OpenSSH SSH client (remote login program)
|
-D [bind_address:]port
Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket
to listen to port on the local side, optionally bound to the specified bind_address. Whenever a
connection is made to this port, the connection is forwarded over the secure channel, and the
application protocol is then used to determine where to connect to from the remote machine.
Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only
root can forward privileged ports. Dynamic port forwardings can also be specified in the
configuration file.
IPv6 addresses can be specified by enclosing the address in square brackets. Only the superuser
can forward privileged ports. By default, the local port is bound in accordance with the
GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a
specific address. The bind_address of “localhost” indicates that the listening port be bound for
local use only, while an empty address or ‘*’ indicates that the port should be available from all
interfaces.
|
-C Requests compression of all data (including stdin, stdout, stderr, and data for forwarded X11 and
TCP connections). The compression algorithm is the same used by gzip(1), and the “level” can be
controlled by the CompressionLevel option for protocol version 1. Compression is desirable on
modem lines and other slow connections, but will only slow down things on fast networks. The
default value can be set on a host-by-host basis in the configuration files; see the Compression
option.
|
-N Do not execute a remote command. This is useful for just forwarding ports (protocol version 2
only).
|
-A Enables forwarding of the authentication agent connection. This can also be specified on a per-
host basis in a configuration file.
Agent forwarding should be enabled with caution. Users with the ability to bypass file permissions
on the remote host (for the agent's UNIX-domain socket) can access the local agent through the
forwarded connection. An attacker cannot obtain key material from the agent, however they can
perform operations on the keys that enable them to authenticate using the identities loaded into
the agent.
|
ssh connects and logs into the specified hostname (with optional user name). The user must prove his/her
identity to the remote machine using one of several methods depending on the protocol version used (see
below).
If command is specified, it is executed on the remote host instead of a login shell.
|