# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2024-02-15 18:11+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Dd #: archlinux debian-unstable fedora-40 fedora-rawhide #, no-wrap msgid "$Mdocdate: October 11 2023 $" msgstr "" #. type: Dt #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SSH 1" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "NAME" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "E<.Nm ssh>" msgstr "" #. type: Nd #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "OpenSSH remote login client" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SYNOPSIS" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "E<.Nm ssh> E<.Op Fl 46AaCfGgKkMNnqsTtVvXxYy> E<.Op Fl B Ar bind_interface> " "E<.Op Fl b Ar bind_address> E<.Op Fl c Ar cipher_spec> E<.Op Fl D Oo Ar " "bind_address : Oc Ns Ar port> E<.Op Fl E Ar log_file> E<.Op Fl e Ar " "escape_char> E<.Op Fl F Ar configfile> E<.Op Fl I Ar pkcs11> E<.Op Fl i Ar " "identity_file> E<.Op Fl J Ar destination> E<.Op Fl L Ar address> E<.Op Fl l " "Ar login_name> E<.Op Fl m Ar mac_spec> E<.Op Fl O Ar ctl_cmd> E<.Op Fl o Ar " "option> E<.Op Fl P Ar tag> E<.Op Fl p Ar port> E<.Op Fl R Ar address> E<.Op " "Fl S Ar ctl_path> E<.Op Fl W Ar host : Ns Ar port> E<.Op Fl w Ar local_tun " "Ns Op : Ns Ar remote_tun> E<.Ar destination> E<.Op Ar command Op Ar " "argument ...> E<.Nm> E<.Op Fl Q Ar query_option>" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "DESCRIPTION" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Nm> (SSH client) is a program for logging into a remote machine and for " "executing commands on a remote machine. It is intended to provide secure " "encrypted communications between two untrusted hosts over an insecure " "network. X11 connections, arbitrary TCP ports and E<.Ux Ns -domain> sockets " "can also be forwarded over the secure channel." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Nm> connects and logs into the specified E<.Ar destination>, which may be " "specified as either E<.Sm off> E<.Oo user @ Oc hostname> E<.Sm on> or a URI " "of the form E<.Sm off> E<.No ssh:// Oo user @ Oc hostname Op : port>. E<.Sm " "on> The user must prove their identity to the remote machine using one of " "several methods (see below)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If a E<.Ar command> is specified, it will be executed on the remote host " "instead of a login shell. A complete command line may be specified as E<.Ar " "command>, or it may have additional arguments. If supplied, the arguments " "will be appended to the command, separated by spaces, before it is sent to " "the server to be executed." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The options are as follows:" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl 4" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Forces E<.Nm> to use IPv4 addresses only." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl 6" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Forces E<.Nm> to use IPv6 addresses only." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl A" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Enables forwarding of connections from an authentication agent such as E<.Xr " "ssh-agent 1>. This can also be specified on a per-host basis in a " "configuration file." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Agent forwarding should be enabled with caution. Users with the ability to " "bypass file permissions on the remote host (for the agent's E<.Ux Ns -" "domain> socket) can access the local agent through the forwarded " "connection. An attacker cannot obtain key material from the agent, however " "they can perform operations on the keys that enable them to authenticate " "using the identities loaded into the agent. A safer alternative may be to " "use a jump host (see E<.Fl J>)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl a" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Disables forwarding of the authentication agent connection." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl B Ar bind_interface" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Bind to the address of E<.Ar bind_interface> before attempting to connect to " "the destination host. This is only useful on systems with more than one " "address." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl b Ar bind_address" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Use E<.Ar bind_address> on the local machine as the source address of the " "connection. Only useful on systems with more than one address." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl C" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Requests compression of all data (including stdin, stdout, stderr, and data " "for forwarded X11, TCP and E<.Ux Ns -domain> connections). The compression " "algorithm is the same used by E<.Xr gzip 1>. Compression is desirable on " "modem lines and other slow connections, but will only slow down things on " "fast networks. The default value can be set on a host-by-host basis in the " "configuration files; see the E<.Cm Compression> option in E<.Xr ssh_config " "5>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl c Ar cipher_spec" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Selects the cipher specification for encrypting the session. E<.Ar " "cipher_spec> is a comma-separated list of ciphers listed in order of " "preference. See the E<.Cm Ciphers> keyword in E<.Xr ssh_config 5> for more " "information." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl D Xo" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Sm off> E<.Oo Ar bind_address : Oc> E<.Ar port> E<.Sm on> E<.Xc> " "Specifies a local E<.Dq dynamic> application-level port forwarding. This " "works by allocating a socket to listen to E<.Ar port> on the local side, " "optionally bound to the specified E<.Ar bind_address>. Whenever a " "connection is made to this port, the connection is forwarded over the secure " "channel, and the application protocol is then used to determine where to " "connect to from the remote machine. Currently the SOCKS4 and SOCKS5 " "protocols are supported, and E<.Nm> will act as a SOCKS server. Only root " "can forward privileged ports. Dynamic port forwardings can also be " "specified in the configuration file." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "IPv6 addresses can be specified by enclosing the address in square " "brackets. Only the superuser can forward privileged ports. By default, the " "local port is bound in accordance with the E<.Cm GatewayPorts> setting. " "However, an explicit E<.Ar bind_address> may be used to bind the connection " "to a specific address. The E<.Ar bind_address> of E<.Dq localhost> " "indicates that the listening port be bound for local use only, while an " "empty address or E<.Sq *> indicates that the port should be available from " "all interfaces." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl E Ar log_file" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Append debug logs to E<.Ar log_file> instead of standard error." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl e Ar escape_char" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Sets the escape character for sessions with a pty (default: E<.Ql ~>). The " "escape character is only recognized at the beginning of a line. The escape " "character followed by a dot E<.Pq Ql \\&.> closes the connection; followed " "by control-Z suspends the connection; and followed by itself sends the " "escape character once. Setting the character to E<.Dq none> disables any " "escapes and makes the session fully transparent." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl F Ar configfile" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies an alternative per-user configuration file. If a configuration " "file is given on the command line, the system-wide configuration file E<.Pq " "Pa /etc/ssh/ssh_config> will be ignored. The default for the per-user " "configuration file is E<.Pa ~/.ssh/config>. If set to E<.Dq none>, no " "configuration files will be read." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl f" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Requests E<.Nm> to go to background just before command execution. This is " "useful if E<.Nm> is going to ask for passwords or passphrases, but the user " "wants it in the background. This implies E<.Fl n>. The recommended way to " "start X11 programs at a remote site is with something like E<.Ic ssh -f host " "xterm>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If the E<.Cm ExitOnForwardFailure> configuration option is set to E<.Dq " "yes>, then a client started with E<.Fl f> will wait for all remote port " "forwards to be successfully established before placing itself in the " "background. Refer to the description of E<.Cm ForkAfterAuthentication> in " "E<.Xr ssh_config 5> for details." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl G" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Causes E<.Nm> to print its configuration after evaluating E<.Cm Host> and E<." "Cm Match> blocks and exit." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl g" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Allows remote hosts to connect to local forwarded ports. If used on a " "multiplexed connection, then this option must be specified on the master " "process." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl I Ar pkcs11" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specify the PKCS#11 shared library E<.Nm> should use to communicate with a " "PKCS#11 token providing keys for user authentication." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl i Ar identity_file" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Selects a file from which the identity (private key) for public key " "authentication is read. You can also specify a public key file to use the " "corresponding private key that is loaded in E<.Xr ssh-agent 1> when the " "private key file is not present locally. The default is E<.Pa ~/.ssh/" "id_rsa>, E<.Pa ~/.ssh/id_ecdsa>, E<.Pa ~/.ssh/id_ecdsa_sk>, E<.Pa ~/.ssh/" "id_ed25519>, E<.Pa ~/.ssh/id_ed25519_sk> and E<.Pa ~/.ssh/id_dsa>. Identity " "files may also be specified on a per-host basis in the configuration file. " "It is possible to have multiple E<.Fl i> options (and multiple identities " "specified in configuration files). If no certificates have been explicitly " "specified by the E<.Cm CertificateFile> directive, E<.Nm> will also try to " "load certificate information from the filename obtained by appending E<.Pa -" "cert.pub> to identity filenames." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl J Ar destination" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "Connect to the target host by first making an E<.Nm> connection to the jump " "host described by E<.Ar destination> and then establishing a TCP forwarding " "to the ultimate destination from there. Multiple jump hops may be specified " "separated by comma characters. This is a shortcut to specify a E<.Cm " "ProxyJump> configuration directive. Note that configuration directives " "supplied on the command-line generally apply to the destination host and not " "any specified jump hosts. Use E<.Pa ~/.ssh/config> to specify configuration " "for jump hosts." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl K" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI " "credentials to the server." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl k" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Disables forwarding (delegation) of GSSAPI credentials to the server." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl L Xo" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Sm off> E<.Oo Ar bind_address : Oc> E<.Ar port : host : hostport> E<.Sm " "on> E<.Xc>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Sm off> E<.Oo Ar bind_address : Oc> E<.Ar port : remote_socket> E<.Sm on> " "E<.Xc>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "E<.Sm off> E<.Ar local_socket : host : hostport> E<.Sm on> E<.Xc>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Sm off> E<.Ar local_socket : remote_socket> E<.Sm on> E<.Xc> Specifies " "that connections to the given TCP port or Unix socket on the local (client) " "host are to be forwarded to the given host and port, or Unix socket, on the " "remote side. This works by allocating a socket to listen to either a TCP E<." "Ar port> on the local side, optionally bound to the specified E<.Ar " "bind_address>, or to a Unix socket. Whenever a connection is made to the " "local port or socket, the connection is forwarded over the secure channel, " "and a connection is made to either E<.Ar host> port E<.Ar hostport>, or the " "Unix socket E<.Ar remote_socket>, from the remote machine." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Port forwardings can also be specified in the configuration file. Only the " "superuser can forward privileged ports. IPv6 addresses can be specified by " "enclosing the address in square brackets." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "By default, the local port is bound in accordance with the E<.Cm " "GatewayPorts> setting. However, an explicit E<.Ar bind_address> may be used " "to bind the connection to a specific address. The E<.Ar bind_address> of E<." "Dq localhost> indicates that the listening port be bound for local use only, " "while an empty address or E<.Sq *> indicates that the port should be " "available from all interfaces." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl l Ar login_name" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the user to log in as on the remote machine. This also may be " "specified on a per-host basis in the configuration file." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl M" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Places the E<.Nm> client into E<.Dq master> mode for connection sharing. " "Multiple E<.Fl M> options places E<.Nm> into E<.Dq master> mode but with " "confirmation required using E<.Xr ssh-askpass 1> before each operation that " "changes the multiplexing state (e.g. opening a new session). Refer to the " "description of E<.Cm ControlMaster> in E<.Xr ssh_config 5> for details." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl m Ar mac_spec" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "A comma-separated list of MAC (message authentication code) algorithms, " "specified in order of preference. See the E<.Cm MACs> keyword in E<.Xr " "ssh_config 5> for more information." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl N" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Do not execute a remote command. This is useful for just forwarding ports. " "Refer to the description of E<.Cm SessionType> in E<.Xr ssh_config 5> for " "details." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Redirects stdin from E<.Pa /dev/null> (actually, prevents reading from " "stdin). This must be used when E<.Nm> is run in the background. A common " "trick is to use this to run X11 programs on a remote machine. For example, " "E<.Ic ssh -n shadows.cs.hut.fi emacs &> will start an emacs on shadows.cs." "hut.fi, and the X11 connection will be automatically forwarded over an " "encrypted channel. The E<.Nm> program will be put in the background. (This " "does not work if E<.Nm> needs to ask for a password or passphrase; see also " "the E<.Fl f> option.) Refer to the description of E<.Cm StdinNull> in E<.Xr " "ssh_config 5> for details." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl O Ar ctl_cmd" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Control an active connection multiplexing master process. When the E<.Fl O> " "option is specified, the E<.Ar ctl_cmd> argument is interpreted and passed " "to the master process. Valid commands are: E<.Dq check> (check that the " "master process is running), E<.Dq forward> (request forwardings without " "command execution), E<.Dq cancel> (cancel forwardings), E<.Dq exit> (request " "the master to exit), and E<.Dq stop> (request the master to stop accepting " "further multiplexing requests)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl o Ar option" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Can be used to give options in the format used in the configuration file. " "This is useful for specifying options for which there is no separate command-" "line flag. For full details of the options listed below, and their possible " "values, see E<.Xr ssh_config 5>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "AddKeysToAgent" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "AddressFamily" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "BatchMode" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "BindAddress" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "CanonicalDomains" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "CanonicalizeFallbackLocal" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "CanonicalizeHostname" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "CanonicalizeMaxDots" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "CanonicalizePermittedCNAMEs" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "CASignatureAlgorithms" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "CertificateFile" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "CheckHostIP" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ciphers" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ClearAllForwardings" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Compression" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ConnectionAttempts" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ConnectTimeout" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ControlMaster" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ControlPath" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ControlPersist" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "DynamicForward" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "EnableEscapeCommandline" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "EscapeChar" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ExitOnForwardFailure" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "FingerprintHash" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ForkAfterAuthentication" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ForwardAgent" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ForwardX11" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ForwardX11Timeout" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ForwardX11Trusted" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "GatewayPorts" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "GlobalKnownHostsFile" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "GSSAPIAuthentication" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "GSSAPIDelegateCredentials" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "HashKnownHosts" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Host" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "HostbasedAcceptedAlgorithms" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "HostbasedAuthentication" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "HostKeyAlgorithms" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "HostKeyAlias" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Hostname" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "IdentitiesOnly" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "IdentityAgent" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "IdentityFile" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "IPQoS" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "KbdInteractiveAuthentication" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "KbdInteractiveDevices" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "KexAlgorithms" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "KnownHostsCommand" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "LocalCommand" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "LocalForward" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "LogLevel" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "MACs" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Match" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "NoHostAuthenticationForLocalhost" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "NumberOfPasswordPrompts" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "PasswordAuthentication" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "PermitLocalCommand" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "PermitRemoteOpen" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "PKCS11Provider" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Port" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "PreferredAuthentications" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ProxyCommand" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ProxyJump" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ProxyUseFdpass" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "PubkeyAcceptedAlgorithms" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "PubkeyAuthentication" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "RekeyLimit" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "RemoteCommand" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "RemoteForward" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "RequestTTY" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "RequiredRSASize" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SendEnv" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ServerAliveInterval" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ServerAliveCountMax" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SessionType" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SetEnv" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "StdinNull" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "StreamLocalBindMask" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "StreamLocalBindUnlink" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "StrictHostKeyChecking" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "TCPKeepAlive" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Tunnel" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "TunnelDevice" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "UpdateHostKeys" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "User" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "UserKnownHostsFile" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "VerifyHostKeyDNS" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "VisualHostKey" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "XAuthLocation" msgstr "" #. type: It #: archlinux debian-unstable fedora-40 fedora-rawhide #, no-wrap msgid "Fl P Ar tag" msgstr "" #. type: Plain text #: archlinux debian-unstable fedora-40 fedora-rawhide msgid "" "Specify a tag name that may be used to select configuration in E<.Xr " "ssh_config 5>. Refer to the E<.Cm Tag> and E<.Cm Match> keywords in E<.Xr " "ssh_config 5> for more information." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl p Ar port" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Port to connect to on the remote host. This can be specified on a per-host " "basis in the configuration file." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl Q Ar query_option" msgstr "" #. type: Plain text #: archlinux msgid "" "Queries for the algorithms supported by one of the following features: E<.Ar " "cipher> (supported symmetric ciphers), E<.Ar cipher-auth> (supported " "symmetric ciphers that support authenticated encryption), E<.Ar help> " "(supported query terms for use with the E<.Fl Q> flag), E<.Ar mac> " "(supported message integrity codes), E<.Ar kex> (key exchange algorithms), " "E<.Ar key> (key types), E<.Ar key-ca-sign> (valid CA signature algorithms " "for certificates), E<.Ar key-cert> (certificate key types), E<.Ar key-plain> " "(non-certificate key types), E<.Ar key-sig> (all key types and signature " "algorithms), E<.Ar protocol-version> (supported SSH protocol versions), and " "E<.Ar sig> (supported signature algorithms). Alternatively, any keyword " "from E<.Xr ssh_config 5> or E<.Xr sshd_config 5> that takes an algorithm " "list may be used as an alias for the corresponding query_option." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl q" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Quiet mode. Causes most warning and diagnostic messages to be suppressed." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl R Xo" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Sm off> E<.Oo Ar bind_address : Oc> E<.Ar port : local_socket> E<.Sm on> " "E<.Xc>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "E<.Sm off> E<.Ar remote_socket : host : hostport> E<.Sm on> E<.Xc>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "E<.Sm off> E<.Ar remote_socket : local_socket> E<.Sm on> E<.Xc>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Sm off> E<.Oo Ar bind_address : Oc> E<.Ar port> E<.Sm on> E<.Xc> " "Specifies that connections to the given TCP port or Unix socket on the " "remote (server) host are to be forwarded to the local side." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "This works by allocating a socket to listen to either a TCP E<.Ar port> or " "to a Unix socket on the remote side. Whenever a connection is made to this " "port or Unix socket, the connection is forwarded over the secure channel, " "and a connection is made from the local machine to either an explicit " "destination specified by E<.Ar host> port E<.Ar hostport>, or E<.Ar " "local_socket>, or, if no explicit destination was specified, E<.Nm> will act " "as a SOCKS 4/5 proxy and forward connections to the destinations requested " "by the remote SOCKS client." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Port forwardings can also be specified in the configuration file. " "Privileged ports can be forwarded only when logging in as root on the remote " "machine. IPv6 addresses can be specified by enclosing the address in square " "brackets." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "By default, TCP listening sockets on the server will be bound to the " "loopback interface only. This may be overridden by specifying a E<.Ar " "bind_address>. An empty E<.Ar bind_address>, or the address E<.Ql *>, " "indicates that the remote socket should listen on all interfaces. " "Specifying a remote E<.Ar bind_address> will only succeed if the server's E<." "Cm GatewayPorts> option is enabled (see E<.Xr sshd_config 5>)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If the E<.Ar port> argument is E<.Ql 0>, the listen port will be dynamically " "allocated on the server and reported to the client at run time. When used " "together with E<.Ic -O forward>, the allocated port will be printed to the " "standard output." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl S Ar ctl_path" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Specifies the location of a control socket for connection sharing, or the " "string E<.Dq none> to disable connection sharing. Refer to the description " "of E<.Cm ControlPath> and E<.Cm ControlMaster> in E<.Xr ssh_config 5> for " "details." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl s" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "May be used to request invocation of a subsystem on the remote system. " "Subsystems facilitate the use of SSH as a secure transport for other " "applications (e.g.\\& E<.Xr sftp 1>). The subsystem is specified as the " "remote command. Refer to the description of E<.Cm SessionType> in E<.Xr " "ssh_config 5> for details." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl T" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Disable pseudo-terminal allocation." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl t" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Force pseudo-terminal allocation. This can be used to execute arbitrary " "screen-based programs on a remote machine, which can be very useful, e.g. " "when implementing menu services. Multiple E<.Fl t> options force tty " "allocation, even if E<.Nm> has no local tty." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl V" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Display the version number and exit." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl v" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Verbose mode. Causes E<.Nm> to print debugging messages about its " "progress. This is helpful in debugging connection, authentication, and " "configuration problems. Multiple E<.Fl v> options increase the verbosity. " "The maximum is 3." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl W Ar host : Ns Ar port" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Requests that standard input and output on the client be forwarded to E<.Ar " "host> on E<.Ar port> over the secure channel. Implies E<.Fl N>, E<.Fl T>, " "E<.Cm ExitOnForwardFailure> and E<.Cm ClearAllForwardings>, though these can " "be overridden in the configuration file or using E<.Fl o> command line " "options." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl w Xo" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Ar local_tun Ns Op : Ns Ar remote_tun> E<.Xc> Requests tunnel device " "forwarding with the specified E<.Xr tun 4> devices between the client E<.Pq " "Ar local_tun> and the server E<.Pq Ar remote_tun>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The devices may be specified by numerical ID or the keyword E<.Dq any>, " "which uses the next available tunnel device. If E<.Ar remote_tun> is not " "specified, it defaults to E<.Dq any>. See also the E<.Cm Tunnel> and E<.Cm " "TunnelDevice> directives in E<.Xr ssh_config 5>." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If the E<.Cm Tunnel> directive is unset, it will be set to the default " "tunnel mode, which is E<.Dq point-to-point>. If a different E<.Cm Tunnel> " "forwarding mode it desired, then it should be specified before E<.Fl w>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl X" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Enables X11 forwarding. This can also be specified on a per-host basis in a " "configuration file." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "X11 forwarding should be enabled with caution. Users with the ability to " "bypass file permissions on the remote host (for the user's X authorization " "database) can access the local X11 display through the forwarded " "connection. An attacker may then be able to perform activities such as " "keystroke monitoring." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "For this reason, X11 forwarding is subjected to X11 SECURITY extension " "restrictions by default. Refer to the E<.Nm> E<.Fl Y> option and the E<.Cm " "ForwardX11Trusted> directive in E<.Xr ssh_config 5> for more information." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl x" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Disables X11 forwarding." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl Y" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Enables trusted X11 forwarding. Trusted X11 forwardings are not subjected " "to the X11 SECURITY extension controls." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Fl y" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Send log information using the E<.Xr syslog 3> system module. By default " "this information is sent to stderr." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Nm> may additionally obtain configuration data from a per-user " "configuration file and a system-wide configuration file. The file format " "and configuration options are described in E<.Xr ssh_config 5>." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "AUTHENTICATION" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The OpenSSH SSH client supports SSH protocol 2." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The methods available for authentication are: GSSAPI-based authentication, " "host-based authentication, public key authentication, keyboard-interactive " "authentication, and password authentication. Authentication methods are " "tried in the order specified above, though E<.Cm PreferredAuthentications> " "can be used to change the default order." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Host-based authentication works as follows: If the machine the user logs in " "from is listed in E<.Pa /etc/hosts.equiv> or E<.Pa /etc/ssh/shosts.equiv> on " "the remote machine, the user is non-root and the user names are the same on " "both sides, or if the files E<.Pa ~/.rhosts> or E<.Pa ~/.shosts> exist in " "the user's home directory on the remote machine and contain a line " "containing the name of the client machine and the name of the user on that " "machine, the user is considered for login. Additionally, the server E<.Em " "must> be able to verify the client's host key (see the description of E<.Pa /" "etc/ssh/ssh_known_hosts> and E<.Pa ~/.ssh/known_hosts>, below) for login to " "be permitted. This authentication method closes security holes due to IP " "spoofing, DNS spoofing, and routing spoofing. [Note to the administrator: " "E<.Pa /etc/hosts.equiv>, E<.Pa ~/.rhosts>, and the rlogin/rsh protocol in " "general, are inherently insecure and should be disabled if security is " "desired.]" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron msgid "" "Public key authentication works as follows: The scheme is based on public-" "key cryptography, using cryptosystems where encryption and decryption are " "done using separate keys, and it is unfeasible to derive the decryption key " "from the encryption key. The idea is that each user creates a public/" "private key pair for authentication purposes. The server knows the public " "key, and only the user knows the private key. E<.Nm> implements public key " "authentication protocol automatically, using one of the DSA, ECDSA, Ed25519 " "or RSA algorithms. The HISTORY section of E<.Xr ssl 8> contains a brief " "discussion of the DSA and RSA algorithms." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The file E<.Pa ~/.ssh/authorized_keys> lists the public keys that are " "permitted for logging in. When the user logs in, the E<.Nm> program tells " "the server which key pair it would like to use for authentication. The " "client proves that it has access to the private key and the server checks " "that the corresponding public key is authorized to accept the account." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The server may inform the client of errors that prevented public key " "authentication from succeeding after authentication completes using a " "different method. These may be viewed by increasing the E<.Cm LogLevel> to " "E<.Cm DEBUG> or higher (e.g. by using the E<.Fl v> flag)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The user creates their key pair by running E<.Xr ssh-keygen 1>. This stores " "the private key in E<.Pa ~/.ssh/id_dsa> (DSA), E<.Pa ~/.ssh/id_ecdsa> " "(ECDSA), E<.Pa ~/.ssh/id_ecdsa_sk> (authenticator-hosted ECDSA), E<.Pa ~/." "ssh/id_ed25519> (Ed25519), E<.Pa ~/.ssh/id_ed25519_sk> (authenticator-hosted " "Ed25519), or E<.Pa ~/.ssh/id_rsa> (RSA) and stores the public key in E<.Pa " "~/.ssh/id_dsa.pub> (DSA), E<.Pa ~/.ssh/id_ecdsa.pub> (ECDSA), E<.Pa ~/.ssh/" "id_ecdsa_sk.pub> (authenticator-hosted ECDSA), E<.Pa ~/.ssh/id_ed25519.pub> " "(Ed25519), E<.Pa ~/.ssh/id_ed25519_sk.pub> (authenticator-hosted Ed25519), " "or E<.Pa ~/.ssh/id_rsa.pub> (RSA) in the user's home directory. The user " "should then copy the public key to E<.Pa ~/.ssh/authorized_keys> in their " "home directory on the remote machine. The E<.Pa authorized_keys> file " "corresponds to the conventional E<.Pa ~/.rhosts> file, and has one key per " "line, though the lines can be very long. After this, the user can log in " "without giving the password." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "A variation on public key authentication is available in the form of " "certificate authentication: instead of a set of public/private keys, signed " "certificates are used. This has the advantage that a single trusted " "certification authority can be used in place of many public/private keys. " "See the CERTIFICATES section of E<.Xr ssh-keygen 1> for more information." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The most convenient way to use public key or certificate authentication may " "be with an authentication agent. See E<.Xr ssh-agent 1> and (optionally) " "the E<.Cm AddKeysToAgent> directive in E<.Xr ssh_config 5> for more " "information." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Keyboard-interactive authentication works as follows: The server sends an " "arbitrary E<.Qq challenge> text and prompts for a response, possibly " "multiple times. Examples of keyboard-interactive authentication include E<." "Bx> Authentication (see E<.Xr login.conf 5>) and PAM (some E<.Pf non- Ox> " "systems)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Finally, if other authentication methods fail, E<.Nm> prompts the user for a " "password. The password is sent to the remote host for checking; however, " "since all communications are encrypted, the password cannot be seen by " "someone listening on the network." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Nm> automatically maintains and checks a database containing " "identification for all hosts it has ever been used with. Host keys are " "stored in E<.Pa ~/.ssh/known_hosts> in the user's home directory. " "Additionally, the file E<.Pa /etc/ssh/ssh_known_hosts> is automatically " "checked for known hosts. Any new hosts are automatically added to the " "user's file. If a host's identification ever changes, E<.Nm> warns about " "this and disables password authentication to prevent server spoofing or man-" "in-the-middle attacks, which could otherwise be used to circumvent the " "encryption. The E<.Cm StrictHostKeyChecking> option can be used to control " "logins to machines whose host key is not known or has changed." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "When the user's identity has been accepted by the server, the server either " "executes the given command in a non-interactive session or, if no command " "has been specified, logs into the machine and gives the user a normal shell " "as an interactive session. All communication with the remote command or " "shell will be automatically encrypted." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If an interactive session is requested, E<.Nm> by default will only request " "a pseudo-terminal (pty) for interactive sessions when the client has one. " "The flags E<.Fl T> and E<.Fl t> can be used to override this behaviour." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If a pseudo-terminal has been allocated, the user may use the escape " "characters noted below." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If no pseudo-terminal has been allocated, the session is transparent and can " "be used to reliably transfer binary data. On most systems, setting the " "escape character to E<.Dq none> will also make the session transparent even " "if a tty is used." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The session terminates when the command or shell on the remote machine exits " "and all X11 and TCP connections have been closed." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ESCAPE CHARACTERS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "When a pseudo-terminal has been requested, E<.Nm> supports a number of " "functions through the use of an escape character." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "A single tilde character can be sent as E<.Ic ~~> or by following the tilde " "by a character other than those described below. The escape character must " "always follow a newline to be interpreted as special. The escape character " "can be changed in configuration files using the E<.Cm EscapeChar> " "configuration directive or on the command line by the E<.Fl e> option." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "The supported escapes (assuming the default E<.Ql ~>) are:" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ~." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Disconnect." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ~^Z" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Background E<.Nm>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ~#" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "List forwarded connections." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ~&" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Background E<.Nm> at logout when waiting for forwarded connection / X11 " "sessions to terminate." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ~?" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Display a list of escape characters." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ~B" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Send a BREAK to the remote system (only useful if the peer supports it)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ~C" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Open command line. Currently this allows the addition of port forwardings " "using the E<.Fl L>, E<.Fl R> and E<.Fl D> options (see above). It also " "allows the cancellation of existing port-forwardings with E<.Sm off> E<.Fl " "KL Oo Ar bind_address : Oc Ar port> E<.Sm on> for local, E<.Sm off> E<.Fl KR " "Oo Ar bind_address : Oc Ar port> E<.Sm on> for remote and E<.Sm off> E<.Fl " "KD Oo Ar bind_address : Oc Ar port> E<.Sm on> for dynamic port-forwardings. " "E<.Ic !\\& Ns Ar command> allows the user to execute a local command if the " "E<.Ic PermitLocalCommand> option is enabled in E<.Xr ssh_config 5>. Basic " "help is available, using the E<.Fl h> option." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ~R" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Request rekeying of the connection (only useful if the peer supports it)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ~V" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Decrease the verbosity E<.Pq Ic LogLevel> when errors are being written to " "stderr." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Cm ~v" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Increase the verbosity E<.Pq Ic LogLevel> when errors are being written to " "stderr." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "TCP FORWARDING" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Forwarding of arbitrary TCP connections over a secure channel can be " "specified either on the command line or in a configuration file. One " "possible application of TCP forwarding is a secure connection to a mail " "server; another is going through firewalls." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "In the example below, we look at encrypting communication for an IRC client, " "even though the IRC server it connects to does not directly support " "encrypted communication. This works as follows: the user connects to the " "remote host using E<.Nm>, specifying the ports to be used to forward the " "connection. After that it is possible to start the program locally, and E<." "Nm> will encrypt and forward the connection to the remote server." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The following example tunnels an IRC session from the client to an IRC " "server at E<.Dq server.example.com>, joining channel E<.Dq #users>, nickname " "E<.Dq pinky>, using the standard IRC port, 6667:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "" "$ ssh -f -L 6667:localhost:6667 server.example.com sleep 10\n" "$ irc -c '#users' pinky IRC/127.0.0.1\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The E<.Fl f> option backgrounds E<.Nm> and the remote command E<.Dq sleep " "10> is specified to allow an amount of time (10 seconds, in the example) to " "start the program which is going to use the tunnel. If no connections are " "made within the time specified, E<.Nm> will exit." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "X11 FORWARDING" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If the E<.Cm ForwardX11> variable is set to E<.Dq yes> (or see the " "description of the E<.Fl X>, E<.Fl x>, and E<.Fl Y> options above) and the " "user is using X11 (the E<.Ev DISPLAY> environment variable is set), the " "connection to the X11 display is automatically forwarded to the remote side " "in such a way that any X11 programs started from the shell (or command) will " "go through the encrypted channel, and the connection to the real X server " "will be made from the local machine. The user should not manually set E<.Ev " "DISPLAY>. Forwarding of X11 connections can be configured on the command " "line or in configuration files." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The E<.Ev DISPLAY> value set by E<.Nm> will point to the server machine, but " "with a display number greater than zero. This is normal, and happens " "because E<.Nm> creates a E<.Dq proxy> X server on the server machine for " "forwarding the connections over the encrypted channel." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Nm> will also automatically set up Xauthority data on the server " "machine. For this purpose, it will generate a random authorization cookie, " "store it in Xauthority on the server, and verify that any forwarded " "connections carry this cookie and replace it by the real cookie when the " "connection is opened. The real authentication cookie is never sent to the " "server machine (and no cookies are sent in the plain)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If the E<.Cm ForwardAgent> variable is set to E<.Dq yes> (or see the " "description of the E<.Fl A> and E<.Fl a> options above) and the user is " "using an authentication agent, the connection to the agent is automatically " "forwarded to the remote side." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "VERIFYING HOST KEYS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "When connecting to a server for the first time, a fingerprint of the " "server's public key is presented to the user (unless the option E<.Cm " "StrictHostKeyChecking> has been disabled). Fingerprints can be determined " "using E<.Xr ssh-keygen 1>:" msgstr "" #. type: Dl #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "$ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If the fingerprint is already known, it can be matched and the key can be " "accepted or rejected. If only legacy (MD5) fingerprints for the server are " "available, the E<.Xr ssh-keygen 1> E<.Fl E> option may be used to downgrade " "the fingerprint algorithm to match." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Because of the difficulty of comparing host keys just by looking at " "fingerprint strings, there is also support to compare host keys visually, " "using E<.Em random art>. By setting the E<.Cm VisualHostKey> option to E<." "Dq yes>, a small ASCII graphic gets displayed on every login to a server, no " "matter if the session itself is interactive or not. By learning the pattern " "a known server produces, a user can easily find out that the host key has " "changed when a completely different pattern is displayed. Because these " "patterns are not unambiguous however, a pattern that looks similar to the " "pattern remembered only gives a good probability that the host key is the " "same, not guaranteed proof." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "To get a listing of the fingerprints along with their random art for all " "known hosts, the following command line can be used:" msgstr "" #. type: Dl #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "$ ssh-keygen -lv -f ~/.ssh/known_hosts" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If the fingerprint is unknown, an alternative method of verification is " "available: SSH fingerprints verified by DNS. An additional resource record " "(RR), SSHFP, is added to a zonefile and the connecting client is able to " "match the fingerprint with that of the key presented." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "In this example, we are connecting a client to a server, E<.Dq host.example." "com>. The SSHFP resource records should first be added to the zonefile for " "host.example.com:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "$ ssh-keygen -r host.example.com.\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The output lines will have to be added to the zonefile. To check that the " "zone is answering fingerprint queries:" msgstr "" #. type: Dl #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "$ dig -t SSHFP host.example.com" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Finally the client connects:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "" "$ ssh -o \"VerifyHostKeyDNS ask\" host.example.com\n" "[...]\n" "Matching host key fingerprint found in DNS.\n" "Are you sure you want to continue connecting (yes/no)?\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "See the E<.Cm VerifyHostKeyDNS> option in E<.Xr ssh_config 5> for more " "information." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SSH-BASED VIRTUAL PRIVATE NETWORKS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Nm> contains support for Virtual Private Network (VPN) tunnelling using " "the E<.Xr tun 4> network pseudo-device, allowing two networks to be joined " "securely. The E<.Xr sshd_config 5> configuration option E<.Cm PermitTunnel> " "controls whether the server supports this, and at what level (layer 2 or 3 " "traffic)." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The following example would connect client network 10.0.50.0/24 with remote " "network 10.0.99.0/24 using a point-to-point connection from 10.1.1.1 to " "10.1.1.2, provided that the SSH server running on the gateway to the remote " "network, at 192.168.1.15, allows it." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "On the client:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "" "# ssh -f -w 0:1 192.168.1.15 true\n" "# ifconfig tun0 10.1.1.1 10.1.1.2 netmask 255.255.255.252\n" "# route add 10.0.99.0/24 10.1.1.2\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "On the server:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "" "# ifconfig tun1 10.1.1.2 10.1.1.1 netmask 255.255.255.252\n" "# route add 10.0.50.0/24 10.1.1.1\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Client access may be more finely tuned via the E<.Pa /root/.ssh/" "authorized_keys> file (see below) and the E<.Cm PermitRootLogin> server " "option. The following entry would permit connections on E<.Xr tun 4> device " "1 from user E<.Dq jane> and on tun device 2 from user E<.Dq john>, if E<.Cm " "PermitRootLogin> is set to E<.Dq forced-commands-only>:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "" "tunnel=\"1\",command=\"sh /etc/netstart tun1\" ssh-rsa ... jane\n" "tunnel=\"2\",command=\"sh /etc/netstart tun2\" ssh-rsa ... john\n" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Since an SSH-based setup entails a fair amount of overhead, it may be more " "suited to temporary setups, such as for wireless VPNs. More permanent VPNs " "are better provided by tools such as E<.Xr ipsecctl 8> and E<.Xr isakmpd 8>." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "ENVIRONMENT" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "E<.Nm> will normally set the following environment variables:" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ev DISPLAY" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The E<.Ev DISPLAY> variable indicates the location of the X11 server. It is " "automatically set by E<.Nm> to point to a value of the form E<.Dq hostname:" "n>, where E<.Dq hostname> indicates the host where the shell runs, and E<.Sq " "n> is an integer \\*(Ge 1. E<.Nm> uses this special value to forward X11 " "connections over the secure channel. The user should normally not set E<.Ev " "DISPLAY> explicitly, as that will render the X11 connection insecure (and " "will require the user to manually copy any required authorization cookies)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ev HOME" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Set to the path of the user's home directory." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ev LOGNAME" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Synonym for E<.Ev USER>; set for compatibility with systems that use this " "variable." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ev MAIL" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Set to the path of the user's mailbox." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ev PATH" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Set to the default E<.Ev PATH>, as specified when compiling E<.Nm>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ev SSH_ASKPASS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "If E<.Nm> needs a passphrase, it will read the passphrase from the current " "terminal if it was run from a terminal. If E<.Nm> does not have a terminal " "associated with it but E<.Ev DISPLAY> and E<.Ev SSH_ASKPASS> are set, it " "will execute the program specified by E<.Ev SSH_ASKPASS> and open an X11 " "window to read the passphrase. This is particularly useful when calling E<." "Nm> from a E<.Pa .xsession> or related script. (Note that on some machines " "it may be necessary to redirect the input from E<.Pa /dev/null> to make this " "work.)" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ev SSH_ASKPASS_REQUIRE" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Allows further control over the use of an askpass program. If this variable " "is set to E<.Dq never> then E<.Nm> will never attempt to use one. If it is " "set to E<.Dq prefer>, then E<.Nm> will prefer to use the askpass program " "instead of the TTY when requesting passwords. Finally, if the variable is " "set to E<.Dq force>, then the askpass program will be used for all " "passphrase input regardless of whether E<.Ev DISPLAY> is set." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ev SSH_AUTH_SOCK" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Identifies the path of a E<.Ux Ns -domain> socket used to communicate with " "the agent." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ev SSH_CONNECTION" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Identifies the client and server ends of the connection. The variable " "contains four space-separated values: client IP address, client port number, " "server IP address, and server port number." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ev SSH_ORIGINAL_COMMAND" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "This variable contains the original command line if a forced command is " "executed. It can be used to extract the original arguments." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ev SSH_TTY" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "This is set to the name of the tty (path to the device) associated with the " "current shell or command. If the current session has no tty, this variable " "is not set." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ev SSH_TUNNEL" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Optionally set by E<.Xr sshd 8> to contain the interface names assigned if " "tunnel forwarding was requested by the client." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ev SSH_USER_AUTH" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Optionally set by E<.Xr sshd 8>, this variable may contain a pathname to a " "file that lists the authentication methods successfully used when the " "session was established, including any public keys that were used." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ev TZ" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "This variable is set to indicate the present time zone if it was set when " "the daemon was started (i.e. the daemon passes the value on to new " "connections)." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Ev USER" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Set to the name of the user logging in." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Additionally, E<.Nm> reads E<.Pa ~/.ssh/environment>, and adds lines of the " "format E<.Dq VARNAME=value> to the environment if the file exists and users " "are allowed to change their environment. For more information, see the E<." "Cm PermitUserEnvironment> option in E<.Xr sshd_config 5>." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "FILES" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.rhosts" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "This file is used for host-based authentication (see above). On some " "machines this file may need to be world-readable if the user's home " "directory is on an NFS partition, because E<.Xr sshd 8> reads it as root. " "Additionally, this file must be owned by the user, and must not have write " "permissions for anyone else. The recommended permission for most machines " "is read/write for the user, and not accessible by others." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.shosts" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "This file is used in exactly the same way as E<.Pa .rhosts>, but allows host-" "based authentication without permitting login with rlogin/rsh." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "This directory is the default location for all user-specific configuration " "and authentication information. There is no general requirement to keep the " "entire contents of this directory secret, but the recommended permissions " "are read/write/execute for the user, and not accessible by others." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/authorized_keys" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used for " "logging in as this user. The format of this file is described in the E<.Xr " "sshd 8> manual page. This file is not highly sensitive, but the recommended " "permissions are read/write for the user, and not accessible by others." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/config" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron msgid "" "This is the per-user configuration file. The file format and configuration " "options are described in E<.Xr ssh_config 5>. Because of the potential for " "abuse, this file must have strict permissions: read/write for the user, and " "not writable by others." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/environment" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Contains additional definitions for environment variables; see E<.Sx " "ENVIRONMENT>, above." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/id_dsa" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/id_ecdsa" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/id_ecdsa_sk" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/id_ed25519" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/id_ed25519_sk" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/id_rsa" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Contains the private key for authentication. These files contain sensitive " "data and should be readable by the user but not accessible by others (read/" "write/execute). E<.Nm> will simply ignore a private key file if it is " "accessible by others. It is possible to specify a passphrase when " "generating the key which will be used to encrypt the sensitive part of this " "file using AES-128." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/id_dsa.pub" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/id_ecdsa.pub" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/id_ecdsa_sk.pub" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/id_ed25519.pub" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/id_ed25519_sk.pub" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/id_rsa.pub" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Contains the public key for authentication. These files are not sensitive " "and can (but need not) be readable by anyone." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/known_hosts" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Contains a list of host keys for all hosts the user has logged into that are " "not already in the systemwide list of known host keys. See E<.Xr sshd 8> " "for further details of the format of this file." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa ~/.ssh/rc" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Commands in this file are executed by E<.Nm> when the user logs in, just " "before the user's shell (or command) is started. See the E<.Xr sshd 8> " "manual page for more information." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa /etc/hosts.equiv" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "This file is for host-based authentication (see above). It should only be " "writable by root." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa /etc/ssh/shosts.equiv" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "This file is used in exactly the same way as E<.Pa hosts.equiv>, but allows " "host-based authentication without permitting login with rlogin/rsh." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa /etc/ssh/ssh_config" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Systemwide configuration file. The file format and configuration options " "are described in E<.Xr ssh_config 5>." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa /etc/ssh/ssh_host_key" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa /etc/ssh/ssh_host_dsa_key" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa /etc/ssh/ssh_host_ecdsa_key" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa /etc/ssh/ssh_host_ed25519_key" msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa /etc/ssh/ssh_host_rsa_key" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "These files contain the private parts of the host keys and are used for host-" "based authentication." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa /etc/ssh/ssh_known_hosts" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Systemwide list of known host keys. This file should be prepared by the " "system administrator to contain the public host keys of all machines in the " "organization. It should be world-readable. See E<.Xr sshd 8> for further " "details of the format of this file." msgstr "" #. type: It #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "Pa /etc/ssh/sshrc" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "EXIT STATUS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Nm> exits with the exit status of the remote command or with 255 if an " "error occurred." msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SEE ALSO" msgstr "" #. type: Plain text #: archlinux fedora-40 fedora-rawhide mageia-cauldron msgid "" "E<.Xr scp 1>, E<.Xr sftp 1>, E<.Xr ssh-add 1>, E<.Xr ssh-agent 1>, E<.Xr ssh-" "keygen 1>, E<.Xr ssh-keyscan 1>, E<.Xr tun 4>, E<.Xr ssh_config 5>, E<.Xr " "ssh-keysign 8>, E<.Xr sshd 8>" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "STANDARDS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Rs> E<.%A S. Lehtinen> E<.%A C. Lonvick> E<.%D January 2006> E<.%R RFC " "4250> E<.%T The Secure Shell (SSH) Protocol Assigned Numbers> E<.Re>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Rs> E<.%A T. Ylonen> E<.%A C. Lonvick> E<.%D January 2006> E<.%R RFC " "4251> E<.%T The Secure Shell (SSH) Protocol Architecture> E<.Re>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Rs> E<.%A T. Ylonen> E<.%A C. Lonvick> E<.%D January 2006> E<.%R RFC " "4252> E<.%T The Secure Shell (SSH) Authentication Protocol> E<.Re>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Rs> E<.%A T. Ylonen> E<.%A C. Lonvick> E<.%D January 2006> E<.%R RFC " "4253> E<.%T The Secure Shell (SSH) Transport Layer Protocol> E<.Re>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Rs> E<.%A T. Ylonen> E<.%A C. Lonvick> E<.%D January 2006> E<.%R RFC " "4254> E<.%T The Secure Shell (SSH) Connection Protocol> E<.Re>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Rs> E<.%A J. Schlyter> E<.%A W. Griffin> E<.%D January 2006> E<.%R RFC " "4255> E<.%T Using DNS to Securely Publish Secure Shell (SSH) Key " "Fingerprints> E<.Re>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Rs> E<.%A F. Cusack> E<.%A M. Forssen> E<.%D January 2006> E<.%R RFC " "4256> E<.%T Generic Message Exchange Authentication for the Secure Shell " "Protocol (SSH)> E<.Re>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Rs> E<.%A J. Galbraith> E<.%A P. Remaker> E<.%D January 2006> E<.%R RFC " "4335> E<.%T The Secure Shell (SSH) Session Channel Break Extension> E<.Re>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Rs> E<.%A M. Bellare> E<.%A T. Kohno> E<.%A C. Namprempre> E<.%D January " "2006> E<.%R RFC 4344> E<.%T The Secure Shell (SSH) Transport Layer " "Encryption Modes> E<.Re>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Rs> E<.%A B. Harris> E<.%D January 2006> E<.%R RFC 4345> E<.%T Improved " "Arcfour Modes for the Secure Shell (SSH) Transport Layer Protocol> E<.Re>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Rs> E<.%A M. Friedl> E<.%A N. Provos> E<.%A W. Simpson> E<.%D March 2006> " "E<.%R RFC 4419> E<.%T Diffie-Hellman Group Exchange for the Secure Shell " "(SSH) Transport Layer Protocol> E<.Re>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Rs> E<.%A J. Galbraith> E<.%A R. Thayer> E<.%D November 2006> E<.%R RFC " "4716> E<.%T The Secure Shell (SSH) Public Key File Format> E<.Re>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Rs> E<.%A D. Stebila> E<.%A J. Green> E<.%D December 2009> E<.%R RFC " "5656> E<.%T Elliptic Curve Algorithm Integration in the Secure Shell " "Transport Layer> E<.Re>" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "E<.Rs> E<.%A A. Perrig> E<.%A D. Song> E<.%D 1999> E<.%O International " "Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99)> E<.%T " "Hash Visualization: a New Technique to improve Real-World Security> E<.Re>" msgstr "" #. type: Sh #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "AUTHORS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu " "Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de " "Raadt and Dug Song removed many bugs, re-added newer features and created " "OpenSSH. Markus Friedl contributed the support for SSH protocol versions " "1.5 and 2.0." msgstr "" #. type: Dd #: debian-bookworm mageia-cauldron #, no-wrap msgid "$Mdocdate: November 28 2022 $" msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "E<.Nm ssh> E<.Op Fl 46AaCfGgKkMNnqsTtVvXxYy> E<.Op Fl B Ar bind_interface> " "E<.Op Fl b Ar bind_address> E<.Op Fl c Ar cipher_spec> E<.Op Fl D Oo Ar " "bind_address : Oc Ns Ar port> E<.Op Fl E Ar log_file> E<.Op Fl e Ar " "escape_char> E<.Op Fl F Ar configfile> E<.Op Fl I Ar pkcs11> E<.Op Fl i Ar " "identity_file> E<.Op Fl J Ar destination> E<.Op Fl L Ar address> E<.Op Fl l " "Ar login_name> E<.Op Fl m Ar mac_spec> E<.Op Fl O Ar ctl_cmd> E<.Op Fl o Ar " "option> E<.Op Fl p Ar port> E<.Op Fl Q Ar query_option> E<.Op Fl R Ar " "address> E<.Op Fl S Ar ctl_path> E<.Op Fl W Ar host : Ns Ar port> E<.Op Fl w " "Ar local_tun Ns Op : Ns Ar remote_tun> E<.Ar destination> E<.Op Ar command " "Op Ar argument ...>" msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "Connect to the target host by first making a E<.Nm> connection to the jump " "host described by E<.Ar destination> and then establishing a TCP forwarding " "to the ultimate destination from there. Multiple jump hops may be specified " "separated by comma characters. This is a shortcut to specify a E<.Cm " "ProxyJump> configuration directive. Note that configuration directives " "supplied on the command-line generally apply to the destination host and not " "any specified jump hosts. Use E<.Pa ~/.ssh/config> to specify configuration " "for jump hosts." msgstr "" #. type: It #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "GSSAPIKeyExchange" msgstr "" #. type: It #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "GSSAPIClientIdentity" msgstr "" #. type: It #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "GSSAPIKexAlgorithms" msgstr "" #. type: It #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "GSSAPIRenewalForcesRekey" msgstr "" #. type: It #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "GSSAPIServerIdentity" msgstr "" #. type: It #: debian-bookworm debian-unstable fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "GSSAPITrustDns" msgstr "" #. type: Plain text #: debian-bookworm mageia-cauldron msgid "" "Queries for the algorithms supported by one of the following features: E<.Ar " "cipher> (supported symmetric ciphers), E<.Ar cipher-auth> (supported " "symmetric ciphers that support authenticated encryption), E<.Ar help> " "(supported query terms for use with the E<.Fl Q> flag), E<.Ar mac> " "(supported message integrity codes), E<.Ar kex> (key exchange algorithms), " "E<.Ar kex-gss> (GSSAPI key exchange algorithms), E<.Ar key> (key types), E<." "Ar key-cert> (certificate key types), E<.Ar key-plain> (non-certificate key " "types), E<.Ar key-sig> (all key types and signature algorithms), E<.Ar " "protocol-version> (supported SSH protocol versions), and E<.Ar sig> " "(supported signature algorithms). Alternatively, any keyword from E<.Xr " "ssh_config 5> or E<.Xr sshd_config 5> that takes an algorithm list may be " "used as an alias for the corresponding query_option." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "(Debian-specific: X11 forwarding is not subjected to X11 SECURITY extension " "restrictions by default, because too many programs currently crash in this " "mode. Set the E<.Cm ForwardX11Trusted> option to E<.Dq no> to restore the " "upstream behaviour. This may change in future depending on client-side " "improvements.)" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "(Debian-specific: In the default configuration, this option is equivalent to " "E<.Fl X>, since E<.Cm ForwardX11Trusted> defaults to E<.Dq yes> as described " "above. Set the E<.Cm ForwardX11Trusted> option to E<.Dq no> to restore the " "upstream behaviour. This may change in future depending on client-side " "improvements.)" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "Public key authentication works as follows: The scheme is based on public-" "key cryptography, using cryptosystems where encryption and decryption are " "done using separate keys, and it is unfeasible to derive the decryption key " "from the encryption key. The idea is that each user creates a public/" "private key pair for authentication purposes. The server knows the public " "key, and only the user knows the private key. E<.Nm> implements public key " "authentication protocol automatically, using one of the DSA, ECDSA, Ed25519 " "or RSA algorithms. The HISTORY section of E<.Xr ssl 8> (on non-OpenBSD " "systems, see" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "http://www.openbsd.org/cgi\\-bin/man.cgi?query=ssl&sektion=8#HISTORY)" msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "contains a brief discussion of the DSA and RSA algorithms." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "This is the per-user configuration file. The file format and configuration " "options are described in E<.Xr ssh_config 5>. Because of the potential for " "abuse, this file must have strict permissions: read/write for the user, and " "not writable by others. It may be group-writable provided that the group in " "question contains only the user." msgstr "" #. type: Plain text #: debian-bookworm debian-unstable msgid "" "E<.Xr scp 1>, E<.Xr sftp 1>, E<.Xr ssh-add 1>, E<.Xr ssh-agent 1>, E<.Xr ssh-" "argv0 1>, E<.Xr ssh-keygen 1>, E<.Xr ssh-keyscan 1>, E<.Xr tun 4>, E<.Xr " "ssh_config 5>, E<.Xr ssh-keysign 8>, E<.Xr sshd 8>" msgstr "" #. type: Plain text #: debian-unstable fedora-40 fedora-rawhide msgid "" "Queries for the algorithms supported by one of the following features: E<.Ar " "cipher> (supported symmetric ciphers), E<.Ar cipher-auth> (supported " "symmetric ciphers that support authenticated encryption), E<.Ar help> " "(supported query terms for use with the E<.Fl Q> flag), E<.Ar mac> " "(supported message integrity codes), E<.Ar kex> (key exchange algorithms), " "E<.Ar kex-gss> (GSSAPI key exchange algorithms), E<.Ar key> (key types), E<." "Ar key-ca-sign> (valid CA signature algorithms for certificates), E<.Ar key-" "cert> (certificate key types), E<.Ar key-plain> (non-certificate key types), " "E<.Ar key-sig> (all key types and signature algorithms), E<.Ar protocol-" "version> (supported SSH protocol versions), and E<.Ar sig> (supported " "signature algorithms). Alternatively, any keyword from E<.Xr ssh_config 5> " "or E<.Xr sshd_config 5> that takes an algorithm list may be used as an alias " "for the corresponding query_option." msgstr "" #. type: It #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "BindInterface" msgstr "" #. type: It #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "EnableSSHKeysign" msgstr "" #. type: It #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "IgnoreUnknown" msgstr "" #. type: It #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "Include" msgstr "" #. type: It #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "LogVerbose" msgstr "" #. type: It #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "RevokedHostKeys" msgstr "" #. type: It #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "SecurityKeyProvider" msgstr "" #. type: It #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "SyslogFacility" msgstr "" #. type: Sh #: fedora-40 fedora-rawhide mageia-cauldron #, no-wrap msgid "IPV6" msgstr "" #. type: Plain text #: fedora-40 fedora-rawhide mageia-cauldron msgid "" "IPv6 address can be used everywhere where IPv4 address. In all entries must " "be the IPv6 address enclosed in square brackets. Note: The square brackets " "are metacharacters for the shell and must be escaped in shell." msgstr ""