Lines Matching +full:host +full:- +full:only
65 .Op Fl W Ar host : Ns Ar port
78 .Ux Ns -domain
99 it will be executed on the remote host instead of a login shell.
108 .Bl -tag -width Ds -compact
112 to use IPv4 addresses only.
117 to use IPv6 addresses only.
121 .Xr ssh-agent 1 .
122 This can also be specified on a per-host basis in a configuration file.
125 Users with the ability to bypass file permissions on the remote host
127 .Ux Ns -domain
132 A safer alternative may be to use a jump host
142 before attempting to connect to the destination host.
143 This is only useful on systems with more than one address.
150 Only useful on systems with more than one address.
155 .Ux Ns -domain
160 slow connections, but will only slow down things on fast networks.
161 The default value can be set on a host-by-host basis in the
170 is a comma-separated list of ciphers
186 application-level port forwarding.
198 Only root can forward privileged ports.
202 Only the superuser can forward privileged ports.
213 indicates that the listening port be bound for local use only, while an
226 The escape character is only recognized at the beginning of a line.
230 followed by control-Z suspends the connection;
237 Specifies an alternative per-user configuration file.
239 the system-wide configuration file
242 The default for the per-user configuration file is
260 .Ic ssh -f host xterm .
280 .Cm Host
301 .Xr ssh-agent 1
311 a per-host basis in the configuration file.
322 .Pa -cert.pub
326 Connect to the target host by first making an
328 connection to the jump host described by
337 Note that configuration directives supplied on the command-line generally
338 apply to the destination host and not any specified jump hosts.
344 Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI
353 .Ar port : host : hostport
364 .Ar local_socket : host : hostport
373 (client) host are to be forwarded to the given host and port, or Unix socket,
383 .Ar host
391 Only the superuser can forward privileged ports.
404 indicates that the listening port be bound for local use only, while an
411 This also may be specified on a per-host basis in the configuration file.
426 .Xr ssh-askpass 1
436 A comma-separated list of MAC (message authentication code) algorithms,
462 .Ic ssh -n shadows.cs.hut.fi emacs &
503 command-line flag.
507 .Bl -tag -width Ds -offset indent -compact
543 .It Host
611 Port to connect to on the remote host.
613 per-host basis in the configuration file.
619 .Ar cipher-auth
631 .Ar key-ca-sign
633 .Ar key-cert
635 .Ar key-plain
636 (non-certificate key types),
637 .Ar key-sig
639 .Ar protocol-version
657 .Ar port : host : hostport
668 .Ar remote_socket : host : hostport
683 (server) host are to be forwarded to the local side.
691 .Ar host
702 Privileged ports can be forwarded only when
707 interface only.
717 will only succeed if the server's
729 .Ic -O forward ,
758 Disable pseudo-terminal allocation.
761 Force pseudo-terminal allocation.
763 screen-based programs on a remote machine, which can be very useful,
786 .It Fl W Ar host : Ns Ar port
788 .Ar host
831 .Dq point-to-point .
839 This can also be specified on a per-host basis in a configuration file.
842 Users with the ability to bypass file permissions on the remote host
875 a per-user configuration file and a system-wide configuration file.
882 GSSAPI-based authentication,
883 host-based authentication,
885 keyboard-interactive authentication,
892 Host-based authentication works as follows:
897 on the remote machine, the user is non-root and the user names are
909 host key (see the description of
924 The scheme is based on public-key cryptography,
930 The server knows the public key, and only the user knows the private key.
958 .Xr ssh-keygen 1 .
963 (authenticator-hosted ECDSA),
967 (authenticator-hosted Ed25519),
975 (authenticator-hosted ECDSA),
979 (authenticator-hosted Ed25519),
1003 .Xr ssh-keygen 1
1009 .Xr ssh-agent 1
1016 Keyboard-interactive authentication works as follows:
1020 Examples of keyboard-interactive authentication include
1025 .Pf non- Ox
1032 host for checking; however, since all communications are encrypted,
1038 Host keys are stored in
1045 If a host's identification ever changes,
1048 server spoofing or man-in-the-middle attacks,
1053 host key is not known or has changed.
1056 either executes the given command in a non-interactive session or,
1064 by default will only request a pseudo-terminal (pty) for interactive
1072 If a pseudo-terminal has been allocated, the
1075 If no pseudo-terminal has been allocated,
1084 When a pseudo-terminal has been requested,
1102 .Bl -tag -width Ds
1127 It also allows the cancellation of existing port-forwardings
1140 for dynamic port-forwardings.
1171 the user connects to the remote host using
1187 .Bd -literal -offset 4n
1188 $ ssh -f -L 6667:localhost:6667 server.example.com sleep 10
1189 $ irc -c '#users' pinky IRC/127.0.0.1
1259 .Sh VERIFYING HOST KEYS
1266 .Xr ssh-keygen 1 :
1268 .Dl $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
1272 If only legacy (MD5) fingerprints for the server are available, the
1273 .Xr ssh-keygen 1
1277 Because of the difficulty of comparing host keys
1279 there is also support to compare host keys visually,
1289 find out that the host key has changed when a completely different pattern
1292 similar to the pattern remembered only gives a good probability that the
1293 host key is the same, not guaranteed proof.
1298 .Dl $ ssh-keygen -lv -f ~/.ssh/known_hosts
1310 .Dq host.example.com .
1312 host.example.com:
1313 .Bd -literal -offset indent
1314 $ ssh-keygen -r host.example.com.
1320 .Dl $ dig -t SSHFP host.example.com
1323 .Bd -literal -offset indent
1324 $ ssh -o "VerifyHostKeyDNS ask" host.example.com
1326 Matching host key fingerprint found in DNS.
1335 .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
1340 network pseudo-device,
1350 with remote network 10.0.99.0/24 using a point-to-point connection
1356 .Bd -literal -offset indent
1357 # ssh -f -w 0:1 192.168.1.15 true
1363 .Bd -literal -offset indent
1382 .Dq forced-commands-only :
1383 .Bd -literal -offset 2n
1384 tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
1385 tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john
1388 Since an SSH-based setup entails a fair amount of overhead,
1398 .Bl -tag -width "SSH_ORIGINAL_COMMAND"
1409 indicates the host where the shell runs, and
1477 .Ux Ns -domain
1482 four space-separated values: client IP address, client port number,
1525 .Bl -tag -width Ds -compact
1527 This file is used for host-based authentication (see above).
1529 world-readable if the user's home directory is on an NFS partition,
1542 but allows host-based authentication without permitting login with
1546 This directory is the default location for all user-specific configuration
1562 This is the per-user configuration file.
1586 sensitive part of this file using AES-128.
1598 Contains a list of host keys for all hosts the user has logged into
1599 that are not already in the systemwide list of known host keys.
1614 This file is for host-based authentication (see above).
1615 It should only be writable by root.
1620 but allows host-based authentication without permitting login with
1631 These files contain the private parts of the host keys
1632 and are used for host-based authentication.
1635 Systemwide list of known host keys.
1637 system administrator to contain the public host keys of all machines in the
1639 It should be world-readable.
1659 .Xr ssh-add 1 ,
1660 .Xr ssh-agent 1 ,
1661 .Xr ssh-keygen 1 ,
1662 .Xr ssh-keyscan 1 ,
1665 .Xr ssh-keysign 8 ,
1754 .%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol
1777 .%O International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99)
1778 .%T Hash Visualization: a New Technique to improve Real-World Security
1785 removed many bugs, re-added newer features and