SYNOPSIS
ssh [-l login_name] hostname | user@hostname [command]
ssh [-afgknqstvxACNTX1246] [-b bind_address] [-c cipher_spec]
[-e escape_char] [-i identity_file] [-l login_name] [-m mac_spec]
[-o option] [-p port] [-F configfile] [-L port:host:hostport] [-R
port:host:hostport] [-D port] hostname | user@hostname [command]
DESCRIPTION
ssh (SSH client) is a program for logging into a remote machine and for
executing commands on a remote machine. It is intended to replace rlogin
and rsh, and provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and arbitrary
TCP/IP ports can also be forwarded over the secure channel.
ssh connects and logs into the specified hostname. The user must prove
his/her identity to the remote machine using one of several methods
depending on the protocol version used:
SSH protocol version 1
First, if the machine the user logs in from is listed in /etc/hosts.equiv
or /etc/ssh/shosts.equiv on the remote machine, and the user names are
the same on both sides, the user is immediately permitted to log in.
Second, if .rhosts or .shosts exists in the user’s home directory on the
remote machine and contains a line containing the name of the client
machine and the name of the user on that machine, the user is permitted
to log in. This form of authentication alone is normally not allowed by
the server because it is not secure.
The second authentication method is the rhosts or hosts.equiv method com-
bined with RSA-based host authentication. It means that if the login
would be permitted by $HOME/.rhosts, $HOME/.shosts, /etc/hosts.equiv, or
/etc/ssh/shosts.equiv, and if additionally the server can verify the
client’s host key (see /etc/ssh/ssh_known_hosts and
$HOME/.ssh/known_hosts in the FILES section), only then login is permit-
ted. This authentication method closes security holes due to IP spoof-
ing, DNS spoofing and routing spoofing. [Note to the administrator:
/etc/hosts.equiv, $HOME/.rhosts, and the rlogin/rsh protocol in general,
are inherently insecure and should be disabled if security is desired.]
As a third authentication method, ssh supports RSA based authentication.
