1 <?xml version="1.0" encoding="utf-8"?><!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'><html lang="en" xmlns="http://www.w3.org/1999/xhtml">
3 <title>Twisted Documentation: CONCH.1</title>
4 <link href="../howto/stylesheet.css" rel="stylesheet" type="text/css"/>
8 <h1 class="title">CONCH.1</h1>
9 <div class="toc"><ol><li><a href="#auto0">NAME</a></li><li><a href="#auto1">SYNOPSIS</a></li><li><a href="#auto2">DESCRIPTION</a></li><li><a href="#auto3">AUTHOR</a></li><li><a href="#auto4">REPORTING BUGS</a></li><li><a href="#auto5">COPYRIGHT</a></li><li><a href="#auto6">SEE ALSO</a></li></ol></div>
14 <h2>NAME<a name="auto0"/></h2>
18 <h2>SYNOPSIS<a name="auto1"/></h2>
20 <p>conch [<strong>-AaCfINnrsTtVvx</strong>][<strong>-c</strong><em> cipher_spec</em>][<strong>-e</strong><em> escape_char</em>][<strong>-i</strong><em> identity_file</em>][<strong>-K</strong><em> connection_spec</em>][<strong>-L</strong><em> port</em>:<em> host</em>:<em> hostport</em>][<strong>-l</strong><em> user</em>][<strong>-m</strong><em> mac_spec</em>][<strong>-o</strong><em> openssh_option</em>][<strong>-p</strong><em> port</em>][<strong>-R</strong><em> port</em>:<em> host</em>:<em> hostport</em>][<em> user</em>@]<em> hostname</em>[<em> command</em>]</p>
22 <h2>DESCRIPTION<a name="auto2"/></h2>
24 <p>conch is a SSHv2 client for logging into a remote machine and executing commands. It provides encrypted and secure communications across a possibly insecure network. Arbitrary TCP/IP ports can also be forwarded over the secure connection.
27 <p>conch connects and logs into
29 <em> user</em>or the current username). The user must prove her/his identity through a public-key or a password. Alternatively, if a connection is already open to a server, a new shell can be opened over the connection without having to reauthenticate.
33 <em> command</em>is specified,
34 <em> command</em>is executed instead of a shell. If the
35 <strong>-s</strong>option is given,
36 <em> command</em>is treated as an SSHv2 subsystem name.
37 Conch supports the public-key, keyboard-interactive, and password authentications.
40 <p>The public-key method allows the RSA or DSA algorithm to be used. The client uses his/her private key,
42 to sign the session identifier, known only by the client and server. The server checks that the matching public key is valid for the user, and that the signature is correct.
45 <p>If public-key authentication fails,
46 conch can authenticate by sending an encrypted password over the connection.
47 conch has the ability to multiplex multiple shells, commands and TCP/IP ports over the same secure connection. To disable multiplexing for a connection, use the
48 <strong>-I</strong>flag.
52 <strong>-K</strong>option determines how the client connects to the remote host. It is a comma-separated list of the methods to use, in order of preference. The two connection methods are
53 (for connecting over a multiplexed connection) and
54 (to connect directly).
55 To disable connecting over a multiplexed connection, do not include
56 in the preference list.
59 <p>As an example of how connection sharing works, to speed up CVS over SSH:
62 <p>conch --noshell --fork -l cvs_user cvs_host
63 set CVS_RSH=<strong>conch</strong>
66 <p>Now, when CVS connects to cvs_host as cvs_user, instead of making a new connection to the server,
67 conch will add a new channel to the existing connection. This saves the cost of repeatedly negotiating the cryptography and authentication.
70 <p>The options are as follows:
71 <dl><dt><strong>-A</strong></dt><dd>Enables authentication agent forwarding.
72 </dd><dt><strong>-a</strong></dt><dd>Disables authentication agent forwarding (default).
73 </dd><dt><strong>-C</strong></dt><dd>Enable compression.
74 </dd><dt><strong>-c</strong></dt><dd><em> cipher_spec</em>Selects encryption algorithms to be used for this connection, as a comma-separated list of ciphers in order of preference. The list that
75 conch supports is (in order of default preference): aes256-ctr, aes256-cbc, aes192-ctr, aes192-cbc, aes128-ctr, aes128-cbc, cast128-ctr, cast128-cbc, blowfish-ctr, blowfish, idea-ctr, idea-cbc, 3des-ctr, 3des-cbc.
76 </dd><dt><strong>-e</strong></dt><dd><em> ch</em>| ^ch | noneSets the escape character for sessions with a PTY (default:
77 The escape character is only recognized at the beginning of a line (after a newline).
78 The escape character followed by a dot
79 closes the connection;
80 followed by ^Z suspends the connection;
81 and followed by the escape character sends the escape character once.
82 Setting the character to
84 </dd><dt><strong>-f</strong></dt><dd>Fork to background after authentication.
85 </dd><dt><strong>-I</strong></dt><dd>Do not allow connection sharing over this connection.
86 </dd><dt><strong>-i</strong></dt><dd><em> identity_spec</em>The file from which the identity (private key) for RSA or DSA authentication is read.
89 It is possible to use this option more than once to use more than one private key.
90 </dd><dt><strong>-K</strong></dt><dd><em> connection_spec</em>Selects methods for connection to the server, as a comma-separated list of methods in order of preference. See
92 </dd><dt><strong>-L</strong></dt><dd><em> port</em>: host : hostportSpecifies that the given port on the client host is to be forwarded to the given host and port on the remote side. This allocates a socket to listen to
93 <em> port</em>on the local side, and when connections are made to that socket, they are forwarded over the secure channel and a connection is made to
95 <em> hostport</em>from the remote machine.
96 Only root can forward privieged ports.
97 </dd><dt><strong>-l</strong></dt><dd><em> user</em>Log in using this username.
98 </dd><dt><strong>-m</strong></dt><dd><em> mac_spec</em>Selects MAC (message authentication code) algorithms, as a comma-separated list in order of preference. The list that
99 conch supports is (in order of preference): hmac-sha1, hmac-md5.
100 </dd><dt><strong>-N</strong></dt><dd>Do not execute a shell or command.
101 </dd><dt><strong>-n</strong></dt><dd>Redirect input from /dev/null.
102 </dd><dt><strong>-o</strong></dt><dd><em> openssh_option</em>Ignored OpenSSH options.
103 </dd><dt><strong>-p</strong></dt><dd><em> port</em>The port to connect to on the server.
104 </dd><dt><strong>-R</strong></dt><dd><em> port</em>: host : hostportSpecifies that the given port on the remote host is to be forwarded to the given host and port on the local side. This allocates a socket to listen to
105 <em> port</em>on the remote side, and when connections are made to that socket, they are forwarded over the secure channel and a connection is made to
107 <em> hostport</em>from the client host.
108 Only root can forward privieged ports.
109 </dd><dt><strong>-s</strong></dt><dd>Reconnect to the server if the connection is lost.
110 </dd><dt><strong>-s</strong></dt><dd>Invoke
111 <em> command</em>(mandatory) as a SSHv2 subsystem.
112 </dd><dt><strong>-T</strong></dt><dd>Do not allocate a TTY.
113 </dd><dt><strong>-t</strong></dt><dd>Allocate a TTY even if command is given.
114 </dd><dt><strong>-V</strong></dt><dd>Display version number only.
115 </dd><dt><strong>-v</strong></dt><dd>Log to stderr.
116 </dd><dt><strong>-x</strong></dt><dd>Disable X11 connection forwarding (default).
121 <h2>AUTHOR<a name="auto3"/></h2>
123 <p>Written by Paul Swartz <z3p@twistedmatrix.com>.
126 <h2>REPORTING BUGS<a name="auto4"/></h2>
128 <p>To report a bug, visit <em>http://twistedmatrix.com/bugs/</em>
131 <h2>COPYRIGHT<a name="auto5"/></h2>
133 <p>Copyright © 2002-2008 Twisted Matrix Laboratories.
134 This is free software; see the source for copying conditions. There is NO
135 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
138 <h2>SEE ALSO<a name="auto6"/></h2>
145 <p><a href="../howto/index.html">Index</a></p>
146 <span class="version">Version: 12.1.0</span>
projects / profile / ivi / python-twisted.git / blob