ciphers), cipher‐auth
(supported symmetric ciphers that support authenticated encryp‐
tion), help (supported query terms for use with the -Q flag),
mac (supported message integrity codes), kex (key exchange algo‐
rithms), kex‐gss (GSSAPI key exchange algorithms), key (key
types), key‐cert (certificate key types), key‐plain (non‐cer‐
tificate key types), key‐sig (all key types and signature algo‐
rithms), protocol‐version (supported SSH protocol versions), and
sig (supported signature algorithms). Alternatively, any key‐
word from ssh_config(5) or sshd_config(5) that takes an algo‐
rithm list may be used as an alias for the corresponding
query_option.
-q Quiet mode. Causes most warning and diagnostic messages to be
suppressed.
-R [bind_address:]port:host:hostport
-R [bind_address:]port:local_socket
-R remote_socket:host:hostport
-R remote_socket:local_socket
-R [bind_address:]port
Specifies that connections to the given TCP port or Unix socket
on the remote (server) host are to be forwarded to the local
side.
This works by allocating a socket to listen to either a TCP port
or to a Unix socket on the remote side. Whenever a connection
is made to this port or Unix socket, the connection is forwarded
over the secure channel, and a connection is made from the local
machine to either an explicit destination specified by host port
hostport, or local_socket, or, if no explicit destination was
specified, ssh will act as a SOCKS 4/5 proxy and forward connec‐
tions to the destinations requested by the remote SOCKS client.
Port forwardings can also be specified in the configuration
file. Privileged ports can be forwarded only when logging in as
root on the remote machine. IPv6 addresses can be specified by
enclosing the address in square brackets.
By default, TCP listening sockets on the server will be bound to
the loopback interface only. This may be overridden by specify‐
ing a bind_address. An empty bind_address, or the address ‘*’,
indicates that the remote socket should listen on all inter‐
faces. Specifying a remote bind_address will only succeed if
the server’s GatewayPorts option is enabled (see
sshd_config(5)).
If the port argument is ‘0’, the listen port will be dynamically
allocated on the server and reported to the client at run time.
When used together with ‐O forward, the allocated port will be
printed to the standard output.
-S ctl_path
Specifies the location of a control socket for connection shar‐
ing, or the string “none” to disable connection sharing. Refer
to the description of ControlPath and ControlMaster in
ssh_config(5) for details.
-s May be used to request invocation of a subsystem on the remote
system. Subsystems facilitate the use of SSH as a secure trans‐
port for other applications (e.g. sftp(1)). The subsystem is
specified as the remote command. Refer to the description of
SessionType in ssh_config(5) for details.
-T Disable pseudo‐terminal allocation.
-t Force pseudo‐terminal allocation. This can be used to execute
arbitrary screen‐based programs on a remote machine, which can
be very useful, e.g.