OpenSSH: Manual Pages (original) (raw)

Web manual pages are available from OpenBSD for the following commands. These manual pages reflect the latest development release of OpenSSH.

• ssh(1) — The basic rlogin/rsh-like client program
• sshd(8) — The daemon that permits you to log in
• ssh_config(5) — The client configuration file
• sshd_config(5) — The daemon configuration file
• ssh-agent(1) — An authentication agent that can store private keys
• ssh-add(1) — Tool which adds keys to in the above agent
• sftp(1) — FTP-like program that works over SSH1 and SSH2 protocol
• scp(1) — File copy program that acts like rcp
• ssh-keygen(1) — Key generation tool
• sftp-server(8) — SFTP server subsystem (started automatically by sshd)
• ssh-keyscan(1) — Utility for gathering public host keys from a number of hosts
• ssh-keysign(8) — Helper program for host-based authentication

The SSH2 protocol implemented in OpenSSH is standardized by the IETFsecshworking group and is specified in several RFCs and drafts. The overall structure of SSH2 is described in thearchitecture RFC. It is composed of three layered components:

• Thetransport layerprovides algorithm negotiation and a key exchange. The key exchange includes server authentication and results in a cryptographically secured connection: it provides integrity, confidentiality and optional compression.
• Theuser authentication layeruses the established connection and relies on the services provided by the transport layer. It provides several mechanisms for user authentication. These include traditional password authentication as well as public-key or host-based authentication mechanisms.
• Theconnection layermultiplexes many different concurrent channels over the authenticated connection and allows tunneling of login sessions and TCP-forwarding. It provides a flow control service for these channels. Additionally, various channel-specific options can be negotiated.

Additional documents specify:

• Theinteractive authenticationRFC provides support for new authentication schemes like S/Key or TIS authentication.
• The SFTP file transfer protocol is specified in thefilexfer draft. OpenSSH implements a SFTPclient andserver.
• A file format for public keys is specified in thepublickeyfile draft. The commandssh-keygen(1) can be used to convert an OpenSSH public key to this file format.
• TheDiffie-Hellman Group Exchange allows clients to request more secure groups for the Diffie-Hellman key exchange.
• OpenSSH implemented a compression method "zlib@openssh.com" that delays starting compression until after user authentication, to eliminate the risk of pre-authentication attacks against the compression code. It is described indraft-miller-secsh-compression-delayed-00.txt.
• OpenSSH implements an additional MAC (Message Authentication Code) "umac-64@openssh.com", which has superior performance to the ones specified in RFC 4253. It is described indraft-miller-secsh-umac-01.txt.
• The authentication agent protocol used byssh-agent is documented in thePROTOCOL.agent file.
• OpenSSH makes various other minor extensions to and divergences from the standard SSH protocols. These are documented in thePROTOCOL file.