JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris 11.1 Administration: Security Services     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

Part I Security Overview

1.  Security Services (Overview)

Part II System, File, and Device Security

2.  Managing Machine Security (Overview)

3.  Controlling Access to Systems (Tasks)

4.  Virus Scanning Service (Tasks)

5.  Controlling Access to Devices (Tasks)

6.  Verifying File Integrity by Using BART (Tasks)

7.  Controlling Access to Files (Tasks)

Part III Roles, Rights Profiles, and Privileges

8.  Using Roles and Privileges (Overview)

9.  Using Role-Based Access Control (Tasks)

10.  Security Attributes in Oracle Solaris (Reference)

Part IV Cryptographic Services

11.  Cryptographic Framework (Overview)

12.  Cryptographic Framework (Tasks)

13.  Key Management Framework

Part V Authentication Services and Secure Communication

14.  Using Pluggable Authentication Modules

15.  Using Secure Shell

16.  Secure Shell (Reference)

A Typical Secure Shell Session

Session Characteristics in Secure Shell

Authentication and Key Exchange in Secure Shell

Acquiring GSS Credentials in Secure Shell

Command Execution and Data Forwarding in Secure Shell

Client and Server Configuration in Secure Shell

Client Configuration in Secure Shell

Server Configuration in Secure Shell

Keywords in Secure Shell

Host-Specific Parameters in Secure Shell

Secure Shell and Login Environment Variables

Maintaining Known Hosts in Secure Shell

Secure Shell Files

Secure Shell Commands

17.  Using Simple Authentication and Security Layer

18.  Network Services Authentication (Tasks)

Part VI Kerberos Service

19.  Introduction to the Kerberos Service

20.  Planning for the Kerberos Service

21.  Configuring the Kerberos Service (Tasks)

22.  Kerberos Error Messages and Troubleshooting

23.  Administering Kerberos Principals and Policies (Tasks)

24.  Using Kerberos Applications (Tasks)

25.  The Kerberos Service (Reference)

Part VII Auditing in Oracle Solaris

26.  Auditing (Overview)

27.  Planning for Auditing

28.  Managing Auditing (Tasks)

29.  Auditing (Reference)

Glossary

Index

Secure Shell Commands

The following table summarizes the major Secure Shell commands.

Table 16-7 Commands in Secure Shell

Man Page for Command
Description
Logs a user in to a remote machine and securely executes commands on a remote machine. The ssh command enables secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel.
Is the daemon for Secure Shell. The daemon listens for connections from clients and enables secure encrypted communications between two untrusted hosts over an insecure network.
Adds RSA or DSA identities to the authentication agent, ssh-agent. Identities are also called keys.
Holds private keys that are used for public key authentication. The ssh-agent program is started at the beginning of an X-session or a login session. All other windows and other programs are started as clients of the ssh-agent program. Through the use of environment variables, the agent can be located and used for authentication when users use the ssh command to log in to other systems.
Generates and manages authentication keys for Secure Shell.
Gathers the public keys of a number of Secure Shell hosts. Aids in building and verifying ssh_known_hosts files.
Is used by the ssh command to access the host keys on the local host. Generates the digital signature that is required during host-based authentication with Secure Shell v2. The command is invoked by the ssh command, not by the user.
Securely copies files between hosts on a network over an encrypted ssh transport. Unlike the rcp command, the scp command prompts for passwords or passphrases, if password information is needed for authentication.
Is an interactive file transfer program that is similar to the ftp command. Unlike the ftp command, the sftp command performs all operations over an encrypted ssh transport. The command connects, logs in to the specified host name, and then enters interactive command mode.

The following table lists the command options that override Secure Shell keywords. The keywords are specified in the ssh_config and sshd_config files.

Table 16-8 Command-Line Equivalents for Secure Shell Keywords

Keyword
ssh Command-Line Override
scp Command-Line Override
BatchMode
scp -B
BindAddress
ssh -b bind-addr
scp -a bind-addr
Cipher
ssh -c cipher
scp -c cipher
Ciphers
ssh -c cipher-spec
scp -c cipher-spec
Compression
ssh -C
scp -C
DynamicForward
ssh -D SOCKS4-port
EscapeChar
ssh -e escape-char
ForwardAgent
ssh -A to enable

ssh -a to disable

ForwardX11
ssh -X to enable

ssh -x to disable

GatewayPorts
ssh -g
IPv4
ssh -4
scp -4
IPv6
ssh -6
scp -6
LocalForward
ssh -L localport:remotehost:remoteport
MACS
ssh -m mac-spec
Port
ssh -p port
scp -P port
Protocol
ssh -2 for v2 only
RemoteForward
ssh -R remoteport:localhost:localport