1180740SdesSSH(1) OpenBSD Reference Manual SSH(1) 2180740Sdes 3180740SdesNAME 4180740Sdes ssh - OpenSSH SSH client (remote login program) 5180740Sdes 6180740SdesSYNOPSIS 7189006Sdes ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] 8255670Sdes [-D [bind_address:]port] [-E log_file] [-e escape_char] 9255670Sdes [-F configfile] [-I pkcs11] [-i identity_file] 10255670Sdes [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] 11255670Sdes [-O ctl_cmd] [-o option] [-p port] 12204861Sdes [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] 13180740Sdes [-w local_tun[:remote_tun]] [user@]hostname [command] 14255670Sdes ssh -Q protocol_feature 15180740Sdes 16180740SdesDESCRIPTION 17180740Sdes ssh (SSH client) is a program for logging into a remote machine and for 18180740Sdes executing commands on a remote machine. It is intended to replace rlogin 19214979Sdes and rsh, and provide secure encrypted communications between two 20214979Sdes untrusted hosts over an insecure network. X11 connections and arbitrary 21214979Sdes TCP ports can also be forwarded over the secure channel. 22180740Sdes 23180740Sdes ssh connects and logs into the specified hostname (with optional user 24180740Sdes name). The user must prove his/her identity to the remote machine using 25214979Sdes one of several methods depending on the protocol version used (see 26214979Sdes below). 27180740Sdes 28180740Sdes If command is specified, it is executed on the remote host instead of a 29180740Sdes login shell. 30180740Sdes 31180740Sdes The options are as follows: 32180740Sdes 33180740Sdes -1 Forces ssh to try protocol version 1 only. 34180740Sdes 35180740Sdes -2 Forces ssh to try protocol version 2 only. 36180740Sdes 37180740Sdes -4 Forces ssh to use IPv4 addresses only. 38180740Sdes 39180740Sdes -6 Forces ssh to use IPv6 addresses only. 40180740Sdes 41180740Sdes -A Enables forwarding of the authentication agent connection. This 42180740Sdes can also be specified on a per-host basis in a configuration 43180740Sdes file. 44180740Sdes 45180740Sdes Agent forwarding should be enabled with caution. Users with the 46180740Sdes ability to bypass file permissions on the remote host (for the 47204861Sdes agent's UNIX-domain socket) can access the local agent through 48180740Sdes the forwarded connection. An attacker cannot obtain key material 49180740Sdes from the agent, however they can perform operations on the keys 50180740Sdes that enable them to authenticate using the identities loaded into 51180740Sdes the agent. 52180740Sdes 53180740Sdes -a Disables forwarding of the authentication agent connection. 54180740Sdes 55180740Sdes -b bind_address 56180740Sdes Use bind_address on the local machine as the source address of 57214979Sdes the connection. Only useful on systems with more than one 58214979Sdes address. 59180740Sdes 60180740Sdes -C Requests compression of all data (including stdin, stdout, 61180740Sdes stderr, and data for forwarded X11 and TCP connections). The 62180740Sdes compression algorithm is the same used by gzip(1), and the 63180740Sdes ``level'' can be controlled by the CompressionLevel option for 64180740Sdes protocol version 1. Compression is desirable on modem lines and 65180740Sdes other slow connections, but will only slow down things on fast 66180740Sdes networks. The default value can be set on a host-by-host basis 67180740Sdes in the configuration files; see the Compression option. 68180740Sdes 69180740Sdes -c cipher_spec 70180740Sdes Selects the cipher specification for encrypting the session. 71180740Sdes 72180740Sdes Protocol version 1 allows specification of a single cipher. The 73180740Sdes supported values are ``3des'', ``blowfish'', and ``des''. 3des 74214979Sdes (triple-des) is an encrypt-decrypt-encrypt triple with three 75214979Sdes different keys. It is believed to be secure. blowfish is a fast 76180740Sdes block cipher; it appears very secure and is much faster than 77214979Sdes 3des. des is only supported in the ssh client for 78214979Sdes interoperability with legacy protocol 1 implementations that do 79214979Sdes not support the 3des cipher. Its use is strongly discouraged due 80214979Sdes to cryptographic weaknesses. The default is ``3des''. 81180740Sdes 82180740Sdes For protocol version 2, cipher_spec is a comma-separated list of 83197670Sdes ciphers listed in order of preference. See the Ciphers keyword 84214979Sdes in ssh_config(5) for more information. 85180740Sdes 86180740Sdes -D [bind_address:]port 87180740Sdes Specifies a local ``dynamic'' application-level port forwarding. 88180740Sdes This works by allocating a socket to listen to port on the local 89180740Sdes side, optionally bound to the specified bind_address. Whenever a 90180740Sdes connection is made to this port, the connection is forwarded over 91180740Sdes the secure channel, and the application protocol is then used to 92180740Sdes determine where to connect to from the remote machine. Currently 93180740Sdes the SOCKS4 and SOCKS5 protocols are supported, and ssh will act 94214979Sdes as a SOCKS server. Only root can forward privileged ports. 95214979Sdes Dynamic port forwardings can also be specified in the 96214979Sdes configuration file. 97180740Sdes 98214979Sdes IPv6 addresses can be specified by enclosing the address in 99214979Sdes square brackets. Only the superuser can forward privileged 100214979Sdes ports. By default, the local port is bound in accordance with 101214979Sdes the GatewayPorts setting. However, an explicit bind_address may 102214979Sdes be used to bind the connection to a specific address. The 103180740Sdes bind_address of ``localhost'' indicates that the listening port 104214979Sdes be bound for local use only, while an empty address or `*' 105214979Sdes indicates that the port should be available from all interfaces. 106180740Sdes 107255670Sdes -E log_file 108255670Sdes Append debug logs to log_file instead of standard error. 109255670Sdes 110180740Sdes -e escape_char 111180740Sdes Sets the escape character for sessions with a pty (default: `~'). 112180740Sdes The escape character is only recognized at the beginning of a 113180740Sdes line. The escape character followed by a dot (`.') closes the 114180740Sdes connection; followed by control-Z suspends the connection; and 115180740Sdes followed by itself sends the escape character once. Setting the 116180740Sdes character to ``none'' disables any escapes and makes the session 117180740Sdes fully transparent. 118180740Sdes 119180740Sdes -F configfile 120214979Sdes Specifies an alternative per-user configuration file. If a 121214979Sdes configuration file is given on the command line, the system-wide 122180740Sdes configuration file (/etc/ssh/ssh_config) will be ignored. The 123180740Sdes default for the per-user configuration file is ~/.ssh/config. 124180740Sdes 125180740Sdes -f Requests ssh to go to background just before command execution. 126214979Sdes This is useful if ssh is going to ask for passwords or 127214979Sdes passphrases, but the user wants it in the background. This 128214979Sdes implies -n. The recommended way to start X11 programs at a 129214979Sdes remote site is with something like ssh -f host xterm. 130180740Sdes 131180750Sdes If the ExitOnForwardFailure configuration option is set to 132180750Sdes ``yes'', then a client started with -f will wait for all remote 133214979Sdes port forwards to be successfully established before placing 134214979Sdes itself in the background. 135180750Sdes 136180740Sdes -g Allows remote hosts to connect to local forwarded ports. 137180740Sdes 138204861Sdes -I pkcs11 139204861Sdes Specify the PKCS#11 shared library ssh should use to communicate 140204861Sdes with a PKCS#11 token providing the user's private RSA key. 141180740Sdes 142180740Sdes -i identity_file 143218767Sdes Selects a file from which the identity (private key) for public 144218767Sdes key authentication is read. The default is ~/.ssh/identity for 145218767Sdes protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and 146218767Sdes ~/.ssh/id_rsa for protocol version 2. Identity files may also be 147218767Sdes specified on a per-host basis in the configuration file. It is 148218767Sdes possible to have multiple -i options (and multiple identities 149218767Sdes specified in configuration files). ssh will also try to load 150218767Sdes certificate information from the filename obtained by appending 151218767Sdes -cert.pub to identity filenames. 152180740Sdes 153180744Sdes -K Enables GSSAPI-based authentication and forwarding (delegation) 154180744Sdes of GSSAPI credentials to the server. 155180744Sdes 156180740Sdes -k Disables forwarding (delegation) of GSSAPI credentials to the 157180740Sdes server. 158180740Sdes 159180740Sdes -L [bind_address:]port:host:hostport 160180740Sdes Specifies that the given port on the local (client) host is to be 161180740Sdes forwarded to the given host and port on the remote side. This 162180740Sdes works by allocating a socket to listen to port on the local side, 163214979Sdes optionally bound to the specified bind_address. Whenever a 164214979Sdes connection is made to this port, the connection is forwarded over 165180740Sdes the secure channel, and a connection is made to host port 166180740Sdes hostport from the remote machine. Port forwardings can also be 167214979Sdes specified in the configuration file. IPv6 addresses can be 168214979Sdes specified by enclosing the address in square brackets. Only the 169180740Sdes superuser can forward privileged ports. By default, the local 170214979Sdes port is bound in accordance with the GatewayPorts setting. 171214979Sdes However, an explicit bind_address may be used to bind the 172214979Sdes connection to a specific address. The bind_address of 173214979Sdes ``localhost'' indicates that the listening port be bound for 174214979Sdes local use only, while an empty address or `*' indicates that the 175214979Sdes port should be available from all interfaces. 176180740Sdes 177180740Sdes -l login_name 178180740Sdes Specifies the user to log in as on the remote machine. This also 179180740Sdes may be specified on a per-host basis in the configuration file. 180180740Sdes 181214979Sdes -M Places the ssh client into ``master'' mode for connection 182214979Sdes sharing. Multiple -M options places ssh into ``master'' mode 183214979Sdes with confirmation required before slave connections are accepted. 184214979Sdes Refer to the description of ControlMaster in ssh_config(5) for 185214979Sdes details. 186180740Sdes 187180740Sdes -m mac_spec 188180740Sdes Additionally, for protocol version 2 a comma-separated list of 189180740Sdes MAC (message authentication code) algorithms can be specified in 190180740Sdes order of preference. See the MACs keyword for more information. 191180740Sdes 192214979Sdes -N Do not execute a remote command. This is useful for just 193214979Sdes forwarding ports (protocol version 2 only). 194180740Sdes 195180740Sdes -n Redirects stdin from /dev/null (actually, prevents reading from 196180740Sdes stdin). This must be used when ssh is run in the background. A 197214979Sdes common trick is to use this to run X11 programs on a remote 198214979Sdes machine. For example, ssh -n shadows.cs.hut.fi emacs & will 199214979Sdes start an emacs on shadows.cs.hut.fi, and the X11 connection will 200214979Sdes be automatically forwarded over an encrypted channel. The ssh 201214979Sdes program will be put in the background. (This does not work if 202214979Sdes ssh needs to ask for a password or passphrase; see also the -f 203214979Sdes option.) 204180740Sdes 205180740Sdes -O ctl_cmd 206180740Sdes Control an active connection multiplexing master process. When 207180740Sdes the -O option is specified, the ctl_cmd argument is interpreted 208180740Sdes and passed to the master process. Valid commands are: ``check'' 209214979Sdes (check that the master process is running), ``forward'' (request 210239844Sdes forwardings without command execution), ``cancel'' (cancel 211239844Sdes forwardings), ``exit'' (request the master to exit), and ``stop'' 212239844Sdes (request the master to stop accepting further multiplexing 213239844Sdes requests). 214180740Sdes 215180740Sdes -o option 216214979Sdes Can be used to give options in the format used in the 217214979Sdes configuration file. This is useful for specifying options for 218214979Sdes which there is no separate command-line flag. For full details 219214979Sdes of the options listed below, and their possible values, see 220214979Sdes ssh_config(5). 221180740Sdes 222180740Sdes AddressFamily 223180740Sdes BatchMode 224180740Sdes BindAddress 225180740Sdes ChallengeResponseAuthentication 226180740Sdes CheckHostIP 227180740Sdes Cipher 228180740Sdes Ciphers 229180740Sdes ClearAllForwardings 230180740Sdes Compression 231180740Sdes CompressionLevel 232180740Sdes ConnectionAttempts 233180740Sdes ConnectTimeout 234180740Sdes ControlMaster 235180740Sdes ControlPath 236239844Sdes ControlPersist 237180740Sdes DynamicForward 238180740Sdes EscapeChar 239180740Sdes ExitOnForwardFailure 240180740Sdes ForwardAgent 241180740Sdes ForwardX11 242239844Sdes ForwardX11Timeout 243180740Sdes ForwardX11Trusted 244180740Sdes GatewayPorts 245180740Sdes GlobalKnownHostsFile 246180740Sdes GSSAPIAuthentication 247180740Sdes GSSAPIDelegateCredentials 248180740Sdes HashKnownHosts 249180740Sdes Host 250180740Sdes HostbasedAuthentication 251180740Sdes HostKeyAlgorithms 252180740Sdes HostKeyAlias 253180740Sdes HostName 254180740Sdes IdentityFile 255180740Sdes IdentitiesOnly 256218767Sdes IPQoS 257239844Sdes KbdInteractiveAuthentication 258180740Sdes KbdInteractiveDevices 259218767Sdes KexAlgorithms 260180740Sdes LocalCommand 261180740Sdes LocalForward 262180740Sdes LogLevel 263180740Sdes MACs 264180740Sdes NoHostAuthenticationForLocalhost 265180740Sdes NumberOfPasswordPrompts 266180740Sdes PasswordAuthentication 267180740Sdes PermitLocalCommand 268204861Sdes PKCS11Provider 269180740Sdes Port 270180740Sdes PreferredAuthentications 271180740Sdes Protocol 272180740Sdes ProxyCommand 273180740Sdes PubkeyAuthentication 274180740Sdes RekeyLimit 275180740Sdes RemoteForward 276225825Sdes RequestTTY 277180740Sdes RhostsRSAAuthentication 278180740Sdes RSAAuthentication 279180740Sdes SendEnv 280180740Sdes ServerAliveInterval 281180740Sdes ServerAliveCountMax 282180740Sdes StrictHostKeyChecking 283180740Sdes TCPKeepAlive 284180740Sdes Tunnel 285180740Sdes TunnelDevice 286180740Sdes UsePrivilegedPort 287180740Sdes User 288180740Sdes UserKnownHostsFile 289180740Sdes VerifyHostKeyDNS 290180750Sdes VisualHostKey 291180740Sdes XAuthLocation 292180740Sdes 293180740Sdes -p port 294180740Sdes Port to connect to on the remote host. This can be specified on 295180740Sdes a per-host basis in the configuration file. 296180740Sdes 297255670Sdes -Q protocol_feature 298255670Sdes Queries ssh for the algorithms supported for the specified 299255670Sdes version 2 protocol_feature. The queriable features are: 300255670Sdes ``cipher'' (supported symmetric ciphers), ``MAC'' (supported 301255670Sdes message integrity codes), ``KEX'' (key exchange algorithms), 302255670Sdes ``key'' (key types). Protocol features are treated case- 303255670Sdes insensitively. 304255670Sdes 305180746Sdes -q Quiet mode. Causes most warning and diagnostic messages to be 306180740Sdes suppressed. 307180740Sdes 308180740Sdes -R [bind_address:]port:host:hostport 309180740Sdes Specifies that the given port on the remote (server) host is to 310180740Sdes be forwarded to the given host and port on the local side. This 311180740Sdes works by allocating a socket to listen to port on the remote 312214979Sdes side, and whenever a connection is made to this port, the 313214979Sdes connection is forwarded over the secure channel, and a connection 314214979Sdes is made to host port hostport from the local machine. 315180740Sdes 316180740Sdes Port forwardings can also be specified in the configuration file. 317180740Sdes Privileged ports can be forwarded only when logging in as root on 318180740Sdes the remote machine. IPv6 addresses can be specified by enclosing 319239849Sdes the address in square brackets. 320180740Sdes 321180740Sdes By default, the listening socket on the server will be bound to 322214979Sdes the loopback interface only. This may be overridden by 323214979Sdes specifying a bind_address. An empty bind_address, or the address 324214979Sdes `*', indicates that the remote socket should listen on all 325214979Sdes interfaces. Specifying a remote bind_address will only succeed 326214979Sdes if the server's GatewayPorts option is enabled (see 327214979Sdes sshd_config(5)). 328180740Sdes 329189006Sdes If the port argument is `0', the listen port will be dynamically 330189006Sdes allocated on the server and reported to the client at run time. 331214979Sdes When used together with -O forward the allocated port will be 332214979Sdes printed to the standard output. 333189006Sdes 334180740Sdes -S ctl_path 335214979Sdes Specifies the location of a control socket for connection 336214979Sdes sharing, or the string ``none'' to disable connection sharing. 337214979Sdes Refer to the description of ControlPath and ControlMaster in 338214979Sdes ssh_config(5) for details. 339180740Sdes 340180740Sdes -s May be used to request invocation of a subsystem on the remote 341214979Sdes system. Subsystems are a feature of the SSH2 protocol which 342214979Sdes facilitate the use of SSH as a secure transport for other 343214979Sdes applications (eg. sftp(1)). The subsystem is specified as the 344214979Sdes remote command. 345180740Sdes 346180740Sdes -T Disable pseudo-tty allocation. 347180740Sdes 348214979Sdes -t Force pseudo-tty allocation. This can be used to execute 349214979Sdes arbitrary screen-based programs on a remote machine, which can be 350180740Sdes very useful, e.g. when implementing menu services. Multiple -t 351180740Sdes options force tty allocation, even if ssh has no local tty. 352180740Sdes 353180740Sdes -V Display the version number and exit. 354180740Sdes 355180740Sdes -v Verbose mode. Causes ssh to print debugging messages about its 356214979Sdes progress. This is helpful in debugging connection, 357214979Sdes authentication, and configuration problems. Multiple -v options 358214979Sdes increase the verbosity. The maximum is 3. 359180740Sdes 360204861Sdes -W host:port 361214979Sdes Requests that standard input and output on the client be 362214979Sdes forwarded to host on port over the secure channel. Implies -N, 363239849Sdes -T, ExitOnForwardFailure and ClearAllForwardings. Works with 364214979Sdes Protocol version 2 only. 365204861Sdes 366180740Sdes -w local_tun[:remote_tun] 367214979Sdes Requests tunnel device forwarding with the specified tun(4) 368214979Sdes devices between the client (local_tun) and the server 369214979Sdes (remote_tun). 370180740Sdes 371180740Sdes The devices may be specified by numerical ID or the keyword 372180740Sdes ``any'', which uses the next available tunnel device. If 373180740Sdes remote_tun is not specified, it defaults to ``any''. See also 374180740Sdes the Tunnel and TunnelDevice directives in ssh_config(5). If the 375180740Sdes Tunnel directive is unset, it is set to the default tunnel mode, 376180740Sdes which is ``point-to-point''. 377180740Sdes 378180740Sdes -X Enables X11 forwarding. This can also be specified on a per-host 379180740Sdes basis in a configuration file. 380180740Sdes 381180740Sdes X11 forwarding should be enabled with caution. Users with the 382180740Sdes ability to bypass file permissions on the remote host (for the 383180740Sdes user's X authorization database) can access the local X11 display 384180740Sdes through the forwarded connection. An attacker may then be able 385180740Sdes to perform activities such as keystroke monitoring. 386180740Sdes 387214979Sdes For this reason, X11 forwarding is subjected to X11 SECURITY 388214979Sdes extension restrictions by default. Please refer to the ssh -Y 389214979Sdes option and the ForwardX11Trusted directive in ssh_config(5) for 390180740Sdes more information. 391180740Sdes 392180740Sdes -x Disables X11 forwarding. 393180740Sdes 394180740Sdes -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not 395180740Sdes subjected to the X11 SECURITY extension controls. 396180740Sdes 397214979Sdes -y Send log information using the syslog(3) system module. By 398214979Sdes default this information is sent to stderr. 399189006Sdes 400214979Sdes ssh may additionally obtain configuration data from a per-user 401214979Sdes configuration file and a system-wide configuration file. The file format 402214979Sdes and configuration options are described in ssh_config(5). 403180740Sdes 404180740SdesAUTHENTICATION 405204861Sdes The OpenSSH SSH client supports SSH protocols 1 and 2. The default is to 406204861Sdes use protocol 2 only, though this can be changed via the Protocol option 407204861Sdes in ssh_config(5) or the -1 and -2 options (see above). Both protocols 408204861Sdes support similar authentication methods, but protocol 2 is the default 409204861Sdes since it provides additional mechanisms for confidentiality (the traffic 410214979Sdes is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) and 411225825Sdes integrity (hmac-md5, hmac-sha1, hmac-sha2-256, hmac-sha2-512, umac-64, 412248613Sdes umac-128, hmac-ripemd160). Protocol 1 lacks a strong mechanism for 413248613Sdes ensuring the integrity of the connection. 414180740Sdes 415214979Sdes The methods available for authentication are: GSSAPI-based 416214979Sdes authentication, host-based authentication, public key authentication, 417214979Sdes challenge-response authentication, and password authentication. 418214979Sdes Authentication methods are tried in the order specified above, though 419214979Sdes protocol 2 has a configuration option to change the default order: 420214979Sdes PreferredAuthentications. 421180740Sdes 422180740Sdes Host-based authentication works as follows: If the machine the user logs 423180740Sdes in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote 424180740Sdes machine, and the user names are the same on both sides, or if the files 425180740Sdes ~/.rhosts or ~/.shosts exist in the user's home directory on the remote 426180740Sdes machine and contain a line containing the name of the client machine and 427180740Sdes the name of the user on that machine, the user is considered for login. 428180740Sdes Additionally, the server must be able to verify the client's host key 429180740Sdes (see the description of /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts, 430214979Sdes below) for login to be permitted. This authentication method closes 431214979Sdes security holes due to IP spoofing, DNS spoofing, and routing spoofing. 432180740Sdes [Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the 433180740Sdes rlogin/rsh protocol in general, are inherently insecure and should be 434180740Sdes disabled if security is desired.] 435180740Sdes 436214979Sdes Public key authentication works as follows: The scheme is based on 437214979Sdes public-key cryptography, using cryptosystems where encryption and 438214979Sdes decryption are done using separate keys, and it is unfeasible to derive 439214979Sdes the decryption key from the encryption key. The idea is that each user 440214979Sdes creates a public/private key pair for authentication purposes. The 441214979Sdes server knows the public key, and only the user knows the private key. 442214979Sdes ssh implements public key authentication protocol automatically, using 443218767Sdes one of the DSA, ECDSA or RSA algorithms. Protocol 1 is restricted to 444218767Sdes using only RSA keys, but protocol 2 may use any. The HISTORY section of 445218767Sdes ssl(8) contains a brief discussion of the DSA and RSA algorithms. 446180740Sdes 447180740Sdes The file ~/.ssh/authorized_keys lists the public keys that are permitted 448180740Sdes for logging in. When the user logs in, the ssh program tells the server 449180740Sdes which key pair it would like to use for authentication. The client 450180740Sdes proves that it has access to the private key and the server checks that 451180740Sdes the corresponding public key is authorized to accept the account. 452180740Sdes 453180740Sdes The user creates his/her key pair by running ssh-keygen(1). This stores 454180740Sdes the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol 455218767Sdes 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), or ~/.ssh/id_rsa (protocol 2 456218767Sdes RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1), 457218767Sdes ~/.ssh/id_dsa.pub (protocol 2 DSA), ~/.ssh/id_ecdsa.pub (protocol 2 458218767Sdes ECDSA), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home 459218767Sdes directory. The user should then copy the public key to 460218767Sdes ~/.ssh/authorized_keys in his/her home directory on the remote machine. 461218767Sdes The authorized_keys file corresponds to the conventional ~/.rhosts file, 462218767Sdes and has one key per line, though the lines can be very long. After this, 463218767Sdes the user can log in without giving the password. 464180740Sdes 465214979Sdes A variation on public key authentication is available in the form of 466214979Sdes certificate authentication: instead of a set of public/private keys, 467214979Sdes signed certificates are used. This has the advantage that a single 468214979Sdes trusted certification authority can be used in place of many 469214979Sdes public/private keys. See the CERTIFICATES section of ssh-keygen(1) for 470214979Sdes more information. 471180740Sdes 472204861Sdes The most convenient way to use public key or certificate authentication 473214979Sdes may be with an authentication agent. See ssh-agent(1) for more 474214979Sdes information. 475204861Sdes 476180740Sdes Challenge-response authentication works as follows: The server sends an 477214979Sdes arbitrary "challenge" text, and prompts for a response. Protocol 2 478214979Sdes allows multiple challenges and responses; protocol 1 is restricted to 479214979Sdes just one challenge/response. Examples of challenge-response 480214979Sdes authentication include BSD Authentication (see login.conf(5)) and PAM 481214979Sdes (some non-OpenBSD systems). 482180740Sdes 483180740Sdes Finally, if other authentication methods fail, ssh prompts the user for a 484180740Sdes password. The password is sent to the remote host for checking; however, 485180740Sdes since all communications are encrypted, the password cannot be seen by 486180740Sdes someone listening on the network. 487180740Sdes 488214979Sdes ssh automatically maintains and checks a database containing 489214979Sdes identification for all hosts it has ever been used with. Host keys are 490214979Sdes stored in ~/.ssh/known_hosts in the user's home directory. Additionally, 491214979Sdes the file /etc/ssh/ssh_known_hosts is automatically checked for known 492214979Sdes hosts. Any new hosts are automatically added to the user's file. If a 493214979Sdes host's identification ever changes, ssh warns about this and disables 494214979Sdes password authentication to prevent server spoofing or man-in-the-middle 495214979Sdes attacks, which could otherwise be used to circumvent the encryption. The 496180740Sdes StrictHostKeyChecking option can be used to control logins to machines 497180740Sdes whose host key is not known or has changed. 498180740Sdes 499214979Sdes When the user's identity has been accepted by the server, the server 500214979Sdes either executes the given command, or logs into the machine and gives the 501180740Sdes user a normal shell on the remote machine. All communication with the 502180740Sdes remote command or shell will be automatically encrypted. 503180740Sdes 504180740Sdes If a pseudo-terminal has been allocated (normal login session), the user 505180740Sdes may use the escape characters noted below. 506180740Sdes 507180740Sdes If no pseudo-tty has been allocated, the session is transparent and can 508180740Sdes be used to reliably transfer binary data. On most systems, setting the 509180740Sdes escape character to ``none'' will also make the session transparent even 510180740Sdes if a tty is used. 511180740Sdes 512180740Sdes The session terminates when the command or shell on the remote machine 513180740Sdes exits and all X11 and TCP connections have been closed. 514180740Sdes 515180740SdesESCAPE CHARACTERS 516214979Sdes When a pseudo-terminal has been requested, ssh supports a number of 517214979Sdes functions through the use of an escape character. 518180740Sdes 519180740Sdes A single tilde character can be sent as ~~ or by following the tilde by a 520180740Sdes character other than those described below. The escape character must 521214979Sdes always follow a newline to be interpreted as special. The escape 522214979Sdes character can be changed in configuration files using the EscapeChar 523214979Sdes configuration directive or on the command line by the -e option. 524180740Sdes 525180740Sdes The supported escapes (assuming the default `~') are: 526180740Sdes 527180740Sdes ~. Disconnect. 528180740Sdes 529180740Sdes ~^Z Background ssh. 530180740Sdes 531180740Sdes ~# List forwarded connections. 532180740Sdes 533180740Sdes ~& Background ssh at logout when waiting for forwarded connection / 534180740Sdes X11 sessions to terminate. 535180740Sdes 536180740Sdes ~? Display a list of escape characters. 537180740Sdes 538180740Sdes ~B Send a BREAK to the remote system (only useful for SSH protocol 539180740Sdes version 2 and if the peer supports it). 540180740Sdes 541180740Sdes ~C Open command line. Currently this allows the addition of port 542189006Sdes forwardings using the -L, -R and -D options (see above). It also 543239844Sdes allows the cancellation of existing port-forwardings with 544239844Sdes -KL[bind_address:]port for local, -KR[bind_address:]port for 545239844Sdes remote and -KD[bind_address:]port for dynamic port-forwardings. 546239844Sdes !command allows the user to execute a local command if the 547239844Sdes PermitLocalCommand option is enabled in ssh_config(5). Basic 548239844Sdes help is available, using the -h option. 549180740Sdes 550180740Sdes ~R Request rekeying of the connection (only useful for SSH protocol 551180740Sdes version 2 and if the peer supports it). 552180740Sdes 553248613Sdes ~V Decrease the verbosity (LogLevel) when errors are being written 554248613Sdes to stderr. 555248613Sdes 556248613Sdes ~v Increase the verbosity (LogLevel) when errors are being written 557248613Sdes to stderr. 558248613Sdes 559180740SdesTCP FORWARDING 560180740Sdes Forwarding of arbitrary TCP connections over the secure channel can be 561180740Sdes specified either on the command line or in a configuration file. One 562180740Sdes possible application of TCP forwarding is a secure connection to a mail 563180740Sdes server; another is going through firewalls. 564180740Sdes 565180740Sdes In the example below, we look at encrypting communication between an IRC 566180740Sdes client and server, even though the IRC server does not directly support 567180740Sdes encrypted communications. This works as follows: the user connects to 568214979Sdes the remote host using ssh, specifying a port to be used to forward 569214979Sdes connections to the remote server. After that it is possible to start the 570180740Sdes service which is to be encrypted on the client machine, connecting to the 571180740Sdes same local port, and ssh will encrypt and forward the connection. 572180740Sdes 573180740Sdes The following example tunnels an IRC session from client machine 574180740Sdes ``127.0.0.1'' (localhost) to remote server ``server.example.com'': 575180740Sdes 576180740Sdes $ ssh -f -L 1234:localhost:6667 server.example.com sleep 10 577180740Sdes $ irc -c '#users' -p 1234 pinky 127.0.0.1 578180740Sdes 579180740Sdes This tunnels a connection to IRC server ``server.example.com'', joining 580214979Sdes channel ``#users'', nickname ``pinky'', using port 1234. It doesn't 581214979Sdes matter which port is used, as long as it's greater than 1023 (remember, 582214979Sdes only root can open sockets on privileged ports) and doesn't conflict with 583214979Sdes any ports already in use. The connection is forwarded to port 6667 on 584214979Sdes the remote server, since that's the standard port for IRC services. 585180740Sdes 586180740Sdes The -f option backgrounds ssh and the remote command ``sleep 10'' is 587180740Sdes specified to allow an amount of time (10 seconds, in the example) to 588180740Sdes start the service which is to be tunnelled. If no connections are made 589180740Sdes within the time specified, ssh will exit. 590180740Sdes 591180740SdesX11 FORWARDING 592180740Sdes If the ForwardX11 variable is set to ``yes'' (or see the description of 593180740Sdes the -X, -x, and -Y options above) and the user is using X11 (the DISPLAY 594214979Sdes environment variable is set), the connection to the X11 display is 595214979Sdes automatically forwarded to the remote side in such a way that any X11 596214979Sdes programs started from the shell (or command) will go through the 597214979Sdes encrypted channel, and the connection to the real X server will be made 598214979Sdes from the local machine. The user should not manually set DISPLAY. 599214979Sdes Forwarding of X11 connections can be configured on the command line or in 600214979Sdes configuration files. 601180740Sdes 602180740Sdes The DISPLAY value set by ssh will point to the server machine, but with a 603180740Sdes display number greater than zero. This is normal, and happens because 604180740Sdes ssh creates a ``proxy'' X server on the server machine for forwarding the 605180740Sdes connections over the encrypted channel. 606180740Sdes 607180740Sdes ssh will also automatically set up Xauthority data on the server machine. 608180740Sdes For this purpose, it will generate a random authorization cookie, store 609180740Sdes it in Xauthority on the server, and verify that any forwarded connections 610180740Sdes carry this cookie and replace it by the real cookie when the connection 611180740Sdes is opened. The real authentication cookie is never sent to the server 612180740Sdes machine (and no cookies are sent in the plain). 613180740Sdes 614180740Sdes If the ForwardAgent variable is set to ``yes'' (or see the description of 615180740Sdes the -A and -a options above) and the user is using an authentication 616214979Sdes agent, the connection to the agent is automatically forwarded to the 617214979Sdes remote side. 618180740Sdes 619180740SdesVERIFYING HOST KEYS 620180740Sdes When connecting to a server for the first time, a fingerprint of the 621180740Sdes server's public key is presented to the user (unless the option 622180740Sdes StrictHostKeyChecking has been disabled). Fingerprints can be determined 623180740Sdes using ssh-keygen(1): 624180740Sdes 625180740Sdes $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key 626180740Sdes 627180750Sdes If the fingerprint is already known, it can be matched and the key can be 628180750Sdes accepted or rejected. Because of the difficulty of comparing host keys 629180750Sdes just by looking at hex strings, there is also support to compare host 630180750Sdes keys visually, using random art. By setting the VisualHostKey option to 631180750Sdes ``yes'', a small ASCII graphic gets displayed on every login to a server, 632180750Sdes no matter if the session itself is interactive or not. By learning the 633180750Sdes pattern a known server produces, a user can easily find out that the host 634214979Sdes key has changed when a completely different pattern is displayed. 635214979Sdes Because these patterns are not unambiguous however, a pattern that looks 636180750Sdes similar to the pattern remembered only gives a good probability that the 637180750Sdes host key is the same, not guaranteed proof. 638180740Sdes 639180750Sdes To get a listing of the fingerprints along with their random art for all 640180750Sdes known hosts, the following command line can be used: 641180750Sdes 642180750Sdes $ ssh-keygen -lv -f ~/.ssh/known_hosts 643180750Sdes 644180750Sdes If the fingerprint is unknown, an alternative method of verification is 645180750Sdes available: SSH fingerprints verified by DNS. An additional resource 646180750Sdes record (RR), SSHFP, is added to a zonefile and the connecting client is 647180750Sdes able to match the fingerprint with that of the key presented. 648180750Sdes 649180740Sdes In this example, we are connecting a client to a server, 650180740Sdes ``host.example.com''. The SSHFP resource records should first be added 651180740Sdes to the zonefile for host.example.com: 652180740Sdes 653180740Sdes $ ssh-keygen -r host.example.com. 654180740Sdes 655180740Sdes The output lines will have to be added to the zonefile. To check that 656180740Sdes the zone is answering fingerprint queries: 657180740Sdes 658180740Sdes $ dig -t SSHFP host.example.com 659180740Sdes 660180740Sdes Finally the client connects: 661180740Sdes 662180740Sdes $ ssh -o "VerifyHostKeyDNS ask" host.example.com 663180740Sdes [...] 664180740Sdes Matching host key fingerprint found in DNS. 665180740Sdes Are you sure you want to continue connecting (yes/no)? 666180740Sdes 667180740Sdes See the VerifyHostKeyDNS option in ssh_config(5) for more information. 668180740Sdes 669180740SdesSSH-BASED VIRTUAL PRIVATE NETWORKS 670180740Sdes ssh contains support for Virtual Private Network (VPN) tunnelling using 671214979Sdes the tun(4) network pseudo-device, allowing two networks to be joined 672214979Sdes securely. The sshd_config(5) configuration option PermitTunnel controls 673214979Sdes whether the server supports this, and at what level (layer 2 or 3 674214979Sdes traffic). 675180740Sdes 676214979Sdes The following example would connect client network 10.0.50.0/24 with 677214979Sdes remote network 10.0.99.0/24 using a point-to-point connection from 678214979Sdes 10.1.1.1 to 10.1.1.2, provided that the SSH server running on the gateway 679214979Sdes to the remote network, at 192.168.1.15, allows it. 680180740Sdes 681180740Sdes On the client: 682180740Sdes 683180740Sdes # ssh -f -w 0:1 192.168.1.15 true 684180740Sdes # ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252 685180740Sdes # route add 10.0.99.0/24 10.1.1.2 686180740Sdes 687180740Sdes On the server: 688180740Sdes 689180740Sdes # ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252 690180740Sdes # route add 10.0.50.0/24 10.1.1.1 691180740Sdes 692180740Sdes Client access may be more finely tuned via the /root/.ssh/authorized_keys 693180740Sdes file (see below) and the PermitRootLogin server option. The following 694180740Sdes entry would permit connections on tun(4) device 1 from user ``jane'' and 695180740Sdes on tun device 2 from user ``john'', if PermitRootLogin is set to 696180740Sdes ``forced-commands-only'': 697180740Sdes 698180740Sdes tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane 699180740Sdes tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john 700180740Sdes 701180740Sdes Since an SSH-based setup entails a fair amount of overhead, it may be 702214979Sdes more suited to temporary setups, such as for wireless VPNs. More 703214979Sdes permanent VPNs are better provided by tools such as ipsecctl(8) and 704180740Sdes isakmpd(8). 705180740Sdes 706180740SdesENVIRONMENT 707180740Sdes ssh will normally set the following environment variables: 708180740Sdes 709180740Sdes DISPLAY The DISPLAY variable indicates the location of the 710180740Sdes X11 server. It is automatically set by ssh to 711180740Sdes point to a value of the form ``hostname:n'', where 712180740Sdes ``hostname'' indicates the host where the shell 713180740Sdes runs, and `n' is an integer >= 1. ssh uses this 714180740Sdes special value to forward X11 connections over the 715180740Sdes secure channel. The user should normally not set 716180740Sdes DISPLAY explicitly, as that will render the X11 717180740Sdes connection insecure (and will require the user to 718180740Sdes manually copy any required authorization cookies). 719180740Sdes 720180740Sdes HOME Set to the path of the user's home directory. 721180740Sdes 722214979Sdes LOGNAME Synonym for USER; set for compatibility with 723214979Sdes systems that use this variable. 724180740Sdes 725180740Sdes MAIL Set to the path of the user's mailbox. 726180740Sdes 727214979Sdes PATH Set to the default PATH, as specified when 728214979Sdes compiling ssh. 729180740Sdes 730180740Sdes SSH_ASKPASS If ssh needs a passphrase, it will read the 731180740Sdes passphrase from the current terminal if it was run 732180740Sdes from a terminal. If ssh does not have a terminal 733180740Sdes associated with it but DISPLAY and SSH_ASKPASS are 734180740Sdes set, it will execute the program specified by 735180740Sdes SSH_ASKPASS and open an X11 window to read the 736214979Sdes passphrase. This is particularly useful when 737214979Sdes calling ssh from a .xsession or related script. 738214979Sdes (Note that on some machines it may be necessary to 739214979Sdes redirect the input from /dev/null to make this 740214979Sdes work.) 741180740Sdes 742180740Sdes SSH_AUTH_SOCK Identifies the path of a UNIX-domain socket used to 743180740Sdes communicate with the agent. 744180740Sdes 745214979Sdes SSH_CONNECTION Identifies the client and server ends of the 746214979Sdes connection. The variable contains four space- 747214979Sdes separated values: client IP address, client port 748214979Sdes number, server IP address, and server port number. 749180740Sdes 750180740Sdes SSH_ORIGINAL_COMMAND This variable contains the original command line if 751180740Sdes a forced command is executed. It can be used to 752180740Sdes extract the original arguments. 753180740Sdes 754214979Sdes SSH_TTY This is set to the name of the tty (path to the 755214979Sdes device) associated with the current shell or 756214979Sdes command. If the current session has no tty, this 757214979Sdes variable is not set. 758180740Sdes 759180740Sdes TZ This variable is set to indicate the present time 760180740Sdes zone if it was set when the daemon was started 761214979Sdes (i.e. the daemon passes the value on to new 762214979Sdes connections). 763180740Sdes 764180740Sdes USER Set to the name of the user logging in. 765180740Sdes 766180740Sdes Additionally, ssh reads ~/.ssh/environment, and adds lines of the format 767214979Sdes ``VARNAME=value'' to the environment if the file exists and users are 768214979Sdes allowed to change their environment. For more information, see the 769180740Sdes PermitUserEnvironment option in sshd_config(5). 770180740Sdes 771180740SdesFILES 772180740Sdes ~/.rhosts 773180740Sdes This file is used for host-based authentication (see above). On 774214979Sdes some machines this file may need to be world-readable if the 775214979Sdes user's home directory is on an NFS partition, because sshd(8) 776214979Sdes reads it as root. Additionally, this file must be owned by the 777214979Sdes user, and must not have write permissions for anyone else. The 778214979Sdes recommended permission for most machines is read/write for the 779214979Sdes user, and not accessible by others. 780180740Sdes 781180740Sdes ~/.shosts 782180740Sdes This file is used in exactly the same way as .rhosts, but allows 783180740Sdes host-based authentication without permitting login with 784180740Sdes rlogin/rsh. 785180740Sdes 786180746Sdes ~/.ssh/ 787214979Sdes This directory is the default location for all user-specific 788214979Sdes configuration and authentication information. There is no 789214979Sdes general requirement to keep the entire contents of this directory 790214979Sdes secret, but the recommended permissions are read/write/execute 791214979Sdes for the user, and not accessible by others. 792180746Sdes 793180740Sdes ~/.ssh/authorized_keys 794218767Sdes Lists the public keys (DSA/ECDSA/RSA) that can be used for 795218767Sdes logging in as this user. The format of this file is described in 796218767Sdes the sshd(8) manual page. This file is not highly sensitive, but 797218767Sdes the recommended permissions are read/write for the user, and not 798214979Sdes accessible by others. 799180740Sdes 800180740Sdes ~/.ssh/config 801180740Sdes This is the per-user configuration file. The file format and 802180740Sdes configuration options are described in ssh_config(5). Because of 803180740Sdes the potential for abuse, this file must have strict permissions: 804255670Sdes read/write for the user, and not writable by others. 805180740Sdes 806180740Sdes ~/.ssh/environment 807180740Sdes Contains additional definitions for environment variables; see 808180740Sdes ENVIRONMENT, above. 809180740Sdes 810180740Sdes ~/.ssh/identity 811180740Sdes ~/.ssh/id_dsa 812218767Sdes ~/.ssh/id_ecdsa 813180740Sdes ~/.ssh/id_rsa 814180740Sdes Contains the private key for authentication. These files contain 815214979Sdes sensitive data and should be readable by the user but not 816214979Sdes accessible by others (read/write/execute). ssh will simply 817214979Sdes ignore a private key file if it is accessible by others. It is 818214979Sdes possible to specify a passphrase when generating the key which 819214979Sdes will be used to encrypt the sensitive part of this file using 820214979Sdes 3DES. 821180740Sdes 822180740Sdes ~/.ssh/identity.pub 823180740Sdes ~/.ssh/id_dsa.pub 824218767Sdes ~/.ssh/id_ecdsa.pub 825180740Sdes ~/.ssh/id_rsa.pub 826180740Sdes Contains the public key for authentication. These files are not 827180740Sdes sensitive and can (but need not) be readable by anyone. 828180740Sdes 829180740Sdes ~/.ssh/known_hosts 830180740Sdes Contains a list of host keys for all hosts the user has logged 831180740Sdes into that are not already in the systemwide list of known host 832180740Sdes keys. See sshd(8) for further details of the format of this 833180740Sdes file. 834180740Sdes 835180740Sdes ~/.ssh/rc 836180740Sdes Commands in this file are executed by ssh when the user logs in, 837180740Sdes just before the user's shell (or command) is started. See the 838180740Sdes sshd(8) manual page for more information. 839180740Sdes 840180740Sdes /etc/hosts.equiv 841180740Sdes This file is for host-based authentication (see above). It 842180740Sdes should only be writable by root. 843180740Sdes 844180740Sdes /etc/shosts.equiv 845214979Sdes This file is used in exactly the same way as hosts.equiv, but 846214979Sdes allows host-based authentication without permitting login with 847180740Sdes rlogin/rsh. 848180740Sdes 849180740Sdes /etc/ssh/ssh_config 850180740Sdes Systemwide configuration file. The file format and configuration 851180740Sdes options are described in ssh_config(5). 852180740Sdes 853180740Sdes /etc/ssh/ssh_host_key 854180740Sdes /etc/ssh/ssh_host_dsa_key 855218767Sdes /etc/ssh/ssh_host_ecdsa_key 856180740Sdes /etc/ssh/ssh_host_rsa_key 857239849Sdes These files contain the private parts of the host keys and are 858239849Sdes used for host-based authentication. If protocol version 1 is 859214979Sdes used, ssh must be setuid root, since the host key is readable 860214979Sdes only by root. For protocol version 2, ssh uses ssh-keysign(8) to 861214979Sdes access the host keys, eliminating the requirement that ssh be 862214979Sdes setuid root when host-based authentication is used. By default 863214979Sdes ssh is not setuid root. 864180740Sdes 865180740Sdes /etc/ssh/ssh_known_hosts 866180740Sdes Systemwide list of known host keys. This file should be prepared 867180740Sdes by the system administrator to contain the public host keys of 868180740Sdes all machines in the organization. It should be world-readable. 869180740Sdes See sshd(8) for further details of the format of this file. 870180740Sdes 871180740Sdes /etc/ssh/sshrc 872180740Sdes Commands in this file are executed by ssh when the user logs in, 873180740Sdes just before the user's shell (or command) is started. See the 874180740Sdes sshd(8) manual page for more information. 875180740Sdes 876218767SdesEXIT STATUS 877218767Sdes ssh exits with the exit status of the remote command or with 255 if an 878218767Sdes error occurred. 879218767Sdes 880180740SdesSEE ALSO 881180740Sdes scp(1), sftp(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh-keyscan(1), 882180740Sdes tun(4), hosts.equiv(5), ssh_config(5), ssh-keysign(8), sshd(8) 883180740Sdes 884248613SdesSTANDARDS 885248613Sdes S. Lehtinen and C. Lonvick, The Secure Shell (SSH) Protocol Assigned 886248613Sdes Numbers, RFC 4250, January 2006. 887180740Sdes 888248613Sdes T. Ylonen and C. Lonvick, The Secure Shell (SSH) Protocol Architecture, 889248613Sdes RFC 4251, January 2006. 890180740Sdes 891248613Sdes T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol, 892248613Sdes RFC 4252, January 2006. 893180740Sdes 894248613Sdes T. Ylonen and C. Lonvick, The Secure Shell (SSH) Transport Layer 895248613Sdes Protocol, RFC 4253, January 2006. 896180740Sdes 897248613Sdes T. Ylonen and C. Lonvick, The Secure Shell (SSH) Connection Protocol, RFC 898248613Sdes 4254, January 2006. 899180740Sdes 900248613Sdes J. Schlyter and W. Griffin, Using DNS to Securely Publish Secure Shell 901248613Sdes (SSH) Key Fingerprints, RFC 4255, January 2006. 902180740Sdes 903248613Sdes F. Cusack and M. Forssen, Generic Message Exchange Authentication for the 904248613Sdes Secure Shell Protocol (SSH), RFC 4256, January 2006. 905180740Sdes 906248613Sdes J. Galbraith and P. Remaker, The Secure Shell (SSH) Session Channel Break 907248613Sdes Extension, RFC 4335, January 2006. 908180740Sdes 909248613Sdes M. Bellare, T. Kohno, and C. Namprempre, The Secure Shell (SSH) Transport 910248613Sdes Layer Encryption Modes, RFC 4344, January 2006. 911180740Sdes 912248613Sdes B. Harris, Improved Arcfour Modes for the Secure Shell (SSH) Transport 913248613Sdes Layer Protocol, RFC 4345, January 2006. 914180740Sdes 915248613Sdes M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for 916248613Sdes the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006. 917180740Sdes 918248613Sdes J. Galbraith and R. Thayer, The Secure Shell (SSH) Public Key File 919248613Sdes Format, RFC 4716, November 2006. 920180740Sdes 921248613Sdes D. Stebila and J. Green, Elliptic Curve Algorithm Integration in the 922248613Sdes Secure Shell Transport Layer, RFC 5656, December 2009. 923218767Sdes 924218767Sdes A. Perrig and D. Song, Hash Visualization: a New Technique to improve 925180750Sdes Real-World Security, 1999, International Workshop on Cryptographic 926180750Sdes Techniques and E-Commerce (CrypTEC '99). 927180750Sdes 928180740SdesAUTHORS 929180740Sdes OpenSSH is a derivative of the original and free ssh 1.2.12 release by 930180740Sdes Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 931180740Sdes de Raadt and Dug Song removed many bugs, re-added newer features and 932180740Sdes created OpenSSH. Markus Friedl contributed the support for SSH protocol 933180740Sdes versions 1.5 and 2.0. 934180740Sdes 935255670SdesOpenBSD 5.4 July 18, 2013 OpenBSD 5.4 936