1.\" 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" All rights reserved 5.\" 6.\" As far as I am concerned, the code I have written for this software 7.\" can be used freely for any purpose. Any derived versions of this 8.\" software must be clearly marked as such, and if the derived work is 9.\" incompatible with the protocol description in the RFC file, it must be 10.\" called by a name other than "ssh" or "Secure Shell". 11.\" 12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 15.\" 16.\" Redistribution and use in source and binary forms, with or without 17.\" modification, are permitted provided that the following conditions 18.\" are met: 19.\" 1. Redistributions of source code must retain the above copyright 20.\" notice, this list of conditions and the following disclaimer. 21.\" 2. Redistributions in binary form must reproduce the above copyright 22.\" notice, this list of conditions and the following disclaimer in the 23.\" documentation and/or other materials provided with the distribution. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" $OpenBSD: ssh.1,v 1.430 2022/03/31 17:27:27 naddy Exp $ 37.Dd $Mdocdate: March 31 2022 $ 38.Dt SSH 1 39.Os 40.Sh NAME 41.Nm ssh 42.Nd OpenSSH remote login client 43.Sh SYNOPSIS 44.Nm ssh 45.Op Fl 46AaCfGgKkMNnqsTtVvXxYy 46.Op Fl B Ar bind_interface 47.Op Fl b Ar bind_address 48.Op Fl c Ar cipher_spec 49.Op Fl D Oo Ar bind_address : Oc Ns Ar port 50.Op Fl E Ar log_file 51.Op Fl e Ar escape_char 52.Op Fl F Ar configfile 53.Op Fl I Ar pkcs11 54.Op Fl i Ar identity_file 55.Op Fl J Ar destination 56.Op Fl L Ar address 57.Op Fl l Ar login_name 58.Op Fl m Ar mac_spec 59.Op Fl O Ar ctl_cmd 60.Op Fl o Ar option 61.Op Fl p Ar port 62.Op Fl Q Ar query_option 63.Op Fl R Ar address 64.Op Fl S Ar ctl_path 65.Op Fl W Ar host : Ns Ar port 66.Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun 67.Ar destination 68.Op Ar command Op Ar argument ... 69.Sh DESCRIPTION 70.Nm 71(SSH client) is a program for logging into a remote machine and for 72executing commands on a remote machine. 73It is intended to provide secure encrypted communications between 74two untrusted hosts over an insecure network. 75X11 connections, arbitrary TCP ports and 76.Ux Ns -domain 77sockets can also be forwarded over the secure channel. 78.Pp 79.Nm 80connects and logs into the specified 81.Ar destination , 82which may be specified as either 83.Sm off 84.Oo user @ Oc hostname 85.Sm on 86or a URI of the form 87.Sm off 88.No ssh:// Oo user @ Oc hostname Op : port . 89.Sm on 90The user must prove 91their identity to the remote machine using one of several methods 92(see below). 93.Pp 94If a 95.Ar command 96is specified, 97it will be executed on the remote host instead of a login shell. 98A complete command line may be specified as 99.Ar command , 100or it may have additional arguments. 101If supplied, the arguments will be appended to the command, separated by 102spaces, before it is sent to the server to be executed. 103.Pp 104The options are as follows: 105.Pp 106.Bl -tag -width Ds -compact 107.It Fl 4 108Forces 109.Nm 110to use IPv4 addresses only. 111.Pp 112.It Fl 6 113Forces 114.Nm 115to use IPv6 addresses only. 116.Pp 117.It Fl A 118Enables forwarding of connections from an authentication agent such as 119.Xr ssh-agent 1 . 120This can also be specified on a per-host basis in a configuration file. 121.Pp 122Agent forwarding should be enabled with caution. 123Users with the ability to bypass file permissions on the remote host 124(for the agent's 125.Ux Ns -domain 126socket) can access the local agent through the forwarded connection. 127An attacker cannot obtain key material from the agent, 128however they can perform operations on the keys that enable them to 129authenticate using the identities loaded into the agent. 130A safer alternative may be to use a jump host 131(see 132.Fl J ) . 133.Pp 134.It Fl a 135Disables forwarding of the authentication agent connection. 136.Pp 137.It Fl B Ar bind_interface 138Bind to the address of 139.Ar bind_interface 140before attempting to connect to the destination host. 141This is only useful on systems with more than one address. 142.Pp 143.It Fl b Ar bind_address 144Use 145.Ar bind_address 146on the local machine as the source address 147of the connection. 148Only useful on systems with more than one address. 149.Pp 150.It Fl C 151Requests compression of all data (including stdin, stdout, stderr, and 152data for forwarded X11, TCP and 153.Ux Ns -domain 154connections). 155The compression algorithm is the same used by 156.Xr gzip 1 . 157Compression is desirable on modem lines and other 158slow connections, but will only slow down things on fast networks. 159The default value can be set on a host-by-host basis in the 160configuration files; see the 161.Cm Compression 162option. 163.Pp 164.It Fl c Ar cipher_spec 165Selects the cipher specification for encrypting the session. 166.Ar cipher_spec 167is a comma-separated list of ciphers 168listed in order of preference. 169See the 170.Cm Ciphers 171keyword in 172.Xr ssh_config 5 173for more information. 174.Pp 175.It Fl D Xo 176.Sm off 177.Oo Ar bind_address : Oc 178.Ar port 179.Sm on 180.Xc 181Specifies a local 182.Dq dynamic 183application-level port forwarding. 184This works by allocating a socket to listen to 185.Ar port 186on the local side, optionally bound to the specified 187.Ar bind_address . 188Whenever a connection is made to this port, the 189connection is forwarded over the secure channel, and the application 190protocol is then used to determine where to connect to from the 191remote machine. 192Currently the SOCKS4 and SOCKS5 protocols are supported, and 193.Nm 194will act as a SOCKS server. 195Only root can forward privileged ports. 196Dynamic port forwardings can also be specified in the configuration file. 197.Pp 198IPv6 addresses can be specified by enclosing the address in square brackets. 199Only the superuser can forward privileged ports. 200By default, the local port is bound in accordance with the 201.Cm GatewayPorts 202setting. 203However, an explicit 204.Ar bind_address 205may be used to bind the connection to a specific address. 206The 207.Ar bind_address 208of 209.Dq localhost 210indicates that the listening port be bound for local use only, while an 211empty address or 212.Sq * 213indicates that the port should be available from all interfaces. 214.Pp 215.It Fl E Ar log_file 216Append debug logs to 217.Ar log_file 218instead of standard error. 219.Pp 220.It Fl e Ar escape_char 221Sets the escape character for sessions with a pty (default: 222.Ql ~ ) . 223The escape character is only recognized at the beginning of a line. 224The escape character followed by a dot 225.Pq Ql \&. 226closes the connection; 227followed by control-Z suspends the connection; 228and followed by itself sends the escape character once. 229Setting the character to 230.Dq none 231disables any escapes and makes the session fully transparent. 232.Pp 233.It Fl F Ar configfile 234Specifies an alternative per-user configuration file. 235If a configuration file is given on the command line, 236the system-wide configuration file 237.Pq Pa /etc/ssh/ssh_config 238will be ignored. 239The default for the per-user configuration file is 240.Pa ~/.ssh/config . 241If set to 242.Dq none , 243no configuration files will be read. 244.Pp 245.It Fl f 246Requests 247.Nm 248to go to background just before command execution. 249This is useful if 250.Nm 251is going to ask for passwords or passphrases, but the user 252wants it in the background. 253This implies 254.Fl n . 255The recommended way to start X11 programs at a remote site is with 256something like 257.Ic ssh -f host xterm . 258.Pp 259If the 260.Cm ExitOnForwardFailure 261configuration option is set to 262.Dq yes , 263then a client started with 264.Fl f 265will wait for all remote port forwards to be successfully established 266before placing itself in the background. 267Refer to the description of 268.Cm ForkAfterAuthentication 269in 270.Xr ssh_config 5 271for details. 272.Pp 273.It Fl G 274Causes 275.Nm 276to print its configuration after evaluating 277.Cm Host 278and 279.Cm Match 280blocks and exit. 281.Pp 282.It Fl g 283Allows remote hosts to connect to local forwarded ports. 284If used on a multiplexed connection, then this option must be specified 285on the master process. 286.Pp 287.It Fl I Ar pkcs11 288Specify the PKCS#11 shared library 289.Nm 290should use to communicate with a PKCS#11 token providing keys for user 291authentication. 292.Pp 293.It Fl i Ar identity_file 294Selects a file from which the identity (private key) for 295public key authentication is read. 296You can also specify a public key file to use the corresponding 297private key that is loaded in 298.Xr ssh-agent 1 299when the private key file is not present locally. 300The default is 301.Pa ~/.ssh/id_rsa , 302.Pa ~/.ssh/id_ecdsa , 303.Pa ~/.ssh/id_ecdsa_sk , 304.Pa ~/.ssh/id_ed25519 , 305.Pa ~/.ssh/id_ed25519_sk 306and 307.Pa ~/.ssh/id_dsa . 308Identity files may also be specified on 309a per-host basis in the configuration file. 310It is possible to have multiple 311.Fl i 312options (and multiple identities specified in 313configuration files). 314If no certificates have been explicitly specified by the 315.Cm CertificateFile 316directive, 317.Nm 318will also try to load certificate information from the filename obtained 319by appending 320.Pa -cert.pub 321to identity filenames. 322.Pp 323.It Fl J Ar destination 324Connect to the target host by first making a 325.Nm 326connection to the jump host described by 327.Ar destination 328and then establishing a TCP forwarding to the ultimate destination from 329there. 330Multiple jump hops may be specified separated by comma characters. 331This is a shortcut to specify a 332.Cm ProxyJump 333configuration directive. 334Note that configuration directives supplied on the command-line generally 335apply to the destination host and not any specified jump hosts. 336Use 337.Pa ~/.ssh/config 338to specify configuration for jump hosts. 339.Pp 340.It Fl K 341Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI 342credentials to the server. 343.Pp 344.It Fl k 345Disables forwarding (delegation) of GSSAPI credentials to the server. 346.Pp 347.It Fl L Xo 348.Sm off 349.Oo Ar bind_address : Oc 350.Ar port : host : hostport 351.Sm on 352.Xc 353.It Fl L Xo 354.Sm off 355.Oo Ar bind_address : Oc 356.Ar port : remote_socket 357.Sm on 358.Xc 359.It Fl L Xo 360.Sm off 361.Ar local_socket : host : hostport 362.Sm on 363.Xc 364.It Fl L Xo 365.Sm off 366.Ar local_socket : remote_socket 367.Sm on 368.Xc 369Specifies that connections to the given TCP port or Unix socket on the local 370(client) host are to be forwarded to the given host and port, or Unix socket, 371on the remote side. 372This works by allocating a socket to listen to either a TCP 373.Ar port 374on the local side, optionally bound to the specified 375.Ar bind_address , 376or to a Unix socket. 377Whenever a connection is made to the local port or socket, the 378connection is forwarded over the secure channel, and a connection is 379made to either 380.Ar host 381port 382.Ar hostport , 383or the Unix socket 384.Ar remote_socket , 385from the remote machine. 386.Pp 387Port forwardings can also be specified in the configuration file. 388Only the superuser can forward privileged ports. 389IPv6 addresses can be specified by enclosing the address in square brackets. 390.Pp 391By default, the local port is bound in accordance with the 392.Cm GatewayPorts 393setting. 394However, an explicit 395.Ar bind_address 396may be used to bind the connection to a specific address. 397The 398.Ar bind_address 399of 400.Dq localhost 401indicates that the listening port be bound for local use only, while an 402empty address or 403.Sq * 404indicates that the port should be available from all interfaces. 405.Pp 406.It Fl l Ar login_name 407Specifies the user to log in as on the remote machine. 408This also may be specified on a per-host basis in the configuration file. 409.Pp 410.It Fl M 411Places the 412.Nm 413client into 414.Dq master 415mode for connection sharing. 416Multiple 417.Fl M 418options places 419.Nm 420into 421.Dq master 422mode but with confirmation required using 423.Xr ssh-askpass 1 424before each operation that changes the multiplexing state 425(e.g. opening a new session). 426Refer to the description of 427.Cm ControlMaster 428in 429.Xr ssh_config 5 430for details. 431.Pp 432.It Fl m Ar mac_spec 433A comma-separated list of MAC (message authentication code) algorithms, 434specified in order of preference. 435See the 436.Cm MACs 437keyword for more information. 438.Pp 439.It Fl N 440Do not execute a remote command. 441This is useful for just forwarding ports. 442Refer to the description of 443.Cm SessionType 444in 445.Xr ssh_config 5 446for details. 447.Pp 448.It Fl n 449Redirects stdin from 450.Pa /dev/null 451(actually, prevents reading from stdin). 452This must be used when 453.Nm 454is run in the background. 455A common trick is to use this to run X11 programs on a remote machine. 456For example, 457.Ic ssh -n shadows.cs.hut.fi emacs & 458will start an emacs on shadows.cs.hut.fi, and the X11 459connection will be automatically forwarded over an encrypted channel. 460The 461.Nm 462program will be put in the background. 463(This does not work if 464.Nm 465needs to ask for a password or passphrase; see also the 466.Fl f 467option.) 468Refer to the description of 469.Cm StdinNull 470in 471.Xr ssh_config 5 472for details. 473.Pp 474.It Fl O Ar ctl_cmd 475Control an active connection multiplexing master process. 476When the 477.Fl O 478option is specified, the 479.Ar ctl_cmd 480argument is interpreted and passed to the master process. 481Valid commands are: 482.Dq check 483(check that the master process is running), 484.Dq forward 485(request forwardings without command execution), 486.Dq cancel 487(cancel forwardings), 488.Dq exit 489(request the master to exit), and 490.Dq stop 491(request the master to stop accepting further multiplexing requests). 492.Pp 493.It Fl o Ar option 494Can be used to give options in the format used in the configuration file. 495This is useful for specifying options for which there is no separate 496command-line flag. 497For full details of the options listed below, and their possible values, see 498.Xr ssh_config 5 . 499.Pp 500.Bl -tag -width Ds -offset indent -compact 501.It AddKeysToAgent 502.It AddressFamily 503.It BatchMode 504.It BindAddress 505.It CanonicalDomains 506.It CanonicalizeFallbackLocal 507.It CanonicalizeHostname 508.It CanonicalizeMaxDots 509.It CanonicalizePermittedCNAMEs 510.It CASignatureAlgorithms 511.It CertificateFile 512.It CheckHostIP 513.It Ciphers 514.It ClearAllForwardings 515.It Compression 516.It ConnectionAttempts 517.It ConnectTimeout 518.It ControlMaster 519.It ControlPath 520.It ControlPersist 521.It DynamicForward 522.It EscapeChar 523.It ExitOnForwardFailure 524.It FingerprintHash 525.It ForkAfterAuthentication 526.It ForwardAgent 527.It ForwardX11 528.It ForwardX11Timeout 529.It ForwardX11Trusted 530.It GatewayPorts 531.It GlobalKnownHostsFile 532.It GSSAPIAuthentication 533.It GSSAPIDelegateCredentials 534.It HashKnownHosts 535.It Host 536.It HostbasedAcceptedAlgorithms 537.It HostbasedAuthentication 538.It HostKeyAlgorithms 539.It HostKeyAlias 540.It Hostname 541.It IdentitiesOnly 542.It IdentityAgent 543.It IdentityFile 544.It IPQoS 545.It KbdInteractiveAuthentication 546.It KbdInteractiveDevices 547.It KexAlgorithms 548.It KnownHostsCommand 549.It LocalCommand 550.It LocalForward 551.It LogLevel 552.It MACs 553.It Match 554.It NoHostAuthenticationForLocalhost 555.It NumberOfPasswordPrompts 556.It PasswordAuthentication 557.It PermitLocalCommand 558.It PermitRemoteOpen 559.It PKCS11Provider 560.It Port 561.It PreferredAuthentications 562.It ProxyCommand 563.It ProxyJump 564.It ProxyUseFdpass 565.It PubkeyAcceptedAlgorithms 566.It PubkeyAuthentication 567.It RekeyLimit 568.It RemoteCommand 569.It RemoteForward 570.It RequestTTY 571.It SendEnv 572.It ServerAliveInterval 573.It ServerAliveCountMax 574.It SessionType 575.It SetEnv 576.It StdinNull 577.It StreamLocalBindMask 578.It StreamLocalBindUnlink 579.It StrictHostKeyChecking 580.It TCPKeepAlive 581.It Tunnel 582.It TunnelDevice 583.It UpdateHostKeys 584.It User 585.It UserKnownHostsFile 586.It VerifyHostKeyDNS 587.It VisualHostKey 588.It XAuthLocation 589.El 590.Pp 591.It Fl p Ar port 592Port to connect to on the remote host. 593This can be specified on a 594per-host basis in the configuration file. 595.Pp 596.It Fl Q Ar query_option 597Queries for the algorithms supported by one of the following features: 598.Ar cipher 599(supported symmetric ciphers), 600.Ar cipher-auth 601(supported symmetric ciphers that support authenticated encryption), 602.Ar help 603(supported query terms for use with the 604.Fl Q 605flag), 606.Ar mac 607(supported message integrity codes), 608.Ar kex 609(key exchange algorithms), 610.Ar key 611(key types), 612.Ar key-cert 613(certificate key types), 614.Ar key-plain 615(non-certificate key types), 616.Ar key-sig 617(all key types and signature algorithms), 618.Ar protocol-version 619(supported SSH protocol versions), and 620.Ar sig 621(supported signature algorithms). 622Alternatively, any keyword from 623.Xr ssh_config 5 624or 625.Xr sshd_config 5 626that takes an algorithm list may be used as an alias for the corresponding 627query_option. 628.Pp 629.It Fl q 630Quiet mode. 631Causes most warning and diagnostic messages to be suppressed. 632.Pp 633.It Fl R Xo 634.Sm off 635.Oo Ar bind_address : Oc 636.Ar port : host : hostport 637.Sm on 638.Xc 639.It Fl R Xo 640.Sm off 641.Oo Ar bind_address : Oc 642.Ar port : local_socket 643.Sm on 644.Xc 645.It Fl R Xo 646.Sm off 647.Ar remote_socket : host : hostport 648.Sm on 649.Xc 650.It Fl R Xo 651.Sm off 652.Ar remote_socket : local_socket 653.Sm on 654.Xc 655.It Fl R Xo 656.Sm off 657.Oo Ar bind_address : Oc 658.Ar port 659.Sm on 660.Xc 661Specifies that connections to the given TCP port or Unix socket on the remote 662(server) host are to be forwarded to the local side. 663.Pp 664This works by allocating a socket to listen to either a TCP 665.Ar port 666or to a Unix socket on the remote side. 667Whenever a connection is made to this port or Unix socket, the 668connection is forwarded over the secure channel, and a connection 669is made from the local machine to either an explicit destination specified by 670.Ar host 671port 672.Ar hostport , 673or 674.Ar local_socket , 675or, if no explicit destination was specified, 676.Nm 677will act as a SOCKS 4/5 proxy and forward connections to the destinations 678requested by the remote SOCKS client. 679.Pp 680Port forwardings can also be specified in the configuration file. 681Privileged ports can be forwarded only when 682logging in as root on the remote machine. 683IPv6 addresses can be specified by enclosing the address in square brackets. 684.Pp 685By default, TCP listening sockets on the server will be bound to the loopback 686interface only. 687This may be overridden by specifying a 688.Ar bind_address . 689An empty 690.Ar bind_address , 691or the address 692.Ql * , 693indicates that the remote socket should listen on all interfaces. 694Specifying a remote 695.Ar bind_address 696will only succeed if the server's 697.Cm GatewayPorts 698option is enabled (see 699.Xr sshd_config 5 ) . 700.Pp 701If the 702.Ar port 703argument is 704.Ql 0 , 705the listen port will be dynamically allocated on the server and reported 706to the client at run time. 707When used together with 708.Ic -O forward , 709the allocated port will be printed to the standard output. 710.Pp 711.It Fl S Ar ctl_path 712Specifies the location of a control socket for connection sharing, 713or the string 714.Dq none 715to disable connection sharing. 716Refer to the description of 717.Cm ControlPath 718and 719.Cm ControlMaster 720in 721.Xr ssh_config 5 722for details. 723.Pp 724.It Fl s 725May be used to request invocation of a subsystem on the remote system. 726Subsystems facilitate the use of SSH 727as a secure transport for other applications (e.g.\& 728.Xr sftp 1 ) . 729The subsystem is specified as the remote command. 730Refer to the description of 731.Cm SessionType 732in 733.Xr ssh_config 5 734for details. 735.Pp 736.It Fl T 737Disable pseudo-terminal allocation. 738.Pp 739.It Fl t 740Force pseudo-terminal allocation. 741This can be used to execute arbitrary 742screen-based programs on a remote machine, which can be very useful, 743e.g. when implementing menu services. 744Multiple 745.Fl t 746options force tty allocation, even if 747.Nm 748has no local tty. 749.Pp 750.It Fl V 751Display the version number and exit. 752.Pp 753.It Fl v 754Verbose mode. 755Causes 756.Nm 757to print debugging messages about its progress. 758This is helpful in 759debugging connection, authentication, and configuration problems. 760Multiple 761.Fl v 762options increase the verbosity. 763The maximum is 3. 764.Pp 765.It Fl W Ar host : Ns Ar port 766Requests that standard input and output on the client be forwarded to 767.Ar host 768on 769.Ar port 770over the secure channel. 771Implies 772.Fl N , 773.Fl T , 774.Cm ExitOnForwardFailure 775and 776.Cm ClearAllForwardings , 777though these can be overridden in the configuration file or using 778.Fl o 779command line options. 780.Pp 781.It Fl w Xo 782.Ar local_tun Ns Op : Ns Ar remote_tun 783.Xc 784Requests 785tunnel 786device forwarding with the specified 787.Xr tun 4 788devices between the client 789.Pq Ar local_tun 790and the server 791.Pq Ar remote_tun . 792.Pp 793The devices may be specified by numerical ID or the keyword 794.Dq any , 795which uses the next available tunnel device. 796If 797.Ar remote_tun 798is not specified, it defaults to 799.Dq any . 800See also the 801.Cm Tunnel 802and 803.Cm TunnelDevice 804directives in 805.Xr ssh_config 5 . 806.Pp 807If the 808.Cm Tunnel 809directive is unset, it will be set to the default tunnel mode, which is 810.Dq point-to-point . 811If a different 812.Cm Tunnel 813forwarding mode it desired, then it should be specified before 814.Fl w . 815.Pp 816.It Fl X 817Enables X11 forwarding. 818This can also be specified on a per-host basis in a configuration file. 819.Pp 820X11 forwarding should be enabled with caution. 821Users with the ability to bypass file permissions on the remote host 822(for the user's X authorization database) 823can access the local X11 display through the forwarded connection. 824An attacker may then be able to perform activities such as keystroke monitoring. 825.Pp 826For this reason, X11 forwarding is subjected to X11 SECURITY extension 827restrictions by default. 828Refer to the 829.Nm 830.Fl Y 831option and the 832.Cm ForwardX11Trusted 833directive in 834.Xr ssh_config 5 835for more information. 836.Pp 837.It Fl x 838Disables X11 forwarding. 839.Pp 840.It Fl Y 841Enables trusted X11 forwarding. 842Trusted X11 forwardings are not subjected to the X11 SECURITY extension 843controls. 844.Pp 845.It Fl y 846Send log information using the 847.Xr syslog 3 848system module. 849By default this information is sent to stderr. 850.El 851.Pp 852.Nm 853may additionally obtain configuration data from 854a per-user configuration file and a system-wide configuration file. 855The file format and configuration options are described in 856.Xr ssh_config 5 . 857.Sh AUTHENTICATION 858The OpenSSH SSH client supports SSH protocol 2. 859.Pp 860The methods available for authentication are: 861GSSAPI-based authentication, 862host-based authentication, 863public key authentication, 864keyboard-interactive authentication, 865and password authentication. 866Authentication methods are tried in the order specified above, 867though 868.Cm PreferredAuthentications 869can be used to change the default order. 870.Pp 871Host-based authentication works as follows: 872If the machine the user logs in from is listed in 873.Pa /etc/hosts.equiv 874or 875.Pa /etc/shosts.equiv 876on the remote machine, the user is non-root and the user names are 877the same on both sides, or if the files 878.Pa ~/.rhosts 879or 880.Pa ~/.shosts 881exist in the user's home directory on the 882remote machine and contain a line containing the name of the client 883machine and the name of the user on that machine, the user is 884considered for login. 885Additionally, the server 886.Em must 887be able to verify the client's 888host key (see the description of 889.Pa /etc/ssh/ssh_known_hosts 890and 891.Pa ~/.ssh/known_hosts , 892below) 893for login to be permitted. 894This authentication method closes security holes due to IP 895spoofing, DNS spoofing, and routing spoofing. 896[Note to the administrator: 897.Pa /etc/hosts.equiv , 898.Pa ~/.rhosts , 899and the rlogin/rsh protocol in general, are inherently insecure and should be 900disabled if security is desired.] 901.Pp 902Public key authentication works as follows: 903The scheme is based on public-key cryptography, 904using cryptosystems 905where encryption and decryption are done using separate keys, 906and it is unfeasible to derive the decryption key from the encryption key. 907The idea is that each user creates a public/private 908key pair for authentication purposes. 909The server knows the public key, and only the user knows the private key. 910.Nm 911implements public key authentication protocol automatically, 912using one of the DSA, ECDSA, Ed25519 or RSA algorithms. 913The HISTORY section of 914.Xr ssl 8 915contains a brief discussion of the DSA and RSA algorithms. 916.Pp 917The file 918.Pa ~/.ssh/authorized_keys 919lists the public keys that are permitted for logging in. 920When the user logs in, the 921.Nm 922program tells the server which key pair it would like to use for 923authentication. 924The client proves that it has access to the private key 925and the server checks that the corresponding public key 926is authorized to accept the account. 927.Pp 928The server may inform the client of errors that prevented public key 929authentication from succeeding after authentication completes using a 930different method. 931These may be viewed by increasing the 932.Cm LogLevel 933to 934.Cm DEBUG 935or higher (e.g. by using the 936.Fl v 937flag). 938.Pp 939The user creates their key pair by running 940.Xr ssh-keygen 1 . 941This stores the private key in 942.Pa ~/.ssh/id_dsa 943(DSA), 944.Pa ~/.ssh/id_ecdsa 945(ECDSA), 946.Pa ~/.ssh/id_ecdsa_sk 947(authenticator-hosted ECDSA), 948.Pa ~/.ssh/id_ed25519 949(Ed25519), 950.Pa ~/.ssh/id_ed25519_sk 951(authenticator-hosted Ed25519), 952or 953.Pa ~/.ssh/id_rsa 954(RSA) 955and stores the public key in 956.Pa ~/.ssh/id_dsa.pub 957(DSA), 958.Pa ~/.ssh/id_ecdsa.pub 959(ECDSA), 960.Pa ~/.ssh/id_ecdsa_sk.pub 961(authenticator-hosted ECDSA), 962.Pa ~/.ssh/id_ed25519.pub 963(Ed25519), 964.Pa ~/.ssh/id_ed25519_sk.pub 965(authenticator-hosted Ed25519), 966or 967.Pa ~/.ssh/id_rsa.pub 968(RSA) 969in the user's home directory. 970The user should then copy the public key 971to 972.Pa ~/.ssh/authorized_keys 973in their home directory on the remote machine. 974The 975.Pa authorized_keys 976file corresponds to the conventional 977.Pa ~/.rhosts 978file, and has one key 979per line, though the lines can be very long. 980After this, the user can log in without giving the password. 981.Pp 982A variation on public key authentication 983is available in the form of certificate authentication: 984instead of a set of public/private keys, 985signed certificates are used. 986This has the advantage that a single trusted certification authority 987can be used in place of many public/private keys. 988See the CERTIFICATES section of 989.Xr ssh-keygen 1 990for more information. 991.Pp 992The most convenient way to use public key or certificate authentication 993may be with an authentication agent. 994See 995.Xr ssh-agent 1 996and (optionally) the 997.Cm AddKeysToAgent 998directive in 999.Xr ssh_config 5 1000for more information. 1001.Pp 1002Keyboard-interactive authentication works as follows: 1003The server sends an arbitrary 1004.Qq challenge 1005text and prompts for a response, possibly multiple times. 1006Examples of keyboard-interactive authentication include 1007.Bx 1008Authentication (see 1009.Xr login.conf 5 ) 1010and PAM (some 1011.Pf non- Ox 1012systems). 1013.Pp 1014Finally, if other authentication methods fail, 1015.Nm 1016prompts the user for a password. 1017The password is sent to the remote 1018host for checking; however, since all communications are encrypted, 1019the password cannot be seen by someone listening on the network. 1020.Pp 1021.Nm 1022automatically maintains and checks a database containing 1023identification for all hosts it has ever been used with. 1024Host keys are stored in 1025.Pa ~/.ssh/known_hosts 1026in the user's home directory. 1027Additionally, the file 1028.Pa /etc/ssh/ssh_known_hosts 1029is automatically checked for known hosts. 1030Any new hosts are automatically added to the user's file. 1031If a host's identification ever changes, 1032.Nm 1033warns about this and disables password authentication to prevent 1034server spoofing or man-in-the-middle attacks, 1035which could otherwise be used to circumvent the encryption. 1036The 1037.Cm StrictHostKeyChecking 1038option can be used to control logins to machines whose 1039host key is not known or has changed. 1040.Pp 1041When the user's identity has been accepted by the server, the server 1042either executes the given command in a non-interactive session or, 1043if no command has been specified, logs into the machine and gives 1044the user a normal shell as an interactive session. 1045All communication with 1046the remote command or shell will be automatically encrypted. 1047.Pp 1048If an interactive session is requested, 1049.Nm 1050by default will only request a pseudo-terminal (pty) for interactive 1051sessions when the client has one. 1052The flags 1053.Fl T 1054and 1055.Fl t 1056can be used to override this behaviour. 1057.Pp 1058If a pseudo-terminal has been allocated, the 1059user may use the escape characters noted below. 1060.Pp 1061If no pseudo-terminal has been allocated, 1062the session is transparent and can be used to reliably transfer binary data. 1063On most systems, setting the escape character to 1064.Dq none 1065will also make the session transparent even if a tty is used. 1066.Pp 1067The session terminates when the command or shell on the remote 1068machine exits and all X11 and TCP connections have been closed. 1069.Sh ESCAPE CHARACTERS 1070When a pseudo-terminal has been requested, 1071.Nm 1072supports a number of functions through the use of an escape character. 1073.Pp 1074A single tilde character can be sent as 1075.Ic ~~ 1076or by following the tilde by a character other than those described below. 1077The escape character must always follow a newline to be interpreted as 1078special. 1079The escape character can be changed in configuration files using the 1080.Cm EscapeChar 1081configuration directive or on the command line by the 1082.Fl e 1083option. 1084.Pp 1085The supported escapes (assuming the default 1086.Ql ~ ) 1087are: 1088.Bl -tag -width Ds 1089.It Cm ~. 1090Disconnect. 1091.It Cm ~^Z 1092Background 1093.Nm . 1094.It Cm ~# 1095List forwarded connections. 1096.It Cm ~& 1097Background 1098.Nm 1099at logout when waiting for forwarded connection / X11 sessions to terminate. 1100.It Cm ~? 1101Display a list of escape characters. 1102.It Cm ~B 1103Send a BREAK to the remote system 1104(only useful if the peer supports it). 1105.It Cm ~C 1106Open command line. 1107Currently this allows the addition of port forwardings using the 1108.Fl L , 1109.Fl R 1110and 1111.Fl D 1112options (see above). 1113It also allows the cancellation of existing port-forwardings 1114with 1115.Sm off 1116.Fl KL Oo Ar bind_address : Oc Ar port 1117.Sm on 1118for local, 1119.Sm off 1120.Fl KR Oo Ar bind_address : Oc Ar port 1121.Sm on 1122for remote and 1123.Sm off 1124.Fl KD Oo Ar bind_address : Oc Ar port 1125.Sm on 1126for dynamic port-forwardings. 1127.Ic !\& Ns Ar command 1128allows the user to execute a local command if the 1129.Ic PermitLocalCommand 1130option is enabled in 1131.Xr ssh_config 5 . 1132Basic help is available, using the 1133.Fl h 1134option. 1135.It Cm ~R 1136Request rekeying of the connection 1137(only useful if the peer supports it). 1138.It Cm ~V 1139Decrease the verbosity 1140.Pq Ic LogLevel 1141when errors are being written to stderr. 1142.It Cm ~v 1143Increase the verbosity 1144.Pq Ic LogLevel 1145when errors are being written to stderr. 1146.El 1147.Sh TCP FORWARDING 1148Forwarding of arbitrary TCP connections over a secure channel 1149can be specified either on the command line or in a configuration file. 1150One possible application of TCP forwarding is a secure connection to a 1151mail server; another is going through firewalls. 1152.Pp 1153In the example below, we look at encrypting communication for an IRC client, 1154even though the IRC server it connects to does not directly 1155support encrypted communication. 1156This works as follows: 1157the user connects to the remote host using 1158.Nm , 1159specifying the ports to be used to forward the connection. 1160After that it is possible to start the program locally, 1161and 1162.Nm 1163will encrypt and forward the connection to the remote server. 1164.Pp 1165The following example tunnels an IRC session from the client 1166to an IRC server at 1167.Dq server.example.com , 1168joining channel 1169.Dq #users , 1170nickname 1171.Dq pinky , 1172using the standard IRC port, 6667: 1173.Bd -literal -offset 4n 1174$ ssh -f -L 6667:localhost:6667 server.example.com sleep 10 1175$ irc -c '#users' pinky IRC/127.0.0.1 1176.Ed 1177.Pp 1178The 1179.Fl f 1180option backgrounds 1181.Nm 1182and the remote command 1183.Dq sleep 10 1184is specified to allow an amount of time 1185(10 seconds, in the example) 1186to start the program which is going to use the tunnel. 1187If no connections are made within the time specified, 1188.Nm 1189will exit. 1190.Sh X11 FORWARDING 1191If the 1192.Cm ForwardX11 1193variable is set to 1194.Dq yes 1195(or see the description of the 1196.Fl X , 1197.Fl x , 1198and 1199.Fl Y 1200options above) 1201and the user is using X11 (the 1202.Ev DISPLAY 1203environment variable is set), the connection to the X11 display is 1204automatically forwarded to the remote side in such a way that any X11 1205programs started from the shell (or command) will go through the 1206encrypted channel, and the connection to the real X server will be made 1207from the local machine. 1208The user should not manually set 1209.Ev DISPLAY . 1210Forwarding of X11 connections can be 1211configured on the command line or in configuration files. 1212.Pp 1213The 1214.Ev DISPLAY 1215value set by 1216.Nm 1217will point to the server machine, but with a display number greater than zero. 1218This is normal, and happens because 1219.Nm 1220creates a 1221.Dq proxy 1222X server on the server machine for forwarding the 1223connections over the encrypted channel. 1224.Pp 1225.Nm 1226will also automatically set up Xauthority data on the server machine. 1227For this purpose, it will generate a random authorization cookie, 1228store it in Xauthority on the server, and verify that any forwarded 1229connections carry this cookie and replace it by the real cookie when 1230the connection is opened. 1231The real authentication cookie is never 1232sent to the server machine (and no cookies are sent in the plain). 1233.Pp 1234If the 1235.Cm ForwardAgent 1236variable is set to 1237.Dq yes 1238(or see the description of the 1239.Fl A 1240and 1241.Fl a 1242options above) and 1243the user is using an authentication agent, the connection to the agent 1244is automatically forwarded to the remote side. 1245.Sh VERIFYING HOST KEYS 1246When connecting to a server for the first time, 1247a fingerprint of the server's public key is presented to the user 1248(unless the option 1249.Cm StrictHostKeyChecking 1250has been disabled). 1251Fingerprints can be determined using 1252.Xr ssh-keygen 1 : 1253.Pp 1254.Dl $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key 1255.Pp 1256If the fingerprint is already known, it can be matched 1257and the key can be accepted or rejected. 1258If only legacy (MD5) fingerprints for the server are available, the 1259.Xr ssh-keygen 1 1260.Fl E 1261option may be used to downgrade the fingerprint algorithm to match. 1262.Pp 1263Because of the difficulty of comparing host keys 1264just by looking at fingerprint strings, 1265there is also support to compare host keys visually, 1266using 1267.Em random art . 1268By setting the 1269.Cm VisualHostKey 1270option to 1271.Dq yes , 1272a small ASCII graphic gets displayed on every login to a server, no matter 1273if the session itself is interactive or not. 1274By learning the pattern a known server produces, a user can easily 1275find out that the host key has changed when a completely different pattern 1276is displayed. 1277Because these patterns are not unambiguous however, a pattern that looks 1278similar to the pattern remembered only gives a good probability that the 1279host key is the same, not guaranteed proof. 1280.Pp 1281To get a listing of the fingerprints along with their random art for 1282all known hosts, the following command line can be used: 1283.Pp 1284.Dl $ ssh-keygen -lv -f ~/.ssh/known_hosts 1285.Pp 1286If the fingerprint is unknown, 1287an alternative method of verification is available: 1288SSH fingerprints verified by DNS. 1289An additional resource record (RR), 1290SSHFP, 1291is added to a zonefile 1292and the connecting client is able to match the fingerprint 1293with that of the key presented. 1294.Pp 1295In this example, we are connecting a client to a server, 1296.Dq host.example.com . 1297The SSHFP resource records should first be added to the zonefile for 1298host.example.com: 1299.Bd -literal -offset indent 1300$ ssh-keygen -r host.example.com. 1301.Ed 1302.Pp 1303The output lines will have to be added to the zonefile. 1304To check that the zone is answering fingerprint queries: 1305.Pp 1306.Dl $ dig -t SSHFP host.example.com 1307.Pp 1308Finally the client connects: 1309.Bd -literal -offset indent 1310$ ssh -o "VerifyHostKeyDNS ask" host.example.com 1311[...] 1312Matching host key fingerprint found in DNS. 1313Are you sure you want to continue connecting (yes/no)? 1314.Ed 1315.Pp 1316See the 1317.Cm VerifyHostKeyDNS 1318option in 1319.Xr ssh_config 5 1320for more information. 1321.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS 1322.Nm 1323contains support for Virtual Private Network (VPN) tunnelling 1324using the 1325.Xr tun 4 1326network pseudo-device, 1327allowing two networks to be joined securely. 1328The 1329.Xr sshd_config 5 1330configuration option 1331.Cm PermitTunnel 1332controls whether the server supports this, 1333and at what level (layer 2 or 3 traffic). 1334.Pp 1335The following example would connect client network 10.0.50.0/24 1336with remote network 10.0.99.0/24 using a point-to-point connection 1337from 10.1.1.1 to 10.1.1.2, 1338provided that the SSH server running on the gateway to the remote network, 1339at 192.168.1.15, allows it. 1340.Pp 1341On the client: 1342.Bd -literal -offset indent 1343# ssh -f -w 0:1 192.168.1.15 true 1344# ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252 1345# route add 10.0.99.0/24 10.1.1.2 1346.Ed 1347.Pp 1348On the server: 1349.Bd -literal -offset indent 1350# ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252 1351# route add 10.0.50.0/24 10.1.1.1 1352.Ed 1353.Pp 1354Client access may be more finely tuned via the 1355.Pa /root/.ssh/authorized_keys 1356file (see below) and the 1357.Cm PermitRootLogin 1358server option. 1359The following entry would permit connections on 1360.Xr tun 4 1361device 1 from user 1362.Dq jane 1363and on tun device 2 from user 1364.Dq john , 1365if 1366.Cm PermitRootLogin 1367is set to 1368.Dq forced-commands-only : 1369.Bd -literal -offset 2n 1370tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane 1371tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john 1372.Ed 1373.Pp 1374Since an SSH-based setup entails a fair amount of overhead, 1375it may be more suited to temporary setups, 1376such as for wireless VPNs. 1377More permanent VPNs are better provided by tools such as 1378.Xr ipsecctl 8 1379and 1380.Xr isakmpd 8 . 1381.Sh ENVIRONMENT 1382.Nm 1383will normally set the following environment variables: 1384.Bl -tag -width "SSH_ORIGINAL_COMMAND" 1385.It Ev DISPLAY 1386The 1387.Ev DISPLAY 1388variable indicates the location of the X11 server. 1389It is automatically set by 1390.Nm 1391to point to a value of the form 1392.Dq hostname:n , 1393where 1394.Dq hostname 1395indicates the host where the shell runs, and 1396.Sq n 1397is an integer \*(Ge 1. 1398.Nm 1399uses this special value to forward X11 connections over the secure 1400channel. 1401The user should normally not set 1402.Ev DISPLAY 1403explicitly, as that 1404will render the X11 connection insecure (and will require the user to 1405manually copy any required authorization cookies). 1406.It Ev HOME 1407Set to the path of the user's home directory. 1408.It Ev LOGNAME 1409Synonym for 1410.Ev USER ; 1411set for compatibility with systems that use this variable. 1412.It Ev MAIL 1413Set to the path of the user's mailbox. 1414.It Ev PATH 1415Set to the default 1416.Ev PATH , 1417as specified when compiling 1418.Nm . 1419.It Ev SSH_ASKPASS 1420If 1421.Nm 1422needs a passphrase, it will read the passphrase from the current 1423terminal if it was run from a terminal. 1424If 1425.Nm 1426does not have a terminal associated with it but 1427.Ev DISPLAY 1428and 1429.Ev SSH_ASKPASS 1430are set, it will execute the program specified by 1431.Ev SSH_ASKPASS 1432and open an X11 window to read the passphrase. 1433This is particularly useful when calling 1434.Nm 1435from a 1436.Pa .xsession 1437or related script. 1438(Note that on some machines it 1439may be necessary to redirect the input from 1440.Pa /dev/null 1441to make this work.) 1442.It Ev SSH_ASKPASS_REQUIRE 1443Allows further control over the use of an askpass program. 1444If this variable is set to 1445.Dq never 1446then 1447.Nm 1448will never attempt to use one. 1449If it is set to 1450.Dq prefer , 1451then 1452.Nm 1453will prefer to use the askpass program instead of the TTY when requesting 1454passwords. 1455Finally, if the variable is set to 1456.Dq force , 1457then the askpass program will be used for all passphrase input regardless 1458of whether 1459.Ev DISPLAY 1460is set. 1461.It Ev SSH_AUTH_SOCK 1462Identifies the path of a 1463.Ux Ns -domain 1464socket used to communicate with the agent. 1465.It Ev SSH_CONNECTION 1466Identifies the client and server ends of the connection. 1467The variable contains 1468four space-separated values: client IP address, client port number, 1469server IP address, and server port number. 1470.It Ev SSH_ORIGINAL_COMMAND 1471This variable contains the original command line if a forced command 1472is executed. 1473It can be used to extract the original arguments. 1474.It Ev SSH_TTY 1475This is set to the name of the tty (path to the device) associated 1476with the current shell or command. 1477If the current session has no tty, 1478this variable is not set. 1479.It Ev SSH_TUNNEL 1480Optionally set by 1481.Xr sshd 8 1482to contain the interface names assigned if tunnel forwarding was 1483requested by the client. 1484.It Ev SSH_USER_AUTH 1485Optionally set by 1486.Xr sshd 8 , 1487this variable may contain a pathname to a file that lists the authentication 1488methods successfully used when the session was established, including any 1489public keys that were used. 1490.It Ev TZ 1491This variable is set to indicate the present time zone if it 1492was set when the daemon was started (i.e. the daemon passes the value 1493on to new connections). 1494.It Ev USER 1495Set to the name of the user logging in. 1496.El 1497.Pp 1498Additionally, 1499.Nm 1500reads 1501.Pa ~/.ssh/environment , 1502and adds lines of the format 1503.Dq VARNAME=value 1504to the environment if the file exists and users are allowed to 1505change their environment. 1506For more information, see the 1507.Cm PermitUserEnvironment 1508option in 1509.Xr sshd_config 5 . 1510.Sh FILES 1511.Bl -tag -width Ds -compact 1512.It Pa ~/.rhosts 1513This file is used for host-based authentication (see above). 1514On some machines this file may need to be 1515world-readable if the user's home directory is on an NFS partition, 1516because 1517.Xr sshd 8 1518reads it as root. 1519Additionally, this file must be owned by the user, 1520and must not have write permissions for anyone else. 1521The recommended 1522permission for most machines is read/write for the user, and not 1523accessible by others. 1524.Pp 1525.It Pa ~/.shosts 1526This file is used in exactly the same way as 1527.Pa .rhosts , 1528but allows host-based authentication without permitting login with 1529rlogin/rsh. 1530.Pp 1531.It Pa ~/.ssh/ 1532This directory is the default location for all user-specific configuration 1533and authentication information. 1534There is no general requirement to keep the entire contents of this directory 1535secret, but the recommended permissions are read/write/execute for the user, 1536and not accessible by others. 1537.Pp 1538.It Pa ~/.ssh/authorized_keys 1539Lists the public keys (DSA, ECDSA, Ed25519, RSA) 1540that can be used for logging in as this user. 1541The format of this file is described in the 1542.Xr sshd 8 1543manual page. 1544This file is not highly sensitive, but the recommended 1545permissions are read/write for the user, and not accessible by others. 1546.Pp 1547.It Pa ~/.ssh/config 1548This is the per-user configuration file. 1549The file format and configuration options are described in 1550.Xr ssh_config 5 . 1551Because of the potential for abuse, this file must have strict permissions: 1552read/write for the user, and not writable by others. 1553.Pp 1554.It Pa ~/.ssh/environment 1555Contains additional definitions for environment variables; see 1556.Sx ENVIRONMENT , 1557above. 1558.Pp 1559.It Pa ~/.ssh/id_dsa 1560.It Pa ~/.ssh/id_ecdsa 1561.It Pa ~/.ssh/id_ecdsa_sk 1562.It Pa ~/.ssh/id_ed25519 1563.It Pa ~/.ssh/id_ed25519_sk 1564.It Pa ~/.ssh/id_rsa 1565Contains the private key for authentication. 1566These files 1567contain sensitive data and should be readable by the user but not 1568accessible by others (read/write/execute). 1569.Nm 1570will simply ignore a private key file if it is accessible by others. 1571It is possible to specify a passphrase when 1572generating the key which will be used to encrypt the 1573sensitive part of this file using AES-128. 1574.Pp 1575.It Pa ~/.ssh/id_dsa.pub 1576.It Pa ~/.ssh/id_ecdsa.pub 1577.It Pa ~/.ssh/id_ecdsa_sk.pub 1578.It Pa ~/.ssh/id_ed25519.pub 1579.It Pa ~/.ssh/id_ed25519_sk.pub 1580.It Pa ~/.ssh/id_rsa.pub 1581Contains the public key for authentication. 1582These files are not 1583sensitive and can (but need not) be readable by anyone. 1584.Pp 1585.It Pa ~/.ssh/known_hosts 1586Contains a list of host keys for all hosts the user has logged into 1587that are not already in the systemwide list of known host keys. 1588See 1589.Xr sshd 8 1590for further details of the format of this file. 1591.Pp 1592.It Pa ~/.ssh/rc 1593Commands in this file are executed by 1594.Nm 1595when the user logs in, just before the user's shell (or command) is 1596started. 1597See the 1598.Xr sshd 8 1599manual page for more information. 1600.Pp 1601.It Pa /etc/hosts.equiv 1602This file is for host-based authentication (see above). 1603It should only be writable by root. 1604.Pp 1605.It Pa /etc/shosts.equiv 1606This file is used in exactly the same way as 1607.Pa hosts.equiv , 1608but allows host-based authentication without permitting login with 1609rlogin/rsh. 1610.Pp 1611.It Pa /etc/ssh/ssh_config 1612Systemwide configuration file. 1613The file format and configuration options are described in 1614.Xr ssh_config 5 . 1615.Pp 1616.It Pa /etc/ssh/ssh_host_key 1617.It Pa /etc/ssh/ssh_host_dsa_key 1618.It Pa /etc/ssh/ssh_host_ecdsa_key 1619.It Pa /etc/ssh/ssh_host_ed25519_key 1620.It Pa /etc/ssh/ssh_host_rsa_key 1621These files contain the private parts of the host keys 1622and are used for host-based authentication. 1623.Pp 1624.It Pa /etc/ssh/ssh_known_hosts 1625Systemwide list of known host keys. 1626This file should be prepared by the 1627system administrator to contain the public host keys of all machines in the 1628organization. 1629It should be world-readable. 1630See 1631.Xr sshd 8 1632for further details of the format of this file. 1633.Pp 1634.It Pa /etc/ssh/sshrc 1635Commands in this file are executed by 1636.Nm 1637when the user logs in, just before the user's shell (or command) is started. 1638See the 1639.Xr sshd 8 1640manual page for more information. 1641.El 1642.Sh EXIT STATUS 1643.Nm 1644exits with the exit status of the remote command or with 255 1645if an error occurred. 1646.Sh SEE ALSO 1647.Xr scp 1 , 1648.Xr sftp 1 , 1649.Xr ssh-add 1 , 1650.Xr ssh-agent 1 , 1651.Xr ssh-keygen 1 , 1652.Xr ssh-keyscan 1 , 1653.Xr tun 4 , 1654.Xr ssh_config 5 , 1655.Xr ssh-keysign 8 , 1656.Xr sshd 8 1657.Sh STANDARDS 1658.Rs 1659.%A S. Lehtinen 1660.%A C. Lonvick 1661.%D January 2006 1662.%R RFC 4250 1663.%T The Secure Shell (SSH) Protocol Assigned Numbers 1664.Re 1665.Pp 1666.Rs 1667.%A T. Ylonen 1668.%A C. Lonvick 1669.%D January 2006 1670.%R RFC 4251 1671.%T The Secure Shell (SSH) Protocol Architecture 1672.Re 1673.Pp 1674.Rs 1675.%A T. Ylonen 1676.%A C. Lonvick 1677.%D January 2006 1678.%R RFC 4252 1679.%T The Secure Shell (SSH) Authentication Protocol 1680.Re 1681.Pp 1682.Rs 1683.%A T. Ylonen 1684.%A C. Lonvick 1685.%D January 2006 1686.%R RFC 4253 1687.%T The Secure Shell (SSH) Transport Layer Protocol 1688.Re 1689.Pp 1690.Rs 1691.%A T. Ylonen 1692.%A C. Lonvick 1693.%D January 2006 1694.%R RFC 4254 1695.%T The Secure Shell (SSH) Connection Protocol 1696.Re 1697.Pp 1698.Rs 1699.%A J. Schlyter 1700.%A W. Griffin 1701.%D January 2006 1702.%R RFC 4255 1703.%T Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints 1704.Re 1705.Pp 1706.Rs 1707.%A F. Cusack 1708.%A M. Forssen 1709.%D January 2006 1710.%R RFC 4256 1711.%T Generic Message Exchange Authentication for the Secure Shell Protocol (SSH) 1712.Re 1713.Pp 1714.Rs 1715.%A J. Galbraith 1716.%A P. Remaker 1717.%D January 2006 1718.%R RFC 4335 1719.%T The Secure Shell (SSH) Session Channel Break Extension 1720.Re 1721.Pp 1722.Rs 1723.%A M. Bellare 1724.%A T. Kohno 1725.%A C. Namprempre 1726.%D January 2006 1727.%R RFC 4344 1728.%T The Secure Shell (SSH) Transport Layer Encryption Modes 1729.Re 1730.Pp 1731.Rs 1732.%A B. Harris 1733.%D January 2006 1734.%R RFC 4345 1735.%T Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol 1736.Re 1737.Pp 1738.Rs 1739.%A M. Friedl 1740.%A N. Provos 1741.%A W. Simpson 1742.%D March 2006 1743.%R RFC 4419 1744.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol 1745.Re 1746.Pp 1747.Rs 1748.%A J. Galbraith 1749.%A R. Thayer 1750.%D November 2006 1751.%R RFC 4716 1752.%T The Secure Shell (SSH) Public Key File Format 1753.Re 1754.Pp 1755.Rs 1756.%A D. Stebila 1757.%A J. Green 1758.%D December 2009 1759.%R RFC 5656 1760.%T Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer 1761.Re 1762.Pp 1763.Rs 1764.%A A. Perrig 1765.%A D. Song 1766.%D 1999 1767.%O International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) 1768.%T Hash Visualization: a New Technique to improve Real-World Security 1769.Re 1770.Sh AUTHORS 1771OpenSSH is a derivative of the original and free 1772ssh 1.2.12 release by Tatu Ylonen. 1773Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 1774Theo de Raadt and Dug Song 1775removed many bugs, re-added newer features and 1776created OpenSSH. 1777Markus Friedl contributed the support for SSH 1778protocol versions 1.5 and 2.0. 1779