Subversion Repositories planix.SVN

.TH SSH1 1

.SH NAME

ssh1, sshnet, scp, sshserve \- encrypted login and file copy with foreign systems via SSHv1

.SH SYNOPSIS

.B ssh1

[

.B -CfiImPpRrw

]

[

.B -A

.I authlist

]

[

.B -c

.I cipherlist

]

[

.B -[lu]

.I user

]

.RI [ user\fB@ ] host

[

.I cmd

[

.I args

\&... ]]

.PP

.B sshnet

[

.B -A

.I authlist

]

[

.B -c

.I cipherlist

]

[

.B -m

.I mtpt

]

[

.B -s

.I service

]

.RI [ user\fB@ ] host

.PP

.B scp

.RI [ host :] file

.RI [ host2 :] file2

.br

.B scp

.RI [ host :] file

\&...

.RI [ host2 :] dir

.PP

.B aux/sshserve

[

.B -A

.I authlist

]

[

.B -c

.I cipherlist

]

[

.B -i

.I id-string

]

.I address

.SH DESCRIPTION

.I Ssh1

performs authenticated login over an encrypted channel to hosts that

support the SSH v1 protocol (see the RFCs listed below for encryption and

authentication details).

.I Ssh1

takes the host name of the machine to connect to as its mandatory argument.

It may be specified as a domain name or an IP address.

Normally, login is attempted using the user name from

.BR /dev/user .

.PP

Command-line options are:

.TF "C 

.PD

.TP

.B -C

force input to be read in cooked mode:

``line at a time'' with local echo.

.TP

.B -f

enable agent forwarding.

With this flag,

.I ssh1

uses SSH's agent forwarding protocol to allow

programs running on the remote server to

interact with

.IR factotum (4)

to perform RSA authentication.

.TP

.B -i

force interactive mode.

In interactive mode, 

.I ssh1

prompts for passwords and confirmations of

new host keys when necessary.

(In non-interactive mode, password requests

are rejected and unrecognized host keys are 

cause for disconnecting.)

By default, 

.I ssh 1

runs in interactive mode only when its 

input file descriptor is 

.BR /dev/cons .

.TP

.B -I

force non-interactive mode.

.TP

.B -m

disable the 

.RB control- \e

menu, described below.

.TP

.B -p

force pseudoterminal request.

The SSH protocol, grounded in Unix tradition,

differentiates between connections

that request controlling pseudoterminals

and those that do not.

By default, 

.I ssh1

requests a pseudoterminal only when no

.I command

is given.

.TP

.B -P

force no pseudoterminal request.

.TP

.B -r

strip carriage returns.

.TP

.B -R

put the allocated pseudoterminal, if any, in raw mode.

.TP

.B -w

notify the remote side whenever the window changes size.

.TP

.BR - [ lu ] "\fI user

specify user name.

This option is deprecated in favor of the

.IB user @ hostname

syntax.

.TP

.B "-A\fI authlist

specify an ordered space-separated list of authentication protocols to try.

The full set of authentication protocols is

.B rsa

(RSA using

.IR factotum (4)

to moderate key usage),

.B password

(use a password gathered from factotum),

and

.B tis

(challenge-response).

The default list is all three in that order.

.TP

.B "-c\fI cipherlist

specify an ordered space-separated list of allowed ciphers to use when encrypting the channel.

The full set of ciphers is

.B des

(standard DES),

.B 3des

(a somewhat doubtful variation on triple DES),

.B blowfish

(Bruce Schneier's Blowfish),

.B rc4

(RC4),

and

.B none

(no encryption).

The default cipher list is 

.B blowfish

.B rc4

.BR 3des .

.PD

.PP

The

.RB control\- \e

character is a local escape, as in

.IR con (1).

It prompts with

.BR >>> .

Legitimate responses to the prompt are

.TP

.B q

Exit.

.TP

.B .

Return from the escape.

.TP

.B !cmd

Run the command with the network connection as its

standard input and standard output.

Standard error will go to the screen.

.TP

.B r

Toggle printing of carriage returns.

.PD

.LP

If no command is specified,

a login session is started on the remote

host.

Otherwise, the command is executed with its arguments.

.LP

.I Ssh1

establishes a connection with an SSH daemon on the remote host.

The daemon sends to 

.I ssh1

its RSA public host key and session key.

Using these,

.I ssh1

sends a session key which, presumably, only the

daemon can decipher.  After this, both sides start encrypting their

data with this session key.

.LP

When the daemon's host key has been received,

.I ssh1

looks it up in 

.B $home/lib/keyring

and in 

.BR /sys/lib/ssh/keyring .

If

the key is found there, and it matches the received key,

.I ssh1

is satisfied.  If not,

.I ssh1

reports this and offers to add the key to

.BR $home/lib/keyring .

.LP

Over the encrypted channel,

.I ssh1

attempts to convince the daemon to accept the call

using the listed authentication protocols

(see the

.B -A

option above).

.LP

The preferred way to authenticate is a

.IR netkey -style

challenge/response or via a SecurID token.

SSH users on other systems than Plan 9 should enable \s-2TIS_A\s0uthentication.

.LP

When the connection is authenticated, the given command line,

(by default, a login shell) is executed on the remote host.

.sp 1

The SSH protocol allows clients to make outgoing TCP calls via the server.

.I Sshnet

establishes an SSH connection and, rather than execute a remote command,

presents the remote server's TCP stack as a network stack

(see the discussion of TCP in

.IR ip (3))

mounted at

.I mtpt

(default

.BR /net ),

optionally posting a 9P service

descriptor for the new file system as

.BI /srv/ service \fR.

The

.B -A

and

.B -c

arguments are as for

.IR ssh1 .

.sp 1

.I Scp

uses

.I ssh

to copy files from one host to another.

A remote file is identified by

a host name, a colon and a file name (no spaces).

.I Scp

can copy files from remote hosts and to remote hosts.

.SS "Server and Keys

.I Sshserve

is the server that services

SSH

calls from remote hosts. 

The 

.B -A

and

.B -c

options set valid authentication methods and ciphers

as for

.IR ssh1 ,

except that there is no

.B rsa

authentication method.

Unlike in

.IR ssh1 ,

the list is not ordered: the server presents a set and the client makes the choice.

The default sets are

.B tis

and

.B blowfish

.B rc4

.BR 3des .

The

.B -i

option prevents reading the client's ID-string line and assumes

its ID string to be

.IR id-string .

By default, users start with the namespace defined in

.BR /lib/namespace .

Users in group

.B noworld

in

.B /adm/users

start with the namespace defined in

.BR /lib/namespace.noworld .

.I Sshserve

does not provide the TCP forwarding functionality used

by

.IR sshnet ,

because many Unix clients present

this capability in an insecure manner.

.PP

.I Sshserve

requires that

.IR factotum (4)

hold the host key,

identified by having attributes

.B proto=rsa

.BR service=sshserve .

To generate a host key:

.IP

.EX

auth/rsagen -t 'service=sshserve' >/mnt/factotum/ctl

.EE

.LP

To extract the public part of the host key in the form

used by SSH key rings:

.IP

.EX

grep 'service=sshserve' /mnt/factotum/ctl | auth/rsa2ssh

.EE

.SH FILES

.TP

.B /sys/lib/ssh/keyring

System key ring file containing public keys for remote SSH clients and servers.

.TP

.B /usr/\fIuser\fP/lib/keyring

Personal key ring file containing public keys for remote SSH clients and

servers.

.SH SOURCE

.B /sys/src/cmd/ssh1

.SH "SEE ALSO"

.B /lib/rfc/rfc425[0-6]

.br

.IR con (1),

.IR cpu (1),

.IR ssh2 (1),

.IR factotum (4),

.IR authsrv (6),

.IR rsa (8)