ssh
ssh [options] hostname [command]
Securely log a user into a remote system and run commands on that system. The version of ssh described here is the OpenSSH client. ssh can use either Version 1 (SSH1) or Version 2 (SSH2) of the SSH protocol. SSH2 is preferable, as it provides stronger encryption methods and greater connection integrity. The hostname can be specified either as hostname or as user@hostname. If a command is specified, the user is authenticated, the command is executed, and the connection is closed. Otherwise, a terminal session is opened on the remote system. See Escape characters," later in this section, for functions that can be supported through an escape character. The default escape character is a tilde (~). The exit status returned from ssh is the exit status from the remote system, or 255 if there was an error.
Commonly, authentication is handled with standard username/password credentials, but it can also be useful to authenticate with a key exchange. This is done by generating a key on the client with ssh-keygen and populating the known_hosts file on the remote host.
Options
-1
Try only SSH1.
-2
Try only SSH2.
-4
Use only IPv4 addresses.
-6
Use only IPv6 addresses.
-a
Disable forwarding of the authentication agent connection.
-A
Allow forwarding of the authentication agent connection. Can also be specified on a per-host basis in a configuration file.
-b bind_address
Specify the interface to transmit from when there are multiple available interfaces or aliased addresses.
-c blowfish|3des|des|ciphers
Select the cipher for encrypting the session. The default is 3des. For SSH2, a comma-separated list of ciphers can also be specified, with the ciphers listed in order of preference. des is supported only for legacy SSH1 compatibility and otherwise should not be used.
-C
Enable compression. Useful mainly for slow connections. The default compression level can be set on a per-host basis in the configuration file with the CompressionLevel option.
-D port
Enable dynamic application-level port forwarding using port on the local side. Can be specified in the configuration file. Only root can forward privileged ports.
-e char|^char|none
Set the escape character (default ~). The escape character must be the first character on a line. If none is specified, disable the use of an escape character.
-f
Run interactively for user authentication, then go into background mode for command execution. Implies -n.
-F configfile
Specify a per-user configuration file (default is $HOME/.ssh/config).
-g
Allow remote hosts to connect to local forwarded ports.
-i idfile
Use idfile to read identity (private key) for RSA or DSA authentication. Default is $HOME/.ssh/id_rsa or $HOME/.ssh/id_dsa for SSH2, or $HOME/.ssh/identity for SSH1. You can specify more than one -i option on the command line or in the configuration file.
-I device
Specify a smartcard device from which to get the user's private RSA key.
-k
Disable Kerberos ticket and AFS token forwarding. Can be set on a per-host basis in the configuration file.
-l user
Log in as user on the remote system. Can be specified on a per-host basis in the configuration file.
-L port:host:hostport
Forward port on the local host to the specified remote host and port. Can be specified in the configuration file. Only root can forward privileged ports. For IPv6, an alternative syntax is port/host/hostport.
-m macspec
For SSH2, the contents of macspec specify message authentication code (MAC) algorithms to use. macspec is a comma-separated list of algorithms in order of preference.
-M
Put the ssh client into master mode for connection sharing.
-n
Get standard input as a redirection from /dev/null. Used to prevent reading from standard input, which is required when running ssh in the background. Useful for running X programs on a remote host.
-N
Do not execute a remote command. Useful with SSH2 for port forwarding.
-o option
Specify options in configuration-file format. Useful for specifying options that have no command-line equivalent.
-p port
Specify the port on the remote host to which ssh is to connect. Can be specified on a per-host basis in the configuration file.
-q
Run quietly, suppressing warnings and error messages.
-R port:host:hostport
Forward port on the remote host to the local host:hostport. Can be specified in the configuration file. You can forward privileged ports only if you are logged in as root on the remote host. For IPv6, an alternative syntax is port/host/hostport.
-s
For SSH2, request invocation of a subsystem on the remote host to be used for another application, such as sftp. The desired subsystem is specified as the remote command.
-S ctl
Specify the location of a control socket for connection sharing.
-t
Force pseudo-tty allocation. Multiple -t options can be specified to force tty allocation even when ssh has no local tty.
-T
Disable pseudo-tty allocation.
-v
Verbose mode. Useful for debugging. Specify multiple -v options to increase verbosity.
-V
Display version information and exit.
-x
Disable X11 forwarding.
-X
Enable X11 forwarding. Can be specified on a per-host basis in the configuration file.
-Y
Enable trusted X11 forwarding.
Escape characters
~.
Disconnect.
~~
Send a single ~.
~#
List forwarded connections.
~&
Run ssh in the background at logout, while waiting for a forwarded connection or X11 sessions to terminate.
~?
Display the available escape characters.
~B
Send a BREAK to the remote system. Only for SSH2 and if the remote system supports it.
~C
Open a command line. Useful for adding port forwardings when using the -L and -R options.
~R
Request rekeying of the connection. Useful only for SSH2 and if the peer supports it.
~^Z
Suspend the connection.
Environment variables
DISPLAY
Set by SSH to hostname:n for forwarding X11 connections. hostname is the host where the shell is running, and n is an integer greater than zero.
HOME
The path to the user's home directory.
LOGNAME
The same as USER; set only for compatibility with systems that use LOGNAME.
The path to the user's mailbox.
PATH
The default PATH as specified when SSH was compiled.
SSH_ASKPASS
Can be set to the name of a program to run to open an X11 window and read the user's passphrase if ssh does not have an associated terminal.
SSH_AUTH_SOCK
The path of a Unix-domain socket for communicating with the agent.
SSH_CONNECTION
Four space-separated values that contain the client IP address, the client port number, the server IP address, and the server port number.
SSH_ORIGINAL_COMMAND
The original command line, including arguments, if a forced command is executed.
SSH_TTY
The path to the tty device associated with the current shell or command. Not set if there is no associated tty.
TZ
The time zone, passed from the SSH daemon, if it was set when the daemon was started.
USER
The name of the user logging in.
Files
ssh uses the following files in the user's home directory:
$HOME/.rhosts
Lists host/user pairs allowed to log in. Used with rhosts authentication.
$HOME/.shosts
Like .rhosts, but allows rhosts authentication without permitting login with rlogin or rsh.
$HOME/.ssh/authorized_keys
Lists RSA/DSA public keys that can be used to log in as this user.
$HOME/.ssh/config
The user's configuration file.
$HOME/.ssh/environment
Additional environment variable definitions.
$HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa
The authentication identity of the user for SSH1 RSA, SSH2 DSA, and SSH2 RSA, respectively.
$HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub,
$HOME/.ssh/id_rsa.pub
The public key for user authentication for SSH1 RSA, SSH2 DSA, and SSH2 RSA, respectively.
$HOME/.ssh/known_hosts
Contains host keys for all hosts the user has logged into that are not already in the systemwide file at /etc/ssh/ssh_known_hosts.
$HOME/.ssh/rc
Contains commands executed by ssh after the user has logged in but before the shell or command is started.
0 comments:
Post a Comment