summaryrefslogtreecommitdiffstats
path: root/ssh.0
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-26 07:43:00 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-08-26 07:43:00 +0000
commitf74e883352a52dd3ed454627dc159aa65f98d7f3 (patch)
treeef77b7637e7135f0f61cad9ae9923215ed60066b /ssh.0
parentAdding debian version 1:9.7p1-7. (diff)
downloadopenssh-f74e883352a52dd3ed454627dc159aa65f98d7f3.tar.xz
openssh-f74e883352a52dd3ed454627dc159aa65f98d7f3.zip
Merging upstream version 1:9.8p1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ssh.0')
-rw-r--r--ssh.072
1 files changed, 34 insertions, 38 deletions
diff --git a/ssh.0 b/ssh.0
index f2c32af..78863b1 100644
--- a/ssh.0
+++ b/ssh.0
@@ -145,25 +145,26 @@ DESCRIPTION
file to use the corresponding private key that is loaded in
ssh-agent(1) when the private key file is not present locally.
The default is ~/.ssh/id_rsa, ~/.ssh/id_ecdsa,
- ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, ~/.ssh/id_ed25519_sk and
- ~/.ssh/id_dsa. Identity files may also be specified on a per-
- host basis in the configuration file. It is possible to have
- multiple -i options (and multiple identities specified in
- configuration files). If no certificates have been explicitly
- specified by the CertificateFile directive, ssh will also try to
- load certificate information from the filename obtained by
- appending -cert.pub to identity filenames.
+ ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519 and ~/.ssh/id_ed25519_sk.
+ Identity files may also be specified on a per-host basis in the
+ configuration file. It is possible to have multiple -i options
+ (and multiple identities specified in configuration files). If
+ no certificates have been explicitly specified by the
+ CertificateFile directive, ssh will also try to load certificate
+ information from the filename obtained by appending -cert.pub to
+ identity filenames.
-J destination
Connect to the target host by first making an ssh connection to
the jump host described by destination and then establishing a
TCP forwarding to the ultimate destination from there. Multiple
- jump hops may be specified separated by comma characters. This
- is a shortcut to specify a ProxyJump configuration directive.
- Note that configuration directives supplied on the command-line
- generally apply to the destination host and not any specified
- jump hosts. Use ~/.ssh/config to specify configuration for jump
- hosts.
+ jump hops may be specified separated by comma characters. IPv6
+ addresses can be specified by enclosing the address in square
+ brackets. This is a shortcut to specify a ProxyJump
+ configuration directive. Note that configuration directives
+ supplied on the command-line generally apply to the destination
+ host and not any specified jump hosts. Use ~/.ssh/config to
+ specify configuration for jump hosts.
-K Enables GSSAPI-based authentication and forwarding (delegation)
of GSSAPI credentials to the server.
@@ -501,8 +502,7 @@ AUTHENTICATION
creates a public/private key pair for authentication purposes. The
server knows the public key, and only the user knows the private key.
ssh implements public key authentication protocol automatically, using
- one of the DSA, ECDSA, Ed25519 or RSA algorithms. The HISTORY section of
- ssl(8) contains a brief discussion of the DSA and RSA algorithms.
+ one of the ECDSA, Ed25519 or RSA algorithms.
The file ~/.ssh/authorized_keys lists the public keys that are permitted
for logging in. When the user logs in, the ssh program tells the server
@@ -516,18 +516,18 @@ AUTHENTICATION
DEBUG or higher (e.g. by using the -v flag).
The user creates their key pair by running ssh-keygen(1). This stores
- the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA),
- ~/.ssh/id_ecdsa_sk (authenticator-hosted ECDSA), ~/.ssh/id_ed25519
- (Ed25519), ~/.ssh/id_ed25519_sk (authenticator-hosted Ed25519), or
- ~/.ssh/id_rsa (RSA) and stores the public key in ~/.ssh/id_dsa.pub (DSA),
- ~/.ssh/id_ecdsa.pub (ECDSA), ~/.ssh/id_ecdsa_sk.pub (authenticator-hosted
- ECDSA), ~/.ssh/id_ed25519.pub (Ed25519), ~/.ssh/id_ed25519_sk.pub
- (authenticator-hosted Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's
- home directory. The user should then copy the public key to
- ~/.ssh/authorized_keys in their home directory on the remote machine.
- The authorized_keys file corresponds to the conventional ~/.rhosts file,
- and has one key per line, though the lines can be very long. After this,
- the user can log in without giving the password.
+ the private key in ~/.ssh/id_ecdsa (ECDSA), ~/.ssh/id_ecdsa_sk
+ (authenticator-hosted ECDSA), ~/.ssh/id_ed25519 (Ed25519),
+ ~/.ssh/id_ed25519_sk (authenticator-hosted Ed25519), or ~/.ssh/id_rsa
+ (RSA) and stores the public key in ~/.ssh/id_ecdsa.pub (ECDSA),
+ ~/.ssh/id_ecdsa_sk.pub (authenticator-hosted ECDSA),
+ ~/.ssh/id_ed25519.pub (Ed25519), ~/.ssh/id_ed25519_sk.pub (authenticator-
+ hosted Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's home directory.
+ The user should then copy the public key to ~/.ssh/authorized_keys in
+ their home directory on the remote machine. The authorized_keys file
+ corresponds to the conventional ~/.rhosts file, and has one key per line,
+ though the lines can be very long. After this, the user can log in
+ without giving the password.
A variation on public key authentication is available in the form of
certificate authentication: instead of a set of public/private keys,
@@ -879,11 +879,11 @@ FILES
for the user, and not accessible by others.
~/.ssh/authorized_keys
- Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
- for logging in as this user. The format of this file is
- described in the sshd(8) manual page. This file is not highly
- sensitive, but the recommended permissions are read/write for the
- user, and not accessible by others.
+ Lists the public keys (ECDSA, Ed25519, RSA) that can be used for
+ logging in as this user. The format of this file is described in
+ the sshd(8) manual page. This file is not highly sensitive, but
+ the recommended permissions are read/write for the user, and not
+ accessible by others.
~/.ssh/config
This is the per-user configuration file. The file format and
@@ -895,7 +895,6 @@ FILES
Contains additional definitions for environment variables; see
ENVIRONMENT, above.
- ~/.ssh/id_dsa
~/.ssh/id_ecdsa
~/.ssh/id_ecdsa_sk
~/.ssh/id_ed25519
@@ -909,7 +908,6 @@ FILES
will be used to encrypt the sensitive part of this file using
AES-128.
- ~/.ssh/id_dsa.pub
~/.ssh/id_ecdsa.pub
~/.ssh/id_ecdsa_sk.pub
~/.ssh/id_ed25519.pub
@@ -942,8 +940,6 @@ FILES
Systemwide configuration file. The file format and configuration
options are described in ssh_config(5).
- /etc/ssh/ssh_host_key
- /etc/ssh/ssh_host_dsa_key
/etc/ssh/ssh_host_ecdsa_key
/etc/ssh/ssh_host_ed25519_key
/etc/ssh/ssh_host_rsa_key
@@ -1020,4 +1016,4 @@ AUTHORS
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 7.5 October 11, 2023 OpenBSD 7.5
+OpenBSD 7.5 June 27, 2024 OpenBSD 7.5