xref: /freebsd/crypto/openssh/ssh.1 (revision d3d381b2b194b4d24853e92eecef55f262688d1a)
1.\"
2.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
4.\"                    All rights reserved
5.\"
6.\" As far as I am concerned, the code I have written for this software
7.\" can be used freely for any purpose.  Any derived versions of this
8.\" software must be clearly marked as such, and if the derived work is
9.\" incompatible with the protocol description in the RFC file, it must be
10.\" called by a name other than "ssh" or "Secure Shell".
11.\"
12.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
13.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
14.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
15.\"
16.\" Redistribution and use in source and binary forms, with or without
17.\" modification, are permitted provided that the following conditions
18.\" are met:
19.\" 1. Redistributions of source code must retain the above copyright
20.\"    notice, this list of conditions and the following disclaimer.
21.\" 2. Redistributions in binary form must reproduce the above copyright
22.\"    notice, this list of conditions and the following disclaimer in the
23.\"    documentation and/or other materials provided with the distribution.
24.\"
25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\"
36.\" $OpenBSD: ssh.1,v 1.391 2018/02/23 07:38:09 jmc Exp $
37.\" $FreeBSD$
38.Dd $Mdocdate: February 23 2018 $
39.Dt SSH 1
40.Os
41.Sh NAME
42.Nm ssh
43.Nd OpenSSH SSH client (remote login program)
44.Sh SYNOPSIS
45.Nm ssh
46.Op Fl 46AaCfGgKkMNnqsTtVvXxYy
47.Op Fl B Ar bind_interface
48.Op Fl b Ar bind_address
49.Op Fl c Ar cipher_spec
50.Op Fl D Oo Ar bind_address : Oc Ns Ar port
51.Op Fl E Ar log_file
52.Op Fl e Ar escape_char
53.Op Fl F Ar configfile
54.Op Fl I Ar pkcs11
55.Op Fl i Ar identity_file
56.Op Fl J Ar destination
57.Op Fl L Ar address
58.Op Fl l Ar login_name
59.Op Fl m Ar mac_spec
60.Op Fl O Ar ctl_cmd
61.Op Fl o Ar option
62.Op Fl p Ar port
63.Op Fl Q Ar query_option
64.Op Fl R Ar address
65.Op Fl S Ar ctl_path
66.Op Fl W Ar host : Ns Ar port
67.Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun
68.Ar destination
69.Op Ar command
70.Sh DESCRIPTION
71.Nm
72(SSH client) is a program for logging into a remote machine and for
73executing commands on a remote machine.
74It is intended to provide secure encrypted communications between
75two untrusted hosts over an insecure network.
76X11 connections, arbitrary TCP ports and
77.Ux Ns -domain
78sockets can also be forwarded over the secure channel.
79.Pp
80.Nm
81connects and logs into the specified
82.Ar destination ,
83which may be specified as either
84.Sm off
85.Oo user @ Oc hostname
86.Sm on
87or a URI of the form
88.Sm off
89.No ssh:// Oo user @ Oc hostname Op : port .
90.Sm on
91The user must prove
92his/her identity to the remote machine using one of several methods
93(see below).
94.Pp
95If a
96.Ar command
97is specified,
98it is executed on the remote host instead of a login shell.
99.Pp
100The options are as follows:
101.Pp
102.Bl -tag -width Ds -compact
103.It Fl 4
104Forces
105.Nm
106to use IPv4 addresses only.
107.Pp
108.It Fl 6
109Forces
110.Nm
111to use IPv6 addresses only.
112.Pp
113.It Fl A
114Enables forwarding of the authentication agent connection.
115This can also be specified on a per-host basis in a configuration file.
116.Pp
117Agent forwarding should be enabled with caution.
118Users with the ability to bypass file permissions on the remote host
119(for the agent's
120.Ux Ns -domain
121socket) can access the local agent through the forwarded connection.
122An attacker cannot obtain key material from the agent,
123however they can perform operations on the keys that enable them to
124authenticate using the identities loaded into the agent.
125.Pp
126.It Fl a
127Disables forwarding of the authentication agent connection.
128.Pp
129.It Fl B Ar bind_interface
130Bind to the address of
131.Ar bind_interface
132before attempting to connect to the destination host.
133This is only useful on systems with more than one address.
134.Pp
135.It Fl b Ar bind_address
136Use
137.Ar bind_address
138on the local machine as the source address
139of the connection.
140Only useful on systems with more than one address.
141.Pp
142.It Fl C
143Requests compression of all data (including stdin, stdout, stderr, and
144data for forwarded X11, TCP and
145.Ux Ns -domain
146connections).
147The compression algorithm is the same used by
148.Xr gzip 1 .
149Compression is desirable on modem lines and other
150slow connections, but will only slow down things on fast networks.
151The default value can be set on a host-by-host basis in the
152configuration files; see the
153.Cm Compression
154option.
155.Pp
156.It Fl c Ar cipher_spec
157Selects the cipher specification for encrypting the session.
158.Ar cipher_spec
159is a comma-separated list of ciphers
160listed in order of preference.
161See the
162.Cm Ciphers
163keyword in
164.Xr ssh_config 5
165for more information.
166.Pp
167.It Fl D Xo
168.Sm off
169.Oo Ar bind_address : Oc
170.Ar port
171.Sm on
172.Xc
173Specifies a local
174.Dq dynamic
175application-level port forwarding.
176This works by allocating a socket to listen to
177.Ar port
178on the local side, optionally bound to the specified
179.Ar bind_address .
180Whenever a connection is made to this port, the
181connection is forwarded over the secure channel, and the application
182protocol is then used to determine where to connect to from the
183remote machine.
184Currently the SOCKS4 and SOCKS5 protocols are supported, and
185.Nm
186will act as a SOCKS server.
187Only root can forward privileged ports.
188Dynamic port forwardings can also be specified in the configuration file.
189.Pp
190IPv6 addresses can be specified by enclosing the address in square brackets.
191Only the superuser can forward privileged ports.
192By default, the local port is bound in accordance with the
193.Cm GatewayPorts
194setting.
195However, an explicit
196.Ar bind_address
197may be used to bind the connection to a specific address.
198The
199.Ar bind_address
200of
201.Dq localhost
202indicates that the listening port be bound for local use only, while an
203empty address or
204.Sq *
205indicates that the port should be available from all interfaces.
206.Pp
207.It Fl E Ar log_file
208Append debug logs to
209.Ar log_file
210instead of standard error.
211.Pp
212.It Fl e Ar escape_char
213Sets the escape character for sessions with a pty (default:
214.Ql ~ ) .
215The escape character is only recognized at the beginning of a line.
216The escape character followed by a dot
217.Pq Ql \&.
218closes the connection;
219followed by control-Z suspends the connection;
220and followed by itself sends the escape character once.
221Setting the character to
222.Dq none
223disables any escapes and makes the session fully transparent.
224.Pp
225.It Fl F Ar configfile
226Specifies an alternative per-user configuration file.
227If a configuration file is given on the command line,
228the system-wide configuration file
229.Pq Pa /etc/ssh/ssh_config
230will be ignored.
231The default for the per-user configuration file is
232.Pa ~/.ssh/config .
233.Pp
234.It Fl f
235Requests
236.Nm
237to go to background just before command execution.
238This is useful if
239.Nm
240is going to ask for passwords or passphrases, but the user
241wants it in the background.
242This implies
243.Fl n .
244The recommended way to start X11 programs at a remote site is with
245something like
246.Ic ssh -f host xterm .
247.Pp
248If the
249.Cm ExitOnForwardFailure
250configuration option is set to
251.Dq yes ,
252then a client started with
253.Fl f
254will wait for all remote port forwards to be successfully established
255before placing itself in the background.
256.Pp
257.It Fl G
258Causes
259.Nm
260to print its configuration after evaluating
261.Cm Host
262and
263.Cm Match
264blocks and exit.
265.Pp
266.It Fl g
267Allows remote hosts to connect to local forwarded ports.
268If used on a multiplexed connection, then this option must be specified
269on the master process.
270.Pp
271.It Fl I Ar pkcs11
272Specify the PKCS#11 shared library
273.Nm
274should use to communicate with a PKCS#11 token providing the user's
275private RSA key.
276.Pp
277.It Fl i Ar identity_file
278Selects a file from which the identity (private key) for
279public key authentication is read.
280The default is
281.Pa ~/.ssh/id_dsa ,
282.Pa ~/.ssh/id_ecdsa ,
283.Pa ~/.ssh/id_ed25519
284and
285.Pa ~/.ssh/id_rsa .
286Identity files may also be specified on
287a per-host basis in the configuration file.
288It is possible to have multiple
289.Fl i
290options (and multiple identities specified in
291configuration files).
292If no certificates have been explicitly specified by the
293.Cm CertificateFile
294directive,
295.Nm
296will also try to load certificate information from the filename obtained
297by appending
298.Pa -cert.pub
299to identity filenames.
300.Pp
301.It Fl J Ar destination
302Connect to the target host by first making a
303.Nm
304connection to the jump host described by
305.Ar destination
306and then establishing a TCP forwarding to the ultimate destination from
307there.
308Multiple jump hops may be specified separated by comma characters.
309This is a shortcut to specify a
310.Cm ProxyJump
311configuration directive.
312.Pp
313.It Fl K
314Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI
315credentials to the server.
316.Pp
317.It Fl k
318Disables forwarding (delegation) of GSSAPI credentials to the server.
319.Pp
320.It Fl L Xo
321.Sm off
322.Oo Ar bind_address : Oc
323.Ar port : host : hostport
324.Sm on
325.Xc
326.It Fl L Xo
327.Sm off
328.Oo Ar bind_address : Oc
329.Ar port : remote_socket
330.Sm on
331.Xc
332.It Fl L Xo
333.Sm off
334.Ar local_socket : host : hostport
335.Sm on
336.Xc
337.It Fl L Xo
338.Sm off
339.Ar local_socket : remote_socket
340.Sm on
341.Xc
342Specifies that connections to the given TCP port or Unix socket on the local
343(client) host are to be forwarded to the given host and port, or Unix socket,
344on the remote side.
345This works by allocating a socket to listen to either a TCP
346.Ar port
347on the local side, optionally bound to the specified
348.Ar bind_address ,
349or to a Unix socket.
350Whenever a connection is made to the local port or socket, the
351connection is forwarded over the secure channel, and a connection is
352made to either
353.Ar host
354port
355.Ar hostport ,
356or the Unix socket
357.Ar remote_socket ,
358from the remote machine.
359.Pp
360Port forwardings can also be specified in the configuration file.
361Only the superuser can forward privileged ports.
362IPv6 addresses can be specified by enclosing the address in square brackets.
363.Pp
364By default, the local port is bound in accordance with the
365.Cm GatewayPorts
366setting.
367However, an explicit
368.Ar bind_address
369may be used to bind the connection to a specific address.
370The
371.Ar bind_address
372of
373.Dq localhost
374indicates that the listening port be bound for local use only, while an
375empty address or
376.Sq *
377indicates that the port should be available from all interfaces.
378.Pp
379.It Fl l Ar login_name
380Specifies the user to log in as on the remote machine.
381This also may be specified on a per-host basis in the configuration file.
382.Pp
383.It Fl M
384Places the
385.Nm
386client into
387.Dq master
388mode for connection sharing.
389Multiple
390.Fl M
391options places
392.Nm
393into
394.Dq master
395mode with confirmation required before slave connections are accepted.
396Refer to the description of
397.Cm ControlMaster
398in
399.Xr ssh_config 5
400for details.
401.Pp
402.It Fl m Ar mac_spec
403A comma-separated list of MAC (message authentication code) algorithms,
404specified in order of preference.
405See the
406.Cm MACs
407keyword for more information.
408.Pp
409.It Fl N
410Do not execute a remote command.
411This is useful for just forwarding ports.
412.Pp
413.It Fl n
414Redirects stdin from
415.Pa /dev/null
416(actually, prevents reading from stdin).
417This must be used when
418.Nm
419is run in the background.
420A common trick is to use this to run X11 programs on a remote machine.
421For example,
422.Ic ssh -n shadows.cs.hut.fi emacs &
423will start an emacs on shadows.cs.hut.fi, and the X11
424connection will be automatically forwarded over an encrypted channel.
425The
426.Nm
427program will be put in the background.
428(This does not work if
429.Nm
430needs to ask for a password or passphrase; see also the
431.Fl f
432option.)
433.Pp
434.It Fl O Ar ctl_cmd
435Control an active connection multiplexing master process.
436When the
437.Fl O
438option is specified, the
439.Ar ctl_cmd
440argument is interpreted and passed to the master process.
441Valid commands are:
442.Dq check
443(check that the master process is running),
444.Dq forward
445(request forwardings without command execution),
446.Dq cancel
447(cancel forwardings),
448.Dq exit
449(request the master to exit), and
450.Dq stop
451(request the master to stop accepting further multiplexing requests).
452.Pp
453.It Fl o Ar option
454Can be used to give options in the format used in the configuration file.
455This is useful for specifying options for which there is no separate
456command-line flag.
457For full details of the options listed below, and their possible values, see
458.Xr ssh_config 5 .
459.Pp
460.Bl -tag -width Ds -offset indent -compact
461.It AddKeysToAgent
462.It AddressFamily
463.It BatchMode
464.It BindAddress
465.It CanonicalDomains
466.It CanonicalizeFallbackLocal
467.It CanonicalizeHostname
468.It CanonicalizeMaxDots
469.It CanonicalizePermittedCNAMEs
470.It CertificateFile
471.It ChallengeResponseAuthentication
472.It CheckHostIP
473.It Ciphers
474.It ClearAllForwardings
475.It Compression
476.It ConnectionAttempts
477.It ConnectTimeout
478.It ControlMaster
479.It ControlPath
480.It ControlPersist
481.It DynamicForward
482.It EscapeChar
483.It ExitOnForwardFailure
484.It FingerprintHash
485.It ForwardAgent
486.It ForwardX11
487.It ForwardX11Timeout
488.It ForwardX11Trusted
489.It GatewayPorts
490.It GlobalKnownHostsFile
491.It GSSAPIAuthentication
492.It GSSAPIDelegateCredentials
493.It HashKnownHosts
494.It Host
495.It HostbasedAuthentication
496.It HostbasedKeyTypes
497.It HostKeyAlgorithms
498.It HostKeyAlias
499.It HostName
500.It IdentitiesOnly
501.It IdentityAgent
502.It IdentityFile
503.It Include
504.It IPQoS
505.It KbdInteractiveAuthentication
506.It KbdInteractiveDevices
507.It KexAlgorithms
508.It LocalCommand
509.It LocalForward
510.It LogLevel
511.It MACs
512.It Match
513.It NoHostAuthenticationForLocalhost
514.It NumberOfPasswordPrompts
515.It PasswordAuthentication
516.It PermitLocalCommand
517.It PKCS11Provider
518.It Port
519.It PreferredAuthentications
520.It ProxyCommand
521.It ProxyJump
522.It ProxyUseFdpass
523.It PubkeyAcceptedKeyTypes
524.It PubkeyAuthentication
525.It RekeyLimit
526.It RemoteCommand
527.It RemoteForward
528.It RequestTTY
529.It SendEnv
530.It ServerAliveInterval
531.It ServerAliveCountMax
532.It StreamLocalBindMask
533.It StreamLocalBindUnlink
534.It StrictHostKeyChecking
535.It TCPKeepAlive
536.It Tunnel
537.It TunnelDevice
538.It UpdateHostKeys
539.It UsePrivilegedPort
540.It User
541.It UserKnownHostsFile
542.It VerifyHostKeyDNS
543.It VersionAddendum
544.It VisualHostKey
545.It XAuthLocation
546.El
547.Pp
548.It Fl p Ar port
549Port to connect to on the remote host.
550This can be specified on a
551per-host basis in the configuration file.
552.Pp
553.It Fl Q Ar query_option
554Queries
555.Nm
556for the algorithms supported for the specified version 2.
557The available features are:
558.Ar cipher
559(supported symmetric ciphers),
560.Ar cipher-auth
561(supported symmetric ciphers that support authenticated encryption),
562.Ar mac
563(supported message integrity codes),
564.Ar kex
565(key exchange algorithms),
566.Ar key
567(key types),
568.Ar key-cert
569(certificate key types),
570.Ar key-plain
571(non-certificate key types), and
572.Ar protocol-version
573(supported SSH protocol versions).
574.Pp
575.It Fl q
576Quiet mode.
577Causes most warning and diagnostic messages to be suppressed.
578.Pp
579.It Fl R Xo
580.Sm off
581.Oo Ar bind_address : Oc
582.Ar port : host : hostport
583.Sm on
584.Xc
585.It Fl R Xo
586.Sm off
587.Oo Ar bind_address : Oc
588.Ar port : local_socket
589.Sm on
590.Xc
591.It Fl R Xo
592.Sm off
593.Ar remote_socket : host : hostport
594.Sm on
595.Xc
596.It Fl R Xo
597.Sm off
598.Ar remote_socket : local_socket
599.Sm on
600.Xc
601.It Fl R Xo
602.Sm off
603.Oo Ar bind_address : Oc
604.Ar port
605.Sm on
606.Xc
607Specifies that connections to the given TCP port or Unix socket on the remote
608(server) host are to be forwarded to the local side.
609.Pp
610This works by allocating a socket to listen to either a TCP
611.Ar port
612or to a Unix socket on the remote side.
613Whenever a connection is made to this port or Unix socket, the
614connection is forwarded over the secure channel, and a connection
615is made from the local machine to either an explicit destination specified by
616.Ar host
617port
618.Ar hostport ,
619or
620.Ar local_socket ,
621or, if no explicit destination was specified,
622.Nm
623will act as a SOCKS 4/5 proxy and forward connections to the destinations
624requested by the remote SOCKS client.
625.Pp
626Port forwardings can also be specified in the configuration file.
627Privileged ports can be forwarded only when
628logging in as root on the remote machine.
629IPv6 addresses can be specified by enclosing the address in square brackets.
630.Pp
631By default, TCP listening sockets on the server will be bound to the loopback
632interface only.
633This may be overridden by specifying a
634.Ar bind_address .
635An empty
636.Ar bind_address ,
637or the address
638.Ql * ,
639indicates that the remote socket should listen on all interfaces.
640Specifying a remote
641.Ar bind_address
642will only succeed if the server's
643.Cm GatewayPorts
644option is enabled (see
645.Xr sshd_config 5 ) .
646.Pp
647If the
648.Ar port
649argument is
650.Ql 0 ,
651the listen port will be dynamically allocated on the server and reported
652to the client at run time.
653When used together with
654.Ic -O forward
655the allocated port will be printed to the standard output.
656.Pp
657.It Fl S Ar ctl_path
658Specifies the location of a control socket for connection sharing,
659or the string
660.Dq none
661to disable connection sharing.
662Refer to the description of
663.Cm ControlPath
664and
665.Cm ControlMaster
666in
667.Xr ssh_config 5
668for details.
669.Pp
670.It Fl s
671May be used to request invocation of a subsystem on the remote system.
672Subsystems facilitate the use of SSH
673as a secure transport for other applications (e.g.\&
674.Xr sftp 1 ) .
675The subsystem is specified as the remote command.
676.Pp
677.It Fl T
678Disable pseudo-terminal allocation.
679.Pp
680.It Fl t
681Force pseudo-terminal allocation.
682This can be used to execute arbitrary
683screen-based programs on a remote machine, which can be very useful,
684e.g. when implementing menu services.
685Multiple
686.Fl t
687options force tty allocation, even if
688.Nm
689has no local tty.
690.Pp
691.It Fl V
692Display the version number and exit.
693.Pp
694.It Fl v
695Verbose mode.
696Causes
697.Nm
698to print debugging messages about its progress.
699This is helpful in
700debugging connection, authentication, and configuration problems.
701Multiple
702.Fl v
703options increase the verbosity.
704The maximum is 3.
705.Pp
706.It Fl W Ar host : Ns Ar port
707Requests that standard input and output on the client be forwarded to
708.Ar host
709on
710.Ar port
711over the secure channel.
712Implies
713.Fl N ,
714.Fl T ,
715.Cm ExitOnForwardFailure
716and
717.Cm ClearAllForwardings ,
718though these can be overridden in the configuration file or using
719.Fl o
720command line options.
721.Pp
722.It Fl w Xo
723.Ar local_tun Ns Op : Ns Ar remote_tun
724.Xc
725Requests
726tunnel
727device forwarding with the specified
728.Xr tun 4
729devices between the client
730.Pq Ar local_tun
731and the server
732.Pq Ar remote_tun .
733.Pp
734The devices may be specified by numerical ID or the keyword
735.Dq any ,
736which uses the next available tunnel device.
737If
738.Ar remote_tun
739is not specified, it defaults to
740.Dq any .
741See also the
742.Cm Tunnel
743and
744.Cm TunnelDevice
745directives in
746.Xr ssh_config 5 .
747If the
748.Cm Tunnel
749directive is unset, it is set to the default tunnel mode, which is
750.Dq point-to-point .
751.Pp
752.It Fl X
753Enables X11 forwarding.
754This can also be specified on a per-host basis in a configuration file.
755.Pp
756X11 forwarding should be enabled with caution.
757Users with the ability to bypass file permissions on the remote host
758(for the user's X authorization database)
759can access the local X11 display through the forwarded connection.
760An attacker may then be able to perform activities such as keystroke monitoring.
761.Pp
762For this reason, X11 forwarding is subjected to X11 SECURITY extension
763restrictions by default.
764Please refer to the
765.Nm
766.Fl Y
767option and the
768.Cm ForwardX11Trusted
769directive in
770.Xr ssh_config 5
771for more information.
772.Pp
773.It Fl x
774Disables X11 forwarding.
775.Pp
776.It Fl Y
777Enables trusted X11 forwarding.
778Trusted X11 forwardings are not subjected to the X11 SECURITY extension
779controls.
780.Pp
781.It Fl y
782Send log information using the
783.Xr syslog 3
784system module.
785By default this information is sent to stderr.
786.El
787.Pp
788.Nm
789may additionally obtain configuration data from
790a per-user configuration file and a system-wide configuration file.
791The file format and configuration options are described in
792.Xr ssh_config 5 .
793.Sh AUTHENTICATION
794The OpenSSH SSH client supports SSH protocol 2.
795.Pp
796The methods available for authentication are:
797GSSAPI-based authentication,
798host-based authentication,
799public key authentication,
800challenge-response authentication,
801and password authentication.
802Authentication methods are tried in the order specified above,
803though
804.Cm PreferredAuthentications
805can be used to change the default order.
806.Pp
807Host-based authentication works as follows:
808If the machine the user logs in from is listed in
809.Pa /etc/hosts.equiv
810or
811.Pa /etc/shosts.equiv
812on the remote machine, and the user names are
813the same on both sides, or if the files
814.Pa ~/.rhosts
815or
816.Pa ~/.shosts
817exist in the user's home directory on the
818remote machine and contain a line containing the name of the client
819machine and the name of the user on that machine, the user is
820considered for login.
821Additionally, the server
822.Em must
823be able to verify the client's
824host key (see the description of
825.Pa /etc/ssh/ssh_known_hosts
826and
827.Pa ~/.ssh/known_hosts ,
828below)
829for login to be permitted.
830This authentication method closes security holes due to IP
831spoofing, DNS spoofing, and routing spoofing.
832[Note to the administrator:
833.Pa /etc/hosts.equiv ,
834.Pa ~/.rhosts ,
835and the rlogin/rsh protocol in general, are inherently insecure and should be
836disabled if security is desired.]
837.Pp
838Public key authentication works as follows:
839The scheme is based on public-key cryptography,
840using cryptosystems
841where encryption and decryption are done using separate keys,
842and it is unfeasible to derive the decryption key from the encryption key.
843The idea is that each user creates a public/private
844key pair for authentication purposes.
845The server knows the public key, and only the user knows the private key.
846.Nm
847implements public key authentication protocol automatically,
848using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
849The HISTORY section of
850.Xr ssl 8
851contains a brief discussion of the DSA and RSA algorithms.
852.Pp
853The file
854.Pa ~/.ssh/authorized_keys
855lists the public keys that are permitted for logging in.
856When the user logs in, the
857.Nm
858program tells the server which key pair it would like to use for
859authentication.
860The client proves that it has access to the private key
861and the server checks that the corresponding public key
862is authorized to accept the account.
863.Pp
864The server may inform the client of errors that prevented public key
865authentication from succeeding after authentication completes using a
866different method.
867These may be viewed by increasing the
868.Cm LogLevel
869to
870.Cm DEBUG
871or higher (e.g. by using the
872.Fl v
873flag).
874.Pp
875The user creates his/her key pair by running
876.Xr ssh-keygen 1 .
877This stores the private key in
878.Pa ~/.ssh/id_dsa
879(DSA),
880.Pa ~/.ssh/id_ecdsa
881(ECDSA),
882.Pa ~/.ssh/id_ed25519
883(Ed25519),
884or
885.Pa ~/.ssh/id_rsa
886(RSA)
887and stores the public key in
888.Pa ~/.ssh/id_dsa.pub
889(DSA),
890.Pa ~/.ssh/id_ecdsa.pub
891(ECDSA),
892.Pa ~/.ssh/id_ed25519.pub
893(Ed25519),
894or
895.Pa ~/.ssh/id_rsa.pub
896(RSA)
897in the user's home directory.
898The user should then copy the public key
899to
900.Pa ~/.ssh/authorized_keys
901in his/her home directory on the remote machine.
902The
903.Pa authorized_keys
904file corresponds to the conventional
905.Pa ~/.rhosts
906file, and has one key
907per line, though the lines can be very long.
908After this, the user can log in without giving the password.
909.Pp
910A variation on public key authentication
911is available in the form of certificate authentication:
912instead of a set of public/private keys,
913signed certificates are used.
914This has the advantage that a single trusted certification authority
915can be used in place of many public/private keys.
916See the CERTIFICATES section of
917.Xr ssh-keygen 1
918for more information.
919.Pp
920The most convenient way to use public key or certificate authentication
921may be with an authentication agent.
922See
923.Xr ssh-agent 1
924and (optionally) the
925.Cm AddKeysToAgent
926directive in
927.Xr ssh_config 5
928for more information.
929.Pp
930Challenge-response authentication works as follows:
931The server sends an arbitrary
932.Qq challenge
933text, and prompts for a response.
934Examples of challenge-response authentication include
935.Bx
936Authentication (see
937.Xr login.conf 5 )
938and PAM (some
939.Pf non- Ox
940systems).
941.Pp
942Finally, if other authentication methods fail,
943.Nm
944prompts the user for a password.
945The password is sent to the remote
946host for checking; however, since all communications are encrypted,
947the password cannot be seen by someone listening on the network.
948.Pp
949.Nm
950automatically maintains and checks a database containing
951identification for all hosts it has ever been used with.
952Host keys are stored in
953.Pa ~/.ssh/known_hosts
954in the user's home directory.
955Additionally, the file
956.Pa /etc/ssh/ssh_known_hosts
957is automatically checked for known hosts.
958Any new hosts are automatically added to the user's file.
959If a host's identification ever changes,
960.Nm
961warns about this and disables password authentication to prevent
962server spoofing or man-in-the-middle attacks,
963which could otherwise be used to circumvent the encryption.
964The
965.Cm StrictHostKeyChecking
966option can be used to control logins to machines whose
967host key is not known or has changed.
968.Pp
969When the user's identity has been accepted by the server, the server
970either executes the given command in a non-interactive session or,
971if no command has been specified, logs into the machine and gives
972the user a normal shell as an interactive session.
973All communication with
974the remote command or shell will be automatically encrypted.
975.Pp
976If an interactive session is requested
977.Nm
978by default will only request a pseudo-terminal (pty) for interactive
979sessions when the client has one.
980The flags
981.Fl T
982and
983.Fl t
984can be used to override this behaviour.
985.Pp
986If a pseudo-terminal has been allocated the
987user may use the escape characters noted below.
988.Pp
989If no pseudo-terminal has been allocated,
990the session is transparent and can be used to reliably transfer binary data.
991On most systems, setting the escape character to
992.Dq none
993will also make the session transparent even if a tty is used.
994.Pp
995The session terminates when the command or shell on the remote
996machine exits and all X11 and TCP connections have been closed.
997.Sh ESCAPE CHARACTERS
998When a pseudo-terminal has been requested,
999.Nm
1000supports a number of functions through the use of an escape character.
1001.Pp
1002A single tilde character can be sent as
1003.Ic ~~
1004or by following the tilde by a character other than those described below.
1005The escape character must always follow a newline to be interpreted as
1006special.
1007The escape character can be changed in configuration files using the
1008.Cm EscapeChar
1009configuration directive or on the command line by the
1010.Fl e
1011option.
1012.Pp
1013The supported escapes (assuming the default
1014.Ql ~ )
1015are:
1016.Bl -tag -width Ds
1017.It Cm ~.
1018Disconnect.
1019.It Cm ~^Z
1020Background
1021.Nm .
1022.It Cm ~#
1023List forwarded connections.
1024.It Cm ~&
1025Background
1026.Nm
1027at logout when waiting for forwarded connection / X11 sessions to terminate.
1028.It Cm ~?
1029Display a list of escape characters.
1030.It Cm ~B
1031Send a BREAK to the remote system
1032(only useful if the peer supports it).
1033.It Cm ~C
1034Open command line.
1035Currently this allows the addition of port forwardings using the
1036.Fl L ,
1037.Fl R
1038and
1039.Fl D
1040options (see above).
1041It also allows the cancellation of existing port-forwardings
1042with
1043.Sm off
1044.Fl KL Oo Ar bind_address : Oc Ar port
1045.Sm on
1046for local,
1047.Sm off
1048.Fl KR Oo Ar bind_address : Oc Ar port
1049.Sm on
1050for remote and
1051.Sm off
1052.Fl KD Oo Ar bind_address : Oc Ar port
1053.Sm on
1054for dynamic port-forwardings.
1055.Ic !\& Ns Ar command
1056allows the user to execute a local command if the
1057.Ic PermitLocalCommand
1058option is enabled in
1059.Xr ssh_config 5 .
1060Basic help is available, using the
1061.Fl h
1062option.
1063.It Cm ~R
1064Request rekeying of the connection
1065(only useful if the peer supports it).
1066.It Cm ~V
1067Decrease the verbosity
1068.Pq Ic LogLevel
1069when errors are being written to stderr.
1070.It Cm ~v
1071Increase the verbosity
1072.Pq Ic LogLevel
1073when errors are being written to stderr.
1074.El
1075.Sh TCP FORWARDING
1076Forwarding of arbitrary TCP connections over the secure channel can
1077be specified either on the command line or in a configuration file.
1078One possible application of TCP forwarding is a secure connection to a
1079mail server; another is going through firewalls.
1080.Pp
1081In the example below, we look at encrypting communication between
1082an IRC client and server, even though the IRC server does not directly
1083support encrypted communications.
1084This works as follows:
1085the user connects to the remote host using
1086.Nm ,
1087specifying a port to be used to forward connections
1088to the remote server.
1089After that it is possible to start the service which is to be encrypted
1090on the client machine,
1091connecting to the same local port,
1092and
1093.Nm
1094will encrypt and forward the connection.
1095.Pp
1096The following example tunnels an IRC session from client machine
1097.Dq 127.0.0.1
1098(localhost)
1099to remote server
1100.Dq server.example.com :
1101.Bd -literal -offset 4n
1102$ ssh -f -L 1234:localhost:6667 server.example.com sleep 10
1103$ irc -c '#users' -p 1234 pinky 127.0.0.1
1104.Ed
1105.Pp
1106This tunnels a connection to IRC server
1107.Dq server.example.com ,
1108joining channel
1109.Dq #users ,
1110nickname
1111.Dq pinky ,
1112using port 1234.
1113It doesn't matter which port is used,
1114as long as it's greater than 1023
1115(remember, only root can open sockets on privileged ports)
1116and doesn't conflict with any ports already in use.
1117The connection is forwarded to port 6667 on the remote server,
1118since that's the standard port for IRC services.
1119.Pp
1120The
1121.Fl f
1122option backgrounds
1123.Nm
1124and the remote command
1125.Dq sleep 10
1126is specified to allow an amount of time
1127(10 seconds, in the example)
1128to start the service which is to be tunnelled.
1129If no connections are made within the time specified,
1130.Nm
1131will exit.
1132.Sh X11 FORWARDING
1133If the
1134.Cm ForwardX11
1135variable is set to
1136.Dq yes
1137(or see the description of the
1138.Fl X ,
1139.Fl x ,
1140and
1141.Fl Y
1142options above)
1143and the user is using X11 (the
1144.Ev DISPLAY
1145environment variable is set), the connection to the X11 display is
1146automatically forwarded to the remote side in such a way that any X11
1147programs started from the shell (or command) will go through the
1148encrypted channel, and the connection to the real X server will be made
1149from the local machine.
1150The user should not manually set
1151.Ev DISPLAY .
1152Forwarding of X11 connections can be
1153configured on the command line or in configuration files.
1154.Pp
1155The
1156.Ev DISPLAY
1157value set by
1158.Nm
1159will point to the server machine, but with a display number greater than zero.
1160This is normal, and happens because
1161.Nm
1162creates a
1163.Dq proxy
1164X server on the server machine for forwarding the
1165connections over the encrypted channel.
1166.Pp
1167.Nm
1168will also automatically set up Xauthority data on the server machine.
1169For this purpose, it will generate a random authorization cookie,
1170store it in Xauthority on the server, and verify that any forwarded
1171connections carry this cookie and replace it by the real cookie when
1172the connection is opened.
1173The real authentication cookie is never
1174sent to the server machine (and no cookies are sent in the plain).
1175.Pp
1176If the
1177.Cm ForwardAgent
1178variable is set to
1179.Dq yes
1180(or see the description of the
1181.Fl A
1182and
1183.Fl a
1184options above) and
1185the user is using an authentication agent, the connection to the agent
1186is automatically forwarded to the remote side.
1187.Sh VERIFYING HOST KEYS
1188When connecting to a server for the first time,
1189a fingerprint of the server's public key is presented to the user
1190(unless the option
1191.Cm StrictHostKeyChecking
1192has been disabled).
1193Fingerprints can be determined using
1194.Xr ssh-keygen 1 :
1195.Pp
1196.Dl $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
1197.Pp
1198If the fingerprint is already known, it can be matched
1199and the key can be accepted or rejected.
1200If only legacy (MD5) fingerprints for the server are available, the
1201.Xr ssh-keygen 1
1202.Fl E
1203option may be used to downgrade the fingerprint algorithm to match.
1204.Pp
1205Because of the difficulty of comparing host keys
1206just by looking at fingerprint strings,
1207there is also support to compare host keys visually,
1208using
1209.Em random art .
1210By setting the
1211.Cm VisualHostKey
1212option to
1213.Dq yes ,
1214a small ASCII graphic gets displayed on every login to a server, no matter
1215if the session itself is interactive or not.
1216By learning the pattern a known server produces, a user can easily
1217find out that the host key has changed when a completely different pattern
1218is displayed.
1219Because these patterns are not unambiguous however, a pattern that looks
1220similar to the pattern remembered only gives a good probability that the
1221host key is the same, not guaranteed proof.
1222.Pp
1223To get a listing of the fingerprints along with their random art for
1224all known hosts, the following command line can be used:
1225.Pp
1226.Dl $ ssh-keygen -lv -f ~/.ssh/known_hosts
1227.Pp
1228If the fingerprint is unknown,
1229an alternative method of verification is available:
1230SSH fingerprints verified by DNS.
1231An additional resource record (RR),
1232SSHFP,
1233is added to a zonefile
1234and the connecting client is able to match the fingerprint
1235with that of the key presented.
1236.Pp
1237In this example, we are connecting a client to a server,
1238.Dq host.example.com .
1239The SSHFP resource records should first be added to the zonefile for
1240host.example.com:
1241.Bd -literal -offset indent
1242$ ssh-keygen -r host.example.com.
1243.Ed
1244.Pp
1245The output lines will have to be added to the zonefile.
1246To check that the zone is answering fingerprint queries:
1247.Pp
1248.Dl $ dig -t SSHFP host.example.com
1249.Pp
1250Finally the client connects:
1251.Bd -literal -offset indent
1252$ ssh -o "VerifyHostKeyDNS ask" host.example.com
1253[...]
1254Matching host key fingerprint found in DNS.
1255Are you sure you want to continue connecting (yes/no)?
1256.Ed
1257.Pp
1258See the
1259.Cm VerifyHostKeyDNS
1260option in
1261.Xr ssh_config 5
1262for more information.
1263.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
1264.Nm
1265contains support for Virtual Private Network (VPN) tunnelling
1266using the
1267.Xr tun 4
1268network pseudo-device,
1269allowing two networks to be joined securely.
1270The
1271.Xr sshd_config 5
1272configuration option
1273.Cm PermitTunnel
1274controls whether the server supports this,
1275and at what level (layer 2 or 3 traffic).
1276.Pp
1277The following example would connect client network 10.0.50.0/24
1278with remote network 10.0.99.0/24 using a point-to-point connection
1279from 10.1.1.1 to 10.1.1.2,
1280provided that the SSH server running on the gateway to the remote network,
1281at 192.168.1.15, allows it.
1282.Pp
1283On the client:
1284.Bd -literal -offset indent
1285# ssh -f -w 0:1 192.168.1.15 true
1286# ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252
1287# route add 10.0.99.0/24 10.1.1.2
1288.Ed
1289.Pp
1290On the server:
1291.Bd -literal -offset indent
1292# ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252
1293# route add 10.0.50.0/24 10.1.1.1
1294.Ed
1295.Pp
1296Client access may be more finely tuned via the
1297.Pa /root/.ssh/authorized_keys
1298file (see below) and the
1299.Cm PermitRootLogin
1300server option.
1301The following entry would permit connections on
1302.Xr tun 4
1303device 1 from user
1304.Dq jane
1305and on tun device 2 from user
1306.Dq john ,
1307if
1308.Cm PermitRootLogin
1309is set to
1310.Dq forced-commands-only :
1311.Bd -literal -offset 2n
1312tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
1313tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john
1314.Ed
1315.Pp
1316Since an SSH-based setup entails a fair amount of overhead,
1317it may be more suited to temporary setups,
1318such as for wireless VPNs.
1319More permanent VPNs are better provided by tools such as
1320.Xr ipsecctl 8
1321and
1322.Xr isakmpd 8 .
1323.Sh ENVIRONMENT
1324.Nm
1325will normally set the following environment variables:
1326.Bl -tag -width "SSH_ORIGINAL_COMMAND"
1327.It Ev DISPLAY
1328The
1329.Ev DISPLAY
1330variable indicates the location of the X11 server.
1331It is automatically set by
1332.Nm
1333to point to a value of the form
1334.Dq hostname:n ,
1335where
1336.Dq hostname
1337indicates the host where the shell runs, and
1338.Sq n
1339is an integer \*(Ge 1.
1340.Nm
1341uses this special value to forward X11 connections over the secure
1342channel.
1343The user should normally not set
1344.Ev DISPLAY
1345explicitly, as that
1346will render the X11 connection insecure (and will require the user to
1347manually copy any required authorization cookies).
1348.It Ev HOME
1349Set to the path of the user's home directory.
1350.It Ev LOGNAME
1351Synonym for
1352.Ev USER ;
1353set for compatibility with systems that use this variable.
1354.It Ev MAIL
1355Set to the path of the user's mailbox.
1356.It Ev PATH
1357Set to the default
1358.Ev PATH ,
1359as specified when compiling
1360.Nm .
1361.It Ev SSH_ASKPASS
1362If
1363.Nm
1364needs a passphrase, it will read the passphrase from the current
1365terminal if it was run from a terminal.
1366If
1367.Nm
1368does not have a terminal associated with it but
1369.Ev DISPLAY
1370and
1371.Ev SSH_ASKPASS
1372are set, it will execute the program specified by
1373.Ev SSH_ASKPASS
1374and open an X11 window to read the passphrase.
1375This is particularly useful when calling
1376.Nm
1377from a
1378.Pa .xsession
1379or related script.
1380(Note that on some machines it
1381may be necessary to redirect the input from
1382.Pa /dev/null
1383to make this work.)
1384.It Ev SSH_AUTH_SOCK
1385Identifies the path of a
1386.Ux Ns -domain
1387socket used to communicate with the agent.
1388.It Ev SSH_CONNECTION
1389Identifies the client and server ends of the connection.
1390The variable contains
1391four space-separated values: client IP address, client port number,
1392server IP address, and server port number.
1393.It Ev SSH_ORIGINAL_COMMAND
1394This variable contains the original command line if a forced command
1395is executed.
1396It can be used to extract the original arguments.
1397.It Ev SSH_TTY
1398This is set to the name of the tty (path to the device) associated
1399with the current shell or command.
1400If the current session has no tty,
1401this variable is not set.
1402.It Ev SSH_TUNNEL
1403Optionally set by
1404.Xr sshd 8
1405to contain the interface names assigned if tunnel forwarding was
1406requested by the client.
1407.It Ev SSH_USER_AUTH
1408Optionally set by
1409.Xr sshd 8 ,
1410this variable may contain a pathname to a file that lists the authentication
1411methods successfully used when the session was established, including any
1412public keys that were used.
1413.It Ev TZ
1414This variable is set to indicate the present time zone if it
1415was set when the daemon was started (i.e. the daemon passes the value
1416on to new connections).
1417.It Ev USER
1418Set to the name of the user logging in.
1419.El
1420.Pp
1421Additionally,
1422.Nm
1423reads
1424.Pa ~/.ssh/environment ,
1425and adds lines of the format
1426.Dq VARNAME=value
1427to the environment if the file exists and users are allowed to
1428change their environment.
1429For more information, see the
1430.Cm PermitUserEnvironment
1431option in
1432.Xr sshd_config 5 .
1433.Sh FILES
1434.Bl -tag -width Ds -compact
1435.It Pa ~/.rhosts
1436This file is used for host-based authentication (see above).
1437On some machines this file may need to be
1438world-readable if the user's home directory is on an NFS partition,
1439because
1440.Xr sshd 8
1441reads it as root.
1442Additionally, this file must be owned by the user,
1443and must not have write permissions for anyone else.
1444The recommended
1445permission for most machines is read/write for the user, and not
1446accessible by others.
1447.Pp
1448.It Pa ~/.shosts
1449This file is used in exactly the same way as
1450.Pa .rhosts ,
1451but allows host-based authentication without permitting login with
1452rlogin/rsh.
1453.Pp
1454.It Pa ~/.ssh/
1455This directory is the default location for all user-specific configuration
1456and authentication information.
1457There is no general requirement to keep the entire contents of this directory
1458secret, but the recommended permissions are read/write/execute for the user,
1459and not accessible by others.
1460.Pp
1461.It Pa ~/.ssh/authorized_keys
1462Lists the public keys (DSA, ECDSA, Ed25519, RSA)
1463that can be used for logging in as this user.
1464The format of this file is described in the
1465.Xr sshd 8
1466manual page.
1467This file is not highly sensitive, but the recommended
1468permissions are read/write for the user, and not accessible by others.
1469.Pp
1470.It Pa ~/.ssh/config
1471This is the per-user configuration file.
1472The file format and configuration options are described in
1473.Xr ssh_config 5 .
1474Because of the potential for abuse, this file must have strict permissions:
1475read/write for the user, and not writable by others.
1476.Pp
1477.It Pa ~/.ssh/environment
1478Contains additional definitions for environment variables; see
1479.Sx ENVIRONMENT ,
1480above.
1481.Pp
1482.It Pa ~/.ssh/id_dsa
1483.It Pa ~/.ssh/id_ecdsa
1484.It Pa ~/.ssh/id_ed25519
1485.It Pa ~/.ssh/id_rsa
1486Contains the private key for authentication.
1487These files
1488contain sensitive data and should be readable by the user but not
1489accessible by others (read/write/execute).
1490.Nm
1491will simply ignore a private key file if it is accessible by others.
1492It is possible to specify a passphrase when
1493generating the key which will be used to encrypt the
1494sensitive part of this file using AES-128.
1495.Pp
1496.It Pa ~/.ssh/id_dsa.pub
1497.It Pa ~/.ssh/id_ecdsa.pub
1498.It Pa ~/.ssh/id_ed25519.pub
1499.It Pa ~/.ssh/id_rsa.pub
1500Contains the public key for authentication.
1501These files are not
1502sensitive and can (but need not) be readable by anyone.
1503.Pp
1504.It Pa ~/.ssh/known_hosts
1505Contains a list of host keys for all hosts the user has logged into
1506that are not already in the systemwide list of known host keys.
1507See
1508.Xr sshd 8
1509for further details of the format of this file.
1510.Pp
1511.It Pa ~/.ssh/rc
1512Commands in this file are executed by
1513.Nm
1514when the user logs in, just before the user's shell (or command) is
1515started.
1516See the
1517.Xr sshd 8
1518manual page for more information.
1519.Pp
1520.It Pa /etc/hosts.equiv
1521This file is for host-based authentication (see above).
1522It should only be writable by root.
1523.Pp
1524.It Pa /etc/shosts.equiv
1525This file is used in exactly the same way as
1526.Pa hosts.equiv ,
1527but allows host-based authentication without permitting login with
1528rlogin/rsh.
1529.Pp
1530.It Pa /etc/ssh/ssh_config
1531Systemwide configuration file.
1532The file format and configuration options are described in
1533.Xr ssh_config 5 .
1534.Pp
1535.It Pa /etc/ssh/ssh_host_key
1536.It Pa /etc/ssh/ssh_host_dsa_key
1537.It Pa /etc/ssh/ssh_host_ecdsa_key
1538.It Pa /etc/ssh/ssh_host_ed25519_key
1539.It Pa /etc/ssh/ssh_host_rsa_key
1540These files contain the private parts of the host keys
1541and are used for host-based authentication.
1542.Pp
1543.It Pa /etc/ssh/ssh_known_hosts
1544Systemwide list of known host keys.
1545This file should be prepared by the
1546system administrator to contain the public host keys of all machines in the
1547organization.
1548It should be world-readable.
1549See
1550.Xr sshd 8
1551for further details of the format of this file.
1552.Pp
1553.It Pa /etc/ssh/sshrc
1554Commands in this file are executed by
1555.Nm
1556when the user logs in, just before the user's shell (or command) is started.
1557See the
1558.Xr sshd 8
1559manual page for more information.
1560.El
1561.Sh EXIT STATUS
1562.Nm
1563exits with the exit status of the remote command or with 255
1564if an error occurred.
1565.Sh SEE ALSO
1566.Xr scp 1 ,
1567.Xr sftp 1 ,
1568.Xr ssh-add 1 ,
1569.Xr ssh-agent 1 ,
1570.Xr ssh-keygen 1 ,
1571.Xr ssh-keyscan 1 ,
1572.Xr tun 4 ,
1573.Xr ssh_config 5 ,
1574.Xr ssh-keysign 8 ,
1575.Xr sshd 8
1576.Sh STANDARDS
1577.Rs
1578.%A S. Lehtinen
1579.%A C. Lonvick
1580.%D January 2006
1581.%R RFC 4250
1582.%T The Secure Shell (SSH) Protocol Assigned Numbers
1583.Re
1584.Pp
1585.Rs
1586.%A T. Ylonen
1587.%A C. Lonvick
1588.%D January 2006
1589.%R RFC 4251
1590.%T The Secure Shell (SSH) Protocol Architecture
1591.Re
1592.Pp
1593.Rs
1594.%A T. Ylonen
1595.%A C. Lonvick
1596.%D January 2006
1597.%R RFC 4252
1598.%T The Secure Shell (SSH) Authentication Protocol
1599.Re
1600.Pp
1601.Rs
1602.%A T. Ylonen
1603.%A C. Lonvick
1604.%D January 2006
1605.%R RFC 4253
1606.%T The Secure Shell (SSH) Transport Layer Protocol
1607.Re
1608.Pp
1609.Rs
1610.%A T. Ylonen
1611.%A C. Lonvick
1612.%D January 2006
1613.%R RFC 4254
1614.%T The Secure Shell (SSH) Connection Protocol
1615.Re
1616.Pp
1617.Rs
1618.%A J. Schlyter
1619.%A W. Griffin
1620.%D January 2006
1621.%R RFC 4255
1622.%T Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
1623.Re
1624.Pp
1625.Rs
1626.%A F. Cusack
1627.%A M. Forssen
1628.%D January 2006
1629.%R RFC 4256
1630.%T Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)
1631.Re
1632.Pp
1633.Rs
1634.%A J. Galbraith
1635.%A P. Remaker
1636.%D January 2006
1637.%R RFC 4335
1638.%T The Secure Shell (SSH) Session Channel Break Extension
1639.Re
1640.Pp
1641.Rs
1642.%A M. Bellare
1643.%A T. Kohno
1644.%A C. Namprempre
1645.%D January 2006
1646.%R RFC 4344
1647.%T The Secure Shell (SSH) Transport Layer Encryption Modes
1648.Re
1649.Pp
1650.Rs
1651.%A B. Harris
1652.%D January 2006
1653.%R RFC 4345
1654.%T Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol
1655.Re
1656.Pp
1657.Rs
1658.%A M. Friedl
1659.%A N. Provos
1660.%A W. Simpson
1661.%D March 2006
1662.%R RFC 4419
1663.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol
1664.Re
1665.Pp
1666.Rs
1667.%A J. Galbraith
1668.%A R. Thayer
1669.%D November 2006
1670.%R RFC 4716
1671.%T The Secure Shell (SSH) Public Key File Format
1672.Re
1673.Pp
1674.Rs
1675.%A D. Stebila
1676.%A J. Green
1677.%D December 2009
1678.%R RFC 5656
1679.%T Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer
1680.Re
1681.Pp
1682.Rs
1683.%A A. Perrig
1684.%A D. Song
1685.%D 1999
1686.%O International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99)
1687.%T Hash Visualization: a New Technique to improve Real-World Security
1688.Re
1689.Sh AUTHORS
1690OpenSSH is a derivative of the original and free
1691ssh 1.2.12 release by Tatu Ylonen.
1692Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
1693Theo de Raadt and Dug Song
1694removed many bugs, re-added newer features and
1695created OpenSSH.
1696Markus Friedl contributed the support for SSH
1697protocol versions 1.5 and 2.0.
1698