs on a remote machine, which can be very useful,
784 .It Fl W Ar host : Ns Ar port
786 .Ar host
829 .Dq point-to-point .
837 This can also be specified on a per-host basis in a configuration file.
840 Users with the ability to bypass file permissions on the remote host
873 a per-user configuration file and a system-wide configuration file.
880 GSSAPI-based authentication,
881 host-based authentication,
883 keyboard-interactive authentication,
890 Host-based authentication works as follows:
895 on the remote machine, the user is non-root and the user names are
907 host key (see the description of
922 The scheme is based on public-key cryptography,
928 The server knows the public key, and only the user knows the private key.
959 .Xr ssh-keygen 1 .
966 (authenticator-hosted ECDSA),
970 (authenticator-hosted Ed25519),
980 (authenticator-hosted ECDSA),
984 (authenticator-hosted Ed25519),
1008 .Xr ssh-keygen 1
1014 .Xr ssh-agent 1
1021 Keyboard-interactive authentication works as follows:
1025 Examples of keyboard-interactive authentication include
1030 .Pf non- Ox
1037 host for checking; however, since all communications are encrypted,
1043 Host keys are stored in
1050 If a host's identification ever changes,
1053 server spoofing or man-in-the-middle attacks,
1058 host key is not known or has changed.
1061 either executes the given command in a non-interactive session or,
1069 by default will only request a pseudo-terminal (pty) for interactive
1077 If a pseudo-terminal has been allocated, the
1080 If no pseudo-terminal has been allocated,
1089 When a pseudo-terminal has been requested,
1107 .Bl -tag -width Ds
1132 It also allows the cancellation of existing port-forwardings
1145 for dynamic port-forwardings.
1176 the user connects to the remote host using
1192 .Bd -literal -offset 4n
1193 $ ssh -f -L 6667:localhost:6667 server.example.com sleep 10
1194 $ irc -c '#users' pinky IRC/127.0.0.1
1264 .Sh VERIFYING HOST KEYS
1271 .Xr ssh-keygen 1 :
1273 .Dl $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
1277 If only legacy (MD5) fingerprints for the server are available, the
1278 .Xr ssh-keygen 1
1282 Because of the difficulty of comparing host keys
1284 there is also support to compare host keys visually,
1294 find out that the host key has changed when a completely different pattern
1297 similar to the pattern remembered only gives a good probability that the
1298 host key is the same, not guaranteed proof.
1303 .Dl $ ssh-keygen -lv -f ~/.ssh/known_hosts
1315 .Dq host.example.com .
1317 host.example.com:
1318 .Bd -literal -offset indent
1319 $ ssh-keygen -r host.example.com.
1325 .Dl $ dig -t SSHFP host.example.com
1328 .Bd -literal -offset indent
1329 $ ssh -o "VerifyHostKeyDNS ask" host.example.com
1331 Matching host key fingerprint found in DNS.
1340 .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
1345 network pseudo-device,
1355 with remote network 10.0.99.0/24 using a point-to-point connection
1361 .Bd -literal -offset indent
1362 # ssh -f -w 0:1 192.168.1.15 true
1368 .Bd -literal -offset indent
1387 .Dq forced-commands-only :
1388 .Bd -literal -offset 2n
1389 tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
1390 tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john
1393 Since an SSH-based setup entails a fair amount of overhead,
1403 .Bl -tag -width "SSH_ORIGINAL_COMMAND"
1414 indicates the host where the shell runs, and
1482 .Ux Ns -domain
1487 four space-separated values: client IP address, client port number,
1530 .Bl -tag -width Ds -compact
1532 This file is used for host-based authentication (see above).
1534 world-readable if the user's home directory is on an NFS partition,
1547 but allows host-based authentication without permitting login with
1551 This directory is the default location for all user-specific configuration
1567 This is the per-user configuration file.
1592 sensitive part of this file using AES-128.
1605 Contains a list of host keys for all hosts the user has logged into
1606 that are not already in the systemwide list of known host keys.
1621 This file is for host-based authentication (see above).
1622 It should only be writable by root.
1627 but allows host-based authentication without permitting login with
1640 These files contain the private parts of the host keys
1641 and are used for host-based authentication.
1644 Systemwide list of known host keys.
1646 system administrator to contain the public host keys of all machines in the
1648 It should be world-readable.
1668 .Xr ssh-add 1 ,
1669 .Xr ssh-agent 1 ,
1670 .Xr ssh-keygen 1 ,
1671 .Xr ssh-keyscan 1 ,
1674 .Xr ssh-keysign 8 ,
1763 .%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol
1786 .%O International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99)
1787 .%T Hash Visualization: a New Technique to improve Real-World Security
1794 removed many bugs, re-added newer features and