9srv Manual Collection/plan9/ssh(1) | 9srv Manual Collection/plan9/ssh(1) |
---|
sshnet [ -A authlist ] [ -c cipherlist ] [ -m mtpt ] [ -s service ] [user@]host
scp
[host:]file [host:]file
scp
[host:]file ... [host:]dir
aux/sshserve [ -p ] address
Ssh takes the host name of the machine to connect to as its mandatory argument. It may be specified as a domain name or an IP address. Normally, login is attempted using the user name from /dev/user.
Command-line options are:
The control-\ character is a local escape, as in con(1). It prompts with >>>. Legitimate responses to the prompt are
If no command is specified, a login session is started on the remote host. Otherwise, the command is executed with its arguments.
Ssh establishes a connection with an ssh daemon on the remote host. The daemon sends to ssh its RSA public host key and session key. Using these, ssh sends a session key which, presumably, only the daemon can decipher. After this, both sides start encrypting their data with this session key.
When the daemon's host key has been received, ssh looks it up in $home/lib/keyring and in /sys/lib/ssh/keyring. If the key is found there, and it matches the received key, ssh is satisfied. If not, ssh reports this and offers to add the key to $home/lib/keyring.
Over the encrypted channel, ssh attempts to convince the daemon to accept the call using the listed authentication protocols (see the -A option above).
The preferred way to authenticate is a netkey-style challenge/response or via a SecurID token. Ssh users on other systems than Plan 9 should enable TIS_Authentication.
When the connection is authenticated, the given command line,
(by default, a login shell) is executed on the remote host.
The SSH protocol allows clients to make outgoing TCP calls via the server.
Sshnet
establishes an SSH connection and, rather than execute a remote command,
presents the remote server's TCP stack as a network stack
(see the discussion of TCP in
ip(3))
mounted at
mtpt
(default
/net),
optionally posting a 9P service
descriptor for the new file system as
/srv/service.
The
-A
and
-c
arguments are as in
ssh.
Scp
uses
ssh
to copy files from one host to another. A remote file is identified by
a host name, a colon and a file name (no spaces).
Scp
can copy files from remote hosts and to remote hosts.
Sshserve
is the server that services
ssh
calls from remote hosts.
The
-A
and
-c
options set valid authentication methods and ciphers
as in
ssh,
except that there is no
rsa
authentication method.
Unlike in
ssh,
the list is not ordered: the server presents a set and the client makes the choice.
The default sets are
tis
and
blowfish
rc4
3des.
By default, users start with the namespace defined in
/lib/namespace.
Users in group
noworld
in
/adm/users
start with the namespace defined in
/lib/namespace.noworld.
Sshserve
does not provide the TCP forwarding functionality used
by
sshnet,
because many Unix clients present
this capability in an insecure manner.
Sshserve requires that factotum(4) hold the host key, identified by having attributes proto=rsa service=sshserve. To generate a host key:
To extract the public part of the host key in the form used by SSH key rings:
9srv Manual Collection/plan9/ssh(1) | Rev: Mon Nov 02 20:33:31 GMT 2009 |