NAME ssh - OpenSSH SSH client (remote login program) SYNOPSIS ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command]
ssh used to log the remote host and execute commands on a remote host. Its purpose is to replace the rsh and rlogin, while over insecure networks, distrust between the two hosts, and provides encrypted, secure communication connection. X11 connections and arbitrary TCP / IP ports through this secure channel forward (forward). when the user through the connection and login host hostname, according to the version of the protocol used, the user must prove him to a remote host via one of the following methods / her identity:
Parameters
-a
connection prohibition forwards the authentication agent.
-A
allow forwarding authentication proxy connection. This parameter can be set individually for each host in the configuration file.
Forwarding agent caution. Some users can bypass file on the remote host access (Because proxy UNIX domain socket), they can access the local agent through the forwarded connection. An attacker can not obtain key material from the agent, but they can operate these keys, identity information is loaded into use on the proxy certified .
-b bind_address
on a machine with multiple interfaces or alias addresses, the specified transmit-receive interface.
-f
claim retreat in the background before executing the command. it is ready for, when asking for a password or passphrase, but the user desires it in the background. the option implies the -n option to start X11 programs on a remote machine recommended approach is similar to the ssh host xterm command -f.
-g
allow remote hosts a local port forwarding.
-i identity_file
specify an RSA or DSA identity authentication required (private key) file. the default file is the protocol of the first edition $ HOME / .ssh / identity and the protocol of the second edition of the $ HOME / .ssh / id_rsa and $ HOME / .ssh / id_dsa file can also be specified in the configuration file for each host a separate identity document can be used simultaneously multiple -i options (you can also specify multiple identity documents in the configuration file).
The -l login_name
specified user login to remote host. this parameter can be set individually for each host in the configuration file.
-n
redirect the stdin to / dev / null (actually prevents reading from stdin data). will use this option to run in the background. It is common technique is to run remote X11 program. For example, ssh -n shadows. cs.hut.fi emacs will start on shadows.cs.hut.fi emacs, and automatically forwarded X11 connections encrypted channels running in the background (but if the required password or passphrase, this approach will not work;.. see -f option.)
-N
does not execute remote commands for forwarding ports (protocol only second edition)
-o the option
where you can give some options, formats and configuration file format as it is used to set those options are not command-line switches.
-p port
port specifies the remote host. can be set in the configuration file for each individual host this parameter.
-q
quiet mode. eliminate all warnings and diagnostic information.
-s
request a remote system activating a subsystem subsystem is a characteristic SSH2 protocols, could assist other applications (e.g. SFTP) is used as the SSH secure access subsystem is specified by a remote command.
-t
force pseudo-terminal allocation may be performed on a remote machine any Full screen (screen-based) program, it is useful, for example, menu service. -T option to force the parallel distribution terminal, even without a local terminal.
-T
prohibits allocate a pseudo-terminal.
-V
For more redundant mode the print debug information about the operation of Very useful when debugging connection, authentication, and configuration problems. -V option can be connected in parallel to increase redundancy level of detail. Up to three.
-F configfile
Specify a user-level configuration file If you specify a configuration file on the command line, system-wide configuration file (/ etc / ssh / ssh_config) will be ignored by default user-level configuration file is the HOME $ / .ssh / config.
-L Port: Host: HostPort
local machine (the client) of a specified port forwarding to a remote machine specified port. works like this, and on the local machine is assigned a socket listening on port port, once you have this port, the connection is through safe channel forwards, while the remote host and host port of hostport establish a connection port forwarding can be specified in the configuration file only root can forward privileged ports IPv6 address format with another explanation:... port / host / hostport
-R port: host: hostport
forwards remote host (server) to a port terminal designated local machine specified port works like this, on a remote host assigned. socket listening on port port, once you have this port, the connection is through safe passage turned out, while the local host and host of hostport port to establish a connection. You can specify port forwarding in the configuration file. Only login as root remote host . can forward privileged ports IPv6 address in another format Description: port / Host / HostPort
-D port
Specify a local machine `` dynamic application port forwarding working principle is that, on the local machine is assigned a socket listening on port port, once you have this port, the connection is forwarded through a secure channel, depending on the application protocol program can determine where to connect the remote host and currently supports SOCKS4 protocol, will act as a SOCKS4 server only root can forward privileged ports can specify dynamic port forwarding in the configuration file....
-4
forced to use only IPv4 addresses.
- 6
mandatory use only IPv6 addresses.
Common usage examples:
SSH -p Port // ipaddr designated port
ssh -i id_rsa_pub username @ ipaddr // specified user authentication and private key file
ssh -i .ssh / id_rsa -L 27018: remote_addr: 27018 username @ remote_addr // ssh forwards the request to forward the request to open a local port 27018 to 27018 remote_addr of
ssh ipaddr -l usernmae // user logs into the remote host
ssh ipaddr ls // connect to a remote host ls command
ssh-copy-id -i id_rsa_pub username @ ipaddr // copy authrized_keys file in the local public key to the remote host username users