1.\" -*- nroff -*- 2.\" 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5.\" All rights reserved 6.\" 7.\" As far as I am concerned, the code I have written for this software 8.\" can be used freely for any purpose. Any derived versions of this 9.\" software must be clearly marked as such, and if the derived work is 10.\" incompatible with the protocol description in the RFC file, it must be 11.\" called by a name other than "ssh" or "Secure Shell". 12.\" 13.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 14.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 15.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 16.\" 17.\" Redistribution and use in source and binary forms, with or without 18.\" modification, are permitted provided that the following conditions 19.\" are met: 20.\" 1. Redistributions of source code must retain the above copyright 21.\" notice, this list of conditions and the following disclaimer. 22.\" 2. Redistributions in binary form must reproduce the above copyright 23.\" notice, this list of conditions and the following disclaimer in the 24.\" documentation and/or other materials provided with the distribution. 25.\" 26.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 27.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 28.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 29.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 30.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 31.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" 37.\" $OpenBSD: ssh.1,v 1.179 2003/11/24 00:16:35 dtucker Exp $ 38.Dd September 25, 1999 39.Dt SSH 1 40.Os 41.Sh NAME 42.Nm ssh 43.Nd OpenSSH SSH client (remote login program) 44.Sh SYNOPSIS 45.Nm ssh 46.Op Fl 1246AaCfgkNnqsTtVvXxY 47.Op Fl b Ar bind_address 48.Op Fl c Ar cipher_spec 49.Op Fl D Ar port 50.Op Fl e Ar escape_char 51.Op Fl F Ar configfile 52.Op Fl i Ar identity_file 53.Bk -words 54.Oo Fl L Xo 55.Sm off 56.Ar port : 57.Ar host : 58.Ar hostport 59.Sm on 60.Xc 61.Oc 62.Ek 63.Op Fl l Ar login_name 64.Op Fl m Ar mac_spec 65.Op Fl o Ar option 66.Bk -words 67.Op Fl p Ar port 68.Ek 69.Oo Fl R Xo 70.Sm off 71.Ar port : 72.Ar host : 73.Ar hostport 74.Sm on 75.Xc 76.Oc 77.Oo Ar user Ns @ Oc Ns Ar hostname 78.Op Ar command 79.Sh DESCRIPTION 80.Nm 81(SSH client) is a program for logging into a remote machine and for 82executing commands on a remote machine. 83It is intended to replace rlogin and rsh, 84and provide secure encrypted communications between 85two untrusted hosts over an insecure network. 86X11 connections and arbitrary TCP/IP ports 87can also be forwarded over the secure channel. 88.Pp 89.Nm 90connects and logs into the specified 91.Ar hostname 92(with optional 93.Ar user 94name). 95The user must prove 96his/her identity to the remote machine using one of several methods 97depending on the protocol version used. 98.Pp 99If 100.Ar command 101is specified, 102.Ar command 103is executed on the remote host instead of a login shell. 104.Ss SSH protocol version 1 105First, if the machine the user logs in from is listed in 106.Pa /etc/hosts.equiv 107or 108.Pa /etc/shosts.equiv 109on the remote machine, and the user names are 110the same on both sides, the user is immediately permitted to log in. 111Second, if 112.Pa .rhosts 113or 114.Pa .shosts 115exists in the user's home directory on the 116remote machine and contains a line containing the name of the client 117machine and the name of the user on that machine, the user is 118permitted to log in. 119This form of authentication alone is normally not 120allowed by the server because it is not secure. 121.Pp 122The second authentication method is the 123.Em rhosts 124or 125.Em hosts.equiv 126method combined with RSA-based host authentication. 127It means that if the login would be permitted by 128.Pa $HOME/.rhosts , 129.Pa $HOME/.shosts , 130.Pa /etc/hosts.equiv , 131or 132.Pa /etc/shosts.equiv , 133and if additionally the server can verify the client's 134host key (see 135.Pa /etc/ssh/ssh_known_hosts 136and 137.Pa $HOME/.ssh/known_hosts 138in the 139.Sx FILES 140section), only then is login permitted. 141This authentication method closes security holes due to IP 142spoofing, DNS spoofing and routing spoofing. 143[Note to the administrator: 144.Pa /etc/hosts.equiv , 145.Pa $HOME/.rhosts , 146and the rlogin/rsh protocol in general, are inherently insecure and should be 147disabled if security is desired.] 148.Pp 149As a third authentication method, 150.Nm 151supports RSA based authentication. 152The scheme is based on public-key cryptography: there are cryptosystems 153where encryption and decryption are done using separate keys, and it 154is not possible to derive the decryption key from the encryption key. 155RSA is one such system. 156The idea is that each user creates a public/private 157key pair for authentication purposes. 158The server knows the public key, and only the user knows the private key. 159.Pp 160The file 161.Pa $HOME/.ssh/authorized_keys 162lists the public keys that are permitted for logging in. 163When the user logs in, the 164.Nm 165program tells the server which key pair it would like to use for 166authentication. 167The server checks if this key is permitted, and if so, 168sends the user (actually the 169.Nm 170program running on behalf of the user) a challenge, a random number, 171encrypted by the user's public key. 172The challenge can only be decrypted using the proper private key. 173The user's client then decrypts the challenge using the private key, 174proving that he/she knows the private key 175but without disclosing it to the server. 176.Pp 177.Nm 178implements the RSA authentication protocol automatically. 179The user creates his/her RSA key pair by running 180.Xr ssh-keygen 1 . 181This stores the private key in 182.Pa $HOME/.ssh/identity 183and stores the public key in 184.Pa $HOME/.ssh/identity.pub 185in the user's home directory. 186The user should then copy the 187.Pa identity.pub 188to 189.Pa $HOME/.ssh/authorized_keys 190in his/her home directory on the remote machine (the 191.Pa authorized_keys 192file corresponds to the conventional 193.Pa $HOME/.rhosts 194file, and has one key 195per line, though the lines can be very long). 196After this, the user can log in without giving the password. 197RSA authentication is much more secure than 198.Em rhosts 199authentication. 200.Pp 201The most convenient way to use RSA authentication may be with an 202authentication agent. 203See 204.Xr ssh-agent 1 205for more information. 206.Pp 207If other authentication methods fail, 208.Nm 209prompts the user for a password. 210The password is sent to the remote 211host for checking; however, since all communications are encrypted, 212the password cannot be seen by someone listening on the network. 213.Ss SSH protocol version 2 214When a user connects using protocol version 2, 215similar authentication methods are available. 216Using the default values for 217.Cm PreferredAuthentications , 218the client will try to authenticate first using the hostbased method; 219if this method fails, public key authentication is attempted, 220and finally if this method fails, keyboard-interactive and 221password authentication are tried. 222.Pp 223The public key method is similar to RSA authentication described 224in the previous section and allows the RSA or DSA algorithm to be used: 225The client uses his private key, 226.Pa $HOME/.ssh/id_dsa 227or 228.Pa $HOME/.ssh/id_rsa , 229to sign the session identifier and sends the result to the server. 230The server checks whether the matching public key is listed in 231.Pa $HOME/.ssh/authorized_keys 232and grants access if both the key is found and the signature is correct. 233The session identifier is derived from a shared Diffie-Hellman value 234and is only known to the client and the server. 235.Pp 236If public key authentication fails or is not available, a password 237can be sent encrypted to the remote host to prove the user's identity. 238.Pp 239Additionally, 240.Nm 241supports hostbased or challenge response authentication. 242.Pp 243Protocol 2 provides additional mechanisms for confidentiality 244(the traffic is encrypted using 3DES, Blowfish, CAST128 or Arcfour) 245and integrity (hmac-md5, hmac-sha1). 246Note that protocol 1 lacks a strong mechanism for ensuring the 247integrity of the connection. 248.Ss Login session and remote execution 249When the user's identity has been accepted by the server, the server 250either executes the given command, or logs into the machine and gives 251the user a normal shell on the remote machine. 252All communication with 253the remote command or shell will be automatically encrypted. 254.Pp 255If a pseudo-terminal has been allocated (normal login session), the 256user may use the escape characters noted below. 257.Pp 258If no pseudo-tty has been allocated, 259the session is transparent and can be used to reliably transfer binary data. 260On most systems, setting the escape character to 261.Dq none 262will also make the session transparent even if a tty is used. 263.Pp 264The session terminates when the command or shell on the remote 265machine exits and all X11 and TCP/IP connections have been closed. 266The exit status of the remote program is returned as the exit status of 267.Nm ssh . 268.Ss Escape Characters 269When a pseudo-terminal has been requested, 270.Nm 271supports a number of functions through the use of an escape character. 272.Pp 273A single tilde character can be sent as 274.Ic ~~ 275or by following the tilde by a character other than those described below. 276The escape character must always follow a newline to be interpreted as 277special. 278The escape character can be changed in configuration files using the 279.Cm EscapeChar 280configuration directive or on the command line by the 281.Fl e 282option. 283.Pp 284The supported escapes (assuming the default 285.Ql ~ ) 286are: 287.Bl -tag -width Ds 288.It Cm ~. 289Disconnect. 290.It Cm ~^Z 291Background 292.Nm ssh . 293.It Cm ~# 294List forwarded connections. 295.It Cm ~& 296Background 297.Nm 298at logout when waiting for forwarded connection / X11 sessions to terminate. 299.It Cm ~? 300Display a list of escape characters. 301.It Cm ~B 302Send a BREAK to the remote system 303(only useful for SSH protocol version 2 and if the peer supports it). 304.It Cm ~C 305Open command line (only useful for adding port forwardings using the 306.Fl L 307and 308.Fl R 309options). 310.It Cm ~R 311Request rekeying of the connection 312(only useful for SSH protocol version 2 and if the peer supports it). 313.El 314.Ss X11 and TCP forwarding 315If the 316.Cm ForwardX11 317variable is set to 318.Dq yes 319(or see the description of the 320.Fl X 321and 322.Fl x 323options described later) 324and the user is using X11 (the 325.Ev DISPLAY 326environment variable is set), the connection to the X11 display is 327automatically forwarded to the remote side in such a way that any X11 328programs started from the shell (or command) will go through the 329encrypted channel, and the connection to the real X server will be made 330from the local machine. 331The user should not manually set 332.Ev DISPLAY . 333Forwarding of X11 connections can be 334configured on the command line or in configuration files. 335.Pp 336The 337.Ev DISPLAY 338value set by 339.Nm 340will point to the server machine, but with a display number greater than zero. 341This is normal, and happens because 342.Nm 343creates a 344.Dq proxy 345X server on the server machine for forwarding the 346connections over the encrypted channel. 347.Pp 348.Nm 349will also automatically set up Xauthority data on the server machine. 350For this purpose, it will generate a random authorization cookie, 351store it in Xauthority on the server, and verify that any forwarded 352connections carry this cookie and replace it by the real cookie when 353the connection is opened. 354The real authentication cookie is never 355sent to the server machine (and no cookies are sent in the plain). 356.Pp 357If the 358.Cm ForwardAgent 359variable is set to 360.Dq yes 361(or see the description of the 362.Fl A 363and 364.Fl a 365options described later) and 366the user is using an authentication agent, the connection to the agent 367is automatically forwarded to the remote side. 368.Pp 369Forwarding of arbitrary TCP/IP connections over the secure channel can 370be specified either on the command line or in a configuration file. 371One possible application of TCP/IP forwarding is a secure connection to an 372electronic purse; another is going through firewalls. 373.Ss Server authentication 374.Nm 375automatically maintains and checks a database containing 376identifications for all hosts it has ever been used with. 377Host keys are stored in 378.Pa $HOME/.ssh/known_hosts 379in the user's home directory. 380Additionally, the file 381.Pa /etc/ssh/ssh_known_hosts 382is automatically checked for known hosts. 383Any new hosts are automatically added to the user's file. 384If a host's identification ever changes, 385.Nm 386warns about this and disables password authentication to prevent a 387trojan horse from getting the user's password. 388Another purpose of this mechanism is to prevent man-in-the-middle attacks 389which could otherwise be used to circumvent the encryption. 390The 391.Cm StrictHostKeyChecking 392option can be used to prevent logins to machines whose 393host key is not known or has changed. 394.Pp 395The options are as follows: 396.Bl -tag -width Ds 397.It Fl 1 398Forces 399.Nm 400to try protocol version 1 only. 401.It Fl 2 402Forces 403.Nm 404to try protocol version 2 only. 405.It Fl 4 406Forces 407.Nm 408to use IPv4 addresses only. 409.It Fl 6 410Forces 411.Nm 412to use IPv6 addresses only. 413.It Fl A 414Enables forwarding of the authentication agent connection. 415This can also be specified on a per-host basis in a configuration file. 416.Pp 417Agent forwarding should be enabled with caution. 418Users with the ability to bypass file permissions on the remote host 419(for the agent's Unix-domain socket) 420can access the local agent through the forwarded connection. 421An attacker cannot obtain key material from the agent, 422however they can perform operations on the keys that enable them to 423authenticate using the identities loaded into the agent. 424.It Fl a 425Disables forwarding of the authentication agent connection. 426.It Fl b Ar bind_address 427Specify the interface to transmit from on machines with multiple 428interfaces or aliased addresses. 429.It Fl C 430Requests compression of all data (including stdin, stdout, stderr, and 431data for forwarded X11 and TCP/IP connections). 432The compression algorithm is the same used by 433.Xr gzip 1 , 434and the 435.Dq level 436can be controlled by the 437.Cm CompressionLevel 438option for protocol version 1. 439Compression is desirable on modem lines and other 440slow connections, but will only slow down things on fast networks. 441The default value can be set on a host-by-host basis in the 442configuration files; see the 443.Cm Compression 444option. 445.It Fl c Ar blowfish | 3des | des 446Selects the cipher to use for encrypting the session. 447.Ar 3des 448is used by default. 449It is believed to be secure. 450.Ar 3des 451(triple-des) is an encrypt-decrypt-encrypt triple with three different keys. 452.Ar blowfish 453is a fast block cipher; it appears very secure and is much faster than 454.Ar 3des . 455.Ar des 456is only supported in the 457.Nm 458client for interoperability with legacy protocol 1 implementations 459that do not support the 460.Ar 3des 461cipher. 462Its use is strongly discouraged due to cryptographic weaknesses. 463.It Fl c Ar cipher_spec 464Additionally, for protocol version 2 a comma-separated list of ciphers can 465be specified in order of preference. 466See 467.Cm Ciphers 468for more information. 469.It Fl D Ar port 470Specifies a local 471.Dq dynamic 472application-level port forwarding. 473This works by allocating a socket to listen to 474.Ar port 475on the local side, and whenever a connection is made to this port, the 476connection is forwarded over the secure channel, and the application 477protocol is then used to determine where to connect to from the 478remote machine. 479Currently the SOCKS4 and SOCKS5 protocols are supported, and 480.Nm 481will act as a SOCKS server. 482Only root can forward privileged ports. 483Dynamic port forwardings can also be specified in the configuration file. 484.It Fl e Ar ch | ^ch | none 485Sets the escape character for sessions with a pty (default: 486.Ql ~ ) . 487The escape character is only recognized at the beginning of a line. 488The escape character followed by a dot 489.Pq Ql \&. 490closes the connection; 491followed by control-Z suspends the connection; 492and followed by itself sends the escape character once. 493Setting the character to 494.Dq none 495disables any escapes and makes the session fully transparent. 496.It Fl F Ar configfile 497Specifies an alternative per-user configuration file. 498If a configuration file is given on the command line, 499the system-wide configuration file 500.Pq Pa /etc/ssh/ssh_config 501will be ignored. 502The default for the per-user configuration file is 503.Pa $HOME/.ssh/config . 504.It Fl f 505Requests 506.Nm 507to go to background just before command execution. 508This is useful if 509.Nm 510is going to ask for passwords or passphrases, but the user 511wants it in the background. 512This implies 513.Fl n . 514The recommended way to start X11 programs at a remote site is with 515something like 516.Ic ssh -f host xterm . 517.It Fl g 518Allows remote hosts to connect to local forwarded ports. 519.It Fl I Ar smartcard_device 520Specifies which smartcard device to use. 521The argument is the device 522.Nm 523should use to communicate with a smartcard used for storing the user's 524private RSA key. 525.It Fl i Ar identity_file 526Selects a file from which the identity (private key) for 527RSA or DSA authentication is read. 528The default is 529.Pa $HOME/.ssh/identity 530for protocol version 1, and 531.Pa $HOME/.ssh/id_rsa 532and 533.Pa $HOME/.ssh/id_dsa 534for protocol version 2. 535Identity files may also be specified on 536a per-host basis in the configuration file. 537It is possible to have multiple 538.Fl i 539options (and multiple identities specified in 540configuration files). 541.It Fl k 542Disables forwarding (delegation) of GSSAPI credentials to the server. 543.It Fl L Xo 544.Sm off 545.Ar port : host : hostport 546.Sm on 547.Xc 548Specifies that the given port on the local (client) host is to be 549forwarded to the given host and port on the remote side. 550This works by allocating a socket to listen to 551.Ar port 552on the local side, and whenever a connection is made to this port, the 553connection is forwarded over the secure channel, and a connection is 554made to 555.Ar host 556port 557.Ar hostport 558from the remote machine. 559Port forwardings can also be specified in the configuration file. 560Only root can forward privileged ports. 561IPv6 addresses can be specified with an alternative syntax: 562.Sm off 563.Xo 564.Ar port No / Ar host No / 565.Ar hostport . 566.Xc 567.Sm on 568.It Fl l Ar login_name 569Specifies the user to log in as on the remote machine. 570This also may be specified on a per-host basis in the configuration file. 571.It Fl m Ar mac_spec 572Additionally, for protocol version 2 a comma-separated list of MAC 573(message authentication code) algorithms can 574be specified in order of preference. 575See the 576.Cm MACs 577keyword for more information. 578.It Fl N 579Do not execute a remote command. 580This is useful for just forwarding ports 581(protocol version 2 only). 582.It Fl n 583Redirects stdin from 584.Pa /dev/null 585(actually, prevents reading from stdin). 586This must be used when 587.Nm 588is run in the background. 589A common trick is to use this to run X11 programs on a remote machine. 590For example, 591.Ic ssh -n shadows.cs.hut.fi emacs & 592will start an emacs on shadows.cs.hut.fi, and the X11 593connection will be automatically forwarded over an encrypted channel. 594The 595.Nm 596program will be put in the background. 597(This does not work if 598.Nm 599needs to ask for a password or passphrase; see also the 600.Fl f 601option.) 602.It Fl o Ar option 603Can be used to give options in the format used in the configuration file. 604This is useful for specifying options for which there is no separate 605command-line flag. 606For full details of the options listed below, and their possible values, see 607.Xr ssh_config 5 . 608.Pp 609.Bl -tag -width Ds -offset indent -compact 610.It AddressFamily 611.It BatchMode 612.It BindAddress 613.It ChallengeResponseAuthentication 614.It CheckHostIP 615.It Cipher 616.It Ciphers 617.It ClearAllForwardings 618.It Compression 619.It CompressionLevel 620.It ConnectionAttempts 621.It ConnectionTimeout 622.It DynamicForward 623.It EscapeChar 624.It ForwardAgent 625.It ForwardX11 626.It ForwardX11Trusted 627.It GatewayPorts 628.It GlobalKnownHostsFile 629.It GSSAPIAuthentication 630.It GSSAPIDelegateCredentials 631.It Host 632.It HostbasedAuthentication 633.It HostKeyAlgorithms 634.It HostKeyAlias 635.It HostName 636.It IdentityFile 637.It KeepAlive 638.It LocalForward 639.It LogLevel 640.It MACs 641.It NoHostAuthenticationForLocalhost 642.It NumberOfPasswordPrompts 643.It PasswordAuthentication 644.It Port 645.It PreferredAuthentications 646.It Protocol 647.It ProxyCommand 648.It PubkeyAuthentication 649.It RemoteForward 650.It RhostsRSAAuthentication 651.It RSAAuthentication 652.It SmartcardDevice 653.It StrictHostKeyChecking 654.It UsePrivilegedPort 655.It User 656.It UserKnownHostsFile 657.It VerifyHostKeyDNS 658.It XAuthLocation 659.El 660.It Fl p Ar port 661Port to connect to on the remote host. 662This can be specified on a 663per-host basis in the configuration file. 664.It Fl q 665Quiet mode. 666Causes all warning and diagnostic messages to be suppressed. 667.It Fl R Xo 668.Sm off 669.Ar port : host : hostport 670.Sm on 671.Xc 672Specifies that the given port on the remote (server) host is to be 673forwarded to the given host and port on the local side. 674This works by allocating a socket to listen to 675.Ar port 676on the remote side, and whenever a connection is made to this port, the 677connection is forwarded over the secure channel, and a connection is 678made to 679.Ar host 680port 681.Ar hostport 682from the local machine. 683Port forwardings can also be specified in the configuration file. 684Privileged ports can be forwarded only when 685logging in as root on the remote machine. 686IPv6 addresses can be specified with an alternative syntax: 687.Sm off 688.Xo 689.Ar port No / Ar host No / 690.Ar hostport . 691.Xc 692.Sm on 693.It Fl s 694May be used to request invocation of a subsystem on the remote system. 695Subsystems are a feature of the SSH2 protocol which facilitate the use 696of SSH as a secure transport for other applications (eg.\& 697.Xr sftp 1 ) . 698The subsystem is specified as the remote command. 699.It Fl T 700Disable pseudo-tty allocation. 701.It Fl t 702Force pseudo-tty allocation. 703This can be used to execute arbitrary 704screen-based programs on a remote machine, which can be very useful, 705e.g., when implementing menu services. 706Multiple 707.Fl t 708options force tty allocation, even if 709.Nm 710has no local tty. 711.It Fl V 712Display the version number and exit. 713.It Fl v 714Verbose mode. 715Causes 716.Nm 717to print debugging messages about its progress. 718This is helpful in 719debugging connection, authentication, and configuration problems. 720Multiple 721.Fl v 722options increase the verbosity. 723The maximum is 3. 724.It Fl X 725Enables X11 forwarding. 726This can also be specified on a per-host basis in a configuration file. 727.Pp 728X11 forwarding should be enabled with caution. 729Users with the ability to bypass file permissions on the remote host 730(for the user's X authorization database) 731can access the local X11 display through the forwarded connection. 732An attacker may then be able to perform activities such as keystroke monitoring. 733.It Fl x 734Disables X11 forwarding. 735.It Fl Y 736Enables trusted X11 forwarding. 737.El 738.Sh CONFIGURATION FILES 739.Nm 740may additionally obtain configuration data from 741a per-user configuration file and a system-wide configuration file. 742The file format and configuration options are described in 743.Xr ssh_config 5 . 744.Sh ENVIRONMENT 745.Nm 746will normally set the following environment variables: 747.Bl -tag -width LOGNAME 748.It Ev DISPLAY 749The 750.Ev DISPLAY 751variable indicates the location of the X11 server. 752It is automatically set by 753.Nm 754to point to a value of the form 755.Dq hostname:n 756where hostname indicates 757the host where the shell runs, and n is an integer \*(Ge 1. 758.Nm 759uses this special value to forward X11 connections over the secure 760channel. 761The user should normally not set 762.Ev DISPLAY 763explicitly, as that 764will render the X11 connection insecure (and will require the user to 765manually copy any required authorization cookies). 766.It Ev HOME 767Set to the path of the user's home directory. 768.It Ev LOGNAME 769Synonym for 770.Ev USER ; 771set for compatibility with systems that use this variable. 772.It Ev MAIL 773Set to the path of the user's mailbox. 774.It Ev PATH 775Set to the default 776.Ev PATH , 777as specified when compiling 778.Nm ssh . 779.It Ev SSH_ASKPASS 780If 781.Nm 782needs a passphrase, it will read the passphrase from the current 783terminal if it was run from a terminal. 784If 785.Nm 786does not have a terminal associated with it but 787.Ev DISPLAY 788and 789.Ev SSH_ASKPASS 790are set, it will execute the program specified by 791.Ev SSH_ASKPASS 792and open an X11 window to read the passphrase. 793This is particularly useful when calling 794.Nm 795from a 796.Pa .Xsession 797or related script. 798(Note that on some machines it 799may be necessary to redirect the input from 800.Pa /dev/null 801to make this work.) 802.It Ev SSH_AUTH_SOCK 803Identifies the path of a unix-domain socket used to communicate with the 804agent. 805.It Ev SSH_CONNECTION 806Identifies the client and server ends of the connection. 807The variable contains 808four space-separated values: client ip-address, client port number, 809server ip-address and server port number. 810.It Ev SSH_ORIGINAL_COMMAND 811The variable contains the original command line if a forced command 812is executed. 813It can be used to extract the original arguments. 814.It Ev SSH_TTY 815This is set to the name of the tty (path to the device) associated 816with the current shell or command. 817If the current session has no tty, 818this variable is not set. 819.It Ev TZ 820The timezone variable is set to indicate the present timezone if it 821was set when the daemon was started (i.e., the daemon passes the value 822on to new connections). 823.It Ev USER 824Set to the name of the user logging in. 825.El 826.Pp 827Additionally, 828.Nm 829reads 830.Pa $HOME/.ssh/environment , 831and adds lines of the format 832.Dq VARNAME=value 833to the environment if the file exists and if users are allowed to 834change their environment. 835For more information, see the 836.Cm PermitUserEnvironment 837option in 838.Xr sshd_config 5 . 839.Sh FILES 840.Bl -tag -width Ds 841.It Pa $HOME/.ssh/known_hosts 842Records host keys for all hosts the user has logged into that are not 843in 844.Pa /etc/ssh/ssh_known_hosts . 845See 846.Xr sshd 8 . 847.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa 848Contains the authentication identity of the user. 849They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. 850These files 851contain sensitive data and should be readable by the user but not 852accessible by others (read/write/execute). 853Note that 854.Nm 855ignores a private key file if it is accessible by others. 856It is possible to specify a passphrase when 857generating the key; the passphrase will be used to encrypt the 858sensitive part of this file using 3DES. 859.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub 860Contains the public key for authentication (public part of the 861identity file in human-readable form). 862The contents of the 863.Pa $HOME/.ssh/identity.pub 864file should be added to the file 865.Pa $HOME/.ssh/authorized_keys 866on all machines 867where the user wishes to log in using protocol version 1 RSA authentication. 868The contents of the 869.Pa $HOME/.ssh/id_dsa.pub 870and 871.Pa $HOME/.ssh/id_rsa.pub 872file should be added to 873.Pa $HOME/.ssh/authorized_keys 874on all machines 875where the user wishes to log in using protocol version 2 DSA/RSA authentication. 876These files are not 877sensitive and can (but need not) be readable by anyone. 878These files are 879never used automatically and are not necessary; they are only provided for 880the convenience of the user. 881.It Pa $HOME/.ssh/config 882This is the per-user configuration file. 883The file format and configuration options are described in 884.Xr ssh_config 5 . 885.It Pa $HOME/.ssh/authorized_keys 886Lists the public keys (RSA/DSA) that can be used for logging in as this user. 887The format of this file is described in the 888.Xr sshd 8 889manual page. 890In the simplest form the format is the same as the 891.Pa .pub 892identity files. 893This file is not highly sensitive, but the recommended 894permissions are read/write for the user, and not accessible by others. 895.It Pa /etc/ssh/ssh_known_hosts 896Systemwide list of known host keys. 897This file should be prepared by the 898system administrator to contain the public host keys of all machines in the 899organization. 900This file should be world-readable. 901This file contains 902public keys, one per line, in the following format (fields separated 903by spaces): system name, public key and optional comment field. 904When different names are used 905for the same machine, all such names should be listed, separated by 906commas. 907The format is described in the 908.Xr sshd 8 909manual page. 910.Pp 911The canonical system name (as returned by name servers) is used by 912.Xr sshd 8 913to verify the client host when logging in; other names are needed because 914.Nm 915does not convert the user-supplied name to a canonical name before 916checking the key, because someone with access to the name servers 917would then be able to fool host authentication. 918.It Pa /etc/ssh/ssh_config 919Systemwide configuration file. 920The file format and configuration options are described in 921.Xr ssh_config 5 . 922.It Pa /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key 923These three files contain the private parts of the host keys 924and are used for 925.Cm RhostsRSAAuthentication 926and 927.Cm HostbasedAuthentication . 928If the protocol version 1 929.Cm RhostsRSAAuthentication 930method is used, 931.Nm 932must be setuid root, since the host key is readable only by root. 933For protocol version 2, 934.Nm 935uses 936.Xr ssh-keysign 8 937to access the host keys for 938.Cm HostbasedAuthentication . 939This eliminates the requirement that 940.Nm 941be setuid root when that authentication method is used. 942By default 943.Nm 944is not setuid root. 945.It Pa $HOME/.rhosts 946This file is used in 947.Em rhosts 948authentication to list the 949host/user pairs that are permitted to log in. 950(Note that this file is 951also used by rlogin and rsh, which makes using this file insecure.) 952Each line of the file contains a host name (in the canonical form 953returned by name servers), and then a user name on that host, 954separated by a space. 955On some machines this file may need to be 956world-readable if the user's home directory is on a NFS partition, 957because 958.Xr sshd 8 959reads it as root. 960Additionally, this file must be owned by the user, 961and must not have write permissions for anyone else. 962The recommended 963permission for most machines is read/write for the user, and not 964accessible by others. 965.Pp 966Note that by default 967.Xr sshd 8 968will be installed so that it requires successful RSA host 969authentication before permitting 970.Em rhosts 971authentication. 972If the server machine does not have the client's host key in 973.Pa /etc/ssh/ssh_known_hosts , 974it can be stored in 975.Pa $HOME/.ssh/known_hosts . 976The easiest way to do this is to 977connect back to the client from the server machine using ssh; this 978will automatically add the host key to 979.Pa $HOME/.ssh/known_hosts . 980.It Pa $HOME/.shosts 981This file is used exactly the same way as 982.Pa .rhosts . 983The purpose for 984having this file is to be able to use rhosts authentication with 985.Nm 986without permitting login with 987.Xr rlogin 988or 989.Xr rsh 1 . 990.It Pa /etc/hosts.equiv 991This file is used during 992.Em rhosts 993authentication. 994It contains 995canonical hosts names, one per line (the full format is described in the 996.Xr sshd 8 997manual page). 998If the client host is found in this file, login is 999automatically permitted provided client and server user names are the 1000same. 1001Additionally, successful RSA host authentication is normally 1002required. 1003This file should only be writable by root. 1004.It Pa /etc/shosts.equiv 1005This file is processed exactly as 1006.Pa /etc/hosts.equiv . 1007This file may be useful to permit logins using 1008.Nm 1009but not using rsh/rlogin. 1010.It Pa /etc/ssh/sshrc 1011Commands in this file are executed by 1012.Nm 1013when the user logs in just before the user's shell (or command) is started. 1014See the 1015.Xr sshd 8 1016manual page for more information. 1017.It Pa $HOME/.ssh/rc 1018Commands in this file are executed by 1019.Nm 1020when the user logs in just before the user's shell (or command) is 1021started. 1022See the 1023.Xr sshd 8 1024manual page for more information. 1025.It Pa $HOME/.ssh/environment 1026Contains additional definitions for environment variables, see section 1027.Sx ENVIRONMENT 1028above. 1029.El 1030.Sh DIAGNOSTICS 1031.Nm 1032exits with the exit status of the remote command or with 255 1033if an error occurred. 1034.Sh SEE ALSO 1035.Xr gzip 1 , 1036.Xr rsh 1 , 1037.Xr scp 1 , 1038.Xr sftp 1 , 1039.Xr ssh-add 1 , 1040.Xr ssh-agent 1 , 1041.Xr ssh-keygen 1 , 1042.Xr telnet 1 , 1043.Xr hosts.equiv 5 , 1044.Xr ssh_config 5 , 1045.Xr ssh-keysign 8 , 1046.Xr sshd 8 1047.Rs 1048.%A T. Ylonen 1049.%A T. Kivinen 1050.%A M. Saarinen 1051.%A T. Rinne 1052.%A S. Lehtinen 1053.%T "SSH Protocol Architecture" 1054.%N draft-ietf-secsh-architecture-12.txt 1055.%D January 2002 1056.%O work in progress material 1057.Re 1058.Sh AUTHORS 1059OpenSSH is a derivative of the original and free 1060ssh 1.2.12 release by Tatu Ylonen. 1061Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 1062Theo de Raadt and Dug Song 1063removed many bugs, re-added newer features and 1064created OpenSSH. 1065Markus Friedl contributed the support for SSH 1066protocol versions 1.5 and 2.0. 1067