Ssh
connects to the ssh server at
addr
and executes a shell, command or ``subystem'' (internal program),
connecting the local standard input, output and error to those of
the program executed.
Only version 2 of the protocol is supported.
The
user
name to log in as is optional, it is used by RSA and DSA public
key authentication, to select keys from
factotum(4).
Ssh
asks
sshkeys
whether the host key sent by
addr
is acceptable.
Sshkeys serves the file
/chan/sshkeys
to which
ssh
writes requests consisting of four quoted strings:
address,
algorithm,
fingerprint
and
host key.
If the host key is acceptable, the write is returned with success, otherwise with an error.
Sshkeys
looks up the host key in
$home/lib/sshkeys,
prompting the user in case the address is new or the host key
conflicts with an existing entry. It can optionally update the
file with keys. If
sshkeys
is not running,
ssh
will read the $home/lib/sshkeys
file directly, only allowing the host key if an exact match is found.
Sshkeys
is normally started from
$home/lib/wmsetup.
If a pseudo terminal was allocated, i.e.
-t
or
-T
was specified,
ssh
reads events from the file
/dev/termctl,
as served by
novt(1).
Ssh
accepts the ``dimensions'' and ``break'' control messages, and forwards them in appropriate form to the ssh server.
- Options
-
- -d
- Print debugging messages. A second option prints even more.
- -t
- Request pseudo tty allocation from remote server. The terminal
type is set to ``ansi''.
- -T term
- Like
-t,
but sets the terminal type to
term.
- -A auth-methods
- Set the acceptable authentication methods. Must be a comma separated
list of methods, in order of preference. Supported methods:
publickey
and
password.
Default:
publickey,password.
- -e enc-algs
- Set comma separated, ordered list of acceptable encryption methods:
aes128-cbc,
aes192-cbc,
aes256-cbc,
arcfour,
aes128-ctr,
aes192-ctr,
aes256-ctr,
arcfour128,
arcfour256,
3des-cbc.
Default:
aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,arcfour128,arcfour256,arcfour,3des-cbc.
- -m mac-algs
- Set comma separated, ordered list of acceptable MAC algorithms:
hmac-sha1,
hmac-sha1-96,
hmac-md5,
hmac-md5-96.
Default:
hmac-sha1-96,hmac-sha1,hmac-md5,hmac-md5-96.
- -K kex-algs
- Set comma separated, ordered list of acceptable key exchange algorithms:
diffie-hellman-group1-sha1,
diffie-hellman-group14-sha1,
diffie-hellman-group-exchange-sha1,
Default:
diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1.
- -H hostkey-algs
- Set comma separated, ordered list of acceptable host key verification
algorithms:
ssh-dss,
ssh-rsa.
Default:
ssh-rsa,ssh-dss.
- -C compr-algs
- Set comma separated, ordered list of acceptable compression algorithms:
none.
Default:
none.
- -k keyspec
- Pass extra parameters
keyspec
to the requests to
factotum(4).
- -s
- Ask server to start a ``subsystem'' instead of a normal program.
The name of the subsystem to start is
cmd ,
so the second parameter must be present.
A commonly used subsystem is
sftp.