SERVER-64352 mongo shell no longer built by default

5 files changed, 0 insertions, 1873 deletions

diff --git a/debian/mongo.1 b/debian/mongo.1
deleted file mode 100644
index 0c75ba44b4f..00000000000
--- a/debian/mongo.1
+++ /dev/null
@@ -1,1861 +0,0 @@
-.TH mongo 1
-.SH LEGACY MONGO SHELL
-The \fBmongo\f1 shell has been deprecated in MongoDB v5.0. The
-replacement is \fBmongosh\f1\f1\&.
-.PP
-Older \fBmongo\f1 shell documentation is included with the
-corresponding documentation for that \fBMongoDB\f1 release.
-.PP
-\fIQuick Links to prior versions\f1
-.RS
-.IP \(bu 2
-mongo shell v4.4 (https://docs.mongodb.com/v4.4/mongo/)
-.IP \(bu 2
-mongo shell v4.2 (https://docs.mongodb.com/v4.2/mongo/)
-.IP \(bu 2
-mongo shell v4.0 (https://docs.mongodb.com/v4.0/mongo/)
-.RE
-.PP
-See \fBComparison of the mongo\f1 Shell and mongosh\f1\f1 for more information.
-.SH DESCRIPTION
-.PP
-\fBmongo\f1\f1 is an interactive JavaScript shell interface to
-MongoDB, which provides a powerful interface for system
-administrators as well as a way for developers to test queries and
-operations directly with the database. \fBmongo\f1\f1 also provides
-a fully functional JavaScript environment for use with a MongoDB.
-.PP
-The \fBmongo\f1\f1 shell is included as part of the \fBMongoDB
-server installation\f1\&. If you have already installed the
-server, the \fBmongo\f1\f1 shell is installed to the same location
-as the server binary.
-.PP
-Alternatively, if you would like to download the \fBmongo\f1\f1
-shell separately from the MongoDB Server, you can install the shell as
-a standalone package by following these steps:
-.RS
-.IP \(bu 2
-Access the Download Center for your Edition of MongoDB:
-.RS
-.IP \(bu 4
-MongoDB Community Download Center (https://www.mongodb.com/try/download/community?tck=docs_server)
-.IP \(bu 4
-MongoDB Enterprise Download Center (https://www.mongodb.com/try/download/enterprise?tck=docs_server)
-.RE
-.IP \(bu 2
-Select your preferred Version and Platform
-from the dropdowns.
-.IP \(bu 2
-Select the Package to download according to your
-platform:
-.RS
-.IP \(bu 4
-.RS
-.IP \(bu 6
-Platform
-.IP \(bu 6
-Download Package
-.RE
-.IP \(bu 4
-.RS
-.IP \(bu 6
-Windows
-.IP \(bu 6
-Select the \fBzip\f1 package to download an archive which
-includes the \fBmongo\f1\f1 shell.
-.RE
-.IP \(bu 4
-.RS
-.IP \(bu 6
-macOS
-.IP \(bu 6
-Select the \fBtgz\f1 package to download an archive which
-includes the \fBmongo\f1\f1 shell.
-.RE
-.IP \(bu 4
-.RS
-.IP \(bu 6
-Linux
-.IP \(bu 6
-Select the \fBtgz\f1 package to download the
-\fBmongo\f1\f1 shell.
-.RE
-.RE
-.IP \(bu 2
-Copy the \fBmongo\f1\f1 shell from the archive to a location on
-your filesystem.
-.RE
-.PP
-For additional installation guidance specific to your platform, or to
-install the \fBmongo\f1\f1 shell as part of a MongoDB Server
-installation, see the \fBinstallation guide for your platform\f1\&.
-.RS
-.IP \(bu 2
-Starting in MongoDB 4.2 (and 4.0.13), the \fBmongo\f1\f1 shell displays a
-warning message when connected to non\-genuine MongoDB instances as
-these instances may behave differently from the official MongoDB
-instances; e.g. missing or incomplete features, different feature
-behaviors, etc.
-.IP \(bu 2
-Starting in version 4.0, \fBmongo\f1\f1 disables support for TLS 1.0
-encryption on systems where TLS 1.1+ is available. For
-more details, see \fBDisable TLS 1.0\f1\&.
-.RE
-.SH SYNTAX
-.RS
-.IP \(bu 2
-You can run \fBmongo\f1\f1 shell without any command\-line
-options use the default settings:
-.IP
-.EX
-  mongo
-.EE
-.IP \(bu 2
-You can run \fBmongo\f1\f1 shell with a \fBconnection string\f1 that specifies the host and port and
-other connection options. For example, the following includes the
-\fBtls\f1\f1:
-.IP
-.EX
-  mongo "mongodb://mongodb0.example.com:27017/testdb?tls=true"
-.EE
-.IP
-The \fBtls\f1\f1 option is available starting in MongoDB 4.2. In
-earlier version, use the \fBssl\f1\f1 option.
-.IP
-To connect \fBmongo\f1\f1 shell to a replica set, you can
-specify in the \fBconnection string\f1 the replica set members and name:
-.IP
-.EX
-  mongo "mongodb://mongodb0.example.com.local:27017,mongodb1.example.com.local:27017,mongodb2.example.com.local:27017/?replicaSet=replA"
-.EE
-.IP
-For more information on the connection string options, see
-\fBConnection String URI Format\f1\&.
-.IP \(bu 2
-You can run \fBmongo\f1\f1 shell with various command\-line
-options. For example:
-.IP
-.EX
-  mongo \-\-host mongodb0.example.com:27017 [additional options]
-  
-  mongo \-\-host mongodb0.example.com \-\-port 27017 [additional options]
-.EE
-.IP
-For more information on the options available, see \fBOptions\f1\&.
-.RE
-.SH OPTIONS
-.RS
-.IP \(bu 2
-MongoDB deprecates the SSL options and instead adds new
-corresponding TLS options.
-.RE
-.SS CORE OPTIONS
-.PP
-\fBmongo \-\-shell\f1
-.RS
-.PP
-Enables the shell interface. If you invoke the \fBmongo\f1\f1 command
-and specify a JavaScript file as an argument, or use \fB\-\-eval\f1\f1 to
-specify JavaScript on the command line, the \fB\-\-shell\f1\f1 option
-provides the user with a shell prompt after the file finishes executing.
-.RE
-.PP
-\fBmongo \-\-nodb\f1
-.RS
-.PP
-Prevents the shell from connecting to any database instances. Later, to
-connect to a database within the shell, see
-\fBOpening New Connections\f1\&.
-.RE
-.PP
-\fBmongo \-\-norc\f1
-.RS
-.PP
-Prevents the shell from sourcing and evaluating ~/.mongorc.js on
-start up.
-.RE
-.PP
-\fBmongo \-\-quiet\f1
-.RS
-.PP
-Silences output from the shell during the connection process.
-.RE
-.PP
-\fBmongo \-\-port\f1
-.RS
-.PP
-Specifies the port where the \fBmongod\f1\f1 or \fBmongos\f1\f1
-instance is listening. If \fB\-\-port\f1\f1 is not specified,
-\fBmongo\f1\f1 attempts to connect to port \fB27017\f1\&.
-.RE
-.PP
-\fBmongo \-\-host\f1
-.RS
-.PP
-Specifies the name of the host machine where the
-\fBmongod\f1\f1 or \fBmongos\f1\f1 is running. If this is not specified,
-\fBmongo\f1\f1 attempts to connect to a MongoDB process running on
-the localhost.
-.PP
-\fBTo connect to a replica set,\f1
-.RS
-.PP
-Specify the \fBreplica set name\f1\f1
-and a seed list of set members. Use the following form:
-.PP
-.EX
-  <replSetName>/<hostname1><:port>,<hostname2><:port>,<...>
-.EE
-.RE
-.PP
-\fBFor TLS/SSL connections (\-\-ssl\f1),\f1
-.RS
-.PP
-\fBmongosh\f1\f1 verifies that the hostname (specified
-in \fB\-\-host\f1\f1 option or the connection string)
-matches the \fBSAN\f1 (or, if \fBSAN\f1 is not present, the \fBCN\f1) in
-the certificate presented by the \fBmongod\f1\f1 or
-\fBmongos\f1\f1\&. If \fBSAN\f1 is present, \fBmongosh\f1\f1
-does not match against the \fBCN\f1\&. If the hostname does not match
-the \fBSAN\f1 (or \fBCN\f1), \fBmongosh\f1\f1 will fail to
-connect.
-.PP
-Starting in MongoDB 4.2, when performing comparison of SAN, MongoDB
-supports comparison of DNS names or IP addresses. In previous versions,
-MongoDB only supports comparisons of DNS names.
-.RE
-.PP
-\fBFor DNS seedlist connections (https://docs.mongodb.com/manual/reference/connection\-string/#dns\-seedlist\-connection\-format/),\f1
-.RS
-.PP
-Specify the connection protocol as \fBmongodb+srv\f1, followed by
-the DNS SRV hostname record and any options. The \fBauthSource\f1
-and \fBreplicaSet\f1 options, if included in the connection string,
-will override any corresponding DNS\-configured options set in the
-TXT record. Use of the \fBmongodb+srv:\f1 connection string
-implicitly enables TLS/SSL (normally set with \fBssl=true\f1) for
-the client connection. The TLS/SSL option can be turned off by
-setting \fBssl=false\f1 in the query string.
-.PP
-Example:
-.PP
-.EX
-  mongodb+srv://server.example.com/?connectionTimeout=3000ms
-.EE
-.RE
-.RE
-.PP
-\fBmongo \-\-eval\f1
-.RS
-.PP
-Evaluates a JavaScript expression that is specified as an argument.
-\fBmongo\f1\f1 does not load its own environment when evaluating code.
-As a result many options of the shell environment are not available.
-.RE
-.PP
-\fBmongo \-\-username\f1, \fBmongo \-u\f1
-.RS
-.PP
-Specifies a username with which to authenticate to a MongoDB database
-that uses authentication. Use in conjunction with the \fB\-\-password\f1\f1 and
-\fB\-\-authenticationDatabase\f1\f1 options.
-.PP
-If connecting to a MongoDB Atlas (https://www.mongodb.com/cloud/atlas?tck=docs_server) cluster
-using the \fBMONGODB\-AWS\f1 \fBauthentication mechanism\f1\f1, specify your AWS access key ID in this
-field, or in the \fBconnection string\f1\&. Alternatively, this value may
-also be supplied as the environment variable \fBAWS_ACCESS_KEY_ID\f1\&.
-See \fBConnect to a MongoDB Atlas Cluster using AWS IAM Credentials\f1\&.
-.RE
-.PP
-\fBmongo \-\-password\f1, \fBmongo \-p\f1
-.RS
-.PP
-Specifies a password with which to authenticate to a MongoDB database
-that uses authentication. Use in conjunction with the \fB\-\-username\f1\f1
-and \fB\-\-authenticationDatabase\f1\f1 options. To force \fBmongo\f1\f1 to
-prompt for a password, enter the \fB\-\-password\f1\f1 option as the
-last option and leave out the argument.
-.PP
-If connecting to a MongoDB Atlas (https://www.mongodb.com/cloud/atlas?tck=docs_server) cluster
-using the \fBMONGODB\-AWS\f1 \fBauthentication mechanism\f1\f1, specify your AWS secret access key in
-this field, or in the \fBconnection string\f1\&.  Alternatively, this value may
-also be supplied as the environment variable
-\fBAWS_SECRET_ACCESS_KEY\f1\&. See
-\fBConnect to a MongoDB Atlas Cluster using AWS IAM Credentials\f1\&.
-.RE
-.PP
-\fBmongo \-\-apiVersion\f1
-.RS
-.PP
-Specifies the \fBapiVersion\f1\&. \fB"1"\f1 is
-currently the only supported value.
-.RE
-.PP
-\fBmongo \-\-apiStrict\f1
-.RS
-.PP
-Specifies that the server will respond with \fBAPIStrictError\f1 if your application uses a command or behavior
-outside of the \fBStable API\f1\&.
-.PP
-If you specify \fB\-\-apiStrict\f1\f1, you must also specify
-\fB\-\-apiVersion\f1\f1\&.
-.RE
-.PP
-\fBmongo \-\-apiDeprecationErrors\f1
-.RS
-.PP
-Specifies that the server will respond with
-\fBAPIDeprecationError\f1 if your application
-uses a command or behavior that is deprecated in the specified
-\fBapiVersion\f1\&.
-.PP
-If you specify \fB\-\-apiDeprecationErrors\f1\f1, you must also
-specify \fB\-\-apiVersion\f1\f1\&.
-.RE
-.PP
-\fBmongo \-\-awsIamSessionToken\f1
-.RS
-.PP
-If connecting to a MongoDB Atlas (https://www.mongodb.com/cloud/atlas?tck=docs_server) cluster
-using the \fBMONGODB\-AWS\f1 \fBauthentication mechanism\f1\f1 and using session tokens in addition to
-your AWS access key ID and secret access key, specify your AWS
-session token in this field, or in the \fBconnection string\f1\&.  Alternatively, this value may
-also be supplied as the environment variable
-\fBAWS_SESSION_TOKEN\f1\&. See
-\fBConnect to a MongoDB Atlas Cluster using AWS IAM Credentials\f1\&.
-.PP
-Only valid when using the \fBMONGODB\-AWS\f1
-\fBauthentication mechanism\f1\f1\&.
-.RE
-.PP
-\fBmongo \-\-help\f1, \fBmongo \-h\f1
-.RS
-.PP
-Returns information on the options and use of \fBmongo\f1\f1\&.
-.RE
-.PP
-\fBmongo \-\-version\f1
-.RS
-.PP
-Returns the \fBmongo\f1\f1 release number.
-.RE
-.PP
-\fBmongo \-\-verbose\f1
-.RS
-.PP
-Increases the verbosity of the output of the shell during the connection
-process.
-.RE
-.PP
-\fBmongo \-\-networkMessageCompressors\f1
-.RS
-.PP
-Enables network compression for communication between this
-\fBmongo\f1\f1 shell and:
-.RS
-.IP \(bu 2
-a \fBmongod\f1\f1 instance
-.IP \(bu 2
-a \fBmongos\f1\f1 instance.
-.RE
-.PP
-You can specify the following compressors:
-.RS
-.IP \(bu 2
-\fBsnappy\f1
-.IP \(bu 2
-\fBzlib\f1 (Available starting in MongoDB 3.6)
-.IP \(bu 2
-\fBzstd\f1 (Available starting in MongoDB 4.2)
-.RE
-.PP
-Messages are compressed when both parties enable network
-compression. Otherwise, messages between the parties are
-uncompressed.
-.PP
-If you specify multiple compressors, then the order in which you list
-the compressors matter as well as the communication initiator. For
-example, if \fBmongosh\f1\f1 specifies the following network
-compressors \fBzlib,snappy\f1 and the \fBmongod\f1\f1 specifies
-\fBsnappy,zlib\f1, messages between \fBmongosh\f1\f1 and
-\fBmongod\f1\f1 uses \fBzlib\f1\&.
-.PP
-If the parties do not share at least one common compressor, messages
-between the parties are uncompressed. For example, if
-\fBmongosh\f1\f1 specifies the network compressor
-\fBzlib\f1 and \fBmongod\f1\f1 specifies \fBsnappy\f1, messages
-between \fBmongosh\f1\f1 and \fBmongod\f1\f1 are not
-compressed.
-.RE
-.PP
-\fBmongo \-\-ipv6\f1
-.RS
-.PP
-Enables IPv6 support. \fBmongo\f1\f1 disables IPv6 by default.
-.PP
-To connect to a MongoDB cluster via IPv6, you must specify
-both \fB\-\-ipv6\f1\f1 \fIand\f1
-\fB\-\-host <mongod/mongos IPv6 address>\f1\f1
-when starting the \fBmongo\f1\f1 shell.
-.PP
-\fBmongod\f1\f1 and \fBmongos\f1\f1 disable IPv6 support
-by default. Specifying \fB\-\-ipv6\f1\f1 when connecting to a
-\fBmongod/mongos\f1 does not enable IPv6 support on the
-\fBmongod/mongos\f1\&. For documentation on enabling IPv6 support
-on the \fBmongod/mongos\f1, see \fBnet.ipv6\f1\f1\&.
-.RE
-.PP
-\fBmongo <db\f1
-.RS
-.PP
-Specifies the name of the database to connect to. For
-example:
-.PP
-.EX
-  mongo admin
-.EE
-.PP
-The above command will connect the \fBmongo\f1\f1 shell to the
-\fBadmin database\f1 of the MongoDB deployment running on the local machine. You may specify a remote
-database instance, with the resolvable hostname or IP address. Separate
-the database name from the hostname using a \fB/\f1 character. See the
-following examples:
-.PP
-.EX
-  mongo mongodb1.example.net/test
-  mongo mongodb1/admin
-  mongo 10.8.8.10/test
-.EE
-.PP
-This syntax is the \fIonly\f1 way to connect to a specific database.
-.PP
-To specify alternate hosts and a database, you must use this syntax and cannot
-use \fB\-\-host\f1\f1 or \fB\-\-port\f1\f1\&.
-.RE
-.PP
-\fBmongo \-\-enableJavaScriptJIT\f1
-.RS
-.PP
-Enable the JavaScript engine\(aqs JIT compiler.
-.RE
-.PP
-\fBmongo \-\-disableJavaScriptJIT\f1
-.RS
-.PP
-The JavaScript engine\(aqs JIT compiler is now disabled by default.
-.PP
-Disables the JavaScript engine\(aqs JIT compiler.
-.RE
-.PP
-\fBmongo \-\-disableJavaScriptProtection\f1
-.RS
-.PP
-Allows fields of type \fBjavascript\f1 and
-\fBjavascriptWithScope (*Deprecated*)\f1 to be automatically
-marshalled to JavaScript functions in the \fBmongo\f1\f1
-shell.
-.PP
-With the \fB\-\-disableJavaScriptProtection\f1 flag set, it is possible
-to immediately execute JavaScript functions contained in documents.
-The following example demonstrates this behavior within the shell:
-.PP
-.EX
-  > db.test.insert({ _id: 1, jsFunc: function(){ print("hello") } } )
-  WriteResult({ "nInserted" : 1 })
-  > var doc = db.test.findOne({ _id: 1 })
-  > doc
-  { "_id" : 1, "jsFunc" : function (){ print ("hello") } }
-  > typeof doc.jsFunc
-  function
-  > doc.jsFunc()
-  hello
-.EE
-.PP
-The default behavior (when \fBmongo\f1\f1 starts \fIwithout\f1 the
-\fB\-\-disableJavaScriptProtection\f1 flag) is to convert embedded
-JavaScript functions to the non\-executable MongoDB shell type
-\fBCode\f1\&. The following example demonstrates the default behavior
-within the shell:
-.PP
-.EX
-  > db.test.insert({ _id: 1, jsFunc: function(){ print("hello") } } )
-  WriteResult({ "nInserted" : 1 })
-  > var doc = db.test.findOne({ _id: 1 })
-  > doc
-  { "_id" : 1, "jsFunc" : { "code" : "function (){print(\"hello\")}" } }
-  > typeof doc.func
-  object
-  > doc.func instanceof Code
-  true
-  > doc.jsFunc()
-  2016\-11\-09T12:30:36.808\-08:00 E QUERY    [thread1] TypeError: doc.jsFunc is
-  not a function :
-  @(shell):1:1
-.EE
-.RE
-.PP
-\fBmongo <file.js>\f1
-.RS
-.PP
-Specifies a JavaScript file to run and then exit. Generally this should
-be the last option specified.
-.PP
-To specify a JavaScript file to execute \fIand\f1 allow
-\fBmongo\f1\f1 to prompt you for a password using
-\fB\-\-password\f1\f1, pass the filename as the first parameter with
-\fB\-\-username\f1\f1 and \fB\-\-password\f1\f1 as the last options, as
-in the following:
-.PP
-.EX
-  mongo file.js \-\-username username \-\-password
-.EE
-.PP
-Use the \fB\-\-shell\f1\f1 option to return to a shell after the file
-finishes running.
-.RE
-.SS AUTHENTICATION OPTIONS
-.PP
-\fBmongo \-\-authenticationDatabase\f1
-.RS
-.PP
-Specifies the authentication database where the specified \fB\-\-username\f1\f1 has been created.
-See \fBAuthentication Database\f1\&.
-.PP
-If you do not specify a value for \fB\-\-authenticationDatabase\f1\f1, \fBmongo\f1\f1 uses the database
-specified in the connection string.
-.PP
-If using the \fBGSSAPI\f1 (Kerberos),
-\fBPLAIN\f1 (LDAP SASL), or \fBMONGODB\-AWS\f1
-\fBauthentication mechanisms\f1\f1, you
-must set \fB\-\-authenticationDatabase\f1\f1 to \fB$external\f1\&.
-.RE
-.PP
-\fBmongo \-\-authenticationMechanism\f1
-.RS
-.PP
-\fIDefault\f1: SCRAM\-SHA\-1
-.PP
-Specifies the authentication mechanism the \fBmongo\f1\f1 instance uses to
-authenticate to the \fBmongod\f1\f1 or \fBmongos\f1\f1\&.
-.PP
-With MongoDB 4.4, the \fBmongo\f1\f1 shell adds support for the
-new \fBMONGODB\-AWS\f1 authentication mechanism when connecting to a
-MongoDB Atlas (https://www.mongodb.com/cloud/atlas?tck=docs_server) cluster.
-.RS
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Value
-.IP \(bu 4
-Description
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-\fBSCRAM\-SHA\-1\f1
-.IP \(bu 4
-RFC 5802 (https://tools.ietf.org/html/rfc5802) standard
-Salted Challenge Response Authentication Mechanism using the SHA\-1
-hash function.
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-\fBSCRAM\-SHA\-256\f1
-.IP \(bu 4
-RFC 7677 (https://tools.ietf.org/html/rfc7677) standard
-Salted Challenge Response Authentication Mechanism using the SHA\-256
-hash function.
-.IP
-Requires featureCompatibilityVersion set to \fB4.0\f1\&.
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-\fBMONGODB\-X509\f1
-.IP \(bu 4
-MongoDB TLS/SSL certificate authentication.
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-\fBMONGODB\-AWS\f1
-.IP \(bu 4
-External authentication using AWS IAM credentials for use in
-connecting to a
-MongoDB Atlas (https://www.mongodb.com/cloud/atlas?tck=docs_server)
-cluster. See \fBConnect to a MongoDB Atlas Cluster using AWS IAM Credentials\f1\&.
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-\fBGSSAPI\f1 (Kerberos)
-.IP \(bu 4
-External authentication using Kerberos. This mechanism is
-available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server)\&.
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-\fBPLAIN\f1 (LDAP SASL)
-.IP \(bu 4
-External authentication using LDAP. You can also use \fBPLAIN\f1
-for authenticating in\-database users. \fBPLAIN\f1 transmits
-passwords in plain text. This mechanism is available only in
-MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server)\&.
-.RE
-.RE
-.RE
-.PP
-\fBmongo \-\-gssapiHostName\f1
-.RS
-.PP
-Specify the hostname of a service using \fBGSSAPI/Kerberos\f1\&. \fIOnly\f1 required if the hostname of a machine does
-not match the hostname resolved by DNS.
-.PP
-This option is available only in MongoDB Enterprise.
-.RE
-.PP
-\fBmongo \-\-gssapiServiceName\f1
-.RS
-.PP
-Specify the name of the service using \fBGSSAPI/Kerberos\f1\&. Only required if the service does not use the
-default name of \fBmongodb\f1\&.
-.PP
-This option is available only in MongoDB Enterprise.
-.RE
-.SS TLS OPTIONS
-.PP
-Starting in version 4.0, \fBmongo\f1\f1 disables support for TLS 1.0
-encryption on systems where TLS 1.1+ is available. For
-more details, see \fBDisable TLS 1.0\f1\&.
-.PP
-\fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 for full
-documentation of MongoDB\(aqs support.
-.PP
-\fBmongo \-\-tls\f1
-.RS
-.PP
-Enables connection to a \fBmongod\f1\f1 or \fBmongos\f1\f1 that has
-TLS/SSL support enabled.
-.PP
-Starting in version 3.2.6, if \fB\-\-tlsCAFile\f1 or \fBnet.tls.CAFile\f1
-(or their aliases \fB\-\-sslCAFile\f1 or \fBssl.CAFile\f1) is not
-specified, the system\-wide CA certificate store will be used when
-connecting to an TLS/SSL\-enabled server. In previous versions of
-MongoDB, \fBmongosh\f1\f1 exited with an error that it
-could not validate the certificate.
-.PP
-To use x.509 authentication, \fB\-\-tlsCAFile\f1 or \fBnet.tls.CAFile\f1
-must be specified unless you are using \fB\-\-tlsCertificateSelector\f1
-or \fB\-\-net.tls.certificateSelector\f1\&.
-.PP
-For more information about TLS/SSL and MongoDB, see
-\fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and
-\fBTLS/SSL Configuration for Clients\f1 .
-.RE
-.PP
-\fBmongo \-\-tlsCertificateKeyFile\f1
-.RS
-.PP
-Specifies the \&.pem file that contains both the TLS/SSL
-certificate and key for the \fBmongo\f1\f1 shell. Specify the
-file name of the \&.pem file using relative or absolute paths.
-.PP
-This option is required when using the \fB\-\-tls\f1\f1
-option to connect to a \fBmongod\f1\f1 or \fBmongos\f1\f1
-instance that requires \fBclient certificates\f1\&. That is, the
-\fBmongo\f1\f1 shell present this certificate to the server.
-.PP
-\fBmongod\f1\f1 / \fBmongos\f1\f1 logs a warning on
-connection if the presented x.509 certificate expires within \fB30\f1
-days of the \fBmongod/mongos\f1 host system time. See
-\fBx.509 Certificates Nearing Expiry Trigger Warnings\f1 for more
-information.
-.PP
-For more information about TLS/SSL and MongoDB, see
-\fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and
-\fBTLS/SSL Configuration for Clients\f1 .
-.RE
-.PP
-\fBmongo \-\-tlsCertificateKeyFilePassword\f1
-.RS
-.PP
-Specifies the password to de\-crypt the certificate\-key file (i.e.
-\fB\-\-tlsCertificateKeyFile\f1\f1).
-.PP
-Use the \fB\-\-tlsCertificateKeyFilePassword\f1\f1 option only if the
-certificate\-key file is encrypted. In all cases, the \fBmongo\f1\f1 will
-redact the password from all logging and reporting output.
-.PP
-If the private key in the PEM file is encrypted and you do not
-specify the \fB\-\-tlsCertificateKeyFilePassword\f1\f1 option, the \fBmongo\f1\f1 will prompt for a
-passphrase. See \fBTLS/SSL Certificate Passphrase\f1\&.
-.PP
-For more information about TLS/SSL and MongoDB, see
-\fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and
-\fBTLS/SSL Configuration for Clients\f1 .
-.RE
-.PP
-\fBmongo \-\-tlsCAFile\f1
-.RS
-.PP
-Specifies the \&.pem file that contains the root certificate
-chain from the Certificate Authority. This file is used to validate
-the certificate presented by the
-\fBmongod\f1\f1/\fBmongos\f1\f1 instance.
-.PP
-Specify the file name of the \&.pem file using relative or
-absolute paths.
-.PP
-Starting in version 3.2.6, if \fB\-\-tlsCAFile\f1 or \fBnet.tls.CAFile\f1
-(or their aliases \fB\-\-sslCAFile\f1 or \fBssl.CAFile\f1) is not
-specified, the system\-wide CA certificate store will be used when
-connecting to an TLS/SSL\-enabled server. In previous versions of
-MongoDB, \fBmongosh\f1\f1 exited with an error that it
-could not validate the certificate.
-.PP
-To use x.509 authentication, \fB\-\-tlsCAFile\f1 or \fBnet.tls.CAFile\f1
-must be specified unless you are using \fB\-\-tlsCertificateSelector\f1
-or \fB\-\-net.tls.certificateSelector\f1\&.
-.PP
-For more information about TLS/SSL and MongoDB, see
-\fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and
-\fBTLS/SSL Configuration for Clients\f1 .
-.RE
-.PP
-\fBmongo \-\-tlsCRLFile\f1
-.RS
-.PP
-In MongoDB 4.0 and earlier, see \fB\-\-sslCRLFile\f1\f1\&.
-.PP
-Specifies the \&.pem file that contains the Certificate Revocation
-List. Specify the file name of the \&.pem file using relative or
-absolute paths.
-.PP
-For more information about TLS/SSL and MongoDB, see
-\fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and
-\fBTLS/SSL Configuration for Clients\f1 .
-.PP
-Starting in version 4.4, to check for certificate revocation,
-MongoDB \fBenables\f1\f1 the use of OCSP
-(Online Certificate Status Protocol) by default as an alternative
-to specifying a CRL file or using the system SSL certificate
-store.
-.RE
-.PP
-\fBmongo \-\-tlsAllowInvalidHostnames\f1
-.RS
-.PP
-Disables the validation of the hostnames in the certificate presented
-by the \fBmongod\f1\f1/\fBmongos\f1\f1 instance. Allows
-\fBmongo\f1\f1 to connect to MongoDB instances even if the hostname in
-the server certificates do not match the server\(aqs host.
-.PP
-For more information about TLS/SSL and MongoDB, see
-\fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and
-\fBTLS/SSL Configuration for Clients\f1 .
-.RE
-.PP
-\fBmongo \-\-tlsAllowInvalidCertificates\f1
-.RS
-.PP
-Bypasses the validation checks for the certificates presented by the
-\fBmongod\f1\f1/\fBmongos\f1\f1 instance and allows
-connections to servers that present invalid certificates.
-.PP
-Starting in MongoDB 4.2, if you specify
-\fB\-\-tlsAllowInvalidateCertificates\f1 or
-\fBnet.tls.allowInvalidCertificates: true\f1 when using x.509
-authentication, an invalid certificate is only sufficient to
-establish a TLS connection but it is \fIinsufficient\f1 for
-authentication.
-.PP
-Although available, avoid using the
-\fB\-\-sslAllowInvalidCertificates\f1 option if possible. If the use of
-\fB\-\-sslAllowInvalidCertificates\f1 is necessary, only use the option
-on systems where intrusion is not possible.
-.PP
-If \fBmongosh\f1\f1 (and other
-\fBMongoDB Tools\f1) runs with the
-\fB\-\-sslAllowInvalidCertificates\f1 option,
-\fBmongosh\f1\f1 (and other
-\fBMongoDB Tools\f1) will not attempt to validate
-the server certificates. This creates a vulnerability to expired
-\fBmongod\f1\f1 and \fBmongos\f1\f1 certificates as
-well as to foreign processes posing as valid
-\fBmongod\f1\f1 or \fBmongos\f1\f1 instances. If you
-only need to disable the validation of the hostname in the
-TLS/SSL certificates, see \fB\-\-sslAllowInvalidHostnames\f1\&.
-.PP
-When using the \fBallowInvalidCertificates\f1\f1 setting,
-MongoDB logs as a warning the use of the invalid certificate.
-.PP
-For more information about TLS/SSL and MongoDB, see
-\fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and
-\fBTLS/SSL Configuration for Clients\f1 .
-.RE
-.PP
-\fBmongo \-\-tlsFIPSMode\f1
-.RS
-.PP
-Directs the \fBmongo\f1\f1 to use the FIPS mode of the TLS/SSL
-library. Your system must have a FIPS compliant library to use
-the \fB\-\-tlsFIPSMode\f1\f1 option.
-.PP
-FIPS\-compatible TLS/SSL is
-available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server)\&. See
-\fBConfigure MongoDB for FIPS\f1 for more information.
-.RE
-.PP
-\fBmongo \-\-tlsCertificateSelector\f1
-.RS
-.PP
-Available on Windows and macOS as an alternative to \fB\-\-tlsCertificateKeyFile\f1\f1\&.
-.PP
-The \fB\-\-tlsCertificateKeyFile\f1\f1 and \fB\-\-tlsCertificateSelector\f1\f1 options are mutually exclusive. You can only
-specify one.
-.PP
-Specifies a certificate property in order to select a matching
-certificate from the operating system\(aqs certificate store.
-.PP
-\fB\-\-tlsCertificateSelector\f1\f1 accepts an argument of the format \fB<property>=<value>\f1
-where the property can be one of the following:
-.RS
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Property
-.IP \(bu 4
-Value type
-.IP \(bu 4
-Description
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-\fBsubject\f1
-.IP \(bu 4
-ASCII string
-.IP \(bu 4
-Subject name or common name on certificate
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-\fBthumbprint\f1
-.IP \(bu 4
-hex string
-.IP \(bu 4
-A sequence of bytes, expressed as hexadecimal, used to
-identify a public key by its SHA\-1 digest.
-.IP
-The \fBthumbprint\f1 is sometimes referred to as a
-\fBfingerprint\f1\&.
-.RE
-.RE
-.PP
-When using the system SSL certificate store, OCSP (Online
-Certificate Status Protocol) is used to validate the revocation
-status of certificates.
-.PP
-\fBmongod\f1\f1 / \fBmongos\f1\f1 logs a warning on
-connection if the presented x.509 certificate expires within \fB30\f1
-days of the \fBmongod/mongos\f1 host system time. See
-\fBx.509 Certificates Nearing Expiry Trigger Warnings\f1 for more
-information.
-.RE
-.PP
-\fBmongo \-\-tlsDisabledProtocols\f1
-.RS
-.PP
-Disables the specified TLS protocols. The option recognizes the
-following protocols: \fBTLS1_0\f1, \fBTLS1_1\f1, \fBTLS1_2\f1, and
-starting in version 4.0.4 (and 3.6.9 and 3.4.24), \fBTLS1_3\f1\&.
-.RS
-.IP \(bu 2
-On macOS, you cannot disable \fBTLS1_1\f1 and leave both \fBTLS1_0\f1 and
-\fBTLS1_2\f1 enabled. You must also disable at least one of the other
-two; for example, \fBTLS1_0,TLS1_1\f1\&.
-.IP \(bu 2
-To list multiple protocols, specify as a comma separated list of
-protocols. For example \fBTLS1_0,TLS1_1\f1\&.
-.IP \(bu 2
-The specified disabled protocols overrides any default disabled
-protocols.
-.RE
-.PP
-Starting in version 4.0, MongoDB disables the use of TLS 1.0 if TLS
-1.1+ is available on the system. To enable the
-disabled TLS 1.0, specify \fBnone\f1 to \fB\-\-tlsDisabledProtocols\f1\f1\&.  See \fBDisable TLS 1.0\f1\&.
-.RE
-.SS SSL OPTIONS (DEPRECATED)
-.PP
-Starting in version 4.2, the SSL options are deprecated. Use the TLS
-counterparts instead. The SSL protocol is deprecated and MongoDB
-supports TLS 1.0 and later.
-.PP
-Starting in version 4.0, \fBmongo\f1\f1 disables support for TLS 1.0
-encryption on systems where TLS 1.1+ is available. For
-more details, see \fBDisable TLS 1.0\f1\&.
-.PP
-\fBmongo \-\-ssl\f1
-.RS
-.PP
-Use \fB\-\-tls\f1\f1 instead.
-.PP
-Enables connection to a \fBmongod\f1\f1 or \fBmongos\f1\f1 that has
-TLS/SSL support enabled.
-.PP
-Starting in version 3.2.6, if \fB\-\-tlsCAFile\f1 or \fBnet.tls.CAFile\f1
-(or their aliases \fB\-\-sslCAFile\f1 or \fBssl.CAFile\f1) is not
-specified, the system\-wide CA certificate store will be used when
-connecting to an TLS/SSL\-enabled server. In previous versions of
-MongoDB, \fBmongosh\f1\f1 exited with an error that it
-could not validate the certificate.
-.PP
-To use x.509 authentication, \fB\-\-tlsCAFile\f1 or \fBnet.tls.CAFile\f1
-must be specified unless you are using \fB\-\-tlsCertificateSelector\f1
-or \fB\-\-net.tls.certificateSelector\f1\&.
-.PP
-For more information about TLS/SSL and MongoDB, see
-\fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and
-\fBTLS/SSL Configuration for Clients\f1 .
-.RE
-.PP
-\fBmongo \-\-sslPEMKeyFile\f1
-.RS
-.PP
-Use \fB\-\-tlsCertificateKeyFile\f1\f1 instead.
-.PP
-Specifies the \&.pem file that contains both the TLS/SSL certificate
-and key. Specify the file name of the \&.pem file using relative
-or absolute paths.
-.PP
-This option is required when using the \fB\-\-ssl\f1 option to connect
-to a \fBmongod\f1\f1 or \fBmongos\f1\f1 that has
-\fBCAFile\f1\f1 enabled \fIwithout\f1
-\fBallowConnectionsWithoutCertificates\f1\f1\&.
-.PP
-For more information about TLS/SSL and MongoDB, see
-\fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and
-\fBTLS/SSL Configuration for Clients\f1 .
-.RE
-.PP
-\fBmongo \-\-sslPEMKeyPassword\f1
-.RS
-.PP
-Use \fB\-\-tlsCertificateKeyFilePassword\f1\f1 instead.
-.PP
-Specifies the password to de\-crypt the certificate\-key file (i.e.
-\fB\-\-sslPEMKeyFile\f1). Use the \fB\-\-sslPEMKeyPassword\f1\f1 option only if the
-certificate\-key file is encrypted. In all cases, the \fBmongo\f1\f1 will
-redact the password from all logging and reporting output.
-.PP
-If the private key in the PEM file is encrypted and you do not
-specify the \fB\-\-sslPEMKeyPassword\f1\f1 option, the \fBmongo\f1\f1 will prompt for a
-passphrase. See \fBTLS/SSL Certificate Passphrase\f1\&.
-.PP
-For more information about TLS/SSL and MongoDB, see
-\fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and
-\fBTLS/SSL Configuration for Clients\f1 .
-.RE
-.PP
-\fBmongo \-\-sslCAFile\f1
-.RS
-.PP
-Use \fB\-\-tlsCAFile\f1\f1 instead.
-.PP
-Specifies the \&.pem file that contains the root certificate chain
-from the Certificate Authority. Specify the file name of the
-\&.pem file using relative or absolute paths.
-.PP
-Starting in version 3.2.6, if \fB\-\-tlsCAFile\f1 or \fBnet.tls.CAFile\f1
-(or their aliases \fB\-\-sslCAFile\f1 or \fBssl.CAFile\f1) is not
-specified, the system\-wide CA certificate store will be used when
-connecting to an TLS/SSL\-enabled server. In previous versions of
-MongoDB, \fBmongosh\f1\f1 exited with an error that it
-could not validate the certificate.
-.PP
-To use x.509 authentication, \fB\-\-tlsCAFile\f1 or \fBnet.tls.CAFile\f1
-must be specified unless you are using \fB\-\-tlsCertificateSelector\f1
-or \fB\-\-net.tls.certificateSelector\f1\&.
-.PP
-For more information about TLS/SSL and MongoDB, see
-\fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and
-\fBTLS/SSL Configuration for Clients\f1 .
-.RE
-.PP
-\fBmongo \-\-sslCertificateSelector\f1
-.RS
-.PP
-Use \fB\-\-tlsCertificateSelector\f1\f1 instead.
-.PP
-Available on Windows and macOS as an alternative to \fB\-\-tlsCertificateKeyFile\f1\f1\&.
-.PP
-\fB\-\-tlsCertificateKeyFile\f1\f1 and \fB\-\-sslCertificateSelector\f1\f1 options are mutually exclusive. You can only
-specify one.
-.PP
-Specifies a certificate property in order to select a matching
-certificate from the operating system\(aqs certificate store.
-.PP
-\fB\-\-sslCertificateSelector\f1\f1 accepts an argument of the format \fB<property>=<value>\f1
-where the property can be one of the following:
-.RS
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Property
-.IP \(bu 4
-Value type
-.IP \(bu 4
-Description
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-\fBsubject\f1
-.IP \(bu 4
-ASCII string
-.IP \(bu 4
-Subject name or common name on certificate
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-\fBthumbprint\f1
-.IP \(bu 4
-hex string
-.IP \(bu 4
-A sequence of bytes, expressed as hexadecimal, used to
-identify a public key by its SHA\-1 digest.
-.IP
-The \fBthumbprint\f1 is sometimes referred to as a
-\fBfingerprint\f1\&.
-.RE
-.RE
-.PP
-When using the system SSL certificate store, OCSP (Online
-Certificate Status Protocol) is used to validate the revocation
-status of certificates.
-.RE
-.PP
-\fBmongo \-\-sslCRLFile\f1
-.RS
-.PP
-Use \fB\-\-tlsCRLFile\f1\f1 instead.
-.PP
-Specifies the \&.pem file that contains the Certificate Revocation
-List. Specify the file name of the \&.pem file using relative or
-absolute paths.
-.PP
-Starting in version 4.4, to check for certificate revocation,
-MongoDB \fBenables\f1\f1 the use of OCSP
-(Online Certificate Status Protocol) by default as an alternative
-to specifying a CRL file or using the system SSL certificate
-store.
-.PP
-For more information about TLS/SSL and MongoDB, see
-\fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and
-\fBTLS/SSL Configuration for Clients\f1 .
-.RE
-.PP
-\fBmongo \-\-sslFIPSMode\f1
-.RS
-.PP
-Use \fB\-\-tlsFIPSMode\f1\f1 instead.
-.PP
-Directs the \fBmongo\f1\f1 to use the FIPS mode of the TLS/SSL
-library. Your system must have a FIPS compliant library to use
-the \fB\-\-sslFIPSMode\f1\f1 option.
-.PP
-FIPS\-compatible TLS/SSL is
-available only in MongoDB Enterprise (http://www.mongodb.com/products/mongodb\-enterprise\-advanced?tck=docs_server)\&. See
-\fBConfigure MongoDB for FIPS\f1 for more information.
-.RE
-.PP
-\fBmongo \-\-sslAllowInvalidCertificates\f1
-.RS
-.PP
-Use \fB\-\-tlsAllowInvalidCertificates\f1\f1 instead.
-.PP
-Bypasses the validation checks for server certificates and allows
-the use of invalid certificates to connect.
-.PP
-Starting in MongoDB 4.2, if you specify
-\fB\-\-tlsAllowInvalidateCertificates\f1 or
-\fBnet.tls.allowInvalidCertificates: true\f1 when using x.509
-authentication, an invalid certificate is only sufficient to
-establish a TLS connection but it is \fIinsufficient\f1 for
-authentication.
-.PP
-Although available, avoid using the
-\fB\-\-sslAllowInvalidCertificates\f1 option if possible. If the use of
-\fB\-\-sslAllowInvalidCertificates\f1 is necessary, only use the option
-on systems where intrusion is not possible.
-.PP
-If \fBmongosh\f1\f1 (and other
-\fBMongoDB Tools\f1) runs with the
-\fB\-\-sslAllowInvalidCertificates\f1 option,
-\fBmongosh\f1\f1 (and other
-\fBMongoDB Tools\f1) will not attempt to validate
-the server certificates. This creates a vulnerability to expired
-\fBmongod\f1\f1 and \fBmongos\f1\f1 certificates as
-well as to foreign processes posing as valid
-\fBmongod\f1\f1 or \fBmongos\f1\f1 instances. If you
-only need to disable the validation of the hostname in the
-TLS/SSL certificates, see \fB\-\-sslAllowInvalidHostnames\f1\&.
-.PP
-When using the \fBallowInvalidCertificates\f1\f1 setting,
-MongoDB logs as a warning the use of the invalid certificate.
-.PP
-For more information about TLS/SSL and MongoDB, see
-\fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and
-\fBTLS/SSL Configuration for Clients\f1 .
-.RE
-.PP
-\fBmongo \-\-sslAllowInvalidHostnames\f1
-.RS
-.PP
-Use \fB\-\-tlsAllowInvalidHostnames\f1\f1 instead.
-.PP
-Disables the validation of the hostnames in TLS/SSL certificates. Allows
-\fBmongo\f1\f1 to connect to MongoDB instances even if the hostname in their
-certificates do not match the specified hostname.
-.PP
-For more information about TLS/SSL and MongoDB, see
-\fBConfigure mongod\f1 and mongos\f1 for TLS/SSL\f1 and
-\fBTLS/SSL Configuration for Clients\f1 .
-.RE
-.PP
-\fBmongo \-\-sslDisabledProtocols\f1
-.RS
-.PP
-Use \fB\-\-tlsDisabledProtocols\f1\f1 instead.
-.PP
-Disables the specified TLS protocols. The option recognizes the
-following protocols: \fBTLS1_0\f1, \fBTLS1_1\f1, \fBTLS1_2\f1, and
-starting in version 4.0.4 (and 3.6.9), \fBTLS1_3\f1\&.
-.RS
-.IP \(bu 2
-On macOS, you cannot disable \fBTLS1_1\f1 and leave both \fBTLS1_0\f1 and
-\fBTLS1_2\f1 enabled. You must also disable at least one of the other
-two; for example, \fBTLS1_0,TLS1_1\f1\&.
-.IP \(bu 2
-To list multiple protocols, specify as a comma separated list of
-protocols. For example \fBTLS1_0,TLS1_1\f1\&.
-.IP \(bu 2
-The specified disabled protocols overrides any default disabled
-protocols.
-.RE
-.PP
-Starting in version 4.0, MongoDB disables the use of TLS 1.0 if TLS
-1.1+ is available on the system. To enable the
-disabled TLS 1.0, specify \fBnone\f1 to \fB\-\-sslDisabledProtocols\f1\f1\&.  See \fBDisable TLS 1.0\f1\&.
-.RE
-.SS SESSIONS
-.PP
-\fBmongo \-\-retryWrites\f1
-.RS
-.PP
-Enables retryable writes as the default for sessions in the
-\fBmongo\f1\f1 shell.
-.PP
-For more information on sessions, see \fBClient Sessions and Causal Consistency Guarantees\f1\&.
-.RE
-.SS CLIENT-SIDE FIELD LEVEL ENCRYPTION OPTIONS
-.PP
-\fBmongo \-\-awsAccessKeyId\f1
-.RS
-.PP
-An AWS Access Key (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access\-keys.html)
-associated to an IAM user with \fBList\f1 and \fBRead\f1 permissions for the
-AWS Key Management Service (KMS). The \fBmongo\f1\f1 shell uses the specified
-\fB\-\-awsAccessKeyId\f1\f1 to access the KMS.
-.PP
-\fB\-\-awsAccessKeyId\f1\f1 is required for enabling \fBClient\-Side Field Level Encryption\f1
-for the \fBmongo\f1\f1 shell session. \fB\-\-awsAccessKeyId\f1\f1 requires \fIall\f1 of the following
-command line options:
-.RS
-.IP \(bu 2
-\fB\-\-awsSecretAccessKey\f1\f1
-.IP \(bu 2
-\fB\-\-keyVaultNamespace\f1\f1
-.RE
-.PP
-If \fB\-\-awsAccessKeyId\f1\f1 is omitted, use the \fBMongo()\f1\f1 constructor within the shell
-session to enable client\-side field level encryption.
-.PP
-To mitigate the risk of leaking access keys into logs, consider specifying
-an environmental variable to \fB\-\-awsAccessKeyId\f1\f1\&.
-.RE
-.PP
-\fBmongo \-\-awsSecretAccessKey\f1
-.RS
-.PP
-An AWS Secret Key (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access\-keys.html)
-associated to the specified \fB\-\-awsAccessKeyId\f1\f1\&.
-.PP
-\fB\-\-awsSecretAccessKey\f1\f1 is required for enabling \fBClient\-Side Field Level Encryption\f1
-for the \fBmongo\f1\f1 shell session. \fB\-\-awsSecretAccessKey\f1\f1 requires \fIall\f1 of the following
-command line options:
-.RS
-.IP \(bu 2
-\fB\-\-awsAccessKeyId\f1\f1
-.IP \(bu 2
-\fB\-\-keyVaultNamespace\f1\f1
-.RE
-.PP
-If \fB\-\-awsSecretAccessKey\f1\f1 and its supporting options are omitted, use \fBMongo()\f1\f1
-within the shell session to enable client\-side field level encryption.
-.PP
-To mitigate the risk of leaking access keys into logs, consider specifying
-an environmental variable to \fB\-\-awsSecretAccessKey\f1\f1\&.
-.RE
-.PP
-\fBmongo \-\-awsSessionToken\f1
-.RS
-.PP
-An AWS Session Token (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access\-keys.html)
-associated to the specified \fB\-\-awsAccessKeyId\f1\f1\&.
-.PP
-\fB\-\-awsSessionToken\f1\f1 is required for enabling \fBClient\-Side Field Level Encryption\f1
-for the \fBmongo\f1\f1 shell session. \fB\-\-awsSessionToken\f1\f1 requires \fIall\f1 of the following
-command line options:
-.RS
-.IP \(bu 2
-\fB\-\-awsAccessKeyId\f1\f1
-.IP \(bu 2
-\fB\-\-awsSecretAccessKey\f1\f1
-.IP \(bu 2
-\fB\-\-keyVaultNamespace\f1\f1
-.RE
-.PP
-If \fB\-\-awsSessionToken\f1\f1 and its supporting options are omitted, use \fBMongo()\f1\f1
-within the shell session to enable client\-side field level encryption.
-.PP
-To mitigate the risk of leaking access keys into logs, consider specifying
-an environmental variable to \fB\-\-awsSessionToken\f1\f1\&.
-.RE
-.PP
-\fBmongo \-\-keyVaultNamespace\f1
-.RS
-.PP
-The full namespace (\fB<database>.<collection>\f1) of the collection used as a
-key vault for \fBClient\-Side Field Level Encryption\f1\&. \fB\-\-keyVaultNamespace\f1\f1 is
-required for enabling client\-side field level encryption. for the \fBmongo\f1\f1
-shell session. \fBmongo\f1\f1 creates the specified namespace if it does not
-exist.
-.PP
-\fB\-\-keyVaultNamespace\f1\f1 requires \fIall\f1 of the following command line options:
-.RS
-.IP \(bu 2
-\fB\-\-awsAccessKeyId\f1\f1
-.IP \(bu 2
-\fB\-\-awsSecretAccessKey\f1\f1
-.RE
-.PP
-If \fB\-\-keyVaultNamespace\f1\f1 and its supporting options are omitted, use the \fBMongo()\f1\f1
-constructor within the shell session to enable client\-side field level
-encryption.
-.RE
-.SH FILES
-.PP
-\fB~/.dbshell\f1
-.RS
-.PP
-\fBmongo\f1\f1 maintains a history of commands in the \&.dbshell
-file.
-.PP
-\fBmongo\f1\f1 does not record interaction related to
-authentication in the history file, including
-\fBauthenticate\f1\f1 and \fBdb.createUser()\f1\f1\&.
-.RE
-.PP
-\fB~/.mongorc.js\f1
-.RS
-.PP
-\fBmongo\f1\f1 will read the \fB\&.mongorc.js\f1 file from the home
-directory of the user invoking \fBmongo\f1\f1\&. In the file, users
-can define variables, customize the \fBmongo\f1\f1 shell prompt,
-or update information that they would like updated every time they
-launch a shell. If you use the shell to evaluate a JavaScript file
-or expression either on the command line with \fBmongo \-\-eval\f1\f1 or
-by specifying \fBa .js file to mongo\f1,
-\fBmongo\f1\f1 will read the \fB\&.mongorc.js\f1 file \fIafter\f1 the
-JavaScript has finished processing.
-.PP
-Specify the \fB\-\-norc\f1\f1 option to disable
-reading \fB\&.mongorc.js\f1\&.
-.RE
-.PP
-\fB/etc/mongorc.js\f1
-.RS
-.PP
-Global \fBmongorc.js\f1 file which the \fBmongo\f1\f1 shell
-evaluates upon start\-up. If a user also has a \&.mongorc.js
-file located in the \fBHOME\f1\f1 directory, the \fBmongo\f1\f1
-shell evaluates the global /etc/mongorc.js file \fIbefore\f1
-evaluating the user\(aqs \&.mongorc.js file.
-.PP
-/etc/mongorc.js must have read permission for the user
-running the shell. The \fB\-\-norc\f1\f1 option for \fBmongo\f1\f1
-suppresses only the user\(aqs \&.mongorc.js file.
-.PP
-On Windows, the global mongorc.js </etc/mongorc.js> exists
-in the %ProgramData%\MongoDB directory.
-.RE
-.PP
-\fB/tmp/mongo_edit{<time_t>}.js\f1
-.RS
-.PP
-Created by \fBmongo\f1\f1 when editing a file. If the file exists,
-\fBmongo\f1\f1 will append an integer from \fB1\f1 to \fB10\f1 to the
-time value to attempt to create a unique file.
-.RE
-.PP
-\fB%TEMP%mongo_edit{<time_t>}.js\f1
-.RS
-.PP
-Created by \fBmongo.exe\f1\f1 on Windows when editing a file. If
-the file exists, \fBmongo\f1\f1 will append an integer from \fB1\f1
-to \fB10\f1 to the time value to attempt to create a unique file.
-.RE
-.SH ENVIRONMENT
-.PP
-\fBEDITOR\f1
-.RS
-.PP
-Specifies the path to an editor to use with the \fBedit\f1 shell
-command.  A JavaScript variable \fBEDITOR\f1 will override the value of
-\fBEDITOR\f1\f1\&.
-.RE
-.PP
-\fBHOME\f1
-.RS
-.PP
-Specifies the path to the home directory where \fBmongo\f1\f1 will
-read the \&.mongorc.js file and write the \&.dbshell
-file.
-.RE
-.PP
-\fBHOMEDRIVE\f1
-.RS
-.PP
-On Windows systems, \fBHOMEDRIVE\f1\f1 specifies the path the
-directory where \fBmongo\f1\f1 will read the \&.mongorc.js
-file and write the \&.dbshell file.
-.RE
-.PP
-\fBHOMEPATH\f1
-.RS
-.PP
-Specifies the Windows path to the home directory where
-\fBmongo\f1\f1 will read the \&.mongorc.js file and write
-the \&.dbshell file.
-.RE
-.SH KEYBOARD SHORTCUTS
-.PP
-The \fBmongo\f1\f1 shell supports the following keyboard shortcuts:
-.RS
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Keybinding
-.IP \(bu 4
-Function
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Up arrow
-.IP \(bu 4
-Retrieve previous command from history
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Down\-arrow
-.IP \(bu 4
-Retrieve next command from history
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Home
-.IP \(bu 4
-Go to beginning of the line
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-End
-.IP \(bu 4
-Go to end of the line
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Tab
-.IP \(bu 4
-Autocomplete method/command
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Left\-arrow
-.IP \(bu 4
-Go backward one character
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Right\-arrow
-.IP \(bu 4
-Go forward one character
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-left\-arrow
-.IP \(bu 4
-Go backward one word
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-right\-arrow
-.IP \(bu 4
-Go forward one word
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Meta\-left\-arrow
-.IP \(bu 4
-Go backward one word
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Meta\-right\-arrow
-.IP \(bu 4
-Go forward one word
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-A
-.IP \(bu 4
-Go to the beginning of the line
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-B
-.IP \(bu 4
-Go backward one character
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-C
-.IP \(bu 4
-Exit the \fBmongo\f1\f1 shell
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-D
-.IP \(bu 4
-Delete a char (or exit the \fBmongo\f1\f1 shell)
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-E
-.IP \(bu 4
-Go to the end of the line
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-F
-.IP \(bu 4
-Go forward one character
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-G
-.IP \(bu 4
-Abort
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-J
-.IP \(bu 4
-Accept/evaluate the line
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-K
-.IP \(bu 4
-Kill/erase the line
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-L or type \fBcls\f1
-.IP \(bu 4
-Clear the screen
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-M
-.IP \(bu 4
-Accept/evaluate the line
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-N
-.IP \(bu 4
-Retrieve next command from history
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-P
-.IP \(bu 4
-Retrieve previous command from history
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-R
-.IP \(bu 4
-Reverse\-search command history
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-S
-.IP \(bu 4
-Forward\-search command history
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-T
-.IP \(bu 4
-Transpose characters
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-U
-.IP \(bu 4
-Perform Unix line\-discard
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-W
-.IP \(bu 4
-Perform Unix word\-rubout
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-Y
-.IP \(bu 4
-Yank
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-Z
-.IP \(bu 4
-Suspend (job control works in linux)
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-H
-.IP \(bu 4
-Backward\-delete a character
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Ctrl\-I
-.IP \(bu 4
-Complete, same as Tab
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Meta\-B
-.IP \(bu 4
-Go backward one word
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Meta\-C
-.IP \(bu 4
-Capitalize word
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Meta\-D
-.IP \(bu 4
-Kill word
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Meta\-F
-.IP \(bu 4
-Go forward one word
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Meta\-L
-.IP \(bu 4
-Change word to lowercase
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Meta\-U
-.IP \(bu 4
-Change word to uppercase
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Meta\-Y
-.IP \(bu 4
-Yank\-pop
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Meta\-Backspace
-.IP \(bu 4
-Backward\-kill word
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Meta\-<
-.IP \(bu 4
-Retrieve the first command in command history
-.RE
-.IP \(bu 2
-.RS
-.IP \(bu 4
-Meta\->
-.IP \(bu 4
-Retrieve the last command in command history
-.RE
-.RE
-.SH USE
-.PP
-Typically users invoke the shell with the \fBmongo\f1\f1 command at
-the system prompt. Consider the following examples for other
-scenarios.
-.SS CONNECT TO A MONGOD INSTANCE WITH ACCESS CONTROL
-.PP
-To connect to a database on a remote host using authentication and a
-non\-standard port, use the following form:
-.PP
-.EX
-  mongo \-\-username <user> \-\-password \-\-host <host> \-\-port 28015
-.EE
-.PP
-Alternatively, consider the following short form:
-.PP
-.EX
-  mongo \-u <user> \-p  \-\-host <host> \-\-port 28015
-.EE
-.PP
-Replace \fB<user>\f1 and \fB<host>\f1 with the appropriate values for your
-situation and substitute or omit the \fB\-\-port\f1\f1 as
-needed.
-.PP
-If you do not specify the password to the \fB\-\-password\f1\f1 or \fB\-p\f1\f1 command\-line option, the
-\fBmongo\f1\f1 shell prompts for the password.
-.SS CONNECT TO A REPLICA SET USING THE DNS SEEDLIST CONNECTION FORMAT
-.PP
-To connect to a replica set described using the
-\fBDNS Seed List Connection Format\f1, use the \fB\-\-host\f1\f1 option
-to specify the connection string to the \fBmongo\f1\f1 shell. In
-the following example, the DNS configuration resembles:
-.PP
-.EX
-  Record                            TTL   Class    Priority Weight Port  Target
-  _mongodb._tcp.server.example.com. 86400 IN SRV   0        5      27317 mongodb1.example.com.
-  _mongodb._tcp.server.example.com. 86400 IN SRV   0        5      27017 mongodb2.example.com.
-.EE
-.PP
-The TXT record for the DNS entry includes the \fBreplicaSet\f1 and \fBauthSource\f1 options:
-.PP
-.EX
-  Record              TTL   Class    Text
-  server.example.com. 86400 IN TXT   "replicaSet=rs0&authSource=admin"
-.EE
-.PP
-The following command then connects the \fBmongo\f1\f1 shell to
-the replica set:
-.PP
-.EX
-  mongo \-\-host "mongodb+srv://server.example.com/?username=allison"
-.EE
-.PP
-The \fBmongo\f1\f1 shell will automatically prompt you to provide
-the password for the user specified in the \fBusername\f1 option.
-.SS CONNECT TO A MONGODB ATLAS CLUSTER USING AWS IAM CREDENTIALS
-.PP
-To connect to a MongoDB Atlas (https://www.mongodb.com/cloud/atlas?tck=docs_server) cluster which
-has been configured to support authentication via AWS IAM credentials (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access\-keys.html),
-provide a \fBconnection string\f1 to
-the \fBmongo\f1\f1 shell similar to the following:
-.PP
-.EX
-  mongo \(aqmongodb+srv://<aws access key id>:<aws secret access key>@cluster0.example.com/testdb?authSource=$external&authMechanism=MONGODB\-AWS\(aq
-.EE
-.PP
-Connecting to Atlas using AWS IAM credentials in this manner uses the
-\fBMONGODB\-AWS\f1 \fBauthentication mechanism\f1\f1
-and the \fB$external\f1 \fBauthSource\f1\f1, as shown in this example.
-.PP
-If using an AWS session token (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use\-resources.html)
-as well, provide it with the \fBAWS_SESSION_TOKEN\f1
-\fBauthMechanismProperties\f1\f1 value in your
-\fBconnection string\f1, as follows:
-.PP
-.EX
-  mongo \(aqmongodb+srv://<aws access key id>:<aws secret access key>@cluster0.example.com/testdb?authSource=$external&authMechanism=MONGODB\-AWS&authMechanismProperties=AWS_SESSION_TOKEN:<aws session token>\(aq
-.EE
-.PP
-If the AWS access key ID, secret access key, or session token include
-the following characters:
-.PP
-.EX
-  : / ? # [ ] @
-.EE
-.PP
-those characters must be converted using percent encoding (https://tools.ietf.org/html/rfc3986#section\-2.1)\&.
-.PP
-Alternatively, the AWS access key ID, and secret access key, and
-optionally session token can each be provided outside of the connection
-string using the \fB\-\-username\f1\f1, \fB\-\-password\f1\f1, and
-\fB\-\-awsIamSessionToken\f1\f1 options instead, like so:
-.PP
-.EX
-  mongo \(aqmongodb+srv://cluster0.example.com/testdb?authSource=$external&authMechanism=MONGODB\-AWS\(aq \-\-username <aws access key id> \-\-password <aws secret access key> \-\-awsIamSessionToken <aws session token>
-.EE
-.PP
-When provided as command line parameters, these three options do not
-require percent encoding.
-.PP
-You may also set these credentials on your platform using standard
-AWS IAM environment variables (https://docs.aws.amazon.com/cli/latest/userguide/cli\-configure\-envvars.html#envvars\-list)\&.
-The \fBmongo\f1\f1 shell checks for the following environment
-variables when you use the \fBMONGODB\-AWS\f1
-\fBauthentication mechanism\f1\f1:
-.RS
-.IP \(bu 2
-\fBAWS_ACCESS_KEY_ID\f1
-.IP \(bu 2
-\fBAWS_SECRET_ACCESS_KEY\f1
-.IP \(bu 2
-\fBAWS_SESSION_TOKEN\f1
-.RE
-.PP
-If set, these credentials do not need to be specified in the connection
-string or via the explicit options to the \fBmongo\f1\f1 shell
-(i.e. \fB\-\-username\f1\f1 and \fB\-\-password\f1\f1).
-.PP
-The following example sets these environment variables in the \fBbash\f1
-shell:
-.PP
-.EX
-  export AWS_ACCESS_KEY_ID=\(aq<aws access key id>\(aq
-  export AWS_SECRET_ACCESS_KEY=\(aq<aws secret access key>\(aq
-  export AWS_SESSION_TOKEN=\(aq<aws session token>\(aq
-.EE
-.PP
-Syntax for setting environment variables in other shells will be
-different. Consult the documentation for your platform for more
-information.
-.PP
-You can verify that these environment variables have been set with the
-following command:
-.PP
-.EX
-  env | grep AWS
-.EE
-.PP
-Once set, the following example connects to a MongoDB Atlas cluster
-using these environment variables:
-.PP
-.EX
-  mongo \(aqmongodb+srv://cluster0.example.com/testdb?authSource=$external&authMechanism=MONGODB\-AWS\(aq
-.EE
-.SS EXECUTE JAVASCRIPT AGAINST THE MONGO SHELL
-.PP
-To execute a JavaScript file without evaluating the ~/.mongorc.js
-file before starting a shell session, use the following form:
-.PP
-.EX
-  mongo \-\-shell \-\-norc alternate\-environment.js
-.EE
-.PP
-To execute a JavaScript file with authentication, with password prompted
-rather than provided on the command\-line, use the following form:
-.PP
-.EX
-  mongo script\-file.js \-u <user> \-p
-.EE
-.PP
-\fBisInteractive()\f1\f1
-.SS USE --EVAL TO EXECUTE JAVASCRIPT CODE
-.PP
-You may use the \fB\-\-eval\f1\f1 option to execute
-JavaScript directly from the command line.
-.PP
-For example, the following operation evaluates a JavaScript string
-which queries a collection and prints the results as JSON.
-.PP
-On Linux and macOS, you will need to use single quotes (e.g. \fB\(aq\f1)
-to enclose the JavaScript, using the following form:
-.PP
-.EX
-  mongo \-\-eval \(aqdb.collection.find().forEach(printjson)\(aq
-.EE
-.PP
-On Windows, you will need to use double quotes (e.g. \fB"\f1)
-to enclose the JavaScript, using the following form:
-.PP
-.EX
-  mongo \-\-eval "db.collection.find().forEach(printjson)"
-.EE
-.RS
-.IP \(bu 2
-\fBmongo\f1 Shell Quick Reference\f1
-.IP \(bu 2
-\fBmongosh\f1 Methods\f1
-.IP \(bu 2
-\fBLegacy mongo\f1 Shell\f1
-.IP \(bu 2
-\fBisInteractive()\f1\f1
-.RE
diff --git a/debian/mongodb-enterprise-unstable.rules b/debian/mongodb-enterprise-unstable.rules
index 8c5befde3f0..338dc6cff1a 100755
--- a/debian/mongodb-enterprise-unstable.rules
+++ b/debian/mongodb-enterprise-unstable.rules
@@ -31,7 +31,6 @@ build-stamp: configure-stamp
 		fi ; \
 	done
 
-	echo debian/mongo.1 > debian/mongodb-enterprise-unstable-shell.manpages
 	echo debian/mongod.1 > debian/mongodb-enterprise-unstable-server.manpages
 	echo debian/mongos.1 > debian/mongodb-enterprise-unstable-mongos.manpages
 
@@ -55,7 +54,6 @@ clean:
 	rm -rf $(CURDIR)/debian/mongodb-enterprise-unstable-database-tools-extra
 	rm -rf $(CURDIR)/debian/mongodb-enterprise-unstable-cryptd
 	rm -f config.log
-	rm -f mongo
 	rm -f mongod
 	rm -f mongocryptd
 	rm -f install_compass
@@ -83,7 +81,6 @@ install: build
 	mkdir -p $(CURDIR)/debian/mongodb-enterprise-unstable-mongos/usr/bin
 	mkdir -p $(CURDIR)/debian/mongodb-enterprise-unstable-database-tools-extra/usr/bin
 	mkdir -p $(CURDIR)/debian/mongodb-enterprise-unstable-cryptd/usr/bin
-	cp -v $(CURDIR)/bin/mongo $(CURDIR)/debian/mongodb-enterprise-unstable-shell/usr/bin
 	cp -v $(CURDIR)/bin/mongod $(CURDIR)/debian/mongodb-enterprise-unstable-server/usr/bin
 	cp -v $(CURDIR)/bin/mongos $(CURDIR)/debian/mongodb-enterprise-unstable-mongos/usr/bin
 	cp -v $(CURDIR)/bin/install_compass $(CURDIR)/debian/mongodb-enterprise-unstable-database-tools-extra/usr/bin
diff --git a/debian/mongodb-enterprise.rules b/debian/mongodb-enterprise.rules
index 1ad439abb8a..67d3d241ee6 100755
--- a/debian/mongodb-enterprise.rules
+++ b/debian/mongodb-enterprise.rules
@@ -30,7 +30,6 @@ build-stamp: configure-stamp
 		fi ; \
 	done
 
-	echo debian/mongo.1 > debian/mongodb-enterprise-shell.manpages
 	echo debian/mongod.1 > debian/mongodb-enterprise-server.manpages
 	echo debian/mongos.1 > debian/mongodb-enterprise-mongos.manpages
 
@@ -54,7 +53,6 @@ clean:
 	rm -rf $(CURDIR)/debian/mongodb-enterprise-database-tools-extra
 	rm -rf $(CURDIR)/debian/mongodb-enterprise-cryptd
 	rm -f config.log
-	rm -f mongo
 	rm -f mongod
 	rm -f mongocryptd
 	rm -f install_compass
@@ -82,7 +80,6 @@ install: build
 	mkdir -p $(CURDIR)/debian/mongodb-enterprise-mongos/usr/bin
 	mkdir -p $(CURDIR)/debian/mongodb-enterprise-database-tools-extra/usr/bin
 	mkdir -p $(CURDIR)/debian/mongodb-enterprise-cryptd/usr/bin
-	cp -v $(CURDIR)/bin/mongo $(CURDIR)/debian/mongodb-enterprise-shell/usr/bin
 	cp -v $(CURDIR)/bin/mongod $(CURDIR)/debian/mongodb-enterprise-server/usr/bin
 	cp -v $(CURDIR)/bin/mongos $(CURDIR)/debian/mongodb-enterprise-mongos/usr/bin
 	cp -v $(CURDIR)/bin/install_compass $(CURDIR)/debian/mongodb-enterprise-database-tools-extra/usr/bin
diff --git a/debian/mongodb-org-unstable.rules b/debian/mongodb-org-unstable.rules
index 6103df1c11d..e9cc8f5edb1 100755
--- a/debian/mongodb-org-unstable.rules
+++ b/debian/mongodb-org-unstable.rules
@@ -28,7 +28,6 @@ build-stamp: configure-stamp
 	  echo debian/$$binary.1 >> debian/mongodb-org-unstable-database-tools-extra.manpages ; \
 	done
 
-	echo debian/mongo.1 > debian/mongodb-org-unstable-shell.manpages
 	echo debian/mongod.1 > debian/mongodb-org-unstable-server.manpages
 	echo debian/mongos.1 > debian/mongodb-org-unstable-mongos.manpages
 
@@ -51,7 +50,6 @@ clean:
 	rm -rf $(CURDIR)/debian/mongodb-org-unstable-mongos
 	rm -rf $(CURDIR)/debian/mongodb-org-unstable-database-tools-extra
 	rm -f config.log
-	rm -f mongo
 	rm -f mongod
 	rm -f install_compass
 	rm -f .sconsign.dblite
@@ -77,7 +75,6 @@ install: build
 	mkdir -p $(CURDIR)/debian/mongodb-org-unstable-server/usr/bin
 	mkdir -p $(CURDIR)/debian/mongodb-org-unstable-mongos/usr/bin
 	mkdir -p $(CURDIR)/debian/mongodb-org-unstable-database-tools-extra/usr/bin
-	cp -v $(CURDIR)/bin/mongo $(CURDIR)/debian/mongodb-org-unstable-shell/usr/bin
 	cp -v $(CURDIR)/bin/mongod $(CURDIR)/debian/mongodb-org-unstable-server/usr/bin
 	cp -v $(CURDIR)/bin/mongos $(CURDIR)/debian/mongodb-org-unstable-mongos/usr/bin
 	cp -v $(CURDIR)/bin/install_compass $(CURDIR)/debian/mongodb-org-unstable-database-tools-extra/usr/bin
diff --git a/debian/mongodb-org.rules b/debian/mongodb-org.rules
index ad704dd3e0d..e1374ff81a7 100755
--- a/debian/mongodb-org.rules
+++ b/debian/mongodb-org.rules
@@ -27,7 +27,6 @@ build-stamp: configure-stamp
 	  echo debian/$$binary.1 >> debian/mongodb-org-database-tools-extra.manpages ; \
 	done
 
-	echo debian/mongo.1 > debian/mongodb-org-shell.manpages
 	echo debian/mongod.1 > debian/mongodb-org-server.manpages
 	echo debian/mongos.1 > debian/mongodb-org-mongos.manpages
 
@@ -50,7 +49,6 @@ clean:
 	rm -rf $(CURDIR)/debian/mongodb-org-mongos
 	rm -rf $(CURDIR)/debian/mongodb-org-database-tools-extra
 	rm -f config.log
-	rm -f mongo
 	rm -f mongod
 	rm -f install_compass
 	rm -f .sconsign.dblite
@@ -76,7 +74,6 @@ install: build
 	mkdir -p $(CURDIR)/debian/mongodb-org-server/usr/bin
 	mkdir -p $(CURDIR)/debian/mongodb-org-mongos/usr/bin
 	mkdir -p $(CURDIR)/debian/mongodb-org-database-tools-extra/usr/bin
-	cp -v $(CURDIR)/bin/mongo $(CURDIR)/debian/mongodb-org-shell/usr/bin
 	cp -v $(CURDIR)/bin/mongod $(CURDIR)/debian/mongodb-org-server/usr/bin
 	cp -v $(CURDIR)/bin/mongos $(CURDIR)/debian/mongodb-org-mongos/usr/bin
 	cp -v $(CURDIR)/bin/install_compass $(CURDIR)/debian/mongodb-org-database-tools-extra/usr/bin