-->
Previous | Table of Contents | Next |
ssh (short for secure shell), like the rsh command, is a program for logging into a remote machine and executing commands on that remote machine. ssh is designed to replace both rsh and rlogin by providing the ability to define an encrypted session between two untrusted systems over an insecure network. One problem with telnet is that, when you log in to the remote system, the password is sent as ASCII over the network. By watching the Ethernet packets, someone could collect your login name and password for the remote system. ssh prevents this from happening by using RSA-based authentication. Because of its security, ssh is commonly used by system administrators today. ssh clients are available for other operating systems, including Macintosh and Windows.
The ssh command is very similar to the telnet command because it allows you to start an interactive command session on a remote system. The syntax of ssh is as follows:
ssh [-a] [-c idea|blowfish|des|3des|arcfour|tss|none] [-e escape_char] [-I identity_file] [-l login-name] [-n] [-k] [-V] [=o option] [-p port] [-q] [-P] [-t] [-v] [-x] [-C] [-L porthost:hostport] [-R port:host:hostport] hostname [command]
However, the most common usage is this:
ssh hostname
Table 30.4 explains the various options for ssh.
Option | Description |
---|---|
-a | Disables forwarding of the authentication agent. |
-c | Selects the cipher to use for encrypting the session. Idea is the default, arcfour is the fastest, and none is the equivalent of using rlogin or rsh (no encryption). |
-e | Sets the escape character for the session. |
-f | Sets ssh in the background after authentication and forwardings are established. |
-i | Selects the identity file from which the private key for RSA authentication is read. |
-k | Disables forwarding of Kerberos tickets. |
-l | Sets the login name for use to the remote machine. |
-n | Redirects stdin from /dev/nulls used when ssh runs in the background. |
-o | Used for user-defined options following the format in the configuration file. |
-p | Sets the port to connect to on the remote host. |
-q | Activates quiet mode, which suppresses all messages except fatal errors. |
-P | Uses a nonprivileged port. |
-t | Forces pseudo-tty allocation. |
-v | Activates verbose mode (useful for debugging). |
-x | Disables X11 forwarding. |
-C | Requests compression of all data. |
-L | Specifies the local port to forward to the designated remote host and port. |
-R | Specifies the remote port to be forwarded to the local host and designated port. |
You can find more information about the Internet in the following chapters:
Previous | Table of Contents | Next |