12,13c12,13
< .\" $Id: ssh.1,v 1.38 2000/02/28 19:51:58 markus Exp $
< .\" $FreeBSD: head/crypto/openssh/ssh.1 58520 2000-03-24 02:26:54Z mpp $
---
> .\" $Id: ssh.1,v 1.43 2000/03/24 03:04:46 brad Exp $
> .\" $FreeBSD: head/crypto/openssh/ssh.1 58585 2000-03-26 07:37:48Z kris $
56c56,57
< executing commands on a remote machine. It is intended to replace
---
> executing commands on a remote machine.
> It is intended to replace
58c59,60
< two untrusted hosts over an insecure network. X11 connections and
---
> two untrusted hosts over an insecure network.
> X11 connections and
80c82,83
< permitted to log in. This form of authentication alone is normally not
---
> permitted to log in.
> This form of authentication alone is normally not
87,88c90,91
< method combined with RSA-based host authentication. It
< means that if the login would be permitted by
---
> method combined with RSA-based host authentication.
> It means that if the login would be permitted by
101,104c104,107
< section), only then login is
< permitted. This authentication method closes security holes due to IP
< spoofing, DNS spoofing and routing spoofing. [Note to the
< administrator:
---
> section), only then login is permitted.
> This authentication method closes security holes due to IP
> spoofing, DNS spoofing and routing spoofing.
> [Note to the administrator:
116,119c119,123
< RSA is one such system. The idea is that each user creates a public/private
< key pair for authentication purposes. The
< server knows the public key, and only the user knows the private key.
< The file
---
> RSA is one such system.
> The idea is that each user creates a public/private
> key pair for authentication purposes.
> The server knows the public key, and only the user knows the private key.
> The file
122c126,127
< in. When the user logs in, the
---
> in.
> When the user logs in, the
125c130,131
< authentication. The server checks if this key is permitted, and if
---
> authentication.
> The server checks if this key is permitted, and if
129,130c135,138
< encrypted by the user's public key. The challenge can only be
< decrypted using the proper private key. The user's client then decrypts the
---
> encrypted by the user's public key.
> The challenge can only be
> decrypted using the proper private key.
> The user's client then decrypts the
135,136c143,144
< implements the RSA authentication protocol automatically. The user
< creates his/her RSA key pair by running
---
> implements the RSA authentication protocol automatically.
> The user creates his/her RSA key pair by running
142,143c150,151
< in the user's home directory. The user should then
< copy the
---
> in the user's home directory.
> The user should then copy the
152,153c160,162
< per line, though the lines can be very long). After this, the user
< can log in without giving the password. RSA authentication is much
---
> per line, though the lines can be very long).
> After this, the user can log in without giving the password.
> RSA authentication is much
157c166,167
< authentication agent. See
---
> authentication agent.
> See
163c173,174
< prompts the user for a password. The password is sent to the remote
---
> prompts the user for a password.
> The password is sent to the remote
169c180,181
< the user a normal shell on the remote machine. All communication with
---
> the user a normal shell on the remote machine.
> All communication with
186c198,199
< shell to hang). All available escapes can be listed with
---
> shell to hang).
> All available escapes can be listed with
193c206,207
< special. The escape character can be changed in configuration files
---
> special.
> The escape character can be changed in configuration files
198c212,213
< data. On most systems, setting the escape character to
---
> data.
> On most systems, setting the escape character to
214c229,230
< from the local machine. The user should not manually set
---
> from the local machine.
> The user should not manually set
224c240,241
< than zero. This is normal, and happens because
---
> than zero.
> This is normal, and happens because
236c253,254
< the connection is opened. The real authentication cookie is never
---
> the connection is opened.
> The real authentication cookie is never
244,246c262,264
< be specified either on command line or in a configuration file. One
< possible application of TCP/IP forwarding is a secure connection to an
< electronic purse; another is going through firewalls.
---
> be specified either on command line or in a configuration file.
> One possible application of TCP/IP forwarding is a secure connection to an
> electronic purse; another is going trough firewalls.
250,251c268,269
< identifications for all hosts it has ever been used with. The
< database is stored in
---
> identifications for all hosts it has ever been used with.
> The database is stored in
253c271,272
< in the user's home directory. Additionally, the file
---
> in the user's home directory.
> Additionally, the file
255,256c274,276
< is automatically checked for known hosts. Any new hosts are
< automatically added to the user's file. If a host's identification
---
> is automatically checked for known hosts.
> Any new hosts are automatically added to the user's file.
> If a host's identification
260c280,281
< trojan horse from getting the user's password. Another purpose of
---
> trojan horse from getting the user's password.
> Another purpose of
262c283,284
< otherwise be used to circumvent the encryption. The
---
> otherwise be used to circumvent the encryption.
> The
269,270c291,292
< Disables forwarding of the authentication agent connection. This may
< also be specified on a per-host basis in the configuration file.
---
> Disables forwarding of the authentication agent connection.
> This may also be specified on a per-host basis in the configuration file.
274c296,297
< is used by default. It is believed to be secure.
---
> is used by default.
> It is believed to be secure.
286,287c309,310
< The escape character is only recognized at the beginning of a line. The
< escape character followed by a dot
---
> The escape character is only recognized at the beginning of a line.
> The escape character followed by a dot
291c314,315
< escape character once. Setting the character to
---
> escape character once.
> Setting the character to
297,298c321,322
< to go to background just before command execution. This is useful
< if
---
> to go to background just before command execution.
> This is useful if
301c325,326
< wants it in the background. This implies
---
> wants it in the background.
> This implies
309,310c334,336
< Selects the file from which the identity (private key) for
< RSA authentication is read. Default is
---
> Selects the file from which the identity (private key) for
> RSA authentication is read.
> Default is
312,314c338,341
< in the user's home directory. Identity files may also be specified on
< a per-host basis in the configuration file. It is possible to have
< multiple
---
> in the user's home directory.
> Identity files may also be specified on
> a per-host basis in the configuration file.
> It is possible to have multiple
319,320c346,347
< Disables forwarding of Kerberos tickets and AFS tokens. This may
< also be specified on a per-host basis in the configuration file.
---
> Disables forwarding of Kerberos tickets and AFS tokens.
> This may also be specified on a per-host basis in the configuration file.
322,323c349,350
< Specifies the user to log in as on the remote machine. This may also
< be specified on a per-host basis in the configuration file.
---
> Specifies the user to log in as on the remote machine.
> This also may be specified on a per-host basis in the configuration file.
330,331c357,359
< is run in the background. A common trick is to use this to run X11
< programs in a remote machine. For example,
---
> is run in the background.
> A common trick is to use this to run X11 programs on a remote machine.
> For example,
346,347c374,375
< command-line flag. The option has the same format as a line in the
< configuration file.
---
> command-line flag.
> The option has the same format as a line in the configuration file.
349c377,378
< Port to connect to on the remote host. This can be specified on a
---
> Port to connect to on the remote host.
> This can be specified on a
360,361c389,391
< Quiet mode. Causes all warning and diagnostic messages to be
< suppressed. Only fatal errors are displayed.
---
> Quiet mode.
> Causes all warning and diagnostic messages to be suppressed.
> Only fatal errors are displayed.
363,365c393,396
< Force pseudo-tty allocation. This can be used to execute arbitrary
< screen-based programs on a remote machine, which can be very useful
< e.g. when implementing menu services.
---
> Force pseudo-tty allocation.
> This can be used to execute arbitrary
> screen-based programs on a remote machine, which can be very useful,
> e.g., when implementing menu services.
367c398,399
< Verbose mode. Causes
---
> Verbose mode.
> Causes
369c401,402
< to print debugging messages about its progress. This is helpful in
---
> to print debugging messages about its progress.
> This is helpful in
375,376c408,409
< Disables X11 forwarding. This can also be specified on a per-host
< basis in a configuration file.
---
> Disables X11 forwarding.
> This can also be specified on a per-host basis in a configuration file.
381,382c414,415
< data for forwarded X11 and TCP/IP connections). The compression
< algorithm is the same used by
---
> data for forwarded X11 and TCP/IP connections).
> The compression algorithm is the same used by
388c421,422
< option (see below). Compression is desirable on modem lines and other
---
> option (see below).
> Compression is desirable on modem lines and other
396,397c430,431
< forwarded to the given host and port on the remote side. This works
< by allocating a socket to listen to
---
> forwarded to the given host and port on the remote side.
> This works by allocating a socket to listen to
405,406c439,441
< from the remote machine. Port forwardings can also be specified in the
< configuration file. Only root can forward privileged ports.
---
> from the remote machine.
> Port forwardings can also be specified in the configuration file.
> Only root can forward privileged ports.
411,412c446,447
< forwarded to the given host and port on the local side. This works
< by allocating a socket to listen to
---
> forwarded to the given host and port on the local side.
> This works by allocating a socket to listen to
420,421c455,457
< from the local machine. Port forwardings can also be specified in the
< configuration file. Privileged ports can be forwarded only when
---
> from the local machine.
> Port forwardings can also be specified in the configuration file.
> Privileged ports can be forwarded only when
440,443c476,481
< will be used. The configuration files contain sections bracketed by
< "Host" specifications, and that section is only applied for hosts that
< match one of the patterns given in the specification. The matched
< host name is the one given on the command line.
---
> will be used.
> The configuration files contain sections bracketed by
> .Dq Host
> specifications, and that section is only applied for hosts that
> match one of the patterns given in the specification.
> The matched host name is the one given on the command line.
470c508,509
< patterns. A single
---
> patterns.
> A single
473c512,513
< defaults for all hosts. The host is the
---
> defaults for all hosts.
> The host is the
478,479c518,519
< Specifies whether to pass AFS tokens to remote host. The argument to
< this keyword must be
---
> Specifies whether to pass AFS tokens to remote host.
> The argument to this keyword must be
486,488c526,529
< passphrase/password querying will be disabled. This
< option is useful in scripts and other batch jobs where you have no
< user to supply the password. The argument must be
---
> passphrase/password querying will be disabled.
> This option is useful in scripts and other batch jobs where you have no
> user to supply the password.
> The argument must be
497c538,539
< file. This allows ssh to detect if a host key changed due to DNS spoofing.
---
> file.
> This allows ssh to detect if a host key changed due to DNS spoofing.
502c544,545
< Specifies the cipher to use for encrypting the session. Currently,
---
> Specifies the cipher to use for encrypting the session.
> Currently,
506c549,550
< are supported. The default is
---
> are supported.
> The default is
509c553,554
< Specifies whether to use compression. The argument must be
---
> Specifies whether to use compression.
> The argument must be
514,517c559,562
< Specifies the compression level to use if compression is enable. The
< argument must be an integer from 1 (fast) to 9 (slow, best). The
< default level is 6, which is good for most applications. The meaning
< of the values is the same as in
---
> Specifies the compression level to use if compression is enable.
> The argument must be an integer from 1 (fast) to 9 (slow, best).
> The default level is 6, which is good for most applications.
> The meaning of the values is the same as in
521,522c566,568
< back to rsh or exiting. The argument must be an integer. This may be
< useful in scripts if the connection sometimes fails.
---
> back to rsh or exiting.
> The argument must be an integer.
> This may be useful in scripts if the connection sometimes fails.
527,528c573,574
< be set on the command line. The argument should be a single
< character,
---
> be set on the command line.
> The argument should be a single character,
543c589,590
< the session being unencrypted). The argument must be
---
> the session being unencrypted).
> The argument must be
549c596,597
< will be forwarded to the remote machine. The argument must be
---
> will be forwarded to the remote machine.
> The argument must be
557c605,606
< set. The argument must be
---
> set.
> The argument must be
576,579c625,628
< Specifies the real host name to log into. This can be used to specify
< nicknames or abbreviations for hosts. Default is the name given on the
< command line. Numeric IP addresses are also permitted (both on the
< command line and in
---
> Specifies the real host name to log into.
> This can be used to specify nicknames or abbreviations for hosts.
> Default is the name given on the command line.
> Numeric IP addresses are also permitted (both on the command line and in
588,589c637,640
< will be used for authentication. The file name may use the tilde
< syntax to refer to a user's home directory. It is possible to have
---
> will be used for authentication.
> The file name may use the tilde
> syntax to refer to a user's home directory.
> It is possible to have
594,595c645,648
< other side. If they are sent, death of the connection or crash of one
< of the machines will be properly noticed. However, this means that
---
> other side.
> If they are sent, death of the connection or crash of one
> of the machines will be properly noticed.
> However, this means that
602,603c655,656
< if the network goes down or the remote host dies. This is important
< in scripts, and many users want it too.
---
> if the network goes down or the remote host dies.
> This is important in scripts, and many users want it too.
609,610c662,663
< Specifies whether Kerberos authentication will be used. The argument to
< this keyword must be
---
> Specifies whether Kerberos authentication will be used.
> The argument to this keyword must be
615,617c668,670
< Specifies whether a Kerberos TGT will be forwarded to the server. This
< will only work if the Kerberos server is actually an AFS kaserver. The
< argument to this keyword must be
---
> Specifies whether a Kerberos TGT will be forwarded to the server.
> This will only work if the Kerberos server is actually an AFS kaserver.
> The argument to this keyword must be
623,627c676,681
< the secure channel to given host:port from the remote machine. The
< first argument must be a port number, and the second must be
< host:port. Multiple forwardings may be specified, and additional
< forwardings can be given on the command line. Only the root can
< forward privileged ports.
---
> the secure channel to given host:port from the remote machine.
> The first argument must be a port number, and the second must be
> host:port.
> Multiple forwardings may be specified, and additional
> forwardings can be given on the command line.
> Only the superuser can forward privileged ports.
632c686
< QUIET, FATAL, ERROR, INFO, CHAT and DEBUG.
---
> QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
635,636c689,691
< Specifies the number of password prompts before giving up. The
< argument to this keyword must be an integer. Default is 3.
---
> Specifies the number of password prompts before giving up.
> The argument to this keyword must be an integer.
> Default is 3.
638,639c693,694
< Specifies whether to use password authentication. The argument to
< this keyword must be
---
> Specifies whether to use password authentication.
> The argument to this keyword must be
644,645c699,700
< Specifies the port number to connect on the remote host. Default is
< 22.
---
> Specifies the port number to connect on the remote host.
> Default is 22.
647c702,703
< Specifies the command to use to connect to the server. The command
---
> Specifies the command to use to connect to the server.
> The command
651c707
< .Dq %h
---
> .Ql %h
654,657c710,714
< .Dq %p
< by the port. The command can be basically anything,
< and should read from its stdin and write to its stdout. It should
< eventually connect an
---
> .Ql %p
> by the port.
> The command can be basically anything,
> and should read from its standard input and write to its standard output.
> It should eventually connect an
661c718,719
< somewhere. Host key management will be done using the
---
> somewhere.
> Host key management will be done using the
670,674c728,733
< the secure channel to given host:port from the local machine. The
< first argument must be a port number, and the second must be
< host:port. Multiple forwardings may be specified, and additional
< forwardings can be given on the command line. Only the root can
< forward privileged ports.
---
> the secure channel to given host:port from the local machine.
> The first argument must be a port number, and the second must be
> host:port.
> Multiple forwardings may be specified, and additional
> forwardings can be given on the command line.
> Only the superuser can forward privileged ports.
676c735,736
< Specifies whether to try rhosts based authentication. Note that this
---
> Specifies whether to try rhosts based authentication.
> Note that this
678c738,739
< on security. Disabling rhosts authentication may reduce
---
> on security.
> Disabling rhosts authentication may reduce
680,682c741,744
< not used. Most servers do not permit RhostsAuthentication because it
< is not secure (see RhostsRSAAuthentication). The argument to this
< keyword must be
---
> not used.
> Most servers do not permit RhostsAuthentication because it
> is not secure (see RhostsRSAAuthentication).
> The argument to this keyword must be
688,689c750,752
< authentication. This is the primary authentication method for most
< sites. The argument must be
---
> authentication.
> This is the primary authentication method for most sites.
> The argument must be
694,695c757,758
< Specifies whether to try RSA authentication. The argument to this
< keyword must be
---
> Specifies whether to try RSA authentication.
> The argument to this keyword must be
705,706c768,769
< authentication. The argument to
< this keyword must be
---
> authentication.
> The argument to this keyword must be
718,720c781,783
< file, and refuses to connect hosts whose host key has changed. This
< provides maximum protection against trojan horse attacks. However, it
< can be somewhat annoying if you don't have good
---
> file, and refuses to connect hosts whose host key has changed.
> This provides maximum protection against trojan horse attacks.
> However, it can be somewhat annoying if you don't have good
723,727c786,793
< connect new hosts. Basically this option forces the user to manually
< add any new hosts. Normally this option is disabled, and new hosts
< will automatically be added to the known host files. The host keys of
< known hosts will be verified automatically in either case. The
< argument must be
---
> connect new hosts.
> Basically this option forces the user to manually
> add any new hosts.
> Normally this option is disabled, and new hosts
> will automatically be added to the known host files.
> The host keys of
> known hosts will be verified automatically in either case.
> The argument must be
746,747c812,814
< Specifies the user to log in as. This can be useful if you have a
< different user name in different machines. This saves the trouble of
---
> Specifies the user to log in as.
> This can be useful if you have a different user name on different machines.
> This saves the trouble of
753,754c820,821
< Specifies that rlogin/rsh should be used for this host. It is
< possible that the host does not at all support the
---
> Specifies that rlogin/rsh should be used for this host.
> It is possible that the host does not at all support the
756c823,824
< protocol. This causes
---
> protocol.
> This causes
758c826
< to immediately exec
---
> to immediately execute
762c830,831
< are ignored if this has been specified. The argument must be
---
> are ignored if this has been specified.
> The argument must be
773,774c842,843
< variable indicates the location of the X11 server. It is
< automatically set by
---
> variable indicates the location of the X11 server.
> It is automatically set by
779,781c848,852
< the host where the shell runs, and n is an integer \*(>= 1. Ssh uses
< this special value to forward X11 connections over the secure
< channel. The user should normally not set DISPLAY explicitly, as that
---
> the host where the shell runs, and n is an integer \*(>= 1.
> .Nm
> uses this special value to forward X11 connections over the secure
> channel.
> The user should normally not set DISPLAY explicitly, as that
792c863
< .It Ev PATH
---
> .It Ev PATH
801c872,873
< Identifies the client end of the connection. The variable contains
---
> Identifies the client end of the connection.
> The variable contains
806c878,879
< with the current shell or command. If the current session has no tty,
---
> with the current shell or command.
> If the current session has no tty,
832c905,906
< Contains the RSA authentication identity of the user. This file
---
> Contains the RSA authentication identity of the user.
> This file
843,844c917,918
< identity file in human-readable form). The contents of this file
< should be added to
---
> identity file in human-readable form).
> The contents of this file should be added to
847,848c921,924
< where you wish to log in using RSA authentication. This file is not
< sensitive and can (but need not) be readable by anyone. This file is
---
> where you wish to log in using RSA authentication.
> This file is not
> sensitive and can (but need not) be readable by anyone.
> This file is
852,853c928,930
< This is the per-user configuration file. The format of this file is
< described above. This file is used by the
---
> This is the per-user configuration file.
> The format of this file is described above.
> This file is used by the
855c932,933
< client. This file does not usually contain any sensitive information,
---
> client.
> This file does not usually contain any sensitive information,
859,860c937,938
< Lists the RSA keys that can be used for logging in as this user. The
< format of this file is described in the
---
> Lists the RSA keys that can be used for logging in as this user.
> The format of this file is described in the
862c940,941
< manual page. In the simplest form the format is the same as the .pub
---
> manual page.
> In the simplest form the format is the same as the .pub
865c944,945
< spaces). This file is not highly sensitive, but the recommended
---
> spaces).
> This file is not highly sensitive, but the recommended
868c948,949
< Systemwide list of known host keys. This file should be prepared by the
---
> Systemwide list of known host keys.
> This file should be prepared by the
870c951,953
< organization. This file should be world-readable. This file contains
---
> organization.
> This file should be world-readable.
> This file contains
873c956,957
< modulus, and optional comment field. When different names are used
---
> modulus, and optional comment field.
> When different names are used
875c959,960
< commas. The format is described on the
---
> commas.
> The format is described on the
887c972,973
< Systemwide configuration file. This file provides defaults for those
---
> Systemwide configuration file.
> This file provides defaults for those
889,890c975,976
< for those users who do not have a configuration file. This file must
< be world-readable.
---
> for those users who do not have a configuration file.
> This file must be world-readable.
895c981,982
< host/user pairs that are permitted to log in. (Note that this file is
---
> host/user pairs that are permitted to log in.
> (Note that this file is
899c986,987
< separated by a space. One some machines this file may need to be
---
> separated by a space.
> One some machines this file may need to be
903,904c991,994
< reads it as root. Additionally, this file must be owned by the user,
< and must not have write permissions for anyone else. The recommended
---
> reads it as root.
> Additionally, this file must be owned by the user,
> and must not have write permissions for anyone else.
> The recommended
911,912c1001,1002
< authentication before permitting \s+2.\s0rhosts authentication. If your
< server machine does not have the client's host key in
---
> authentication before permitting \s+2.\s0rhosts authentication.
> If your server machine does not have the client's host key in
933c1023,1024
< authentication. It contains
---
> authentication.
> It contains
937c1028,1029
< manual page). If the client host is found in this file, login is
---
> manual page).
> If the client host is found in this file, login is
939,940c1031,1034
< same. Additionally, successful RSA host authentication is normally
< required. This file should only be writable by root.
---
> same.
> Additionally, successful RSA host authentication is normally
> required.
> This file should only be writable by root.
942c1036
< This file is processed exactly as
---
> This file is processed exactly as
972c1066,1067
< but with bugs removed and newer features re-added. Rapidly after the
---
> but with bugs removed and newer features re-added.
> Rapidly after the
< .\" $Id: ssh.1,v 1.38 2000/02/28 19:51:58 markus Exp $
< .\" $FreeBSD: head/crypto/openssh/ssh.1 58520 2000-03-24 02:26:54Z mpp $
---
> .\" $Id: ssh.1,v 1.43 2000/03/24 03:04:46 brad Exp $
> .\" $FreeBSD: head/crypto/openssh/ssh.1 58585 2000-03-26 07:37:48Z kris $
56c56,57
< executing commands on a remote machine. It is intended to replace
---
> executing commands on a remote machine.
> It is intended to replace
58c59,60
< two untrusted hosts over an insecure network. X11 connections and
---
> two untrusted hosts over an insecure network.
> X11 connections and
80c82,83
< permitted to log in. This form of authentication alone is normally not
---
> permitted to log in.
> This form of authentication alone is normally not
87,88c90,91
< method combined with RSA-based host authentication. It
< means that if the login would be permitted by
---
> method combined with RSA-based host authentication.
> It means that if the login would be permitted by
101,104c104,107
< section), only then login is
< permitted. This authentication method closes security holes due to IP
< spoofing, DNS spoofing and routing spoofing. [Note to the
< administrator:
---
> section), only then login is permitted.
> This authentication method closes security holes due to IP
> spoofing, DNS spoofing and routing spoofing.
> [Note to the administrator:
116,119c119,123
< RSA is one such system. The idea is that each user creates a public/private
< key pair for authentication purposes. The
< server knows the public key, and only the user knows the private key.
< The file
---
> RSA is one such system.
> The idea is that each user creates a public/private
> key pair for authentication purposes.
> The server knows the public key, and only the user knows the private key.
> The file
122c126,127
< in. When the user logs in, the
---
> in.
> When the user logs in, the
125c130,131
< authentication. The server checks if this key is permitted, and if
---
> authentication.
> The server checks if this key is permitted, and if
129,130c135,138
< encrypted by the user's public key. The challenge can only be
< decrypted using the proper private key. The user's client then decrypts the
---
> encrypted by the user's public key.
> The challenge can only be
> decrypted using the proper private key.
> The user's client then decrypts the
135,136c143,144
< implements the RSA authentication protocol automatically. The user
< creates his/her RSA key pair by running
---
> implements the RSA authentication protocol automatically.
> The user creates his/her RSA key pair by running
142,143c150,151
< in the user's home directory. The user should then
< copy the
---
> in the user's home directory.
> The user should then copy the
152,153c160,162
< per line, though the lines can be very long). After this, the user
< can log in without giving the password. RSA authentication is much
---
> per line, though the lines can be very long).
> After this, the user can log in without giving the password.
> RSA authentication is much
157c166,167
< authentication agent. See
---
> authentication agent.
> See
163c173,174
< prompts the user for a password. The password is sent to the remote
---
> prompts the user for a password.
> The password is sent to the remote
169c180,181
< the user a normal shell on the remote machine. All communication with
---
> the user a normal shell on the remote machine.
> All communication with
186c198,199
< shell to hang). All available escapes can be listed with
---
> shell to hang).
> All available escapes can be listed with
193c206,207
< special. The escape character can be changed in configuration files
---
> special.
> The escape character can be changed in configuration files
198c212,213
< data. On most systems, setting the escape character to
---
> data.
> On most systems, setting the escape character to
214c229,230
< from the local machine. The user should not manually set
---
> from the local machine.
> The user should not manually set
224c240,241
< than zero. This is normal, and happens because
---
> than zero.
> This is normal, and happens because
236c253,254
< the connection is opened. The real authentication cookie is never
---
> the connection is opened.
> The real authentication cookie is never
244,246c262,264
< be specified either on command line or in a configuration file. One
< possible application of TCP/IP forwarding is a secure connection to an
< electronic purse; another is going through firewalls.
---
> be specified either on command line or in a configuration file.
> One possible application of TCP/IP forwarding is a secure connection to an
> electronic purse; another is going trough firewalls.
250,251c268,269
< identifications for all hosts it has ever been used with. The
< database is stored in
---
> identifications for all hosts it has ever been used with.
> The database is stored in
253c271,272
< in the user's home directory. Additionally, the file
---
> in the user's home directory.
> Additionally, the file
255,256c274,276
< is automatically checked for known hosts. Any new hosts are
< automatically added to the user's file. If a host's identification
---
> is automatically checked for known hosts.
> Any new hosts are automatically added to the user's file.
> If a host's identification
260c280,281
< trojan horse from getting the user's password. Another purpose of
---
> trojan horse from getting the user's password.
> Another purpose of
262c283,284
< otherwise be used to circumvent the encryption. The
---
> otherwise be used to circumvent the encryption.
> The
269,270c291,292
< Disables forwarding of the authentication agent connection. This may
< also be specified on a per-host basis in the configuration file.
---
> Disables forwarding of the authentication agent connection.
> This may also be specified on a per-host basis in the configuration file.
274c296,297
< is used by default. It is believed to be secure.
---
> is used by default.
> It is believed to be secure.
286,287c309,310
< The escape character is only recognized at the beginning of a line. The
< escape character followed by a dot
---
> The escape character is only recognized at the beginning of a line.
> The escape character followed by a dot
291c314,315
< escape character once. Setting the character to
---
> escape character once.
> Setting the character to
297,298c321,322
< to go to background just before command execution. This is useful
< if
---
> to go to background just before command execution.
> This is useful if
301c325,326
< wants it in the background. This implies
---
> wants it in the background.
> This implies
309,310c334,336
< Selects the file from which the identity (private key) for
< RSA authentication is read. Default is
---
> Selects the file from which the identity (private key) for
> RSA authentication is read.
> Default is
312,314c338,341
< in the user's home directory. Identity files may also be specified on
< a per-host basis in the configuration file. It is possible to have
< multiple
---
> in the user's home directory.
> Identity files may also be specified on
> a per-host basis in the configuration file.
> It is possible to have multiple
319,320c346,347
< Disables forwarding of Kerberos tickets and AFS tokens. This may
< also be specified on a per-host basis in the configuration file.
---
> Disables forwarding of Kerberos tickets and AFS tokens.
> This may also be specified on a per-host basis in the configuration file.
322,323c349,350
< Specifies the user to log in as on the remote machine. This may also
< be specified on a per-host basis in the configuration file.
---
> Specifies the user to log in as on the remote machine.
> This also may be specified on a per-host basis in the configuration file.
330,331c357,359
< is run in the background. A common trick is to use this to run X11
< programs in a remote machine. For example,
---
> is run in the background.
> A common trick is to use this to run X11 programs on a remote machine.
> For example,
346,347c374,375
< command-line flag. The option has the same format as a line in the
< configuration file.
---
> command-line flag.
> The option has the same format as a line in the configuration file.
349c377,378
< Port to connect to on the remote host. This can be specified on a
---
> Port to connect to on the remote host.
> This can be specified on a
360,361c389,391
< Quiet mode. Causes all warning and diagnostic messages to be
< suppressed. Only fatal errors are displayed.
---
> Quiet mode.
> Causes all warning and diagnostic messages to be suppressed.
> Only fatal errors are displayed.
363,365c393,396
< Force pseudo-tty allocation. This can be used to execute arbitrary
< screen-based programs on a remote machine, which can be very useful
< e.g. when implementing menu services.
---
> Force pseudo-tty allocation.
> This can be used to execute arbitrary
> screen-based programs on a remote machine, which can be very useful,
> e.g., when implementing menu services.
367c398,399
< Verbose mode. Causes
---
> Verbose mode.
> Causes
369c401,402
< to print debugging messages about its progress. This is helpful in
---
> to print debugging messages about its progress.
> This is helpful in
375,376c408,409
< Disables X11 forwarding. This can also be specified on a per-host
< basis in a configuration file.
---
> Disables X11 forwarding.
> This can also be specified on a per-host basis in a configuration file.
381,382c414,415
< data for forwarded X11 and TCP/IP connections). The compression
< algorithm is the same used by
---
> data for forwarded X11 and TCP/IP connections).
> The compression algorithm is the same used by
388c421,422
< option (see below). Compression is desirable on modem lines and other
---
> option (see below).
> Compression is desirable on modem lines and other
396,397c430,431
< forwarded to the given host and port on the remote side. This works
< by allocating a socket to listen to
---
> forwarded to the given host and port on the remote side.
> This works by allocating a socket to listen to
405,406c439,441
< from the remote machine. Port forwardings can also be specified in the
< configuration file. Only root can forward privileged ports.
---
> from the remote machine.
> Port forwardings can also be specified in the configuration file.
> Only root can forward privileged ports.
411,412c446,447
< forwarded to the given host and port on the local side. This works
< by allocating a socket to listen to
---
> forwarded to the given host and port on the local side.
> This works by allocating a socket to listen to
420,421c455,457
< from the local machine. Port forwardings can also be specified in the
< configuration file. Privileged ports can be forwarded only when
---
> from the local machine.
> Port forwardings can also be specified in the configuration file.
> Privileged ports can be forwarded only when
440,443c476,481
< will be used. The configuration files contain sections bracketed by
< "Host" specifications, and that section is only applied for hosts that
< match one of the patterns given in the specification. The matched
< host name is the one given on the command line.
---
> will be used.
> The configuration files contain sections bracketed by
> .Dq Host
> specifications, and that section is only applied for hosts that
> match one of the patterns given in the specification.
> The matched host name is the one given on the command line.
470c508,509
< patterns. A single
---
> patterns.
> A single
473c512,513
< defaults for all hosts. The host is the
---
> defaults for all hosts.
> The host is the
478,479c518,519
< Specifies whether to pass AFS tokens to remote host. The argument to
< this keyword must be
---
> Specifies whether to pass AFS tokens to remote host.
> The argument to this keyword must be
486,488c526,529
< passphrase/password querying will be disabled. This
< option is useful in scripts and other batch jobs where you have no
< user to supply the password. The argument must be
---
> passphrase/password querying will be disabled.
> This option is useful in scripts and other batch jobs where you have no
> user to supply the password.
> The argument must be
497c538,539
< file. This allows ssh to detect if a host key changed due to DNS spoofing.
---
> file.
> This allows ssh to detect if a host key changed due to DNS spoofing.
502c544,545
< Specifies the cipher to use for encrypting the session. Currently,
---
> Specifies the cipher to use for encrypting the session.
> Currently,
506c549,550
< are supported. The default is
---
> are supported.
> The default is
509c553,554
< Specifies whether to use compression. The argument must be
---
> Specifies whether to use compression.
> The argument must be
514,517c559,562
< Specifies the compression level to use if compression is enable. The
< argument must be an integer from 1 (fast) to 9 (slow, best). The
< default level is 6, which is good for most applications. The meaning
< of the values is the same as in
---
> Specifies the compression level to use if compression is enable.
> The argument must be an integer from 1 (fast) to 9 (slow, best).
> The default level is 6, which is good for most applications.
> The meaning of the values is the same as in
521,522c566,568
< back to rsh or exiting. The argument must be an integer. This may be
< useful in scripts if the connection sometimes fails.
---
> back to rsh or exiting.
> The argument must be an integer.
> This may be useful in scripts if the connection sometimes fails.
527,528c573,574
< be set on the command line. The argument should be a single
< character,
---
> be set on the command line.
> The argument should be a single character,
543c589,590
< the session being unencrypted). The argument must be
---
> the session being unencrypted).
> The argument must be
549c596,597
< will be forwarded to the remote machine. The argument must be
---
> will be forwarded to the remote machine.
> The argument must be
557c605,606
< set. The argument must be
---
> set.
> The argument must be
576,579c625,628
< Specifies the real host name to log into. This can be used to specify
< nicknames or abbreviations for hosts. Default is the name given on the
< command line. Numeric IP addresses are also permitted (both on the
< command line and in
---
> Specifies the real host name to log into.
> This can be used to specify nicknames or abbreviations for hosts.
> Default is the name given on the command line.
> Numeric IP addresses are also permitted (both on the command line and in
588,589c637,640
< will be used for authentication. The file name may use the tilde
< syntax to refer to a user's home directory. It is possible to have
---
> will be used for authentication.
> The file name may use the tilde
> syntax to refer to a user's home directory.
> It is possible to have
594,595c645,648
< other side. If they are sent, death of the connection or crash of one
< of the machines will be properly noticed. However, this means that
---
> other side.
> If they are sent, death of the connection or crash of one
> of the machines will be properly noticed.
> However, this means that
602,603c655,656
< if the network goes down or the remote host dies. This is important
< in scripts, and many users want it too.
---
> if the network goes down or the remote host dies.
> This is important in scripts, and many users want it too.
609,610c662,663
< Specifies whether Kerberos authentication will be used. The argument to
< this keyword must be
---
> Specifies whether Kerberos authentication will be used.
> The argument to this keyword must be
615,617c668,670
< Specifies whether a Kerberos TGT will be forwarded to the server. This
< will only work if the Kerberos server is actually an AFS kaserver. The
< argument to this keyword must be
---
> Specifies whether a Kerberos TGT will be forwarded to the server.
> This will only work if the Kerberos server is actually an AFS kaserver.
> The argument to this keyword must be
623,627c676,681
< the secure channel to given host:port from the remote machine. The
< first argument must be a port number, and the second must be
< host:port. Multiple forwardings may be specified, and additional
< forwardings can be given on the command line. Only the root can
< forward privileged ports.
---
> the secure channel to given host:port from the remote machine.
> The first argument must be a port number, and the second must be
> host:port.
> Multiple forwardings may be specified, and additional
> forwardings can be given on the command line.
> Only the superuser can forward privileged ports.
632c686
< QUIET, FATAL, ERROR, INFO, CHAT and DEBUG.
---
> QUIET, FATAL, ERROR, INFO, VERBOSE and DEBUG.
635,636c689,691
< Specifies the number of password prompts before giving up. The
< argument to this keyword must be an integer. Default is 3.
---
> Specifies the number of password prompts before giving up.
> The argument to this keyword must be an integer.
> Default is 3.
638,639c693,694
< Specifies whether to use password authentication. The argument to
< this keyword must be
---
> Specifies whether to use password authentication.
> The argument to this keyword must be
644,645c699,700
< Specifies the port number to connect on the remote host. Default is
< 22.
---
> Specifies the port number to connect on the remote host.
> Default is 22.
647c702,703
< Specifies the command to use to connect to the server. The command
---
> Specifies the command to use to connect to the server.
> The command
651c707
< .Dq %h
---
> .Ql %h
654,657c710,714
< .Dq %p
< by the port. The command can be basically anything,
< and should read from its stdin and write to its stdout. It should
< eventually connect an
---
> .Ql %p
> by the port.
> The command can be basically anything,
> and should read from its standard input and write to its standard output.
> It should eventually connect an
661c718,719
< somewhere. Host key management will be done using the
---
> somewhere.
> Host key management will be done using the
670,674c728,733
< the secure channel to given host:port from the local machine. The
< first argument must be a port number, and the second must be
< host:port. Multiple forwardings may be specified, and additional
< forwardings can be given on the command line. Only the root can
< forward privileged ports.
---
> the secure channel to given host:port from the local machine.
> The first argument must be a port number, and the second must be
> host:port.
> Multiple forwardings may be specified, and additional
> forwardings can be given on the command line.
> Only the superuser can forward privileged ports.
676c735,736
< Specifies whether to try rhosts based authentication. Note that this
---
> Specifies whether to try rhosts based authentication.
> Note that this
678c738,739
< on security. Disabling rhosts authentication may reduce
---
> on security.
> Disabling rhosts authentication may reduce
680,682c741,744
< not used. Most servers do not permit RhostsAuthentication because it
< is not secure (see RhostsRSAAuthentication). The argument to this
< keyword must be
---
> not used.
> Most servers do not permit RhostsAuthentication because it
> is not secure (see RhostsRSAAuthentication).
> The argument to this keyword must be
688,689c750,752
< authentication. This is the primary authentication method for most
< sites. The argument must be
---
> authentication.
> This is the primary authentication method for most sites.
> The argument must be
694,695c757,758
< Specifies whether to try RSA authentication. The argument to this
< keyword must be
---
> Specifies whether to try RSA authentication.
> The argument to this keyword must be
705,706c768,769
< authentication. The argument to
< this keyword must be
---
> authentication.
> The argument to this keyword must be
718,720c781,783
< file, and refuses to connect hosts whose host key has changed. This
< provides maximum protection against trojan horse attacks. However, it
< can be somewhat annoying if you don't have good
---
> file, and refuses to connect hosts whose host key has changed.
> This provides maximum protection against trojan horse attacks.
> However, it can be somewhat annoying if you don't have good
723,727c786,793
< connect new hosts. Basically this option forces the user to manually
< add any new hosts. Normally this option is disabled, and new hosts
< will automatically be added to the known host files. The host keys of
< known hosts will be verified automatically in either case. The
< argument must be
---
> connect new hosts.
> Basically this option forces the user to manually
> add any new hosts.
> Normally this option is disabled, and new hosts
> will automatically be added to the known host files.
> The host keys of
> known hosts will be verified automatically in either case.
> The argument must be
746,747c812,814
< Specifies the user to log in as. This can be useful if you have a
< different user name in different machines. This saves the trouble of
---
> Specifies the user to log in as.
> This can be useful if you have a different user name on different machines.
> This saves the trouble of
753,754c820,821
< Specifies that rlogin/rsh should be used for this host. It is
< possible that the host does not at all support the
---
> Specifies that rlogin/rsh should be used for this host.
> It is possible that the host does not at all support the
756c823,824
< protocol. This causes
---
> protocol.
> This causes
758c826
< to immediately exec
---
> to immediately execute
762c830,831
< are ignored if this has been specified. The argument must be
---
> are ignored if this has been specified.
> The argument must be
773,774c842,843
< variable indicates the location of the X11 server. It is
< automatically set by
---
> variable indicates the location of the X11 server.
> It is automatically set by
779,781c848,852
< the host where the shell runs, and n is an integer \*(>= 1. Ssh uses
< this special value to forward X11 connections over the secure
< channel. The user should normally not set DISPLAY explicitly, as that
---
> the host where the shell runs, and n is an integer \*(>= 1.
> .Nm
> uses this special value to forward X11 connections over the secure
> channel.
> The user should normally not set DISPLAY explicitly, as that
792c863
< .It Ev PATH
---
> .It Ev PATH
801c872,873
< Identifies the client end of the connection. The variable contains
---
> Identifies the client end of the connection.
> The variable contains
806c878,879
< with the current shell or command. If the current session has no tty,
---
> with the current shell or command.
> If the current session has no tty,
832c905,906
< Contains the RSA authentication identity of the user. This file
---
> Contains the RSA authentication identity of the user.
> This file
843,844c917,918
< identity file in human-readable form). The contents of this file
< should be added to
---
> identity file in human-readable form).
> The contents of this file should be added to
847,848c921,924
< where you wish to log in using RSA authentication. This file is not
< sensitive and can (but need not) be readable by anyone. This file is
---
> where you wish to log in using RSA authentication.
> This file is not
> sensitive and can (but need not) be readable by anyone.
> This file is
852,853c928,930
< This is the per-user configuration file. The format of this file is
< described above. This file is used by the
---
> This is the per-user configuration file.
> The format of this file is described above.
> This file is used by the
855c932,933
< client. This file does not usually contain any sensitive information,
---
> client.
> This file does not usually contain any sensitive information,
859,860c937,938
< Lists the RSA keys that can be used for logging in as this user. The
< format of this file is described in the
---
> Lists the RSA keys that can be used for logging in as this user.
> The format of this file is described in the
862c940,941
< manual page. In the simplest form the format is the same as the .pub
---
> manual page.
> In the simplest form the format is the same as the .pub
865c944,945
< spaces). This file is not highly sensitive, but the recommended
---
> spaces).
> This file is not highly sensitive, but the recommended
868c948,949
< Systemwide list of known host keys. This file should be prepared by the
---
> Systemwide list of known host keys.
> This file should be prepared by the
870c951,953
< organization. This file should be world-readable. This file contains
---
> organization.
> This file should be world-readable.
> This file contains
873c956,957
< modulus, and optional comment field. When different names are used
---
> modulus, and optional comment field.
> When different names are used
875c959,960
< commas. The format is described on the
---
> commas.
> The format is described on the
887c972,973
< Systemwide configuration file. This file provides defaults for those
---
> Systemwide configuration file.
> This file provides defaults for those
889,890c975,976
< for those users who do not have a configuration file. This file must
< be world-readable.
---
> for those users who do not have a configuration file.
> This file must be world-readable.
895c981,982
< host/user pairs that are permitted to log in. (Note that this file is
---
> host/user pairs that are permitted to log in.
> (Note that this file is
899c986,987
< separated by a space. One some machines this file may need to be
---
> separated by a space.
> One some machines this file may need to be
903,904c991,994
< reads it as root. Additionally, this file must be owned by the user,
< and must not have write permissions for anyone else. The recommended
---
> reads it as root.
> Additionally, this file must be owned by the user,
> and must not have write permissions for anyone else.
> The recommended
911,912c1001,1002
< authentication before permitting \s+2.\s0rhosts authentication. If your
< server machine does not have the client's host key in
---
> authentication before permitting \s+2.\s0rhosts authentication.
> If your server machine does not have the client's host key in
933c1023,1024
< authentication. It contains
---
> authentication.
> It contains
937c1028,1029
< manual page). If the client host is found in this file, login is
---
> manual page).
> If the client host is found in this file, login is
939,940c1031,1034
< same. Additionally, successful RSA host authentication is normally
< required. This file should only be writable by root.
---
> same.
> Additionally, successful RSA host authentication is normally
> required.
> This file should only be writable by root.
942c1036
< This file is processed exactly as
---
> This file is processed exactly as
972c1066,1067
< but with bugs removed and newer features re-added. Rapidly after the
---
> but with bugs removed and newer features re-added.
> Rapidly after the