The following exit values are returned: 0 All input files were output successfully, or -c was specified and the input file was correctly sorted.. The following exit values are returned:
Trang 1EXAMPLE 6Sorting by host IP address
Either of the following commands prints the hosts(4) file (IPv4 hosts database),sorted by the numeric IP address (the first four numeric fields):
example$ sort -t -k 1,1n -k 2,2n -k 3,3n -k 4,4n /etc/hosts example$ sort -t +0 -1n +1 -2n +2 -3n +3 -4n /etc/hosts
Since ’.’ is both the field delimiter and, in many locales, the decimal separator, failure
to specify both ends of the field will lead to results where the second field isinterpreted as a fractional portion of the first, and so forth
See environ(5) for descriptions of the following environment variables that affect theexecution of sort: LC_COLLATE, LC_MESSAGES, and NLSPATH
LC_CTYPE Determine the locale for the interpretation of sequences of bytes of
text data as characters (for example, single- versus multi-bytecharacters in arguments and input files) and the behavior ofcharacter classification for the -b, -d, -f, -i and -n options.LC_NUMERIC Determine the locale for the definition of the radix character and
thousands separator for the -n option
The following exit values are returned:
0 All input files were output successfully, or -c was specified and the input
file was correctly sorted
1 Under the -c option, the file was not ordered as specified, or if the -c and
-uoptions were both specified, two input lines were found with equalkeys
Trang 2comm(1), join(1), uniq(1), nl_langinfo(3C), strftime(3C), hosts(4), passwd(4),attributes(5), environ(5), largefile(5), XPG4(5)
Comments and exits with non-zero status for various trouble conditions (for example,when input lines are too long), and for disorders discovered under the -c option.When the last line of an input file is missing a new-line character, sort appendsone, prints a warning message, and continues
sortdoes not guarantee preservation of relative line ordering on equal keys
One can tune sort performance for a specific scenario using the -S option However,one should note in particular that sort has greater knowledge of how to use a finiteamount of memory for sorting than the virtual memory system Thus, a sort invoked
to request an extremely large amount of memory via the -S option could performextremely poorly
As noted, certain of the field modifiers (such as -M and -d) cause the interpretation ofinput data to be done with reference to locale-specific settings The results of thisinterpretation can be unexpected if one’s expectations are not aligned with theconventions established by the locale In the case of the month keys, sort does notattempt to compensate for "approximate" month abbreviations The precise monthabbreviations from nl_langinfo(3C) or strftime(3C) are the only ones recognized.For printable or dictionary order, if these concepts are not well-defined by the locale,
an empty sort key may be the result, leading to the next key being the significant onefor determining the appropriate ordering
sort(1)
SEE ALSO
DIAGNOSTICS
NOTES
Trang 3sortbib – sort a bibliographic database
sortbib [-s KEYS] database…
sortbibsorts files of records containing refer key-letters by user-specified keys.Records may be separated by blank lines, or by ‘.[’ and ‘.]’ delimiters, but the two
styles may not be mixed together This program reads through each database and pulls
out key fields, which are sorted separately The sorted key fields contain the filepointer, byte offset, and length of corresponding records These records are deliveredusing disk seeks and reads, so sortbib may not be used in a pipeline to readstandard input
The most common key-letters and their meanings are given below
%B Book containing article referenced
%C City (place of publication)
%D Date of publication
%E Editor of book containing article referenced
%F Footnote number or label (supplied by refer)
%G Government order number
%H Header commentary, printed before reference
%I Issuer (publisher)
%J Journal containing article
%K Keywords to use in locating reference
%L Label field used by -k option of refer
%M Bell Labs Memorandum (undefined)
%N Number within volume
%O Other commentary, printed at end of reference
%Q Corporate or Foreign Author (unreversed)
%R Report, paper, or thesis (unpublished)
Trang 4By default, sortbib alphabetizes by the first %A and the %D fields, which contain thesenior author and date.
sortbibsorts on the last word on the %A line, which is assumed to be the author’slast name A word in the final position, such as ‘jr.’ or ‘ed.’, will be ignored if thename beforehand ends with a comma Authors with two-word last names or unusualconstructions can be sorted correctly by using the nroff convention ‘\0’ in place of ablank A %Q field is considered to be the same as %A, except sorting begins with thefirst, not the last, word sortbib sorts on the last word of the %D line, usually theyear It also ignores leading articles (like ‘A’ or ‘The’) when sorting by titles in the %T
or %J fields; it will ignore articles of any modern European language If asort-significant field is absent from a record, sortbib places that record before otherrecords containing that field
No more than 16 databases may be sorted together at one time Records longer than
4096 characters will be truncated
-sKEYS Specify new KEYS For instance, -sATD will sort by author, title, and date,
while -sA+D will sort by all authors, and date Sort keys past the fourth arenot meaningful
See attributes(5) for descriptions of the following attributes:
Trang 5sotruss – trace shared library procedure calls
/usr/bin/sotruss [-f] [-F bindfromlist] [-T bindtolist] [-o outputfile]
executable [executable arguments…]
sotrussexecutes the specified command and produces a trace of the library calls that
it performs Each line of the trace output reports what bindings are occurring betweendynamic objects as each procedure call is executed sotruss traces all of the
procedure calls that occur between dynamic objects via the Procedure Linkage Table, so only those procedure calls which are bound via the Procedure Linkage Table will be traced See Linker and Libraries Guide
-Fbindfromlist A colon-separated list of libraries that are to be traced
Only calls from these libraries will be traced Thedefault is to trace calls from the main executable only.-Tbindtolist A colon-separated list of libraries that are to be traced
Only calls to these libraries will be traced The default
is to trace all calls
-ooutputfile sotrussoutput will be directed to the outputfile If this
option is combined with the -f option then the pid of
the executing program will be placed at the end of thefilename By default sotruss output is placed onstderr
trussoutput on each child process This option will
also cause a pid to be output on each truss output
line
EXAMPLE 1An example of sotruss
A simple example shows the tracing of a simple ls command:
ls -> libc.so.1:*printf(0x13a64, 0x26208, 0x23ef0)
ls -> libc.so.1:*printf(0x13a64, 0x26448, 0x23ef0)
ls -> libc.so.1:*exit(0x0, 0x24220, 0x2421c)See attributes(5) for descriptions of the following attributes:
Trang 6ATTRIBUTE TYPE ATTRIBUTE VALUE
ld.so.1(1), truss(1), whocalls(1), fork(2), attributes(5)
Linker and Libraries Guide
sotruss(1)
SEE ALSO
Trang 7spell, hashmake, spellin, hashcheck – report spelling errors
spell [-bilvx] [+ local_file] [file] …
/usr/lib/spell/hashmake /usr/lib/spell/spellin n
/usr/lib/spell/hashcheck spelling_list
The spell command collects words from the named files and looks them up in aspelling list Words that neither occur among nor are derivable (by applying certaininflections, prefixes, or suffixes) from words in the spelling list are written to thestandard output
If there are no file arguments, words to check are collected from the standard input.spellignores most troff(1), tbl(1), and eqn(1) constructs Copies of all outputwords are accumulated in the history file (spellhist), and a stop list filters outmisspellings (for example, their=thy−y+ier) that would otherwise pass
By default, spell (like deroff(1)) follows chains of included files (.so and nxtroff(1) requests), unless the names of such included files begin with /usr/lib.The standard spelling list is based on many sources, and while more haphazard than
an ordinary dictionary, is also more effective in respect to proper names and populartechnical words Coverage of the specialized vocabularies of biology, medicine andchemistry is light
Three programs help maintain and check the hash lists used by spell:
hashmake Reads a list of words from the standard input and writes the
corresponding nine-digit hash code on the standard output.spellin Reads n hash codes from the standard input and writes a
compressed spelling list on the standard output
hashcheck Reads a compressed spelling_list and recreates the nine-digit hash
codes for all the words in it It writes these codes on the standardoutput
The following options are supported:
-b Check British spelling Besides preferring "centre," "colour,"
"programme," "speciality," "travelled," and so forth, this optioninsists upon−ise in words like "standardise."
-i Cause deroff(1) to ignore so and nx commands If deroff(1)
is not present on the system, then this option is ignored
-l Follow the chains of all included files.
-v Print all words not literally in the spelling list, as well as plausible
derivations from the words in the spelling list
Trang 8-x Print every plausible stem, one per line, with = preceding each
word
+local_file Specify a set of words that are correct spellings (in addition to
spell’s own spelling list) for each job local_file is the name of auser-provided file that contains a sorted list of words, one per line
Words found in local_file are removed from spell’s output Use
sort(1) to order local_file in ASCII collating sequence If this
ordering is not followed, some entries in local_file may be ignored.
The following operands are supported:
file A path name of a text file to check for spelling errors If no files are named,
words are collected from the standard input
See environ(5) for descriptions of the following environment variables that affect theexecution of spell: LC_CTYPE, LC_MESSAGES, and NLSPATH
The following exit values are returned:
H_SPELL=/var/adm/spellhisthistory file
/usr/share/lib/dict/wordsmaster dictionary
See attributes(5) for descriptions of the following attributes:
deroff(1), eqn(1), sort(1), tbl(1), troff(1), attributes(5), environ(5)Misspelled words can be monitored by default by setting the H_SPELL variable in/usr/bin/spellto the name of a file that has permission mode 666
spellworks only on English words defined in the U.S ASCII codeset
Because copies of all output are accumulated in the spellhist file, spellhist maygrow quite large and require purging
Trang 9The spelling list’s coverage is uneven; new installations may wish to monitor theoutput for several months to gather local additions.
British spelling was done by an American
spell(1)
BUGS
Trang 10spline – interpolate smooth curve
spline [-aknpx] …splinetakes pairs of numbers from the standard input as abcissas and ordinates of afunction It produces a similar set, which is approximately equally spaced and
includes the input set, on the standard output The cubic spline output (R W
Hamming, Numerical Methods for Scientists and Engineers,2nd ed., 349ff) has two
continuous derivatives, and sufficiently many points to look smooth when plotted, forexample by graph(1)
-a Supply abscissas automatically (they are missing from the input); spacing is
given by the next argument, or is assumed to be 1 if next argument is not anumber
-k The constant k used in the boundary value computation
(2nd deriv at end) = k*(2nd deriv next to end)
is set by the next argument By default k = 0.
-n Space output points so that approximately n intervals occur between the
lower and upper x limits (Default n = 100.)
-p Make output periodic, that is, match derivatives at ends First and last
input values should normally agree
-x Next 1 (or 2) arguments are lower (and upper) x limits Normally these
limits are calculated from the data Automatic abcissas start at lower limit(default 0)
See attributes(5) for descriptions of the following attributes:
graph(1), attributes(5)
R W Hamming, Numerical Methods for Scientists and Engineers, 2nd ed.
When data is not strictly monotonic in x, spline reproduces the input without
interpolating extra points
A limit of 1000 input points is enforced silently
Trang 11split – split a file into pieces
split [-linecount | -l linecount] [-a suffixlength] [file [name]]
split [-b n | nk | nm] [-a suffixlength] [file [name]]
The split utility reads file and writes it in linecount-line pieces into a set of output-files The name of the first output-file is name with aa appended, and so on lexicographically, up to zz (a maximum of 676 files) The maximum length of name is 2
characters less than the maximum filename length allowed by the filesystem Seestatvfs(2) If no output name is given, x is used as the default (output-files will becalled xaa, xab, and so forth)
The following options are supported:
−linecount | -l linecount Number of lines in each piece Defaults to 1000 lines.-asuffixlength Uses suffixlength letters to form the suffix portion of the
filenames of the split file If -a is not specified, the
default suffix length is 2 If the sum of the name operand and the suffixlength option-argument would
create a filename exceeding NAME_MAX bytes, an errorwill result; split will exit with a diagnostic messageand no files will be created
-bn Splits a file into pieces n bytes in size.
-bnk Splits a file into pieces n*1024 bytes in size.
-bnm Splits a file into pieces n*1 048 576 bytes in size.
The following operands are supported:
file The path name of the ordinary file to be split If no input file is given or file
is−, the standard input will be used
name The prefix to be used for each of the files resulting from the split
operation If no name argument is given, x will be used as the prefix of the output files The combined length of the basename of prefix and suffixlength
cannot exceed NAME_MAX bytes; see OPTIONS
See largefile(5) for the description of the behavior of split when encounteringfiles greater than or equal to 2 Gbyte ( 231bytes)
See environ(5) for descriptions of the following environment variables that affect theexecution of split: LC_CTYPE, LC_MESSAGES, and NLSPATH
The following exit values are returned:
Trang 12ATTRIBUTE TYPE ATTRIBUTE VALUE
Trang 13srchtxt – display contents of, or search for a text string in, message data bases
srchtxt [-s] [-l locale] [-m msgfile ,…] [text]
The srchtxt utility is used to display all the text strings in message data bases, or tosearch for a text string in message data bases (see mkmsgs(1)) These data bases are
files in the directory /usr/lib/locale/locale/LC_MESSAGES (see setlocale(3C)),
unless a file name given with the -m option contains a / The directory locale can beviewed as the name of the language in which the text strings are written If the -loption is not specified, the files accessed will be determined by the value of theenvironment variable LC_MESSAGES If LC_MESSAGES is not set, the files accessedwill be determined by the value of the environment variable LANG If LANG is not set,the files accessed will be in the directory /usr/lib/locale//C/LC_MESSAGES ,which contains default strings
If no text argument is present, then all the text strings in the files accessed will be
displayed
If the -s option is not specified, the displayed text is prefixed by message sequencenumbers The message sequence numbers are enclosed in angle brackets:
<msgfile:msgnum>.
msgfile name of the file where the displayed text occurred
msgnum sequence number in msgfile where the displayed text occurred
This display is in the format used by gettxt(1) and gettxt(3C)
-s Suppress printing of the message sequence numbers of the
messages being displayed
-llocale Access files in the directory
/usr/lib/locale/locale/LC_MESSAGES If -m msgfile is also
supplied, lOCALE is ignored for msgfiles containing a /.
-mmsgfile Access files specified by one or more msgfiles If msgfile contains a /
character, then msgfile is interpreted as a pathname; otherwise, it
will be assumed to be in the directory determined as described
above To specify more than one msgfile, separate the file names
using commas
text Search for the text string specified by text and display each one
that matches text can take the form of a regular expression; see
Trang 14EXAMPLE 1Using srchtxt (Continued)
EXAMPLE 2Using srchtxt
If a set of error messages associated with the operating system have been installed inthe file UX in the french locale (/usr/lib/locale/french/LC_MESSAGE/UX ),then, using the value of the LANG environment variable to determine the locale to besearched, you could search that file in that locale for all error messages dealing withfiles by typing:
example% setenv LANG=french; export LANG example% srchtxt -m UX "[Ff]ichier"
If /usr/lib/locale/french/LC_MESSAGES/UX contained the following strings:Erreur E/S\n
Liste d’arguments trop longue\n Fichier inexistant\n
Argument invalide\n Trop de fichiers ouverts\n Fichier trop long\n Trop de liens\n Argument hors du domaine\n Identificateur supprim\n Etreinte fatale\n
.then the following strings would be displayed:
<UX:3>Fichier inexistant\n
<UX:5>Trop de fichiers ouverts\n
<UX:6>Fichier trop long\n
EXAMPLE 3Using srchtxt
If a set of error messages associated with the operating system have been installed inthe file UX and a set of error messages associated with the INGRESS data base producthave been installed in the file ingress, both in the german locale, then you couldsearch for the pattern [Dd]atei in both the files UX and ingress in the germanlocale by typing:
example% srchtxt -l german -m UX,ingress "[Dd]atei"
See environ(5) for a description of the LC_CTYPE environment variable that affectsthe execution of srchtxt
Trang 15See attributes(5) for descriptions of the following attributes:
srchtxt(1)
ATTRIBUTES
SEE ALSO
DIAGNOSTICS
Trang 16ssh – OpenSSH secure shell client (remote login program)
ssh [-l login_name] [ hostname | user@hostname] [ command]
ssh -afgknqtvxACNPTX246 [-c cipher_spec] [-e escape_char] [-i identity_file]
[-l login_name] [-o option] [-p port] [-L port:host:hostport] [-R port:host:hostport] [hostname | user@hostname] [command]
ssh(Secure Shell) is a program for logging into a remote machine and for executingcommands on a remote machine It is intended to replace rlogin and rsh, and toprovide secure encrypted communications between two untrusted hosts over aninsecure network X11 connections and arbitrary TCP/IP ports can also be forwardedover the secure channel
sshconnects and logs into the specified hostname The user must prove his or heridentity to the remote machine using one of several methods depending on theprotocol version used:
First, if the machine the user logs in from is listed in /etc/hosts.equiv or/etc/shosts.equivon the remote machine, and the user names are the same onboth sides, the user is immediately permitted to log in Second, if rhosts or.shostsexists in the user’s home directory on the remote machine and contains aline containing the name of the client machine and the name of the user on thatmachine, the user is permitted to log in This form of authentication alone is normallynot allowed by the server because it is not secure
The second (and primary) authentication method is the rhosts or hosts.equivmethod combined with RSA-based host authentication It means that if the loginwould be permitted by $HOME/.rhosts, $HOME/.shosts, /etc/hosts.equiv, or/etc/shosts.equiv, and if additionally the server can verify the client’s host key(see /etc/ssh_known_hosts in the FILES section), only then is login permitted.This authentication method closes security holes due to IP spoofing, DNS spoofing,and routing spoofing
Note to the administrator: /etc/hosts.equiv, $HOME/.rhosts, and therlogin/rsh protocol in general, are inherently insecure and should be disabled ifsecurity is desired
As a third authentication method, ssh supports RSA-based authentication Thescheme is based on public-key cryptography There are cryptosystems whereencryption and decryption are done using separate keys, and it is not possible toderive the decryption key from the encryption key RSA is one such system The idea
is that each user creates a public/private key pair for authentication purposes Theserver knows the public key, and only the user knows the private key The file
$HOME/.ssh/authorized_keyslists the public keys that are permitted for logging
in When the user logs in, the ssh program tells the server which key pair it wouldlike to use for authentication The server checks if this key is permitted, and if so,sends the user (actually the ssh program running on behalf of the user) a challenge in
Trang 17the form of a random number, encrypted by the user’s public key The challenge canonly be decrypted using the proper private key The user’s client then decrypts thechallenge using the private key, proving that he or she knows the private key butwithout disclosing it to the server.
sshimplements the RSA authentication protocol automatically The user creates his orher RSA key pair by running ssh-keygen(1) This stores the private key in
$HOME/.ssh/identityand the public key in $HOME/.ssh/identity.pub in theuser’s home directory The user should then copy the identity.pub to
$HOME/.ssh/authorized_keysin his or her home directory on the remotemachine (the authorized_keys file corresponds to the conventional
$HOME/.rhostsfile, and has one key per line, though the lines can be very long).After this, the user can log in without giving the password RSA authentication ismuch more secure than rhosts authentication
The most convenient way to use RSA authentication may be with an authenticationagent See ssh-agent(1) for more information
If other authentication methods fail, ssh prompts the user for a password Thepassword is sent to the remote host for checking However, since all communicationsare encrypted, the password cannot be seen by someone listening on the network.When a user connects using the protocol version 2, different authentication methodsare available At first, the client attempts to authenticate using the public key method
If this method fails, password authentication is tried
The public key method is similar to RSA authentication described in the previoussection except that the DSA algorithm is used instead of the patented RSA algorithm.The client uses his private DSA key $HOME/.ssh/id_dsa to sign the sessionidentifier and sends the result to the server The server checks whether the matchingpublic key is listed in $HOME/.ssh/authorized_keys and grants access if both thekey is found and the signature is correct The session identifier is derived from ashared Diffie-Hellman value and is known only to the client and the server
If public key authentication fails or is not available, a password can be sent encrypted
to the remote host for proving the user’s identity This protocol 2 implementation doesnot yet support Kerberos or S/Key authentication
Protocol 2 provides additional mechanisms for confidentiality (the traffic is encryptedusing 3DES, Blowfish, CAST128 or Arcfour) and integrity (hmac-sha1, hmac-md5).Notice that protocol 1 lacks a strong mechanism for ensuring the integrity of theconnection
When the user’s identity has been accepted by the server, the server either executes thegiven command, or logs into the machine and gives the user a normal shell on theremote machine All communication with the remote command or shell will beautomatically encrypted
Trang 18If a pseudo-terminal has been allocated (normal login session), the user can disconnectwith ~., and suspend ssh with ~^Z All forwarded connections can be listed with ~#.
If the session blocks waiting for forwarded X11 or TCP/IP connections to terminate,sshcan be backgrounded with ~&, although this should not be used while the usershell is active, as it can cause the shell to hang All available escapes can be listed with
~?
A single tilde character can be sent as ~~ (or by following the tilde by a character otherthan those described above) The escape character must always follow a newline to beinterpreted as special The escape character can be changed in configuration files or onthe command line
If no pseudo tty has been allocated, the session is transparent and can be used toreliably transfer binary data On most systems, setting the escape character to “none”will also make the session transparent even if a tty is used
The session terminates when the command or shell in the remote machine exits and allX11 and TCP/IP connections have been closed The exit status of the remote program
is returned as the exit status of ssh
If the user is using X11 (the DISPLAY environment variable is set), the connection tothe X11 display is automatically forwarded to the remote side in such a way that anyX11 programs started from the shell (or command) will go through the encryptedchannel, and the connection to the real X server will be made from the local machine.The user should not manually set DISPLAY Forwarding of X11 connections can beconfigured on the command line or in configuration files
The DISPLAY value set by ssh will point to the server machine, but with a displaynumber greater than zero This is normal behavior, because ssh creates a “proxy” Xserver on the server machine for forwarding the connections over the encryptedchannel
sshwill also automatically set up Xauthority data on the server machine For thispurpose, it will generate a random authorization cookie, store it in Xauthority on theserver, and verify that any forwarded connections carry this cookie and replace it bythe real cookie when the connection is opened The real authentication cookie is neversent to the server machine (and no cookies are sent in the plain)
If the user is using an authentication agent, the connection to the agent isautomatically forwarded to the remote side unless disabled on the command line or in
a configuration file
Forwarding of arbitrary TCP/IP connections over the secure channel can be specifiedeither on the command line or in a configuration file One possible application ofTCP/IP forwarding is a secure connection to an electronic purse Another possibleapplication is going through firewalls
sshautomatically maintains and checks a database containing identifications for allhosts it has ever been used with RSA host keys are stored in
$HOME/.ssh/known_hostsin the user’s home directory Additionally, the file
Trang 19/etc/ssh_known_hostsis automatically checked for known hosts Any new hostsare automatically added to the user’s file If a host’s identification ever changes, sshwarns about this and disables password authentication to prevent a trojan horse fromgetting the user’s password Another purpose of this mechanism is to preventman-in-the-middle attacks which could otherwise be used to circumvent theencryption The StrictHostKeyChecking option (see below) can be used toprevent logins to machines whose host key is not known or has changed.
The following options are supported:
-2Forces ssh to try protocol version 2 only
-4Forces ssh to use IPv4 addresses only
-6Forces ssh to use IPv6 addresses only
-aDisables forwarding of the authentication agent connection
-AEnables forwarding of the authentication agent connection This can also bespecified on a per-host basis in a configuration file
-c blowfish| 3desSelects the cipher to use for encrypting the session 3des is used by default It isbelieved to be secure 3des (triple-des) is an encrypt-decrypt-encrypt triple withthree different keys It is presumably more secure than the des cipher, which is nolonger fully supported in ssh blowfish is a fast block cipher, it appears verysecure and is much faster than 3des
-c 3des-cbc,blowfish-cbc,aes128-cbcAdditionally, for protocol version 2 a comma-separated list of ciphers can bespecified in order of preference Protocol version 2 supports 3DES, Blowfish, andAES 128 in CBC mode
-CRequests compression of all data (including stdin, stdout, stderr, and data forforwarded X11 and TCP/IP connections) The compression algorithm is the sameused by gzip(1) (The gzip man page is available in the SUNWsfman package.) The
“level” can be controlled by the CompressionLevel option (see below)
Compression is desirable on modem lines and other slow connections, but will onlyslow down things on fast networks The default value can be set on a host-by-hostbasis in the configuration files See the Compress option below
-ech | ^ch | none
Sets the escape character for sessions with a pty (default: ‘~’) The escape character
is only recognized at the beginning of a line The escape character followed by a dot(“.”) closes the connection If followed by control-Z, the escape character suspendsssh(1)
OPTIONS
Trang 20the connection If followed by itself, the escape character sends itself once Settingthe character to “none” disables any escapes and makes the session fully
transparent
-f
Requests ssh to go to background just before command execution This is useful ifsshis going to ask for passwords or passphrases, but the user wants it in thebackground This implies the -n option The recommended way to start X11
programs at a remote site is with something like ssh -f host xterm.
-llogin_name
Specifies the user to log in as on the remote machine This also may be specified on
a per-host basis in the configuration file
-Lport:host:hostport
Specifies that the given port on the local (client) host is to be forwarded to the givenhost and port on the remote side This works by allocating a socket to listen to theport on the local side Then, whenever a connection is made to this port, the
connection is forwarded over the secure channel and a connection is made to host
port hostport from the remote machine Port forwardings can also be specified in the
configuration file Only root can forward privileged ports IPv6 addresses can be
specified with an alternative syntax: port/host/hostport.
-n
Redirects stdin from /dev/null (actually, prevents reading from stdin) This must
be used when ssh is run in the background A common trick is to use this to runX11 programs on a remote machine For example,
ssh -n shadows.cs.hut.fi emacs &
will start an emacs on shadows.cs.hut.fi, and the X11 connection will beautomatically forwarded over an encrypted channel The ssh program will be put
in the background This does not work if ssh needs to ask for a password orpassphrase See also the -f option.)
ssh(1)
Trang 21Specifies the port to connect to on the remote host This can be specified on aper-host basis in the configuration file
-PUses a non-privileged port for outgoing connections This can be used if yourfirewall does not permit connections from privileged ports Notice that this optionturns off RhostsAuthentication and RhostsRSAAuthentication
-qQuiet mode Causes all warning and diagnostic messages to be suppressed Onlyfatal errors are displayed
-Rport:host:hostport
Specifies that the given port on the remote (server) host is to be forwarded to thegiven host and port on the local side This works by allocating a socket to listen tothe port on the remote side Then, whenever a connection is made to this port, the
connection is forwarded over the secure channel and a connection is made to host
port hostport from the local machine Port forwardings can also be specified in the
configuration file Privileged ports can be forwarded only when logging in as root
on the remote machine
-tForces pseudo-tty allocation This can be used to execute arbitrary screen-basedprograms on a remote machine, which can be very useful, for example, whenimplementing menu services
-TDisables pseudo-tty allocation (protocol version 2 only)
-vVerbose mode Causes ssh to print debugging messages about its progress This ishelpful in debugging connection, authentication, and configuration problems.Multiple -v options increase the verbosity Maximum is 3
-xDisables X11 forwarding
-XEnables X11 forwarding This can also be specified on a per-host basis in aconfiguration file
sshwill normally set the following environment variables:
DISPLAY The DISPLAY variable indicates the location of the X11 server It is
automatically set by ssh to point to a value of the form hostname:n where hostname indicates the host where the shell runs, and n is an
integer greater than or equal to 1 ssh uses this special value toforward X11 connections over the secure channel The user shouldnormally not set DISPLAY explicitly, as that will render the X11connection insecure (and will require the user to manually copy
ssh(1)
ENVIRONMENT
VARIABLES
Trang 22HOME Set to the path of the user’s home directory.
LOGNAME Synonym for USER Set for compatibility with systems that use this
variable
MAIL Set to point to the user’s mailbox
PATH Set to the default PATH, as specified when compiling ssh
SSH_AUTH_SOCK Indicates the path of a unix-domain socket used to communicate
with the agent
SSH_CLIENT Identifies the client end of the connection The variable contains
three space-separated values: client ip-address, client port number,and server port number
SSH_TTY This is set to the name of the tty (path to the device) associated
with the current shell or command If the current session has notty, this variable is not set
TZ The timezone variable is set to indicate the present timezone if it
was set when the daemon was started, that is, the daemon passesthe value on to new connections
USER Set to the name of the user logging in
Additionally, ssh reads $HOME/.ssh/environment and adds lines of the formatVARNAME=value to the environment
The following exit values are returned:
0 Successful completion
1 An error occurred
$HOME/.ssh/known_hostsRecords host keys for all hosts the user has logged into that are not in/etc/ssh_known_hosts See sshd(1M)
$HOME/.ssh/identity
$HOME/.ssh/id_dsaContains the RSA and the DSA authentication identity of the user These filescontain sensitive data and should be readable by the user but not accessible byothers (read/write/execute) Notice that ssh ignores a private key file if it isaccessible by others It is possible to specify a passphrase when generating the key.The passphrase will be used to encrypt the sensitive part of this file using 3DES
$HOME/.ssh/identity.pub
$HOME/.ssh/id_dsa.pubContains the public key for authentication, that is, the public part of the identity file
in human-readable form The contents of the $HOME/.ssh/identity.pub fileshould be added to $HOME/.ssh/authorized_keys on all machines where youwish to log in using RSA authentication The contents of the
$HOME/.ssh/id_dsa.pubfile should be added to
ssh(1)
EXIT STATUS
FILES
Trang 23$HOME/.ssh/authorized_keyson all machines where you wish to log in usingDSA authentication These files are not sensitive and can, but need not, be readable
by anyone These files are never used automatically and are not necessary They areprovided only for the convenience of the user
$HOME/.ssh/configThis is the per-user configuration file The format of this file is described above.This file is used by the ssh client This file does not usually contain any sensitiveinformation, but the recommended permissions are read/write for the user and notaccessible by others
$HOME/.ssh/authorized_keysLists the DSA keys that can be used for logging in as this user This file is not highlysensitive, but the recommended permissions are read/write for the user and notaccessible by others
/etc/ssh/ssh_known_hostsSystemwide list of known host keys /etc/ssh_known_hosts contains RSA keys.This file should be prepared by the system administrator to contain the public hostkeys of all machines in the organization and should be world-readable The filecontains public keys, one per line, in the following format, with fields separated byspaces: system name, number of bits in modulus, public exponent, modulus, andoptional comment field When different names are used for the same machine, allsuch names should be listed, separated by commas See sshd(1M)
The canonical system name (as returned by name servers) is used by sshd(1M) toverify the client host when logging in Other names are needed because ssh doesnot convert the user-supplied name to a canonical name before checking the key, toprevent someone with access to the name servers from being able able to fool hostauthentication
/etc/ssh/ssh_configSystemwide configuration file This file provides defaults for those values that arenot specified in the user’s configuration file, and for those users who do not have aconfiguration file
This file must be world-readable
$HOME/.rhostsThis file is used in rhosts authentication to list the host/user pairs that arepermitted to log in (Notice that this file is also used by rlogin and rsh, whichmakes using this file insecure.) Each line of the file contains a host name (in thecanonical form returned by name servers), and then a user name on that host,separated by a space On some machines, this file may need to be world-readable ifthe user’s home directory is on an NFS partition, because sshd(1M) reads it as root.Additionally, this file must be owned by the user and must not have write
permissions for anyone else The recommended permission for most machines isread/write for the user and not accessible by others
ssh(1)
Trang 24Notice that, by default, sshd(1M) will be installed so that it requires successful RSAhost authentication before permitting rhosts authentication If your servermachine does not have the client’s host key in /etc/ssh_known_hosts, you canstore it in $HOME/.ssh/known_hosts The easiest way to do this is to connectback to the client from the server machine using ssh This will automatically addthe host key to $HOME/.ssh/known_hosts.
$HOME/.shostsThis file is used exactly the same way as rhosts The purpose for having this file
is to be able to use rhosts authentication with ssh without permitting login withrlogin(1) or rsh(1)
/etc/hosts.equivThis file is used during rhosts authentication It contains canonical hosts names,one per line (See sshd(1M) for the full format description.) If the client host isfound in this file, login is automatically permitted, provided that client and serveruser names are the same In addition, successful RSA host authentication isnormally required This file should only be writable by root
/etc/ssh/shosts.equivThis file is processed exactly as /etc/hosts.equiv This file may be useful topermit logins using ssh but not using rsh or rlogin
/etc/ssh/sshrcCommands in this file are executed by ssh when the user logs in just before theuser’s shell or command is started See sshd(1M) for more information
$HOME/.ssh/rcCommands in this file are executed by ssh when the user logs in just before theuser’s shell or command is started See sshd(1M) for more information
$HOME/.ssh/environmentContains additional definitions for environment variables See ENVIRONMENTVARIABLES
See attributes(5) for descriptions of the following attributes:
ssh(1)
ATTRIBUTES
SEE ALSO
Trang 25OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen.Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt and Dug Songremoved many bugs, added newer features and created Open SSH Markus Friedlcontributed the support for SSH protocol versions 1.4 and 2.0.
ssh(1)
AUTHORS
Trang 26ssh-add – add RSA or DSA identities for the authentication agent
ssh-add [-lLdD] [ file …]
The ssh-add utility adds RSA or DSA identities to the authentication agent,ssh-agent(1) When run without arguments, it attempts to add all of the files
$HOME/.ssh/identity(RSA v1), $HOME/.ssh/id_rsa (RSA v2), and
$HOME/.ssh/id_dsa(DSA v2) that exist If more than one of the private keys exists,
an attempt to decrypt each with the same passphrase will be made before repromptingfor a different passphrase The passphrase is read from the user’s tty or by running theprogram defined in SSH_ASKPASS (see below)
The authentication agent must be running
The following options are supported:
-d Instead of adding the identity, this option removes the identity from the
agent
-D Deletes all identities from the agent
-l Lists fingerprints of all identities currently represented by the agent.-L Lists public key parameters of all identities currently represented by the
agent
DISPLAYSSH_ASKPASS If ssh-add needs a passphrase, it will read the passphrase from
the current terminal if it was run from a terminal If ssh-add doesnot have a terminal associated with it but DISPLAY and
SSH_ASKPASSare set, it will execute the program specified bySSH_ASKPASSand open an X11 window to read the passphrase.This is particularly useful when calling ssh-add from a Xsession
If these files are stored on a network file system it is assumed that either the protectionprovided in the file themselves or the transport layer of the network file systemprovides sufficient protection for the site policy If this is not the case, then it isrecommended the key files are stored on removable media or locally on the relevanthosts
Recommended names for the DSA and RSA key files:
Trang 27$HOME/.ssh/identity Contains the RSA authentication identity of
the user for protocol version 1
$HOME/.ssh/identity.pub Contains the public part of the RSA
authentication identity of the user forprotocol version 1
$HOME/.ssh/id_dsa Contains the private DSA authentication
identity of the user
$HOME/.ssh/id_dsa.pub Contains the public part of the DSA
authentication identity of the user
$HOME/.ssh/id_rsa Contains the private RSA authentication
identity of the user
$HOME/.ssh/id_rsa.pub Contains the public part of the RSA
authentication identity of the user
See attributes(5) for descriptions of the following attributes:
ssh(1), ssh-agent(1), ssh-keygen(1), sshd(1M), attributes(5)
To view license terms, attribution, and copyright for OpenSSH, the default path is/var/sadm/pkg/SUNWsshdr/install/copyright If the Solaris operatingenvironment has been installed anywhere other than the default, modify the givenpath to access the file at the installed location
OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen.Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt and Dug Songremoved many bugs, added newer features and created Open SSH Markus Friedlcontributed the support for SSH protocol versions 1.4 and 2.0
ssh-add(1)
ATTRIBUTES
SEE ALSO
AUTHORS
Trang 28ssh-agent – authentication agent
ssh-agent [-c | -s ] [-k] [command [args…]]
ssh-agentis a program to hold private keys used for public key authentication(RSA, DSA) ssh-agent is often started at the beginning of a login session All otherwindows or programs are started as clients to the ssh-agent program Through use
of environment variables, the agent can be located and automatically used for
authentication when logging in to other machines using ssh(1) (See System
Administration Guide: Security Services.)
If a command line is given, this is executed as a subprocess of the agent When thecommand dies, so does the agent
The agent initially does not have any private keys Keys are added using ssh-add(1),which sends the identity to the agent Several identities can be stored in the agent; theagent can automatically use any of these identities Use the -l option in ssh-add(1)
to display the identities currently held by the agent
The agent is run in the user’s local host Authentication data need not be stored on anyother machine, and authentication passphrases never go over the network However,
if the connection to the agent is forwarded over SSH remote logins, the user can usethe privileges given by the identities anywhere in the network in a secure way
There are two main ways to get an agent setup Either you let the agent start a newsubcommand into which some environment variables are exported, or you let theagent print the needed shell commands (either sh(1) or csh(1) syntax can begenerated) which can be evalled in the calling shell Later, use ssh(1) to look at thesevariables and use them to establish a connection to the agent
A unix-domain socket is created (/tmp/ssh-XXXXXXXX/agent.pid) and the name of
this socket is stored in the SSH_AUTH_SOCK environment variable The socket is madeaccessible only to the current user This method is easily abused by root or anotherinstance of the same user
The SSH_AGENT_PID environment variable holds the agent’s PID
The agent exits automatically when the command given on the command lineterminates
The following options are supported:
-c Generates C-shell commands on stdout This is the default if SHELL
indicates that it is a csh style of shell
-k Kills the current agent (given by the SSH_AGENT_PID environment
variable)
-s Generates Bourne shell commands on stdout This is the default if SHELL
does not indicate that it is a csh style of shell
The following exit values are returned:
Trang 29See attributes(5) for descriptions of the following attributes:
ssh(1), ssh-add(1), ssh-keygen(1), sshd(1M), attributes(5)
System Administration Guide: Security Services
To view license terms, attribution, and copyright for OpenSSH, the default path is/var/sadm/pkg/SUNWsshdr/install/copyright If the Solaris operatingenvironment has been installed anywhere other than the default, modify the givenpath to access the file at the installed location
OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen.Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt and Dug Songremoved many bugs, added newer features and created Open SSH Markus Friedlcontributed the support for SSH protocol versions 1.4 and 2.0
Trang 30ssh-http-proxy-connect – Secure Shell proxy for HTTP
/usr/lib/ssh/ssh-http-proxy-connect [-h http_proxy_host] [-p http_proxy_port] connect_host connect_port
A proxy command for ssh(1) that uses HTTP CONNECT Typical use is whereconnections external to a network are only allowed via a proxy web server
The following options are supported:
-hhttp_proxy_host Specifies the proxy web server through which to
connect Overrides the HTTPPROXY and http_proxyenvironment variables if they are set
-phttp_proxy_port Specifies the port on which the proxy web server runs
If not specified, port 80 is assumed Overrides theHTTPPROXYPORTand http_proxy environmentvariables if they are set
The following operands are supported:
http_proxy_host The host name or IP address (IPv4 or IPv6) of the
proxy
http_proxy_port The numeric port number to connect to on
http_proxy_host.
connect_host The name of the remote host to which the proxy web
server is to connect you
connect_port The numeric port number of the proxy web server to
connect you to on http_proxy_host.
The recommended way to use a proxy connection command is to configure theProxyCommandin ssh_config(4) (see Example 1 and Example 2) Example 3 showshow the proxy command can be specified on the command line when running ssh(1)
EXAMPLE 1Setting the proxy from the environment
The following example uses ssh-http-proxy-connect in ssh_config(4) whenthe proxy is set from the environment:
Host playtime.foo.com ProxyCommand /usr/lib/ssh/ssh-http-proxy-connect \ playtime.foo.com 22
EXAMPLE 2Overriding proxy environment variables
The following example uses ssh-http-proxy-connect in ssh_config(4) tooverride (or if not set) proxy environment variables:
Host playtime.foo.com ProxyCommand /usr/lib/ssh/ssh-http-proxy-connect -h webcache \
Trang 31EXAMPLE 2Overriding proxy environment variables (Continued)
-p 8080 playtime.foo.com 22
EXAMPLE 3Using the command line
The following example uses ssh-http-proxy-connect from the ssh(1) commandline:
example$ ssh -o’ProxyCommand="/usr/lib/ssh/ssh-http-proxy-connect \ -h webcache -p 8080 playtime.foo.com 22"’ playtime.foo.com
HTTPPROXY Takes the http_proxy_host operand to specify the default
proxy host Overrides http_proxy if both are set.HTTPPROXYPORT Takes the http_proxy_port operand to specify the default
proxy port Ignored if HTTPPROXY is not set
http_proxy URL format for specifying proxy host and port
The following exit values are returned:
0 Successful completion
1 An error occurred
See attributes(5) for descriptions of the following attributes:
ssh(1), ssh-socks5–proxy-connect(1), ssh_config(4), attributes(5)
Trang 32ssh-keygen – authentication key generation
ssh-keygen [-q] [-t type] [-b bits ] [-N new_passphrase] [-C comment] [-f output_keyfile]
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
Each user wishing to use SSH with RSA or DSA authentication normally runs thisonce to create the authentication key in $HOME/.ssh/identity or
$HOME/.ssh/id_dsa The system administrator may also use this to generate hostkeys
Ordinarily, this program generates the key and asks for a file in which to store theprivate key The public key is stored in a file with the same name but with the ‘‘.pub’’extension appended The program also asks for a passphrase The passphrase may beempty to indicate no passphrase (host keys must have empty passphrases), or it may
be a string of arbitrary length Good passphrases are 10-30 characters long and are notsimple sentences or otherwise easy to guess (English prose has only 1-2 bits ofentropy per word, and provides very poor passphrases.) The passphrase can bechanged later by using the -p option
There is no way to recover a lost passphrase If the passphrase is lost or forgotten, youwill have to generate a new key and copy the corresponding public key to othermachines
For RSA, there is also a comment field in the key file that is only for convenience to the
user to help identify the key The comment can tell what the key is for, or whatever is
useful The comment is initialized to ‘‘user@host’’ when the key is created, but can
be changed using the -c option
After a key is generated, instructions below detail where to place the keys to activatethem
The following options are supported:
Trang 33-bbits Specifies the number of bits in the key to create The minimum
number is 512 bits Generally, 1024 bits is considered sufficient.Key sizes above that no longer improve security but make thingsslower The default is 1024 bits
-c Requests changing the comment in the private and public key files
The program will prompt for the file containing the private keys,for the passphrase if the key has one, and for the new comment.-Ccomment Provides the new comment
-f Specifies the filename of the key file
-l Shows the fingerprint of the specified private or public key file.-Nnew_passphrase Provides the new passphrase.
-p Requests changing the passphrase of a private key file instead of
creating a new private key The program will prompt for the filecontaining the private key, for the old passphrase, and will prompttwice for the new passphrase
-Ppassphrase Provides the (old) passphrase
-q Silences ssh-keygen Used by /etc/rc when creating a new
key
-R If RSA support is functional, immediately exits with code 0 If RSA
support is not functional, exits with code 1 This flag will beremoved once the RSA patent expires
-ttype Specifies the algorithm used for the key, where type is one of rsa,
dsa, and rsa1 Type rsa1 is used only for the SSHv1 protocol-x Reads a private OpenSSH DSA format file and prints an
SSH2-compatible public key to stdout
-X Reads an unencrypted SSH2-compatible private (or public) key file
and prints an OpenSSH compatible private (or public) key tostdout
-y Reads a private OpenSSH DSA format file and prints an OpenSSH
DSA public key to stdout
The following exit values are returned:
0 Successful completion
1 An error occurred
$HOME/.ssh/identityContains the RSA authentication identity of the user This file should not bereadable by anyone but the user It is possible to specify a passphrase whengenerating the key; that passphrase will be used to encrypt the private part of this
ssh-keygen(1)
EXIT STATUS
FILES
Trang 34file using 3DES This file is not automatically accessed by ssh-keygen, but it isoffered as the default file for the private key sshd(1M) will read this file when alogin attempt is made.
$HOME/.ssh/identity.pubContains the public key for authentication The contents of this file should be added
to $HOME/.ssh/authorized_keys on all machines where you wish to log inusing RSA authentication There is no need to keep the contents of this file secret
$HOME/.ssh/id_dsaContains the DSA authentication identity of the user This file should not bereadable by anyone but the user It is possible to specify a passphrase whengenerating the key; that passphrase will be used to encrypt the private part of thisfile using 3DES This file is not automatically accessed by ssh-keygen but it isoffered as the default file for the private key sshd(1M) will read this file when alogin attempt is made
$HOME/.ssh/id_dsa.pubContains the public key for authentication The contents of this file should be added
to $HOME/.ssh/authorized_keys on all machines where you wish to log inusing DSA authentication There is no need to keep the contents of this file secret.See attributes(5) for descriptions of the following attributes:
ssh(1), ssh-add(1), ssh-agent(1), sshd(1M), attributes(5)
To view license terms, attribution, and copyright for OpenSSH, the default path is/var/sadm/pkg/SUNWsshdr/install/copyright If the Solaris operatingenvironment has been installed anywhere other than the default, modify the givenpath to access the file at the installed location
ssh-keygen(1)
ATTRIBUTES
SEE ALSO
Trang 35ssh-socks5-proxy-connect – Secure Shell proxy for SOCKS5
/usr/lib/ssh/ssh-socks5-proxy-connect [-h socks5_proxy_host] [-p socks5_proxy_port] connect_host connect_port
A proxy command for ssh(1) that uses SOCKS5 (RFC 1928) Typical use is whereconnections external to a network are only allowed via a socks gateway server.This proxy command does not provide any of the SOCKS5 authentication mechanismsdefined in RFC 1928 Only anonymous connections are possible
The following options are supported:
-hsocks5_proxy_host Specifies the proxy web server through which to
connect Overrides the SOCKS5_SERVER environmentvariable
-psocks5_proxy_port Specifies the port on which the proxy web server runs
If not specified, port 80 is assumed Overrides theSOCKS5_PORTenvironment variable
The following operands are supported:
socks5_proxy_host The host name or IP address (IPv4 or IPv6) of the
proxy
socks5_proxy_port The numeric port number to connect to on
socks5_proxy_host.
connect_host The name of the remote host to which the socks
gateway is to connect you
connect_port The numeric port number of the socks gateway to
connect you to on connect_host.
The recommended way to use a proxy connection command is to configure theProxyCommandin ssh_config(4) (see Example 1 and Example 2) Example 3 showshow the proxy command can be specified on the command line when running ssh(1)
EXAMPLE 1Setting the proxy from the environment
The following example uses ssh-socks5-proxy-connect in ssh_config(4) whenthe proxy is set from the environment:
Host playtime.foo.com ProxyCommand /usr/lib/ssh/ssh-socks5-proxy-connect \ playtime.foo.com 22
EXAMPLE 2Overriding proxy environment variables
The following example uses ssh-socks5-proxy-connect in ssh_config(4) tooverride (or if not set) proxy environment variables:
Trang 36EXAMPLE 2Overriding proxy environment variables (Continued)
Host playtime.foo.com ProxyCommand /usr/lib/ssh/ssh-socks5-proxy-connect -h socks-gw \ -p 1080 -n 192.168.100.2 playtime.foo.com 22
EXAMPLE 3Using the command line
The following example uses ssh-socks5-proxy-connect from the ssh(1)command line:
example$ ssh -o’ProxyCommand=/usr/lib/ssh/ssh-socks5-proxy-connect \ -h socks-gw -p 1080 playtime.foo.com 22’ playtime.foo.com
SOCKS5_SERVER Takes socks5_proxy_host operand to specify the default
See attributes(5) for descriptions of the following attributes:
ssh(1), ssh-http–proxy-connect(1), ssh_config(4), attributes(5)
Trang 37strchg, strconf – change or query stream configuration
configuration of that stream
Invoked without any arguments, strconf prints a list of all the modules in thestream as well as the topmost driver The list is printed with one name per line wherethe first name printed is the topmost module on the stream (if one exists) and the lastitem printed is the name of the driver
The following options apply to strchg and, -h, -f, and -p are mutually exclusive.-hmodule1 [ , module2 ]
Mnemonic for push, pushes modules onto a stream It takes as arguments the
names of one or more pushable streams modules These modules are pushed in
order; that is, module1 is pushed first, module2 is pushed second, etc.
-p
Mnemonic for pop, pops modules off the stream With the -p option alone, strchg
pops the topmost module from the stream
-amodule
Pop all the modules above the topmost driver off the stream This option requiresthe -p option
-umodule
All modules above, but not including module are popped off the stream This option
requires the -p option
-ffilename
Specify a filename that contains a list of modules representing the desired
configuration of the stream Each module name must appear on a separate linewhere the first name represents the topmost module and the last name representsthe module that should be closest to the driver strchg will determine the currentconfiguration of the stream and pop and push the necessary modules in order toend up with the desired configuration
The following options apply to strconf and, -m and -t are mutually exclusive.-mmodule Determine if the named module is present on a stream If it is,
strconfprints the message yes and returns zero If not,
Trang 38strconfprints the message no and returns a non-zero value The-tand -m options are mutually exclusive.
-tmodule Print only the topmost module (if one exists) The -t and -m
options are mutually exclusive
EXAMPLE 1Using the strchg Command
The following command pushes the module ldterm on the stream associated withthe user’s standard input:
example% strchg -h ldtermThe following command pops the topmost module from the stream associated with/dev/term/24 The user must be the owner of this device or the super user
example% strchg -p < /dev/term/24
If the file fileconf contains the following:
ttcompat ldterm ptemthen the commandexample% strchg -f fileconfwill configure the user’s standard input stream so that the module ptem is pushedover the driver, followed by ldterm and ttcompat closest to the stream head.The strconf command with no arguments lists the modules and topmost driver onthe stream; for a stream that has only the module ldterm pushed above the zs driver,
it would produce the following output:
ldterm zsThe following command asks if ldterm is on the stream:
example% strconf -m ldtermand produces the following output while returning an exit status of 0:
yesSee attributes(5) for descriptions of the following attributes:
Trang 39strchgreturns zero on success It prints an error message and returns non-zero statusfor various error conditions, including usage error, bad module name, too many
modules to push, failure of an ioctl on the stream, or failure to open filename from the
-foption
strconfreturns zero on success (for the -m or -t option, "success" means the named
or topmost module is present) It returns a non-zero status if invoked with the -m or-toption and the module is not present It prints an error message and returnsnon-zero status for various error conditions, including usage error or failure of anioctlon the stream
If the user is neither the owner of the stream nor the super-user, the strchg commandwill fail If the user does not have read permissions on the stream and is not the superuser, the strconf command will fail
If modules are pushed in the wrong order, one could end up with a stream that doesnot function as expected For ttys, if the line discipline module is not pushed in thecorrect place, one could have a terminal that does not respond to any commands
strchg(1)
DIAGNOSTICS
NOTES
Trang 40strings – find printable strings in an object or binary file
strings [-a | -] [-t format | -o] [-n number | -number] [file…]
The strings utility looks for ASCII strings in a binary file A string is any sequence of
4 or more printing characters ending with a newline or a null character
stringsis useful for identifying random object files and many other things
The following options are supported:
-a|− Look everywhere in the file for strings If this flag is
omitted, strings only looks in the initialized dataspace of object files
-n number | -number Use a number as the minimum string length rather than
the default, which is 4
-t format Write each string preceded by its byte offset from the
start of the file The format is dependent on the single
character used as the format option-argument:
d The offset will be written in decimal
o The offset will be written in octal
x The offset will be written in hexadecimal.The following operand is supported:
file A path name of a regular file to be used as input If no file operand is
specified, the strings utility will read from the standard input
See environ(5) for descriptions of the following environment variables that affect theexecution of strings: LC_CTYPE, LC_MESSAGES, and NLSPATH
The following exit values are returned:
0 Successful completion
>0 An error occurred
See attributes(5) for descriptions of the following attributes: