ssh.0

OpenSSL Source code for SFTP, SSH, and many others

             normally not set DISPLAY explicitly, as that will render the X11
             connection insecure (and will require the user to manually copy
             any required authorization cookies).

     HOME    Set to the path of the user's home directory.

     LOGNAME
             Synonym for USER; set for compatibility with systems that use
             this variable.

     MAIL    Set to the path of the user's mailbox.

     PATH    Set to the default PATH, as specified when compiling ssh.

     SSH_ASKPASS
             If ssh needs a passphrase, it will read the passphrase from the
             current terminal if it was run from a terminal.  If ssh does not
             have a terminal associated with it but DISPLAY and SSH_ASKPASS
             are set, it will execute the program specified by SSH_ASKPASS and
             open an X11 window to read the passphrase.  This is particularly
             useful when calling ssh from a .Xsession or related script.
             (Note that on some machines it may be necessary to redirect the
             input from /dev/null to make this work.)

     SSH_AUTH_SOCK
             Identifies the path of a unix-domain socket used to communicate
             with the agent.

     SSH_CLIENT
             Identifies the client end of the connection.  The variable conM--
             tains three space-separated values: client ip-address, client
             port number, and server port number.

     SSH_ORIGINAL_COMMAND
             The variable contains the original command line if a forced comM--
             mand is executed.  It can be used to extract the original arguM--
             ments.

     SSH_TTY
             This is set to the name of the tty (path to the device) associM--
             ated with the current shell or command.  If the current session
             has no tty, this variable is not set.

     TZ      The timezone variable is set to indicate the present timezone if
             it was set when the daemon was started (i.e., the daemon passes
             the value on to new connections).

     USER    Set to the name of the user logging in.

     Additionally, ssh reads $HOME/.ssh/environment, and adds lines of the
     format ``VARNAME=value'' to the environment.

FILES
     $HOME/.ssh/known_hosts
             Records host keys for all hosts the user has logged into that are
             not in /etc/ssh/ssh_known_hosts.  See sshd(8).

     $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa
             Contains the authentication identity of the user.  They are for
             protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively.
             These files contain sensitive data and should be readable by the
             user but not accessible by others (read/write/execute).  Note
             that ssh ignores a private key file if it is accessible by othM--
             ers.  It is possible to specify a passphrase when generating the
             key; the passphrase will be used to encrypt the sensitive part of
             this file using 3DES.

     $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub
             Contains the public key for authentication (public part of the
             identity file in human-readable form).  The contents of the
             $HOME/.ssh/identity.pub file should be added to
             $HOME/.ssh/authorized_keys on all machines where the user wishes
             to log in using protocol version 1 RSA authentication.  The conM--
             tents of the $HOME/.ssh/id_dsa.pub and $HOME/.ssh/id_rsa.pub file
             should be added to $HOME/.ssh/authorized_keys on all machines
             where the user wishes to log in using protocol version 2 DSA/RSA
             authentication.  These files are not sensitive and can (but need
             not) be readable by anyone.  These files are never used automatiM--
             cally and are not necessary; they are only provided for the conM--
             venience of the user.

     $HOME/.ssh/config
             This is the per-user configuration file.  The file format and
             configuration options are described in ssh_config(5).

     $HOME/.ssh/authorized_keys
             Lists the public keys (RSA/DSA) that can be used for logging in
             as this user.  The format of this file is described in the
             sshd(8) manual page.  In the simplest form the format is the same
             as the .pub identity files.  This file is not highly sensitive,
             but the recommended permissions are read/write for the user, and
             not accessible by others.

     /etc/ssh/ssh_known_hosts
             Systemwide list of known host keys.  This file should be prepared
             by the system administrator to contain the public host keys of
             all machines in the organization.  This file should be world-
             readable.  This file contains public keys, one per line, in the
             following format (fields separated by spaces): system name, pubM--
             lic key and optional comment field.  When different names are
             used for the same machine, all such names should be listed, sepaM--
             rated by commas.  The format is described on the sshd(8) manual
             page.

             The canonical system name (as returned by name servers) is used
             by sshd(8) to verify the client host when logging in; other names
             are needed because ssh does not convert the user-supplied name to
             a canonical name before checking the key, because someone with
             access to the name servers would then be able to fool host
             authentication.

     /etc/ssh/ssh_config
             Systemwide configuration file.  The file format and configuration
             options are described in ssh_config(5).

     /etc/ssh/ssh_host_key, /etc/ssh/ssh_host_dsa_key,
             /etc/ssh/ssh_host_rsa_key
             These three files contain the private parts of the host keys and
             are used for RhostsRSAAuthentication and HostbasedAuthentication.
             If the protocol version 1 RhostsRSAAuthentication method is used,
             ssh must be setuid root, since the host key is readable only by
             root.  For protocol version 2, ssh uses ssh-keysign(8) to access
             the host keys for HostbasedAuthentication.  This eliminates the
             requirement that ssh be setuid root when that authentication
             method is used.  By default ssh is not setuid root.

     $HOME/.rhosts
             This file is used in .rhosts authentication to list the host/user
             pairs that are permitted to log in.  (Note that this file is also
             used by rlogin and rsh, which makes using this file insecure.)
             Each line of the file contains a host name (in the canonical form
             returned by name servers), and then a user name on that host,
             separated by a space.  On some machines this file may need to be
             world-readable if the user's home directory is on a NFS partiM--
             tion, because sshd(8) reads it as root.  Additionally, this file
             must be owned by the user, and must not have write permissions
             for anyone else.  The recommended permission for most machines is
             read/write for the user, and not accessible by others.

             Note that by default sshd(8) will be installed so that it
             requires successful RSA host authentication before permitting
             .rhosts authentication.  If the server machine does not have the
             client's host key in /etc/ssh/ssh_known_hosts, it can be stored
             in $HOME/.ssh/known_hosts.  The easiest way to do this is to conM--
             nect back to the client from the server machine using ssh; this
             will automatically add the host key to $HOME/.ssh/known_hosts.

     $HOME/.shosts
             This file is used exactly the same way as .rhosts.  The purpose
             for having this file is to be able to use rhosts authentication
             with ssh without permitting login with rlogin or rsh(1).

     /etc/hosts.equiv
             This file is used during .rhosts authentication. It contains
             canonical hosts names, one per line (the full format is described
             on the sshd(8) manual page).  If the client host is found in this
             file, login is automatically permitted provided client and server
             user names are the same.  Additionally, successful RSA host
             authentication is normally required.  This file should only be
             writable by root.

     /etc/shosts.equiv
             This file is processed exactly as /etc/hosts.equiv.  This file
             may be useful to permit logins using ssh but not using
             rsh/rlogin.

     /etc/ssh/sshrc
             Commands in this file are executed by ssh when the user logs in
             just before the user's shell (or command) is started.  See the
             sshd(8) manual page for more information.

     $HOME/.ssh/rc
             Commands in this file are executed by ssh when the user logs in
             just before the user's shell (or command) is started.  See the
             sshd(8) manual page for more information.

     $HOME/.ssh/environment
             Contains additional definitions for environment variables, see
             section ENVIRONMENT above.

DIAGNOSTICS
     ssh exits with the exit status of the remote command or with 255 if an
     error occurred.

AUTHORS
     OpenSSH is a derivative of the original and free ssh 1.2.12 release by
     Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
     de Raadt and Dug Song removed many bugs, re-added newer features and creM--
     ated OpenSSH.  Markus Friedl contributed the support for SSH protocol
     versions 1.5 and 2.0.

SEE ALSO
     rsh(1), scp(1), sftp(1), ssh-add(1), ssh-agent(1), ssh-keygen(1),
     telnet(1), ssh_config(4), ssh-keysign(8,) sshd(8)

     T. Ylonen, T. Kivinen, M. Saarinen, T. Rinne, and S. Lehtinen, SSH
     Protocol Architecture, draft-ietf-secsh-architecture-12.txt, January
     2002, work in progress material.

BSD                           September 25, 1999                           BSD