Commit 32aa144d authored by Damien Miller's avatar Damien Miller

Re-imported OpenBSD manpages

parent 34d0b614
.\" -*- nroff -*-
.\"
.\" scp.1
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\"
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\" All rights reserved
.\"
.\" Created: Sun May 7 00:14:37 1995 ylo
.\"
.\" $Id: scp.1,v 1.3 1999/10/28 23:15:49 damien Exp $
.\"
.Dd September 25, 1999
.Dt SCP 1
.Os
.Sh NAME
.Nm scp
.Nd secure copy (remote file copy program)
.Sh SYNOPSIS
.Nm scp
.Op Fl pqrvC
.Op Fl P Ar port
.Op Fl c Ar cipher
.Op Fl i Ar identity_file
.Sm off
.Oo
.Op Ar user@
.Ar host1 No :
.Oc Ns Ar file1
.Sm on
.Op Ar ...
.Sm off
.Oo
.Op Ar user@
.Ar host2 No :
.Oc Ar file2
.Sm on
.Sh DESCRIPTION
.Nm
copies files between hosts on a network. It uses
.Xr ssh 1
for data transfer, and uses the same authentication and provides the
same security as
.Xr ssh 1 .
Unlike
.Xr rcp 1 ,
.Nm
will ask for passwords or passphrases if they are needed for
authentication.
.Pp
Any file name may contain a host and user specification to indicate
that the file is to be copied to/from that host. Copies between two
remote hosts are permitted.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl c Ar cipher
Selects the cipher to use for encrypting the data transfer. This
option is directly passed to
.Xr ssh 1 .
.It Fl i Ar identity_file
Selects the file from which the identity (private key) for RSA
authentication is read. This option is directly passed to
.Xr ssh 1 .
.It Fl p
Preserves modification times, access times, and modes from the
original file.
.It Fl r
Recursively copy entire directories.
.It Fl v
Verbose mode. Causes
.Nm
and
.Xr ssh 1
to print debugging messages about their progress. This is helpful in
debugging connection, authentication, and configuration problems.
.It Fl B
Selects batch mode (prevents asking for passwords or passphrases).
.It Fl q
Disables the progress meter.
.It Fl C
Compression enable. Passes the
.Fl C
flag to
.Xr ssh 1
to enable compression.
.It Fl P Ar port
Specifies the port to connect to on the remote host. Note that this
option is written with a capital
.Sq P ,
because
.Fl p
is already reserved for preserving the times and modes of the file in
.Xr rcp 1 .
.Sh AUTHORS
Timo Rinne <tri@iki.fi> and Tatu Ylonen <ylo@cs.hut.fi>
.Sh HISTORY
.Nm
is based on the
.Xr rcp 1
program in BSD source code from the Regents of the University of
California.
.Sh SEE ALSO
.Xr rcp 1 ,
.Xr ssh 1 ,
.Xr ssh-add 1 ,
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
.Xr sshd 8
.\" -*- nroff -*-
.\"
.\" ssh-add.1
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\"
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\" All rights reserved
.\"
.\" Created: Sat Apr 22 23:55:14 1995 ylo
.\"
.\" $Id: ssh-add.1,v 1.3 1999/10/28 23:15:49 damien Exp $
.\"
.Dd September 25, 1999
.Dt SSH-ADD 1
.Os
.Sh NAME
.Nm ssh-add
.Nd adds identities for the authentication agent
.Sh SYNOPSIS
.Nm ssh-add
.Op Fl ldD
.Op Ar
.Sh DESCRIPTION
.Nm
adds identities to the authentication agent,
.Xr ssh-agent 1 .
When run without arguments, it adds the file
.Pa $HOME/.ssh/identity .
Alternative file names can be given on the
command line. If any file requires a passphrase,
.Nm
asks for the passphrase from the user.
The Passphrase it is read from the user's tty.
.Pp
The authentication agent must be running and must be an ancestor of
the current process for
.Nm
to work.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl l
Lists all identities currently represented by the agent.
.It Fl d
Instead of adding the identity, removes the identity from the agent.
.It Fl D
Deletes all identities from the agent.
.El
.Sh FILES
.Bl -tag -width Ds
.Pa $HOME/.ssh/identity
Contains the RSA authentication identity of the user. This file
should not be readable by anyone but the user.
Note that
.Nm
ignores this file if it is accessible by others.
It is possible to
specify a passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file. This is the
default file added by
.Nm
when no other files have been specified.
.Pp
If
.Nm
needs a passphrase, it will read the passphrase from the current
terminal if it was run from a terminal. If
.Nm
does not have a terminal associated with it but
.Ev DISPLAY
is set, it
will open an X11 window to read the passphrase. This is particularly
useful when calling
.Nm
from a
.Pa .Xsession
or related script. (Note that on some machines it
may be necessary to redirect the input from
.Pa /dev/null
to make this work.)
.Sh AUTHOR
Tatu Ylonen <ylo@cs.hut.fi>
.Pp
OpenSSH
is a derivative of the original (free) ssh 1.2.12 release, but with bugs
removed and newer features re-added. Rapidly after the 1.2.12 release,
newer versions bore successively more restrictive licenses. This version
of OpenSSH
.Bl -bullet
.It
has all components of a restrictive nature (ie. patents, see
.Xr ssl 8 )
directly removed from the source code; any licensed or patented components
are chosen from
external libraries.
.It
has been updated to support ssh protocol 1.5.
.It
contains added support for
.Xr kerberos 8
authentication and ticket passing.
.It
supports one-time password authentication with
.Xr skey 1 .
.El
.Pp
The libraries described in
.Xr ssl 8
are required for proper operation.
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-agent 1 ,
.Xr ssh-keygen 1 ,
.Xr sshd 8 ,
.Xr ssl 8
.\" $OpenBSD: ssh-agent.1,v 1.7 1999/10/28 08:43:10 markus Exp $
.\"
.\" -*- nroff -*-
.\"
.\" ssh-agent.1
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
pp.\"
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\" All rights reserved
.\"
.\" Created: Sat Apr 23 20:10:43 1995 ylo
.\"
.Dd September 25, 1999
.Dt SSH-AGENT 1
.Os
.Sh NAME
.Nm ssh-agent
.Nd authentication agent
.Sh SYNOPSIS
.Nm ssh-agent
.Op Fl c Li | Fl s
.Op Fl k
.Oo
.Ar command
.Op Ar args ...
.Oc
.Sh DESCRIPTION
.Nm
is a program to hold authentication private keys. The
idea is that
.Nm
is started in the beginning of an X-session or a login session, and
all other windows or programs are started as clients to the ssh-agent
program. Through use of environment variables the agent can be located
and automatically used for RSA authentication when logging in to other
machines using
.Xr ssh 1 .
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl c
Generate C-shell commands on
.Dv stdout .
This is the default if
.Ev SHELL
looks like it's a csh style of shell.
.It Fl s
Generate Bourne shell commands on
.Dv stdout .
This is the default if
.Ev SHELL
does not look like it's a csh style of shell.
.It Fl k
Kill the current agent (given by the
.Ev SSH_AGENT_PID
environment variable).
.El
.Pp
If a commandline is given, this is executed as a subprocess of the agent.
When the command dies, so does the agent.
.Pp
The agent initially does not have any private keys. Keys are added
using
.Xr ssh-add 1 .
When executed without arguments,
.Xr ssh-add 1
adds the
.Pa $HOME/.ssh/identity
file. If the identity has a passphrase,
.Xr ssh-add 1
asks for the passphrase (using a small X11 application if running
under X11, or from the terminal if running without X). It then sends
the identity to the agent. Several identities can be stored in the
agent; the agent can automatically use any of these identities.
.Ic ssh-add -l
displays the identities currently held by the agent.
.Pp
The idea is that the agent is run in the user's local PC, laptop, or
terminal. Authentication data need not be stored on any other
machine, and authentication passphrases never go over the network.
However, the connection to the agent is forwarded over SSH
remote logins, and the user can thus use the privileges given by the
identities anywhere in the network in a secure way.
.Pp
There are two main ways to get an agent setup: Either you let the agent
start a new subcommand into which some environment variables are exported, or
you let the agent print the needed shell commands (either
.Xr sh 1
or
.Xr csh 1
syntax can be generated) which can be evalled in the calling shell.
Later
.Xr ssh 1
look at these variables and use them to establish a connection to the agent.
.Pp
A unix-domain socket is created
.Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> ,
and the name of this socket is stored in the
.Ev SSH_AUTH_SOCK
environment
variable. The socket is made accessible only to the current user.
This method is easily abused by root or another instance of the same
user.
.Pp
The
.Ev SSH_AGENT_PID
environment variable holds the agent's PID.
.Pp
The agent exits automatically when the command given on the command
line terminates.
.Sh FILES
.Bl -tag -width Ds
.It Pa $HOME/.ssh/identity
Contains the RSA authentication identity of the user. This file
should not be readable by anyone but the user. It is possible to
specify a passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file. This file
is not used by
.Nm
but is normally added to the agent using
.Xr ssh-add 1
at login time.
.It Pa /tmp/ssh-XXXX/agent.<pid> ,
Unix-domain sockets used to contain the connection to the
authentication agent. These sockets should only be readable by the
owner. The sockets should get automatically removed when the agent
exits.
.Sh AUTHOR
Tatu Ylonen <ylo@cs.hut.fi>
.Pp
OpenSSH
is a derivative of the original (free) ssh 1.2.12 release, but with bugs
removed and newer features re-added. Rapidly after the 1.2.12 release,
newer versions bore successively more restrictive licenses. This version
of OpenSSH
.Bl -bullet
.It
has all components of a restrictive nature (ie. patents, see
.Xr ssl 8 )
directly removed from the source code; any licensed or patented components
are chosen from
external libraries.
.It
has been updated to support ssh protocol 1.5.
.It
contains added support for
.Xr kerberos 8
authentication and ticket passing.
.It
supports one-time password authentication with
.Xr skey 1 .
.El
.Pp
The libraries described in
.Xr ssl 8
are required for proper operation.
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-add 1 ,
.Xr ssh-keygen 1 ,
.Xr sshd 8 ,
.Xr ssl 8
.\" -*- nroff -*-
.\"
.\" ssh-keygen.1
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\"
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\" All rights reserved
.\"
.\" Created: Sat Apr 22 23:55:14 1995 ylo
.\"
.\" $Id: ssh-keygen.1,v 1.3 1999/10/28 23:15:49 damien Exp $
.\"
.Dd September 25, 1999
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
.Nm ssh-keygen
.Nd authentication key generation
.Sh SYNOPSIS
.Nm ssh-keygen
.Op Fl q
.Op Fl b Ar bits
.Op Fl N Ar new_passphrase
.Op Fl C Ar comment
.Nm ssh-keygen
.Fl p
.Op Fl P Ar old_passphrase
.Op Fl N Ar new_passphrase
.Nm ssh-keygen
.Fl c
.Op Fl P Ar passphrase
.Op Fl C Ar comment
.Sh DESCRIPTION
.Nm
generates and manages authentication keys for
.Xr ssh 1 .
Normally each user wishing to use SSH
with RSA authentication runs this once to create the authentication
key in
.Pa $HOME/.ssh/identity .
Additionally, the system administrator may use this to generate host keys.
.Pp
Normally this program generates the key and asks for a file in which
to store the private key. The public key is stored in a file with the
same name but
.Dq .pub
appended. The program also asks for a
passphrase. The passphrase may be empty to indicate no passphrase
(host keys must have empty passphrase), or it may be a string of
arbitrary length. Good passphrases are 10-30 characters long and are
not simple sentences or otherwise easily guessable (English
prose has only 1-2 bits of entropy per word, and provides very bad
passphrases). The passphrase can be changed later by using the
.Fl p
option.
.Pp
There is no way to recover a lost passphrase. If the passphrase is
lost or forgotten, you will have to generate a new key and copy the
corresponding public key to other machines.
.Pp
There is also a comment field in the key file that is only for
convenience to the user to help identify the key. The comment can
tell what the key is for, or whatever is useful. The comment is
initialized to
.Dq user@host
when the key is created, but can be changed using the
.Fl c
option.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl b Ar bits
Specifies the number of bits in the key to create. Minimum is 512
bits. Generally 1024 bits is considered sufficient, and key sizes
above that no longer improve security but make things slower. The
default is 1024 bits.
.It Fl c
Requests changing the comment in the private and public key files.
The program will prompt for the file containing the private keys, for
passphrase if the key has one, and for the new comment.
.It Fl p
Requests changing the passphrase of a private key file instead of
creating a new private key. The program will prompt for the file
containing the private key, for the old passphrase, and twice for the
new passphrase.
.It Fl q
Silence
.Nm ssh-keygen .
Used by
.Pa /etc/rc
when creating a new key.
.It Fl C Ar comment
Provides the new comment.
.It Fl N Ar new_passphrase
Provides the new passphrase.
.It Fl P Ar passphrase
Provides the (old) passphrase.
.El
.Sh FILES
.Bl -tag -width Ds
.It Pa $HOME/.ssh/random_seed
Used for seeding the random number generator. This file should not be
readable by anyone but the user. This file is created the first time
the program is run, and is updated every time.
.It Pa $HOME/.ssh/identity
Contains the RSA authentication identity of the user. This file
should not be readable by anyone but the user. It is possible to
specify a passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file using 3DES. This file
is not automatically accessed by
.Nm
but it is offered as the default file for the private key.
.It Pa $HOME/.ssh/identity.pub
Contains the public key for authentication. The contents of this file
should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
where you wish to log in using RSA authentication. There is no
need to keep the contents of this file secret.
.Sh AUTHOR
Tatu Ylonen <ylo@cs.hut.fi>
.Pp
OpenSSH
is a derivative of the original (free) ssh 1.2.12 release, but with bugs
removed and newer features re-added. Rapidly after the 1.2.12 release,
newer versions bore successively more restrictive licenses. This version
of OpenSSH
.Bl -bullet
.It
has all components of a restrictive nature (ie. patents, see
.Xr ssl 8 )
directly removed from the source code; any licensed or patented components
are chosen from
external libraries.
.It
has been updated to support ssh protocol 1.5.
.It
contains added support for
.Xr kerberos 8
authentication and ticket passing.
.It
supports one-time password authentication with
.Xr skey 1 .
.El
.Pp
The libraries described in
.Xr ssl 8
are required for proper operation.
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-add 1 ,
.Xr ssh-agent 1,
.Xr sshd 8 ,
.Xr ssl 8
This diff is collapsed.
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment