ssh2 5.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322
  1. .TH SSH2 1
  2. .SH NAME
  3. ssh2, sshsession, rsa2ssh2 \- encrypted login and copy with foreign systems via SSHv2
  4. .SH SYNOPSIS
  5. .B ssh2
  6. [
  7. .B -adIiKkmrvx
  8. ] [
  9. .B -l
  10. .I user
  11. ] [
  12. .B -n
  13. .I dir
  14. ] [
  15. .B -z
  16. .I attribute=value
  17. ]
  18. system
  19. [
  20. .I cmd
  21. [
  22. .I args
  23. ] ]
  24. .PP
  25. .B aux/sshsession
  26. [
  27. .B -t
  28. ] [
  29. .B -n
  30. .I namespace
  31. ] [
  32. .B -R
  33. .I dir
  34. ] [
  35. .B -r
  36. .I dir
  37. ] [
  38. .B -s
  39. .I command
  40. ] [
  41. .B -S
  42. .I srvpt
  43. ]
  44. .PP
  45. .B rsa2ssh2
  46. [
  47. .I file
  48. ]
  49. .SH DESCRIPTION
  50. These programs collectively implement communication via SSH v2 over TCP.
  51. All of the encryption, authentication, and SSH protocol are handled by
  52. .IR ssh (4).
  53. .PP
  54. .I Ssh2
  55. dials a remote
  56. .I system
  57. and runs a shell (or some other command) there.
  58. .L "ssh2 root@hannibal"
  59. will result in a command prompt on the machine
  60. .B hannibal
  61. logged in as
  62. .BR root .
  63. If
  64. .I ssh2
  65. does not find an SSH server in
  66. .BR /net ,
  67. it runs
  68. .I netssh
  69. (see
  70. .IR ssh (4))
  71. to start one.
  72. .I Ssh2
  73. dials the remote SSH server and exchanges encryption keys with
  74. the server using Diffie-Hellman key exchange.
  75. .PP
  76. A
  77. .B clone
  78. file and
  79. .B connect
  80. message protocol
  81. similar to that of
  82. .IR ip (3)
  83. creates a session in the established connection.
  84. In the course of session creation,
  85. .I ssh2
  86. first attempts to authenticate the user with the server using
  87. public key authentication.
  88. If that fails, it prompts for a password, and attempts to
  89. authenticate with password authentication.
  90. It also passes across the value of the environment variable
  91. .B TERM
  92. as would be set if
  93. .I ssh2
  94. is run inside of
  95. .IR vt (1).
  96. .LP
  97. Per
  98. .IR con (1),
  99. typing a control-\e will result in a
  100. .B >>>
  101. prompt.
  102. There are currently only four commands that can be issued at that prompt:
  103. .B c
  104. to continue the session,
  105. .B h
  106. to print a list of the available commands,
  107. .B r
  108. to toggle the suppression of carriage returns, and
  109. .B q
  110. to close the session.
  111. .LP
  112. Options are:
  113. .TF "-i -
  114. .TP
  115. .B -a -v -x
  116. No-ops included for compatibility with
  117. .I scp
  118. (see
  119. .IR ssh1 (1)).
  120. .TP
  121. .B -d
  122. Increase the amount of debugging output.
  123. .TP
  124. .B -i -I
  125. Sets
  126. .I ssh2
  127. to interactive
  128. .RB ( -i )
  129. or non-interactive
  130. .RI ( -I )
  131. mode.
  132. This determines whether the user is prompted for a password
  133. if none is found in factotum.
  134. Without either of these options,
  135. .I ssh2
  136. uses interactive mode if run in a term window.
  137. .TP
  138. .B -k
  139. Skip the attempt to authenticate using public key authentication.
  140. .TP
  141. .B -K
  142. Don't fall back to password authentication.
  143. If the public key authentication fails,
  144. .I ssh2
  145. will exit.
  146. .TP
  147. .B -l
  148. Use
  149. .I user
  150. name on the remote system
  151. (deprecated).
  152. .TP
  153. .B -m
  154. Remove the special meaning of control-\e.
  155. This is needed by
  156. .I scp
  157. to prevent that character in files being copied from triggering the
  158. special command mode.
  159. .TP
  160. .B -n
  161. Specify the network directory of an alternate network to use.
  162. The default is
  163. .BR /net .
  164. .TP
  165. .B -r
  166. Strip carriage return characters coming from the remote system.
  167. This will normally be desired when running in a
  168. .IR rio (1)
  169. window or from within
  170. .IR win (1)
  171. in
  172. .IR acme (1).
  173. It is normally not used when running
  174. .I ssh2
  175. from within
  176. .IR vt (1).
  177. .TP
  178. .B -z
  179. Used to specify which of several possible keys to use.
  180. .PD
  181. .
  182. .SS "Server-side Daemon"
  183. .I Sshsession
  184. implements the server side of an SSH connection
  185. and is suitable for running by
  186. .IR listen (8)
  187. or
  188. .IR listen1 ;
  189. it is not normally run directly by the user.
  190. Like
  191. .IR ssh2 ,
  192. it does all of its SSH communication through
  193. .IR ssh (4).
  194. .I Sshsession
  195. starts a shell or a requested command when a remote
  196. system authenticates and requests a new connection and session.
  197. .LP
  198. A system-wide SSH listener can be run by creating a file
  199. .BR /rc/bin/service.auth/ssh22
  200. that invokes
  201. .IR sshsession :
  202. .IP
  203. .EX
  204. #!/bin/rc
  205. # ssh22
  206. exec aux/sshsession $3 >>/sys/log/sshdebug >[2=1]
  207. .EE
  208. .LP
  209. .ne 3
  210. then ensuring that
  211. .B /rc/bin/cpurc
  212. contains
  213. .IP
  214. .EX
  215. netssh -s ssh
  216. aux/listen -t /rc/bin/service.auth -d /rc/bin/service ssh
  217. .EE
  218. .LP
  219. When invoked with no options,
  220. .I sshsession
  221. runs as an SSH server.
  222. Options are:
  223. .TF -S
  224. .TP
  225. .B -n
  226. Use a
  227. .I namespace
  228. other than the default
  229. .B /lib/namespace
  230. when starting the shell or running the requested command.
  231. .TP
  232. .B -r
  233. Run the SSH session in
  234. .IR dir .
  235. .TP
  236. .B -R
  237. Like
  238. .B -r
  239. but also prevent any arguments, in the command to be executed,
  240. from accessing files outside this directory;
  241. primarily used to limit what
  242. .I scp
  243. can access.
  244. .TP
  245. .B -s
  246. Execute
  247. .I command
  248. instead of
  249. .BR /bin/rc .
  250. .TP
  251. .B -S
  252. Create
  253. .BI /srv/ srvpt
  254. if an SSH server is not already mounted in
  255. .BR /net .
  256. .TP
  257. .B -t
  258. Trust
  259. .I sshsession
  260. and run it in the same namespace as the
  261. .I listen
  262. that started it.
  263. .PD
  264. .LP
  265. A private SSH listener can be run by starting
  266. .I netssh
  267. (see
  268. .IR ssh (4))
  269. then running
  270. .IR listen1 :
  271. .IP
  272. .EX
  273. if (! test -e /net/ssh) netssh -s ssh
  274. aux/listen1 -t 'ssh!*!2222' aux/sshsession
  275. .EE
  276. .
  277. .SS Keys
  278. .I Rsa2ssh2
  279. converts an RSA key to one suitable for use with SSH v2 on Unix systems.
  280. The following command will extract the public part of the key and add it to the
  281. .B authorized_keys
  282. file on a remote Unix system:
  283. .IP
  284. .EX
  285. grep 'proto=rsa' /mnt/factotum/ctl | rsa2ssh2 |
  286. ssh2 user@unix 'cat >>.ssh/authorized_keys'
  287. .EE
  288. .SH FILES
  289. .TF /sys/lib/ssh/keyring
  290. .TP
  291. .B /sys/lib/ssh/keyring
  292. System-wide known host public keys.
  293. .TP
  294. .B $home/lib/keyring
  295. Per-user known host public keys.
  296. .TP
  297. .B /env/nosshkeyverify
  298. .SH SOURCE
  299. .B /sys/src/cmd/ssh2
  300. .SH "SEE ALSO"
  301. .IR con (1),
  302. .IR cpu (1),
  303. .IR secstore (1),
  304. .IR ssh1 (1),
  305. .IR vt (1),
  306. .IR factotum (4),
  307. .IR ssh (4),
  308. .IR listen (8),
  309. .br
  310. RFCs 4250, 4251, 4252, 4253, 4254, and 4419
  311. .SH BUGS
  312. .I Sshsession
  313. shouldn't have to run as the host owner and using
  314. .IR factotum (4)
  315. correctly would permit this.
  316. .PP
  317. The SSH v2 protocol is a classic second system:
  318. over-engineered,
  319. overly complicated,
  320. misdesigned
  321. and
  322. jammed full of pointless goodies.