lsh(1) secsh (SSH2) client




CAUTION! The information in this manpage may be invalid or outdated. For authorative information on lsh, please see it's Texinfo manual (see the SEE ALSO section).

Connects to the the remote machine HOST, and perform one or more actions, i.e. command execution, various forwarding services. The default action is to start a remote interactive shell or execute a given command on the remote machine.


When a new hostkey is received, append an ACL expressing trust in the key. In sloppy mode, the default is ~/.lsh/captured_keys.
Enable DH support (default, unless SRP is being used).
By default, ~/.lsh/host-acls
-i, --identity=Identity key
Use this key to authenticate.
Disable DH support.
Don't try publickey user authentication.
Disable experimental SRP support (default).
Try publickey user authentication (default).
Allow untrusted hostkeys.
Enable experimental SRP support.
Never, never, ever trust an unknown hostkey. (default)
Print huge amounts of debug information
--log-file=File name
Append messages to this file.
-q, --quiet
Suppress all warnings and diagnostic messages
Detailed trace
-v, --verbose
Verbose diagnostic messages
Algorithm selection:
-c, --crypto=Algorithm
List supported algorithms.
-m, --mac=Algorithm
-z, --compression[=Algorithm]
Default is zlib.
Program to use for reading passwords. Should be an absolute filename.
-l, --user=User name
Login as this user.
-p, --port=Port
Connect to this port.
-B, --background
Put process into the background. Implies -N.
-D, --forward-socks[=port] Enable socks dynamic forwarding
-E, --execute=command
Execute a command on the remote machine
-L, --forward-local-port=local-port:target-host:target-port
-N, --nop
No operation (suppresses the default action, which is to spawn a remote shell)
Connect to given subsystem. Implies --no-pty.
-S, --shell=command
Spawn a remote shell
Universal not:
-n, --no
Inverts the effect of the next modifier
Modifiers that apply to port forwarding:
-g, --remote-peers
Allow remote access to forwarded ports
Disallow remote access to forwarded ports (default).
Modifiers that apply to remote execution:
Detach from terminal at session end.
Do not detach session at end, wait for all open channels (default).
Don't request a remote pty.
Redirect stderr to /dev/null
Redirect stdin from /dev/null
Redirect stdout to /dev/null
Redirect stderr
Redirect stdin
Redirect stdout
-t, --pty
Request a remote pty (default).
Miscellaneous options:
-e, --escape-char=Character
Escape char. `none' means disable. Default is to use `~' if we have a tty, otherwise none.
Make -B write the pid of the backgrounded process to stdout.
-G, --gateway
Setup a local gateway
-R, --forward-remote-port=remote-port:target-host:target-port
Disable X11 forwarding (default).
-x, --x11-forward
Enable X11 forwarding.
-?, --help
Give this help list
Give a short usage message
-V, --version
Print program version



is the default file used for storing keys captured when connecting to hosts with keys not previously accepted (see the --capture-to option).


is the default file containing accepted keys (see the --host-db option).


is the key file lsh attempts to use by default (see the --identity option).


See the --verbose , --trace and --debug options.


Report bugs to <[email protected]>.


LSH_YARROW_SEED_FILE may be used to specify the random seed file.

LSHFLAGS may be used for passing additional parameters. The parsing order is undefined.


The lsh suite of programs is distributed under the GNU General Public License; see the COPYING and AUTHORS files in the source distribution for details.


The lsh program suite is written mainly by Niels Möller <[email protected]>.

This man-page was originally written by J.H.M. Dassen (Ray) <[email protected]>. It was modified and updated for lsh 2.0 by Pontus Freyhult <[email protected]>