SSH(1) General Commands Manual SSH(1) ssh - OpenSSH ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B _'] [-b _'] [-c _] [-D [_':]] [-E _] [-e _] [-F _] [-I pkcs11] [-i _] [-J ] [-L ] [-l __] [-m _mac] [-O _] [-o ] [-P ] [-p ] [-R ] [-S _] [-W :] [-w _[:_]] [ [ ...]] ssh [-Q _] ssh ( SSH) - . ' . ' X11, TCP UNIX-domain. ssh ' destination, [user@]hostname URI ssh://[user@]hostname[:port]. (. ). command, . , command, . , , , , . : -4 ssh IPv4. -6 ssh IPv6. -A ' , ssh-agent(1). . . ( UNIX-domain) '. , , , , . (jump) (. -J). -a . -B _' ' bind_interface ' . . -b _' bind_address , '. . -C ( stdin, stdout, stderr X11, ' TCP UNIX-domain). , gzip(1). ', . ; . Compression ssh_config(5). -c _ . cipher_spec , , . . Ciphers ssh_config(5) . -D [_':] "" . , ' ' _'. ' , ' , , ' . SOCKS4 SOCKS5, ssh SOCKS. root. . IPv6 . . ' GatewayPorts. , bind_address, ' ' . bind_address "localhost" , ' , `*' , . -E _ log_file . -e _ pty ( `~'). . (`.') '; ctrl-Z, ' ; , . "none" . -F _ . , (/etc/ssh/ssh_config) . ~/.ssh/config. "none", . -f ssh . , ssh , , . -n. X11 ssh -f xterm. ExitOnForwardFailure "yes", , -f, ' . , ForkAfterAuthentication ssh_config(5). -G ssh Host Match . -g ' . ', . -I pkcs11 PKCS#11, ssh ' PKCS#11, . -i _ , ( ) . , ssh-agent(1), . ~/.ssh/id_rsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, ~/.ssh/id_ed25519_sk ~/.ssh/id_dsa. . -i ( ). CertificateFile, ssh , -cert.pub . -J ' ssh ' , TCP . , . ProxyJump. , , , , , . ~/.ssh/config . -K GSSAPI () GSSAPI . -k () GSSAPI . -L [_':]::_ -L [_':]:_ -L _::_ -L _:_ , ' TCP Unix () Unix '. TCP- , , ' _', Unix. , ' _, Unix . . . IPv6 , . , ' GatewayPorts. , bind_address, ' ' . bind_address "localhost" , ' , `*' , . -l _ , . . -M ssh "" '. -M, ssh "" , ssh-askpass(1) - , (, ). ControlMaster ssh_config(5), . -m _mac MAC (message authentication code), . , MACs ssh_config(5). -N . , . SessionType ssh_config(5). -n (stdin) /dev/null (, , stdin). , ssh . X11 . , ssh -n shadows.cs.hut.fi emacs & emacs shadows.cs.hut.fi, ' X11 . ssh . ( , ssh ; . -f.) StdinNull ssh_config(5), . -O _ '. -O, _ . : "check" (, ), "forward" ( ), "cancel" ( ), "exit" ( ) "stop" ( ). -o , . , . , ssh_config(5). AddKeysToAgent AddressFamily BatchMode BindAddress CanonicalDomains CanonicalizeFallbackLocal CanonicalizeHostname CanonicalizeMaxDots CanonicalizePermittedCNAMEs CASignatureAlgorithms CertificateFile CheckHostIP Ciphers ClearAllForwardings ConnectionAttempts ConnectTimeout ControlMaster ControlPath ControlPersist DynamicForward EnableEscapeCommandline EscapeChar ExitOnForwardFailure FingerprintHash ForkAfterAuthentication ForwardAgent ForwardX11 ForwardX11Timeout ForwardX11Trusted GatewayPorts GlobalKnownHostsFile GSSAPIAuthentication GSSAPIDelegateCredentials HashKnownHosts Host HostbasedAcceptedAlgorithms HostbasedAuthentication HostKeyAlgorithms HostKeyAlias Hostname IdentitiesOnly IdentityAgent IdentityFile IPQoS KbdInteractiveAuthentication KbdInteractiveDevices KexAlgorithms KnownHostsCommand LocalCommand LocalForward LogLevel MACs Match NoHostAuthenticationForLocalhost NumberOfPasswordPrompts PasswordAuthentication PermitLocalCommand PermitRemoteOpen PKCS11Provider Port PreferredAuthentications ProxyCommand ProxyJump ProxyUseFdpass PubkeyAcceptedAlgorithms PubkeyAuthentication RekeyLimit RemoteCommand RemoteForward RequestTTY RequiredRSASize SendEnv ServerAliveInterval ServerAliveCountMax SessionType SetEnv StdinNull StreamLocalBindMask StreamLocalBindUnlink StrictHostKeyChecking TCPKeepAlive Tunnel TunnelDevice UpdateHostKeys User UserKnownHostsFile VerifyHostKeyDNS VisualHostKey XAuthLocation -P , ssh_config(5). Tag Match ssh_config(5), . -p , ' . . -Q _ : cipher ( ), cipher-auth ( , ), help ( -Q), mac ( ), kex ( ), key ( ), key-ca-sign ( ), key-cert ( ), key-plain ( ), key-sig ( ), protocol-version ( SSH) sig ( ). , _ - ssh_config(5) sshd_config(5), . -q . . -R [_':]::_ -R [_':]:_ -R _::_ -R _:_ -R [_':] , ' TCP Unix () . TCP Unix . ' Unix ' . ' , _, _, , , ssh - SOCKS 4/5 ' , ' SOCKS. . , root . IPv6 , . , TCP ' (loopback). _'. _' `*' , . _' , GatewayPorts (. sshd_config(5)). `0', , '. -O forward . -S _ ' "none", '. ControlPath ControlMaster ssh_config(5), . -s . SSH ( sftp(1)). . SessionType ssh_config(5), . -T . -t . screen , , , . -t tty, ssh tty. -V . -v . ssh . ' . -v . 3 . -W : . -N, -T, ExitOnForwardFailure ClearAllForwardings, -o. -w local_tun[:remote_tun] tun(4) (local_tun) (remote_tun). "any", . remote_tun , "any". . Tunnel TunnelDevice ssh_config(5). Tunnel , , "point-to-point". Tunnel, -w. -X X11. . X11 . ( X) X11 '. , . X11 X11 SECURITY. ssh -Y ForwardX11Trusted ssh_config(5) . -x X11. -Y X11. X11 X11 SECURITY. -y syslog(3). , stderr. ssh . ssh_config(5). OpenSSH SSH 2. : GSSAPI, , , . , , PreferredAuthentications. : , , /etc/hosts.equiv /etc/ssh/shosts.equiv , root, ' , ~/.rhosts ~/.shosts , , . , (. /etc/ssh/ssh_known_hosts ~/.ssh/known_hosts ), . IP, DNS . [ : /etc/hosts.equiv, ~/.rhosts rlogin/rsh -- , .] : , , , . , - . , . ssh : DSA, ECDSA, Ed25519 RSA. ssl(8) DSA RSA. ~/.ssh/authorized_keys , . , ssh , . , , , . , . , LogLevel DEBUG (, -v). ssh-keygen(1). ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA), ~/.ssh/id_ecdsa_sk (authenticator-hosted ECDSA), ~/.ssh/id_ed25519 (Ed25519), ~/.ssh/id_ed25519_sk (authenticator-hosted Ed25519), or ~/.ssh/id_rsa (RSA) ~/.ssh/id_dsa.pub (DSA), ~/.ssh/id_ecdsa.pub (ECDSA), ~/.ssh/id_ecdsa_sk.pub (authenticator-hosted ECDSA), ~/.ssh/id_ed25519.pub (Ed25519), ~/.ssh/id_ed25519_sk.pub (authenticator- hosted Ed25519), or ~/.ssh/id_rsa.pub (RSA) . ~/.ssh/authorized_keys . authorized_keys ~/.rhosts, , . , . : / , . , / . ssh-keygen(1), . . . ssh-agent(1) () AddKeysToAgent ssh_config(5), . : "" , . BSD (. login.conf(5)) PAM ( non-OpenBSD). , , ssh . ; , ' , . ssh , , . ~/.ssh/known_hosts . , /etc/ssh/ssh_known_hosts. . , ssh , , . , , StrictHostKeyChecking. , , , . . , , ssh (pty) , . -T -t. , , . , . "none" , tty. , ' X11 TCP . , ssh (escape). ~~ , . , , . EscapeChar -e. (, `~'): ~. '. ~^Z ssh . ~# '. ~& ssh ' X11. ~? . ~B BREAK (, ). ~C . -L, -R -D (. ). -KL[_':] , -KR[_:] -KD[_':] . ! , PermitLocalCommand ssh_config(5). -h. ~R ' (, ). ~V (LogLevel) stderr. ~v (LogLevel) stderr. TCP ' TCP , . TCP ' ; . IRC, IRC, ', . : ' ssh, , '. , ssh ' . IRC IRC "server.example.com", "#users" "pinky", IRC, 6667: $ ssh -f -L 6667:localhost:6667 server.example.com sleep 10 $ irc -c '#users' pinky IRC/127.0.0.1 -f ssh , "sleep 10" , ( , 10 ) , . ', ssh . X11 ForwardX11 "yes" (. -X, -x -Y ), X11 ( DISPLAY), ' X11 , X11, ( ) , ' X . DISPLAY . ' X11 . DISPLAY, ssh, , , . . , ssh "" - X ' . ssh Xauthority . , Xauthority , ' , , '. (, , ). ForwardAgent "yes" (. -A -a ) , ' . ' ( StrictHostKeyChecking). ssh-keygen(1): $ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key , . (MD5) , ssh-keygen(1) -E , . . VisualHostKey "yes", ASCII, , . , , , . , , , ' , , , . , : $ ssh-keygen -lv -f ~/.ssh/known_hosts , : SSH DNS. zonefile (RR), SSHFP, ' , . ' , "host.example.com". SSHFP host.example.com zonefile: $ ssh-keygen -r host.example.com. zonefile. , , : $ dig -t SSHFP host.example.com , ': $ ssh -o "VerifyHostKeyDNS ask" host.example.com [...] Matching host key fingerprint found in DNS. Are you sure you want to continue connecting (yes/no)? , VerifyHostKeyDNS ssh_config(5). SSH (VPN) ssh Virtual Private Network (VPN) tun(4). ' . sshd_config(5) PermitTunnel , , ( 2 3). ' 10.0.50.0/24 10.0.99.0/24 ' - 10.1.1.1 10.1.1.2, SSH, , 192.168.1.15, . : # ssh -f -w 0:1 192.168.1.15 true # ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252 # route add 10.0.99.0/24 10.1.1.2 : # ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252 # route add 10.0.50.0/24 10.1.1.1 /root/.ssh/authorized_keys (. ) PermitRootLogin. ' 1 tun(4) "jane" ' 2 tun "john", PermitRootLogin "forced-commands-only": tunnel="1",command="sh /etc/netstart tun1" ssh-rsa ... jane tunnel="2",command="sh /etc/netstart tun2" ssh-rsa ... john SSH , , VPN. , VPN , ipsecctl(8) isakmpd(8). , ssh : DISPLAY DISPLAY X11. ssh , "_:n", "_" , , `n' >= 1. ssh ' X11 . , DISPLAY , ' X11 ( ). HOME . LOGNAME USER; , . MAIL . PATH PATH, ssh. SSH_ASKPASS ssh , , . ssh ' , DISPLAY SSH_ASKPASS, , SSH_ASKPASS, X11 . , , ssh .xsession ' . (, , , /dev/null.) SSH_ASKPASS_REQUIRE askpass. "never", ssh . "prefer", ssh askpass TTY . , "force", askpass , , DISPLAY. SSH_AUTH_SOCK UNIX-domain, . SSH_CONNECTION '. : IP- , , IP- . SSH_ORIGINAL_COMMAND , . . SSH_TTY tty ( ), ' . tty, . SSH_TUNNEL sshd(8) , . SSH_USER_AUTH sshd(8). , - . TZ , , ( '). USER , . , ssh ~/.ssh/environment "_=" , . , PermitUserEnvironment sshd_config(5). ~/.rhosts (. ). , NFS, sshd(8) root. , ', - . - . ~/.shosts , .rhosts, rlogin/rsh. ~/.ssh/ . , -- // , . ~/.ssh/authorized_keys (DSA, ECDSA, Ed25519, RSA), . sshd(8). , -- / , . ~/.ssh/config . ssh_config(5). , : / . ~/.ssh/environment ; . . ~/.ssh/id_dsa ~/.ssh/id_ecdsa ~/.ssh/id_ecdsa_sk ~/.ssh/id_ed25519 ~/.ssh/id_ed25519_sk ~/.ssh/id_rsa . . , (, ). ssh , . . AES-128. ~/.ssh/id_dsa.pub ~/.ssh/id_ecdsa.pub ~/.ssh/id_ecdsa_sk.pub ~/.ssh/id_ed25519.pub ~/.ssh/id_ed25519_sk.pub ~/.ssh/id_rsa.pub . ( ') . ~/.ssh/known_hosts , , , . . sshd(8) . ~/.ssh/rc ssh , , ( ). . sshd(8) . /etc/hosts.equiv (. ). root. /etc/ssh/shosts.equiv , hosts.equiv, rlogin/rsh. /etc/ssh/ssh_config . ssh_config(5). /etc/ssh/ssh_host_key /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_rsa_key . . /etc/ssh/ssh_known_hosts . , . . sshd(8). /etc/ssh/sshrc ssh , , ( ). . sshd(8) . ssh 255, . . scp(1), sftp(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh-keyscan(1), tun(4), ssh_config(5), ssh-keysign(8), sshd(8) S. Lehtinen and C. Lonvick, The Secure Shell (SSH) Protocol Assigned Numbers, RFC 4250, January 2006. T. Ylonen and C. Lonvick, The Secure Shell (SSH) Protocol Architecture, RFC 4251, January 2006. T. Ylonen and C. Lonvick, The Secure Shell (SSH) Authentication Protocol, RFC 4252, January 2006. T. Ylonen and C. Lonvick, The Secure Shell (SSH) Transport Layer Protocol, RFC 4253, January 2006. T. Ylonen and C. Lonvick, The Secure Shell (SSH) Connection Protocol, RFC 4254, January 2006. J. Schlyter and W. Griffin, Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints, RFC 4255, January 2006. F. Cusack and M. Forssen, Generic Message Exchange Authentication for the Secure Shell Protocol (SSH), RFC 4256, January 2006. J. Galbraith and P. Remaker, The Secure Shell (SSH) Session Channel Break Extension, RFC 4335, January 2006. M. Bellare, T. Kohno, and C. Namprempre, The Secure Shell (SSH) Transport Layer Encryption Modes, RFC 4344, January 2006. B. Harris, Improved Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol, RFC 4345, January 2006. M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol, RFC 4419, March 2006. J. Galbraith and R. Thayer, The Secure Shell (SSH) Public Key File Format, RFC 4716, November 2006. D. Stebila and J. Green, Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer, RFC 5656, December 2009. A. Perrig and D. Song, Hash Visualization: a New Technique to improve Real-World Security, 1999, International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99). OpenSSH ssh 1.2.12, Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt Dug Song , OpenSSH. Markus Friedl SSH 1.5 2.0. lxlalexlxl , Andrij Mizyk , Andriy Rysin Yuri Chornoivan ; , GNU General Public License Version 3: https://www.gnu.org/licenses/gpl-3.0.html. . , , : trans-uk@lists.fedoraproject.org Linux 6.8.2-arch2-1 $Mdocdate: 11 2023 $ Linux 6.8.2-arch2-1