diff options
Diffstat (limited to 'ssh.1')
| -rw-r--r-- | ssh.1 | 85 |
1 files changed, 67 insertions, 18 deletions
@@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.412 2020/04/17 03:34:42 djm Exp $ -.Dd $Mdocdate: April 17 2020 $ +.\" $OpenBSD: ssh.1,v 1.427 2021/09/10 10:26:02 dtucker Exp $ +.Dd $Mdocdate: September 10 2021 $ .Dt SSH 1 .Os .Sh NAME @@ -65,7 +65,7 @@ .Op Fl W Ar host : Ns Ar port .Op Fl w Ar local_tun Ns Op : Ns Ar remote_tun .Ar destination -.Op Ar command +.Op Ar command Op Ar argument ... .Sh DESCRIPTION .Nm (SSH client) is a program for logging into a remote machine and for @@ -88,13 +88,18 @@ or a URI of the form .No ssh:// Oo user @ Oc hostname Op : port . .Sm on The user must prove -his/her identity to the remote machine using one of several methods +their identity to the remote machine using one of several methods (see below). .Pp If a .Ar command is specified, -it is executed on the remote host instead of a login shell. +it will be executed on the remote host instead of a login shell. +A complete command line may be specified as +.Ar command , +or it may have additional arguments. +If supplied, the arguments will be appended to the command, separated by +spaces, before it is sent to the server to be executed. .Pp The options are as follows: .Pp @@ -259,6 +264,11 @@ then a client started with .Fl f will wait for all remote port forwards to be successfully established before placing itself in the background. +Refer to the description of +.Cm ForkAfterAuthentication +in +.Xr ssh_config 5 +for details. .Pp .It Fl G Causes @@ -283,6 +293,10 @@ authentication. .It Fl i Ar identity_file Selects a file from which the identity (private key) for public key authentication is read. +You can also specify a public key file to use the corresponding +private key that is loaded in +.Xr ssh-agent 1 +when the private key file is not present locally. The default is .Pa ~/.ssh/id_dsa , .Pa ~/.ssh/id_ecdsa , @@ -425,6 +439,11 @@ keyword for more information. .It Fl N Do not execute a remote command. This is useful for just forwarding ports. +Refer to the description of +.Cm SessionType +in +.Xr ssh_config 5 +for details. .Pp .It Fl n Redirects stdin from @@ -446,6 +465,11 @@ program will be put in the background. needs to ask for a password or passphrase; see also the .Fl f option.) +Refer to the description of +.Cm StdinNull +in +.Xr ssh_config 5 +for details. .Pp .It Fl O Ar ctl_cmd Control an active connection multiplexing master process. @@ -485,7 +509,6 @@ For full details of the options listed below, and their possible values, see .It CanonicalizePermittedCNAMEs .It CASignatureAlgorithms .It CertificateFile -.It ChallengeResponseAuthentication .It CheckHostIP .It Ciphers .It ClearAllForwardings @@ -499,6 +522,7 @@ For full details of the options listed below, and their possible values, see .It EscapeChar .It ExitOnForwardFailure .It FingerprintHash +.It ForkAfterAuthentication .It ForwardAgent .It ForwardX11 .It ForwardX11Timeout @@ -509,8 +533,8 @@ For full details of the options listed below, and their possible values, see .It GSSAPIDelegateCredentials .It HashKnownHosts .It Host +.It HostbasedAcceptedAlgorithms .It HostbasedAuthentication -.It HostbasedKeyTypes .It HostKeyAlgorithms .It HostKeyAlias .It Hostname @@ -521,6 +545,7 @@ For full details of the options listed below, and their possible values, see .It KbdInteractiveAuthentication .It KbdInteractiveDevices .It KexAlgorithms +.It KnownHostsCommand .It LocalCommand .It LocalForward .It LogLevel @@ -530,13 +555,14 @@ For full details of the options listed below, and their possible values, see .It NumberOfPasswordPrompts .It PasswordAuthentication .It PermitLocalCommand +.It PermitRemoteOpen .It PKCS11Provider .It Port .It PreferredAuthentications .It ProxyCommand .It ProxyJump .It ProxyUseFdpass -.It PubkeyAcceptedKeyTypes +.It PubkeyAcceptedAlgorithms .It PubkeyAuthentication .It RekeyLimit .It RemoteCommand @@ -545,7 +571,9 @@ For full details of the options listed below, and their possible values, see .It SendEnv .It ServerAliveInterval .It ServerAliveCountMax +.It SessionType .It SetEnv +.It StdinNull .It StreamLocalBindMask .It StreamLocalBindUnlink .It StrictHostKeyChecking @@ -566,10 +594,7 @@ This can be specified on a per-host basis in the configuration file. .Pp .It Fl Q Ar query_option -Queries -.Nm -for the algorithms supported for the specified version 2. -The available features are: +Queries for the algorithms supported by one of the following features: .Ar cipher (supported symmetric ciphers), .Ar cipher-auth @@ -702,6 +727,11 @@ Subsystems facilitate the use of SSH as a secure transport for other applications (e.g.\& .Xr sftp 1 ) . The subsystem is specified as the remote command. +Refer to the description of +.Cm SessionType +in +.Xr ssh_config 5 +for details. .Pp .It Fl T Disable pseudo-terminal allocation. @@ -831,7 +861,7 @@ The methods available for authentication are: GSSAPI-based authentication, host-based authentication, public key authentication, -challenge-response authentication, +keyboard-interactive authentication, and password authentication. Authentication methods are tried in the order specified above, though @@ -906,7 +936,7 @@ or higher (e.g. by using the .Fl v flag). .Pp -The user creates his/her key pair by running +The user creates their key pair by running .Xr ssh-keygen 1 . This stores the private key in .Pa ~/.ssh/id_dsa @@ -940,7 +970,7 @@ in the user's home directory. The user should then copy the public key to .Pa ~/.ssh/authorized_keys -in his/her home directory on the remote machine. +in their home directory on the remote machine. The .Pa authorized_keys file corresponds to the conventional @@ -969,11 +999,11 @@ directive in .Xr ssh_config 5 for more information. .Pp -Challenge-response authentication works as follows: +Keyboard-interactive authentication works as follows: The server sends an arbitrary .Qq challenge -text, and prompts for a response. -Examples of challenge-response authentication include +text and prompts for a response, possibly multiple times. +Examples of keyboard-interactive authentication include .Bx Authentication (see .Xr login.conf 5 ) @@ -1409,6 +1439,25 @@ or related script. may be necessary to redirect the input from .Pa /dev/null to make this work.) +.It Ev SSH_ASKPASS_REQUIRE +Allows further control over the use of an askpass program. +If this variable is set to +.Dq never +then +.Nm +will never attempt to use one. +If it is set to +.Dq prefer , +then +.Nm +will prefer to use the askpass program instead of the TTY when requesting +passwords. +Finally, if the variable is set to +.Dq force , +then the askpass program will be used for all passphrase input regardless +of whether +.Ev DISPLAY +is set. .It Ev SSH_AUTH_SOCK Identifies the path of a .Ux Ns -domain |