vsh is a SSH2 command-line connection utility accessed from the Windows command prompt.
Using vsh
The following is the format for vsh commands:
vsh [options] [user@[domain@]]host[:port]
Options
The following table lists the command-line options that can be used with vsh commands.
Option |
Argument |
Description |
--accepthostkeys |
|
Instructs vsh to automatically accept host keys. |
|
|
The authentication methods to be used in a comma separated list. Valid methods are keyboard-interactive, publickey, password, gss-ms-kerberos, and gssapi. |
--autoreconnect |
|
Instructs the application to automatically reconnecting after being disconnected from the server. |
|
|
The cipher that the SSH2 server will use. Protocol strings or display strings are permitted. |
--check-crls |
|
Instructs the application to check certificate revocation lists (CRLs) to ensure that certificates (and any in its chain) have not been listed as revoked. |
-d |
listen-addr[:port] |
Specifies the address of the port to listen on. |
-e |
character or none |
Sets the escape character, which takes you out of vsh without disconnecting, to the specified character (e.g., "~") or "none" (which disables escape handling). See the Escape Sequences section below for more information. |
--http-proxy |
hostname[:port] |
Specifies the http proxy to be used during connection. |
--hostkeyalgorithm |
host key algorithm |
Specifies which host key algorithm to use. Valid algorithms are ssh-rsa, ssh-ed25519, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-dss, pgp, x509v3-sign-rsa, x509v3-ssh-rsa, x509v3-sign-dss, and x509v3-ssh-dss. Note: The administrative policy for host key algorithms has precedence over the command line option. |
|
|
The identity file to use for public-key authentication or a PKCS #12 file to use for X.509 authentication. vsh also supports accessing certificates through PKCS #11. The locator prefix (e.g., “pkcs11::”) and suffix (e.g., “::standard”) specify which public-key algorithm to use. To use this feature, specify a string similar to one of the following examples but using your PKCS #11 .dll file: pkcs11::prov=c:\windows\system32\opensc-pkcs11.dll pkcs11::prov=c:\windows\system32\pkcs11.dll::cert The above examples use the x509v3-sign-rsa algorithm. pkcs11::prov=c:\windows\system32\opensc-pkcs11.dll::standard The above example uses the x509v3-sign-rsa-sha1 algorithm. pkcs11key::prov=c:\windows\system32\pkcs11.dll The above example uses the ssh-rsa algorithm, which can be used to send the certificate as a raw key. |
--kex |
KEX |
Specifies which key exchange algorithm to use. Valid algorithms are diffie-hellman, diffie-hellman-group14, diffie-hellman-group, diffie-hellman-group-exchange-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, Kerberos, and any OID in dotted number format) supported by the GSSAPI provider. |
|
|
The remote username. |
|
|
The port forward for the connection. |
--log |
file |
Specifies the file where vsh will log all output, in addition to sending it to the console. If the file does not exist, vsh will create it; or, if the file does exist, vsh will append the output to it. If used in combination with the -v (verbose) option, the extra verbose output will also be logged. |
-m |
|
The MAC that the SSH2 server will use. |
|
|
Fails if prompted for user input. |
--nopty |
|
Causes vsh not to allocate a tty. By default, vsh requests a tty if no command is specified on the command line. |
--noshell |
|
Causes vsh not to request a shell; this is useful if the remote system does not allow shell access but does allow port forwarding. |
|
port |
The port to be used during connection. |
|
|
The passphrase for your private key. |
--pty |
|
Causes vsh to allocate a tty even if a command is given. By default, vsh does not request a tty if a command is specified on the command line. |
|
|
Your user password. Valid with password and keyboard-interactive authentication. |
--remote |
[remote-listen-addr:] remote-listen-port: dest-addr: dest-port |
The reverse port forward for the connection. |
|
|
|
|
|
Socks version 5 server to be used during connection. |
--spn |
hostname |
Allows you to manually specify the SPN (Service Principal Name). The SPN is almost always of the form host@<server canonical name>. An example of a valid string is "host@mail.mydomain.com". If the server is in a different Kerberos realm, the realm name may need to be appended (e.g., host@mail.mydomain.com@KRBS.MYDOMAIN.COM. |
--subsystem |
subsystem name |
Starts named SSH subsystem when connection is established. |
|
|
Displays verbose connection debug information. |
-x |
|
Disable X11 forwarding . |
|
|
The compression level (0-9). By default, the compression level is set to 5. Setting the level to 0 turns off compression. When compression is on, vsh attempts to use zlib@openssh.com, zlib, and no compression, in that order, when making a connection. |
|
|
Displays usage. |
Escape Sequences
vsh supports a number of functions by using escape characters. A single tilde character can be sent entering the sequence ~~ or by following a tilde with a character other than those listed below. The escape sequences must always follow a newline.
Escape Sequence |
Function |
~~ |
Send a ~ |
~. |
Disconnect |
~^Z |
Put Linux versions of vsh into the background Note: This escape sequence will not work under vsh running on Windows. |
~? |
Display a list of escape characters |
~R |
Request re-keying of the connection (only useful for SSH protocol version 2 and only if the peer supports it) |
~# |
List open channels |
Examples
The following are examples of remote execution operations using the vsh command-line.
Move Files (UNIX remote)
In this example, vsh will fail if user intervention is required. vsh will use the specified private key "C:\keys\Identity" to authenticate with "redhat.com" using the " goodman" account. After successful authentication, the command "mv /test/*.dat /results" will be executed to move all files in the "/test" directory ending with ".dat" to the "/results" directory.
vsh –noprompt –i "C:\keys\Identity" goodman@redhat.com "mv /test/*.dat /results"
Delete Files (UNIX Remote)
In this example, vsh will use "password" authentication to authenticate the " johnson" account using the password "passw0rd" onto " chronos". Communication will occur over port "22". After authentication, all files beginning with "2003" and ending with ".dat" will be removed from the "/ dep" directory. A terminal session will then be requested.
vsh –auth password –l johnson –pw passw0rd –p 22 –pty chronos " rm / dep/2003*.dat"
Execute Shell Script (UNIX Remote)
vsh will authenticate "bleaker" on "redhat.com" using the private key "C:\keys\Identity" using public key authentication. After authenticating, it will run the script "/ usr/scripts/validate"
vsh –i "C:\keys\Identity" bleaker@redhat.com / usr/scripts/validate