1.\" 2.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" All rights reserved 5.\" 6.\" As far as I am concerned, the code I have written for this software 7.\" can be used freely for any purpose. Any derived versions of this 8.\" software must be clearly marked as such, and if the derived work is 9.\" incompatible with the protocol description in the RFC file, it must be 10.\" called by a name other than "ssh" or "Secure Shell". 11.\" 12.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 13.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 14.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 15.\" 16.\" Redistribution and use in source and binary forms, with or without 17.\" modification, are permitted provided that the following conditions 18.\" are met: 19.\" 1. Redistributions of source code must retain the above copyright 20.\" notice, this list of conditions and the following disclaimer. 21.\" 2. Redistributions in binary form must reproduce the above copyright 22.\" notice, this list of conditions and the following disclaimer in the 23.\" documentation and/or other materials provided with the distribution. 24.\" 25.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 26.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 27.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 28.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 29.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 30.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 31.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 32.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" 36.\" $OpenBSD: ssh.1,v 1.384 2017/09/21 19:16:53 markus Exp $ 37.Dd $Mdocdate: September 21 2017 $ 38.Dt SSH 1 39.Os 40.Sh NAME 41.Nm ssh 42.Nd OpenSSH SSH client (remote login program) 43.Sh SYNOPSIS 44.Nm ssh 45.Bk -words 46.Op Fl 46AaCfGgKkMNnqsTtVvXxYy 47.Op Fl b Ar bind_address 48.Op Fl c Ar cipher_spec 49.Op Fl D Oo Ar bind_address : Oc Ns Ar port 50.Op Fl E Ar log_file 51.Op Fl e Ar escape_char 52.Op Fl F Ar configfile 53.Op Fl I Ar pkcs11 54.Op Fl i Ar identity_file 55.Op Fl J Oo Ar user Ns @ Oc Ns Ar host Ns Op : Ns Ar port 56.Op Fl L Ar address 57.Op Fl l Ar login_name 58.Op Fl m Ar mac_spec 59.Op Fl O Ar ctl_cmd 60.Op Fl o Ar option 61.Op Fl p Ar port 62.Op Fl Q Ar query_option 63.Op Fl R Ar address 64.Op Fl S Ar ctl_path 65.Op Fl W Ar host : Ns Ar port 66.Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun 67.Oo Ar user Ns @ Oc Ns Ar hostname 68.Op Ar command 69.Ek 70.Sh DESCRIPTION 71.Nm 72(SSH client) is a program for logging into a remote machine and for 73executing commands on a remote machine. 74It is intended to provide secure encrypted communications between 75two untrusted hosts over an insecure network. 76X11 connections, arbitrary TCP ports and 77.Ux Ns -domain 78sockets can also be forwarded over the secure channel. 79.Pp 80.Nm 81connects and logs into the specified 82.Ar hostname 83(with optional 84.Ar user 85name). 86The user must prove 87his/her identity to the remote machine using one of several methods 88(see below). 89.Pp 90If 91.Ar command 92is specified, 93it is executed on the remote host instead of a login shell. 94.Pp 95The options are as follows: 96.Pp 97.Bl -tag -width Ds -compact 98.It Fl 4 99Forces 100.Nm 101to use IPv4 addresses only. 102.Pp 103.It Fl 6 104Forces 105.Nm 106to use IPv6 addresses only. 107.Pp 108.It Fl A 109Enables forwarding of the authentication agent connection. 110This can also be specified on a per-host basis in a configuration file. 111.Pp 112Agent forwarding should be enabled with caution. 113Users with the ability to bypass file permissions on the remote host 114(for the agent's 115.Ux Ns -domain 116socket) can access the local agent through the forwarded connection. 117An attacker cannot obtain key material from the agent, 118however they can perform operations on the keys that enable them to 119authenticate using the identities loaded into the agent. 120.Pp 121.It Fl a 122Disables forwarding of the authentication agent connection. 123.Pp 124.It Fl b Ar bind_address 125Use 126.Ar bind_address 127on the local machine as the source address 128of the connection. 129Only useful on systems with more than one address. 130.Pp 131.It Fl C 132Requests compression of all data (including stdin, stdout, stderr, and 133data for forwarded X11, TCP and 134.Ux Ns -domain 135connections). 136The compression algorithm is the same used by 137.Xr gzip 1 . 138Compression is desirable on modem lines and other 139slow connections, but will only slow down things on fast networks. 140The default value can be set on a host-by-host basis in the 141configuration files; see the 142.Cm Compression 143option. 144.Pp 145.It Fl c Ar cipher_spec 146Selects the cipher specification for encrypting the session. 147.Ar cipher_spec 148is a comma-separated list of ciphers 149listed in order of preference. 150See the 151.Cm Ciphers 152keyword in 153.Xr ssh_config 5 154for more information. 155.Pp 156.It Fl D Xo 157.Sm off 158.Oo Ar bind_address : Oc 159.Ar port 160.Sm on 161.Xc 162Specifies a local 163.Dq dynamic 164application-level port forwarding. 165This works by allocating a socket to listen to 166.Ar port 167on the local side, optionally bound to the specified 168.Ar bind_address . 169Whenever a connection is made to this port, the 170connection is forwarded over the secure channel, and the application 171protocol is then used to determine where to connect to from the 172remote machine. 173Currently the SOCKS4 and SOCKS5 protocols are supported, and 174.Nm 175will act as a SOCKS server. 176Only root can forward privileged ports. 177Dynamic port forwardings can also be specified in the configuration file. 178.Pp 179IPv6 addresses can be specified by enclosing the address in square brackets. 180Only the superuser can forward privileged ports. 181By default, the local port is bound in accordance with the 182.Cm GatewayPorts 183setting. 184However, an explicit 185.Ar bind_address 186may be used to bind the connection to a specific address. 187The 188.Ar bind_address 189of 190.Dq localhost 191indicates that the listening port be bound for local use only, while an 192empty address or 193.Sq * 194indicates that the port should be available from all interfaces. 195.Pp 196.It Fl E Ar log_file 197Append debug logs to 198.Ar log_file 199instead of standard error. 200.Pp 201.It Fl e Ar escape_char 202Sets the escape character for sessions with a pty (default: 203.Ql ~ ) . 204The escape character is only recognized at the beginning of a line. 205The escape character followed by a dot 206.Pq Ql \&. 207closes the connection; 208followed by control-Z suspends the connection; 209and followed by itself sends the escape character once. 210Setting the character to 211.Dq none 212disables any escapes and makes the session fully transparent. 213.Pp 214.It Fl F Ar configfile 215Specifies an alternative per-user configuration file. 216If a configuration file is given on the command line, 217the system-wide configuration file 218.Pq Pa /etc/ssh/ssh_config 219will be ignored. 220The default for the per-user configuration file is 221.Pa ~/.ssh/config . 222.Pp 223.It Fl f 224Requests 225.Nm 226to go to background just before command execution. 227This is useful if 228.Nm 229is going to ask for passwords or passphrases, but the user 230wants it in the background. 231This implies 232.Fl n . 233The recommended way to start X11 programs at a remote site is with 234something like 235.Ic ssh -f host xterm . 236.Pp 237If the 238.Cm ExitOnForwardFailure 239configuration option is set to 240.Dq yes , 241then a client started with 242.Fl f 243will wait for all remote port forwards to be successfully established 244before placing itself in the background. 245.Pp 246.It Fl G 247Causes 248.Nm 249to print its configuration after evaluating 250.Cm Host 251and 252.Cm Match 253blocks and exit. 254.Pp 255.It Fl g 256Allows remote hosts to connect to local forwarded ports. 257If used on a multiplexed connection, then this option must be specified 258on the master process. 259.Pp 260.It Fl I Ar pkcs11 261Specify the PKCS#11 shared library 262.Nm 263should use to communicate with a PKCS#11 token providing the user's 264private RSA key. 265.Pp 266.It Fl i Ar identity_file 267Selects a file from which the identity (private key) for 268public key authentication is read. 269The default is 270.Pa ~/.ssh/id_dsa , 271.Pa ~/.ssh/id_ecdsa , 272.Pa ~/.ssh/id_ed25519 273and 274.Pa ~/.ssh/id_rsa . 275Identity files may also be specified on 276a per-host basis in the configuration file. 277It is possible to have multiple 278.Fl i 279options (and multiple identities specified in 280configuration files). 281If no certificates have been explicitly specified by the 282.Cm CertificateFile 283directive, 284.Nm 285will also try to load certificate information from the filename obtained 286by appending 287.Pa -cert.pub 288to identity filenames. 289.Pp 290.It Fl J Xo 291.Sm off 292.Op Ar user No @ 293.Ar host 294.Op : Ar port 295.Sm on 296.Xc 297Connect to the target host by first making a 298.Nm 299connection to the jump 300.Ar host 301and then establishing a TCP forwarding to the ultimate destination from 302there. 303Multiple jump hops may be specified separated by comma characters. 304This is a shortcut to specify a 305.Cm ProxyJump 306configuration directive. 307.Pp 308.It Fl K 309Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI 310credentials to the server. 311.Pp 312.It Fl k 313Disables forwarding (delegation) of GSSAPI credentials to the server. 314.Pp 315.It Fl L Xo 316.Sm off 317.Oo Ar bind_address : Oc 318.Ar port : host : hostport 319.Sm on 320.Xc 321.It Fl L Xo 322.Sm off 323.Oo Ar bind_address : Oc 324.Ar port : remote_socket 325.Sm on 326.Xc 327.It Fl L Xo 328.Sm off 329.Ar local_socket : host : hostport 330.Sm on 331.Xc 332.It Fl L Xo 333.Sm off 334.Ar local_socket : remote_socket 335.Sm on 336.Xc 337Specifies that connections to the given TCP port or Unix socket on the local 338(client) host are to be forwarded to the given host and port, or Unix socket, 339on the remote side. 340This works by allocating a socket to listen to either a TCP 341.Ar port 342on the local side, optionally bound to the specified 343.Ar bind_address , 344or to a Unix socket. 345Whenever a connection is made to the local port or socket, the 346connection is forwarded over the secure channel, and a connection is 347made to either 348.Ar host 349port 350.Ar hostport , 351or the Unix socket 352.Ar remote_socket , 353from the remote machine. 354.Pp 355Port forwardings can also be specified in the configuration file. 356Only the superuser can forward privileged ports. 357IPv6 addresses can be specified by enclosing the address in square brackets. 358.Pp 359By default, the local port is bound in accordance with the 360.Cm GatewayPorts 361setting. 362However, an explicit 363.Ar bind_address 364may be used to bind the connection to a specific address. 365The 366.Ar bind_address 367of 368.Dq localhost 369indicates that the listening port be bound for local use only, while an 370empty address or 371.Sq * 372indicates that the port should be available from all interfaces. 373.Pp 374.It Fl l Ar login_name 375Specifies the user to log in as on the remote machine. 376This also may be specified on a per-host basis in the configuration file. 377.Pp 378.It Fl M 379Places the 380.Nm 381client into 382.Dq master 383mode for connection sharing. 384Multiple 385.Fl M 386options places 387.Nm 388into 389.Dq master 390mode with confirmation required before slave connections are accepted. 391Refer to the description of 392.Cm ControlMaster 393in 394.Xr ssh_config 5 395for details. 396.Pp 397.It Fl m Ar mac_spec 398A comma-separated list of MAC (message authentication code) algorithms, 399specified in order of preference. 400See the 401.Cm MACs 402keyword for more information. 403.Pp 404.It Fl N 405Do not execute a remote command. 406This is useful for just forwarding ports. 407.Pp 408.It Fl n 409Redirects stdin from 410.Pa /dev/null 411(actually, prevents reading from stdin). 412This must be used when 413.Nm 414is run in the background. 415A common trick is to use this to run X11 programs on a remote machine. 416For example, 417.Ic ssh -n shadows.cs.hut.fi emacs & 418will start an emacs on shadows.cs.hut.fi, and the X11 419connection will be automatically forwarded over an encrypted channel. 420The 421.Nm 422program will be put in the background. 423(This does not work if 424.Nm 425needs to ask for a password or passphrase; see also the 426.Fl f 427option.) 428.Pp 429.It Fl O Ar ctl_cmd 430Control an active connection multiplexing master process. 431When the 432.Fl O 433option is specified, the 434.Ar ctl_cmd 435argument is interpreted and passed to the master process. 436Valid commands are: 437.Dq check 438(check that the master process is running), 439.Dq forward 440(request forwardings without command execution), 441.Dq cancel 442(cancel forwardings), 443.Dq exit 444(request the master to exit), and 445.Dq stop 446(request the master to stop accepting further multiplexing requests). 447.Pp 448.It Fl o Ar option 449Can be used to give options in the format used in the configuration file. 450This is useful for specifying options for which there is no separate 451command-line flag. 452For full details of the options listed below, and their possible values, see 453.Xr ssh_config 5 . 454.Pp 455.Bl -tag -width Ds -offset indent -compact 456.It AddKeysToAgent 457.It AddressFamily 458.It BatchMode 459.It BindAddress 460.It CanonicalDomains 461.It CanonicalizeFallbackLocal 462.It CanonicalizeHostname 463.It CanonicalizeMaxDots 464.It CanonicalizePermittedCNAMEs 465.It CertificateFile 466.It ChallengeResponseAuthentication 467.It CheckHostIP 468.It Ciphers 469.It ClearAllForwardings 470.It Compression 471.It ConnectionAttempts 472.It ConnectTimeout 473.It ControlMaster 474.It ControlPath 475.It ControlPersist 476.It DynamicForward 477.It EscapeChar 478.It ExitOnForwardFailure 479.It FingerprintHash 480.It ForwardAgent 481.It ForwardX11 482.It ForwardX11Timeout 483.It ForwardX11Trusted 484.It GatewayPorts 485.It GlobalKnownHostsFile 486.It GSSAPIAuthentication 487.It GSSAPIDelegateCredentials 488.It HashKnownHosts 489.It Host 490.It HostbasedAuthentication 491.It HostbasedKeyTypes 492.It HostKeyAlgorithms 493.It HostKeyAlias 494.It HostName 495.It IdentitiesOnly 496.It IdentityAgent 497.It IdentityFile 498.It Include 499.It IPQoS 500.It KbdInteractiveAuthentication 501.It KbdInteractiveDevices 502.It KexAlgorithms 503.It LocalCommand 504.It LocalForward 505.It LogLevel 506.It MACs 507.It Match 508.It NoHostAuthenticationForLocalhost 509.It NumberOfPasswordPrompts 510.It PasswordAuthentication 511.It PermitLocalCommand 512.It PKCS11Provider 513.It Port 514.It PreferredAuthentications 515.It ProxyCommand 516.It ProxyJump 517.It ProxyUseFdpass 518.It PubkeyAcceptedKeyTypes 519.It PubkeyAuthentication 520.It RekeyLimit 521.It RemoteCommand 522.It RemoteForward 523.It RequestTTY 524.It SendEnv 525.It ServerAliveInterval 526.It ServerAliveCountMax 527.It StreamLocalBindMask 528.It StreamLocalBindUnlink 529.It StrictHostKeyChecking 530.It TCPKeepAlive 531.It Tunnel 532.It TunnelDevice 533.It UpdateHostKeys 534.It UsePrivilegedPort 535.It User 536.It UserKnownHostsFile 537.It VerifyHostKeyDNS 538.It VisualHostKey 539.It XAuthLocation 540.El 541.Pp 542.It Fl p Ar port 543Port to connect to on the remote host. 544This can be specified on a 545per-host basis in the configuration file. 546.Pp 547.It Fl Q Ar query_option 548Queries 549.Nm 550for the algorithms supported for the specified version 2. 551The available features are: 552.Ar cipher 553(supported symmetric ciphers), 554.Ar cipher-auth 555(supported symmetric ciphers that support authenticated encryption), 556.Ar mac 557(supported message integrity codes), 558.Ar kex 559(key exchange algorithms), 560.Ar key 561(key types), 562.Ar key-cert 563(certificate key types), 564.Ar key-plain 565(non-certificate key types), and 566.Ar protocol-version 567(supported SSH protocol versions). 568.Pp 569.It Fl q 570Quiet mode. 571Causes most warning and diagnostic messages to be suppressed. 572.Pp 573.It Fl R Xo 574.Sm off 575.Oo Ar bind_address : Oc 576.Ar port : host : hostport 577.Sm on 578.Xc 579.It Fl R Xo 580.Sm off 581.Oo Ar bind_address : Oc 582.Ar port : local_socket 583.Sm on 584.Xc 585.It Fl R Xo 586.Sm off 587.Ar remote_socket : host : hostport 588.Sm on 589.Xc 590.It Fl R Xo 591.Sm off 592.Ar remote_socket : local_socket 593.Sm on 594.Xc 595.It Fl R Xo 596.Sm off 597.Oo Ar bind_address : Oc 598.Ar port 599.Sm on 600.Xc 601Specifies that connections to the given TCP port or Unix socket on the remote 602(server) host are to be forwarded to the local side. 603.Pp 604This works by allocating a socket to listen to either a TCP 605.Ar port 606or to a Unix socket on the remote side. 607Whenever a connection is made to this port or Unix socket, the 608connection is forwarded over the secure channel, and a connection 609is made from the local machine to either an explicit destination specified by 610.Ar host 611port 612.Ar hostport , 613or 614.Ar local_socket , 615or, if no explicit destination was specified, 616.Nm 617will act as a SOCKS 4/5 proxy and forward connections to the destinations 618requested by the remote SOCKS client. 619.Pp 620Port forwardings can also be specified in the configuration file. 621Privileged ports can be forwarded only when 622logging in as root on the remote machine. 623IPv6 addresses can be specified by enclosing the address in square brackets. 624.Pp 625By default, TCP listening sockets on the server will be bound to the loopback 626interface only. 627This may be overridden by specifying a 628.Ar bind_address . 629An empty 630.Ar bind_address , 631or the address 632.Ql * , 633indicates that the remote socket should listen on all interfaces. 634Specifying a remote 635.Ar bind_address 636will only succeed if the server's 637.Cm GatewayPorts 638option is enabled (see 639.Xr sshd_config 5 ) . 640.Pp 641If the 642.Ar port 643argument is 644.Ql 0 , 645the listen port will be dynamically allocated on the server and reported 646to the client at run time. 647When used together with 648.Ic -O forward 649the allocated port will be printed to the standard output. 650.Pp 651.It Fl S Ar ctl_path 652Specifies the location of a control socket for connection sharing, 653or the string 654.Dq none 655to disable connection sharing. 656Refer to the description of 657.Cm ControlPath 658and 659.Cm ControlMaster 660in 661.Xr ssh_config 5 662for details. 663.Pp 664.It Fl s 665May be used to request invocation of a subsystem on the remote system. 666Subsystems facilitate the use of SSH 667as a secure transport for other applications (e.g.\& 668.Xr sftp 1 ) . 669The subsystem is specified as the remote command. 670.Pp 671.It Fl T 672Disable pseudo-terminal allocation. 673.Pp 674.It Fl t 675Force pseudo-terminal allocation. 676This can be used to execute arbitrary 677screen-based programs on a remote machine, which can be very useful, 678e.g. when implementing menu services. 679Multiple 680.Fl t 681options force tty allocation, even if 682.Nm 683has no local tty. 684.Pp 685.It Fl V 686Display the version number and exit. 687.Pp 688.It Fl v 689Verbose mode. 690Causes 691.Nm 692to print debugging messages about its progress. 693This is helpful in 694debugging connection, authentication, and configuration problems. 695Multiple 696.Fl v 697options increase the verbosity. 698The maximum is 3. 699.Pp 700.It Fl W Ar host : Ns Ar port 701Requests that standard input and output on the client be forwarded to 702.Ar host 703on 704.Ar port 705over the secure channel. 706Implies 707.Fl N , 708.Fl T , 709.Cm ExitOnForwardFailure 710and 711.Cm ClearAllForwardings , 712though these can be overridden in the configuration file or using 713.Fl o 714command line options. 715.Pp 716.It Fl w Xo 717.Ar local_tun Ns Op : Ns Ar remote_tun 718.Xc 719Requests 720tunnel 721device forwarding with the specified 722.Xr tun 4 723devices between the client 724.Pq Ar local_tun 725and the server 726.Pq Ar remote_tun . 727.Pp 728The devices may be specified by numerical ID or the keyword 729.Dq any , 730which uses the next available tunnel device. 731If 732.Ar remote_tun 733is not specified, it defaults to 734.Dq any . 735See also the 736.Cm Tunnel 737and 738.Cm TunnelDevice 739directives in 740.Xr ssh_config 5 . 741If the 742.Cm Tunnel 743directive is unset, it is set to the default tunnel mode, which is 744.Dq point-to-point . 745.Pp 746.It Fl X 747Enables X11 forwarding. 748This can also be specified on a per-host basis in a configuration file. 749.Pp 750X11 forwarding should be enabled with caution. 751Users with the ability to bypass file permissions on the remote host 752(for the user's X authorization database) 753can access the local X11 display through the forwarded connection. 754An attacker may then be able to perform activities such as keystroke monitoring. 755.Pp 756For this reason, X11 forwarding is subjected to X11 SECURITY extension 757restrictions by default. 758Please refer to the 759.Nm 760.Fl Y 761option and the 762.Cm ForwardX11Trusted 763directive in 764.Xr ssh_config 5 765for more information. 766.Pp 767.It Fl x 768Disables X11 forwarding. 769.Pp 770.It Fl Y 771Enables trusted X11 forwarding. 772Trusted X11 forwardings are not subjected to the X11 SECURITY extension 773controls. 774.Pp 775.It Fl y 776Send log information using the 777.Xr syslog 3 778system module. 779By default this information is sent to stderr. 780.El 781.Pp 782.Nm 783may additionally obtain configuration data from 784a per-user configuration file and a system-wide configuration file. 785The file format and configuration options are described in 786.Xr ssh_config 5 . 787.Sh AUTHENTICATION 788The OpenSSH SSH client supports SSH protocol 2. 789.Pp 790The methods available for authentication are: 791GSSAPI-based authentication, 792host-based authentication, 793public key authentication, 794challenge-response authentication, 795and password authentication. 796Authentication methods are tried in the order specified above, 797though 798.Cm PreferredAuthentications 799can be used to change the default order. 800.Pp 801Host-based authentication works as follows: 802If the machine the user logs in from is listed in 803.Pa /etc/hosts.equiv 804or 805.Pa /etc/shosts.equiv 806on the remote machine, and the user names are 807the same on both sides, or if the files 808.Pa ~/.rhosts 809or 810.Pa ~/.shosts 811exist in the user's home directory on the 812remote machine and contain a line containing the name of the client 813machine and the name of the user on that machine, the user is 814considered for login. 815Additionally, the server 816.Em must 817be able to verify the client's 818host key (see the description of 819.Pa /etc/ssh/ssh_known_hosts 820and 821.Pa ~/.ssh/known_hosts , 822below) 823for login to be permitted. 824This authentication method closes security holes due to IP 825spoofing, DNS spoofing, and routing spoofing. 826[Note to the administrator: 827.Pa /etc/hosts.equiv , 828.Pa ~/.rhosts , 829and the rlogin/rsh protocol in general, are inherently insecure and should be 830disabled if security is desired.] 831.Pp 832Public key authentication works as follows: 833The scheme is based on public-key cryptography, 834using cryptosystems 835where encryption and decryption are done using separate keys, 836and it is unfeasible to derive the decryption key from the encryption key. 837The idea is that each user creates a public/private 838key pair for authentication purposes. 839The server knows the public key, and only the user knows the private key. 840.Nm 841implements public key authentication protocol automatically, 842using one of the DSA, ECDSA, Ed25519 or RSA algorithms. 843The HISTORY section of 844.Xr ssl 8 845contains a brief discussion of the DSA and RSA algorithms. 846.Pp 847The file 848.Pa ~/.ssh/authorized_keys 849lists the public keys that are permitted for logging in. 850When the user logs in, the 851.Nm 852program tells the server which key pair it would like to use for 853authentication. 854The client proves that it has access to the private key 855and the server checks that the corresponding public key 856is authorized to accept the account. 857.Pp 858The server may inform the client of errors that prevented public key 859authentication from succeeding after authentication completes using a 860different method. 861These may be viewed by increasing the 862.Cm LogLevel 863to 864.Cm DEBUG 865or higher (e.g. by using the 866.Fl v 867flag). 868.Pp 869The user creates his/her key pair by running 870.Xr ssh-keygen 1 . 871This stores the private key in 872.Pa ~/.ssh/id_dsa 873(DSA), 874.Pa ~/.ssh/id_ecdsa 875(ECDSA), 876.Pa ~/.ssh/id_ed25519 877(Ed25519), 878or 879.Pa ~/.ssh/id_rsa 880(RSA) 881and stores the public key in 882.Pa ~/.ssh/id_dsa.pub 883(DSA), 884.Pa ~/.ssh/id_ecdsa.pub 885(ECDSA), 886.Pa ~/.ssh/id_ed25519.pub 887(Ed25519), 888or 889.Pa ~/.ssh/id_rsa.pub 890(RSA) 891in the user's home directory. 892The user should then copy the public key 893to 894.Pa ~/.ssh/authorized_keys 895in his/her home directory on the remote machine. 896The 897.Pa authorized_keys 898file corresponds to the conventional 899.Pa ~/.rhosts 900file, and has one key 901per line, though the lines can be very long. 902After this, the user can log in without giving the password. 903.Pp 904A variation on public key authentication 905is available in the form of certificate authentication: 906instead of a set of public/private keys, 907signed certificates are used. 908This has the advantage that a single trusted certification authority 909can be used in place of many public/private keys. 910See the CERTIFICATES section of 911.Xr ssh-keygen 1 912for more information. 913.Pp 914The most convenient way to use public key or certificate authentication 915may be with an authentication agent. 916See 917.Xr ssh-agent 1 918and (optionally) the 919.Cm AddKeysToAgent 920directive in 921.Xr ssh_config 5 922for more information. 923.Pp 924Challenge-response authentication works as follows: 925The server sends an arbitrary 926.Qq challenge 927text, and prompts for a response. 928Examples of challenge-response authentication include 929.Bx 930Authentication (see 931.Xr login.conf 5 ) 932and PAM (some 933.Pf non- Ox 934systems). 935.Pp 936Finally, if other authentication methods fail, 937.Nm 938prompts the user for a password. 939The password is sent to the remote 940host for checking; however, since all communications are encrypted, 941the password cannot be seen by someone listening on the network. 942.Pp 943.Nm 944automatically maintains and checks a database containing 945identification for all hosts it has ever been used with. 946Host keys are stored in 947.Pa ~/.ssh/known_hosts 948in the user's home directory. 949Additionally, the file 950.Pa /etc/ssh/ssh_known_hosts 951is automatically checked for known hosts. 952Any new hosts are automatically added to the user's file. 953If a host's identification ever changes, 954.Nm 955warns about this and disables password authentication to prevent 956server spoofing or man-in-the-middle attacks, 957which could otherwise be used to circumvent the encryption. 958The 959.Cm StrictHostKeyChecking 960option can be used to control logins to machines whose 961host key is not known or has changed. 962.Pp 963When the user's identity has been accepted by the server, the server 964either executes the given command in a non-interactive session or, 965if no command has been specified, logs into the machine and gives 966the user a normal shell as an interactive session. 967All communication with 968the remote command or shell will be automatically encrypted. 969.Pp 970If an interactive session is requested 971.Nm 972by default will only request a pseudo-terminal (pty) for interactive 973sessions when the client has one. 974The flags 975.Fl T 976and 977.Fl t 978can be used to override this behaviour. 979.Pp 980If a pseudo-terminal has been allocated the 981user may use the escape characters noted below. 982.Pp 983If no pseudo-terminal has been allocated, 984the session is transparent and can be used to reliably transfer binary data. 985On most systems, setting the escape character to 986.Dq none 987will also make the session transparent even if a tty is used. 988.Pp 989The session terminates when the command or shell on the remote 990machine exits and all X11 and TCP connections have been closed. 991.Sh ESCAPE CHARACTERS 992When a pseudo-terminal has been requested, 993.Nm 994supports a number of functions through the use of an escape character. 995.Pp 996A single tilde character can be sent as 997.Ic ~~ 998or by following the tilde by a character other than those described below. 999The escape character must always follow a newline to be interpreted as 1000special. 1001The escape character can be changed in configuration files using the 1002.Cm EscapeChar 1003configuration directive or on the command line by the 1004.Fl e 1005option. 1006.Pp 1007The supported escapes (assuming the default 1008.Ql ~ ) 1009are: 1010.Bl -tag -width Ds 1011.It Cm ~. 1012Disconnect. 1013.It Cm ~^Z 1014Background 1015.Nm . 1016.It Cm ~# 1017List forwarded connections. 1018.It Cm ~& 1019Background 1020.Nm 1021at logout when waiting for forwarded connection / X11 sessions to terminate. 1022.It Cm ~? 1023Display a list of escape characters. 1024.It Cm ~B 1025Send a BREAK to the remote system 1026(only useful if the peer supports it). 1027.It Cm ~C 1028Open command line. 1029Currently this allows the addition of port forwardings using the 1030.Fl L , 1031.Fl R 1032and 1033.Fl D 1034options (see above). 1035It also allows the cancellation of existing port-forwardings 1036with 1037.Sm off 1038.Fl KL Oo Ar bind_address : Oc Ar port 1039.Sm on 1040for local, 1041.Sm off 1042.Fl KR Oo Ar bind_address : Oc Ar port 1043.Sm on 1044for remote and 1045.Sm off 1046.Fl KD Oo Ar bind_address : Oc Ar port 1047.Sm on 1048for dynamic port-forwardings. 1049.Ic !\& Ns Ar command 1050allows the user to execute a local command if the 1051.Ic PermitLocalCommand 1052option is enabled in 1053.Xr ssh_config 5 . 1054Basic help is available, using the 1055.Fl h 1056option. 1057.It Cm ~R 1058Request rekeying of the connection 1059(only useful if the peer supports it). 1060.It Cm ~V 1061Decrease the verbosity 1062.Pq Ic LogLevel 1063when errors are being written to stderr. 1064.It Cm ~v 1065Increase the verbosity 1066.Pq Ic LogLevel 1067when errors are being written to stderr. 1068.El 1069.Sh TCP FORWARDING 1070Forwarding of arbitrary TCP connections over the secure channel can 1071be specified either on the command line or in a configuration file. 1072One possible application of TCP forwarding is a secure connection to a 1073mail server; another is going through firewalls. 1074.Pp 1075In the example below, we look at encrypting communication between 1076an IRC client and server, even though the IRC server does not directly 1077support encrypted communications. 1078This works as follows: 1079the user connects to the remote host using 1080.Nm , 1081specifying a port to be used to forward connections 1082to the remote server. 1083After that it is possible to start the service which is to be encrypted 1084on the client machine, 1085connecting to the same local port, 1086and 1087.Nm 1088will encrypt and forward the connection. 1089.Pp 1090The following example tunnels an IRC session from client machine 1091.Dq 127.0.0.1 1092(localhost) 1093to remote server 1094.Dq server.example.com : 1095.Bd -literal -offset 4n 1096$ ssh -f -L 1234:localhost:6667 server.example.com sleep 10 1097$ irc -c '#users' -p 1234 pinky 127.0.0.1 1098.Ed 1099.Pp 1100This tunnels a connection to IRC server 1101.Dq server.example.com , 1102joining channel 1103.Dq #users , 1104nickname 1105.Dq pinky , 1106using port 1234. 1107It doesn't matter which port is used, 1108as long as it's greater than 1023 1109(remember, only root can open sockets on privileged ports) 1110and doesn't conflict with any ports already in use. 1111The connection is forwarded to port 6667 on the remote server, 1112since that's the standard port for IRC services. 1113.Pp 1114The 1115.Fl f 1116option backgrounds 1117.Nm 1118and the remote command 1119.Dq sleep 10 1120is specified to allow an amount of time 1121(10 seconds, in the example) 1122to start the service which is to be tunnelled. 1123If no connections are made within the time specified, 1124.Nm 1125will exit. 1126.Sh X11 FORWARDING 1127If the 1128.Cm ForwardX11 1129variable is set to 1130.Dq yes 1131(or see the description of the 1132.Fl X , 1133.Fl x , 1134and 1135.Fl Y 1136options above) 1137and the user is using X11 (the 1138.Ev DISPLAY 1139environment variable is set), the connection to the X11 display is 1140automatically forwarded to the remote side in such a way that any X11 1141programs started from the shell (or command) will go through the 1142encrypted channel, and the connection to the real X server will be made 1143from the local machine. 1144The user should not manually set 1145.Ev DISPLAY . 1146Forwarding of X11 connections can be 1147configured on the command line or in configuration files. 1148.Pp 1149The 1150.Ev DISPLAY 1151value set by 1152.Nm 1153will point to the server machine, but with a display number greater than zero. 1154This is normal, and happens because 1155.Nm 1156creates a 1157.Dq proxy 1158X server on the server machine for forwarding the 1159connections over the encrypted channel. 1160.Pp 1161.Nm 1162will also automatically set up Xauthority data on the server machine. 1163For this purpose, it will generate a random authorization cookie, 1164store it in Xauthority on the server, and verify that any forwarded 1165connections carry this cookie and replace it by the real cookie when 1166the connection is opened. 1167The real authentication cookie is never 1168sent to the server machine (and no cookies are sent in the plain). 1169.Pp 1170If the 1171.Cm ForwardAgent 1172variable is set to 1173.Dq yes 1174(or see the description of the 1175.Fl A 1176and 1177.Fl a 1178options above) and 1179the user is using an authentication agent, the connection to the agent 1180is automatically forwarded to the remote side. 1181.Sh VERIFYING HOST KEYS 1182When connecting to a server for the first time, 1183a fingerprint of the server's public key is presented to the user 1184(unless the option 1185.Cm StrictHostKeyChecking 1186has been disabled). 1187Fingerprints can be determined using 1188.Xr ssh-keygen 1 : 1189.Pp 1190.Dl $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key 1191.Pp 1192If the fingerprint is already known, it can be matched 1193and the key can be accepted or rejected. 1194If only legacy (MD5) fingerprints for the server are available, the 1195.Xr ssh-keygen 1 1196.Fl E 1197option may be used to downgrade the fingerprint algorithm to match. 1198.Pp 1199Because of the difficulty of comparing host keys 1200just by looking at fingerprint strings, 1201there is also support to compare host keys visually, 1202using 1203.Em random art . 1204By setting the 1205.Cm VisualHostKey 1206option to 1207.Dq yes , 1208a small ASCII graphic gets displayed on every login to a server, no matter 1209if the session itself is interactive or not. 1210By learning the pattern a known server produces, a user can easily 1211find out that the host key has changed when a completely different pattern 1212is displayed. 1213Because these patterns are not unambiguous however, a pattern that looks 1214similar to the pattern remembered only gives a good probability that the 1215host key is the same, not guaranteed proof. 1216.Pp 1217To get a listing of the fingerprints along with their random art for 1218all known hosts, the following command line can be used: 1219.Pp 1220.Dl $ ssh-keygen -lv -f ~/.ssh/known_hosts 1221.Pp 1222If the fingerprint is unknown, 1223an alternative method of verification is available: 1224SSH fingerprints verified by DNS. 1225An additional resource record (RR), 1226SSHFP, 1227is added to a zonefile 1228and the connecting client is able to match the fingerprint 1229with that of the key presented. 1230.Pp 1231In this example, we are connecting a client to a server, 1232.Dq host.example.com . 1233The SSHFP resource records should first be added to the zonefile for 1234host.example.com: 1235.Bd -literal -offset indent 1236$ ssh-keygen -r host.example.com. 1237.Ed 1238.Pp 1239The output lines will have to be added to the zonefile. 1240To check that the zone is answering fingerprint queries: 1241.Pp 1242.Dl $ dig -t SSHFP host.example.com 1243.Pp 1244Finally the client connects: 1245.Bd -literal -offset indent 1246$ ssh -o "VerifyHostKeyDNS ask" host.example.com 1247[...] 1248Matching host key fingerprint found in DNS. 1249Are you sure you want to continue connecting (yes/no)? 1250.Ed 1251.Pp 1252See the 1253.Cm VerifyHostKeyDNS 1254option in 1255.Xr ssh_config 5 1256for more information. 1257.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS 1258.Nm 1259contains support for Virtual Private Network (VPN) tunnelling 1260using the 1261.Xr tun 4 1262network pseudo-device, 1263allowing two networks to be joined securely. 1264The 1265.Xr sshd_config 5 1266configuration option 1267.Cm PermitTunnel 1268controls whether the server supports this, 1269and at what level (layer 2 or 3 traffic). 1270.Pp 1271The following example would connect client network 10.0.50.0/24 1272with remote network 10.0.99.0/24 using a point-to-point connection 1273from 10.1.1.1 to 10.1.1.2, 1274provided that the SSH server running on the gateway to the remote network, 1275at 192.168.1.15, allows it. 1276.Pp 1277On the client: 1278.Bd -literal -offset indent 1279# ssh -f -w 0:1 192.168.1.15 true 1280# ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252 1281# route add 10.0.99.0/24 10.1.1.2 1282.Ed 1283.Pp 1284On the server: 1285.Bd -literal -offset indent 1286# ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252 1287# route add 10.0.50.0/24 10.1.1.1 1288.Ed 1289.Pp 1290Client access may be more finely tuned via the 1291.Pa /root/.ssh/authorized_keys 1292file (see below) and the 1293.Cm PermitRootLogin 1294server option. 1295The following entry would permit connections on 1296.Xr tun 4 1297device 1 from user 1298.Dq jane 1299and on tun device 2 from user 1300.Dq john , 1301if 1302.Cm PermitRootLogin 1303is set to 1304.Dq forced-commands-only : 1305.Bd -literal -offset 2n 1306tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane 1307tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john 1308.Ed 1309.Pp 1310Since an SSH-based setup entails a fair amount of overhead, 1311it may be more suited to temporary setups, 1312such as for wireless VPNs. 1313More permanent VPNs are better provided by tools such as 1314.Xr ipsecctl 8 1315and 1316.Xr isakmpd 8 . 1317.Sh ENVIRONMENT 1318.Nm 1319will normally set the following environment variables: 1320.Bl -tag -width "SSH_ORIGINAL_COMMAND" 1321.It Ev DISPLAY 1322The 1323.Ev DISPLAY 1324variable indicates the location of the X11 server. 1325It is automatically set by 1326.Nm 1327to point to a value of the form 1328.Dq hostname:n , 1329where 1330.Dq hostname 1331indicates the host where the shell runs, and 1332.Sq n 1333is an integer \*(Ge 1. 1334.Nm 1335uses this special value to forward X11 connections over the secure 1336channel. 1337The user should normally not set 1338.Ev DISPLAY 1339explicitly, as that 1340will render the X11 connection insecure (and will require the user to 1341manually copy any required authorization cookies). 1342.It Ev HOME 1343Set to the path of the user's home directory. 1344.It Ev LOGNAME 1345Synonym for 1346.Ev USER ; 1347set for compatibility with systems that use this variable. 1348.It Ev MAIL 1349Set to the path of the user's mailbox. 1350.It Ev PATH 1351Set to the default 1352.Ev PATH , 1353as specified when compiling 1354.Nm . 1355.It Ev SSH_ASKPASS 1356If 1357.Nm 1358needs a passphrase, it will read the passphrase from the current 1359terminal if it was run from a terminal. 1360If 1361.Nm 1362does not have a terminal associated with it but 1363.Ev DISPLAY 1364and 1365.Ev SSH_ASKPASS 1366are set, it will execute the program specified by 1367.Ev SSH_ASKPASS 1368and open an X11 window to read the passphrase. 1369This is particularly useful when calling 1370.Nm 1371from a 1372.Pa .xsession 1373or related script. 1374(Note that on some machines it 1375may be necessary to redirect the input from 1376.Pa /dev/null 1377to make this work.) 1378.It Ev SSH_AUTH_SOCK 1379Identifies the path of a 1380.Ux Ns -domain 1381socket used to communicate with the agent. 1382.It Ev SSH_CONNECTION 1383Identifies the client and server ends of the connection. 1384The variable contains 1385four space-separated values: client IP address, client port number, 1386server IP address, and server port number. 1387.It Ev SSH_ORIGINAL_COMMAND 1388This variable contains the original command line if a forced command 1389is executed. 1390It can be used to extract the original arguments. 1391.It Ev SSH_TTY 1392This is set to the name of the tty (path to the device) associated 1393with the current shell or command. 1394If the current session has no tty, 1395this variable is not set. 1396.It Ev TZ 1397This variable is set to indicate the present time zone if it 1398was set when the daemon was started (i.e. the daemon passes the value 1399on to new connections). 1400.It Ev USER 1401Set to the name of the user logging in. 1402.El 1403.Pp 1404Additionally, 1405.Nm 1406reads 1407.Pa ~/.ssh/environment , 1408and adds lines of the format 1409.Dq VARNAME=value 1410to the environment if the file exists and users are allowed to 1411change their environment. 1412For more information, see the 1413.Cm PermitUserEnvironment 1414option in 1415.Xr sshd_config 5 . 1416.Sh FILES 1417.Bl -tag -width Ds -compact 1418.It Pa ~/.rhosts 1419This file is used for host-based authentication (see above). 1420On some machines this file may need to be 1421world-readable if the user's home directory is on an NFS partition, 1422because 1423.Xr sshd 8 1424reads it as root. 1425Additionally, this file must be owned by the user, 1426and must not have write permissions for anyone else. 1427The recommended 1428permission for most machines is read/write for the user, and not 1429accessible by others. 1430.Pp 1431.It Pa ~/.shosts 1432This file is used in exactly the same way as 1433.Pa .rhosts , 1434but allows host-based authentication without permitting login with 1435rlogin/rsh. 1436.Pp 1437.It Pa ~/.ssh/ 1438This directory is the default location for all user-specific configuration 1439and authentication information. 1440There is no general requirement to keep the entire contents of this directory 1441secret, but the recommended permissions are read/write/execute for the user, 1442and not accessible by others. 1443.Pp 1444.It Pa ~/.ssh/authorized_keys 1445Lists the public keys (DSA, ECDSA, Ed25519, RSA) 1446that can be used for logging in as this user. 1447The format of this file is described in the 1448.Xr sshd 8 1449manual page. 1450This file is not highly sensitive, but the recommended 1451permissions are read/write for the user, and not accessible by others. 1452.Pp 1453.It Pa ~/.ssh/config 1454This is the per-user configuration file. 1455The file format and configuration options are described in 1456.Xr ssh_config 5 . 1457Because of the potential for abuse, this file must have strict permissions: 1458read/write for the user, and not writable by others. 1459.Pp 1460.It Pa ~/.ssh/environment 1461Contains additional definitions for environment variables; see 1462.Sx ENVIRONMENT , 1463above. 1464.Pp 1465.It Pa ~/.ssh/id_dsa 1466.It Pa ~/.ssh/id_ecdsa 1467.It Pa ~/.ssh/id_ed25519 1468.It Pa ~/.ssh/id_rsa 1469Contains the private key for authentication. 1470These files 1471contain sensitive data and should be readable by the user but not 1472accessible by others (read/write/execute). 1473.Nm 1474will simply ignore a private key file if it is accessible by others. 1475It is possible to specify a passphrase when 1476generating the key which will be used to encrypt the 1477sensitive part of this file using 3DES. 1478.Pp 1479.It Pa ~/.ssh/id_dsa.pub 1480.It Pa ~/.ssh/id_ecdsa.pub 1481.It Pa ~/.ssh/id_ed25519.pub 1482.It Pa ~/.ssh/id_rsa.pub 1483Contains the public key for authentication. 1484These files are not 1485sensitive and can (but need not) be readable by anyone. 1486.Pp 1487.It Pa ~/.ssh/known_hosts 1488Contains a list of host keys for all hosts the user has logged into 1489that are not already in the systemwide list of known host keys. 1490See 1491.Xr sshd 8 1492for further details of the format of this file. 1493.Pp 1494.It Pa ~/.ssh/rc 1495Commands in this file are executed by 1496.Nm 1497when the user logs in, just before the user's shell (or command) is 1498started. 1499See the 1500.Xr sshd 8 1501manual page for more information. 1502.Pp 1503.It Pa /etc/hosts.equiv 1504This file is for host-based authentication (see above). 1505It should only be writable by root. 1506.Pp 1507.It Pa /etc/shosts.equiv 1508This file is used in exactly the same way as 1509.Pa hosts.equiv , 1510but allows host-based authentication without permitting login with 1511rlogin/rsh. 1512.Pp 1513.It Pa /etc/ssh/ssh_config 1514Systemwide configuration file. 1515The file format and configuration options are described in 1516.Xr ssh_config 5 . 1517.Pp 1518.It Pa /etc/ssh/ssh_host_key 1519.It Pa /etc/ssh/ssh_host_dsa_key 1520.It Pa /etc/ssh/ssh_host_ecdsa_key 1521.It Pa /etc/ssh/ssh_host_ed25519_key 1522.It Pa /etc/ssh/ssh_host_rsa_key 1523These files contain the private parts of the host keys 1524and are used for host-based authentication. 1525.Pp 1526.It Pa /etc/ssh/ssh_known_hosts 1527Systemwide list of known host keys. 1528This file should be prepared by the 1529system administrator to contain the public host keys of all machines in the 1530organization. 1531It should be world-readable. 1532See 1533.Xr sshd 8 1534for further details of the format of this file. 1535.Pp 1536.It Pa /etc/ssh/sshrc 1537Commands in this file are executed by 1538.Nm 1539when the user logs in, just before the user's shell (or command) is started. 1540See the 1541.Xr sshd 8 1542manual page for more information. 1543.El 1544.Sh EXIT STATUS 1545.Nm 1546exits with the exit status of the remote command or with 255 1547if an error occurred. 1548.Sh SEE ALSO 1549.Xr scp 1 , 1550.Xr sftp 1 , 1551.Xr ssh-add 1 , 1552.Xr ssh-agent 1 , 1553.Xr ssh-keygen 1 , 1554.Xr ssh-keyscan 1 , 1555.Xr tun 4 , 1556.Xr ssh_config 5 , 1557.Xr ssh-keysign 8 , 1558.Xr sshd 8 1559.Sh STANDARDS 1560.Rs 1561.%A S. Lehtinen 1562.%A C. Lonvick 1563.%D January 2006 1564.%R RFC 4250 1565.%T The Secure Shell (SSH) Protocol Assigned Numbers 1566.Re 1567.Pp 1568.Rs 1569.%A T. Ylonen 1570.%A C. Lonvick 1571.%D January 2006 1572.%R RFC 4251 1573.%T The Secure Shell (SSH) Protocol Architecture 1574.Re 1575.Pp 1576.Rs 1577.%A T. Ylonen 1578.%A C. Lonvick 1579.%D January 2006 1580.%R RFC 4252 1581.%T The Secure Shell (SSH) Authentication Protocol 1582.Re 1583.Pp 1584.Rs 1585.%A T. Ylonen 1586.%A C. Lonvick 1587.%D January 2006 1588.%R RFC 4253 1589.%T The Secure Shell (SSH) Transport Layer Protocol 1590.Re 1591.Pp 1592.Rs 1593.%A T. Ylonen 1594.%A C. Lonvick 1595.%D January 2006 1596.%R RFC 4254 1597.%T The Secure Shell (SSH) Connection Protocol 1598.Re 1599.Pp 1600.Rs 1601.%A J. Schlyter 1602.%A W. Griffin 1603.%D January 2006 1604.%R RFC 4255 1605.%T Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints 1606.Re 1607.Pp 1608.Rs 1609.%A F. Cusack 1610.%A M. Forssen 1611.%D January 2006 1612.%R RFC 4256 1613.%T Generic Message Exchange Authentication for the Secure Shell Protocol (SSH) 1614.Re 1615.Pp 1616.Rs 1617.%A J. Galbraith 1618.%A P. Remaker 1619.%D January 2006 1620.%R RFC 4335 1621.%T The Secure Shell (SSH) Session Channel Break Extension 1622.Re 1623.Pp 1624.Rs 1625.%A M. Bellare 1626.%A T. Kohno 1627.%A C. Namprempre 1628.%D January 2006 1629.%R RFC 4344 1630.%T The Secure Shell (SSH) Transport Layer Encryption Modes 1631.Re 1632.Pp 1633.Rs 1634.%A B. Harris 1635.%D January 2006 1636.%R RFC 4345 1637.%T Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol 1638.Re 1639.Pp 1640.Rs 1641.%A M. Friedl 1642.%A N. Provos 1643.%A W. Simpson 1644.%D March 2006 1645.%R RFC 4419 1646.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol 1647.Re 1648.Pp 1649.Rs 1650.%A J. Galbraith 1651.%A R. Thayer 1652.%D November 2006 1653.%R RFC 4716 1654.%T The Secure Shell (SSH) Public Key File Format 1655.Re 1656.Pp 1657.Rs 1658.%A D. Stebila 1659.%A J. Green 1660.%D December 2009 1661.%R RFC 5656 1662.%T Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer 1663.Re 1664.Pp 1665.Rs 1666.%A A. Perrig 1667.%A D. Song 1668.%D 1999 1669.%O International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99) 1670.%T Hash Visualization: a New Technique to improve Real-World Security 1671.Re 1672.Sh AUTHORS 1673OpenSSH is a derivative of the original and free 1674ssh 1.2.12 release by Tatu Ylonen. 1675Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 1676Theo de Raadt and Dug Song 1677removed many bugs, re-added newer features and 1678created OpenSSH. 1679Markus Friedl contributed the support for SSH 1680protocol versions 1.5 and 2.0. 1681