1180740SdesSSH(1) OpenBSD Reference Manual SSH(1) 2180740Sdes 3180740SdesNAME 4180740Sdes ssh - OpenSSH SSH client (remote login program) 5180740Sdes 6180740SdesSYNOPSIS 7189006Sdes ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] 8255670Sdes [-D [bind_address:]port] [-E log_file] [-e escape_char] 9255670Sdes [-F configfile] [-I pkcs11] [-i identity_file] 10255670Sdes [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] 11255670Sdes [-O ctl_cmd] [-o option] [-p port] 12262566Sdes [-Q cipher | cipher-auth | mac | kex | key] 13204861Sdes [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] 14180740Sdes [-w local_tun[:remote_tun]] [user@]hostname [command] 15180740Sdes 16180740SdesDESCRIPTION 17180740Sdes ssh (SSH client) is a program for logging into a remote machine and for 18180740Sdes executing commands on a remote machine. It is intended to replace rlogin 19214979Sdes and rsh, and provide secure encrypted communications between two 20214979Sdes untrusted hosts over an insecure network. X11 connections and arbitrary 21214979Sdes TCP ports can also be forwarded over the secure channel. 22180740Sdes 23180740Sdes ssh connects and logs into the specified hostname (with optional user 24180740Sdes name). The user must prove his/her identity to the remote machine using 25214979Sdes one of several methods depending on the protocol version used (see 26214979Sdes below). 27180740Sdes 28180740Sdes If command is specified, it is executed on the remote host instead of a 29180740Sdes login shell. 30180740Sdes 31180740Sdes The options are as follows: 32180740Sdes 33180740Sdes -1 Forces ssh to try protocol version 1 only. 34180740Sdes 35180740Sdes -2 Forces ssh to try protocol version 2 only. 36180740Sdes 37180740Sdes -4 Forces ssh to use IPv4 addresses only. 38180740Sdes 39180740Sdes -6 Forces ssh to use IPv6 addresses only. 40180740Sdes 41180740Sdes -A Enables forwarding of the authentication agent connection. This 42180740Sdes can also be specified on a per-host basis in a configuration 43180740Sdes file. 44180740Sdes 45180740Sdes Agent forwarding should be enabled with caution. Users with the 46180740Sdes ability to bypass file permissions on the remote host (for the 47204861Sdes agent's UNIX-domain socket) can access the local agent through 48180740Sdes the forwarded connection. An attacker cannot obtain key material 49180740Sdes from the agent, however they can perform operations on the keys 50180740Sdes that enable them to authenticate using the identities loaded into 51180740Sdes the agent. 52180740Sdes 53180740Sdes -a Disables forwarding of the authentication agent connection. 54180740Sdes 55180740Sdes -b bind_address 56180740Sdes Use bind_address on the local machine as the source address of 57214979Sdes the connection. Only useful on systems with more than one 58214979Sdes address. 59180740Sdes 60180740Sdes -C Requests compression of all data (including stdin, stdout, 61180740Sdes stderr, and data for forwarded X11 and TCP connections). The 62180740Sdes compression algorithm is the same used by gzip(1), and the 63180740Sdes ``level'' can be controlled by the CompressionLevel option for 64180740Sdes protocol version 1. Compression is desirable on modem lines and 65180740Sdes other slow connections, but will only slow down things on fast 66180740Sdes networks. The default value can be set on a host-by-host basis 67180740Sdes in the configuration files; see the Compression option. 68180740Sdes 69180740Sdes -c cipher_spec 70180740Sdes Selects the cipher specification for encrypting the session. 71180740Sdes 72180740Sdes Protocol version 1 allows specification of a single cipher. The 73180740Sdes supported values are ``3des'', ``blowfish'', and ``des''. 3des 74214979Sdes (triple-des) is an encrypt-decrypt-encrypt triple with three 75214979Sdes different keys. It is believed to be secure. blowfish is a fast 76180740Sdes block cipher; it appears very secure and is much faster than 77214979Sdes 3des. des is only supported in the ssh client for 78214979Sdes interoperability with legacy protocol 1 implementations that do 79214979Sdes not support the 3des cipher. Its use is strongly discouraged due 80214979Sdes to cryptographic weaknesses. The default is ``3des''. 81180740Sdes 82180740Sdes For protocol version 2, cipher_spec is a comma-separated list of 83197670Sdes ciphers listed in order of preference. See the Ciphers keyword 84214979Sdes in ssh_config(5) for more information. 85180740Sdes 86180740Sdes -D [bind_address:]port 87180740Sdes Specifies a local ``dynamic'' application-level port forwarding. 88180740Sdes This works by allocating a socket to listen to port on the local 89180740Sdes side, optionally bound to the specified bind_address. Whenever a 90180740Sdes connection is made to this port, the connection is forwarded over 91180740Sdes the secure channel, and the application protocol is then used to 92180740Sdes determine where to connect to from the remote machine. Currently 93180740Sdes the SOCKS4 and SOCKS5 protocols are supported, and ssh will act 94214979Sdes as a SOCKS server. Only root can forward privileged ports. 95214979Sdes Dynamic port forwardings can also be specified in the 96214979Sdes configuration file. 97180740Sdes 98214979Sdes IPv6 addresses can be specified by enclosing the address in 99214979Sdes square brackets. Only the superuser can forward privileged 100214979Sdes ports. By default, the local port is bound in accordance with 101214979Sdes the GatewayPorts setting. However, an explicit bind_address may 102214979Sdes be used to bind the connection to a specific address. The 103180740Sdes bind_address of ``localhost'' indicates that the listening port 104214979Sdes be bound for local use only, while an empty address or `*' 105214979Sdes indicates that the port should be available from all interfaces. 106180740Sdes 107255670Sdes -E log_file 108255670Sdes Append debug logs to log_file instead of standard error. 109255670Sdes 110180740Sdes -e escape_char 111180740Sdes Sets the escape character for sessions with a pty (default: `~'). 112180740Sdes The escape character is only recognized at the beginning of a 113180740Sdes line. The escape character followed by a dot (`.') closes the 114180740Sdes connection; followed by control-Z suspends the connection; and 115180740Sdes followed by itself sends the escape character once. Setting the 116180740Sdes character to ``none'' disables any escapes and makes the session 117180740Sdes fully transparent. 118180740Sdes 119180740Sdes -F configfile 120214979Sdes Specifies an alternative per-user configuration file. If a 121214979Sdes configuration file is given on the command line, the system-wide 122180740Sdes configuration file (/etc/ssh/ssh_config) will be ignored. The 123180740Sdes default for the per-user configuration file is ~/.ssh/config. 124180740Sdes 125180740Sdes -f Requests ssh to go to background just before command execution. 126214979Sdes This is useful if ssh is going to ask for passwords or 127214979Sdes passphrases, but the user wants it in the background. This 128214979Sdes implies -n. The recommended way to start X11 programs at a 129214979Sdes remote site is with something like ssh -f host xterm. 130180740Sdes 131180750Sdes If the ExitOnForwardFailure configuration option is set to 132180750Sdes ``yes'', then a client started with -f will wait for all remote 133214979Sdes port forwards to be successfully established before placing 134214979Sdes itself in the background. 135180750Sdes 136180740Sdes -g Allows remote hosts to connect to local forwarded ports. 137180740Sdes 138204861Sdes -I pkcs11 139204861Sdes Specify the PKCS#11 shared library ssh should use to communicate 140204861Sdes with a PKCS#11 token providing the user's private RSA key. 141180740Sdes 142180740Sdes -i identity_file 143218767Sdes Selects a file from which the identity (private key) for public 144218767Sdes key authentication is read. The default is ~/.ssh/identity for 145262566Sdes protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, 146262566Sdes ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2. 147262566Sdes Identity files may also be specified on a per-host basis in the 148262566Sdes configuration file. It is possible to have multiple -i options 149262566Sdes (and multiple identities specified in configuration files). ssh 150262566Sdes will also try to load certificate information from the filename 151262566Sdes obtained by appending -cert.pub to identity filenames. 152180740Sdes 153180744Sdes -K Enables GSSAPI-based authentication and forwarding (delegation) 154180744Sdes of GSSAPI credentials to the server. 155180744Sdes 156180740Sdes -k Disables forwarding (delegation) of GSSAPI credentials to the 157180740Sdes server. 158180740Sdes 159180740Sdes -L [bind_address:]port:host:hostport 160180740Sdes Specifies that the given port on the local (client) host is to be 161180740Sdes forwarded to the given host and port on the remote side. This 162180740Sdes works by allocating a socket to listen to port on the local side, 163214979Sdes optionally bound to the specified bind_address. Whenever a 164214979Sdes connection is made to this port, the connection is forwarded over 165180740Sdes the secure channel, and a connection is made to host port 166180740Sdes hostport from the remote machine. Port forwardings can also be 167214979Sdes specified in the configuration file. IPv6 addresses can be 168214979Sdes specified by enclosing the address in square brackets. Only the 169180740Sdes superuser can forward privileged ports. By default, the local 170214979Sdes port is bound in accordance with the GatewayPorts setting. 171214979Sdes However, an explicit bind_address may be used to bind the 172214979Sdes connection to a specific address. The bind_address of 173214979Sdes ``localhost'' indicates that the listening port be bound for 174214979Sdes local use only, while an empty address or `*' indicates that the 175214979Sdes port should be available from all interfaces. 176180740Sdes 177180740Sdes -l login_name 178180740Sdes Specifies the user to log in as on the remote machine. This also 179180740Sdes may be specified on a per-host basis in the configuration file. 180180740Sdes 181214979Sdes -M Places the ssh client into ``master'' mode for connection 182214979Sdes sharing. Multiple -M options places ssh into ``master'' mode 183214979Sdes with confirmation required before slave connections are accepted. 184214979Sdes Refer to the description of ControlMaster in ssh_config(5) for 185214979Sdes details. 186180740Sdes 187180740Sdes -m mac_spec 188180740Sdes Additionally, for protocol version 2 a comma-separated list of 189180740Sdes MAC (message authentication code) algorithms can be specified in 190180740Sdes order of preference. See the MACs keyword for more information. 191180740Sdes 192214979Sdes -N Do not execute a remote command. This is useful for just 193214979Sdes forwarding ports (protocol version 2 only). 194180740Sdes 195180740Sdes -n Redirects stdin from /dev/null (actually, prevents reading from 196180740Sdes stdin). This must be used when ssh is run in the background. A 197214979Sdes common trick is to use this to run X11 programs on a remote 198214979Sdes machine. For example, ssh -n shadows.cs.hut.fi emacs & will 199214979Sdes start an emacs on shadows.cs.hut.fi, and the X11 connection will 200214979Sdes be automatically forwarded over an encrypted channel. The ssh 201214979Sdes program will be put in the background. (This does not work if 202214979Sdes ssh needs to ask for a password or passphrase; see also the -f 203214979Sdes option.) 204180740Sdes 205180740Sdes -O ctl_cmd 206180740Sdes Control an active connection multiplexing master process. When 207180740Sdes the -O option is specified, the ctl_cmd argument is interpreted 208180740Sdes and passed to the master process. Valid commands are: ``check'' 209214979Sdes (check that the master process is running), ``forward'' (request 210239844Sdes forwardings without command execution), ``cancel'' (cancel 211239844Sdes forwardings), ``exit'' (request the master to exit), and ``stop'' 212239844Sdes (request the master to stop accepting further multiplexing 213239844Sdes requests). 214180740Sdes 215180740Sdes -o option 216214979Sdes Can be used to give options in the format used in the 217214979Sdes configuration file. This is useful for specifying options for 218214979Sdes which there is no separate command-line flag. For full details 219214979Sdes of the options listed below, and their possible values, see 220214979Sdes ssh_config(5). 221180740Sdes 222180740Sdes AddressFamily 223180740Sdes BatchMode 224180740Sdes BindAddress 225262566Sdes CanonicalDomains 226262566Sdes CanonicalizeFallbackLocal 227262566Sdes CanonicalizeHostname 228262566Sdes CanonicalizeMaxDots 229262566Sdes CanonicalizePermittedCNAMEs 230180740Sdes ChallengeResponseAuthentication 231180740Sdes CheckHostIP 232180740Sdes Cipher 233180740Sdes Ciphers 234180740Sdes ClearAllForwardings 235180740Sdes Compression 236180740Sdes CompressionLevel 237180740Sdes ConnectionAttempts 238180740Sdes ConnectTimeout 239180740Sdes ControlMaster 240180740Sdes ControlPath 241239844Sdes ControlPersist 242180740Sdes DynamicForward 243180740Sdes EscapeChar 244180740Sdes ExitOnForwardFailure 245180740Sdes ForwardAgent 246180740Sdes ForwardX11 247239844Sdes ForwardX11Timeout 248180740Sdes ForwardX11Trusted 249180740Sdes GatewayPorts 250180740Sdes GlobalKnownHostsFile 251180740Sdes GSSAPIAuthentication 252180740Sdes GSSAPIDelegateCredentials 253180740Sdes HashKnownHosts 254180740Sdes Host 255180740Sdes HostbasedAuthentication 256180740Sdes HostKeyAlgorithms 257180740Sdes HostKeyAlias 258180740Sdes HostName 259180740Sdes IdentityFile 260180740Sdes IdentitiesOnly 261218767Sdes IPQoS 262239844Sdes KbdInteractiveAuthentication 263180740Sdes KbdInteractiveDevices 264218767Sdes KexAlgorithms 265180740Sdes LocalCommand 266180740Sdes LocalForward 267180740Sdes LogLevel 268180740Sdes MACs 269262566Sdes Match 270180740Sdes NoHostAuthenticationForLocalhost 271180740Sdes NumberOfPasswordPrompts 272180740Sdes PasswordAuthentication 273180740Sdes PermitLocalCommand 274204861Sdes PKCS11Provider 275180740Sdes Port 276180740Sdes PreferredAuthentications 277180740Sdes Protocol 278180740Sdes ProxyCommand 279262566Sdes ProxyUseFdpass 280180740Sdes PubkeyAuthentication 281180740Sdes RekeyLimit 282180740Sdes RemoteForward 283225825Sdes RequestTTY 284180740Sdes RhostsRSAAuthentication 285180740Sdes RSAAuthentication 286180740Sdes SendEnv 287180740Sdes ServerAliveInterval 288180740Sdes ServerAliveCountMax 289180740Sdes StrictHostKeyChecking 290180740Sdes TCPKeepAlive 291180740Sdes Tunnel 292180740Sdes TunnelDevice 293180740Sdes UsePrivilegedPort 294180740Sdes User 295180740Sdes UserKnownHostsFile 296180740Sdes VerifyHostKeyDNS 297180750Sdes VisualHostKey 298180740Sdes XAuthLocation 299180740Sdes 300180740Sdes -p port 301180740Sdes Port to connect to on the remote host. This can be specified on 302180740Sdes a per-host basis in the configuration file. 303180740Sdes 304262566Sdes -Q cipher | cipher-auth | mac | kex | key 305255670Sdes Queries ssh for the algorithms supported for the specified 306262566Sdes version 2. The available features are: cipher (supported 307262566Sdes symmetric ciphers), cipher-auth (supported symmetric ciphers that 308262566Sdes support authenticated encryption), mac (supported message 309262566Sdes integrity codes), kex (key exchange algorithms), key (key types). 310255670Sdes 311180746Sdes -q Quiet mode. Causes most warning and diagnostic messages to be 312180740Sdes suppressed. 313180740Sdes 314180740Sdes -R [bind_address:]port:host:hostport 315180740Sdes Specifies that the given port on the remote (server) host is to 316180740Sdes be forwarded to the given host and port on the local side. This 317180740Sdes works by allocating a socket to listen to port on the remote 318214979Sdes side, and whenever a connection is made to this port, the 319214979Sdes connection is forwarded over the secure channel, and a connection 320214979Sdes is made to host port hostport from the local machine. 321180740Sdes 322180740Sdes Port forwardings can also be specified in the configuration file. 323180740Sdes Privileged ports can be forwarded only when logging in as root on 324180740Sdes the remote machine. IPv6 addresses can be specified by enclosing 325239849Sdes the address in square brackets. 326180740Sdes 327180740Sdes By default, the listening socket on the server will be bound to 328214979Sdes the loopback interface only. This may be overridden by 329214979Sdes specifying a bind_address. An empty bind_address, or the address 330214979Sdes `*', indicates that the remote socket should listen on all 331214979Sdes interfaces. Specifying a remote bind_address will only succeed 332214979Sdes if the server's GatewayPorts option is enabled (see 333214979Sdes sshd_config(5)). 334180740Sdes 335189006Sdes If the port argument is `0', the listen port will be dynamically 336189006Sdes allocated on the server and reported to the client at run time. 337214979Sdes When used together with -O forward the allocated port will be 338214979Sdes printed to the standard output. 339189006Sdes 340180740Sdes -S ctl_path 341214979Sdes Specifies the location of a control socket for connection 342214979Sdes sharing, or the string ``none'' to disable connection sharing. 343214979Sdes Refer to the description of ControlPath and ControlMaster in 344214979Sdes ssh_config(5) for details. 345180740Sdes 346180740Sdes -s May be used to request invocation of a subsystem on the remote 347214979Sdes system. Subsystems are a feature of the SSH2 protocol which 348214979Sdes facilitate the use of SSH as a secure transport for other 349214979Sdes applications (eg. sftp(1)). The subsystem is specified as the 350214979Sdes remote command. 351180740Sdes 352180740Sdes -T Disable pseudo-tty allocation. 353180740Sdes 354214979Sdes -t Force pseudo-tty allocation. This can be used to execute 355214979Sdes arbitrary screen-based programs on a remote machine, which can be 356180740Sdes very useful, e.g. when implementing menu services. Multiple -t 357180740Sdes options force tty allocation, even if ssh has no local tty. 358180740Sdes 359180740Sdes -V Display the version number and exit. 360180740Sdes 361180740Sdes -v Verbose mode. Causes ssh to print debugging messages about its 362214979Sdes progress. This is helpful in debugging connection, 363214979Sdes authentication, and configuration problems. Multiple -v options 364214979Sdes increase the verbosity. The maximum is 3. 365180740Sdes 366204861Sdes -W host:port 367214979Sdes Requests that standard input and output on the client be 368214979Sdes forwarded to host on port over the secure channel. Implies -N, 369239849Sdes -T, ExitOnForwardFailure and ClearAllForwardings. Works with 370214979Sdes Protocol version 2 only. 371204861Sdes 372180740Sdes -w local_tun[:remote_tun] 373214979Sdes Requests tunnel device forwarding with the specified tun(4) 374214979Sdes devices between the client (local_tun) and the server 375214979Sdes (remote_tun). 376180740Sdes 377180740Sdes The devices may be specified by numerical ID or the keyword 378180740Sdes ``any'', which uses the next available tunnel device. If 379180740Sdes remote_tun is not specified, it defaults to ``any''. See also 380180740Sdes the Tunnel and TunnelDevice directives in ssh_config(5). If the 381180740Sdes Tunnel directive is unset, it is set to the default tunnel mode, 382180740Sdes which is ``point-to-point''. 383180740Sdes 384180740Sdes -X Enables X11 forwarding. This can also be specified on a per-host 385180740Sdes basis in a configuration file. 386180740Sdes 387180740Sdes X11 forwarding should be enabled with caution. Users with the 388180740Sdes ability to bypass file permissions on the remote host (for the 389180740Sdes user's X authorization database) can access the local X11 display 390180740Sdes through the forwarded connection. An attacker may then be able 391180740Sdes to perform activities such as keystroke monitoring. 392180740Sdes 393214979Sdes For this reason, X11 forwarding is subjected to X11 SECURITY 394214979Sdes extension restrictions by default. Please refer to the ssh -Y 395214979Sdes option and the ForwardX11Trusted directive in ssh_config(5) for 396180740Sdes more information. 397180740Sdes 398180740Sdes -x Disables X11 forwarding. 399180740Sdes 400180740Sdes -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not 401180740Sdes subjected to the X11 SECURITY extension controls. 402180740Sdes 403214979Sdes -y Send log information using the syslog(3) system module. By 404214979Sdes default this information is sent to stderr. 405189006Sdes 406214979Sdes ssh may additionally obtain configuration data from a per-user 407214979Sdes configuration file and a system-wide configuration file. The file format 408214979Sdes and configuration options are described in ssh_config(5). 409180740Sdes 410180740SdesAUTHENTICATION 411204861Sdes The OpenSSH SSH client supports SSH protocols 1 and 2. The default is to 412204861Sdes use protocol 2 only, though this can be changed via the Protocol option 413204861Sdes in ssh_config(5) or the -1 and -2 options (see above). Both protocols 414204861Sdes support similar authentication methods, but protocol 2 is the default 415204861Sdes since it provides additional mechanisms for confidentiality (the traffic 416214979Sdes is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) and 417225825Sdes integrity (hmac-md5, hmac-sha1, hmac-sha2-256, hmac-sha2-512, umac-64, 418248613Sdes umac-128, hmac-ripemd160). Protocol 1 lacks a strong mechanism for 419248613Sdes ensuring the integrity of the connection. 420180740Sdes 421214979Sdes The methods available for authentication are: GSSAPI-based 422214979Sdes authentication, host-based authentication, public key authentication, 423214979Sdes challenge-response authentication, and password authentication. 424214979Sdes Authentication methods are tried in the order specified above, though 425214979Sdes protocol 2 has a configuration option to change the default order: 426214979Sdes PreferredAuthentications. 427180740Sdes 428180740Sdes Host-based authentication works as follows: If the machine the user logs 429180740Sdes in from is listed in /etc/hosts.equiv or /etc/shosts.equiv on the remote 430180740Sdes machine, and the user names are the same on both sides, or if the files 431180740Sdes ~/.rhosts or ~/.shosts exist in the user's home directory on the remote 432180740Sdes machine and contain a line containing the name of the client machine and 433180740Sdes the name of the user on that machine, the user is considered for login. 434180740Sdes Additionally, the server must be able to verify the client's host key 435180740Sdes (see the description of /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts, 436214979Sdes below) for login to be permitted. This authentication method closes 437214979Sdes security holes due to IP spoofing, DNS spoofing, and routing spoofing. 438180740Sdes [Note to the administrator: /etc/hosts.equiv, ~/.rhosts, and the 439180740Sdes rlogin/rsh protocol in general, are inherently insecure and should be 440180740Sdes disabled if security is desired.] 441180740Sdes 442214979Sdes Public key authentication works as follows: The scheme is based on 443214979Sdes public-key cryptography, using cryptosystems where encryption and 444214979Sdes decryption are done using separate keys, and it is unfeasible to derive 445214979Sdes the decryption key from the encryption key. The idea is that each user 446214979Sdes creates a public/private key pair for authentication purposes. The 447214979Sdes server knows the public key, and only the user knows the private key. 448214979Sdes ssh implements public key authentication protocol automatically, using 449262566Sdes one of the DSA, ECDSA, ED25519 or RSA algorithms. Protocol 1 is 450262566Sdes restricted to using only RSA keys, but protocol 2 may use any. The 451262566Sdes HISTORY section of ssl(8) contains a brief discussion of the DSA and RSA 452262566Sdes algorithms. 453180740Sdes 454180740Sdes The file ~/.ssh/authorized_keys lists the public keys that are permitted 455180740Sdes for logging in. When the user logs in, the ssh program tells the server 456180740Sdes which key pair it would like to use for authentication. The client 457180740Sdes proves that it has access to the private key and the server checks that 458180740Sdes the corresponding public key is authorized to accept the account. 459180740Sdes 460180740Sdes The user creates his/her key pair by running ssh-keygen(1). This stores 461180740Sdes the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol 462262566Sdes 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), ~/.ssh/id_ed25519 (protocol 2 463262566Sdes ED25519), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in 464262566Sdes ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), 465262566Sdes ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), ~/.ssh/id_ed25519.pub (protocol 2 466262566Sdes ED25519), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home 467218767Sdes directory. The user should then copy the public key to 468218767Sdes ~/.ssh/authorized_keys in his/her home directory on the remote machine. 469218767Sdes The authorized_keys file corresponds to the conventional ~/.rhosts file, 470218767Sdes and has one key per line, though the lines can be very long. After this, 471218767Sdes the user can log in without giving the password. 472180740Sdes 473214979Sdes A variation on public key authentication is available in the form of 474214979Sdes certificate authentication: instead of a set of public/private keys, 475214979Sdes signed certificates are used. This has the advantage that a single 476214979Sdes trusted certification authority can be used in place of many 477214979Sdes public/private keys. See the CERTIFICATES section of ssh-keygen(1) for 478214979Sdes more information. 479180740Sdes 480204861Sdes The most convenient way to use public key or certificate authentication 481214979Sdes may be with an authentication agent. See ssh-agent(1) for more 482214979Sdes information. 483204861Sdes 484180740Sdes Challenge-response authentication works as follows: The server sends an 485214979Sdes arbitrary "challenge" text, and prompts for a response. Protocol 2 486214979Sdes allows multiple challenges and responses; protocol 1 is restricted to 487214979Sdes just one challenge/response. Examples of challenge-response 488214979Sdes authentication include BSD Authentication (see login.conf(5)) and PAM 489214979Sdes (some non-OpenBSD systems). 490180740Sdes 491180740Sdes Finally, if other authentication methods fail, ssh prompts the user for a 492180740Sdes password. The password is sent to the remote host for checking; however, 493180740Sdes since all communications are encrypted, the password cannot be seen by 494180740Sdes someone listening on the network. 495180740Sdes 496214979Sdes ssh automatically maintains and checks a database containing 497214979Sdes identification for all hosts it has ever been used with. Host keys are 498214979Sdes stored in ~/.ssh/known_hosts in the user's home directory. Additionally, 499214979Sdes the file /etc/ssh/ssh_known_hosts is automatically checked for known 500214979Sdes hosts. Any new hosts are automatically added to the user's file. If a 501214979Sdes host's identification ever changes, ssh warns about this and disables 502214979Sdes password authentication to prevent server spoofing or man-in-the-middle 503214979Sdes attacks, which could otherwise be used to circumvent the encryption. The 504180740Sdes StrictHostKeyChecking option can be used to control logins to machines 505180740Sdes whose host key is not known or has changed. 506180740Sdes 507214979Sdes When the user's identity has been accepted by the server, the server 508214979Sdes either executes the given command, or logs into the machine and gives the 509180740Sdes user a normal shell on the remote machine. All communication with the 510180740Sdes remote command or shell will be automatically encrypted. 511180740Sdes 512180740Sdes If a pseudo-terminal has been allocated (normal login session), the user 513180740Sdes may use the escape characters noted below. 514180740Sdes 515180740Sdes If no pseudo-tty has been allocated, the session is transparent and can 516180740Sdes be used to reliably transfer binary data. On most systems, setting the 517180740Sdes escape character to ``none'' will also make the session transparent even 518180740Sdes if a tty is used. 519180740Sdes 520180740Sdes The session terminates when the command or shell on the remote machine 521180740Sdes exits and all X11 and TCP connections have been closed. 522180740Sdes 523180740SdesESCAPE CHARACTERS 524214979Sdes When a pseudo-terminal has been requested, ssh supports a number of 525214979Sdes functions through the use of an escape character. 526180740Sdes 527180740Sdes A single tilde character can be sent as ~~ or by following the tilde by a 528180740Sdes character other than those described below. The escape character must 529214979Sdes always follow a newline to be interpreted as special. The escape 530214979Sdes character can be changed in configuration files using the EscapeChar 531214979Sdes configuration directive or on the command line by the -e option. 532180740Sdes 533180740Sdes The supported escapes (assuming the default `~') are: 534180740Sdes 535180740Sdes ~. Disconnect. 536180740Sdes 537180740Sdes ~^Z Background ssh. 538180740Sdes 539180740Sdes ~# List forwarded connections. 540180740Sdes 541180740Sdes ~& Background ssh at logout when waiting for forwarded connection / 542180740Sdes X11 sessions to terminate. 543180740Sdes 544180740Sdes ~? Display a list of escape characters. 545180740Sdes 546180740Sdes ~B Send a BREAK to the remote system (only useful for SSH protocol 547180740Sdes version 2 and if the peer supports it). 548180740Sdes 549180740Sdes ~C Open command line. Currently this allows the addition of port 550189006Sdes forwardings using the -L, -R and -D options (see above). It also 551239844Sdes allows the cancellation of existing port-forwardings with 552239844Sdes -KL[bind_address:]port for local, -KR[bind_address:]port for 553239844Sdes remote and -KD[bind_address:]port for dynamic port-forwardings. 554239844Sdes !command allows the user to execute a local command if the 555239844Sdes PermitLocalCommand option is enabled in ssh_config(5). Basic 556239844Sdes help is available, using the -h option. 557180740Sdes 558180740Sdes ~R Request rekeying of the connection (only useful for SSH protocol 559180740Sdes version 2 and if the peer supports it). 560180740Sdes 561248613Sdes ~V Decrease the verbosity (LogLevel) when errors are being written 562248613Sdes to stderr. 563248613Sdes 564248613Sdes ~v Increase the verbosity (LogLevel) when errors are being written 565248613Sdes to stderr. 566248613Sdes 567180740SdesTCP FORWARDING 568180740Sdes Forwarding of arbitrary TCP connections over the secure channel can be 569180740Sdes specified either on the command line or in a configuration file. One 570180740Sdes possible application of TCP forwarding is a secure connection to a mail 571180740Sdes server; another is going through firewalls. 572180740Sdes 573180740Sdes In the example below, we look at encrypting communication between an IRC 574180740Sdes client and server, even though the IRC server does not directly support 575180740Sdes encrypted communications. This works as follows: the user connects to 576214979Sdes the remote host using ssh, specifying a port to be used to forward 577214979Sdes connections to the remote server. After that it is possible to start the 578180740Sdes service which is to be encrypted on the client machine, connecting to the 579180740Sdes same local port, and ssh will encrypt and forward the connection. 580180740Sdes 581180740Sdes The following example tunnels an IRC session from client machine 582180740Sdes ``127.0.0.1'' (localhost) to remote server ``server.example.com'': 583180740Sdes 584180740Sdes $ ssh -f -L 1234:localhost:6667 server.example.com sleep 10 585180740Sdes $ irc -c '#users' -p 1234 pinky 127.0.0.1 586180740Sdes 587180740Sdes This tunnels a connection to IRC server ``server.example.com'', joining 588214979Sdes channel ``#users'', nickname ``pinky'', using port 1234. It doesn't 589214979Sdes matter which port is used, as long as it's greater than 1023 (remember, 590214979Sdes only root can open sockets on privileged ports) and doesn't conflict with 591214979Sdes any ports already in use. The connection is forwarded to port 6667 on 592214979Sdes the remote server, since that's the standard port for IRC services. 593180740Sdes 594180740Sdes The -f option backgrounds ssh and the remote command ``sleep 10'' is 595180740Sdes specified to allow an amount of time (10 seconds, in the example) to 596180740Sdes start the service which is to be tunnelled. If no connections are made 597180740Sdes within the time specified, ssh will exit. 598180740Sdes 599180740SdesX11 FORWARDING 600180740Sdes If the ForwardX11 variable is set to ``yes'' (or see the description of 601180740Sdes the -X, -x, and -Y options above) and the user is using X11 (the DISPLAY 602214979Sdes environment variable is set), the connection to the X11 display is 603214979Sdes automatically forwarded to the remote side in such a way that any X11 604214979Sdes programs started from the shell (or command) will go through the 605214979Sdes encrypted channel, and the connection to the real X server will be made 606214979Sdes from the local machine. The user should not manually set DISPLAY. 607214979Sdes Forwarding of X11 connections can be configured on the command line or in 608214979Sdes configuration files. 609180740Sdes 610180740Sdes The DISPLAY value set by ssh will point to the server machine, but with a 611180740Sdes display number greater than zero. This is normal, and happens because 612180740Sdes ssh creates a ``proxy'' X server on the server machine for forwarding the 613180740Sdes connections over the encrypted channel. 614180740Sdes 615180740Sdes ssh will also automatically set up Xauthority data on the server machine. 616180740Sdes For this purpose, it will generate a random authorization cookie, store 617180740Sdes it in Xauthority on the server, and verify that any forwarded connections 618180740Sdes carry this cookie and replace it by the real cookie when the connection 619180740Sdes is opened. The real authentication cookie is never sent to the server 620180740Sdes machine (and no cookies are sent in the plain). 621180740Sdes 622180740Sdes If the ForwardAgent variable is set to ``yes'' (or see the description of 623180740Sdes the -A and -a options above) and the user is using an authentication 624214979Sdes agent, the connection to the agent is automatically forwarded to the 625214979Sdes remote side. 626180740Sdes 627180740SdesVERIFYING HOST KEYS 628180740Sdes When connecting to a server for the first time, a fingerprint of the 629180740Sdes server's public key is presented to the user (unless the option 630180740Sdes StrictHostKeyChecking has been disabled). Fingerprints can be determined 631180740Sdes using ssh-keygen(1): 632180740Sdes 633180740Sdes $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key 634180740Sdes 635180750Sdes If the fingerprint is already known, it can be matched and the key can be 636180750Sdes accepted or rejected. Because of the difficulty of comparing host keys 637180750Sdes just by looking at hex strings, there is also support to compare host 638180750Sdes keys visually, using random art. By setting the VisualHostKey option to 639180750Sdes ``yes'', a small ASCII graphic gets displayed on every login to a server, 640180750Sdes no matter if the session itself is interactive or not. By learning the 641180750Sdes pattern a known server produces, a user can easily find out that the host 642214979Sdes key has changed when a completely different pattern is displayed. 643214979Sdes Because these patterns are not unambiguous however, a pattern that looks 644180750Sdes similar to the pattern remembered only gives a good probability that the 645180750Sdes host key is the same, not guaranteed proof. 646180740Sdes 647180750Sdes To get a listing of the fingerprints along with their random art for all 648180750Sdes known hosts, the following command line can be used: 649180750Sdes 650180750Sdes $ ssh-keygen -lv -f ~/.ssh/known_hosts 651180750Sdes 652180750Sdes If the fingerprint is unknown, an alternative method of verification is 653180750Sdes available: SSH fingerprints verified by DNS. An additional resource 654180750Sdes record (RR), SSHFP, is added to a zonefile and the connecting client is 655180750Sdes able to match the fingerprint with that of the key presented. 656180750Sdes 657180740Sdes In this example, we are connecting a client to a server, 658180740Sdes ``host.example.com''. The SSHFP resource records should first be added 659180740Sdes to the zonefile for host.example.com: 660180740Sdes 661180740Sdes $ ssh-keygen -r host.example.com. 662180740Sdes 663180740Sdes The output lines will have to be added to the zonefile. To check that 664180740Sdes the zone is answering fingerprint queries: 665180740Sdes 666180740Sdes $ dig -t SSHFP host.example.com 667180740Sdes 668180740Sdes Finally the client connects: 669180740Sdes 670180740Sdes $ ssh -o "VerifyHostKeyDNS ask" host.example.com 671180740Sdes [...] 672180740Sdes Matching host key fingerprint found in DNS. 673180740Sdes Are you sure you want to continue connecting (yes/no)? 674180740Sdes 675180740Sdes See the VerifyHostKeyDNS option in ssh_config(5) for more information. 676180740Sdes 677180740SdesSSH-BASED VIRTUAL PRIVATE NETWORKS 678180740Sdes ssh contains support for Virtual Private Network (VPN) tunnelling using 679214979Sdes the tun(4) network pseudo-device, allowing two networks to be joined 680214979Sdes securely. The sshd_config(5) configuration option PermitTunnel controls 681214979Sdes whether the server supports this, and at what level (layer 2 or 3 682214979Sdes traffic). 683180740Sdes 684214979Sdes The following example would connect client network 10.0.50.0/24 with 685214979Sdes remote network 10.0.99.0/24 using a point-to-point connection from 686214979Sdes 10.1.1.1 to 10.1.1.2, provided that the SSH server running on the gateway 687214979Sdes to the remote network, at 192.168.1.15, allows it. 688180740Sdes 689180740Sdes On the client: 690180740Sdes 691180740Sdes # ssh -f -w 0:1 192.168.1.15 true 692180740Sdes # ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252 693180740Sdes # route add 10.0.99.0/24 10.1.1.2 694180740Sdes 695180740Sdes On the server: 696180740Sdes 697180740Sdes # ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252 698180740Sdes # route add 10.0.50.0/24 10.1.1.1 699180740Sdes 700180740Sdes Client access may be more finely tuned via the /root/.ssh/authorized_keys 701180740Sdes file (see below) and the PermitRootLogin server option. The following 702180740Sdes entry would permit connections on tun(4) device 1 from user ``jane'' and 703180740Sdes on tun device 2 from user ``john'', if PermitRootLogin is set to 704180740Sdes ``forced-commands-only'': 705180740Sdes 706180740Sdes tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane 707180740Sdes tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john 708180740Sdes 709180740Sdes Since an SSH-based setup entails a fair amount of overhead, it may be 710214979Sdes more suited to temporary setups, such as for wireless VPNs. More 711214979Sdes permanent VPNs are better provided by tools such as ipsecctl(8) and 712180740Sdes isakmpd(8). 713180740Sdes 714180740SdesENVIRONMENT 715180740Sdes ssh will normally set the following environment variables: 716180740Sdes 717180740Sdes DISPLAY The DISPLAY variable indicates the location of the 718180740Sdes X11 server. It is automatically set by ssh to 719180740Sdes point to a value of the form ``hostname:n'', where 720180740Sdes ``hostname'' indicates the host where the shell 721180740Sdes runs, and `n' is an integer >= 1. ssh uses this 722180740Sdes special value to forward X11 connections over the 723180740Sdes secure channel. The user should normally not set 724180740Sdes DISPLAY explicitly, as that will render the X11 725180740Sdes connection insecure (and will require the user to 726180740Sdes manually copy any required authorization cookies). 727180740Sdes 728180740Sdes HOME Set to the path of the user's home directory. 729180740Sdes 730214979Sdes LOGNAME Synonym for USER; set for compatibility with 731214979Sdes systems that use this variable. 732180740Sdes 733180740Sdes MAIL Set to the path of the user's mailbox. 734180740Sdes 735214979Sdes PATH Set to the default PATH, as specified when 736214979Sdes compiling ssh. 737180740Sdes 738180740Sdes SSH_ASKPASS If ssh needs a passphrase, it will read the 739180740Sdes passphrase from the current terminal if it was run 740180740Sdes from a terminal. If ssh does not have a terminal 741180740Sdes associated with it but DISPLAY and SSH_ASKPASS are 742180740Sdes set, it will execute the program specified by 743180740Sdes SSH_ASKPASS and open an X11 window to read the 744214979Sdes passphrase. This is particularly useful when 745214979Sdes calling ssh from a .xsession or related script. 746214979Sdes (Note that on some machines it may be necessary to 747214979Sdes redirect the input from /dev/null to make this 748214979Sdes work.) 749180740Sdes 750180740Sdes SSH_AUTH_SOCK Identifies the path of a UNIX-domain socket used to 751180740Sdes communicate with the agent. 752180740Sdes 753214979Sdes SSH_CONNECTION Identifies the client and server ends of the 754214979Sdes connection. The variable contains four space- 755214979Sdes separated values: client IP address, client port 756214979Sdes number, server IP address, and server port number. 757180740Sdes 758180740Sdes SSH_ORIGINAL_COMMAND This variable contains the original command line if 759180740Sdes a forced command is executed. It can be used to 760180740Sdes extract the original arguments. 761180740Sdes 762214979Sdes SSH_TTY This is set to the name of the tty (path to the 763214979Sdes device) associated with the current shell or 764214979Sdes command. If the current session has no tty, this 765214979Sdes variable is not set. 766180740Sdes 767180740Sdes TZ This variable is set to indicate the present time 768180740Sdes zone if it was set when the daemon was started 769214979Sdes (i.e. the daemon passes the value on to new 770214979Sdes connections). 771180740Sdes 772180740Sdes USER Set to the name of the user logging in. 773180740Sdes 774180740Sdes Additionally, ssh reads ~/.ssh/environment, and adds lines of the format 775214979Sdes ``VARNAME=value'' to the environment if the file exists and users are 776214979Sdes allowed to change their environment. For more information, see the 777180740Sdes PermitUserEnvironment option in sshd_config(5). 778180740Sdes 779180740SdesFILES 780180740Sdes ~/.rhosts 781180740Sdes This file is used for host-based authentication (see above). On 782214979Sdes some machines this file may need to be world-readable if the 783214979Sdes user's home directory is on an NFS partition, because sshd(8) 784214979Sdes reads it as root. Additionally, this file must be owned by the 785214979Sdes user, and must not have write permissions for anyone else. The 786214979Sdes recommended permission for most machines is read/write for the 787214979Sdes user, and not accessible by others. 788180740Sdes 789180740Sdes ~/.shosts 790180740Sdes This file is used in exactly the same way as .rhosts, but allows 791180740Sdes host-based authentication without permitting login with 792180740Sdes rlogin/rsh. 793180740Sdes 794180746Sdes ~/.ssh/ 795214979Sdes This directory is the default location for all user-specific 796214979Sdes configuration and authentication information. There is no 797214979Sdes general requirement to keep the entire contents of this directory 798214979Sdes secret, but the recommended permissions are read/write/execute 799214979Sdes for the user, and not accessible by others. 800180746Sdes 801180740Sdes ~/.ssh/authorized_keys 802262566Sdes Lists the public keys (DSA, ECDSA, ED25519, RSA) that can be used 803262566Sdes for logging in as this user. The format of this file is 804262566Sdes described in the sshd(8) manual page. This file is not highly 805262566Sdes sensitive, but the recommended permissions are read/write for the 806262566Sdes user, and not accessible by others. 807180740Sdes 808180740Sdes ~/.ssh/config 809180740Sdes This is the per-user configuration file. The file format and 810180740Sdes configuration options are described in ssh_config(5). Because of 811180740Sdes the potential for abuse, this file must have strict permissions: 812255670Sdes read/write for the user, and not writable by others. 813180740Sdes 814180740Sdes ~/.ssh/environment 815180740Sdes Contains additional definitions for environment variables; see 816180740Sdes ENVIRONMENT, above. 817180740Sdes 818180740Sdes ~/.ssh/identity 819180740Sdes ~/.ssh/id_dsa 820218767Sdes ~/.ssh/id_ecdsa 821262566Sdes ~/.ssh/id_ed25519 822180740Sdes ~/.ssh/id_rsa 823180740Sdes Contains the private key for authentication. These files contain 824214979Sdes sensitive data and should be readable by the user but not 825214979Sdes accessible by others (read/write/execute). ssh will simply 826214979Sdes ignore a private key file if it is accessible by others. It is 827214979Sdes possible to specify a passphrase when generating the key which 828214979Sdes will be used to encrypt the sensitive part of this file using 829214979Sdes 3DES. 830180740Sdes 831180740Sdes ~/.ssh/identity.pub 832180740Sdes ~/.ssh/id_dsa.pub 833218767Sdes ~/.ssh/id_ecdsa.pub 834262566Sdes ~/.ssh/id_ed25519.pub 835180740Sdes ~/.ssh/id_rsa.pub 836180740Sdes Contains the public key for authentication. These files are not 837180740Sdes sensitive and can (but need not) be readable by anyone. 838180740Sdes 839180740Sdes ~/.ssh/known_hosts 840180740Sdes Contains a list of host keys for all hosts the user has logged 841180740Sdes into that are not already in the systemwide list of known host 842180740Sdes keys. See sshd(8) for further details of the format of this 843180740Sdes file. 844180740Sdes 845180740Sdes ~/.ssh/rc 846180740Sdes Commands in this file are executed by ssh when the user logs in, 847180740Sdes just before the user's shell (or command) is started. See the 848180740Sdes sshd(8) manual page for more information. 849180740Sdes 850180740Sdes /etc/hosts.equiv 851180740Sdes This file is for host-based authentication (see above). It 852180740Sdes should only be writable by root. 853180740Sdes 854180740Sdes /etc/shosts.equiv 855214979Sdes This file is used in exactly the same way as hosts.equiv, but 856214979Sdes allows host-based authentication without permitting login with 857180740Sdes rlogin/rsh. 858180740Sdes 859180740Sdes /etc/ssh/ssh_config 860180740Sdes Systemwide configuration file. The file format and configuration 861180740Sdes options are described in ssh_config(5). 862180740Sdes 863180740Sdes /etc/ssh/ssh_host_key 864180740Sdes /etc/ssh/ssh_host_dsa_key 865218767Sdes /etc/ssh/ssh_host_ecdsa_key 866262566Sdes /etc/ssh/ssh_host_ed25519_key 867180740Sdes /etc/ssh/ssh_host_rsa_key 868239849Sdes These files contain the private parts of the host keys and are 869239849Sdes used for host-based authentication. If protocol version 1 is 870214979Sdes used, ssh must be setuid root, since the host key is readable 871214979Sdes only by root. For protocol version 2, ssh uses ssh-keysign(8) to 872214979Sdes access the host keys, eliminating the requirement that ssh be 873214979Sdes setuid root when host-based authentication is used. By default 874214979Sdes ssh is not setuid root. 875180740Sdes 876180740Sdes /etc/ssh/ssh_known_hosts 877180740Sdes Systemwide list of known host keys. This file should be prepared 878180740Sdes by the system administrator to contain the public host keys of 879180740Sdes all machines in the organization. It should be world-readable. 880180740Sdes See sshd(8) for further details of the format of this file. 881180740Sdes 882180740Sdes /etc/ssh/sshrc 883180740Sdes Commands in this file are executed by ssh when the user logs in, 884180740Sdes just before the user's shell (or command) is started. See the 885180740Sdes sshd(8) manual page for more information. 886180740Sdes 887218767SdesEXIT STATUS 888218767Sdes ssh exits with the exit status of the remote command or with 255 if an 889218767Sdes error occurred. 890218767Sdes 891180740SdesSEE ALSO 892180740Sdes scp(1), sftp(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh-keyscan(1), 893180740Sdes tun(4), hosts.equiv(5), ssh_config(5), ssh-keysign(8), sshd(8) 894180740Sdes 895248613SdesSTANDARDS 896248613Sdes S. Lehtinen and C. Lonvick, The Secure Shell (SSH) Protocol Assigned 897248613Sdes Numbers, RFC 4250, January 2006. 898180740Sdes 899248613Sdes T. Ylonen and C. Lonvick, The Secure Shell (SSH) Protocol Architecture, 900248613Sdes RFC 4251, January 2006. 901180740Sdes 902248613Sdes T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol, 903248613Sdes RFC 4252, January 2006. 904180740Sdes 905248613Sdes T. Ylonen and C. Lonvick, The Secure Shell (SSH) Transport Layer 906248613Sdes Protocol, RFC 4253, January 2006. 907180740Sdes 908248613Sdes T. Ylonen and C. Lonvick, The Secure Shell (SSH) Connection Protocol, RFC 909248613Sdes 4254, January 2006. 910180740Sdes 911248613Sdes J. Schlyter and W. Griffin, Using DNS to Securely Publish Secure Shell 912248613Sdes (SSH) Key Fingerprints, RFC 4255, January 2006. 913180740Sdes 914248613Sdes F. Cusack and M. Forssen, Generic Message Exchange Authentication for the 915248613Sdes Secure Shell Protocol (SSH), RFC 4256, January 2006. 916180740Sdes 917248613Sdes J. Galbraith and P. Remaker, The Secure Shell (SSH) Session Channel Break 918248613Sdes Extension, RFC 4335, January 2006. 919180740Sdes 920248613Sdes M. Bellare, T. Kohno, and C. Namprempre, The Secure Shell (SSH) Transport 921248613Sdes Layer Encryption Modes, RFC 4344, January 2006. 922180740Sdes 923248613Sdes B. Harris, Improved Arcfour Modes for the Secure Shell (SSH) Transport 924248613Sdes Layer Protocol, RFC 4345, January 2006. 925180740Sdes 926248613Sdes M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for 927248613Sdes the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006. 928180740Sdes 929248613Sdes J. Galbraith and R. Thayer, The Secure Shell (SSH) Public Key File 930248613Sdes Format, RFC 4716, November 2006. 931180740Sdes 932248613Sdes D. Stebila and J. Green, Elliptic Curve Algorithm Integration in the 933248613Sdes Secure Shell Transport Layer, RFC 5656, December 2009. 934218767Sdes 935218767Sdes A. Perrig and D. Song, Hash Visualization: a New Technique to improve 936180750Sdes Real-World Security, 1999, International Workshop on Cryptographic 937180750Sdes Techniques and E-Commerce (CrypTEC '99). 938180750Sdes 939180740SdesAUTHORS 940180740Sdes OpenSSH is a derivative of the original and free ssh 1.2.12 release by 941180740Sdes Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 942180740Sdes de Raadt and Dug Song removed many bugs, re-added newer features and 943180740Sdes created OpenSSH. Markus Friedl contributed the support for SSH protocol 944180740Sdes versions 1.5 and 2.0. 945180740Sdes 946264377SdesOpenBSD 5.5 December 7, 2013 OpenBSD 5.5 947