Команда slogin
OpenSSH SSH client (remote login program).
ssh [-1246AaCfgkNnqsTtVvXxY] [-b bind_address] [-c cipher_spec] [-D port] [-e escape_char] [-F configfile] [-i identity_file] [-L port:host:hostport] [-l login_name] [-m mac_spec] [-o option] [-p port] [-R p_rt:host:hostport] [user@]hostname [command]
| -1 | Forces ssh to try protocol version 1 only. |
| -2 | Forces ssh to try protocol version 2 only. |
| -4 | Forces ssh to use IPv4 addresses only. |
| -6 | Forces ssh to use IPv6 addresses only. |
| -A | Enables forwarding of the authentication agent connection. This can also be specified on a per-host basis in a configuration file. Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the agent's Unix-domain socket) can access the local agent through the forwarded connection. An attacker cannot obtain key material from the agent, however they can perform operations on the keys that enable them to authenticate using the identities loaded into the agent. |
| -a | Disables forwarding of the authentication agent connection. |
| -b bind_address | Specify the interface to transmit from on machines with multiple interfaces or aliased addresses. |
| -C | Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and TCP/IP connections). The compression algorithm is the same used by gzip, and the ``level'' can be controlled by the CompressionLevel option for protocol version 1. Compression is desirable on modem lines and other slow connections, but will only slow down things on fast networks. The default value can be set on a host-by-host basis in the configuration files; see the Compression option. |
| -c blowfish | 3des | des | Selects the cipher to use for encrypting the session. 3des is used by default. It is believed to be secure. 3des (triple-des) is an encrypt-decrypt-encrypt triple with three different keys. blowfish is a fast block cipher; it appears very secure and is much faster than 3des. des is only supported in the ssh client for interoperability with legacy protocol 1 implementations that do not support the 3des cipher. Its use is strongly discouraged due to cryptographic weaknesses. |
| -c cipher_spec | Additionally, for protocol version 2 a comma-separated list of ciphers can be specified in order of preference. |
| -D port | Specifies a local ``dynamic'' application-level port forwarding. This works by allocating a socket to listen to port on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file. |
| -e ch | ^ch | none | Sets the escape character for sessions with a pty (default: '~'). The escape character is only recognized at the beginning of a line. The escape character followed by a dot ('.') closes the connection; followed by control-Z suspends the connection; and followed by itself sends the escape character once. Setting the character to ``none'' disables any escapes and makes the session fully transparent. |
| -F configfile | Specifies an alternative per-user configuration file. If a configuration file is given on the command line, the system-wide configuration file (/etc/ssh/ssh_config) will be ignored. The default for the per-user configuration file is $HOME/.ssh/config. |
| -f | Requests ssh to go to background just before command execution. This is useful if ssh is going to ask for passwords or passphrases, but the user wants it in the background. This implies -n. The recommended way to start X11 programs at a remote site is with something like ssh -f host xterm. |
| -g | Allows remote hosts to connect to local forwarded ports. |
| -I smartcard_device | Specifies which smartcard device to use. The argument is the device ssh should use to communicate with a smartcard used for storing the user's private RSA key. |
| -i identity_file | Selects a file from which the identity (private key) for RSA or DSA authentication is read. The default is $HOME/.ssh/identity for protocol version 1, and $HOME/.ssh/id_rsa and $HOME/.ssh/id_dsa for protocol version 2. Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). |
| -k | Disables forwarding (delegation) of GSSAPI credentials to the server. |
| -L port:host:hostport | Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. Only root can forward privileged ports. IPv6 addresses can be specified with an alternative syntax: port/host/hostport. |
| -l login_name | Specifies the user to log in as on the remote machine. This also may be specified on a per-host basis in the configuration file. |
| -m mac_spec | Additionally, for protocol version 2 a comma-separated list of MAC (message authentication code) algorithms can be specified in order of preference. See the MACs keyword for more information. |
| -N | Do not execute a remote command. This is useful for just forwarding ports (protocol version 2 only). |
| -n | Redirects stdin from /dev/null (actually, prevents reading from stdin). This must be used when ssh is run in the background. A common trick is to use this to run X11 programs on a remote machine. For example, ssh -n shadows.cs.hut.fi emacs & will start an emacs on shadows.cs.hut.fi, and the X11 connection will be automatically forwarded over an encrypted channel. The ssh program will be put in the background. (This does not work if ssh needs to ask for a password or passphrase; see also the -f option.) |
| -o option | an be used to give options in the format used in the configuration file. This is useful for specifying options for which there is no separate command-line flag. For full details of the options listed below, and their possible values, see ssh_config(5). AddressFamily |
| -p port | Port to connect to on the remote host. This can be specified on a per-host basis in the configuration file. |
| -q | Quiet mode. Causes all warning and diagnostic messages to be suppressed. Only fatal errors are displayed. If a second -q is given then even fatal errors are suppressed. |
| -R port:host:hostport | Specifies that the given port on the remote (server) host is to be forwarded to the given host and port on the local side. This works by allocating a socket to listen to port on the remote side, and whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the local machine. Port forwardings can also be specified in the configuration file. Privileged ports can be forwarded only when logging in as root on the remote machine. IPv6 addresses can be specified with an alternative syntax: port/host/hostport. |
| -s | May be used to request invocation of a subsystem on the remote system. Subsystems are a feature of the SSH2 protocol which facilitate the use of SSH as a secure transport for other applications (eg. sftp). The subsystem is specified as the remote command. |
| -T | Disable pseudo-tty allocation. |
| -t | Force pseudo-tty allocation. This can be used to execute arbitrary screen-based programs on a remote machine, which can be very useful, e.g., when implementing menu services. Multiple -t options force tty allocation, even if ssh has no local tty. |
| -V | Display the version number and exit. |
| -v | Verbose mode. Causes ssh to print debugging messages about its progress. This is helpful in debugging connection, authentication, and configuration problems. Multiple -v options increase the verbosity. The maximum is 3. |
| -X | Enables X11 forwarding. This can also be specified on a per-host basis in a configuration file. X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote |
| -x | Disables X11 forwarding. |
| -Y | Enables trusted X11 forwarding. |
CONFIGURATION FILES
ssh may additionally obtain configuration data from a per-user configuration file and a system-wide configuration file.
The file format and configuration options are described in ssh_config(5).
The supported escapes (assuming the default '~') are:
| ~. | Disconnect. |
| ~^Z | Background ssh. |
| ~# | List forwarded connections. |
| ~& | Background ssh at logout when waiting for forwarded connection / X11 sessions to terminate. |
| ~? | Display a list of escape characters. |
| ~B | Send a BREAK to the remote system (only useful for SSH protocol version 2 and if the peer supports it). |
| ~C | Open command line (only useful for adding port forwardings using the -L and -R options). |
| ~R | Request rekeying of the connection (only useful for SSH protocol version 2 and if the peer supports it). |
slogin shell.computerhope.com
The above example would do a secure login to the shell.computerhope.com computer. Below is an example of what would be seen during a slogin.
The authenticity of host 'shell.computerhope.com (204.228.150.3)' can't be established.
DSA key fingerprint is 58:1f:6d:32:7d:1e:2d:4c:8f:00:f7:14:02:f0:c5:ab.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'shell.computerhope.com,204.228.150.3' (DSA) to the list of known hosts.
Password:
Linux computerhope 2.4.30-grsec #4 SMP Mon Jun 13 19:38:13 MDT 2005 i686 GNU/Linux
Welcome to the computerhope shell server.
As can be seen in the above example the server provides you with a DSA fingerprint key and once verified that you wish to connect by typing "yes" is added to the known hosts. After providing the correct password you will be successfully logged in.