SSH(1) General Commands Manual SSH(1) ssh - OpenSSH ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J destination] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-P tag] [-p port] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] destination [command [argument ...]] ssh [-Q query_option] ssh ( SSH) . . X11 TCP UNIX-domain . ssh destination [user@]hostname (URI) ssh://[user@]hostname[:port]. ( ). command . command . . : -4 ssh IPv4 . -6 ssh IPv6 . -A ssh-agent(1). . . ( UNIX-domain ) . . ( -J) . -a . -B bind_interface bind_interface . . -b bind_address bind_address . . -C ( X11 TCP UNIX-domain ). gzip(1). . Compression ssh_config(5). -c cipher_spec . cipher_spec . Ciphers ssh_config(5) . -D [bind_address:]port <<>> . port bind_address . . SOCKS4 SOCKS5 ssh SOCKS. (root) . . IPv6 . . GatewayPorts. bind_address . bind_address <> <<*>> . -E log_file log_file . -e escape_char pty (: `~'). . (`.') control-Z . <> . -F configfile . (/etc/ssh/ssh_config). ~/.ssh/config. <> . -f ssh . ssh . -n. X11 ssh -f host xterm. ExitOnForwardFailure <> -f . ForkAfterAuthentication ssh_config(5) . -G ssh Host Match . -g . (multiplexed) . -I pkcs11 PKCS#11 ssh PKCS#11 . -i identity_file ( ) . ssh-agent(1) . ~/.ssh/id_rsa ~/.ssh/id_ecdsa ~/.ssh/id_ecdsa_sk ~/.ssh/id_ed25519 ~/.ssh/id_ed25519_sk. . -i ( ). CertificateFile ssh -cert.pub . -J destination ssh destination TCP . . IPv6 . ProxyJump. . ~/.ssh/config . -K GSSAPI () GSSAPI . -k () GSSAPI . -L [bind_address:]port:host:hostport -L [bind_address:]port:remote_socket -L local_socket:host:hostport -L local_socket:remote_socket TCP Unix () Unix . TCP port bind_address Unix. host hostport Unix remote_socket . . . IPv6 . GatewayPorts. bind_address . bind_address <> <<*>> . -l login_name . . -M ssh <<>> (master) . -M ssh <<>> ssh-askpass(1) ( ). ControlMaster ssh_config(5) . -m mac_spec MAC ( ) . MACs ssh_config(5) . -N . . SessionType ssh_config(5) . -n /dev/null ( ). ssh . X11 . ssh -n shadows.cs.hut.fi emacs & emacs shadows.cs.hut.fi X11 . ssh . ( ssh -f). StdinNull ssh_config(5) . -O ctl_cmd . -O ctl_cmd . : "check" ( ) "conninfo" ( ) "channels" ( ) "forward" ( ) "cancel" ( ) "proxy" ( ) "exit" ( ) "stop" ( ). -o . . ssh_config(5). AddKeysToAgent AddressFamily BatchMode BindAddress BindInterface CASignatureAlgorithms CanonicalDomains CanonicalizeFallbackLocal CanonicalizeHostname CanonicalizeMaxDots CanonicalizePermittedCNAMEs CertificateFile ChannelTimeout CheckHostIP Ciphers ClearAllForwardings ConnectTimeout ConnectionAttempts ControlMaster ControlPath ControlPersist DynamicForward EnableEscapeCommandline EnableSSHKeysign EscapeChar ExitOnForwardFailure FingerprintHash ForkAfterAuthentication ForwardAgent ForwardX11 ForwardX11Timeout ForwardX11Trusted GSSAPIAuthentication GSSAPIDelegateCredentials GatewayPorts GlobalKnownHostsFile HashKnownHosts Host HostKeyAlgorithms HostKeyAlias HostbasedAcceptedAlgorithms HostbasedAuthentication Hostname IPQoS IdentitiesOnly IdentityAgent IdentityFile IgnoreUnknown Include KbdInteractiveAuthentication KbdInteractiveDevices KexAlgorithms KnownHostsCommand LocalCommand LocalForward LogLevel LogVerbose MACs NoHostAuthenticationForLocalhost NumberOfPasswordPrompts ObscureKeystrokeTiming PKCS11Provider PasswordAuthentication PermitLocalCommand PermitRemoteOpen Port PreferredAuthentications ProxyCommand ProxyJump ProxyUseFdpass PubkeyAcceptedAlgorithms PubkeyAuthentication RekeyLimit RemoteCommand RemoteForward RequestTTY RequiredRSASize RevokedHostKeys SecurityKeyProvider SendEnv ServerAliveCountMax ServerAliveInterval SessionType SetEnv StdinNull StreamLocalBindMask StreamLocalBindUnlink StrictHostKeyChecking SyslogFacility TCPKeepAlive Tag Tunnel TunnelDevice UpdateHostKeys User UserKnownHostsFile VerifyHostKeyDNS VisualHostKey XAuthLocation -P tag ssh_config(5). Tag Match ssh_config(5) . -p port . . -Q query_option : cipher ( ) cipher-auth ( ) help ( -Q) mac ( ) kex ( ) key ( ) key-ca-sign ( CA ) key-cert ( ) key-plain ( ) key-sig ( ) protocol-version ( SSH ) sig ( ). ssh_config(5) sshd_config(5) query_option . -q . . -R [bind_address:]port:host:hostport -R [bind_address:]port:local_socket -R remote_socket:host:hostport -R remote_socket:local_socket -R [bind_address:]port TCP Unix () . TCP port Unix . Unix host hostport local_socket ssh SOCKS 4/5 SOCKS . . (root) . IPv6 . TCP (loopback) . bind_address. bind_address `*' . bind_address GatewayPorts ( sshd_config(5)). port `0' . -O forward . -S ctl_path "none" . ControlPath ControlMaster ssh_config(5) . -s . SSH ( sftp(1)). . SessionType ssh_config(5) . -T . -t . . -t tty ssh tty . -V . -v . ssh . . -v . 3. -W host:port host port . -N -T ExitOnForwardFailure ClearAllForwardings -o. -w local_tun[:remote_tun] tun(4) (local_tun) (remote_tun). "any" . remote_tun "any". Tunnel TunnelDevice ssh_config(5). Tunnel "point-to-point". Tunnel -w. -X X11. . X11 . ( X ) X11 . . X11 X11 SECURITY . ssh -Y ForwardX11Trusted ssh_config(5) . -x X11. -Y X11 . X11 X11 SECURITY. -y syslog(3). stderr. ssh . ssh_config(5). OpenSSH SSH SSH 2. : GSSAPI . PreferredAuthentications . : /etc/hosts.equiv /etc/ssh/shosts.equiv root ~/.rhosts ~/.shosts . ( /etc/ssh/ssh_known_hosts ~/.ssh/known_hosts ) . IP DNS . [ : /etc/hosts.equiv ~/.rhosts rlogin/rsh .] : . / . . ssh ECDSA Ed25519 RSA. ~/.ssh/authorized_keys . ssh . . . LogLevel DEBUG ( -v). ssh-keygen(1). ~/.ssh/id_ecdsa (ECDSA) ~/.ssh/id_ecdsa_sk (ECDSA ) ~/.ssh/id_ed25519 (Ed25519) ~/.ssh/id_ed25519_sk (Ed25519 ) ~/.ssh/id_rsa (RSA) ~/.ssh/id_ecdsa.pub (ECDSA) ~/.ssh/id_ecdsa_sk.pub (ECDSA ) ~/.ssh/id_ed25519.pub (Ed25519) ~/.ssh/id_ed25519_sk.pub (Ed25519 ) ~/.ssh/id_rsa.pub (RSA) . ~/.ssh/authorized_keys . authorized_keys ~/.rhosts . . : / . /. CERTIFICATES ssh-keygen(1) . . ssh-agent(1) () AddKeysToAgent ssh_config(5) . : "" . BSD ( login.conf(5)) PAM ( non-OpenBSD). ssh . . ssh . ~/.ssh/known_hosts . /etc/ssh/ssh_known_hosts . . ssh . StrictHostKeyChecking . . . ssh (pty) . -T -t . . . "none" tty. X11 TCP. ssh . ~~ . . EscapeChar -e. ( `~') : ~. . ~^Z ssh . ~# . ~& ssh / X11. ~? . ~B BREAK ( ). ~C . -L -R -D ( ). -KL[bind_address:]port -KR[bind_address:]port -KD[bind_address:]port . !command PermitLocalCommand ssh_config(5). -h. ~I SSH . ~R ( ). ~V (LogLevel) stderr. ~v (LogLevel) stderr. TCP TCP . TCP . IRC IRC . : ssh . ssh . IRC IRC "server.example.com" "#users" "pinky" IRC 6667: $ ssh -f -L 6667:localhost:6667 server.example.com sleep 10 $ irc -c '#users' pinky IRC/127.0.0.1 -f ssh "sleep 10" (10 ) . ssh. X11 ForwardX11 "yes" ( -X -x -Y ) X11 ( DISPLAY ) X11 X11 ( ) X . DISPLAY . X11 . DISPLAY ssh . ssh X "" . ssh Xauthority . Xauthority . ( ). ForwardAgent "yes" ( -A -a ) . ( StrictHostKeyChecking ). ssh-keygen(1): $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key . (MD5) -E ssh-keygen(1) . random art. VisualHostKey "yes" ASCII . . . : $ ssh-keygen -lv -f ~/.ssh/known_hosts : SSH DNS. (RR) SSHFP . "host.example.com". SSHFP host.example.com: $ ssh-keygen -r host.example.com. . : $ dig -t SSHFP host.example.com : $ ssh -o "VerifyHostKeyDNS ask" host.example.com [...] Matching host key fingerprint found in DNS. Are you sure you want to continue connecting (yes/no)? VerifyHostKeyDNS ssh_config(5) . SSH ssh (VPN) tun(4) . sshd_config(5) PermitTunnel ( 2 3). 10.0.50.0/24 10.0.99.0/24 10.1.1.1 10.1.1.2 SSH 192.168.1.15 . : # ssh -f -w 0:1 192.168.1.15 true # ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252 # route add 10.0.99.0/24 10.1.1.2 : # ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252 # route add 10.0.50.0/24 10.1.1.1 /root/.ssh/authorized_keys ( ) PermitRootLogin. tun(4) 1 "jane" tun 2 "john" PermitRootLogin "forced-commands-only": tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john SSH VPN . ipsecctl(8) isakmpd(8) VPN . ssh : DISPLAY DISPLAY X11. ssh "hostname:n" "hostname" `n' >= 1. ssh X11 . DISPLAY X11 ( ). HOME . LOGNAME USER . MAIL . PATH PATH ssh. SSH_ASKPASS ssh . ssh DISPLAY SSH_ASKPASS SSH_ASKPASS X11 . ssh .xsession . ( /dev/null .) SSH_ASKPASS_REQUIRE askpass. "never" ssh . "prefer" ssh askpass TTY . "force" askpass DISPLAY . SSH_AUTH_SOCK UNIX-domain . SSH_CONNECTION . : IP IP . SSH_ORIGINAL_COMMAND . . SSH_TTY tty ( ) . tty . SSH_TUNNEL sshd(8) . SSH_USER_AUTH sshd(8) . TZ ( ). USER . ssh ~/.ssh/environment "VARNAME=value" . PermitUserEnvironment sshd_config(5). ~/.rhosts ( ). NFS sshd(8) . . / . ~/.shosts .rhosts rlogin/rsh. ~/.ssh/ . // . ~/.ssh/authorized_keys (ECDSA Ed25519 RSA) . sshd(8). / . ~/.ssh/config . ssh_config(5). : / . ~/.ssh/environment ENVIRONMENT . ~/.ssh/id_ecdsa ~/.ssh/id_ecdsa_sk ~/.ssh/id_ed25519 ~/.ssh/id_ed25519_sk ~/.ssh/id_rsa . (//). ssh . AES-128. ~/.ssh/id_ecdsa.pub ~/.ssh/id_ecdsa_sk.pub ~/.ssh/id_ed25519.pub ~/.ssh/id_ed25519_sk.pub ~/.ssh/id_rsa.pub . ( ) . ~/.ssh/known_hosts . sshd(8) . ~/.ssh/rc ssh ( ). sshd(8) . /etc/hosts.equiv ( ). (root) . /etc/ssh/shosts.equiv hosts.equiv rlogin/rsh. /etc/ssh/ssh_config . ssh_config(5). /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_rsa_key . /etc/ssh/ssh_known_hosts . . . sshd(8) . /etc/ssh/sshrc ssh ( ). sshd(8) . ssh 255 . scp(1) sftp(1) ssh-add(1) ssh-agent(1) ssh-keygen(1) ssh-keyscan(1) tun(4) ssh_config(5) ssh-keysign(8) sshd(8) S. Lehtinen and C. Lonvick, The Secure Shell (SSH) Protocol Assigned Numbers, RFC 4250, 2006. T. Ylonen and C. Lonvick, The Secure Shell (SSH) Protocol Architecture, RFC 4251, 2006. T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol, RFC 4252, 2006. T. Ylonen and C. Lonvick, The Secure Shell (SSH) Transport Layer Protocol, RFC 4253, 2006. T. Ylonen and C. Lonvick, The Secure Shell (SSH) Connection Protocol, RFC 4254, 2006. J. Schlyter and W. Griffin, Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints, RFC 4255, 2006. F. Cusack and M. Forssen, Generic Message Exchange Authentication for the Secure Shell Protocol (SSH), RFC 4256, 2006. J. Galbraith and P. Remaker, The Secure Shell (SSH) Session Channel Break Extension, RFC 4335, 2006. M. Bellare, T. Kohno, and C. Namprempre, The Secure Shell (SSH) Transport Layer Encryption Modes, RFC 4344, 2006. B. Harris, Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol, RFC 4345, 2006. M. Friedl, N. Provos, and W. Simpson, - (SSH), RFC 4419, 2006. J. Galbraith and R. Thayer, The Secure Shell (SSH) Public Key File Format, RFC 4716, 2006. D. Stebila and J. Green, Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer, RFC 5656, 2009. A. Perrig and D. Song, Hash Visualization: a New Technique to improve Real-World Security, 1999, International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99). OpenSSH ssh 1.2.12 Tatu Ylonen. Aaron Campbell Bob Beck Markus Friedl Niels Provos Theo de Raadt Dug Song OpenSSH. Markus Friedl SSH 1.5 2.0. 3: https://www.gnu.org/licenses/gpl-3.0.html . . : kde-l10n-ar@kde.org Linux 7.0.8-arch1-1 $Mdocdate: 22 2025 $ Linux 7.0.8-arch1-1