CONCH(1) | General Commands Manual | CONCH(1) |
conch
— Conch SSH
client
conch |
[-AaCfINnrsTtVvx ] [-c
cipher_spec] [-e
escape_char] [-i
identity_file] [-K
connection_spec] [-L
port:host:hostport]
[-l user]
[-m mac_spec]
[-o openssh_option]
[-p port]
[-R
port:host:hostport]
[user@] hostname
[command] |
conch
is a SSHv2 client for logging into a
remote machine and executing commands. It provides encrypted and secure
communications across a possibly insecure network. Arbitrary TCP/IP ports
can also be forwarded over the secure connection.
conch
connects and logs into
hostname (as user or the current
username). The user must prove her/his identity through a public-key or a
password. Alternatively, if a connection is already open to a server, a new
shell can be opened over the connection without having to
reauthenticate.
If command is specified,
command is executed instead of a shell. If the
-s
option is given, command is
treated as an SSHv2 subsystem name.
Conch supports the public-key, keyboard-interactive, and password authentications.
The public-key method allows the RSA or DSA algorithm to be used. The client uses his/her private key, $HOME/.ssh/id_rsa or $HOME/.ssh/id_dsa to sign the session identifier, known only by the client and server. The server checks that the matching public key is valid for the user, and that the signature is correct.
If public-key authentication fails, conch
can authenticate by sending an encrypted password over the connection.
conch
has the ability to multiplex
multiple shells, commands and TCP/IP ports over the same secure connection.
To disable multiplexing for a connection, use the -I
flag.
The -K
option determines how the client
connects to the remote host. It is a comma-separated list of the methods to
use, in order of preference. The two connection methods are
‘unix
’ (for connecting over a
multiplexed connection) and ‘direct
’
(to connect directly). To disable connecting over a multiplexed connection,
do not include ‘unix
’ in the
preference list.
As an example of how connection sharing works, to speed up CVS over SSH:
conch
--noshell --fork -l cvs_user
cvs_host
set CVS_RSH=conch
Now, when CVS connects to cvs_host as cvs_user, instead of making
a new connection to the server, conch
will add a new
channel to the existing connection. This saves the cost of repeatedly
negotiating the cryptography and authentication.
The options are as follows:
-A
-a
-C
-c
cipher_specconch
supports is (in order of default
preference): aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr,
aes128-cbc, cast128-ctr, cast128-cbc, blowfish-ctr, blowfish, idea-ctr,
idea-cbc, 3des-ctr, 3des-cbc.-e
ch | ^ch |
none~
’). The escape character is only
recognized at the beginning of a line (after a newline). The escape
character followed by a dot (‘.
’)
closes the connection; followed by ^Z suspends the connection; and
followed by the escape character sends the escape character once. Setting
the character to “none” disables any escapes.-f
-I
-i
identity_spec-K
connection_specConnection
sharing
for more information.-L
port:host:hostport-l
user-m
mac_specconch
supports is (in order of preference): hmac-sha2-512, hmac-sha2-384,
hmac-sha2-256, hmac-sha1, hmac-md5.-N
-n
-o
openssh_option-p
port-R
port:host:hostport-s
-s
-T
-t
-V
-v
-x
Written by Paul Swartz <z3p@twistedmatrix.com>.
To report a bug, visit http://twistedmatrix.com/trac/
Copyright © 2002-2008 Twisted Matrix Laboratories.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.
May 22, 2004 | Debian |