1SSH(1) BSD General Commands Manual SSH(1)
2
4 ssh — OpenSSH remote login client
5
7 ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address]
8 [-c cipher_spec] [-D [bind_address:]port] [-E log_file]
9 [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file]
10 [-J destination] [-L address] [-l login_name] [-m mac_spec]
11 [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]
12 [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] destination
13 [command [argument ...]]
14
16 ssh (SSH client) is a program for logging into a remote machine and for
17 executing commands on a remote machine. It is intended to provide secure
18 encrypted communications between two untrusted hosts over an insecure
19 network. X11 connections, arbitrary TCP ports and UNIX-domain sockets
20 can also be forwarded over the secure channel.
21
22 ssh connects and logs into the specified destination, which may be speci‐
23 fied as either [user@]hostname or a URI of the form
24 ssh://[user@]hostname[:port]. The user must prove their identity to the
25 remote machine using one of several methods (see below).
26
27 If a command is specified, it will be executed on the remote host instead
28 of a login shell. A complete command line may be specified as command,
29 or it may have additional arguments. If supplied, the arguments will be
30 appended to the command, separated by spaces, before it is sent to the
31 server to be executed.
32
33 The options are as follows:
34
35 -4 Forces ssh to use IPv4 addresses only.
36
37 -6 Forces ssh to use IPv6 addresses only.
38
39 -A Enables forwarding of connections from an authentication agent
40 such as ssh-agent(1). This can also be specified on a per-host
41 basis in a configuration file.
42
43 Agent forwarding should be enabled with caution. Users with the
44 ability to bypass file permissions on the remote host (for the
45 agent's UNIX-domain socket) can access the local agent through
46 the forwarded connection. An attacker cannot obtain key material
47 from the agent, however they can perform operations on the keys
48 that enable them to authenticate using the identities loaded into
49 the agent. A safer alternative may be to use a jump host (see
50 -J).
51
52 -a Disables forwarding of the authentication agent connection.
53
54 -B bind_interface
55 Bind to the address of bind_interface before attempting to con‐
56 nect to the destination host. This is only useful on systems
57 with more than one address.
58
59 -b bind_address
60 Use bind_address on the local machine as the source address of
61 the connection. Only useful on systems with more than one ad‐
62 dress.
63
64 -C Requests compression of all data (including stdin, stdout,
65 stderr, and data for forwarded X11, TCP and UNIX-domain connec‐
66 tions). The compression algorithm is the same used by gzip(1).
67 Compression is desirable on modem lines and other slow connec‐
68 tions, but will only slow down things on fast networks. The de‐
69 fault value can be set on a host-by-host basis in the configura‐
70 tion files; see the Compression option.
71
72 -c cipher_spec
73 Selects the cipher specification for encrypting the session.
74 cipher_spec is a comma-separated list of ciphers listed in order
75 of preference. See the Ciphers keyword in ssh_config(5) for more
76 information.
77
78 -D [bind_address:]port
79 Specifies a local “dynamic” application-level port forwarding.
80 This works by allocating a socket to listen to port on the local
81 side, optionally bound to the specified bind_address. Whenever a
82 connection is made to this port, the connection is forwarded over
83 the secure channel, and the application protocol is then used to
84 determine where to connect to from the remote machine. Currently
85 the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
86 as a SOCKS server. Only root can forward privileged ports. Dy‐
87 namic port forwardings can also be specified in the configuration
88 file.
89
90 IPv6 addresses can be specified by enclosing the address in
91 square brackets. Only the superuser can forward privileged
92 ports. By default, the local port is bound in accordance with
93 the GatewayPorts setting. However, an explicit bind_address may
94 be used to bind the connection to a specific address. The
95 bind_address of “localhost” indicates that the listening port be
96 bound for local use only, while an empty address or ‘*’ indicates
97 that the port should be available from all interfaces.
98
99 -E log_file
100 Append debug logs to log_file instead of standard error.
101
102 -e escape_char
103 Sets the escape character for sessions with a pty (default: ‘~’).
104 The escape character is only recognized at the beginning of a
105 line. The escape character followed by a dot (‘.’) closes the
106 connection; followed by control-Z suspends the connection; and
107 followed by itself sends the escape character once. Setting the
108 character to “none” disables any escapes and makes the session
109 fully transparent.
110
111 -F configfile
112 Specifies an alternative per-user configuration file. If a con‐
113 figuration file is given on the command line, the system-wide
114 configuration file (/etc/ssh/ssh_config) will be ignored. The
115 default for the per-user configuration file is ~/.ssh/config. If
116 set to “none”, no configuration files will be read.
117
118 -f Requests ssh to go to background just before command execution.
119 This is useful if ssh is going to ask for passwords or
120 passphrases, but the user wants it in the background. This im‐
121 plies -n. The recommended way to start X11 programs at a remote
122 site is with something like ssh -f host xterm.
123
124 If the ExitOnForwardFailure configuration option is set to “yes”,
125 then a client started with -f will wait for all remote port for‐
126 wards to be successfully established before placing itself in the
127 background. Refer to the description of ForkAfterAuthentication
128 in ssh_config(5) for details.
129
130 -G Causes ssh to print its configuration after evaluating Host and
131 Match blocks and exit.
132
133 -g Allows remote hosts to connect to local forwarded ports. If used
134 on a multiplexed connection, then this option must be specified
135 on the master process.
136
137 -I pkcs11
138 Specify the PKCS#11 shared library ssh should use to communicate
139 with a PKCS#11 token providing keys for user authentication.
140
141 -i identity_file
142 Selects a file from which the identity (private key) for public
143 key authentication is read. You can also specify a public key
144 file to use the corresponding private key that is loaded in
145 ssh-agent(1) when the private key file is not present locally.
146 The default is ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
147 ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, ~/.ssh/id_ed25519_sk and
148 ~/.ssh/id_rsa. Identity files may also be specified on a per-
149 host basis in the configuration file. It is possible to have
150 multiple -i options (and multiple identities specified in config‐
151 uration files). If no certificates have been explicitly speci‐
152 fied by the CertificateFile directive, ssh will also try to load
153 certificate information from the filename obtained by appending
154 -cert.pub to identity filenames.
155
156 -J destination
157 Connect to the target host by first making a ssh connection to
158 the jump host described by destination and then establishing a
159 TCP forwarding to the ultimate destination from there. Multiple
160 jump hops may be specified separated by comma characters. This
161 is a shortcut to specify a ProxyJump configuration directive.
162 Note that configuration directives supplied on the command-line
163 generally apply to the destination host and not any specified
164 jump hosts. Use ~/.ssh/config to specify configuration for jump
165 hosts.
166
167 -K Enables GSSAPI-based authentication and forwarding (delegation)
168 of GSSAPI credentials to the server.
169
170 -k Disables forwarding (delegation) of GSSAPI credentials to the
171 server.
172
173 -L [bind_address:]port:host:hostport
174 -L [bind_address:]port:remote_socket
175 -L local_socket:host:hostport
176 -L local_socket:remote_socket
177 Specifies that connections to the given TCP port or Unix socket
178 on the local (client) host are to be forwarded to the given host
179 and port, or Unix socket, on the remote side. This works by al‐
180 locating a socket to listen to either a TCP port on the local
181 side, optionally bound to the specified bind_address, or to a
182 Unix socket. Whenever a connection is made to the local port or
183 socket, the connection is forwarded over the secure channel, and
184 a connection is made to either host port hostport, or the Unix
185 socket remote_socket, from the remote machine.
186
187 Port forwardings can also be specified in the configuration file.
188 Only the superuser can forward privileged ports. IPv6 addresses
189 can be specified by enclosing the address in square brackets.
190
191 By default, the local port is bound in accordance with the
192 GatewayPorts setting. However, an explicit bind_address may be
193 used to bind the connection to a specific address. The
194 bind_address of “localhost” indicates that the listening port be
195 bound for local use only, while an empty address or ‘*’ indicates
196 that the port should be available from all interfaces.
197
198 -l login_name
199 Specifies the user to log in as on the remote machine. This also
200 may be specified on a per-host basis in the configuration file.
201
202 -M Places the ssh client into “master” mode for connection sharing.
203 Multiple -M options places ssh into “master” mode but with con‐
204 firmation required using ssh-askpass(1) before each operation
205 that changes the multiplexing state (e.g. opening a new session).
206 Refer to the description of ControlMaster in ssh_config(5) for
207 details.
208
209 -m mac_spec
210 A comma-separated list of MAC (message authentication code) algo‐
211 rithms, specified in order of preference. See the MACs keyword
212 for more information.
213
214 -N Do not execute a remote command. This is useful for just for‐
215 warding ports. Refer to the description of SessionType in
216 ssh_config(5) for details.
217
218 -n Redirects stdin from /dev/null (actually, prevents reading from
219 stdin). This must be used when ssh is run in the background. A
220 common trick is to use this to run X11 programs on a remote ma‐
221 chine. For example, ssh -n shadows.cs.hut.fi emacs & will start
222 an emacs on shadows.cs.hut.fi, and the X11 connection will be au‐
223 tomatically forwarded over an encrypted channel. The ssh program
224 will be put in the background. (This does not work if ssh needs
225 to ask for a password or passphrase; see also the -f option.)
226 Refer to the description of StdinNull in ssh_config(5) for de‐
227 tails.
228
229 -O ctl_cmd
230 Control an active connection multiplexing master process. When
231 the -O option is specified, the ctl_cmd argument is interpreted
232 and passed to the master process. Valid commands are: “check”
233 (check that the master process is running), “forward” (request
234 forwardings without command execution), “cancel” (cancel forward‐
235 ings), “exit” (request the master to exit), and “stop” (request
236 the master to stop accepting further multiplexing requests).
237
238 -o option
239 Can be used to give options in the format used in the configura‐
240 tion file. This is useful for specifying options for which there
241 is no separate command-line flag. For full details of the op‐
242 tions listed below, and their possible values, see ssh_config(5).
243
244 AddKeysToAgent
245 AddressFamily
246 BatchMode
247 BindAddress
248 CanonicalDomains
249 CanonicalizeFallbackLocal
250 CanonicalizeHostname
251 CanonicalizeMaxDots
252 CanonicalizePermittedCNAMEs
253 CASignatureAlgorithms
254 CertificateFile
255 CheckHostIP
256 Ciphers
257 ClearAllForwardings
258 Compression
259 ConnectionAttempts
260 ConnectTimeout
261 ControlMaster
262 ControlPath
263 ControlPersist
264 DynamicForward
265 EscapeChar
266 ExitOnForwardFailure
267 FingerprintHash
268 ForkAfterAuthentication
269 ForwardAgent
270 ForwardX11
271 ForwardX11Timeout
272 ForwardX11Trusted
273 GatewayPorts
274 GlobalKnownHostsFile
275 GSSAPIAuthentication
276 GSSAPIKeyExchange
277 GSSAPIClientIdentity
278 GSSAPIDelegateCredentials
279 GSSAPIKexAlgorithms
280 GSSAPIRenewalForcesRekey
281 GSSAPIServerIdentity
282 GSSAPITrustDns
283 HashKnownHosts
284 Host
285 HostbasedAcceptedAlgorithms
286 HostbasedAuthentication
287 HostKeyAlgorithms
288 HostKeyAlias
289 Hostname
290 IdentitiesOnly
291 IdentityAgent
292 IdentityFile
293 IPQoS
294 KbdInteractiveAuthentication
295 KbdInteractiveDevices
296 KexAlgorithms
297 KnownHostsCommand
298 LocalCommand
299 LocalForward
300 LogLevel
301 MACs
302 Match
303 NoHostAuthenticationForLocalhost
304 NumberOfPasswordPrompts
305 PasswordAuthentication
306 PermitLocalCommand
307 PermitRemoteOpen
308 PKCS11Provider
309 Port
310 PreferredAuthentications
311 ProxyCommand
312 ProxyJump
313 ProxyUseFdpass
314 PubkeyAcceptedAlgorithms
315 PubkeyAuthentication
316 RekeyLimit
317 RemoteCommand
318 RemoteForward
319 RequestTTY
320 SendEnv
321 ServerAliveInterval
322 ServerAliveCountMax
323 SessionType
324 SetEnv
325 StdinNull
326 StreamLocalBindMask
327 StreamLocalBindUnlink
328 StrictHostKeyChecking
329 TCPKeepAlive
330 Tunnel
331 TunnelDevice
332 UpdateHostKeys
333 User
334 UserKnownHostsFile
335 VerifyHostKeyDNS
336 VisualHostKey
337 XAuthLocation
338
339 -p port
340 Port to connect to on the remote host. This can be specified on
341 a per-host basis in the configuration file.
342
343 -Q query_option
344 Queries for the algorithms supported by one of the following fea‐
345 tures: cipher (supported symmetric ciphers), cipher-auth (sup‐
346 ported symmetric ciphers that support authenticated encryption),
347 help (supported query terms for use with the -Q flag), mac (sup‐
348 ported message integrity codes), kex (key exchange algorithms),
349 kex-gss (GSSAPI key exchange algorithms), key (key types),
350 key-cert (certificate key types), key-plain (non-certificate key
351 types), key-sig (all key types and signature algorithms),
352 protocol-version (supported SSH protocol versions), and sig (sup‐
353 ported signature algorithms). Alternatively, any keyword from
354 ssh_config(5) or sshd_config(5) that takes an algorithm list may
355 be used as an alias for the corresponding query_option.
356
357 -q Quiet mode. Causes most warning and diagnostic messages to be
358 suppressed.
359
360 -R [bind_address:]port:host:hostport
361 -R [bind_address:]port:local_socket
362 -R remote_socket:host:hostport
363 -R remote_socket:local_socket
364 -R [bind_address:]port
365 Specifies that connections to the given TCP port or Unix socket
366 on the remote (server) host are to be forwarded to the local
367 side.
368
369 This works by allocating a socket to listen to either a TCP port
370 or to a Unix socket on the remote side. Whenever a connection is
371 made to this port or Unix socket, the connection is forwarded
372 over the secure channel, and a connection is made from the local
373 machine to either an explicit destination specified by host port
374 hostport, or local_socket, or, if no explicit destination was
375 specified, ssh will act as a SOCKS 4/5 proxy and forward connec‐
376 tions to the destinations requested by the remote SOCKS client.
377
378 Port forwardings can also be specified in the configuration file.
379 Privileged ports can be forwarded only when logging in as root on
380 the remote machine. IPv6 addresses can be specified by enclosing
381 the address in square brackets.
382
383 By default, TCP listening sockets on the server will be bound to
384 the loopback interface only. This may be overridden by specify‐
385 ing a bind_address. An empty bind_address, or the address ‘*’,
386 indicates that the remote socket should listen on all interfaces.
387 Specifying a remote bind_address will only succeed if the
388 server's GatewayPorts option is enabled (see sshd_config(5)).
389
390 If the port argument is ‘0’, the listen port will be dynamically
391 allocated on the server and reported to the client at run time.
392 When used together with -O forward the allocated port will be
393 printed to the standard output.
394
395 -S ctl_path
396 Specifies the location of a control socket for connection shar‐
397 ing, or the string “none” to disable connection sharing. Refer
398 to the description of ControlPath and ControlMaster in
399 ssh_config(5) for details.
400
401 -s May be used to request invocation of a subsystem on the remote
402 system. Subsystems facilitate the use of SSH as a secure trans‐
403 port for other applications (e.g. sftp(1)). The subsystem is
404 specified as the remote command. Refer to the description of
405 SessionType in ssh_config(5) for details.
406
407 -T Disable pseudo-terminal allocation.
408
409 -t Force pseudo-terminal allocation. This can be used to execute
410 arbitrary screen-based programs on a remote machine, which can be
411 very useful, e.g. when implementing menu services. Multiple -t
412 options force tty allocation, even if ssh has no local tty.
413
414 -V Display the version number and exit.
415
416 -v Verbose mode. Causes ssh to print debugging messages about its
417 progress. This is helpful in debugging connection, authentica‐
418 tion, and configuration problems. Multiple -v options increase
419 the verbosity. The maximum is 3.
420
421 -W host:port
422 Requests that standard input and output on the client be for‐
423 warded to host on port over the secure channel. Implies -N, -T,
424 ExitOnForwardFailure and ClearAllForwardings, though these can be
425 overridden in the configuration file or using -o command line op‐
426 tions.
427
428 -w local_tun[:remote_tun]
429 Requests tunnel device forwarding with the specified tun(4) de‐
430 vices between the client (local_tun) and the server (remote_tun).
431
432 The devices may be specified by numerical ID or the keyword
433 “any”, which uses the next available tunnel device. If
434 remote_tun is not specified, it defaults to “any”. See also the
435 Tunnel and TunnelDevice directives in ssh_config(5).
436
437 If the Tunnel directive is unset, it will be set to the default
438 tunnel mode, which is “point-to-point”. If a different Tunnel
439 forwarding mode it desired, then it should be specified before
440 -w.
441
442 -X Enables X11 forwarding. This can also be specified on a per-host
443 basis in a configuration file.
444
445 X11 forwarding should be enabled with caution. Users with the
446 ability to bypass file permissions on the remote host (for the
447 user's X authorization database) can access the local X11 display
448 through the forwarded connection. An attacker may then be able
449 to perform activities such as keystroke monitoring.
450
451 For this reason, X11 forwarding is subjected to X11 SECURITY ex‐
452 tension restrictions by default. Please refer to the ssh -Y op‐
453 tion and the ForwardX11Trusted directive in ssh_config(5) for
454 more information.
455
456 -x Disables X11 forwarding.
457
458 -Y Enables trusted X11 forwarding. Trusted X11 forwardings are not
459 subjected to the X11 SECURITY extension controls.
460
461 -y Send log information using the syslog(3) system module. By de‐
462 fault this information is sent to stderr.
463
464 ssh may additionally obtain configuration data from a per-user configura‐
465 tion file and a system-wide configuration file. The file format and con‐
466 figuration options are described in ssh_config(5).
467
469 The OpenSSH SSH client supports SSH protocol 2.
470
471 The methods available for authentication are: GSSAPI-based authentica‐
472 tion, host-based authentication, public key authentication, keyboard-in‐
473 teractive authentication, and password authentication. Authentication
474 methods are tried in the order specified above, though
475 PreferredAuthentications can be used to change the default order.
476
477 Host-based authentication works as follows: If the machine the user logs
478 in from is listed in /etc/hosts.equiv or /etc/ssh/shosts.equiv on the re‐
479 mote machine, the user is non-root and the user names are the same on
480 both sides, or if the files ~/.rhosts or ~/.shosts exist in the user's
481 home directory on the remote machine and contain a line containing the
482 name of the client machine and the name of the user on that machine, the
483 user is considered for login. Additionally, the server must be able to
484 verify the client's host key (see the description of
485 /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts, below) for login to be
486 permitted. This authentication method closes security holes due to IP
487 spoofing, DNS spoofing, and routing spoofing. [Note to the administra‐
488 tor: /etc/hosts.equiv, ~/.rhosts, and the rlogin/rsh protocol in general,
489 are inherently insecure and should be disabled if security is desired.]
490
491 Public key authentication works as follows: The scheme is based on pub‐
492 lic-key cryptography, using cryptosystems where encryption and decryption
493 are done using separate keys, and it is unfeasible to derive the decryp‐
494 tion key from the encryption key. The idea is that each user creates a
495 public/private key pair for authentication purposes. The server knows
496 the public key, and only the user knows the private key. ssh implements
497 public key authentication protocol automatically, using one of the DSA,
498 ECDSA, Ed25519 or RSA algorithms. The HISTORY section of ssl(8) contains
499 a brief discussion of the DSA and RSA algorithms.
500
501 The file ~/.ssh/authorized_keys lists the public keys that are permitted
502 for logging in. When the user logs in, the ssh program tells the server
503 which key pair it would like to use for authentication. The client
504 proves that it has access to the private key and the server checks that
505 the corresponding public key is authorized to accept the account.
506
507 The server may inform the client of errors that prevented public key au‐
508 thentication from succeeding after authentication completes using a dif‐
509 ferent method. These may be viewed by increasing the LogLevel to DEBUG
510 or higher (e.g. by using the -v flag).
511
512 The user creates their key pair by running ssh-keygen(1). This stores
513 the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA),
514 ~/.ssh/id_ecdsa_sk (authenticator-hosted ECDSA), ~/.ssh/id_ed25519
515 (Ed25519), ~/.ssh/id_ed25519_sk (authenticator-hosted Ed25519), or
516 ~/.ssh/id_rsa (RSA) and stores the public key in ~/.ssh/id_dsa.pub (DSA),
517 ~/.ssh/id_ecdsa.pub (ECDSA), ~/.ssh/id_ecdsa_sk.pub (authenticator-hosted
518 ECDSA), ~/.ssh/id_ed25519.pub (Ed25519), ~/.ssh/id_ed25519_sk.pub (au‐
519 thenticator-hosted Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's
520 home directory. The user should then copy the public key to
521 ~/.ssh/authorized_keys in their home directory on the remote machine.
522 The authorized_keys file corresponds to the conventional ~/.rhosts file,
523 and has one key per line, though the lines can be very long. After this,
524 the user can log in without giving the password.
525
526 A variation on public key authentication is available in the form of cer‐
527 tificate authentication: instead of a set of public/private keys, signed
528 certificates are used. This has the advantage that a single trusted cer‐
529 tification authority can be used in place of many public/private keys.
530 See the CERTIFICATES section of ssh-keygen(1) for more information.
531
532 The most convenient way to use public key or certificate authentication
533 may be with an authentication agent. See ssh-agent(1) and (optionally)
534 the AddKeysToAgent directive in ssh_config(5) for more information.
535
536 Keyboard-interactive authentication works as follows: The server sends an
537 arbitrary "challenge" text and prompts for a response, possibly multiple
538 times. Examples of keyboard-interactive authentication include BSD Au‐
539 thentication (see login.conf(5)) and PAM (some non-OpenBSD systems).
540
541 Finally, if other authentication methods fail, ssh prompts the user for a
542 password. The password is sent to the remote host for checking; however,
543 since all communications are encrypted, the password cannot be seen by
544 someone listening on the network.
545
546 ssh automatically maintains and checks a database containing identifica‐
547 tion for all hosts it has ever been used with. Host keys are stored in
548 ~/.ssh/known_hosts in the user's home directory. Additionally, the file
549 /etc/ssh/ssh_known_hosts is automatically checked for known hosts. Any
550 new hosts are automatically added to the user's file. If a host's iden‐
551 tification ever changes, ssh warns about this and disables password au‐
552 thentication to prevent server spoofing or man-in-the-middle attacks,
553 which could otherwise be used to circumvent the encryption. The
554 StrictHostKeyChecking option can be used to control logins to machines
555 whose host key is not known or has changed.
556
557 When the user's identity has been accepted by the server, the server ei‐
558 ther executes the given command in a non-interactive session or, if no
559 command has been specified, logs into the machine and gives the user a
560 normal shell as an interactive session. All communication with the re‐
561 mote command or shell will be automatically encrypted.
562
563 If an interactive session is requested ssh by default will only request a
564 pseudo-terminal (pty) for interactive sessions when the client has one.
565 The flags -T and -t can be used to override this behaviour.
566
567 If a pseudo-terminal has been allocated the user may use the escape char‐
568 acters noted below.
569
570 If no pseudo-terminal has been allocated, the session is transparent and
571 can be used to reliably transfer binary data. On most systems, setting
572 the escape character to “none” will also make the session transparent
573 even if a tty is used.
574
575 The session terminates when the command or shell on the remote machine
576 exits and all X11 and TCP connections have been closed.
577
579 When a pseudo-terminal has been requested, ssh supports a number of func‐
580 tions through the use of an escape character.
581
582 A single tilde character can be sent as ~~ or by following the tilde by a
583 character other than those described below. The escape character must
584 always follow a newline to be interpreted as special. The escape charac‐
585 ter can be changed in configuration files using the EscapeChar configura‐
586 tion directive or on the command line by the -e option.
587
588 The supported escapes (assuming the default ‘~’) are:
589
590 ~. Disconnect.
591
592 ~^Z Background ssh.
593
594 ~# List forwarded connections.
595
596 ~& Background ssh at logout when waiting for forwarded connection /
597 X11 sessions to terminate.
598
599 ~? Display a list of escape characters.
600
601 ~B Send a BREAK to the remote system (only useful if the peer sup‐
602 ports it).
603
604 ~C Open command line. Currently this allows the addition of port
605 forwardings using the -L, -R and -D options (see above). It also
606 allows the cancellation of existing port-forwardings with
607 -KL[bind_address:]port for local, -KR[bind_address:]port for re‐
608 mote and -KD[bind_address:]port for dynamic port-forwardings.
609 !command allows the user to execute a local command if the
610 PermitLocalCommand option is enabled in ssh_config(5). Basic
611 help is available, using the -h option.
612
613 ~R Request rekeying of the connection (only useful if the peer sup‐
614 ports it).
615
616 ~V Decrease the verbosity (LogLevel) when errors are being written
617 to stderr.
618
619 ~v Increase the verbosity (LogLevel) when errors are being written
620 to stderr.
621
623 Forwarding of arbitrary TCP connections over a secure channel can be
624 specified either on the command line or in a configuration file. One
625 possible application of TCP forwarding is a secure connection to a mail
626 server; another is going through firewalls.
627
628 In the example below, we look at encrypting communication for an IRC
629 client, even though the IRC server it connects to does not directly sup‐
630 port encrypted communication. This works as follows: the user connects
631 to the remote host using ssh, specifying the ports to be used to forward
632 the connection. After that it is possible to start the program locally,
633 and ssh will encrypt and forward the connection to the remote server.
634
635 The following example tunnels an IRC session from the client to an IRC
636 server at “server.example.com”, joining channel “#users”, nickname
637 “pinky”, using the standard IRC port, 6667:
638
639 $ ssh -f -L 6667:localhost:6667 server.example.com sleep 10
640 $ irc -c '#users' pinky IRC/127.0.0.1
641
642 The -f option backgrounds ssh and the remote command “sleep 10” is speci‐
643 fied to allow an amount of time (10 seconds, in the example) to start the
644 program which is going to use the tunnel. If no connections are made
645 within the time specified, ssh will exit.
646
648 If the ForwardX11 variable is set to “yes” (or see the description of the
649 -X, -x, and -Y options above) and the user is using X11 (the DISPLAY en‐
650 vironment variable is set), the connection to the X11 display is automat‐
651 ically forwarded to the remote side in such a way that any X11 programs
652 started from the shell (or command) will go through the encrypted chan‐
653 nel, and the connection to the real X server will be made from the local
654 machine. The user should not manually set DISPLAY. Forwarding of X11
655 connections can be configured on the command line or in configuration
656 files.
657
658 The DISPLAY value set by ssh will point to the server machine, but with a
659 display number greater than zero. This is normal, and happens because
660 ssh creates a “proxy” X server on the server machine for forwarding the
661 connections over the encrypted channel.
662
663 ssh will also automatically set up Xauthority data on the server machine.
664 For this purpose, it will generate a random authorization cookie, store
665 it in Xauthority on the server, and verify that any forwarded connections
666 carry this cookie and replace it by the real cookie when the connection
667 is opened. The real authentication cookie is never sent to the server
668 machine (and no cookies are sent in the plain).
669
670 If the ForwardAgent variable is set to “yes” (or see the description of
671 the -A and -a options above) and the user is using an authentication
672 agent, the connection to the agent is automatically forwarded to the re‐
673 mote side.
674
676 When connecting to a server for the first time, a fingerprint of the
677 server's public key is presented to the user (unless the option
678 StrictHostKeyChecking has been disabled). Fingerprints can be determined
679 using ssh-keygen(1):
680
681 $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
682
683 If the fingerprint is already known, it can be matched and the key can be
684 accepted or rejected. If only legacy (MD5) fingerprints for the server
685 are available, the ssh-keygen(1) -E option may be used to downgrade the
686 fingerprint algorithm to match.
687
688 Because of the difficulty of comparing host keys just by looking at fin‐
689 gerprint strings, there is also support to compare host keys visually,
690 using random art. By setting the VisualHostKey option to “yes”, a small
691 ASCII graphic gets displayed on every login to a server, no matter if the
692 session itself is interactive or not. By learning the pattern a known
693 server produces, a user can easily find out that the host key has changed
694 when a completely different pattern is displayed. Because these patterns
695 are not unambiguous however, a pattern that looks similar to the pattern
696 remembered only gives a good probability that the host key is the same,
697 not guaranteed proof.
698
699 To get a listing of the fingerprints along with their random art for all
700 known hosts, the following command line can be used:
701
702 $ ssh-keygen -lv -f ~/.ssh/known_hosts
703
704 If the fingerprint is unknown, an alternative method of verification is
705 available: SSH fingerprints verified by DNS. An additional resource
706 record (RR), SSHFP, is added to a zonefile and the connecting client is
707 able to match the fingerprint with that of the key presented.
708
709 In this example, we are connecting a client to a server,
710 “host.example.com”. The SSHFP resource records should first be added to
711 the zonefile for host.example.com:
712
713 $ ssh-keygen -r host.example.com.
714
715 The output lines will have to be added to the zonefile. To check that
716 the zone is answering fingerprint queries:
717
718 $ dig -t SSHFP host.example.com
719
720 Finally the client connects:
721
722 $ ssh -o "VerifyHostKeyDNS ask" host.example.com
723 [...]
724 Matching host key fingerprint found in DNS.
725 Are you sure you want to continue connecting (yes/no)?
726
727 See the VerifyHostKeyDNS option in ssh_config(5) for more information.
728
730 ssh contains support for Virtual Private Network (VPN) tunnelling using
731 the tun(4) network pseudo-device, allowing two networks to be joined se‐
732 curely. The sshd_config(5) configuration option PermitTunnel controls
733 whether the server supports this, and at what level (layer 2 or 3 traf‐
734 fic).
735
736 The following example would connect client network 10.0.50.0/24 with re‐
737 mote network 10.0.99.0/24 using a point-to-point connection from 10.1.1.1
738 to 10.1.1.2, provided that the SSH server running on the gateway to the
739 remote network, at 192.168.1.15, allows it.
740
741 On the client:
742
743 # ssh -f -w 0:1 192.168.1.15 true
744 # ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252
745 # route add 10.0.99.0/24 10.1.1.2
746
747 On the server:
748
749 # ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252
750 # route add 10.0.50.0/24 10.1.1.1
751
752 Client access may be more finely tuned via the /root/.ssh/authorized_keys
753 file (see below) and the PermitRootLogin server option. The following
754 entry would permit connections on tun(4) device 1 from user “jane” and on
755 tun device 2 from user “john”, if PermitRootLogin is set to
756 “forced-commands-only”:
757
758 tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane
759 tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john
760
761 Since an SSH-based setup entails a fair amount of overhead, it may be
762 more suited to temporary setups, such as for wireless VPNs. More perma‐
763 nent VPNs are better provided by tools such as ipsecctl(8) and
764 isakmpd(8).
765
767 ssh will normally set the following environment variables:
768
769 DISPLAY The DISPLAY variable indicates the location of the
770 X11 server. It is automatically set by ssh to
771 point to a value of the form “hostname:n”, where
772 “hostname” indicates the host where the shell runs,
773 and ‘n’ is an integer ≥ 1. ssh uses this special
774 value to forward X11 connections over the secure
775 channel. The user should normally not set DISPLAY
776 explicitly, as that will render the X11 connection
777 insecure (and will require the user to manually
778 copy any required authorization cookies).
779
780 HOME Set to the path of the user's home directory.
781
782 LOGNAME Synonym for USER; set for compatibility with sys‐
783 tems that use this variable.
784
785 MAIL Set to the path of the user's mailbox.
786
787 PATH Set to the default PATH, as specified when compil‐
788 ing ssh.
789
790 SSH_ASKPASS If ssh needs a passphrase, it will read the
791 passphrase from the current terminal if it was run
792 from a terminal. If ssh does not have a terminal
793 associated with it but DISPLAY and SSH_ASKPASS are
794 set, it will execute the program specified by
795 SSH_ASKPASS and open an X11 window to read the
796 passphrase. This is particularly useful when call‐
797 ing ssh from a .xsession or related script. (Note
798 that on some machines it may be necessary to redi‐
799 rect the input from /dev/null to make this work.)
800
801 SSH_ASKPASS_REQUIRE Allows further control over the use of an askpass
802 program. If this variable is set to “never” then
803 ssh will never attempt to use one. If it is set to
804 “prefer”, then ssh will prefer to use the askpass
805 program instead of the TTY when requesting pass‐
806 words. Finally, if the variable is set to “force”,
807 then the askpass program will be used for all
808 passphrase input regardless of whether DISPLAY is
809 set.
810
811 SSH_AUTH_SOCK Identifies the path of a UNIX-domain socket used to
812 communicate with the agent.
813
814 SSH_CONNECTION Identifies the client and server ends of the con‐
815 nection. The variable contains four space-sepa‐
816 rated values: client IP address, client port num‐
817 ber, server IP address, and server port number.
818
819 SSH_ORIGINAL_COMMAND This variable contains the original command line if
820 a forced command is executed. It can be used to
821 extract the original arguments.
822
823 SSH_TTY This is set to the name of the tty (path to the de‐
824 vice) associated with the current shell or command.
825 If the current session has no tty, this variable is
826 not set.
827
828 SSH_TUNNEL Optionally set by sshd(8) to contain the interface
829 names assigned if tunnel forwarding was requested
830 by the client.
831
832 SSH_USER_AUTH Optionally set by sshd(8), this variable may con‐
833 tain a pathname to a file that lists the authenti‐
834 cation methods successfully used when the session
835 was established, including any public keys that
836 were used.
837
838 TZ This variable is set to indicate the present time
839 zone if it was set when the daemon was started
840 (i.e. the daemon passes the value on to new connec‐
841 tions).
842
843 USER Set to the name of the user logging in.
844
845 Additionally, ssh reads ~/.ssh/environment, and adds lines of the format
846 “VARNAME=value” to the environment if the file exists and users are al‐
847 lowed to change their environment. For more information, see the
848 PermitUserEnvironment option in sshd_config(5).
849
851 ~/.rhosts
852 This file is used for host-based authentication (see above). On
853 some machines this file may need to be world-readable if the
854 user's home directory is on an NFS partition, because sshd(8)
855 reads it as root. Additionally, this file must be owned by the
856 user, and must not have write permissions for anyone else. The
857 recommended permission for most machines is read/write for the
858 user, and not accessible by others.
859
860 ~/.shosts
861 This file is used in exactly the same way as .rhosts, but allows
862 host-based authentication without permitting login with
863 rlogin/rsh.
864
865 ~/.ssh/
866 This directory is the default location for all user-specific con‐
867 figuration and authentication information. There is no general
868 requirement to keep the entire contents of this directory secret,
869 but the recommended permissions are read/write/execute for the
870 user, and not accessible by others.
871
872 ~/.ssh/authorized_keys
873 Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
874 for logging in as this user. The format of this file is de‐
875 scribed in the sshd(8) manual page. This file is not highly sen‐
876 sitive, but the recommended permissions are read/write for the
877 user, and not accessible by others.
878
879 ~/.ssh/config
880 This is the per-user configuration file. The file format and
881 configuration options are described in ssh_config(5). Because of
882 the potential for abuse, this file must have strict permissions:
883 read/write for the user, and not writable by others.
884
885 ~/.ssh/environment
886 Contains additional definitions for environment variables; see
887 ENVIRONMENT, above.
888
889 ~/.ssh/id_dsa
890 ~/.ssh/id_ecdsa
891 ~/.ssh/id_ecdsa_sk
892 ~/.ssh/id_ed25519
893 ~/.ssh/id_ed25519_sk
894 ~/.ssh/id_rsa
895 Contains the private key for authentication. These files contain
896 sensitive data and should be readable by the user but not acces‐
897 sible by others (read/write/execute). ssh will simply ignore a
898 private key file if it is accessible by others. It is possible
899 to specify a passphrase when generating the key which will be
900 used to encrypt the sensitive part of this file using AES-128.
901
902 ~/.ssh/id_dsa.pub
903 ~/.ssh/id_ecdsa.pub
904 ~/.ssh/id_ecdsa_sk.pub
905 ~/.ssh/id_ed25519.pub
906 ~/.ssh/id_ed25519_sk.pub
907 ~/.ssh/id_rsa.pub
908 Contains the public key for authentication. These files are not
909 sensitive and can (but need not) be readable by anyone.
910
911 ~/.ssh/known_hosts
912 Contains a list of host keys for all hosts the user has logged
913 into that are not already in the systemwide list of known host
914 keys. See sshd(8) for further details of the format of this
915 file.
916
917 ~/.ssh/rc
918 Commands in this file are executed by ssh when the user logs in,
919 just before the user's shell (or command) is started. See the
920 sshd(8) manual page for more information.
921
922 /etc/hosts.equiv
923 This file is for host-based authentication (see above). It
924 should only be writable by root.
925
926 /etc/ssh/shosts.equiv
927 This file is used in exactly the same way as hosts.equiv, but al‐
928 lows host-based authentication without permitting login with
929 rlogin/rsh.
930
931 /etc/ssh/ssh_config
932 Systemwide configuration file. The file format and configuration
933 options are described in ssh_config(5).
934
935 /etc/ssh/ssh_host_key
936 /etc/ssh/ssh_host_dsa_key
937 /etc/ssh/ssh_host_ecdsa_key
938 /etc/ssh/ssh_host_ed25519_key
939 /etc/ssh/ssh_host_rsa_key
940 These files contain the private parts of the host keys and are
941 used for host-based authentication.
942
943 /etc/ssh/ssh_known_hosts
944 Systemwide list of known host keys. This file should be prepared
945 by the system administrator to contain the public host keys of
946 all machines in the organization. It should be world-readable.
947 See sshd(8) for further details of the format of this file.
948
949 /etc/ssh/sshrc
950 Commands in this file are executed by ssh when the user logs in,
951 just before the user's shell (or command) is started. See the
952 sshd(8) manual page for more information.
953
955 ssh exits with the exit status of the remote command or with 255 if an
956 error occurred.
957
959 IPv6 address can be used everywhere where IPv4 address. In all entries
960 must be the IPv6 address enclosed in square brackets. Note: The square
961 brackets are metacharacters for the shell and must be escaped in shell.
962
964 scp(1), sftp(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh-keyscan(1),
965 tun(4), ssh_config(5), ssh-keysign(8), sshd(8)
966
968 S. Lehtinen and C. Lonvick, The Secure Shell (SSH) Protocol Assigned
969 Numbers, RFC 4250, January 2006.
970
971 T. Ylonen and C. Lonvick, The Secure Shell (SSH) Protocol Architecture,
972 RFC 4251, January 2006.
973
974 T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol,
975 RFC 4252, January 2006.
976
977 T. Ylonen and C. Lonvick, The Secure Shell (SSH) Transport Layer
978 Protocol, RFC 4253, January 2006.
979
980 T. Ylonen and C. Lonvick, The Secure Shell (SSH) Connection Protocol, RFC
981 4254, January 2006.
982
983 J. Schlyter and W. Griffin, Using DNS to Securely Publish Secure Shell
984 (SSH) Key Fingerprints, RFC 4255, January 2006.
985
986 F. Cusack and M. Forssen, Generic Message Exchange Authentication for the
987 Secure Shell Protocol (SSH), RFC 4256, January 2006.
988
989 J. Galbraith and P. Remaker, The Secure Shell (SSH) Session Channel Break
990 Extension, RFC 4335, January 2006.
991
992 M. Bellare, T. Kohno, and C. Namprempre, The Secure Shell (SSH) Transport
993 Layer Encryption Modes, RFC 4344, January 2006.
994
995 B. Harris, Improved Arcfour Modes for the Secure Shell (SSH) Transport
996 Layer Protocol, RFC 4345, January 2006.
997
998 M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for
999 the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006.
1000
1001 J. Galbraith and R. Thayer, The Secure Shell (SSH) Public Key File
1002 Format, RFC 4716, November 2006.
1003
1004 D. Stebila and J. Green, Elliptic Curve Algorithm Integration in the
1005 Secure Shell Transport Layer, RFC 5656, December 2009.
1006
1007 A. Perrig and D. Song, Hash Visualization: a New Technique to improve
1008 Real-World Security, 1999, International Workshop on Cryptographic
1009 Techniques and E-Commerce (CrypTEC '99).
1010
1012 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
1013 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
1014 de Raadt and Dug Song removed many bugs, re-added newer features and cre‐
1015 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
1016 versions 1.5 and 2.0.
1017
1018BSD September 10, 2021 BSD