SSH(1)                       General Commands Manual                     SSH(1)

NAME
       ssh — OpenSSH remote login client

SYNOPSIS
       ssh  [-46AaCfGgKkMNnqsTtVvXxYy]  [-B  bind_interface]  [-b bind_address]
           [-c   cipher_spec]   [-D    [bind_address:]port]    [-E    log_file]
           [-e  escape_char]  [-F  configfile]  [-I  pkcs11] [-i identity_file]
           [-J  destination]  [-L  address]  [-l  login_name]   [-m   mac_spec]
           [-O  ctl_cmd]  [-o  option] [-p port] [-Q query_option] [-R address]
           [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] destination
           [command [argument ...]]

DESCRIPTION
       ssh (SSH client) is a program for logging into a remote machine and  for
       executing  commands  on a remote machine.  It is intended to provide se‐
       cure encrypted communications between two untrusted hosts over an  inse‐
       cure  network.   X11  connections,  arbitrary  TCP ports and Unix‐domain
       sockets can also be forwarded over the secure channel.

       ssh connects and logs into the specified destination, which may be spec‐
       ified   as   either   [user@]hostname   or   a   URI   of    the    form
       ssh://[user@]hostname[:port].  The user must prove their identity to the
       remote machine using one of several methods (see below).

       If  a  command  is specified, it will be executed on the remote host in‐
       stead of a login shell.  A complete command line  may  be  specified  as
       command,  or  it  may have additional arguments.  If supplied, the argu‐
       ments will be appended to the command, separated by spaces, before it is
       sent to the server to be executed.

       The options are as follows:

       -4      Forces ssh to use IPv4 addresses only.

       -6      Forces ssh to use IPv6 addresses only.

       -A      Enables forwarding of connections from an  authentication  agent
               such  as ssh‐agent(1).  This can also be specified on a per‐host
               basis in a configuration file.

               Agent forwarding should be enabled with caution.  Users with the
               ability to bypass file permissions on the remote host  (for  the
               agent’s  Unix‐domain  socket) can access the local agent through
               the forwarded connection.  An attacker cannot obtain key  mater‐
               ial  from  the agent, however they can perform operations on the
               keys that enable  them  to  authenticate  using  the  identities
               loaded into the agent.  A safer alternative may be to use a jump
               host (see -J).

       -a      Disables forwarding of the authentication agent connection.

       -B bind_interface
               Bind  to the address of bind_interface before attempting to con‐
               nect to the destination host.  This is only  useful  on  systems
               with more than one address.

       -b bind_address
               Use  bind_address  on the local machine as the source address of
               the connection.  Only useful on systems with more than  one  ad‐
               dress.

       -C      Requests  compression  of  all  data  (including  stdin, stdout,
               stderr, and data for forwarded X11, TCP and Unix‐domain  connec‐
               tions).   The compression algorithm is the same used by gzip(1).
               Compression is desirable on modem lines and other  slow  connec‐
               tions, but will only slow down things on fast networks.  The de‐
               fault value can be set on a host‐by‐host basis in the configura‐
               tion files; see the Compression option in ssh_config(5).

       -c cipher_spec
               Selects  the  cipher  specification  for encrypting the session.
               cipher_spec is a comma‐separated list of ciphers listed in order
               of preference.  See the Ciphers  keyword  in  ssh_config(5)  for