.TH SSH 1
.SH NAME
ssh, sshserve, scp \- secure login and file copy from/to Unix or Plan 9
.SH SYNOPSIS
.B ssh
[
.B -CiImprv
]
[
.B -[lu]
.I user
]
.RI [ user\fB@ ] hostname
[
.I command
[
.I arguments
\&... ]]
.PP
.B scp
[host:]file [host:]file
.br
.B scp
[host:]file ... [host:]dir
.PP
.B sshserve
[
.B -p
]
.I address
.PP
.B aux/ssh_genkey
[
.B -d
]
[
.I basename
]
.SH DESCRIPTION
.I Ssh
allows authenticated login over an encrypted channel to hosts that
support the ssh protocol (see the RFC listed below for encryption and
authentication details).
.LP
.I Ssh
takes the host name of the machine to connect to as its mandatory argument.
It may be specified as a domain name or an IP address.
Normally, login is attempted using the user name from /dev/user.
.PP
Command-line options are:
.TP
.B -C
force input to be read in cooked mode:
``line at a time'' with local echo.
.TP
.B -i
force interactive mode.
In interactive mode, 
.I ssh
prompts for passwords and confirmations of
new host keys when necessary.
(In non-interactive mode, password requests
are rejected and unrecognized host keys are 
cause for disconnecting.)
By default, 
.I ssh 
runs in interactive mode only when its 
input file descriptor is 
.BR /dev/cons .
.TP
.B -I
force non-interactive mode.
.TP
.B -m
disable the 
.RB control- \e
menu, described below.
.TP
.B -p
force pseudoterminal request.
The
.I ssh
protocol, grounded in Unix tradition,
differentiates between connections
that request controlling pseudoterminals
and those that do not.
By default, 
.I ssh
requests a pseudoterminal only when no
.I command
is given.
.TP
.B -r
strip carriage returns.
.TP
.B -v
enable verbose feedback during the connection and authentication process. 
.TP
.BR - [ lu ] "\fI user
specify user name.
This option is deprecated in favor of the
.IB user @ hostname
syntax.
.PD
.PP
The
.RB control\- \e
character is a local escape, as in
.IR con (1).
It prompts with
.BR >>> .
Legitimate responses to the prompt are
.TP
.B q
Exit.
.TP
.B .
Return from the escape.
.TP
.B !cmd
Run the command with the network connection as its
standard input and standard output.
Standard error will go to the screen.
.TP
.B r
Toggle printing of carriage returns.
.PD
.LP
If no command is specified,
a login session is started on the remote
host.
Otherwise, the command is executed with its arguments.
.LP
.I Ssh
establishes a connection with an ssh daemon on the remote host.
The daemon sends to 
.I ssh
its RSA public host key and session key.
Using these,
.I ssh
sends a session key which, presumably, only the
daemon can decipher.  After this, both sides start encrypting their
data with this session key.  The encryption algorithm preferred by
Plan9
.I ssh
for data transfer is RC4, with triple-DES (which isn't
really triple DES but a somewhat doubtful variation on it) as
backup.  (All ssh implementations are required to be able to do 3DES.)
.LP
When the daemon's host key has been received,
.I ssh
looks it up in 
.B $home/lib/keyring
and in 
.BR /sys/lib/ssh/keyring .
If
the key is found there, and it matches the received key,
.I ssh
is satisfied.  If not,
.I ssh
reports this and offers to add the key to
.BR $home/lib/keyring .
.LP
Over the encrypted channel,
.I ssh
attempts to convince the daemon to accept the call.  
It will try to use RSA private keys, first those mounted
at 
.B /mnt/auth/ssh
(see
.IR agent (4)),
and then any in the private keyring
.BR $home/lib/userkeyring .
.PP
If RSA authentication fails,
.I ssh
may prompt for
the password on the remote host \- note that this password will be sent
over the
.I encrypted
channel.  This is safe, provided one is indeed connected to the intended
host.
.LP
The preferred way to authenticate the user, however, is the
challenge/response system used by
.IR netkey .
.I Ssh
users on other systems than Plan 9 should enable \s-2TIS_A\s0uthentication.
.LP
When the connection is established, the command given in the remaining
arguments, or the shell, is started up on the remote host.
.sp 1
.I Scp
uses
.I ssh
to copy files from one host to another.  A remote file is identified by
a host name, a colon and a file name (no spaces).
.I Scp
can copy files from remote hosts and to remote hosts.
.sp 1
.I Sshserve
is the server that services
.I ssh
calls from remote hosts.  On Plan 9, it always requires either
a response to a challenge (netkey), or a password.  The password is
protected by encryption as it travels from the remote host to
.IR sshserve .
The 
.B -p
option keeps
.I sshserve
from accepting passwords, forcing the use of the netkey-style
challenge-response.
By default, users start with the namespace defined in
.BR /lib/namespace .
Users in group
.B noworld
in
.B /adm/users
start with the namespace defined in
.BR /lib/namespace.noworld .
.PP
.I Ssh_genkey
generates an RSA key set, writing the
private key to
.IB basename .secret
and the public key to
.IB basename .public\fR.
The default 
.B basename
is 
.BR /sys/lib/ssh/hostkey ,
so running it with no arguments
will generate an RSA key set
for the file server in use.
Unlike the ssh used by Unix machines,
the Plan 9
.I ssh
stores its keys in hexadecimal.
Invoking
.I ssh_genkey
with the
.B -d
option causes it to create a decimal public key
in
.IB basename .public10\fR,
useful for sharing with Unix hosts.
.SH FILES
.TF /sys/lib/ssh/hostkey.public
.TP
.B /sys/lib/ssh/hostkey.public
Public key for the host on which the program runs.
.TP
.B /sys/lib/ssh/hostkey.secret
Secret key for the host on which the program runs.  This file must
be owned and be readable by bootes only.
.TP
.B /sys/lib/ssh/keyring
System keyring file containing public keys for remote ssh clients and servers.
.TP
.B /usr/\fIuser\fP/lib/keyring
Personal keyring file containing public keys for remote ssh clients and
servers.
.TP
.B /mnt/auth/ssh
Expected mount point for private keys held by an agent.
.TP
.B /usr/\fIuser\fP/lib/userkeyring
Personal keyring file containing private keys to be used in authentication.
.SH SOURCE
.B /sys/src/cmd/ssh
.SH "SEE ALSO"
.IR /sys/src/cmd/ssh/RFC*
.br
.IR agent (4),
.IR auth (6)
