148 lines
7.9 KiB
HTML
148 lines
7.9 KiB
HTML
<?xml version="1.0" encoding="utf-8"?><!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'><html lang="en" xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<title>Twisted Documentation: CONCH.1</title>
|
|
<link href="../howto/stylesheet.css" rel="stylesheet" type="text/css"/>
|
|
</head>
|
|
|
|
<body bgcolor="white">
|
|
<h1 class="title">CONCH.1</h1>
|
|
<div class="toc"><ol><li><a href="#auto0">NAME</a></li><li><a href="#auto1">SYNOPSIS</a></li><li><a href="#auto2">DESCRIPTION</a></li><li><a href="#auto3">AUTHOR</a></li><li><a href="#auto4">REPORTING BUGS</a></li><li><a href="#auto5">COPYRIGHT</a></li><li><a href="#auto6">SEE ALSO</a></li></ol></div>
|
|
<div class="content">
|
|
|
|
<span/>
|
|
|
|
<h2>NAME<a name="auto0"/></h2>
|
|
|
|
<p>conch </p>
|
|
|
|
<h2>SYNOPSIS<a name="auto1"/></h2>
|
|
|
|
<p>conch [<strong>-AaCfINnrsTtVvx</strong>][<strong>-c</strong><em> cipher_spec</em>][<strong>-e</strong><em> escape_char</em>][<strong>-i</strong><em> identity_file</em>][<strong>-K</strong><em> connection_spec</em>][<strong>-L</strong><em> port</em>:<em> host</em>:<em> hostport</em>][<strong>-l</strong><em> user</em>][<strong>-m</strong><em> mac_spec</em>][<strong>-o</strong><em> openssh_option</em>][<strong>-p</strong><em> port</em>][<strong>-R</strong><em> port</em>:<em> host</em>:<em> hostport</em>][<em> user</em>@]<em> hostname</em>[<em> command</em>]</p>
|
|
|
|
<h2>DESCRIPTION<a name="auto2"/></h2>
|
|
|
|
<p>conch is a SSHv2 client for logging into a remote machine and executing commands. It provides encrypted and secure communications across a possibly insecure network. Arbitrary TCP/IP ports can also be forwarded over the secure connection.
|
|
</p>
|
|
|
|
<p>conch connects and logs into
|
|
<em> hostname</em>(as
|
|
<em> user</em>or the current username). The user must prove her/his identity through a public-key or a password. Alternatively, if a connection is already open to a server, a new shell can be opened over the connection without having to reauthenticate.
|
|
</p>
|
|
|
|
<p>If
|
|
<em> command</em>is specified,
|
|
<em> command</em>is executed instead of a shell. If the
|
|
<strong>-s</strong>option is given,
|
|
<em> command</em>is treated as an SSHv2 subsystem name.
|
|
Conch supports the public-key, keyboard-interactive, and password authentications.
|
|
</p>
|
|
|
|
<p>The public-key method allows the RSA or DSA algorithm to be used. The client uses his/her private key,
|
|
or
|
|
to sign the session identifier, known only by the client and server. The server checks that the matching public key is valid for the user, and that the signature is correct.
|
|
</p>
|
|
|
|
<p>If public-key authentication fails,
|
|
conch can authenticate by sending an encrypted password over the connection.
|
|
conch has the ability to multiplex multiple shells, commands and TCP/IP ports over the same secure connection. To disable multiplexing for a connection, use the
|
|
<strong>-I</strong>flag.
|
|
</p>
|
|
|
|
<p>The
|
|
<strong>-K</strong>option determines how the client connects to the remote host. It is a comma-separated list of the methods to use, in order of preference. The two connection methods are
|
|
(for connecting over a multiplexed connection) and
|
|
(to connect directly).
|
|
To disable connecting over a multiplexed connection, do not include
|
|
in the preference list.
|
|
</p>
|
|
|
|
<p>As an example of how connection sharing works, to speed up CVS over SSH:
|
|
</p>
|
|
|
|
<p>conch --noshell --fork -l cvs_user cvs_host
|
|
set CVS_RSH=<strong>conch</strong>
|
|
</p>
|
|
|
|
<p>Now, when CVS connects to cvs_host as cvs_user, instead of making a new connection to the server,
|
|
conch will add a new channel to the existing connection. This saves the cost of repeatedly negotiating the cryptography and authentication.
|
|
</p>
|
|
|
|
<p>The options are as follows:
|
|
<dl><dt><strong>-A</strong></dt><dd>Enables authentication agent forwarding.
|
|
</dd><dt><strong>-a</strong></dt><dd>Disables authentication agent forwarding (default).
|
|
</dd><dt><strong>-C</strong></dt><dd>Enable compression.
|
|
</dd><dt><strong>-c</strong></dt><dd><em> cipher_spec</em>Selects encryption algorithms to be used for this connection, as a comma-separated list of ciphers in order of preference. The list that
|
|
conch supports is (in order of default preference): aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc, cast128-ctr, cast128-cbc, blowfish-ctr, blowfish, idea-ctr, idea-cbc, 3des-ctr, 3des-cbc.
|
|
</dd><dt><strong>-e</strong></dt><dd><em> ch</em>| ^ch | noneSets the escape character for sessions with a PTY (default:
|
|
The escape character is only recognized at the beginning of a line (after a newline).
|
|
The escape character followed by a dot
|
|
closes the connection;
|
|
followed by ^Z suspends the connection;
|
|
and followed by the escape character sends the escape character once.
|
|
Setting the character to
|
|
disables any escapes.
|
|
</dd><dt><strong>-f</strong></dt><dd>Fork to background after authentication.
|
|
</dd><dt><strong>-I</strong></dt><dd>Do not allow connection sharing over this connection.
|
|
</dd><dt><strong>-i</strong></dt><dd><em> identity_spec</em>The file from which the identity (private key) for RSA or DSA authentication is read.
|
|
The defaults are
|
|
and
|
|
It is possible to use this option more than once to use more than one private key.
|
|
</dd><dt><strong>-K</strong></dt><dd><em> connection_spec</em>Selects methods for connection to the server, as a comma-separated list of methods in order of preference. See
|
|
for more information.
|
|
</dd><dt><strong>-L</strong></dt><dd><em> port</em>: host : hostportSpecifies that the given port on the client host is to be forwarded to the given host and port on the remote side. This allocates a socket to listen to
|
|
<em> port</em>on the local side, and when connections are made to that socket, they are forwarded over the secure channel and a connection is made to
|
|
<em> host</em>port
|
|
<em> hostport</em>from the remote machine.
|
|
Only root can forward privieged ports.
|
|
</dd><dt><strong>-l</strong></dt><dd><em> user</em>Log in using this username.
|
|
</dd><dt><strong>-m</strong></dt><dd><em> mac_spec</em>Selects MAC (message authentication code) algorithms, as a comma-separated list in order of preference. The list that
|
|
conch supports is (in order of preference): hmac-sha1, hmac-md5.
|
|
</dd><dt><strong>-N</strong></dt><dd>Do not execute a shell or command.
|
|
</dd><dt><strong>-n</strong></dt><dd>Redirect input from /dev/null.
|
|
</dd><dt><strong>-o</strong></dt><dd><em> openssh_option</em>Ignored OpenSSH options.
|
|
</dd><dt><strong>-p</strong></dt><dd><em> port</em>The port to connect to on the server.
|
|
</dd><dt><strong>-R</strong></dt><dd><em> port</em>: host : hostportSpecifies that the given port on the remote host is to be forwarded to the given host and port on the local side. This allocates a socket to listen to
|
|
<em> port</em>on the remote side, and when connections are made to that socket, they are forwarded over the secure channel and a connection is made to
|
|
<em> host</em>port
|
|
<em> hostport</em>from the client host.
|
|
Only root can forward privieged ports.
|
|
</dd><dt><strong>-s</strong></dt><dd>Reconnect to the server if the connection is lost.
|
|
</dd><dt><strong>-s</strong></dt><dd>Invoke
|
|
<em> command</em>(mandatory) as a SSHv2 subsystem.
|
|
</dd><dt><strong>-T</strong></dt><dd>Do not allocate a TTY.
|
|
</dd><dt><strong>-t</strong></dt><dd>Allocate a TTY even if command is given.
|
|
</dd><dt><strong>-V</strong></dt><dd>Display version number only.
|
|
</dd><dt><strong>-v</strong></dt><dd>Log to stderr.
|
|
</dd><dt><strong>-x</strong></dt><dd>Disable X11 connection forwarding (default).
|
|
</dd></dl>
|
|
|
|
</p>
|
|
|
|
<h2>AUTHOR<a name="auto3"/></h2>
|
|
|
|
<p>Written by Paul Swartz <z3p@twistedmatrix.com>.
|
|
</p>
|
|
|
|
<h2>REPORTING BUGS<a name="auto4"/></h2>
|
|
|
|
<p>To report a bug, visit <em>http://twistedmatrix.com/bugs/</em>
|
|
</p>
|
|
|
|
<h2>COPYRIGHT<a name="auto5"/></h2>
|
|
|
|
<p>Copyright © 2002-2008 Twisted Matrix Laboratories.
|
|
This is free software; see the source for copying conditions. There is NO
|
|
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
|
</p>
|
|
|
|
<h2>SEE ALSO<a name="auto6"/></h2>
|
|
|
|
<p>ssh(1)
|
|
</p>
|
|
|
|
</div>
|
|
|
|
<p><a href="../howto/index.html">Index</a></p>
|
|
<span class="version">Version: 10.0.0</span>
|
|
</body>
|
|
</html> |