.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.320 2011/08/02 01:22:11 djm Exp $
-.Dd $Mdocdate: August 2 2011 $
+.\" $OpenBSD: ssh.1,v 1.356 2015/03/03 06:48:58 djm Exp $
+.Dd $Mdocdate: March 3 2015 $
.Dt SSH 1
.Os
.Sh NAME
.Sh SYNOPSIS
.Nm ssh
.Bk -words
-.Op Fl 1246AaCfgKkMNnqsTtVvXxYy
+.Op Fl 1246AaCfGgKkMNnqsTtVvXxYy
.Op Fl b Ar bind_address
.Op Fl c Ar cipher_spec
.Op Fl D Oo Ar bind_address : Oc Ns Ar port
+.Op Fl E Ar log_file
.Op Fl e Ar escape_char
.Op Fl F Ar configfile
.Op Fl I Ar pkcs11
.Op Fl O Ar ctl_cmd
.Op Fl o Ar option
.Op Fl p Ar port
+.Op Fl Q Cm cipher | cipher-auth | mac | kex | key | protocol-version
.Op Fl R Oo Ar bind_address : Oc Ns Ar port : Ns Ar host : Ns Ar hostport
.Op Fl S Ar ctl_path
.Op Fl W Ar host : Ns Ar port
It is intended to replace rlogin and rsh,
and provide secure encrypted communications between
two untrusted hosts over an insecure network.
-X11 connections and arbitrary TCP ports
-can also be forwarded over the secure channel.
+X11 connections, arbitrary TCP ports and
+.Ux Ns -domain
+sockets can also be forwarded over the secure channel.
.Pp
.Nm
connects and logs into the specified
Only useful on systems with more than one address.
.It Fl C
Requests compression of all data (including stdin, stdout, stderr, and
-data for forwarded X11 and TCP connections).
+data for forwarded X11, TCP and
+.Ux Ns -domain
+connections).
The compression algorithm is the same used by
.Xr gzip 1 ,
and the
.Dq blowfish ,
and
.Dq des .
-.Ar 3des
-(triple-des) is an encrypt-decrypt-encrypt triple with three different keys.
-It is believed to be secure.
-.Ar blowfish
-is a fast block cipher; it appears very secure and is much faster than
-.Ar 3des .
-.Ar des
-is only supported in the
-.Nm
-client for interoperability with legacy protocol 1 implementations
-that do not support the
-.Ar 3des
-cipher.
-Its use is strongly discouraged due to cryptographic weaknesses.
-The default is
-.Dq 3des .
-.Pp
For protocol version 2,
.Ar cipher_spec
is a comma-separated list of ciphers
empty address or
.Sq *
indicates that the port should be available from all interfaces.
+.It Fl E Ar log_file
+Append debug logs to
+.Ar log_file
+instead of standard error.
.It Fl e Ar escape_char
Sets the escape character for sessions with a pty (default:
.Ql ~ ) .
.Fl f
will wait for all remote port forwards to be successfully established
before placing itself in the background.
+.It Fl G
+Causes
+.Nm
+to print its configuration after evaluating
+.Cm Host
+and
+.Cm Match
+blocks and exit.
.It Fl g
Allows remote hosts to connect to local forwarded ports.
+If used on a multiplexed connection, then this option must be specified
+on the master process.
.It Fl I Ar pkcs11
Specify the PKCS#11 shared library
.Nm
.Pa ~/.ssh/identity
for protocol version 1, and
.Pa ~/.ssh/id_dsa ,
-.Pa ~/.ssh/id_ecdsa
+.Pa ~/.ssh/id_ecdsa ,
+.Pa ~/.ssh/id_ed25519
and
.Pa ~/.ssh/id_rsa
for protocol version 2.
(check that the master process is running),
.Dq forward
(request forwardings without command execution),
+.Dq cancel
+(cancel forwardings),
.Dq exit
(request the master to exit), and
.Dq stop
.It AddressFamily
.It BatchMode
.It BindAddress
+.It CanonicalDomains
+.It CanonicalizeFallbackLocal
+.It CanonicalizeHostname
+.It CanonicalizeMaxDots
+.It CanonicalizePermittedCNAMEs
.It ChallengeResponseAuthentication
.It CheckHostIP
.It Cipher
.It ConnectTimeout
.It ControlMaster
.It ControlPath
+.It ControlPersist
.It DynamicForward
.It EscapeChar
.It ExitOnForwardFailure
+.It FingerprintHash
.It ForwardAgent
.It ForwardX11
+.It ForwardX11Timeout
.It ForwardX11Trusted
.It GatewayPorts
.It GlobalKnownHostsFile
.It HashKnownHosts
.It Host
.It HostbasedAuthentication
+.It HostbasedKeyTypes
.It HostKeyAlgorithms
.It HostKeyAlias
.It HostName
.It IdentityFile
.It IdentitiesOnly
.It IPQoS
+.It KbdInteractiveAuthentication
.It KbdInteractiveDevices
.It KexAlgorithms
.It LocalCommand
.It LocalForward
.It LogLevel
.It MACs
+.It Match
.It NoHostAuthenticationForLocalhost
.It NumberOfPasswordPrompts
.It PasswordAuthentication
.It PreferredAuthentications
.It Protocol
.It ProxyCommand
+.It ProxyUseFdpass
.It PubkeyAuthentication
.It RekeyLimit
.It RemoteForward
.It SendEnv
.It ServerAliveInterval
.It ServerAliveCountMax
+.It StreamLocalBindMask
+.It StreamLocalBindUnlink
.It StrictHostKeyChecking
.It TCPKeepAlive
.It Tunnel
.It TunnelDevice
+.It UpdateHostKeys
.It UsePrivilegedPort
.It User
.It UserKnownHostsFile
Port to connect to on the remote host.
This can be specified on a
per-host basis in the configuration file.
+.It Fl Q Cm cipher | cipher-auth | mac | kex | key | protocol-version
+Queries
+.Nm
+for the algorithms supported for the specified version 2.
+The available features are:
+.Ar cipher
+(supported symmetric ciphers),
+.Ar cipher-auth
+(supported symmetric ciphers that support authenticated encryption),
+.Ar mac
+(supported message integrity codes),
+.Ar kex
+(key exchange algorithms),
+.Ar key
+(key types) and
+.Ar protocol-version
+(supported SSH protocol versions).
.It Fl q
Quiet mode.
Causes most warning and diagnostic messages to be suppressed.
Port forwardings can also be specified in the configuration file.
Privileged ports can be forwarded only when
logging in as root on the remote machine.
-IPv6 addresses can be specified by enclosing the address in square braces.
+IPv6 addresses can be specified by enclosing the address in square brackets.
.Pp
By default, the listening socket on the server will be bound to the loopback
interface only.
.Fl T ,
.Cm ExitOnForwardFailure
and
-.Cm ClearAllForwardings
-and works with Protocol version 2 only.
+.Cm ClearAllForwardings .
+Works with Protocol version 2 only.
.It Fl w Xo
.Ar local_tun Ns Op : Ns Ar remote_tun
.Xc
(the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour)
and integrity (hmac-md5, hmac-sha1,
hmac-sha2-256, hmac-sha2-512,
-umac-64, hmac-ripemd160).
+umac-64, umac-128, hmac-ripemd160).
Protocol 1 lacks a strong mechanism for ensuring the
integrity of the connection.
.Pp
The server knows the public key, and only the user knows the private key.
.Nm
implements public key authentication protocol automatically,
-using one of the DSA, ECDSA or RSA algorithms.
+using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
Protocol 1 is restricted to using only RSA keys,
but protocol 2 may use any.
-The
-.Sx HISTORY
-section of
+The HISTORY section of
.Xr ssl 8
contains a brief discussion of the DSA and RSA algorithms.
.Pp
(protocol 2 DSA),
.Pa ~/.ssh/id_ecdsa
(protocol 2 ECDSA),
+.Pa ~/.ssh/id_ed25519
+(protocol 2 Ed25519),
or
.Pa ~/.ssh/id_rsa
(protocol 2 RSA)
(protocol 2 DSA),
.Pa ~/.ssh/id_ecdsa.pub
(protocol 2 ECDSA),
+.Pa ~/.ssh/id_ed25519.pub
+(protocol 2 Ed25519),
or
.Pa ~/.ssh/id_rsa.pub
(protocol 2 RSA)
signed certificates are used.
This has the advantage that a single trusted certification authority
can be used in place of many public/private keys.
-See the
-.Sx CERTIFICATES
-section of
+See the CERTIFICATES section of
.Xr ssh-keygen 1
for more information.
.Pp
Protocol 2 allows multiple challenges and responses;
protocol 1 is restricted to just one challenge/response.
Examples of challenge-response authentication include
-BSD Authentication (see
+.Bx
+Authentication (see
.Xr login.conf 5 )
-and PAM (some non-OpenBSD systems).
+and PAM (some
+.Pf non- Ox
+systems).
.Pp
Finally, if other authentication methods fail,
.Nm
and
.Fl D
options (see above).
-It also allows the cancellation of existing remote port-forwardings
-using
+It also allows the cancellation of existing port-forwardings
+with
+.Sm off
+.Fl KL Oo Ar bind_address : Oc Ar port
+.Sm on
+for local,
.Sm off
-.Fl KR Oo Ar bind_address : Oc Ar port .
+.Fl KR Oo Ar bind_address : Oc Ar port
.Sm on
+for remote and
+.Sm off
+.Fl KD Oo Ar bind_address : Oc Ar port
+.Sm on
+for dynamic port-forwardings.
.Ic !\& Ns Ar command
allows the user to execute a local command if the
.Ic PermitLocalCommand
.It Cm ~R
Request rekeying of the connection
(only useful for SSH protocol version 2 and if the peer supports it).
+.It Cm ~V
+Decrease the verbosity
+.Pq Ic LogLevel
+when errors are being written to stderr.
+.It Cm ~v
+Increase the verbosity
+.Pq Ic LogLevel
+when errors are being written to stderr.
.El
.Sh TCP FORWARDING
Forwarding of arbitrary TCP connections over the secure channel can
If the fingerprint is already known, it can be matched
and the key can be accepted or rejected.
Because of the difficulty of comparing host keys
-just by looking at hex strings,
+just by looking at fingerprint strings,
there is also support to compare host keys visually,
using
.Em random art .
and not accessible by others.
.Pp
.It Pa ~/.ssh/authorized_keys
-Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in as
-this user.
+Lists the public keys (DSA, ECDSA, Ed25519, RSA)
+that can be used for logging in as this user.
The format of this file is described in the
.Xr sshd 8
manual page.
The file format and configuration options are described in
.Xr ssh_config 5 .
Because of the potential for abuse, this file must have strict permissions:
-read/write for the user, and not accessible by others.
+read/write for the user, and not writable by others.
.Pp
.It Pa ~/.ssh/environment
Contains additional definitions for environment variables; see
.It Pa ~/.ssh/identity
.It Pa ~/.ssh/id_dsa
.It Pa ~/.ssh/id_ecdsa
+.It Pa ~/.ssh/id_ed25519
.It Pa ~/.ssh/id_rsa
Contains the private key for authentication.
These files
.It Pa ~/.ssh/identity.pub
.It Pa ~/.ssh/id_dsa.pub
.It Pa ~/.ssh/id_ecdsa.pub
+.It Pa ~/.ssh/id_ed25519.pub
.It Pa ~/.ssh/id_rsa.pub
Contains the public key for authentication.
These files are not
.It Pa /etc/ssh/ssh_host_key
.It Pa /etc/ssh/ssh_host_dsa_key
.It Pa /etc/ssh/ssh_host_ecdsa_key
+.It Pa /etc/ssh/ssh_host_ed25519_key
.It Pa /etc/ssh/ssh_host_rsa_key
-These three files contain the private parts of the host keys
+These files contain the private parts of the host keys
and are used for host-based authentication.
If protocol version 1 is used,
.Nm
.Xr ssh-keygen 1 ,
.Xr ssh-keyscan 1 ,
.Xr tun 4 ,
-.Xr hosts.equiv 5 ,
.Xr ssh_config 5 ,
.Xr ssh-keysign 8 ,
.Xr sshd 8
+.Sh STANDARDS
.Rs
+.%A S. Lehtinen
+.%A C. Lonvick
+.%D January 2006
.%R RFC 4250
-.%T "The Secure Shell (SSH) Protocol Assigned Numbers"
-.%D 2006
+.%T The Secure Shell (SSH) Protocol Assigned Numbers
.Re
+.Pp
.Rs
+.%A T. Ylonen
+.%A C. Lonvick
+.%D January 2006
.%R RFC 4251
-.%T "The Secure Shell (SSH) Protocol Architecture"
-.%D 2006
+.%T The Secure Shell (SSH) Protocol Architecture
.Re
+.Pp
.Rs
+.%A T. Ylonen
+.%A C. Lonvick
+.%D January 2006
.%R RFC 4252
-.%T "The Secure Shell (SSH) Authentication Protocol"
-.%D 2006
+.%T The Secure Shell (SSH) Authentication Protocol
.Re
+.Pp
.Rs
+.%A T. Ylonen
+.%A C. Lonvick
+.%D January 2006
.%R RFC 4253
-.%T "The Secure Shell (SSH) Transport Layer Protocol"
-.%D 2006
+.%T The Secure Shell (SSH) Transport Layer Protocol
.Re
+.Pp
.Rs
+.%A T. Ylonen
+.%A C. Lonvick
+.%D January 2006
.%R RFC 4254
-.%T "The Secure Shell (SSH) Connection Protocol"
-.%D 2006
+.%T The Secure Shell (SSH) Connection Protocol
.Re
+.Pp
.Rs
+.%A J. Schlyter
+.%A W. Griffin
+.%D January 2006
.%R RFC 4255
-.%T "Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints"
-.%D 2006
+.%T Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
.Re
+.Pp
.Rs
+.%A F. Cusack
+.%A M. Forssen
+.%D January 2006
.%R RFC 4256
-.%T "Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)"
-.%D 2006
+.%T Generic Message Exchange Authentication for the Secure Shell Protocol (SSH)
.Re
+.Pp
.Rs
+.%A J. Galbraith
+.%A P. Remaker
+.%D January 2006
.%R RFC 4335
-.%T "The Secure Shell (SSH) Session Channel Break Extension"
-.%D 2006
+.%T The Secure Shell (SSH) Session Channel Break Extension
.Re
+.Pp
.Rs
+.%A M. Bellare
+.%A T. Kohno
+.%A C. Namprempre
+.%D January 2006
.%R RFC 4344
-.%T "The Secure Shell (SSH) Transport Layer Encryption Modes"
-.%D 2006
+.%T The Secure Shell (SSH) Transport Layer Encryption Modes
.Re
+.Pp
.Rs
+.%A B. Harris
+.%D January 2006
.%R RFC 4345
-.%T "Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol"
-.%D 2006
+.%T Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol
.Re
+.Pp
.Rs
+.%A M. Friedl
+.%A N. Provos
+.%A W. Simpson
+.%D March 2006
.%R RFC 4419
-.%T "Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol"
-.%D 2006
+.%T Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol
.Re
+.Pp
.Rs
+.%A J. Galbraith
+.%A R. Thayer
+.%D November 2006
.%R RFC 4716
-.%T "The Secure Shell (SSH) Public Key File Format"
-.%D 2006
+.%T The Secure Shell (SSH) Public Key File Format
.Re
+.Pp
.Rs
+.%A D. Stebila
+.%A J. Green
+.%D December 2009
.%R RFC 5656
-.%T "Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer"
-.%D 2009
+.%T Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer
.Re
+.Pp
.Rs
-.%T "Hash Visualization: a New Technique to improve Real-World Security"
.%A A. Perrig
.%A D. Song
.%D 1999
-.%O "International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99)"
+.%O International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99)
+.%T Hash Visualization: a New Technique to improve Real-World Security
.Re
.Sh AUTHORS
OpenSSH is a derivative of the original and free