lsh.texinfo 69 KB
Newer Older
1 2 3 4 5 6 7
\input texinfo          @c -*-texinfo-*-

@c %**start of header
@setfilename lsh.info
@settitle lsh
@c %**end of header

8 9
@documentencoding ISO-8859-1

10 11 12 13 14
@dircategory GNU Packages
@direntry
* LSH: (lsh).           Secure Shell and related utilities.
@end direntry

15
@set UPDATED-FOR 3.0
16

17
@c Latin-1 doesn't work with tex output.
18
@c Also look out for é characters.
19

20
@set AUTHOR Niels Möller
21
@ifinfo
22
Manual for LSH. This manual corresponds to @command{lsh} version
23
@value{UPDATED-FOR}. 
24

25
Copyright 2000, 2004, 2008, 2010, 2011 @value{AUTHOR}
26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57

Permission is granted to make and distribute verbatim
copies of this manual provided the copyright notice and
this permission notice are preserved on all copies.

@ignore
Permission is granted to process this file through TeX
and print the results, provided the printed document
carries a copying permission notice identical to this
one except for the removal of this paragraph (this
paragraph not being relevant to the printed manual).

@end ignore
Permission is granted to copy and distribute modified
versions of this manual under the conditions for
verbatim copying, provided also that the sections
entitled ``Copying'' and ``GNU General Public License''
are included exactly as in the original, and provided
that the entire resulting derived work is distributed
under the terms of a permission notice identical to this
one.

Permission is granted to copy and distribute
translations of this manual into another language,
under the above conditions for modified versions,
except that this permission notice may be stated in a
translation approved by the Free Software Foundation.

@end ifinfo

@titlepage
@sp 10
58 59 60 61
@c @center @titlefont{LSH Manual}

@title LSH Manual
@subtitle For @command{lsh} version @value{UPDATED-FOR}
62

63
@author @value{AUTHOR}
64 65 66 67

@c The following two commands start the copyright page.
@page
@vskip 0pt plus 1filll
68
Copyright @copyright{} 2000, 2004, 2008, 2010 @value{AUTHOR}
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90

Permission is granted to make and distribute verbatim
copies of this manual provided the copyright notice and
this permission notice are preserved on all copies.

Permission is granted to copy and distribute modified
versions of this manual under the conditions for
verbatim copying, provided also that the sections
entitled ``Copying'' and ``GNU General Public License''
are included exactly as in the original, and provided
that the entire resulting derived work is distributed
under the terms of a permission notice identical to this
one.

Permission is granted to copy and distribute
translations of this manual into another language,
under the above conditions for modified versions,
except that this permission notice may be stated in a
translation approved by the Free Software Foundation.

@end titlepage

91 92
@contents

93
@ifnottex
94
@node     Top, Introduction, (dir), (dir)
95
@comment  node-name,  next,  previous,  up
96
@ifinfo
97
@top
98
@end ifinfo
99

100 101 102 103 104
This document describes @command{lsh} and related programs. The
@command{lsh} suite of programs is intended as a free replacement for
the @command{ssh} suite of programs. In turn, @command{ssh} was intended
as a secure replacement for the @command{rsh} and @command{rlogin}
programs for remote login over the Internet.
105

106
@command{lsh} is a component of the @acronym{GNU} system.
107

108 109
This manual explains how to use and hack @command{lsh}; it corresponds to
@command{lsh} version @value{UPDATED-FOR}.
110

111 112
@menu
* Introduction::                
113 114
* Installation::                
* Getting started::             
115
* Server configuration::        
116 117
* Invoking lsh::                
* Invoking lshd::               
118
* Files and environment variables::  
119 120 121 122 123 124 125 126 127 128 129 130 131 132 133
* Concept Index::               

@detailmenu
 --- The Detailed Node Listing ---

Introduction

* Threats::                     
* Features::                    
* Related techniques::          

Related programs and techniques

* ssh1::                        SSH version 1
* ssh2::                        SSH version 2
134
* tls::                         
135 136 137
* Kerberos::                    Kerberos
* ipsec::                       IP Sec

138 139
Getting started

140
* lsh-make-seed ::              Initializing the randomness generator
141 142 143 144
* lsh basics::                  Connection with lsh
* tcpip forwarding::            Forwarding @acronym{TCP/IP} ports
* lshd basics::                 Starting the lshd deamon
* public-key::                  Using public-keys
145
* sexp::                        Examining keys and other S-exp files
146
* Converting keys::             
147

148 149 150 151 152 153 154 155
Server configuration

* Configuration syntax::        
* Common options::              
* lshd configuration::          
* lshd-userauth configuration::  
* lshd-connection configuration::  

156
Invoking @command{lsh}
157

158 159 160 161
* Algorithms: Algorithm options.  Selecting algorithms.
* Hostauth options::            
* Userauth options::            
* Actions: Action options.      What to do after login.
162
* Gateway options::             
163
* Messages: Verbosity options.  Tuning the amount of messages.
164

165 166 167
@end detailmenu
@end menu

168 169
@end ifnottex

170
@node Introduction, Installation, Top, Top
171 172 173 174
@comment  node-name,  next,  previous,  up
@chapter Introduction

What is this thing called computer security anyway? Why would you want
175
to use a program like @command{lsh}?
176

177
This chapter explains the threats @command{lsh} tries to protect you from,
178
and some of the threats that remain. It also describes some of the
179
technologies used in @command{lsh}.
180 181 182 183 184 185

From time to time in this manual, I will speak about the @dfn{enemy}.
This means anybody who is trying to eavesdrop or disturb your private
communication. This usage is technical, and it does not imply that the
enemy is somehow morally inferior to you: The enemy may be some awful
criminals trying to eavesdrop on you, or it may be the police trying to
186
eavesdrop on the same criminals.
187 188 189

The enemy can be a criminal, or a competitor, or your boss who's trying
to find out how much you tell collegues at competing firms. It may be
190
your own or somebody else's national security officials. Or your
191 192 193
ex-boyfriend who happens to be too curious.

So what can the enemy do to your communications and your privacy?
194
Remember that just because you're paranoid that doesn't mean that nobody
195
is trying to get you@dots{}
196 197


198 199 200 201 202 203 204
@menu
* Threats::                     
* Features::                    
* Related techniques::          
@end menu

@node Threats, Features, Introduction, Introduction
205 206 207
@comment  node-name,  next,  previous,  up
@section Threats

208 209
When logging in to some other machine via the Internet, either in the
same building or a few continents away, there are several things that
210 211
may be under enemy attack.

212 213
@table @dfn
@item Local attacks
214
The enemy controls your local environment. He or she may be looking over
215 216 217 218 219 220
your shoulder. Your local machine might be cracked. Or there may be some
device planted inside your keyboard transmitting everything you type to
the attacker. About the same problems occur if the attacker has taken
control over your target machine, i.e. the remote machine you have
logged in to.

221
@item Denial-of-service attacks
222 223 224
The enemy has cut your network cable, effectively stopping your
communication. Even without doing physical damage, the enemy may be able
to flood and overload computers or network equipment. Or disrupt network
225
traffic by sending fake packets to hangup your @acronym{TCP/IP}
226 227
connections.

228
@item Passive eavesdropping
229
The enemy may be able to listen to your communication somewhere along
230
its path. With the global Internet, it's difficult to predict who might
231 232 233 234 235 236 237 238 239
be able to listen. Internet traffic between buildings just a few hundred
meters apart have been observed temporarily being routed through half a
dozen countries, perhaps a few thousand kilometers.

And even without routing anomalies, it is possible that the enemy has
been able to take control of some nearby machine, and can listen in from
there. Of course, passive eavesdropping is most dangerous if you
transmit cleartext passwords. This is the main reason not to use vanilla
telnet to login to remote systems. Use a telnet with support for
240 241
@acronym{SSL} or Kerberos, or use a program like @command{lsh} or
@command{ssh}. 
242 243 244 245 246 247 248 249 250 251 252 253 254

A passive eavesdropper is assumed not to do anything nasty with your
packets beyond listening to them.

@item Name resolution attacks
The translation from symbolic @acronym{DNS} names to numeric
ip-addresses may be controlled by the attacker. In this case, you may
think that you are connecting to a friendly machine, when in fact you
are connecting somewhere else.

@item Fake packets
It is fairly easy to fake the source address of an @acronym{IP}-packet,
although it is more difficult to get hold on the replies to the faked
255
packets. But even without any replies, this can cause serious
256 257
problems. 

258
@item Man-in-the-middle attack
259 260 261 262 263 264 265 266 267 268 269
In this attack, the enemy sits between you and the target. When
communicating with you, he pretends to be the target. When communicating
with the target, he pretends to be you. He also passes all information
on more or less unmodified, so that he is invisible to you and the
target. To mount this attack, the enemy either needs physical access to
some network equipment on the path between you and the target, or he has
been able to fool you to connect to him rather than to the target, for
example by manipulating the @acronym{DNS}-system.

@end table

270
@command{lsh} makes no attempt to protect you from local attacks. You have
271 272 273
to trust the endpoint machines. It seems really difficult to uphold any
security if the local machine is compromised. This is important to keep
in mind in the ``visitor''-scenario, where you visit a friend or perhaps an
274
Internet café and want to connect to some of the machines at home or at
275
work. If the enemy has been able to compromize your friend's or the
276
café's equipment, you may well be in trouble.
277

278 279
Protection from denial-of-service attacks is also a very difficult
problem, and @command{lsh} makes no attempt to protect you from that.
280

281
Instead, the aim of @command{lsh}, and most serious tools for cryptographic
282
protection of communications across the net, is to isolate the
283
vulnerabilities to the communication endpoints. If you know that the
284
endpoints are safe, the enemy should not be able to compromize your
285
privacy or communications. Except for denial-of-service attacks (which
286 287
at least can't be performed without you noticing it).

288
First of all, @command{lsh} provides protection against passive
289
eavesdropping. In addition, if you take the appropriate steps to make
290
sure that hostkeys are properly authenticated, @command{lsh} also protects
291 292 293 294
against man-in-the-middle attacks and in particular against attacks on
the name resolution. In short, you need only trust the security at the
end points: Even if the enemy controls all other network equipment, name
resolution and routing infrastructure, etc, he can't do anything beyond
295
the denial-of-service attack.
296 297 298 299 300 301 302

And at last, remember that there is no such thing as absolute security.
You have to estimate the value of that which you are protecting, and
adjust the security measures so that your enemies will not find it worth
the effort to break them.


303
@node Features, Related techniques, Threats, Introduction
304
@comment  node-name,  next,  previous,  up
305
@section Features
306

307
@command{lsh} does not only provide more secure replacements for
308 309 310 311 312 313
@command{telnet}, @command{rsh} and @command{rlogin}, it also provides
some other features to make it convenient to communicate securely. This
section is expected to grow with time, as more features from the
wish-list are added to lsh. One goal for @command{lsh} is to make it
reasonable easy to extend it, without messing with the core security
functionality.
314

315 316
@command{lsh} can also be used in something called gateway mode, in
which you can authenticate once and set up a connection that can
317
later be reused for quickly setting up new sessions.
318

319 320
@command{lsh} can be configured to allow login based on a personal
key-pair consisting of a private and a public key, so that you can
321 322 323 324
execute remote commands without typing your password every time.
Kerberos support and support for Thomas Wu's Secure Remote Password
Protocol (@acronym{SRP}) is on the wish list but not yet supported
(@pxref{Kerberos}).
325

326
The public-key authentication methods should also be extended to support
327 328
Simple Public Key Infrastructure (@acronym{SPKI}) certificates,
including some mechanism to delegate restricted logins.
329

330 331 332
Forwarding of arbitrary @acronym{TCP/IP} connections is provided. This
is useful for tunneling otherwise insecure protocols, like telnet and
pop, through an encrypted @command{lsh} connection.
333

334 335 336 337 338 339
@command{lsh} also features a @acronym{SOCKS}-proxy which also provides
tunneling of @acronym{TCP/IP} connections, but without specifying the
remote targets in advance. E.g., web browsers like Firefox can be
configured to use @acronym{SOCKS} for tunneling web traffic. There are
also programs like @command{tsocks} that performs transparent
redirection of network access through a @acronym{SOCKS} proxy.
340

341
Convenient tunneling of @acronym{X} was one of the most impressive
342
features of the original @command{ssh} programs. Both @command{lsh} and
343
@command{lshd} support @acronym{X}-forwarding.
344 345
Whan @acronym{X} forwarding is in effect, the remote process is started
in an environment where the @env{DISPLAY} variable in the environment
346
points to a fake @acronym{X} server, connections to which are forwarded
347
to the @acronym{X} server in your local environment. @command{lsh} also
348
creates a new ``fake'' @samp{MIT-MAGIC-COOKIE-1} for access
349 350 351 352 353 354
control. Your real @acronym{X} authentication data is never sent to the
remote machine.

Other kinds of tunneling that may turn out to be useful include
authentication (i.e. @command{ssh-agent}), general forwarding of
@acronym{UDP}, and why not also general @acronym{IP}-tunneling.
355 356


357
@node Related techniques,  , Features, Introduction
358 359 360 361
@comment  node-name,  next,  previous,  up
@section Related programs and techniques

This sections describes some other programs and techniques related to
362 363
@command{lsh}. The ssh family of programs use mostly the same kind of
security as @command{lsh}. Kerberos and @acronym{IPSEC} operate quite
364
differently, in particular when it comes to protection against
365
man-in-the-middle attacks.
366

367 368 369
@menu
* ssh1::                        SSH version 1
* ssh2::                        SSH version 2
370
* tls::                         
371 372 373 374 375
* Kerberos::                    Kerberos
* ipsec::                       IP Sec
@end menu

@node ssh1, ssh2, Related techniques, Related techniques
376
@comment  node-name,  next,  previous,  up
377
@subsection @code{ssh-1.x}
378

379
The first of the Secure shell programs was Tatu Ylönen's @command{ssh}.
380 381
The latest of the version 1 series is @code{ssh-1.33} which speaks
version 1.5 of the protocol. The ``free'' version of @code{ssh-1.33}
382
does not allow commercial use without additional licensing, which makes
383
@code{ssh-1.33} non-free software according to Debian's Free Software
384
Guidelines and the Open Source Definition.
385

386
The version 1 protocol has some subtle weaknesses, in particular, all
387 388 389
support for using stream ciphers was disabled by default a few versions
back, for security reasons.

390
There also exists free implementations of @code{ssh-1}, for both Unix
391
and Windows. @command{ossh} and later OpenSSH are derived from an earlier
392
free version av Tatu Ylönen's @command{ssh}, and are free software.
393

394
@node ssh2, tls, ssh1, Related techniques
395
@comment  node-name,  next,  previous,  up
396
@subsection @code{ssh-2.x}
397

398
@command{ssh2} implements the next generation of the Secure Shell
399
protocol, now specified by the @acronym{IETF}
400 401 402 403 404
secsh Working Group. Besides @command{lsh}, some well known
implementations of this protocol includes
@itemize
@item
OpenSSH (which supports version 2 of the protocol since May 2000).
405

406 407 408 409 410 411 412 413 414
@item
The @command{ssh2} series of proprietary programs sold by the SSH
company. @command{lsh} interoperates with current versions of these
programs, but not with version 3.0 and earlier (the older versions get
some details of the protocol wrong, probably because it predates the
protocol specification). The license for the SSH company's
@command{ssh2} programs is similar to that for recent versions of
@command{ssh1}, but with a narrower definition of ``non-commercial
use''.
415

416
@item
417 418
@command{putty}, a free @command{ssh} implementation primarily for
Microsoft Windows.
419

420
@end itemize
421

422 423
There a numerous other implementations, both free and proprietary. The
above list is far from complete.
424

425 426 427 428 429 430 431 432 433
@node tls, Kerberos, ssh2, Related techniques
@comment  node-name,  next,  previous,  up
@subsection TLS

Transport Layer Security, @acronym{tls}, is a protocol developed by the @acronym{ietf},
based on the earlier protocol called Secure Socket Layer, @acronym{ssl}, which was
developed by Netscape. It provides as encrypted session, which can then be
used for other protocols, such as @acronym{http}, @acronym{smtp}, and
@acronym{imap}. 
434

435 436 437 438 439
In @acronym{tls}, server authentication is usually based on x.509
certificates. x.509 certificates can be used for client authentication
as well, but it is more common to use an application specific
authentication, often using some password.

Niels Möller's avatar
Niels Möller committed
440
@node Kerberos, ipsec, tls, Related techniques
441 442 443 444 445 446 447 448 449 450 451 452 453 454
@comment  node-name,  next,  previous,  up
@subsection Kerberos

Kerberos is a key distribution system originally developed in the late
1980:s as a part of Project Athena at @acronym{MIT}. Recent development
have been done at The Royal Institute of Technology, Stockholm
(@acronym{KTH}).

Kerberos uses a central trusted ticket-granting server, and requires
less trust on the local machines in the system. It does not use
public-key technology.

Usually, Kerberos support is compiled into applications such as telnet,
ftp and X-clients. The ssh family of programs, on the other hand, tries
455 456
to do all needed magic, for instance to forward @acronym{X} securely,
and then provides general @acronym{TCP/IP} forwarding as a kitchen sink.
457

458 459
I believe Kerberos' and lsh's protection against passive eavesdropping
are mostly equivalent. The difference is in the set of machines and
460 461
assumptions you have to trust in order to be safe from a
man-in-the-middle attack.
462

463
I think the main advantage of @command{lsh} over Kerberos is that it is
464
easier to install and use for an ordinary mortal user. In order to set
465 466
up key exchange between two different Kerberos systems (or @dfn{Kerberos
realms}), the respective system operators need to exchange keys. In the
467
case of two random users at two random sites, setting up @command{lsh} or
468
some other program in the ssh family is likely easier than to get the
469 470
operators to spend time and attention. So @command{lsh} should be easier to
use in an anarchistic grass-roots environment.
471

472
Another perspective is to combine ssh features like @acronym{X} and
473 474 475
@acronym{TCP/IP} forwarding with authentication based on Kerberos. Such
an arrangement may provide the best of two worlds for those who happen
to have an account at a suitable ticket-granting server.
476

477
@node ipsec,  , Kerberos, Related techniques
478 479 480
@comment  node-name,  next,  previous,  up
@subsection @acronym{IPSEC}

481 482 483
@acronym{IPSEC} is a set of protocols for protecting general
@acronym{IP} traffic. It is developed by another @acronym{IETF} working
group, and is also a required part of @acronym{IP} version 6.
484

485
Again, the main difference between @acronym{IPSEC}, Kerberos and ssh
486
is the set of machines that have to be secure and the keys that have to
487
be exchanged in order to avoid man-in-the-middle attacks.
488 489 490 491 492 493 494 495 496 497 498 499 500 501

Current protocols and implementations of @acronym{IPSEC} only provide
authentication of machines; there's nothing analogous to the user
authentication in ssh or Kerberos.

On the other hand, @acronym{IPSEC} provides one distinct advantage over
application level encryption. Because @acronym{IP} and @acronym{TCP}
headers are authenticated, it provides protection against some
denial-of-service attacks. In particular, it makes attacks that cause
hangup of a @acronym{TCP} connection considerably more difficult.

So it makes sense to use both @acronym{IPSEC} and some application
level cryptographic protocol.

502 503 504 505 506
Also note that it is possible to use the @dfn{Point-to-Point Protocol}
(@acronym{PPP}) to tunnel arbitrary @acronym{IP} traffic accross an ssh
connection. This arrangement provides some of the functionality of
@acronym{IPSEC}, and is sometimes referred to as ``a poor man's Virtual
Private Network''.
507

508 509 510 511
@node Installation, Getting started, Introduction, Top
@comment  node-name,  next,  previous,  up
@chapter Installation

512
You install @command{lsh} with the usual @code{./configure && make &&
513
make install}. For a full listing of the options you can give to
514
@command{configure}, use @code{./configure --help}. For example, use
515 516 517 518
@option{--without-pty} to disable pty-support.

The most commonly used option is @option{--prefix}, which tells
configure where lsh should be installed. Default prefix is
519
@file{/usr/local}. The @command{lshd} server is installed in
520 521 522 523 524
@file{$prefix/sbin}, various helper programs are installed in
@file{$prefix/libexec}, and all other programs and scripts are
installed in @file{$prefix/bin}.

Note that by default, all lsh-related files are stored under
Niels Möller's avatar
Niels Möller committed
525
@file{prefix}, including configuration files, and the host key and
526 527 528 529 530 531 532
seed file used by the server. You may want to use
@example
./configure --sysconfdir=/etc --localstatedir=/var
@end example

@noindent
to place these files on the root and @file{/var} partitions.
533

534
The configure script tries to figure out if the linker needs any special
535 536
flags specifying where to find dynamically linked libraries at run time
(one case where this matters is if you have a dynamic libz.so installed
537
in a non-standard place). Usually, you can use
538

539 540 541
@example
./configure --with-lib-path=/opt/lib:/other/place
@end example
542

543
@noindent
544
to specify extra library directories, and the configure script should do
545
the right thing. If this doesn't work, or you believe that you know your
546
system better than @command{./configure}, just set LDFLAGS and/or
547
LD_LIBRARY_PATH to the right values instead.
548 549


550
@node Getting started, Server configuration, Installation, Top
551
@comment  node-name,  next,  previous,  up
552 553
@chapter Getting started
This section tells you how to perform some common tasks using the
554
@command{lsh} suite of programs, without covering all options and
555 556 557
possibilities.

@menu
558
* lsh-make-seed ::              Initializing the randomness generator
559 560 561 562
* lsh basics::                  Connection with lsh
* tcpip forwarding::            Forwarding @acronym{TCP/IP} ports
* lshd basics::                 Starting the lshd deamon
* public-key::                  Using public-keys
563
* sexp::                        Examining keys and other S-exp files
564
* Converting keys::             
565 566
@end menu

567 568 569 570 571 572
@node lsh-make-seed , lsh basics, Getting started, Getting started
@comment  node-name,  next,  previous,  up
@section Initializing the randomness generator

Several of the lsh programs requires a good pseudorandomness generator
for secure operation. The first thing you need to do is to create a
573 574
seed file for the generator. The personal seed file, stored as
@file{~/.lsh/yarrow-seed-file}, is created by
575 576 577 578 579

@example
lsh-make-seed
@end example

580 581 582
Client programs that need the pseudorandomness generator will offer to
run this command for you, if the seed file doesn't exist. To create a
seed file for use by @command{lshd}, run
583 584 585 586 587

@example
lsh-make-seed --server
@end example

588 589 590 591
as root. By default, the seed file is stored as
@file{/usr/local/var/spool/lsh/yarrow-seed-file}, this can be changed
using the @option{--localstatedir} option to configure or the
@code{LSH_YARROW_SEED_FILE} environment variable at run time.
592 593 594


@node lsh basics, tcpip forwarding, lsh-make-seed , Getting started
595 596 597 598 599 600
@comment  node-name,  next,  previous,  up
@section @command{lsh} basics

@command{lsh} is the program you use for connection to a remote machine. A
few examples are:

601 602 603
@example
lsh sara.lysator.liu.se
@end example
604

605
@noindent
606 607 608 609 610
Connects to @samp{sara.lysator.liu.se} and starts an interactive shell.
In this example, and in the rest of the examples in this section, lsh
will ask for your password, unless you have public-key user
authentication set up.

611
The first time you try to connect to a new machine, @command{lsh}
612 613
typically complains about an ``unknown host key''. This is because it
has no reason to believe that it was the right machine that answered,
614 615
and not a machine controlled by the enemy (@pxref{Threats}). The default
behaviour is to never ever accept a server that is not properly
616
authenticated. A machine is considered authentic if it follows the
617 618
protocol and has an acl-entry for its public hostkey listed in
@file{~/.lsh/host-acls}.
619 620 621

To make lsh less paranoid, use

622 623 624
@example
lsh --sloppy-host-authentication sara.lysator.liu.se
@end example
625

626
@noindent
627
Then @command{lsh} will display a @dfn{fingerprint} of the host key of
628 629 630 631
the remote machine, and ask you if it is correct. If you confirm,
@command{lsh} asks you if the host key should be remembered for the
future. If you confirm again, a corresponding acl-entry is appended to
@file{~/.lsh/host-acls}.
632

633 634
@c You can create fingerprints for the hostkeys you need regularly, and
@c keep with you (@pxref{sexp}).
635

636 637 638
@example
lsh -l omar sara.lysator.liu.se
@end example
639 640 641 642
or
@example
lsh omar@@sara.lysator.liu.se
@end example
643

644
@noindent
645 646
Connects, like above, but tries to log in as the user ``omar''.

647 648 649
@example
lsh sara.lysator.liu.se tar cf - some/dir | (cd /target/dir && tar -xf -)
@end example
650 651 652 653

Copies a directory from the remote machine, by executing one remote and
one local @command{tar} process and piping them together.

654
@example
655
CVS_RSH=lsh cvs -d cvs.lysator.liu.se:/cvsroot/lsh co lsh
656
@end example
657

658 659 660
@noindent
Checks out the @command{lsh} source code from the @acronym{CVS}
repository.
661

662 663 664 665 666
@example
lsh -G -B sara.lysator.liu.se
@end example

Opens an ssh connection, creates a ``gateway socket'', and forks into
667
the background. After this gateway is setup, the command
668 669

@example
670
lsh sara.lysator.liu.se
671 672 673 674
@end example

creates a new session using an existing gateway socket, without the
overhead for a new key exchange and without asking for any passwords.
675 676
Access to the gateway, an @code{AF_UNIX}-socket located under
@file{/tmp}, is restricted using the usual file permissions.
677 678 679 680 681 682 683 684 685 686 687

@node  tcpip forwarding, lshd basics, lsh basics, Getting started
@comment  node-name,  next,  previous,  up
@section Port forwarding

One useful feature of @command{lsh} and other ssh-like programs is the
ability to forward arbitrary connections inside the encrypted
connection. There are two flavors: ``local'' and ``remote'' forwarding.

An example of local forwarding is

688 689 690
@example
lsh -L 4000:kom.lysator.liu.se:4894 sara.lysator.liu.se
@end example
691

692
@noindent
693 694 695 696 697
This makes @command{lsh} listen on port 4000 on the @emph{local}
machine. When someone connects, @command{lsh} asks the server to open a
connection from the @emph{remote} machine (i.e. @samp{sara}) to port
4894 on another machine (i.e. @samp{kom}). The two connections are piped
together using an encrypted channel.
698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723

There are a few things that should be noted here:

@itemize @bullet
@item
By default, @command{lsh} only listens on the loopback interface, so only
clients on the same machine can use the tunnel. To listen on all
interfaces, use the @option{-g} flag.

@item
A connection through the tunnel consists of three parts:

@enumerate
@item
From a client socket to the local port (4000 in this example) that
@command{lsh} listens on.

@item
The tunnel itself, from the local machine to the tunnel endpoint,
which is @samp{sara} in this example.

@item
The connection from the tunnel endpoint to the ultimate target, in this
example from @samp{sara} to @samp{kom}.

@end enumerate
724

725 726 727
Only the middle part is protected by @command{lsh}: all data flowing
through the tunnel is sent across the first and last part @emph{in the
clear}. So forwarding doesn't offer much protection unless the tunnel
728
endpoint and the ultimate target machine are close to each other. They
729 730
should usually be either the same machine, or two machines connected by
a local network that is trusted.
731 732 733 734

@item
Port forwarding is very useful for traversing firewalls. Of course, you
don't need to use lsh-style forwarding just to get out, there are other
735 736
tools like HTTPTunnel for that. But @command{lsh} helps you get out
through the firewall in a secure way.
737 738

@item
739 740
Port forwarding is done in addition to anything else @command{lsh} is
doing. In the example above, a tunnel is set up, but @command{lsh} will
741 742 743
also start an interactive shell for you. Just as if the @option{-L}
option was not present. If this is not what you want, the @option{-N} or
@option{-B} option is for you (@pxref{Invoking lsh})
744 745 746 747 748
@end itemize

Remote forwarding is similar, but asks the @emph{remote} machine to
listen on a port. An example of remote forwarding is

749 750 751
@example
lsh -g -R 8080:localhost:80 sara.lysator.liu.se
@end example
752

753
@noindent
754
This asks the remote machine to listen on port 8080 (note that you are
755 756 757 758 759 760 761 762 763 764 765 766 767 768 769
probably not authorized to listen on port 80). Whenever someone
connects, the connection is tunnelled to your local machine, and
directed to port 80 on the same machine. Note the use of @option{-g};
the effect is to allow anybody in the world to use the tunnel to connect
to your local webserver.

The same considerations that apply to forwarded local ports apply also to
forwarded remote ports.

At last, you can use any number of @option{-L} and @option{-R} options
on the same command line.


@node lshd basics, public-key, tcpip forwarding, Getting started
@comment  node-name,  next,  previous,  up
770
@section @command{lshd} basics
771

772 773
The secure shell server functionality is split between three different
programs:
774
@table @command
775 776 777 778 779
@item lshd
The main server program. Listens for incoming connections, host
authentication, key exchange and encryption and decryption of data.
Basically, this program implements the secure shell transport layer
protocol (@acronym{rfc} 4253). It usually runs with root privileges, and
780
it forks a service process, usually the @command{lshd-userauth} program, to
781 782 783 784 785 786 787
handle the higher layers of the secure shell protocol.
@item lshd-userauth
This program is responsible for user authentication, including password
authnetication and public key authentication. The corresponding protocol
specification is (@acronym{rfc} 4252). This programs is usually started
with root privileges. If user authentication is successful, it changes
the process persona and execs another service process, usually
788
@command{lshd-connection}. It also spawns a helper process,
789 790 791 792 793 794 795 796 797 798
lshd-pty-helper, usually running with group @code{utmp} privileges.
@item lshd-connection
This is the program responsible for most of the features users associate
with ssh, including login sessions, remote command execution,
port forwarding, and the machinery for multiplexing multiple channels
over a single ssh connection. It runs as the logged in user.
@end table

These programs communicate with each other using unencrypted ssh
packets. Each has its own configuration file and command line options.
799 800
By default, configuration files are stored in the
@file{/usr/local/etc/lshd} directory,
801 802 803 804 805 806 807 808
this can be changed using the @option{--sysconfdir} option to configure
or the @code{LSHD_CONFIG_DIR} environment variable at run time.

By default, all features are disabled, and must be explicitly enabled to
get any useful service, either on the command line or using the
appropriate configuration file. An example configuration is compiled in.
It can be enabled using the @option{--use-example-config}, and displayed
using @option{--print-example-config}.
809

810 811
To try out @command{lshd}, you must first create a hostkey, by default stored in
@file{/usr/local/etc/lshd/host-key}. To do this, run
812

813
@example
814
lsh-keygen --server
815
@end example
816

817
@noindent
818
This will also create a file @file{/usr/local/etc/lshd/host-key.pub},
819
containing the corresponding public key. 
820

821 822
A typical command line for starting lshd in daemon mode, using the
example configuration, is simply
823

824
@example
825
lshd --daemonic --use-example-config
826
@end example
827

828 829 830
You can find init script for @command{lshd} tailored for Debian's and
RedHat's GNU/Linux systems in the @file{contrib} directory. 

831

832
@node public-key, sexp, lshd basics, Getting started
833 834 835 836 837 838 839 840 841 842
@comment  node-name,  next,  previous,  up
@section Using public-key user authentication

Public-key user authentication is a way to authenticate for login,
without having to type any passwords. There are two steps: Creating a
key pair, and authorizing the public key to the systems where you want
to log in.

To create a keypair, run

843
@example
844
lsh-keygen
845
@end example
846

847
@noindent
848 849 850 851 852 853
This can take some time, but in the end it creates two files
@file{~/.lsh/identity} and @file{~/.lsh/identity.pub}.

If you want to use the key to login to some other machine, say
@samp{sara}, you can do that by first copying the key,

854
@example
855
lsh sara.lysator.liu.se '>my-key.pub' < ~/.lsh/identity.pub
856
@end example
857

858
@noindent
859 860
then authorizing it by executing, on @samp{sara},

861 862 863
@example
lsh-authorize my-key.pub
@end example
864

865
By default, @command{lsh-keygen} encrypts the private key using a
866 867 868
passphrase. This gives you some protection if a backup tape gets into
the wrong hands, or you use NFS to access the key file in your home
directory. If you want an unencrypted key, pass the flag @option{-c
869
none} to @command{lsh-keygen}.
870

871
For security reasons, you should keep the private key
872 873 874 875
@file{~/.lsh/identity} secret. This is of course particularly important
if the key is unencrypted; in that case, anybody who can read the file
will be able to login in your name to any machine where the
corresponding public key is registered as an authorized key.
876

877
Naturally, you should also make sure not to authorize any keys but your
878 879 880 881
own. For instance, it is inappropriate to use an insecure mechanism such
as unauthenticated email, @code{ftp} or @code{http} to transfer your
public key to the machines where you want to authorize it.

882 883 884
If you have accounts on several systems, you usually create one keypair
on each of the systems, and on each system you authorize some or all of
your other public keys for login.
885

886
@node sexp, Converting keys, public-key, Getting started
887
@comment  node-name,  next,  previous,  up
888
@section Examining keys and other sexp files
889 890

Keys and most other objects @command{lsh} needs to store on disk are
891
represented as so called S-expressions or @dfn{sexps} for short.
892
S-expressions have their roots in the Lisp world, and a variant of them
893
in used in the Simple Public Key Infrastructure (@acronym{SPKI}).
894 895 896
Currently, @command{lsh}'s support for @acronym{SPKI} is quite limited,
but it uses @acronym{SPKI}'s formats for keys and Access Control Lists
(@acronym{ACL}:s).
897 898 899 900 901 902 903 904 905 906 907 908 909 910 911

There are several flavours of the sexp syntax:

@itemize @bullet
@item
The canonical syntax is somewhere between a text and a binary format,
and is extremely easy for programs to read and write.

@item
The transport syntax, which is suitable when embedding sexps in text
files. It is essentially the canonical representation, encoded using
base64.

@item
The advanced syntax, which is intended for humans to read and write, and
912
bears some resemblance to Lisp expressions.
913 914
@end itemize

915
To see what your @file{~/.lsh/identity.pub} file really contains, try
916

917
@example
918
sexp-conv < ~/.lsh/identity.pub
919
@end example
920 921 922 923 924

The @command{sexp-conv} program can also be used to computes
fingerprints. The fingerprint of a key (or any sexp, for that matter) is
simply the hash of its canonical representation. For example,

925
@example
926
sexp-conv --hash </etc/lshd/host-key.pub
927 928
@end example

929
This flavour of fingerprints is different from the ssh
930
fingerprint convention, which is based on a hash of the key expressed in
931 932
ssh wire format. To produce ssh standard fingerprints, use
@samp{lsh-export-key --fingerprint}.
933 934 935 936 937

@node  Converting keys,  , sexp, Getting started
@comment  node-name,  next,  previous,  up
@section Converting keys from @command{ssh2} and OpenSSH

938 939
If you are already using @command{ssh2} or OpenSSH, and have created one
or more personal keypairs, you need to convert the public keys to
940 941 942 943 944 945 946 947
@command{lsh}'s format before you can authorize them. Use the supplied
@command{ssh-conv} script,

@example
ssh-conv <openssh-key.pub >new-key.pub
@end example

You can then use the usual @command{lsh-authorize} on the converted
948
keys. @command{ssh-conv} supports both @acronym{DSA} and @command{RSA} keys.
949

950 951
Conversion of keys the other way is also possible, by using the
@command{lsh-export-key} program. It reads a public key in
952
the  @acronym{SPKI} format used by @command{lsh} on stdin, and writes the key in
953 954
@command{ssh2}/OpenSSH format on stdout.

955 956 957 958 959 960 961 962 963 964 965 966 967 968 969
If you want to use your @command{lsh} key to log in to another system
running and OpenSSH server, you can do like this:
 
@example
lsh-export-key --openssh < .lsh/identity.pub >sshkey

@end example

And on the other machine, after having somehow copied the sshkey
file, just add it to the end of your @file{authorized_keys} file:

@example
cat sshkey >> ~/.ssh/authorized_keys
@end example

970 971 972 973 974

@command{lsh-export-key} can also be used to check the fingerprint of
keys (just like @command{ssh-keygen}).

@example
975
lsh-export-key --fingerprint < /etc/lshd/host-key.pub
976 977 978 979 980
@end example

show the @acronym{MD5} and Bubble babble 
fingerprint of the server public key.

981 982 983 984 985
There are currently very limited tools for conversion of private keys.
The slightly misnamed @command{pkcs1-conv} program can be used to
convert unencrypted RSA private keys in @acronym{pkcs}#1 format, and
unencrypted DSA keys in OpenSSL's format, to the sexp format used by
@command{lsh}.
986

987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040
@node Server configuration, Invoking lsh, Getting started, Top
@comment  node-name,  next,  previous,  up
@chapter Server configuration

@command{lshd} is a server that accepts connections from clients
speaking the Secure Shell protocol. It is usually started automatically
when the systems boots, and runs with root privileges. However, it is
also possible to start @command{lshd} manually, and with user
privileges.

The server functionality is split between three programs,
@command{lshd}, @command{lshd-userauth}, and @command{lshd-connection},
handling the different layers of the Secure Shell protocol 
(@pxref{lshd basics}).

Each program has its own configuration file. By default,
the configuration files @file{lshd.conf}, @file{lshd-userauth.conf} and
@file{lshd-connection.conf}, and key file @file{host-key}, are stored in the
@file{/usr/local/etc/lshd} directory, this can be changed using the
@option{--sysconfdir} option to configure or the @code{LSHD_CONFIG_DIR}
environment variable at run time.

Several of the configuration file options are common to all programs.

@menu
* Configuration syntax::        
* Common options::              
* lshd configuration::          
* lshd-userauth configuration::  
* lshd-connection configuration::  
@end menu

@node Configuration syntax, Common options, Server configuration, Server configuration
@section Configuration file syntax

The configuration file syntax is fairly conventional. Comments are
introduced with a @code{#} character, and extend to the end of line. 
Most settings use the syntax @code{@var{keyword} = @var{value}}, for example
@example
  enable-core-file = yes
@end example
Each setting must start on a new line; besides this, white space is not
significant. Each keyword expect a value of a certain type, one of
@table @asis
@item Number
A non-negative decimal number, e.g., @samp{17}.
@item String
A string, typically a file name or algorithm name. Currently, there is
no quoting mechanism, so the value cannot include any white space, and it
should avoid special characters that may be used for quoting in future
versions. E.g., @samp{/etc/lshd/other-key}.
@item Boolean
The value should be one of @samp{yes} and @samp{no}.
@end table
1041

1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101
For specifying services and sybsystems, the values includes a command
line, using the syntax:
@example
@var{keyword} @var{name} @{ @var{command} @var{args @dots{}} @} 
@end example

The @var{name}, the @var{command} and the
arguments are strings. There is currently no quoting mechanism here
either. Braces are allowed in the argument list, provided that they are
properly nested. Commands which are not absolute file names are
interpreted relative to the directory @file{/usr/local/libexec/lshd};
this can be changed using the @option{--libexecdir} option to configure
or the @code{LSHD_LIBEXEC_DIR} environment variable at run time. A
simple example:
@example
subsystem sftp = @{ sftp-server @}
@end example
A more complicated example, using nested braces,
@example
service ssh-connection = @{ 
  lshd-connection --helper-fd $(helper_fd)
  --subsystem sftp @{ sftp-server -d @}
@}
@end example
(this example is a bit silly, since it would be more natural to do the
configuration of lshd-connection in its config file, rather than as
command line options in the configuration file of the program starting
it).

@node Common options, lshd configuration, Configuration syntax, Server configuration
@section Common configuration options

All three programs, @command{lshd}, @command{lshd-userauth}, and
@command{lshd-connection}, take the following configuration options
controlling the amount of logging:

@table @code
@item log-file
Takes a filename as argument (a string). Log messages are appended to
this file.
@example
log-file = /var/log/lshd.log
@end example
@item use-syslog
This boolean option enables logging via the syslog facility. Currently,
all messages are logged at the same syslog level, NOTICE.
@item quiet
Boolean option to disable warning messages.
@item verbose
Boolean option to enable verbose messages.
@item trace
Boolean option to enable messages tracing the internal flow of control.
@item debug
Boolean option to enable logging of large amounts of debug information,
including the contents of all sent and received packets. Use with care.
@end table

@node lshd configuration, lshd-userauth configuration, Common options, Server configuration
@section @command{lshd} configuration

1102 1103 1104 1105 1106 1107 1108 1109
The main server program, @command{lshd}, takes the following
configuration options:

@table @code
@item interface
Network interface to listen on. If no interface is specified, the
default behavior is to listen on all network interfaces. The value is a
string giving the name or ip-address of the interface, optionally
1110 1111
followed by a colon and the port to listen on. Literal IPv6 addresses
must be enclosed in square brackets. This option can be used multiple times.
1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140

@example
interface localhost
interface example-interface:443
@end example

@item port
Port to listen on. Applies to all interfaces which are not followed by
an explicit port. The value is a string giving a service name or a
numerical port number. The default, if no port is specified, is the
standard port for the ``ssh'' service, 22.

@example
port ssh
port 80
port 443
@end example

@item hostkey
A string giving the name of the server's private key file. Default is
@file{/usr/local/etc/lshd/host-key}.

@item enable-core-file
Boolean option. By default, @command{lshd} disables core files by
setting the corresponding resource limit to zero. If this option is
enabled, the resource limit is not touched, inheriting the setting of
the parent process.
@item service
This option takes as argument the name of the service to offer, followed
Niels Möller's avatar
Niels Möller committed
1141
by a command line in braces (@pxref{Configuration syntax}). The default,
1142 1143 1144
if no service is specified, is

@example
1145
service ssh-userauth = @{ lshd-connection --session-id $(session_id) @var{other options@dots{}} @}
1146 1147 1148 1149 1150 1151 1152 1153
@end example

where verbosity options (@option{-v}, @option{-q}, @option{--debug}, and
@option{--trace}) affecting @command{lshd} are propagated by appending
them to the command line where needed.

@end table

1154 1155 1156 1157
Currently missing are to options control the list of supported
algorithms, only command line options are available for that (see
@pxref{Algorithm options}). @c FIXME

1158
@node lshd-userauth configuration, lshd-connection configuration, lshd configuration, Server configuration
1159

1160 1161
@section @command{lshd-userauth} configuration

1162 1163 1164 1165 1166 1167 1168 1169
The @command{lshd-userauth} program takes the following configuration options:

@table @code
@item allow-password
Boolean option to allow password authentication of users. Default is no.
@item allow-public-key
Boolean option to allow public key authentication of users. Default is no.
@item allow-root-login
Niels Möller's avatar
Niels Möller committed
1170
Boolean option, to allow authentication as the root user. Default is no.
1171 1172
@item service
This option takes as argument the name of the service to offer, followed
Niels Möller's avatar
Niels Möller committed
1173
by a command line in braces (@pxref{Configuration syntax}). The default,
1174 1175 1176
if no service is specified, is

@example
1177
service ssh-connection = @{ lshd-connection --helper-fd $(helper_fd) @var{other options@dots{}} @}
1178 1179 1180 1181 1182 1183 1184 1185
@end example

where verbosity options (@option{-v}, @option{-q}, @option{--debug}, and
@option{--trace}) affecting @command{lshd} are propagated by appending
them to the command line where needed.

@end table

1186 1187 1188
@node lshd-connection configuration,  , lshd-userauth configuration, Server configuration
@section @command{lshd-connection} configuration

1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217
The @command{lshd-userauth} program takes the following configuration options:

@table @code
@item allow-tcpforward
Configures support for TCP/IP forwarding. The value is one of the
following strings: ``local'', ``remote'', ``yes'', or ``no''. ``local''
means that the client can request connections to other hosts (typically
the result of the client's @option{-L} command line option), while
``remote'' means that the client can ask the server to listen for
incoming connections (typically the result of the client's @option{-R}
command line option). The values ``yes'' and ``no'' allows or disallows
both types. The default is no.
@item allow-session
Boolean option. Allows the client open a ``session'' channel (used for
running processes on the server). Default is no. Note that enabling this
option is a prerequisite for enabling any of the the following options.
@item allow-shell
Boolean option. Allows the client to start an interactive shell. Default
is no.
@item allow-exec
Boolean option. Allows the client to execute commands. Default is no.
@item allow-pty
Boolean option. Allows the client to request a pseudo tty for a session.
Default is no.
@item allow-x11
Boolean option. Allows the client to request X11 forwarding for a
session. Default is no.
@item subsystem
This option takes as argument the name of a subsystem to offer, followed
Niels Möller's avatar
Niels Möller committed
1218
by a command line in braces (@pxref{Configuration syntax}). By default, no
1219 1220 1221 1222 1223 1224 1225 1226
subsystems are enabled and any subsystem request from the client is
denied. To enable the @code{sftp} subsystem, use

@example
subsystem sftp = @{ sftp-server @}
@end example
@end table

1227
@node Invoking lsh, Invoking lshd, Server configuration, Top
1228
@comment  node-name,  next,  previous,  up
1229
@chapter Invoking @command{lsh}
1230
@anchor{lsh-usage}
1231

1232
You use @command{lsh} to login to a remote machine. Basic usage is
1233 1234 1235 1236

@samp{lsh [-p @var{port number}] sara.lysator.liu.se}

which attempts to connect, login, and start an interactive shell on the
1237
remote machine. Default @var{port number} is whatever your system's
1238
@file{/etc/services} lists for @command{ssh}. Usually, that is port 22.
1239

1240
There is a plethora of options to @command{lsh}, to let you configure where
1241
and how to connect, how to authenticate, and what you want to do once
1242 1243 1244
properly logged in to the remote host. Many options have both long and
short forms. This manual does not list all variants; for a full listing
of supported options, use @samp{lsh --help}.
1245

1246 1247 1248
Note that for many of the options to @command{lsh}, the ordering of the
options on the command line is important.

1249
@c FIXME: Say something about the escape char mechanism here
1250
@menu
1251 1252 1253 1254
* Algorithms: Algorithm options.  Selecting algorithms.
* Hostauth options::            
* Userauth options::            
* Actions: Action options.      What to do after login.
1255
* Gateway options::             
1256
* Messages: Verbosity options.  Tuning the amount of messages.
1257 1258 1259 1260 1261 1262
@end menu

@node Algorithm options, Hostauth options, Invoking lsh, Invoking lsh
@comment  node-name,  next,  previous,  up
@section Algorithm options

1263 1264 1265 1266 1267 1268
Before a packet is sent, each packet can be compressed, authenticated,
and encrypted, in that order. When the packet is received, it is first
decrypted, next it is checked that it is authenticated properly, and
finally it is decompressed. The algorithms used for this are negotiated
with the peer at the other end of the connection, as a part of the
initial handshake and key exchange.
1269 1270 1271

Each party provides a list of supported algorithms, and the first
algorithm listed by the client, which is also found on the server's
1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282
list, is selected. Note that this implies that order in which algorithms
are listed on the server's list doesn't matter: if several algorithms
are present on both the server's and the client's lists, it's the
client's order that determines which algorithm is selected.

Algorithms of different types, e.g. data compression and message
authentication, are negotiated independently. Furthermore, algorithms
used for transmission from the client to the server are independent of
the algorithms used for transmission from the server to the client.
There are therefore no less than six different lists that could be
configured at each end.
1283 1284 1285 1286 1287

The command line options for lsh and lshd don't let you specify
arbitrary lists. For instance, you can't specify different preferences
for sending and receiving.

1288
There is a set of default algorithm preferences. When you use a command
1289 1290 1291 1292 1293 1294
line option to say that you want to use @var{algorithm} for one of the
algorithms, the default list is replaced with a list containing the
single element @var{algorithm}. For example, if you use @option{-c
arcfour} to say that you want to use @code{arcfour} as the encryption
algorithm, the connection will either end up using @code{arcfour}, or
algorithm negotiation will fail because the peer doesn't support
1295
@code{arcfour}.
1296

1297
@multitable @columnfractions 0.1 0.2 0.2 0.5
1298 1299 1300 1301
@item Option
  @tab Algorithm type @tab Default @tab
@item @option{-z} @tab Data compression
  @tab @code{none}, @code{zlib}
1302

1303 1304
  @tab The default preference list supports zlib compression, but
prefers not to use it. 
1305

1306
@item @option{-c} @tab Encryption
1307
  @tab @code{aes128-ctr}, @code{3dec-cbc}, @code{blowfish-cbc}, @code{arcfour}
1308

1309
  @tab The default encryption algorithm is aes128. The default list
1310 1311 1312
includes only quite old and well studied algorithms. There is a special
algorithm name @code{all} to enable all supported encryption algorithms
(except @code{none}).
1313

1314 1315
@item @option{-m} @tab Message Authentication
  @tab @code{hmac-sha1}, @code{hmac-md5}
1316

1317
  @tab Both supported message authentication algorithms are of the
1318
@acronym{HMAC} family.
1319 1320
@end multitable

1321 1322
As a special case, @option{-z} with no argument changes the compression
algorithm list to @code{zlib}, @code{none}, which means that you want to
1323 1324 1325
use @code{zlib} if the other end supports it. This is different from
@option{-zzlib} which causes the negotiation to fail if the other end
doesn't support @code{zlib}. A somewhat unobvious consequence of
1326
@option{-z} having an @emph{optional} argument is that if you provide an
1327 1328
argument, it must follow directly after the option letter, no spaces
allowed. 
1329 1330


1331 1332 1333 1334
@node Hostauth options, Userauth options, Algorithm options, Invoking lsh
@comment  node-name,  next,  previous,  up
@section Host authentication options

1335
As described earlier (@pxref{Threats}), proper authentication of the
1336
remote host is crucial to protect the connection against
1337
man-in-the-middle attacks. By default, @command{lsh} verifies the server's
1338
claimed host key against the @dfn{Access Control Lists} in
1339
@file{~/.lsh/host-acls}. If the remote host cannot be authenticated,
1340 1341 1342 1343 1344 1345
the connection is dropped.

The options that change this behaviour are

@table @option
@item --host-db
1346 1347
Specifies the location of the @acronym{ACL} file (by default
@file{~/.lsh/host-acls}).
1348 1349

@item --sloppy-host-authentication
1350
Tell @command{lsh} not to drop the connection if the server's key can not
1351
be authenticated. Instead, it displays the fingerprint of the key, and
1352 1353 1354
asks if it is trusted, and if it should be remembered for the future. If
you confirm both questions, the key is added to the file
@file{~/.lsh/host-acls}. If run in quiet mode, @samp{lsh -q
1355
--sloppy-host-authentication}, @command{lsh} connects to any host, no
1356
questions asked (and without remembering the key for the future).
1357

1358
@item --strict-host-authentication
1359 1360
Disable sloppy operation (this is the default behaviour).

1361 1362 1363
@item --host-db-update
Used together with @option{--sloppy-host-authentication}, to specify the
file which @acronym{ACL}s for new hosts are appended to.
1364 1365 1366

@end table

1367 1368 1369 1370
@node Userauth options, Action options, Hostauth options, Invoking lsh
@comment  node-name,  next,  previous,  up
@section User authentication options

1371 1372 1373 1374
@table @option

@item -l
Provide a name to use when logging in. By default, the value of the
1375
@env{LOGNAME} environment variable is used.
1376 1377

@item -i
1378
Try the keys from this file to log in. By default, @command{lsh} uses
1379 1380 1381 1382 1383 1384 1385 1386 1387
@file{~/.lsh/identity}, if it exists. It ought to be possible to use
several @option{-i} options to use more than one file, but that is
currently not implemented.

@item --no-publickey
Don't attempt to log in using public key authentication.

@end table

1388
@node Action options, Gateway options, Userauth options, Invoking lsh
1389 1390 1391
@comment  node-name,  next,  previous,  up
@section Action options

1392
There are many things @command{lsh} can do once you are logged in. There
1393 1394 1395 1396 1397
are two types of options that control this: @dfn{actions} and
@dfn{action modifiers}. For short options, actions use uppercase letters
and modifiers use lowercase.

For each modifier @option{--foo} there's also a negated form
1398
@option{--no-foo}. Options can also be negated by preceding it with the
1399
special option @option{-n}. This is mainly useful for negating short
1400
options. For instance, use @option{-nt} to tell @command{lsh} not to
1401 1402 1403 1404 1405 1406 1407 1408 1409
request a remote pseudo terminal. Each modifier and its negation can be
used several times on the command line. For each action, the latest
previous modifier of each pair apply.

First, the actions:

@table @option

@item -L
1410
Requests forwarding of a local port. This option takes a mandatory
1411 1412
argument of the form
@var{listen-port}:@var{target-host}:@var{target-port}. This option tells
1413 1414
@command{lsh} to listen on @var{listen-port} on the local machine. When
someone conects to that port, @command{lsh} asks the remote server to open
1415 1416
a connection to @var{target-port} on @var{target-host}, and if it
succeeds, the two connections are joined together through an the
1417
@command{lsh} connection. Both port numbers should be given in decimal.
1418 1419 1420

@item -R
Requests forwarding of a remote port. It takes one mandatory argument,
1421
just like @option{-L}. But in this case @command{lsh} asks the
1422 1423
@emph{remote} server to listen on @var{listen-port}. When someone
connects to the remote hosts, the server will inform the local
1424
@command{lsh}. The local @command{lsh} then connects to @var{target-port} on
1425 1426
@var{target-host}.

1427 1428 1429 1430
@item -D
Requests SOCKS-style forwarding. It takes one optional argument, the
port number to use for the SOCKS proxy (default is 1080). Other
applications can then use socks version 4 or version 5, to open
1431 1432 1433
outgoing connections which are forwarded via the SSH connection. Note
that for short options the port number must be in the same argument if given
(i.e. @samp{-D1080} is correct, @samp{-D 1080} is not).
1434
 
1435
@item -E
1436 1437
This option takes one mandatory argument, which is a command line to be
executed on the remote machine.
1438 1439

@item -S
1440
Start an interactive shell on the remote machine. 
1441 1442

@item -G
1443 1444 1445
Open a gateway on the local machine (@pxref{Gateway options}). A gateway
is a local socket, located under /tmp, that can be used for controlling
and using the ssh connection.
1446 1447 1448 1449

@item -N
This is a no-operation action. It inhibits the default action, which is
to start an interactive shell on the remote machine. It is useful if you
1450
want to set up a few forwarded tunnels or a gateway, and nothing more.
1451

1452
@item -B
1453 1454
Put the client into the background after key exchange and
user authentication. Implies @option{-N}
1455 1456 1457 1458 1459

@item --subsystem
Specifies a subsystem to connect to, implies @option{--no-pty}. Example usage:
@samp{--subsystem=sftp}

1460 1461 1462 1463
@end table

If there are trailing arguments after the name of the remote system,
this is equivalent to a @option{-E} option, with a command string
1464 1465 1466 1467
constructed by catenating all the remaining arguments, separated by
spaces. This implies that the arguments are usually expanded first by
the local shell, and then the resulting command string is interpreted
again by the remote system.
1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478

If there are no trailing arguments after the name of the remote system,
and the @option{-N} option is not given, the default action is to start
a shell on the remote machine. I.e. this is equivalent to the
@option{-S} option.

There are a few supported modifiers:

@table @option

@item -t
1479
Request a pseudo terminal. @command{lsh} asks the remote system to allocate
1480 1481
a pseudo terminal. If it succeeds, the local terminal is set to raw
mode. The default behaviour is to request a pty if and only if the
1482
local @command{lsh} process has a controlling terminal. This modifier
1483 1484 1485 1486 1487
applies to actions that create remote processes, i.e. @option{-E} and
@option{-S}, as well as the default actions.

Currently, this option is ignored if there is no local terminal.

1488
@item -x
1489 1490
Request @acronym{X} forwarding. Applies to the @option{-E} and
@option{-S} and the default actions.