1.\" 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" All rights reserved 5.\" 6.\" As far as I am concerned, the code I have written for this software 7.\" can be used freely for any purpose. Any derived versions of this 8.\" software must be clearly marked as such, and if the derived work is 9.\" incompatible with the protocol description in the RFC file, it must be 10.\" called by a name other than "ssh" or "Secure Shell". 11.\" 12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 15.\" 16.\" Redistribution and use in source and binary forms, with or without 17.\" modification, are permitted provided that the following conditions 18.\" are met: 19.\" 1. Redistributions of source code must retain the above copyright 20.\" notice, this list of conditions and the following disclaimer. 21.\" 2. Redistributions in binary form must reproduce the above copyright 22.\" notice, this list of conditions and the following disclaimer in the 23.\" documentation and/or other materials provided with the distribution. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" $OpenBSD: ssh.1,v 1.402 2019/03/16 19:14:21 jmc Exp $ 37.Dd $Mdocdate: March 16 2019 $ 38.Dt SSH 1 39.Os 40.Sh NAME 41.Nm ssh 42.Nd OpenSSH SSH client (remote login program) 43.Sh SYNOPSIS 44.Nm ssh 45.Op Fl 46AaCfGgKkMNnqsTtVvXxYy 46.Op Fl B Ar bind_interface 47.Op Fl b Ar bind_address 48.Op Fl c Ar cipher_spec 49.Op Fl D Oo Ar bind_address : Oc Ns Ar port 50.Op Fl E Ar log_file 51.Op Fl e Ar escape_char 52.Op Fl F Ar configfile 53.Op Fl I Ar pkcs11 54.Op Fl i Ar identity_file 55.Op Fl J Ar destination 56.Op Fl L Ar address 57.Op Fl l Ar login_name 58.Op Fl m Ar mac_spec 59.Op Fl O Ar ctl_cmd 60.Op Fl o Ar option 61.Op Fl p Ar port 62.Op Fl Q Ar query_option 63.Op Fl R Ar address 64.Op Fl S Ar ctl_path 65.Op Fl W Ar host : Ns Ar port 66.Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun 67.Ar destination 68.Op Ar command 69.Sh DESCRIPTION 70.Nm 71(SSH client) is a program for logging into a remote machine and for 72executing commands on a remote machine. 73It is intended to provide secure encrypted communications between 74two untrusted hosts over an insecure network. 75X11 connections, arbitrary TCP ports and 76.Ux Ns -domain 77sockets can also be forwarded over the secure channel. 78.Pp 79.Nm 80connects and logs into the specified 81.Ar destination , 82which may be specified as either 83.Sm off 84.Oo user @ Oc hostname 85.Sm on 86or a URI of the form 87.Sm off 88.No ssh:// Oo user @ Oc hostname Op : port . 89.Sm on 90The user must prove 91his/her identity to the remote machine using one of several methods 92(see below). 93.Pp 94If a 95.Ar command 96is specified, 97it is executed on the remote host instead of a login shell. 98.Pp 99The options are as follows: 100.Pp 101.Bl -tag -width Ds -compact 102.It Fl 4 103Forces 104.Nm 105to use IPv4 addresses only. 106.Pp 107.It Fl 6 108Forces 109.Nm 110to use IPv6 addresses only. 111.Pp 112.It Fl A 113Enables forwarding of the authentication agent connection. 114This can also be specified on a per-host basis in a configuration file. 115.Pp 116Agent forwarding should be enabled with caution. 117Users with the ability to bypass file permissions on the remote host 118(for the agent's 119.Ux Ns -domain 120socket) can access the local agent through the forwarded connection. 121An attacker cannot obtain key material from the agent, 122however they can perform operations on the keys that enable them to 123authenticate using the identities loaded into the agent. 124.Pp 125.It Fl a 126Disables forwarding of the authentication agent connection. 127.Pp 128.It Fl B Ar bind_interface 129Bind to the address of 130.Ar bind_interface 131before attempting to connect to the destination host. 132This is only useful on systems with more than one address. 133.Pp 134.It Fl b Ar bind_address 135Use 136.Ar bind_address 137on the local machine as the source address 138of the connection. 139Only useful on systems with more than one address. 140.Pp 141.It Fl C 142Requests compression of all data (including stdin, stdout, stderr, and 143data for forwarded X11, TCP and 144.Ux Ns -domain 145connections). 146The compression algorithm is the same used by 147.Xr gzip 1 . 148Compression is desirable on modem lines and other 149slow connections, but will only slow down things on fast networks. 150The default value can be set on a host-by-host basis in the 151configuration files; see the 152.Cm Compression 153option. 154.Pp 155.It Fl c Ar cipher_spec 156Selects the cipher specification for encrypting the session. 157.Ar cipher_spec 158is a comma-separated list of ciphers 159listed in order of preference. 160See the 161.Cm Ciphers 162keyword in 163.Xr ssh_config 5 164for more information. 165.Pp 166.It Fl D Xo 167.Sm off 168.Oo Ar bind_address : Oc 169.Ar port 170.Sm on 171.Xc 172Specifies a local 173.Dq dynamic 174application-level port forwarding. 175This works by allocating a socket to listen to 176.Ar port 177on the local side, optionally bound to the specified 178.Ar bind_address . 179Whenever a connection is made to this port, the 180connection is forwarded over the secure channel, and the application 181protocol is then used to determine where to connect to from the 182remote machine. 183Currently the SOCKS4 and SOCKS5 protocols are supported, and 184.Nm 185will act as a SOCKS server. 186Only root can forward privileged ports. 187Dynamic port forwardings can also be specified in the configuration file. 188.Pp 189IPv6 addresses can be specified by enclosing the address in square brackets. 190Only the superuser can forward privileged ports. 191By default, the local port is bound in accordance with the 192.Cm GatewayPorts 193setting. 194However, an explicit 195.Ar bind_address 196may be used to bind the connection to a specific address. 197The 198.Ar bind_address 199of 200.Dq localhost 201indicates that the listening port be bound for local use only, while an 202empty address or 203.Sq * 204indicates that the port should be available from all interfaces. 205.Pp 206.It Fl E Ar log_file 207Append debug logs to 208.Ar log_file 209instead of standard error. 210.Pp 211.It Fl e Ar escape_char 212Sets the escape character for sessions with a pty (default: 213.Ql ~ ) . 214The escape character is only recognized at the beginning of a line. 215The escape character followed by a dot 216.Pq Ql \&. 217closes the connection; 218followed by control-Z suspends the connection; 219and followed by itself sends the escape character once. 220Setting the character to 221.Dq none 222disables any escapes and makes the session fully transparent. 223.Pp 224.It Fl F Ar configfile 225Specifies an alternative per-user configuration file. 226If a configuration file is given on the command line, 227the system-wide configuration file 228.Pq Pa /etc/ssh/ssh_config 229will be ignored. 230The default for the per-user configuration file is 231.Pa ~/.ssh/config . 232.Pp 233.It Fl f 234Requests 235.Nm 236to go to background just before command execution. 237This is useful if 238.Nm 239is going to ask for passwords or passphrases, but the user 240wants it in the background. 241This implies 242.Fl n . 243The recommended way to start X11 programs at a remote site is with 244something like 245.Ic ssh -f host xterm . 246.Pp 247If the 248.Cm ExitOnForwardFailure 249configuration option is set to 250.Dq yes , 251then a client started with 252.Fl f 253will wait for all remote port forwards to be successfully established 254before placing itself in the background. 255.Pp 256.It Fl G 257Causes 258.Nm 259to print its configuration after evaluating 260.Cm Host 261and 262.Cm Match 263blocks and exit. 264.Pp 265.It Fl g 266Allows remote hosts to connect to local forwarded ports. 267If used on a multiplexed connection, then this option must be specified 268on the master process. 269.Pp 270.It Fl I Ar pkcs11 271Specify the PKCS#11 shared library 272.Nm 273should use to communicate with a PKCS#11 token providing keys for user 274authentication. 275.Pp 276.It Fl i Ar identity_file 277Selects a file from which the identity (private key) for 278public key authentication is read. 279The default is 280.Pa ~/.ssh/id_dsa , 281.Pa ~/.ssh/id_ecdsa , 282.Pa ~/.ssh/id_ed25519 283and 284.Pa ~/.ssh/id_rsa . 285Identity files may also be specified on 286a per-host basis in the configuration file. 287It is possible to have multiple 288.Fl i 289options (and multiple identities specified in 290configuration files). 291If no certificates have been explicitly specified by the 292.Cm CertificateFile 293directive, 294.Nm 295will also try to load certificate information from the filename obtained 296by appending 297.Pa -cert.pub 298to identity filenames. 299.Pp 300.It Fl J Ar destination 301Connect to the target host by first making a 302.Nm 303connection to the jump host described by 304.Ar destination 305and then establishing a TCP forwarding to the ultimate destination from 306there. 307Multiple jump hops may be specified separated by comma characters. 308This is a shortcut to specify a 309.Cm ProxyJump 310configuration directive. 311Note that configuration directives supplied on the command-line generally 312apply to the destination host and not any specified jump hosts. 313Use 314.Pa ~/.ssh/config 315to specify configuration for jump hosts. 316.Pp 317.It Fl K 318Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI 319credentials to the server. 320.Pp 321.It Fl k 322Disables forwarding (delegation) of GSSAPI credentials to the server. 323.Pp 324.It Fl L Xo 325.Sm off 326.Oo Ar bind_address : Oc 327.Ar port : host : hostport 328.Sm on 329.Xc 330.It Fl L Xo 331.Sm off 332.Oo Ar bind_address : Oc 333.Ar port : remote_socket 334.Sm on 335.Xc 336.It Fl L Xo 337.Sm off 338.Ar local_socket : host : hostport 339.Sm on 340.Xc 341.It Fl L Xo 342.Sm off 343.Ar local_socket : remote_socket 344.Sm on 345.Xc 346Specifies that connections to the given TCP port or Unix socket on the local 347(client) host are to be forwarded to the given host and port, or Unix socket, 348on the remote side. 349This works by allocating a socket to listen to either a TCP 350.Ar port 351on the local side, optionally bound to the specified 352.Ar bind_address , 353or to a Unix socket. 354Whenever a connection is made to the local port or socket, the 355connection is forwarded over the secure channel, and a connection is 356made to either 357.Ar host 358port 359.Ar hostport , 360or the Unix socket 361.Ar remote_socket , 362from the remote machine. 363.Pp 364Port forwardings can also be specified in the configuration file. 365Only the superuser can forward privileged ports. 366IPv6 addresses can be specified by enclosing the address in square brackets. 367.Pp 368By default, the local port is bound in accordance with the 369.Cm GatewayPorts 370setting. 371However, an explicit 372.Ar bind_address 373may be used to bind the connection to a specific address. 374The 375.Ar bind_address 376of 377.Dq localhost 378indicates that the listening port be bound for local use only, while an 379empty address or 380.Sq * 381indicates that the port should be available from all interfaces. 382.Pp 383.It Fl l Ar login_name 384Specifies the user to log in as on the remote machine. 385This also may be specified on a per-host basis in the configuration file. 386.Pp 387.It Fl M 388Places the 389.Nm 390client into 391.Dq master 392mode for connection sharing. 393Multiple 394.Fl M 395options places 396.Nm 397into 398.Dq master 399mode but with confirmation required using 400.Xr ssh-askpass 1 401before each operation that changes the multiplexing state 402(e.g. opening a new session). 403Refer to the description of 404.Cm ControlMaster 405in 406.Xr ssh_config 5 407for details. 408.Pp 409.It Fl m Ar mac_spec 410A comma-separated list of MAC (message authentication code) algorithms, 411specified in order of preference. 412See the 413.Cm MACs 414keyword for more information. 415.Pp 416.It Fl N 417Do not execute a remote command. 418This is useful for just forwarding ports. 419.Pp 420.It Fl n 421Redirects stdin from 422.Pa /dev/null 423(actually, prevents reading from stdin). 424This must be used when 425.Nm 426is run in the background. 427A common trick is to use this to run X11 programs on a remote machine. 428For example, 429.Ic ssh -n shadows.cs.hut.fi emacs & 430will start an emacs on shadows.cs.hut.fi, and the X11 431connection will be automatically forwarded over an encrypted channel. 432The 433.Nm 434program will be put in the background. 435(This does not work if 436.Nm 437needs to ask for a password or passphrase; see also the 438.Fl f 439option.) 440.Pp 441.It Fl O Ar ctl_cmd 442Control an active connection multiplexing master process. 443When the 444.Fl O 445option is specified, the 446.Ar ctl_cmd 447argument is interpreted and passed to the master process. 448Valid commands are: 449.Dq check 450(check that the master process is running), 451.Dq forward 452(request forwardings without command execution), 453.Dq cancel 454(cancel forwardings), 455.Dq exit 456(request the master to exit), and 457.Dq stop 458(request the master to stop accepting further multiplexing requests). 459.Pp 460.It Fl o Ar option 461Can be used to give options in the format used in the configuration file. 462This is useful for specifying options for which there is no separate 463command-line flag. 464For full details of the options listed below, and their possible values, see 465.Xr ssh_config 5 . 466.Pp 467.Bl -tag -width Ds -offset indent -compact 468.It AddKeysToAgent 469.It AddressFamily 470.It BatchMode 471.It BindAddress 472.It CanonicalDomains 473.It CanonicalizeFallbackLocal 474.It CanonicalizeHostname 475.It CanonicalizeMaxDots 476.It CanonicalizePermittedCNAMEs 477.It CASignatureAlgorithms 478.It CertificateFile 479.It ChallengeResponseAuthentication 480.It CheckHostIP 481.It Ciphers 482.It ClearAllForwardings 483.It Compression 484.It ConnectionAttempts 485.It ConnectTimeout 486.It ControlMaster 487.It ControlPath 488.It ControlPersist 489.It DynamicForward 490.It EscapeChar 491.It ExitOnForwardFailure 492.It FingerprintHash 493.It ForwardAgent 494.It ForwardX11 495.It ForwardX11Timeout 496.It ForwardX11Trusted 497.It GatewayPorts 498.It GlobalKnownHostsFile 499.It GSSAPIAuthentication 500.It GSSAPIDelegateCredentials 501.It HashKnownHosts 502.It Host 503.It HostbasedAuthentication 504.It HostbasedKeyTypes 505.It HostKeyAlgorithms 506.It HostKeyAlias 507.It HostName 508.It IdentitiesOnly 509.It IdentityAgent 510.It IdentityFile 511.It IPQoS 512.It KbdInteractiveAuthentication 513.It KbdInteractiveDevices 514.It KexAlgorithms 515.It LocalCommand 516.It LocalForward 517.It LogLevel 518.It MACs 519.It Match 520.It NoHostAuthenticationForLocalhost 521.It NumberOfPasswordPrompts 522.It PasswordAuthentication 523.It PermitLocalCommand 524.It PKCS11Provider 525.It Port 526.It PreferredAuthentications 527.It ProxyCommand 528.It ProxyJump 529.It ProxyUseFdpass 530.It PubkeyAcceptedKeyTypes 531.It PubkeyAuthentication 532.It RekeyLimit 533.It RemoteCommand 534.It RemoteForward 535.It RequestTTY 536.It SendEnv 537.It ServerAliveInterval 538.It ServerAliveCountMax 539.It SetEnv 540.It StreamLocalBindMask 541.It StreamLocalBindUnlink 542.It StrictHostKeyChecking 543.It TCPKeepAlive 544.It Tunnel 545.It TunnelDevice 546.It UpdateHostKeys 547.It User 548.It UserKnownHostsFile 549.It VerifyHostKeyDNS 550.It VisualHostKey 551.It XAuthLocation 552.El 553.Pp 554.It Fl p Ar port 555Port to connect to on the remote host. 556This can be specified on a 557per-host basis in the configuration file. 558.Pp 559.It Fl Q Ar query_option 560Queries 561.Nm 562for the algorithms supported for the specified version 2. 563The available features are: 564.Ar cipher 565(supported symmetric ciphers), 566.Ar cipher-auth 567(supported symmetric ciphers that support authenticated encryption), 568.Ar help 569(supported query terms for use with the 570.Fl Q 571flag), 572.Ar mac 573(supported message integrity codes), 574.Ar kex 575(key exchange algorithms), 576.Ar key 577(key types), 578.Ar key-cert 579(certificate key types), 580.Ar key-plain 581(non-certificate key types), 582.Ar protocol-version 583(supported SSH protocol versions), and 584.Ar sig 585(supported signature algorithms). 586.Pp 587.It Fl q 588Quiet mode. 589Causes most warning and diagnostic messages to be suppressed. 590.Pp 591.It Fl R Xo 592.Sm off 593.Oo Ar bind_address : Oc 594.Ar port : host : hostport 595.Sm on 596.Xc 597.It Fl R Xo 598.Sm off 599.Oo Ar bind_address : Oc 600.Ar port : local_socket 601.Sm on 602.Xc 603.It Fl R Xo 604.Sm off 605.Ar remote_socket : host : hostport 606.Sm on 607.Xc 608.It Fl R Xo 609.Sm off 610.Ar remote_socket : local_socket 611.Sm on 612.Xc 613.It Fl R Xo 614.Sm off 615.Oo Ar bind_address : Oc 616.Ar port 617.Sm on 618.Xc 619Specifies that connections to the given TCP port or Unix socket on the remote 620(server) host are to be forwarded to the local side. 621.Pp 622This works by allocating a socket to listen to either a TCP 623.Ar port 624or to a Unix socket on the remote side. 625Whenever a connection is made to this port or Unix socket, the 626connection is forwarded over the secure channel, and a connection 627is made from the local machine to either an explicit destination specified by 628.Ar host 629port 630.Ar hostport , 631or 632.Ar local_socket , 633or, if no explicit destination was specified, 634.Nm 635will act as a SOCKS 4/5 proxy and forward connections to the destinations 636requested by the remote SOCKS client. 637.Pp 638Port forwardings can also be specified in the configuration file. 639Privileged ports can be forwarded only when 640logging in as root on the remote machine. 641IPv6 addresses can be specified by enclosing the address in square brackets. 642.Pp 643By default, TCP listening sockets on the server will be bound to the loopback 644interface only. 645This may be overridden by specifying a 646.Ar bind_address . 647An empty 648.Ar bind_address , 649or the address 650.Ql * , 651indicates that the remote socket should listen on all interfaces. 652Specifying a remote 653.Ar bind_address 654will only succeed if the server's 655.Cm GatewayPorts 656option is enabled (see 657.Xr sshd_config 5 ) . 658.Pp 659If the 660.Ar port 661argument is 662.Ql 0 , 663the listen port will be dynamically allocated on the server and reported 664to the client at run time. 665When used together with 666.Ic -O forward 667the allocated port will be printed to the standard output. 668.Pp 669.It Fl S Ar ctl_path 670Specifies the location of a control socket for connection sharing, 671or the string 672.Dq none 673to disable connection sharing. 674Refer to the description of 675.Cm ControlPath 676and 677.Cm ControlMaster 678in 679.Xr ssh_config 5 680for details. 681.Pp 682.It Fl s 683May be used to request invocation of a subsystem on the remote system. 684Subsystems facilitate the use of SSH 685as a secure transport for other applications (e.g.\& 686.Xr sftp 1 ) . 687The subsystem is specified as the remote command. 688.Pp 689.It Fl T 690Disable pseudo-terminal allocation. 691.Pp 692.It Fl t 693Force pseudo-terminal allocation. 694This can be used to execute arbitrary 695screen-based programs on a remote machine, which can be very useful, 696e.g. when implementing menu services. 697Multiple 698.Fl t 699options force tty allocation, even if 700.Nm 701has no local tty. 702.Pp 703.It Fl V 704Display the version number and exit. 705.Pp 706.It Fl v 707Verbose mode. 708Causes 709.Nm 710to print debugging messages about its progress. 711This is helpful in 712debugging connection, authentication, and configuration problems. 713Multiple 714.Fl v 715options increase the verbosity. 716The maximum is 3. 717.Pp 718.It Fl W Ar host : Ns Ar port 719Requests that standard input and output on the client be forwarded to 720.Ar host 721on 722.Ar port 723over the secure channel. 724Implies 725.Fl N , 726.Fl T , 727.Cm ExitOnForwardFailure 728and 729.Cm ClearAllForwardings , 730though these can be overridden in the configuration file or using 731.Fl o 732command line options. 733.Pp 734.It Fl w Xo 735.Ar local_tun Ns Op : Ns Ar remote_tun 736.Xc 737Requests 738tunnel 739device forwarding with the specified 740.Xr tun 4 741devices between the client 742.Pq Ar local_tun 743and the server 744.Pq Ar remote_tun . 745.Pp 746The devices may be specified by numerical ID or the keyword 747.Dq any , 748which uses the next available tunnel device. 749If 750.Ar remote_tun 751is not specified, it defaults to 752.Dq any . 753See also the 754.Cm Tunnel 755and 756.Cm TunnelDevice 757directives in 758.Xr ssh_config 5 . 759.Pp 760If the 761.Cm Tunnel 762directive is unset, it will be set to the default tunnel mode, which is 763.Dq point-to-point . 764If a different 765.Cm Tunnel 766forwarding mode it desired, then it should be specified before 767.Fl w . 768.Pp 769.It Fl X 770Enables X11 forwarding. 771This can also be specified on a per-host basis in a configuration file. 772.Pp 773X11 forwarding should be enabled with caution. 774Users with the ability to bypass file permissions on the remote host 775(for the user's X authorization database) 776can access the local X11 display through the forwarded connection. 777An attacker may then be able to perform activities such as keystroke monitoring. 778.Pp 779For this reason, X11 forwarding is subjected to X11 SECURITY extension 780restrictions by default. 781Please refer to the 782.Nm 783.Fl Y 784option and the 785.Cm ForwardX11Trusted 786directive in 787.Xr ssh_config 5 788for more information. 789.Pp 790.It Fl x 791Disables X11 forwarding. 792.Pp 793.It Fl Y 794Enables trusted X11 forwarding. 795Trusted X11 forwardings are not subjected to the X11 SECURITY extension 796controls. 797.Pp 798.It Fl y 799Send log information using the 800.Xr syslog 3 801system module. 802By default this information is sent to stderr. 803.El 804.Pp 805.Nm 806may additionally obtain configuration data from 807a per-user configuration file and a system-wide configuration file. 808The file format and configuration options are described in 809.Xr ssh_config 5 . 810.Sh AUTHENTICATION 811The OpenSSH SSH client supports SSH protocol 2. 812.Pp 813The methods available for authentication are: 814GSSAPI-based authentication, 815host-based authentication, 816public key authentication, 817challenge-response authentication, 818and password authentication. 819Authentication methods are tried in the order specified above, 820though 821.Cm PreferredAuthentications 822can be used to change the default order. 823.Pp 824Host-based authentication works as follows: 825If the machine the user logs in from is listed in 826.Pa /etc/hosts.equiv 827or 828.Pa /etc/shosts.equiv 829on the remote machine, and the user names are 830the same on both sides, or if the files 831.Pa ~/.rhosts 832or 833.Pa ~/.shosts 834exist in the user's home directory on the 835remote machine and contain a line containing the name of the client 836machine and the name of the user on that machine, the user is 837considered for login. 838Additionally, the server 839.Em must 840be able to verify the client's 841host key (see the description of 842.Pa /etc/ssh/ssh_known_hosts 843and 844.Pa ~/.ssh/known_hosts , 845below) 846for login to be permitted. 847This authentication method closes security holes due to IP 848spoofing, DNS spoofing, and routing spoofing. 849[Note to the administrator: 850.Pa /etc/hosts.equiv , 851.Pa ~/.rhosts , 852and the rlogin/rsh protocol in general, are inherently insecure and should be 853disabled if security is desired.] 854.Pp 855Public key authentication works as follows: 856The scheme is based on public-key cryptography, 857using cryptosystems 858where encryption and decryption are done using separate keys, 859and it is unfeasible to derive the decryption key from the encryption key. 860The idea is that each user creates a public/private 861key pair for authentication purposes. 862The server knows the public key, and only the user knows the private key. 863.Nm 864implements public key authentication protocol automatically, 865using one of the DSA, ECDSA, Ed25519 or RSA algorithms. 866The HISTORY section of 867.Xr ssl 8 868contains a brief discussion of the DSA and RSA algorithms. 869.Pp 870The file 871.Pa ~/.ssh/authorized_keys 872lists the public keys that are permitted for logging in. 873When the user logs in, the 874.Nm 875program tells the server which key pair it would like to use for 876authentication. 877The client proves that it has access to the private key 878and the server checks that the corresponding public key 879is authorized to accept the account. 880.Pp 881The server may inform the client of errors that prevented public key 882authentication from succeeding after authentication completes using a 883different method. 884These may be viewed by increasing the 885.Cm LogLevel 886to 887.Cm DEBUG 888or higher (e.g. by using the 889.Fl v 890flag). 891.Pp 892The user creates his/her key pair by running 893.Xr ssh-keygen 1 . 894This stores the private key in 895.Pa ~/.ssh/id_dsa 896(DSA), 897.Pa ~/.ssh/id_ecdsa 898(ECDSA), 899.Pa ~/.ssh/id_ed25519 900(Ed25519), 901or 902.Pa ~/.ssh/id_rsa 903(RSA) 904and stores the public key in 905.Pa ~/.ssh/id_dsa.pub 906(DSA), 907.Pa ~/.ssh/id_ecdsa.pub 908(ECDSA), 909.Pa ~/.ssh/id_ed25519.pub 910(Ed25519), 911or 912.Pa ~/.ssh/id_rsa.pub 913(RSA) 914in the user's home directory. 915The user should then copy the public key 916to 917.Pa ~/.ssh/authorized_keys 918in his/her home directory on the remote machine. 919The 920.Pa authorized_keys 921file corresponds to the conventional 922.Pa ~/.rhosts 923file, and has one key 924per line, though the lines can be very long. 925After this, the user can log in without giving the password. 926.Pp 927A variation on public key authentication 928is available in the form of certificate authentication: 929instead of a set of public/private keys, 930signed certificates are used. 931This has the advantage that a single trusted certification authority 932can be used in place of many public/private keys. 933See the CERTIFICATES section of 934.Xr ssh-keygen 1 935for more information. 936.Pp 937The most convenient way to use public key or certificate authentication 938may be with an authentication agent. 939See 940.Xr ssh-agent 1 941and (optionally) the 942.Cm AddKeysToAgent 943directive in 944.Xr ssh_config 5 945for more information. 946.Pp 947Challenge-response authentication works as follows: 948The server sends an arbitrary 949.Qq challenge 950text, and prompts for a response. 951Examples of challenge-response authentication include 952.Bx 953Authentication (see 954.Xr login.conf 5 ) 955and PAM (some 956.Pf non- Ox 957systems). 958.Pp 959Finally, if other authentication methods fail, 960.Nm 961prompts the user for a password. 962The password is sent to the remote 963host for checking; however, since all communications are encrypted, 964the password cannot be seen by someone listening on the network. 965.Pp 966.Nm 967automatically maintains and checks a database containing 968identification for all hosts it has ever been used with. 969Host keys are stored in 970.Pa ~/.ssh/known_hosts 971in the user's home directory. 972Additionally, the file 973.Pa /etc/ssh/ssh_known_hosts 974is automatically checked for known hosts. 975Any new hosts are automatically added to the user's file. 976If a host's identification ever changes, 977.Nm 978warns about this and disables password authentication to prevent 979server spoofing or man-in-the-middle attacks, 980which could otherwise be used to circumvent the encryption. 981The 982.Cm StrictHostKeyChecking 983option can be used to control logins to machines whose 984host key is not known or has changed. 985.Pp 986When the user's identity has been accepted by the server, the server 987either executes the given command in a non-interactive session or, 988if no command has been specified, logs into the machine and gives 989the user a normal shell as an interactive session. 990All communication with 991the remote command or shell will be automatically encrypted. 992.Pp 993If an interactive session is requested 994.Nm 995by default will only request a pseudo-terminal (pty) for interactive 996sessions when the client has one. 997The flags 998.Fl T 999and 1000.Fl t 1001can be used to override this behaviour. 1002.Pp 1003If a pseudo-terminal has been allocated the 1004user may use the escape characters noted below. 1005.Pp 1006If no pseudo-terminal has been allocated, 1007the session is transparent and can be used to reliably transfer binary data. 1008On most systems, setting the escape character to 1009.Dq none 1010will also make the session transparent even if a tty is used. 1011.Pp 1012The session terminates when the command or shell on the remote 1013machine exits and all X11 and TCP connections have been closed. 1014.Sh ESCAPE CHARACTERS 1015When a pseudo-terminal has been requested, 1016.Nm 1017supports a number of functions through the use of an escape character. 1018.Pp 1019A single tilde character can be sent as 1020.Ic ~~ 1021or by following the tilde by a character other than those described below. 1022The escape character must always follow a newline to be interpreted as 1023special. 1024The escape character can be changed in configuration files using the 1025.Cm EscapeChar 1026configuration directive or on the command line by the 1027.Fl e 1028option. 1029.Pp 1030The supported escapes (assuming the default 1031.Ql ~ ) 1032are: 1033.Bl -tag -width Ds 1034.It Cm ~. 1035Disconnect. 1036.It Cm ~^Z 1037Background 1038.Nm . 1039.It Cm ~# 1040List forwarded connections. 1041.It Cm ~& 1042Background 1043.Nm 1044at logout when waiting for forwarded connection / X11 sessions to terminate. 1045.It Cm ~? 1046Display a list of escape characters. 1047.It Cm ~B 1048Send a BREAK to the remote system 1049(only useful if the peer supports it). 1050.It Cm ~C 1051Open command line. 1052Currently this allows the addition of port forwardings using the 1053.Fl L , 1054.Fl R 1055and 1056.Fl D 1057options (see above). 1058It also allows the cancellation of existing port-forwardings 1059with 1060.Sm off 1061.Fl KL Oo Ar bind_address : Oc Ar port 1062.Sm on 1063for local, 1064.Sm off 1065.Fl KR Oo Ar bind_address : Oc Ar port 1066.Sm on 1067for remote and 1068.Sm off 1069.Fl KD Oo Ar bind_address : Oc Ar port 1070.Sm on 1071for dynamic port-forwardings. 1072.Ic !\& Ns Ar command 1073allows the user to execute a local command if the 1074.Ic PermitLocalCommand 1075option is enabled in 1076.Xr ssh_config 5 . 1077Basic help is available, using the 1078.Fl h 1079option. 1080.It Cm ~R 1081Request rekeying of the connection 1082(only useful if the peer supports it). 1083.It Cm ~V 1084Decrease the verbosity 1085.Pq Ic LogLevel 1086when errors are being written to stderr. 1087.It Cm ~v 1088Increase the verbosity 1089.Pq Ic LogLevel 1090when errors are being written to stderr. 1091.El 1092.Sh TCP FORWARDING 1093Forwarding of arbitrary TCP connections over a secure channel 1094can be specified either on the command line or in a configuration file. 1095One possible application of TCP forwarding is a secure connection to a 1096mail server; another is going through firewalls. 1097.Pp 1098In the example below, we look at encrypting communication for an IRC client, 1099even though the IRC server it connects to does not directly 1100support encrypted communication. 1101This works as follows: 1102the user connects to the remote host using 1103.Nm , 1104specifying the ports to be used to forward the connection. 1105After that it is possible to start the program locally, 1106and 1107.Nm 1108will encrypt and forward the connection to the remote server. 1109.Pp 1110The following example tunnels an IRC session from the client 1111to an IRC server at 1112.Dq server.example.com , 1113joining channel 1114.Dq #users , 1115nickname 1116.Dq pinky , 1117using the standard IRC port, 6667: 1118.Bd -literal -offset 4n 1119$ ssh -f -L 6667:localhost:6667 server.example.com sleep 10 1120$ irc -c '#users' pinky IRC/127.0.0.1 1121.Ed 1122.Pp 1123The 1124.Fl f 1125option backgrounds 1126.Nm 1127and the remote command 1128.Dq sleep 10 1129is specified to allow an amount of time 1130(10 seconds, in the example) 1131to start the program which is going to use the tunnel. 1132If no connections are made within the time specified, 1133.Nm 1134will exit. 1135.Sh X11 FORWARDING 1136If the 1137.Cm ForwardX11 1138variable is set to 1139.Dq yes 1140(or see the description of the 1141.Fl X , 1142.Fl x , 1143and 1144.Fl Y 1145options above) 1146and the user is using X11 (the 1147.Ev DISPLAY 1148environment variable is set), the connection to the X11 display is 1149automatically forwarded to the remote side in such a way that any X11 1150programs started from the shell (or command) will go through the 1151encrypted channel, and the connection to the real X server will be made 1152from the local machine. 1153The user should not manually set 1154.Ev DISPLAY . 1155Forwarding of X11 connections can be 1156configured on the command line or in configuration files. 1157.Pp 1158The 1159.Ev DISPLAY 1160value set by 1161.Nm 1162will point to the server machine, but with a display number greater than zero. 1163This is normal, and happens because 1164.Nm 1165creates a 1166.Dq proxy 1167X server on the server machine for forwarding the 1168connections over the encrypted channel. 1169.Pp 1170.Nm 1171will also automatically set up Xauthority data on the server machine. 1172For this purpose, it will generate a random authorization cookie, 1173store it in Xauthority on the server, and verify that any forwarded 1174connections carry this cookie and replace it by the real cookie when 1175the connection is opened. 1176The real authentication cookie is never 1177sent to the server machine (and no cookies are sent in the plain). 1178.Pp 1179If the 1180.Cm ForwardAgent 1181variable is set to 1182.Dq yes 1183(or see the description of the 1184.Fl A 1185and 1186.Fl a 1187options above) and 1188the user is using an authentication agent, the connection to the agent 1189is automatically forwarded to the remote side. 1190.Sh VERIFYING HOST KEYS 1191When connecting to a server for the first time, 1192a fingerprint of the server's public key is presented to the user 1193(unless the option 1194.Cm StrictHostKeyChecking 1195has been disabled). 1196Fingerprints can be determined using 1197.Xr ssh-keygen 1 : 1198.Pp 1199.Dl $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key 1200.Pp 1201If the fingerprint is already known, it can be matched 1202and the key can be accepted or rejected. 1203If only legacy (MD5) fingerprints for the server are available, the 1204.Xr ssh-keygen 1 1205.Fl E 1206option may be used to downgrade the fingerprint algorithm to match. 1207.Pp 1208Because of the difficulty of comparing host keys 1209just by looking at fingerprint strings, 1210there is also support to compare host keys visually, 1211using 1212.Em random art . 1213By setting the 1214.Cm VisualHostKey 1215option to 1216.Dq yes , 1217a small ASCII graphic gets displayed on every login to a server, no matter 1218if the session itself is interactive or not. 1219By learning the pattern a known server produces, a user can easily 1220find out that the host key has changed when a completely different pattern 1221is displayed. 1222Because these patterns are not unambiguous however, a pattern that looks 1223similar to the pattern remembered only gives a good probability that the 1224host key is the same, not guaranteed proof. 1225.Pp 1226To get a listing of the fingerprints along with their random art for 1227all known hosts, the following command line can be used: 1228.Pp 1229.Dl $ ssh-keygen -lv -f ~/.ssh/known_hosts 1230.Pp 1231If the fingerprint is unknown, 1232an alternative method of verification is available: 1233SSH fingerprints verified by DNS. 1234An additional resource record (RR), 1235SSHFP, 1236is added to a zonefile 1237and the connecting client is able to match the fingerprint 1238with that of the key presented. 1239.Pp 1240In this example, we are connecting a client to a server, 1241.Dq host.example.com . 1242The SSHFP resource records should first be added to the zonefile for 1243host.example.com: 1244.Bd -literal -offset indent 1245$ ssh-keygen -r host.example.com. 1246.Ed 1247.Pp 1248The output lines will have to be added to the zonefile. 1249To check that the zone is answering fingerprint queries: 1250.Pp 1251.Dl $ dig -t SSHFP host.example.com 1252.Pp 1253Finally the client connects: 1254.Bd -literal -offset indent 1255$ ssh -o "VerifyHostKeyDNS ask" host.example.com 1256[...] 1257Matching host key fingerprint found in DNS. 1258Are you sure you want to continue connecting (yes/no)? 1259.Ed 1260.Pp 1261See the 1262.Cm VerifyHostKeyDNS 1263option in 1264.Xr ssh_config 5 1265for more information. 1266.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS 1267.Nm 1268contains support for Virtual Private Network (VPN) tunnelling 1269using the 1270.Xr tun 4 1271network pseudo-device, 1272allowing two networks to be joined securely. 1273The 1274.Xr sshd_config 5 1275configuration option 1276.Cm PermitTunnel 1277controls whether the server supports this, 1278and at what level (layer 2 or 3 traffic). 1279.Pp 1280The following example would connect client network 10.0.50.0/24 1281with remote network 10.0.99.0/24 using a point-to-point connection 1282from 10.1.1.1 to 10.1.1.2, 1283provided that the SSH server running on the gateway to the remote network, 1284at 192.168.1.15, allows it. 1285.Pp 1286On the client: 1287.Bd -literal -offset indent 1288# ssh -f -w 0:1 192.168.1.15 true 1289# ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252 1290# route add 10.0.99.0/24 10.1.1.2 1291.Ed 1292.Pp 1293On the server: 1294.Bd -literal -offset indent 1295# ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252 1296# route add 10.0.50.0/24 10.1.1.1 1297.Ed 1298.Pp 1299Client access may be more finely tuned via the 1300.Pa /root/.ssh/authorized_keys 1301file (see below) and the 1302.Cm PermitRootLogin 1303server option. 1304The following entry would permit connections on 1305.Xr tun 4 1306device 1 from user 1307.Dq jane 1308and on tun device 2 from user 1309.Dq john , 1310if 1311.Cm PermitRootLogin 1312is set to 1313.Dq forced-commands-only : 1314.Bd -literal -offset 2n 1315tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane 1316tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john 1317.Ed 1318.Pp 1319Since an SSH-based setup entails a fair amount of overhead, 1320it may be more suited to temporary setups, 1321such as for wireless VPNs. 1322More permanent VPNs are better provided by tools such as 1323.Xr ipsecctl 8 1324and 1325.Xr isakmpd 8 . 1326.Sh ENVIRONMENT 1327.Nm 1328will normally set the following environment variables: 1329.Bl -tag -width "SSH_ORIGINAL_COMMAND" 1330.It Ev DISPLAY 1331The 1332.Ev DISPLAY 1333variable indicates the location of the X11 server. 1334It is automatically set by 1335.Nm 1336to point to a value of the form 1337.Dq hostname:n , 1338where 1339.Dq hostname 1340indicates the host where the shell runs, and 1341.Sq n 1342is an integer \*(Ge 1. 1343.Nm 1344uses this special value to forward X11 connections over the secure 1345channel. 1346The user should normally not set 1347.Ev DISPLAY 1348explicitly, as that 1349will render the X11 connection insecure (and will require the user to 1350manually copy any required authorization cookies). 1351.It Ev HOME 1352Set to the path of the user's home directory. 1353.It Ev LOGNAME 1354Synonym for 1355.Ev USER ; 1356set for compatibility with systems that use this variable. 1357.It Ev MAIL 1358Set to the path of the user's mailbox. 1359.It Ev PATH 1360Set to the default 1361.Ev PATH , 1362as specified when compiling 1363.Nm . 1364.It Ev SSH_ASKPASS 1365If 1366.Nm 1367needs a passphrase, it will read the passphrase from the current 1368terminal if it was run from a terminal. 1369If 1370.Nm 1371does not have a terminal associated with it but 1372.Ev DISPLAY 1373and 1374.Ev SSH_ASKPASS 1375are set, it will execute the program specified by 1376.Ev SSH_ASKPASS 1377and open an X11 window to read the passphrase. 1378This is particularly useful when calling 1379.Nm 1380from a 1381.Pa .xsession 1382or related script. 1383(Note that on some machines it 1384may be necessary to redirect the input from 1385.Pa /dev/null 1386to make this work.) 1387.It Ev SSH_AUTH_SOCK 1388Identifies the path of a 1389.Ux Ns -domain 1390socket used to communicate with the agent. 1391.It Ev SSH_CONNECTION 1392Identifies the client and server ends of the connection. 1393The variable contains 1394four space-separated values: client IP address, client port number, 1395server IP address, and server port number. 1396.It Ev SSH_ORIGINAL_COMMAND 1397This variable contains the original command line if a forced command 1398is executed. 1399It can be used to extract the original arguments. 1400.It Ev SSH_TTY 1401This is set to the name of the tty (path to the device) associated 1402with the current shell or command. 1403If the current session has no tty, 1404this variable is not set. 1405.It Ev SSH_TUNNEL 1406Optionally set by 1407.Xr sshd 8 1408to contain the interface names assigned if tunnel forwarding was 1409requested by the client. 1410.It Ev SSH_USER_AUTH 1411Optionally set by 1412.Xr sshd 8 , 1413this variable may contain a pathname to a file that lists the authentication 1414methods successfully used when the session was established, including any 1415public keys that were used. 1416.It Ev TZ 1417This variable is set to indicate the present time zone if it 1418was set when the daemon was started (i.e. the daemon passes the value 1419on to new connections). 1420.It Ev USER 1421Set to the name of the user logging in. 1422.El 1423.Pp 1424Additionally, 1425.Nm 1426reads 1427.Pa ~/.ssh/environment , 1428and adds lines of the format 1429.Dq VARNAME=value 1430to the environment if the file exists and users are allowed to 1431change their environment. 1432For more information, see the 1433.Cm PermitUserEnvironment 1434option in 1435.Xr sshd_config 5 . 1436.Sh FILES 1437.Bl -tag -width Ds -compact 1438.It Pa ~/.rhosts 1439This file is used for host-based authentication (see above). 1440On some machines this file may need to be 1441world-readable if the user's home directory is on an NFS partition, 1442because 1443.Xr sshd 8 1444reads it as root. 1445Additionally, this file must be owned by the user, 1446and must not have write permissions for anyone else. 1447The recommended 1448permission for most machines is read/write for the user, and not 1449accessible by others. 1450.Pp 1451.It Pa ~/.shosts 1452This file is used in exactly the same way as 1453.Pa .rhosts , 1454but allows host-based authentication without permitting login with 1455rlogin/rsh. 1456.Pp 1457.It Pa ~/.ssh/ 1458This directory is the default location for all user-specific configuration 1459and authentication information. 1460There is no general requirement to keep the entire contents of this directory 1461secret, but the recommended permissions are read/write/execute for the user, 1462and not accessible by others. 1463.Pp 1464.It Pa ~/.ssh/authorized_keys 1465Lists the public keys (DSA, ECDSA, Ed25519, RSA) 1466that can be used for logging in as this user. 1467The format of this file is described in the 1468.Xr sshd 8 1469manual page. 1470This file is not highly sensitive, but the recommended 1471permissions are read/write for the user, and not accessible by others. 1472.Pp 1473.It Pa ~/.ssh/config 1474This is the per-user configuration file. 1475The file format and configuration options are described in 1476.Xr ssh_config 5 . 1477Because of the potential for abuse, this file must have strict permissions: 1478read/write for the user, and not writable by others. 1479.Pp 1480.It Pa ~/.ssh/environment 1481Contains additional definitions for environment variables; see 1482.Sx ENVIRONMENT , 1483above. 1484.Pp 1485.It Pa ~/.ssh/id_dsa 1486.It Pa ~/.ssh/id_ecdsa 1487.It Pa ~/.ssh/id_ed25519 1488.It Pa ~/.ssh/id_rsa 1489Contains the private key for authentication. 1490These files 1491contain sensitive data and should be readable by the user but not 1492accessible by others (read/write/execute). 1493.Nm 1494will simply ignore a private key file if it is accessible by others. 1495It is possible to specify a passphrase when 1496generating the key which will be used to encrypt the 1497sensitive part of this file using AES-128. 1498.Pp 1499.It Pa ~/.ssh/id_dsa.pub 1500.It Pa ~/.ssh/id_ecdsa.pub 1501.It Pa ~/.ssh/id_ed25519.pub 1502.It Pa ~/.ssh/id_rsa.pub 1503Contains the public key for authentication. 1504These files are not 1505sensitive and can (but need not) be readable by anyone. 1506.Pp 1507.It Pa ~/.ssh/known_hosts 1508Contains a list of host keys for all hosts the user has logged into 1509that are not already in the systemwide list of known host keys. 1510See 1511.Xr sshd 8 1512for further details of the format of this file. 1513.Pp 1514.It Pa ~/.ssh/rc 1515Commands in this file are executed by 1516.Nm 1517when the user logs in, just before the user's shell (or command) is 1518started. 1519See the 1520.Xr sshd 8 1521manual page for more information. 1522.Pp 1523.It Pa /etc/hosts.equiv 1524This file is for host-based authentication (see above). 1525It should only be writable by root. 1526.Pp 1527.It Pa /etc/shosts.equiv 1528This file is used in exactly the same way as 1529.Pa hosts.equiv , 1530but allows host-based authentication without permitting login with 1531rlogin/rsh. 1532.Pp 1533.It Pa /etc/ssh/ssh_config 1534Systemwide configuration file. 1535The file format and configuration options are described in 1536.Xr ssh_config 5 . 1537.Pp 1538.It Pa /etc/ssh/ssh_host_key 1539.It Pa /etc/ssh/ssh_host_dsa_key 1540.It Pa /etc/ssh/ssh_host_ecdsa_key 1541.It Pa /etc/ssh/ssh_host_ed25519_key 1542.It Pa /etc/ssh/ssh_host_rsa_key 1543These files contain the private parts of the host keys 1544and are used for host-based authentication. 1545.Pp 1546.It Pa /etc/ssh/ssh_known_hosts 1547Systemwide list of known host keys. 1548This file should be prepared by the 1549system administrator to contain the public host keys of all machines in the 1550organization. 1551It should be world-readable. 1552See 1553.Xr sshd 8 1554for further details of the format of this file. 1555.Pp 1556.It Pa /etc/ssh/sshrc 1557Commands in this file are executed by 1558.Nm 1559when the user logs in, just before the user's shell (or command) is started. 1560See the 1561.Xr sshd 8 1562manual page for more information. 1563.El 1564.Sh EXIT STATUS 1565.Nm 1566exits with the exit status of the remote command or with 255 1567if an error occurred. 1568.Sh SEE ALSO 1569.Xr scp 1 , 1570.Xr sftp 1 , 1571.Xr ssh-add 1 , 1572.Xr ssh-agent 1 , 1573.Xr ssh-keygen 1 , 1574.Xr ssh-keyscan 1 , 1575.Xr tun 4 , 1576.Xr ssh_config 5 , 1577.Xr ssh-keysign 8 , 1578.Xr sshd 8 1579.Sh STANDARDS 1580.Rs 1581.%A S. Lehtinen 1582.%A C. Lonvick 1583.%D January 2006 1584.%R RFC 4250 1585.%T The Secure Shell (SSH) Protocol Assigned Numbers 1586.Re 1587.Pp 1588.Rs 1589.%A T. Ylonen 1590.%A C. Lonvick 1591.%D January 2006 1592.%R RFC 4251 1593.%T The Secure Shell (SSH) Protocol Architecture 1594.Re 1595.Pp 1596.Rs 1597.%A T. Ylonen 1598.%A C. Lonvick 1599.%D January 2006 1600.%R RFC 4252 1601.%T The Secure Shell (SSH) Authentication Protocol 1602.Re 1603.Pp 1604.Rs 1605.%A T. Ylonen 1606.%A C. Lonvick 1607.%D January 2006 1608.%R RFC 4253 1609.%T The Secure Shell (SSH) Transport Layer Protocol 1610.Re 1611.Pp 1612.Rs 1613.%A T. Ylonen 1614.%A C. Lonvick 1615.%D January 2006 1616.%R RFC 4254 1617.%T The Secure Shell (SSH) Connection Protocol 1618.Re 1619.Pp 1620.Rs 1621.%A J. Schlyter 1622.%A W. Griffin 1623.%D January 2006 1624.%R RFC 4255 1625.%T Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints 1626.Re 1627.Pp 1628.Rs 1629.%A F. Cusack 1630.%A M. Forssen 1631.%D January 2006 1632.%R RFC 4256 1633.%T Generic Message Exchange Authentication for the Secure Shell Protocol (SSH) 1634.Re 1635.Pp 1636.Rs 1637.%A J. Galbraith 1638.%A P. Remaker 1639.%D January 2006 1640.%R RFC 4335 1641.%T The Secure Shell (SSH) Session Channel Break Extension 1642.Re 1643.Pp 1644.Rs 1645.%A M. Bellare 1646.%A T. Kohno 1647.%A C. Namprempre 1648.%D January 2006 1649.%R RFC 4344 1650.%T The Secure Shell (SSH) Transport Layer Encryption Modes 1651.Re 1652.Pp 1653.Rs 1654.%A B. Harris 1655.%D January 2006 1656.%R RFC 4345 1657.%T Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol 1658.Re 1659.Pp 1660.Rs 1661.%A M. Friedl 1662.%A N. Provos 1663.%A W. Simpson 1664.%D March 2006 1665.%R RFC 4419 1666.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol 1667.Re 1668.Pp 1669.Rs 1670.%A J. Galbraith 1671.%A R. Thayer 1672.%D November 2006 1673.%R RFC 4716 1674.%T The Secure Shell (SSH) Public Key File Format 1675.Re 1676.Pp 1677.Rs 1678.%A D. Stebila 1679.%A J. Green 1680.%D December 2009 1681.%R RFC 5656 1682.%T Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer 1683.Re 1684.Pp 1685.Rs 1686.%A A. Perrig 1687.%A D. Song 1688.%D 1999 1689.%O International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) 1690.%T Hash Visualization: a New Technique to improve Real-World Security 1691.Re 1692.Sh AUTHORS 1693OpenSSH is a derivative of the original and free 1694ssh 1.2.12 release by Tatu Ylonen. 1695Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 1696Theo de Raadt and Dug Song 1697removed many bugs, re-added newer features and 1698created OpenSSH. 1699Markus Friedl contributed the support for SSH 1700protocol versions 1.5 and 2.0. 1701