xref: /freebsd/crypto/openssh/ssh.1 (revision cfd6422a5217410fbd66f7a7a8a64d9d85e61229)
1.\"
2.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4.\"                    All rights reserved
5.\"
6.\" As far as I am concerned, the code I have written for this software
7.\" can be used freely for any purpose.  Any derived versions of this
8.\" software must be clearly marked as such, and if the derived work is
9.\" incompatible with the protocol description in the RFC file, it must be
10.\" called by a name other than "ssh" or "Secure Shell".
11.\"
12.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
13.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
14.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
15.\"
16.\" Redistribution and use in source and binary forms, with or without
17.\" modification, are permitted provided that the following conditions
18.\" are met:
19.\" 1. Redistributions of source code must retain the above copyright
20.\"    notice, this list of conditions and the following disclaimer.
21.\" 2. Redistributions in binary form must reproduce the above copyright
22.\"    notice, this list of conditions and the following disclaimer in the
23.\"    documentation and/or other materials provided with the distribution.
24.\"
25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\"
36.\" $OpenBSD: ssh.1,v 1.399 2018/09/20 06:58:48 jmc Exp $
37.\" $FreeBSD$
38.Dd $Mdocdate: September 20 2018 $
39.Dt SSH 1
40.Os
41.Sh NAME
42.Nm ssh
43.Nd OpenSSH SSH client (remote login program)
44.Sh SYNOPSIS
45.Nm ssh
46.Op Fl 46AaCfGgKkMNnqsTtVvXxYy
47.Op Fl B Ar bind_interface
48.Op Fl b Ar bind_address
49.Op Fl c Ar cipher_spec
50.Op Fl D Oo Ar bind_address : Oc Ns Ar port
51.Op Fl E Ar log_file
52.Op Fl e Ar escape_char
53.Op Fl F Ar configfile
54.Op Fl I Ar pkcs11
55.Op Fl i Ar identity_file
56.Op Fl J Ar destination
57.Op Fl L Ar address
58.Op Fl l Ar login_name
59.Op Fl m Ar mac_spec
60.Op Fl O Ar ctl_cmd
61.Op Fl o Ar option
62.Op Fl p Ar port
63.Op Fl Q Ar query_option
64.Op Fl R Ar address
65.Op Fl S Ar ctl_path
66.Op Fl W Ar host : Ns Ar port
67.Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun
68.Ar destination
69.Op Ar command
70.Sh DESCRIPTION
71.Nm
72(SSH client) is a program for logging into a remote machine and for
73executing commands on a remote machine.
74It is intended to provide secure encrypted communications between
75two untrusted hosts over an insecure network.
76X11 connections, arbitrary TCP ports and
77.Ux Ns -domain
78sockets can also be forwarded over the secure channel.
79.Pp
80.Nm
81connects and logs into the specified
82.Ar destination ,
83which may be specified as either
84.Sm off
85.Oo user @ Oc hostname
86.Sm on
87or a URI of the form
88.Sm off
89.No ssh:// Oo user @ Oc hostname Op : port .
90.Sm on
91The user must prove
92his/her identity to the remote machine using one of several methods
93(see below).
94.Pp
95If a
96.Ar command
97is specified,
98it is executed on the remote host instead of a login shell.
99.Pp
100The options are as follows:
101.Pp
102.Bl -tag -width Ds -compact
103.It Fl 4
104Forces
105.Nm
106to use IPv4 addresses only.
107.Pp
108.It Fl 6
109Forces
110.Nm
111to use IPv6 addresses only.
112.Pp
113.It Fl A
114Enables forwarding of the authentication agent connection.
115This can also be specified on a per-host basis in a configuration file.
116.Pp
117Agent forwarding should be enabled with caution.
118Users with the ability to bypass file permissions on the remote host
119(for the agent's
120.Ux Ns -domain
121socket) can access the local agent through the forwarded connection.
122An attacker cannot obtain key material from the agent,
123however they can perform operations on the keys that enable them to
124authenticate using the identities loaded into the agent.
125.Pp
126.It Fl a
127Disables forwarding of the authentication agent connection.
128.Pp
129.It Fl B Ar bind_interface
130Bind to the address of
131.Ar bind_interface
132before attempting to connect to the destination host.
133This is only useful on systems with more than one address.
134.Pp
135.It Fl b Ar bind_address
136Use
137.Ar bind_address
138on the local machine as the source address
139of the connection.
140Only useful on systems with more than one address.
141.Pp
142.It Fl C
143Requests compression of all data (including stdin, stdout, stderr, and
144data for forwarded X11, TCP and
145.Ux Ns -domain
146connections).
147The compression algorithm is the same used by
148.Xr gzip 1 .
149Compression is desirable on modem lines and other
150slow connections, but will only slow down things on fast networks.
151The default value can be set on a host-by-host basis in the
152configuration files; see the
153.Cm Compression
154option.
155.Pp
156.It Fl c Ar cipher_spec
157Selects the cipher specification for encrypting the session.
158.Ar cipher_spec
159is a comma-separated list of ciphers
160listed in order of preference.
161See the
162.Cm Ciphers
163keyword in
164.Xr ssh_config 5
165for more information.
166.Pp
167.It Fl D Xo
168.Sm off
169.Oo Ar bind_address : Oc
170.Ar port
171.Sm on
172.Xc
173Specifies a local
174.Dq dynamic
175application-level port forwarding.
176This works by allocating a socket to listen to
177.Ar port
178on the local side, optionally bound to the specified
179.Ar bind_address .
180Whenever a connection is made to this port, the
181connection is forwarded over the secure channel, and the application
182protocol is then used to determine where to connect to from the
183remote machine.
184Currently the SOCKS4 and SOCKS5 protocols are supported, and
185.Nm
186will act as a SOCKS server.
187Only root can forward privileged ports.
188Dynamic port forwardings can also be specified in the configuration file.
189.Pp
190IPv6 addresses can be specified by enclosing the address in square brackets.
191Only the superuser can forward privileged ports.
192By default, the local port is bound in accordance with the
193.Cm GatewayPorts
194setting.
195However, an explicit
196.Ar bind_address
197may be used to bind the connection to a specific address.
198The
199.Ar bind_address
200of
201.Dq localhost
202indicates that the listening port be bound for local use only, while an
203empty address or
204.Sq *
205indicates that the port should be available from all interfaces.
206.Pp
207.It Fl E Ar log_file
208Append debug logs to
209.Ar log_file
210instead of standard error.
211.Pp
212.It Fl e Ar escape_char
213Sets the escape character for sessions with a pty (default:
214.Ql ~ ) .
215The escape character is only recognized at the beginning of a line.
216The escape character followed by a dot
217.Pq Ql \&.
218closes the connection;
219followed by control-Z suspends the connection;
220and followed by itself sends the escape character once.
221Setting the character to
222.Dq none
223disables any escapes and makes the session fully transparent.
224.Pp
225.It Fl F Ar configfile
226Specifies an alternative per-user configuration file.
227If a configuration file is given on the command line,
228the system-wide configuration file
229.Pq Pa /etc/ssh/ssh_config
230will be ignored.
231The default for the per-user configuration file is
232.Pa ~/.ssh/config .
233.Pp
234.It Fl f
235Requests
236.Nm
237to go to background just before command execution.
238This is useful if
239.Nm
240is going to ask for passwords or passphrases, but the user
241wants it in the background.
242This implies
243.Fl n .
244The recommended way to start X11 programs at a remote site is with
245something like
246.Ic ssh -f host xterm .
247.Pp
248If the
249.Cm ExitOnForwardFailure
250configuration option is set to
251.Dq yes ,
252then a client started with
253.Fl f
254will wait for all remote port forwards to be successfully established
255before placing itself in the background.
256.Pp
257.It Fl G
258Causes
259.Nm
260to print its configuration after evaluating
261.Cm Host
262and
263.Cm Match
264blocks and exit.
265.Pp
266.It Fl g
267Allows remote hosts to connect to local forwarded ports.
268If used on a multiplexed connection, then this option must be specified
269on the master process.
270.Pp
271.It Fl I Ar pkcs11
272Specify the PKCS#11 shared library
273.Nm
274should use to communicate with a PKCS#11 token providing the user's
275private RSA key.
276.Pp
277.It Fl i Ar identity_file
278Selects a file from which the identity (private key) for
279public key authentication is read.
280The default is
281.Pa ~/.ssh/id_dsa ,
282.Pa ~/.ssh/id_ecdsa ,
283.Pa ~/.ssh/id_ed25519
284and
285.Pa ~/.ssh/id_rsa .
286Identity files may also be specified on
287a per-host basis in the configuration file.
288It is possible to have multiple
289.Fl i
290options (and multiple identities specified in
291configuration files).
292If no certificates have been explicitly specified by the
293.Cm CertificateFile
294directive,
295.Nm
296will also try to load certificate information from the filename obtained
297by appending
298.Pa -cert.pub
299to identity filenames.
300.Pp
301.It Fl J Ar destination
302Connect to the target host by first making a
303.Nm
304connection to the jump host described by
305.Ar destination
306and then establishing a TCP forwarding to the ultimate destination from
307there.
308Multiple jump hops may be specified separated by comma characters.
309This is a shortcut to specify a
310.Cm ProxyJump
311configuration directive.
312.Pp
313.It Fl K
314Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI
315credentials to the server.
316.Pp
317.It Fl k
318Disables forwarding (delegation) of GSSAPI credentials to the server.
319.Pp
320.It Fl L Xo
321.Sm off
322.Oo Ar bind_address : Oc
323.Ar port : host : hostport
324.Sm on
325.Xc
326.It Fl L Xo
327.Sm off
328.Oo Ar bind_address : Oc
329.Ar port : remote_socket
330.Sm on
331.Xc
332.It Fl L Xo
333.Sm off
334.Ar local_socket : host : hostport
335.Sm on
336.Xc
337.It Fl L Xo
338.Sm off
339.Ar local_socket : remote_socket
340.Sm on
341.Xc
342Specifies that connections to the given TCP port or Unix socket on the local
343(client) host are to be forwarded to the given host and port, or Unix socket,
344on the remote side.
345This works by allocating a socket to listen to either a TCP
346.Ar port
347on the local side, optionally bound to the specified
348.Ar bind_address ,
349or to a Unix socket.
350Whenever a connection is made to the local port or socket, the
351connection is forwarded over the secure channel, and a connection is
352made to either
353.Ar host
354port
355.Ar hostport ,
356or the Unix socket
357.Ar remote_socket ,
358from the remote machine.
359.Pp
360Port forwardings can also be specified in the configuration file.
361Only the superuser can forward privileged ports.
362IPv6 addresses can be specified by enclosing the address in square brackets.
363.Pp
364By default, the local port is bound in accordance with the
365.Cm GatewayPorts
366setting.
367However, an explicit
368.Ar bind_address
369may be used to bind the connection to a specific address.
370The
371.Ar bind_address
372of
373.Dq localhost
374indicates that the listening port be bound for local use only, while an
375empty address or
376.Sq *
377indicates that the port should be available from all interfaces.
378.Pp
379.It Fl l Ar login_name
380Specifies the user to log in as on the remote machine.
381This also may be specified on a per-host basis in the configuration file.
382.Pp
383.It Fl M
384Places the
385.Nm
386client into
387.Dq master
388mode for connection sharing.
389Multiple
390.Fl M
391options places
392.Nm
393into
394.Dq master
395mode but with confirmation required using
396.Xr ssh-askpass 1
397before each operation that changes the multiplexing state
398(e.g. opening a new session).
399Refer to the description of
400.Cm ControlMaster
401in
402.Xr ssh_config 5
403for details.
404.Pp
405.It Fl m Ar mac_spec
406A comma-separated list of MAC (message authentication code) algorithms,
407specified in order of preference.
408See the
409.Cm MACs
410keyword for more information.
411.Pp
412.It Fl N
413Do not execute a remote command.
414This is useful for just forwarding ports.
415.Pp
416.It Fl n
417Redirects stdin from
418.Pa /dev/null
419(actually, prevents reading from stdin).
420This must be used when
421.Nm
422is run in the background.
423A common trick is to use this to run X11 programs on a remote machine.
424For example,
425.Ic ssh -n shadows.cs.hut.fi emacs &
426will start an emacs on shadows.cs.hut.fi, and the X11
427connection will be automatically forwarded over an encrypted channel.
428The
429.Nm
430program will be put in the background.
431(This does not work if
432.Nm
433needs to ask for a password or passphrase; see also the
434.Fl f
435option.)
436.Pp
437.It Fl O Ar ctl_cmd
438Control an active connection multiplexing master process.
439When the
440.Fl O
441option is specified, the
442.Ar ctl_cmd
443argument is interpreted and passed to the master process.
444Valid commands are:
445.Dq check
446(check that the master process is running),
447.Dq forward
448(request forwardings without command execution),
449.Dq cancel
450(cancel forwardings),
451.Dq exit
452(request the master to exit), and
453.Dq stop
454(request the master to stop accepting further multiplexing requests).
455.Pp
456.It Fl o Ar option
457Can be used to give options in the format used in the configuration file.
458This is useful for specifying options for which there is no separate
459command-line flag.
460For full details of the options listed below, and their possible values, see
461.Xr ssh_config 5 .
462.Pp
463.Bl -tag -width Ds -offset indent -compact
464.It AddKeysToAgent
465.It AddressFamily
466.It BatchMode
467.It BindAddress
468.It CanonicalDomains
469.It CanonicalizeFallbackLocal
470.It CanonicalizeHostname
471.It CanonicalizeMaxDots
472.It CanonicalizePermittedCNAMEs
473.It CASignatureAlgorithms
474.It CertificateFile
475.It ChallengeResponseAuthentication
476.It CheckHostIP
477.It Ciphers
478.It ClearAllForwardings
479.It Compression
480.It ConnectionAttempts
481.It ConnectTimeout
482.It ControlMaster
483.It ControlPath
484.It ControlPersist
485.It DynamicForward
486.It EscapeChar
487.It ExitOnForwardFailure
488.It FingerprintHash
489.It ForwardAgent
490.It ForwardX11
491.It ForwardX11Timeout
492.It ForwardX11Trusted
493.It GatewayPorts
494.It GlobalKnownHostsFile
495.It GSSAPIAuthentication
496.It GSSAPIDelegateCredentials
497.It HashKnownHosts
498.It Host
499.It HostbasedAuthentication
500.It HostbasedKeyTypes
501.It HostKeyAlgorithms
502.It HostKeyAlias
503.It HostName
504.It IdentitiesOnly
505.It IdentityAgent
506.It IdentityFile
507.It IPQoS
508.It KbdInteractiveAuthentication
509.It KbdInteractiveDevices
510.It KexAlgorithms
511.It LocalCommand
512.It LocalForward
513.It LogLevel
514.It MACs
515.It Match
516.It NoHostAuthenticationForLocalhost
517.It NumberOfPasswordPrompts
518.It PasswordAuthentication
519.It PermitLocalCommand
520.It PKCS11Provider
521.It Port
522.It PreferredAuthentications
523.It ProxyCommand
524.It ProxyJump
525.It ProxyUseFdpass
526.It PubkeyAcceptedKeyTypes
527.It PubkeyAuthentication
528.It RekeyLimit
529.It RemoteCommand
530.It RemoteForward
531.It RequestTTY
532.It SendEnv
533.It ServerAliveInterval
534.It ServerAliveCountMax
535.It SetEnv
536.It StreamLocalBindMask
537.It StreamLocalBindUnlink
538.It StrictHostKeyChecking
539.It TCPKeepAlive
540.It Tunnel
541.It TunnelDevice
542.It UpdateHostKeys
543.It User
544.It UserKnownHostsFile
545.It VerifyHostKeyDNS
546.It VersionAddendum
547.It VisualHostKey
548.It XAuthLocation
549.El
550.Pp
551.It Fl p Ar port
552Port to connect to on the remote host.
553This can be specified on a
554per-host basis in the configuration file.
555.Pp
556.It Fl Q Ar query_option
557Queries
558.Nm
559for the algorithms supported for the specified version 2.
560The available features are:
561.Ar cipher
562(supported symmetric ciphers),
563.Ar cipher-auth
564(supported symmetric ciphers that support authenticated encryption),
565.Ar help
566(supported query terms for use with the
567.Fl Q
568flag),
569.Ar mac
570(supported message integrity codes),
571.Ar kex
572(key exchange algorithms),
573.Ar key
574(key types),
575.Ar key-cert
576(certificate key types),
577.Ar key-plain
578(non-certificate key types),
579.Ar protocol-version
580(supported SSH protocol versions), and
581.Ar sig
582(supported signature algorithms).
583.Pp
584.It Fl q
585Quiet mode.
586Causes most warning and diagnostic messages to be suppressed.
587.Pp
588.It Fl R Xo
589.Sm off
590.Oo Ar bind_address : Oc
591.Ar port : host : hostport
592.Sm on
593.Xc
594.It Fl R Xo
595.Sm off
596.Oo Ar bind_address : Oc
597.Ar port : local_socket
598.Sm on
599.Xc
600.It Fl R Xo
601.Sm off
602.Ar remote_socket : host : hostport
603.Sm on
604.Xc
605.It Fl R Xo
606.Sm off
607.Ar remote_socket : local_socket
608.Sm on
609.Xc
610.It Fl R Xo
611.Sm off
612.Oo Ar bind_address : Oc
613.Ar port
614.Sm on
615.Xc
616Specifies that connections to the given TCP port or Unix socket on the remote
617(server) host are to be forwarded to the local side.
618.Pp
619This works by allocating a socket to listen to either a TCP
620.Ar port
621or to a Unix socket on the remote side.
622Whenever a connection is made to this port or Unix socket, the
623connection is forwarded over the secure channel, and a connection
624is made from the local machine to either an explicit destination specified by
625.Ar host
626port
627.Ar hostport ,
628or
629.Ar local_socket ,
630or, if no explicit destination was specified,
631.Nm
632will act as a SOCKS 4/5 proxy and forward connections to the destinations
633requested by the remote SOCKS client.
634.Pp
635Port forwardings can also be specified in the configuration file.
636Privileged ports can be forwarded only when
637logging in as root on the remote machine.
638IPv6 addresses can be specified by enclosing the address in square brackets.
639.Pp
640By default, TCP listening sockets on the server will be bound to the loopback
641interface only.
642This may be overridden by specifying a
643.Ar bind_address .
644An empty
645.Ar bind_address ,
646or the address
647.Ql * ,
648indicates that the remote socket should listen on all interfaces.
649Specifying a remote
650.Ar bind_address
651will only succeed if the server's
652.Cm GatewayPorts
653option is enabled (see
654.Xr sshd_config 5 ) .
655.Pp
656If the
657.Ar port
658argument is
659.Ql 0 ,
660the listen port will be dynamically allocated on the server and reported
661to the client at run time.
662When used together with
663.Ic -O forward
664the allocated port will be printed to the standard output.
665.Pp
666.It Fl S Ar ctl_path
667Specifies the location of a control socket for connection sharing,
668or the string
669.Dq none
670to disable connection sharing.
671Refer to the description of
672.Cm ControlPath
673and
674.Cm ControlMaster
675in
676.Xr ssh_config 5
677for details.
678.Pp
679.It Fl s
680May be used to request invocation of a subsystem on the remote system.
681Subsystems facilitate the use of SSH
682as a secure transport for other applications (e.g.\&
683.Xr sftp 1 ) .
684The subsystem is specified as the remote command.
685.Pp
686.It Fl T
687Disable pseudo-terminal allocation.
688.Pp
689.It Fl t
690Force pseudo-terminal allocation.
691This can be used to execute arbitrary
692screen-based programs on a remote machine, which can be very useful,
693e.g. when implementing menu services.
694Multiple
695.Fl t
696options force tty allocation, even if
697.Nm
698has no local tty.
699.Pp
700.It Fl V
701Display the version number and exit.
702.Pp
703.It Fl v
704Verbose mode.
705Causes
706.Nm
707to print debugging messages about its progress.
708This is helpful in
709debugging connection, authentication, and configuration problems.
710Multiple
711.Fl v
712options increase the verbosity.
713The maximum is 3.
714.Pp
715.It Fl W Ar host : Ns Ar port
716Requests that standard input and output on the client be forwarded to
717.Ar host
718on
719.Ar port
720over the secure channel.
721Implies
722.Fl N ,
723.Fl T ,
724.Cm ExitOnForwardFailure
725and
726.Cm ClearAllForwardings ,
727though these can be overridden in the configuration file or using
728.Fl o
729command line options.
730.Pp
731.It Fl w Xo
732.Ar local_tun Ns Op : Ns Ar remote_tun
733.Xc
734Requests
735tunnel
736device forwarding with the specified
737.Xr tun 4
738devices between the client
739.Pq Ar local_tun
740and the server
741.Pq Ar remote_tun .
742.Pp
743The devices may be specified by numerical ID or the keyword
744.Dq any ,
745which uses the next available tunnel device.
746If
747.Ar remote_tun
748is not specified, it defaults to
749.Dq any .
750See also the
751.Cm Tunnel
752and
753.Cm TunnelDevice
754directives in
755.Xr ssh_config 5 .
756.Pp
757If the
758.Cm Tunnel
759directive is unset, it will be set to the default tunnel mode, which is
760.Dq point-to-point .
761If a different
762.Cm Tunnel
763forwarding mode it desired, then it should be specified before
764.Fl w .
765.Pp
766.It Fl X
767Enables X11 forwarding.
768This can also be specified on a per-host basis in a configuration file.
769.Pp
770X11 forwarding should be enabled with caution.
771Users with the ability to bypass file permissions on the remote host
772(for the user's X authorization database)
773can access the local X11 display through the forwarded connection.
774An attacker may then be able to perform activities such as keystroke monitoring.
775.Pp
776For this reason, X11 forwarding is subjected to X11 SECURITY extension
777restrictions by default.
778Please refer to the
779.Nm
780.Fl Y
781option and the
782.Cm ForwardX11Trusted
783directive in
784.Xr ssh_config 5
785for more information.
786.Pp
787.It Fl x
788Disables X11 forwarding.
789.Pp
790.It Fl Y
791Enables trusted X11 forwarding.
792Trusted X11 forwardings are not subjected to the X11 SECURITY extension
793controls.
794.Pp
795.It Fl y
796Send log information using the
797.Xr syslog 3
798system module.
799By default this information is sent to stderr.
800.El
801.Pp
802.Nm
803may additionally obtain configuration data from
804a per-user configuration file and a system-wide configuration file.
805The file format and configuration options are described in
806.Xr ssh_config 5 .
807.Sh AUTHENTICATION
808The OpenSSH SSH client supports SSH protocol 2.
809.Pp
810The methods available for authentication are:
811GSSAPI-based authentication,
812host-based authentication,
813public key authentication,
814challenge-response authentication,
815and password authentication.
816Authentication methods are tried in the order specified above,
817though
818.Cm PreferredAuthentications
819can be used to change the default order.
820.Pp
821Host-based authentication works as follows:
822If the machine the user logs in from is listed in
823.Pa /etc/hosts.equiv
824or
825.Pa /etc/shosts.equiv
826on the remote machine, and the user names are
827the same on both sides, or if the files
828.Pa ~/.rhosts
829or
830.Pa ~/.shosts
831exist in the user's home directory on the
832remote machine and contain a line containing the name of the client
833machine and the name of the user on that machine, the user is
834considered for login.
835Additionally, the server
836.Em must
837be able to verify the client's
838host key (see the description of
839.Pa /etc/ssh/ssh_known_hosts
840and
841.Pa ~/.ssh/known_hosts ,
842below)
843for login to be permitted.
844This authentication method closes security holes due to IP
845spoofing, DNS spoofing, and routing spoofing.
846[Note to the administrator:
847.Pa /etc/hosts.equiv ,
848.Pa ~/.rhosts ,
849and the rlogin/rsh protocol in general, are inherently insecure and should be
850disabled if security is desired.]
851.Pp
852Public key authentication works as follows:
853The scheme is based on public-key cryptography,
854using cryptosystems
855where encryption and decryption are done using separate keys,
856and it is unfeasible to derive the decryption key from the encryption key.
857The idea is that each user creates a public/private
858key pair for authentication purposes.
859The server knows the public key, and only the user knows the private key.
860.Nm
861implements public key authentication protocol automatically,
862using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
863The HISTORY section of
864.Xr ssl 8
865contains a brief discussion of the DSA and RSA algorithms.
866.Pp
867The file
868.Pa ~/.ssh/authorized_keys
869lists the public keys that are permitted for logging in.
870When the user logs in, the
871.Nm
872program tells the server which key pair it would like to use for
873authentication.
874The client proves that it has access to the private key
875and the server checks that the corresponding public key
876is authorized to accept the account.
877.Pp
878The server may inform the client of errors that prevented public key
879authentication from succeeding after authentication completes using a
880different method.
881These may be viewed by increasing the
882.Cm LogLevel
883to
884.Cm DEBUG
885or higher (e.g. by using the
886.Fl v
887flag).
888.Pp
889The user creates his/her key pair by running
890.Xr ssh-keygen 1 .
891This stores the private key in
892.Pa ~/.ssh/id_dsa
893(DSA),
894.Pa ~/.ssh/id_ecdsa
895(ECDSA),
896.Pa ~/.ssh/id_ed25519
897(Ed25519),
898or
899.Pa ~/.ssh/id_rsa
900(RSA)
901and stores the public key in
902.Pa ~/.ssh/id_dsa.pub
903(DSA),
904.Pa ~/.ssh/id_ecdsa.pub
905(ECDSA),
906.Pa ~/.ssh/id_ed25519.pub
907(Ed25519),
908or
909.Pa ~/.ssh/id_rsa.pub
910(RSA)
911in the user's home directory.
912The user should then copy the public key
913to
914.Pa ~/.ssh/authorized_keys
915in his/her home directory on the remote machine.
916The
917.Pa authorized_keys
918file corresponds to the conventional
919.Pa ~/.rhosts
920file, and has one key
921per line, though the lines can be very long.
922After this, the user can log in without giving the password.
923.Pp
924A variation on public key authentication
925is available in the form of certificate authentication:
926instead of a set of public/private keys,
927signed certificates are used.
928This has the advantage that a single trusted certification authority
929can be used in place of many public/private keys.
930See the CERTIFICATES section of
931.Xr ssh-keygen 1
932for more information.
933.Pp
934The most convenient way to use public key or certificate authentication
935may be with an authentication agent.
936See
937.Xr ssh-agent 1
938and (optionally) the
939.Cm AddKeysToAgent
940directive in
941.Xr ssh_config 5
942for more information.
943.Pp
944Challenge-response authentication works as follows:
945The server sends an arbitrary
946.Qq challenge
947text, and prompts for a response.
948Examples of challenge-response authentication include
949.Bx
950Authentication (see
951.Xr login.conf 5 )
952and PAM (some
953.Pf non- Ox
954systems).
955.Pp
956Finally, if other authentication methods fail,
957.Nm
958prompts the user for a password.
959The password is sent to the remote
960host for checking; however, since all communications are encrypted,
961the password cannot be seen by someone listening on the network.
962.Pp
963.Nm
964automatically maintains and checks a database containing
965identification for all hosts it has ever been used with.
966Host keys are stored in
967.Pa ~/.ssh/known_hosts
968in the user's home directory.
969Additionally, the file
970.Pa /etc/ssh/ssh_known_hosts
971is automatically checked for known hosts.
972Any new hosts are automatically added to the user's file.
973If a host's identification ever changes,
974.Nm
975warns about this and disables password authentication to prevent
976server spoofing or man-in-the-middle attacks,
977which could otherwise be used to circumvent the encryption.
978The
979.Cm StrictHostKeyChecking
980option can be used to control logins to machines whose
981host key is not known or has changed.
982.Pp
983When the user's identity has been accepted by the server, the server
984either executes the given command in a non-interactive session or,
985if no command has been specified, logs into the machine and gives
986the user a normal shell as an interactive session.
987All communication with
988the remote command or shell will be automatically encrypted.
989.Pp
990If an interactive session is requested
991.Nm
992by default will only request a pseudo-terminal (pty) for interactive
993sessions when the client has one.
994The flags
995.Fl T
996and
997.Fl t
998can be used to override this behaviour.
999.Pp
1000If a pseudo-terminal has been allocated the
1001user may use the escape characters noted below.
1002.Pp
1003If no pseudo-terminal has been allocated,
1004the session is transparent and can be used to reliably transfer binary data.
1005On most systems, setting the escape character to
1006.Dq none
1007will also make the session transparent even if a tty is used.
1008.Pp
1009The session terminates when the command or shell on the remote
1010machine exits and all X11 and TCP connections have been closed.
1011.Sh ESCAPE CHARACTERS
1012When a pseudo-terminal has been requested,
1013.Nm
1014supports a number of functions through the use of an escape character.
1015.Pp
1016A single tilde character can be sent as
1017.Ic ~~
1018or by following the tilde by a character other than those described below.
1019The escape character must always follow a newline to be interpreted as
1020special.
1021The escape character can be changed in configuration files using the
1022.Cm EscapeChar
1023configuration directive or on the command line by the
1024.Fl e
1025option.
1026.Pp
1027The supported escapes (assuming the default
1028.Ql ~ )
1029are:
1030.Bl -tag -width Ds
1031.It Cm ~.
1032Disconnect.
1033.It Cm ~^Z
1034Background
1035.Nm .
1036.It Cm ~#
1037List forwarded connections.
1038.It Cm ~&
1039Background
1040.Nm
1041at logout when waiting for forwarded connection / X11 sessions to terminate.
1042.It Cm ~?
1043Display a list of escape characters.
1044.It Cm ~B
1045Send a BREAK to the remote system
1046(only useful if the peer supports it).
1047.It Cm ~C
1048Open command line.
1049Currently this allows the addition of port forwardings using the
1050.Fl L ,
1051.Fl R
1052and
1053.Fl D
1054options (see above).
1055It also allows the cancellation of existing port-forwardings
1056with
1057.Sm off
1058.Fl KL Oo Ar bind_address : Oc Ar port
1059.Sm on
1060for local,
1061.Sm off
1062.Fl KR Oo Ar bind_address : Oc Ar port
1063.Sm on
1064for remote and
1065.Sm off
1066.Fl KD Oo Ar bind_address : Oc Ar port
1067.Sm on
1068for dynamic port-forwardings.
1069.Ic !\& Ns Ar command
1070allows the user to execute a local command if the
1071.Ic PermitLocalCommand
1072option is enabled in
1073.Xr ssh_config 5 .
1074Basic help is available, using the
1075.Fl h
1076option.
1077.It Cm ~R
1078Request rekeying of the connection
1079(only useful if the peer supports it).
1080.It Cm ~V
1081Decrease the verbosity
1082.Pq Ic LogLevel
1083when errors are being written to stderr.
1084.It Cm ~v
1085Increase the verbosity
1086.Pq Ic LogLevel
1087when errors are being written to stderr.
1088.El
1089.Sh TCP FORWARDING
1090Forwarding of arbitrary TCP connections over the secure channel can
1091be specified either on the command line or in a configuration file.
1092One possible application of TCP forwarding is a secure connection to a
1093mail server; another is going through firewalls.
1094.Pp
1095In the example below, we look at encrypting communication between
1096an IRC client and server, even though the IRC server does not directly
1097support encrypted communications.
1098This works as follows:
1099the user connects to the remote host using
1100.Nm ,
1101specifying a port to be used to forward connections
1102to the remote server.
1103After that it is possible to start the service which is to be encrypted
1104on the client machine,
1105connecting to the same local port,
1106and
1107.Nm
1108will encrypt and forward the connection.
1109.Pp
1110The following example tunnels an IRC session from client machine
1111.Dq 127.0.0.1
1112(localhost)
1113to remote server
1114.Dq server.example.com :
1115.Bd -literal -offset 4n
1116$ ssh -f -L 1234:localhost:6667 server.example.com sleep 10
1117$ irc -c '#users' -p 1234 pinky 127.0.0.1
1118.Ed
1119.Pp
1120This tunnels a connection to IRC server
1121.Dq server.example.com ,
1122joining channel
1123.Dq #users ,
1124nickname
1125.Dq pinky ,
1126using port 1234.
1127It doesn't matter which port is used,
1128as long as it's greater than 1023
1129(remember, only root can open sockets on privileged ports)
1130and doesn't conflict with any ports already in use.
1131The connection is forwarded to port 6667 on the remote server,
1132since that's the standard port for IRC services.
1133.Pp
1134The
1135.Fl f
1136option backgrounds
1137.Nm
1138and the remote command
1139.Dq sleep 10
1140is specified to allow an amount of time
1141(10 seconds, in the example)
1142to start the service which is to be tunnelled.
1143If no connections are made within the time specified,
1144.Nm
1145will exit.
1146.Sh X11 FORWARDING
1147If the
1148.Cm ForwardX11
1149variable is set to
1150.Dq yes
1151(or see the description of the
1152.Fl X ,
1153.Fl x ,
1154and
1155.Fl Y
1156options above)
1157and the user is using X11 (the
1158.Ev DISPLAY
1159environment variable is set), the connection to the X11 display is
1160automatically forwarded to the remote side in such a way that any X11
1161programs started from the shell (or command) will go through the
1162encrypted channel, and the connection to the real X server will be made
1163from the local machine.
1164The user should not manually set
1165.Ev DISPLAY .
1166Forwarding of X11 connections can be
1167configured on the command line or in configuration files.
1168.Pp
1169The
1170.Ev DISPLAY
1171value set by
1172.Nm
1173will point to the server machine, but with a display number greater than zero.
1174This is normal, and happens because
1175.Nm
1176creates a
1177.Dq proxy
1178X server on the server machine for forwarding the
1179connections over the encrypted channel.
1180.Pp
1181.Nm
1182will also automatically set up Xauthority data on the server machine.
1183For this purpose, it will generate a random authorization cookie,
1184store it in Xauthority on the server, and verify that any forwarded
1185connections carry this cookie and replace it by the real cookie when
1186the connection is opened.
1187The real authentication cookie is never
1188sent to the server machine (and no cookies are sent in the plain).
1189.Pp
1190If the
1191.Cm ForwardAgent
1192variable is set to
1193.Dq yes
1194(or see the description of the
1195.Fl A
1196and
1197.Fl a
1198options above) and
1199the user is using an authentication agent, the connection to the agent
1200is automatically forwarded to the remote side.
1201.Sh VERIFYING HOST KEYS
1202When connecting to a server for the first time,
1203a fingerprint of the server's public key is presented to the user
1204(unless the option
1205.Cm StrictHostKeyChecking
1206has been disabled).
1207Fingerprints can be determined using
1208.Xr ssh-keygen 1 :
1209.Pp
1210.Dl $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
1211.Pp
1212If the fingerprint is already known, it can be matched
1213and the key can be accepted or rejected.
1214If only legacy (MD5) fingerprints for the server are available, the
1215.Xr ssh-keygen 1
1216.Fl E
1217option may be used to downgrade the fingerprint algorithm to match.
1218.Pp
1219Because of the difficulty of comparing host keys
1220just by looking at fingerprint strings,
1221there is also support to compare host keys visually,
1222using
1223.Em random art .
1224By setting the
1225.Cm VisualHostKey
1226option to
1227.Dq yes ,
1228a small ASCII graphic gets displayed on every login to a server, no matter
1229if the session itself is interactive or not.
1230By learning the pattern a known server produces, a user can easily
1231find out that the host key has changed when a completely different pattern
1232is displayed.
1233Because these patterns are not unambiguous however, a pattern that looks
1234similar to the pattern remembered only gives a good probability that the
1235host key is the same, not guaranteed proof.
1236.Pp
1237To get a listing of the fingerprints along with their random art for
1238all known hosts, the following command line can be used:
1239.Pp
1240.Dl $ ssh-keygen -lv -f ~/.ssh/known_hosts
1241.Pp
1242If the fingerprint is unknown,
1243an alternative method of verification is available:
1244SSH fingerprints verified by DNS.
1245An additional resource record (RR),
1246SSHFP,
1247is added to a zonefile
1248and the connecting client is able to match the fingerprint
1249with that of the key presented.
1250.Pp
1251In this example, we are connecting a client to a server,
1252.Dq host.example.com .
1253The SSHFP resource records should first be added to the zonefile for
1254host.example.com:
1255.Bd -literal -offset indent
1256$ ssh-keygen -r host.example.com.
1257.Ed
1258.Pp
1259The output lines will have to be added to the zonefile.
1260To check that the zone is answering fingerprint queries:
1261.Pp
1262.Dl $ dig -t SSHFP host.example.com
1263.Pp
1264Finally the client connects:
1265.Bd -literal -offset indent
1266$ ssh -o "VerifyHostKeyDNS ask" host.example.com
1267[...]
1268Matching host key fingerprint found in DNS.
1269Are you sure you want to continue connecting (yes/no)?
1270.Ed
1271.Pp
1272See the
1273.Cm VerifyHostKeyDNS
1274option in
1275.Xr ssh_config 5
1276for more information.
1277.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
1278.Nm
1279contains support for Virtual Private Network (VPN) tunnelling
1280using the
1281.Xr tun 4
1282network pseudo-device,
1283allowing two networks to be joined securely.
1284The
1285.Xr sshd_config 5
1286configuration option
1287.Cm PermitTunnel
1288controls whether the server supports this,
1289and at what level (layer 2 or 3 traffic).
1290.Pp
1291The following example would connect client network 10.0.50.0/24
1292with remote network 10.0.99.0/24 using a point-to-point connection
1293from 10.1.1.1 to 10.1.1.2,
1294provided that the SSH server running on the gateway to the remote network,
1295at 192.168.1.15, allows it.
1296.Pp
1297On the client:
1298.Bd -literal -offset indent
1299# ssh -f -w 0:1 192.168.1.15 true
1300# ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252
1301# route add 10.0.99.0/24 10.1.1.2
1302.Ed
1303.Pp
1304On the server:
1305.Bd -literal -offset indent
1306# ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252
1307# route add 10.0.50.0/24 10.1.1.1
1308.Ed
1309.Pp
1310Client access may be more finely tuned via the
1311.Pa /root/.ssh/authorized_keys
1312file (see below) and the
1313.Cm PermitRootLogin
1314server option.
1315The following entry would permit connections on
1316.Xr tun 4
1317device 1 from user
1318.Dq jane
1319and on tun device 2 from user
1320.Dq john ,
1321if
1322.Cm PermitRootLogin
1323is set to
1324.Dq forced-commands-only :
1325.Bd -literal -offset 2n
1326tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
1327tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john
1328.Ed
1329.Pp
1330Since an SSH-based setup entails a fair amount of overhead,
1331it may be more suited to temporary setups,
1332such as for wireless VPNs.
1333More permanent VPNs are better provided by tools such as
1334.Xr ipsecctl 8
1335and
1336.Xr isakmpd 8 .
1337.Sh ENVIRONMENT
1338.Nm
1339will normally set the following environment variables:
1340.Bl -tag -width "SSH_ORIGINAL_COMMAND"
1341.It Ev DISPLAY
1342The
1343.Ev DISPLAY
1344variable indicates the location of the X11 server.
1345It is automatically set by
1346.Nm
1347to point to a value of the form
1348.Dq hostname:n ,
1349where
1350.Dq hostname
1351indicates the host where the shell runs, and
1352.Sq n
1353is an integer \*(Ge 1.
1354.Nm
1355uses this special value to forward X11 connections over the secure
1356channel.
1357The user should normally not set
1358.Ev DISPLAY
1359explicitly, as that
1360will render the X11 connection insecure (and will require the user to
1361manually copy any required authorization cookies).
1362.It Ev HOME
1363Set to the path of the user's home directory.
1364.It Ev LOGNAME
1365Synonym for
1366.Ev USER ;
1367set for compatibility with systems that use this variable.
1368.It Ev MAIL
1369Set to the path of the user's mailbox.
1370.It Ev PATH
1371Set to the default
1372.Ev PATH ,
1373as specified when compiling
1374.Nm .
1375.It Ev SSH_ASKPASS
1376If
1377.Nm
1378needs a passphrase, it will read the passphrase from the current
1379terminal if it was run from a terminal.
1380If
1381.Nm
1382does not have a terminal associated with it but
1383.Ev DISPLAY
1384and
1385.Ev SSH_ASKPASS
1386are set, it will execute the program specified by
1387.Ev SSH_ASKPASS
1388and open an X11 window to read the passphrase.
1389This is particularly useful when calling
1390.Nm
1391from a
1392.Pa .xsession
1393or related script.
1394(Note that on some machines it
1395may be necessary to redirect the input from
1396.Pa /dev/null
1397to make this work.)
1398.It Ev SSH_AUTH_SOCK
1399Identifies the path of a
1400.Ux Ns -domain
1401socket used to communicate with the agent.
1402.It Ev SSH_CONNECTION
1403Identifies the client and server ends of the connection.
1404The variable contains
1405four space-separated values: client IP address, client port number,
1406server IP address, and server port number.
1407.It Ev SSH_ORIGINAL_COMMAND
1408This variable contains the original command line if a forced command
1409is executed.
1410It can be used to extract the original arguments.
1411.It Ev SSH_TTY
1412This is set to the name of the tty (path to the device) associated
1413with the current shell or command.
1414If the current session has no tty,
1415this variable is not set.
1416.It Ev SSH_TUNNEL
1417Optionally set by
1418.Xr sshd 8
1419to contain the interface names assigned if tunnel forwarding was
1420requested by the client.
1421.It Ev SSH_USER_AUTH
1422Optionally set by
1423.Xr sshd 8 ,
1424this variable may contain a pathname to a file that lists the authentication
1425methods successfully used when the session was established, including any
1426public keys that were used.
1427.It Ev TZ
1428This variable is set to indicate the present time zone if it
1429was set when the daemon was started (i.e. the daemon passes the value
1430on to new connections).
1431.It Ev USER
1432Set to the name of the user logging in.
1433.El
1434.Pp
1435Additionally,
1436.Nm
1437reads
1438.Pa ~/.ssh/environment ,
1439and adds lines of the format
1440.Dq VARNAME=value
1441to the environment if the file exists and users are allowed to
1442change their environment.
1443For more information, see the
1444.Cm PermitUserEnvironment
1445option in
1446.Xr sshd_config 5 .
1447.Sh FILES
1448.Bl -tag -width Ds -compact
1449.It Pa ~/.rhosts
1450This file is used for host-based authentication (see above).
1451On some machines this file may need to be
1452world-readable if the user's home directory is on an NFS partition,
1453because
1454.Xr sshd 8
1455reads it as root.
1456Additionally, this file must be owned by the user,
1457and must not have write permissions for anyone else.
1458The recommended
1459permission for most machines is read/write for the user, and not
1460accessible by others.
1461.Pp
1462.It Pa ~/.shosts
1463This file is used in exactly the same way as
1464.Pa .rhosts ,
1465but allows host-based authentication without permitting login with
1466rlogin/rsh.
1467.Pp
1468.It Pa ~/.ssh/
1469This directory is the default location for all user-specific configuration
1470and authentication information.
1471There is no general requirement to keep the entire contents of this directory
1472secret, but the recommended permissions are read/write/execute for the user,
1473and not accessible by others.
1474.Pp
1475.It Pa ~/.ssh/authorized_keys
1476Lists the public keys (DSA, ECDSA, Ed25519, RSA)
1477that can be used for logging in as this user.
1478The format of this file is described in the
1479.Xr sshd 8
1480manual page.
1481This file is not highly sensitive, but the recommended
1482permissions are read/write for the user, and not accessible by others.
1483.Pp
1484.It Pa ~/.ssh/config
1485This is the per-user configuration file.
1486The file format and configuration options are described in
1487.Xr ssh_config 5 .
1488Because of the potential for abuse, this file must have strict permissions:
1489read/write for the user, and not writable by others.
1490.Pp
1491.It Pa ~/.ssh/environment
1492Contains additional definitions for environment variables; see
1493.Sx ENVIRONMENT ,
1494above.
1495.Pp
1496.It Pa ~/.ssh/id_dsa
1497.It Pa ~/.ssh/id_ecdsa
1498.It Pa ~/.ssh/id_ed25519
1499.It Pa ~/.ssh/id_rsa
1500Contains the private key for authentication.
1501These files
1502contain sensitive data and should be readable by the user but not
1503accessible by others (read/write/execute).
1504.Nm
1505will simply ignore a private key file if it is accessible by others.
1506It is possible to specify a passphrase when
1507generating the key which will be used to encrypt the
1508sensitive part of this file using AES-128.
1509.Pp
1510.It Pa ~/.ssh/id_dsa.pub
1511.It Pa ~/.ssh/id_ecdsa.pub
1512.It Pa ~/.ssh/id_ed25519.pub
1513.It Pa ~/.ssh/id_rsa.pub
1514Contains the public key for authentication.
1515These files are not
1516sensitive and can (but need not) be readable by anyone.
1517.Pp
1518.It Pa ~/.ssh/known_hosts
1519Contains a list of host keys for all hosts the user has logged into
1520that are not already in the systemwide list of known host keys.
1521See
1522.Xr sshd 8
1523for further details of the format of this file.
1524.Pp
1525.It Pa ~/.ssh/rc
1526Commands in this file are executed by
1527.Nm
1528when the user logs in, just before the user's shell (or command) is
1529started.
1530See the
1531.Xr sshd 8
1532manual page for more information.
1533.Pp
1534.It Pa /etc/hosts.equiv
1535This file is for host-based authentication (see above).
1536It should only be writable by root.
1537.Pp
1538.It Pa /etc/shosts.equiv
1539This file is used in exactly the same way as
1540.Pa hosts.equiv ,
1541but allows host-based authentication without permitting login with
1542rlogin/rsh.
1543.Pp
1544.It Pa /etc/ssh/ssh_config
1545Systemwide configuration file.
1546The file format and configuration options are described in
1547.Xr ssh_config 5 .
1548.Pp
1549.It Pa /etc/ssh/ssh_host_key
1550.It Pa /etc/ssh/ssh_host_dsa_key
1551.It Pa /etc/ssh/ssh_host_ecdsa_key
1552.It Pa /etc/ssh/ssh_host_ed25519_key
1553.It Pa /etc/ssh/ssh_host_rsa_key
1554These files contain the private parts of the host keys
1555and are used for host-based authentication.
1556.Pp
1557.It Pa /etc/ssh/ssh_known_hosts
1558Systemwide list of known host keys.
1559This file should be prepared by the
1560system administrator to contain the public host keys of all machines in the
1561organization.
1562It should be world-readable.
1563See
1564.Xr sshd 8
1565for further details of the format of this file.
1566.Pp
1567.It Pa /etc/ssh/sshrc
1568Commands in this file are executed by
1569.Nm
1570when the user logs in, just before the user's shell (or command) is started.
1571See the
1572.Xr sshd 8
1573manual page for more information.
1574.El
1575.Sh EXIT STATUS
1576.Nm
1577exits with the exit status of the remote command or with 255
1578if an error occurred.
1579.Sh SEE ALSO
1580.Xr scp 1 ,
1581.Xr sftp 1 ,
1582.Xr ssh-add 1 ,
1583.Xr ssh-agent 1 ,
1584.Xr ssh-keygen 1 ,
1585.Xr ssh-keyscan 1 ,
1586.Xr tun 4 ,
1587.Xr ssh_config 5 ,
1588.Xr ssh-keysign 8 ,
1589.Xr sshd 8
1590.Sh STANDARDS
1591.Rs
1592.%A S. Lehtinen
1593.%A C. Lonvick
1594.%D January 2006
1595.%R RFC 4250
1596.%T The Secure Shell (SSH) Protocol Assigned Numbers
1597.Re
1598.Pp
1599.Rs
1600.%A T. Ylonen
1601.%A C. Lonvick
1602.%D January 2006
1603.%R RFC 4251
1604.%T The Secure Shell (SSH) Protocol Architecture
1605.Re
1606.Pp
1607.Rs
1608.%A T. Ylonen
1609.%A C. Lonvick
1610.%D January 2006
1611.%R RFC 4252
1612.%T The Secure Shell (SSH) Authentication Protocol
1613.Re
1614.Pp
1615.Rs
1616.%A T. Ylonen
1617.%A C. Lonvick
1618.%D January 2006
1619.%R RFC 4253
1620.%T The Secure Shell (SSH) Transport Layer Protocol
1621.Re
1622.Pp
1623.Rs
1624.%A T. Ylonen
1625.%A C. Lonvick
1626.%D January 2006
1627.%R RFC 4254
1628.%T The Secure Shell (SSH) Connection Protocol
1629.Re
1630.Pp
1631.Rs
1632.%A J. Schlyter
1633.%A W. Griffin
1634.%D January 2006
1635.%R RFC 4255
1636.%T Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
1637.Re
1638.Pp
1639.Rs
1640.%A F. Cusack
1641.%A M. Forssen
1642.%D January 2006
1643.%R RFC 4256
1644.%T Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)
1645.Re
1646.Pp
1647.Rs
1648.%A J. Galbraith
1649.%A P. Remaker
1650.%D January 2006
1651.%R RFC 4335
1652.%T The Secure Shell (SSH) Session Channel Break Extension
1653.Re
1654.Pp
1655.Rs
1656.%A M. Bellare
1657.%A T. Kohno
1658.%A C. Namprempre
1659.%D January 2006
1660.%R RFC 4344
1661.%T The Secure Shell (SSH) Transport Layer Encryption Modes
1662.Re
1663.Pp
1664.Rs
1665.%A B. Harris
1666.%D January 2006
1667.%R RFC 4345
1668.%T Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol
1669.Re
1670.Pp
1671.Rs
1672.%A M. Friedl
1673.%A N. Provos
1674.%A W. Simpson
1675.%D March 2006
1676.%R RFC 4419
1677.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol
1678.Re
1679.Pp
1680.Rs
1681.%A J. Galbraith
1682.%A R. Thayer
1683.%D November 2006
1684.%R RFC 4716
1685.%T The Secure Shell (SSH) Public Key File Format
1686.Re
1687.Pp
1688.Rs
1689.%A D. Stebila
1690.%A J. Green
1691.%D December 2009
1692.%R RFC 5656
1693.%T Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer
1694.Re
1695.Pp
1696.Rs
1697.%A A. Perrig
1698.%A D. Song
1699.%D 1999
1700.%O International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99)
1701.%T Hash Visualization: a New Technique to improve Real-World Security
1702.Re
1703.Sh AUTHORS
1704OpenSSH is a derivative of the original and free
1705ssh 1.2.12 release by Tatu Ylonen.
1706Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
1707Theo de Raadt and Dug Song
1708removed many bugs, re-added newer features and
1709created OpenSSH.
1710Markus Friedl contributed the support for SSH
1711protocol versions 1.5 and 2.0.
1712