OpenSSH Manual Pages

Web manual pages are available from OpenBSD for the following commands. These manual pages reflect the latest development release of OpenSSH.

• ssh(1) — The basic rlogin/rsh-like client program
• sshd(8) — The daemon that permits you to log in
• ssh_config(5) — The client configuration file
• sshd_config(5) — The daemon configuration file
• ssh-agent(1) — An authentication agent that can store private keys
• ssh-add(1) — Tool which adds keys to in the above agent
• sftp(1) — FTP-like program that works over SSH1 and SSH2 protocol
• scp(1) — File copy program that acts like rcp
• ssh-keygen(1) — Key generation tool
• sftp-server(8) — SFTP server subsystem (started automatically by sshd)
• ssh-keyscan(1) — Utility for gathering public host keys from a number of hosts
• ssh-keysign(8) — Helper program for host-based authentication

The SSH2 protocol implemented in OpenSSH is standardized by the IETF secsh working group and is specified in several RFCs and drafts. The overall structure of SSH2 is described in the architecture RFC. It is composed of three layered components:

• The transport layer provides algorithm negotiation and a key exchange. The key exchange includes server authentication and results in a cryptographically secured connection: it provides integrity, confidentiality and optional compression.
• The user authentication layer uses the established connection and relies on the services provided by the transport layer. It provides several mechanisms for user authentication. These include traditional password authentication as well as public-key or host-based authentication mechanisms.
• The connection layer multiplexes many different concurrent channels over the authenticated connection and allows tunneling of login sessions and TCP-forwarding. It provides a flow control service for these channels. Additionally, various channel-specific options can be negotiated.

Additional documents specify:

• The interactive authentication RFC provides support for new authentication schemes like S/Key or TIS authentication.
• The SFTP file transfer protocol is specified in the filexfer draft. OpenSSH implements a SFTP client and server.
• A file format for public keys is specified in the publickeyfile draft. The command ssh-keygen(1) can be used to convert an OpenSSH public key to this file format.
• The Diffie-Hellman Group Exchange allows clients to request more secure groups for the Diffie-Hellman key exchange.
• OpenSSH implemented a compression method "zlib@openssh.com" that delays starting compression until after user authentication, to eliminate the risk of pre-authentication attacks against the compression code. It is described in draft-miller-secsh-compression-delayed-00.txt.
• OpenSSH implements an additional MAC (Message Authentication Code) "umac-64@openssh.com", which has superior performance to the ones specified in RFC 4253. It is described in draft-miller-secsh-umac-01.txt.
• The authentication agent protocol used by ssh-agent is documented in the PROTOCOL.agent file.
• OpenSSH makes various other minor extensions to and divergences from the standard SSH protocols. These are documented in the PROTOCOL file.