diff options
author | Damien Miller <djm@mindrot.org> | 2000-11-13 22:57:25 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-11-13 22:57:25 +1100 |
commit | 0bc1bd814e3c2b5e92d6f595930051960d17f47f (patch) | |
tree | 176c7dc2844ecc2c1de0f72d221449556ffa5209 /ssh.1 | |
parent | 559d383037b0872fcde4e6c40188b649c574be74 (diff) |
- (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org 2000/11/06 16:04:56
[channels.c channels.h clientloop.c nchan.c serverloop.c]
[session.c ssh.c]
agent forwarding and -R for ssh2, based on work from
jhuuskon@messi.uku.fi
- markus@cvs.openbsd.org 2000/11/06 16:13:27
[ssh.c sshconnect.c sshd.c]
do not disabled rhosts(rsa) if server port > 1024; from
pekkas@netcore.fi
- markus@cvs.openbsd.org 2000/11/06 16:16:35
[sshconnect.c]
downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
- markus@cvs.openbsd.org 2000/11/09 18:04:40
[auth1.c]
typo; from mouring@pconline.com
- markus@cvs.openbsd.org 2000/11/12 12:03:28
[ssh-agent.c]
off-by-one when removing a key from the agent
- markus@cvs.openbsd.org 2000/11/12 12:50:39
[auth-rh-rsa.c auth2.c authfd.c authfd.h]
[authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
[readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
[ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
[sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
[ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
add support for RSA to SSH2. please test.
there are now 3 types of keys: RSA1 is used by ssh-1 only,
RSA and DSA are used by SSH2.
you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
keys for SSH2 and use the RSA keys for hostkeys or for user keys.
SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
- (djm) Fix up Makefile and Redhat init script to create RSA host keys
- (djm) Change to interim version
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 53 |
1 files changed, 29 insertions, 24 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.64 2000/10/16 21:46:31 markus Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.68 2000/11/12 19:50:38 markus Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -209,9 +209,9 @@ At first, the client attempts to authenticate using the public key method. | |||
209 | If this method fails password authentication is tried. | 209 | If this method fails password authentication is tried. |
210 | .Pp | 210 | .Pp |
211 | The public key method is similar to RSA authentication described | 211 | The public key method is similar to RSA authentication described |
212 | in the previous section except that the DSA algorithm is used | 212 | in the previous section except that the DSA or RSA algorithm is used |
213 | instead of the patented RSA algorithm. | 213 | instead. |
214 | The client uses his private DSA key | 214 | The client uses his private key |
215 | .Pa $HOME/.ssh/id_dsa | 215 | .Pa $HOME/.ssh/id_dsa |
216 | to sign the session identifier and sends the result to the server. | 216 | to sign the session identifier and sends the result to the server. |
217 | The server checks whether the matching public key is listed in | 217 | The server checks whether the matching public key is listed in |
@@ -331,7 +331,7 @@ identifications for all hosts it has ever been used with. | |||
331 | RSA host keys are stored in | 331 | RSA host keys are stored in |
332 | .Pa $HOME/.ssh/known_hosts | 332 | .Pa $HOME/.ssh/known_hosts |
333 | and | 333 | and |
334 | DSA host keys are stored in | 334 | host keys used in the protocol version 2 are stored in |
335 | .Pa $HOME/.ssh/known_hosts2 | 335 | .Pa $HOME/.ssh/known_hosts2 |
336 | in the user's home directory. | 336 | in the user's home directory. |
337 | Additionally, the files | 337 | Additionally, the files |
@@ -352,7 +352,8 @@ The | |||
352 | .Cm StrictHostKeyChecking | 352 | .Cm StrictHostKeyChecking |
353 | option (see below) can be used to prevent logins to machines whose | 353 | option (see below) can be used to prevent logins to machines whose |
354 | host key is not known or has changed. | 354 | host key is not known or has changed. |
355 | .Sh OPTIONS | 355 | .Pp |
356 | The options are as follows: | ||
356 | .Bl -tag -width Ds | 357 | .Bl -tag -width Ds |
357 | .It Fl a | 358 | .It Fl a |
358 | Disables forwarding of the authentication agent connection. | 359 | Disables forwarding of the authentication agent connection. |
@@ -407,7 +408,7 @@ something like | |||
407 | Allows remote hosts to connect to local forwarded ports. | 408 | Allows remote hosts to connect to local forwarded ports. |
408 | .It Fl i Ar identity_file | 409 | .It Fl i Ar identity_file |
409 | Selects the file from which the identity (private key) for | 410 | Selects the file from which the identity (private key) for |
410 | RSA authentication is read. | 411 | RSA or DSA authentication is read. |
411 | Default is | 412 | Default is |
412 | .Pa $HOME/.ssh/identity | 413 | .Pa $HOME/.ssh/identity |
413 | in the user's home directory. | 414 | in the user's home directory. |
@@ -552,6 +553,22 @@ Forces | |||
552 | .Nm | 553 | .Nm |
553 | to use IPv6 addresses only. | 554 | to use IPv6 addresses only. |
554 | .El | 555 | .El |
556 | .Pp | ||
557 | If | ||
558 | .Nm | ||
559 | is not invoked with one of the standard program names | ||
560 | .Pf ( Dq ssh , | ||
561 | .Dq slogin , | ||
562 | .Dq rsh , | ||
563 | .Dq rlogin , | ||
564 | or | ||
565 | .Dq remsh ) , | ||
566 | it uses this name as its | ||
567 | .Ar hostname | ||
568 | argument. | ||
569 | This is consistent with traditional | ||
570 | .Xr rsh 1 | ||
571 | behavior. | ||
555 | .Sh CONFIGURATION FILES | 572 | .Sh CONFIGURATION FILES |
556 | .Nm | 573 | .Nm |
557 | obtains configuration data from the following sources (in this order): | 574 | obtains configuration data from the following sources (in this order): |
@@ -660,14 +677,12 @@ Specifies the number of tries (one per second) to make before falling | |||
660 | back to rsh or exiting. | 677 | back to rsh or exiting. |
661 | The argument must be an integer. | 678 | The argument must be an integer. |
662 | This may be useful in scripts if the connection sometimes fails. | 679 | This may be useful in scripts if the connection sometimes fails. |
663 | .It Cm DSAAuthentication | 680 | .It Cm PubkeyAuthentication |
664 | Specifies whether to try DSA authentication. | 681 | Specifies whether to try public key authentication. |
665 | The argument to this keyword must be | 682 | The argument to this keyword must be |
666 | .Dq yes | 683 | .Dq yes |
667 | or | 684 | or |
668 | .Dq no . | 685 | .Dq no . |
669 | DSA authentication will only be | ||
670 | attempted if a DSA identity file exists. | ||
671 | Note that this option applies to protocol version 2 only. | 686 | Note that this option applies to protocol version 2 only. |
672 | .It Cm EscapeChar | 687 | .It Cm EscapeChar |
673 | Sets the escape character (default: | 688 | Sets the escape character (default: |
@@ -745,16 +760,6 @@ syntax to refer to a user's home directory. | |||
745 | It is possible to have | 760 | It is possible to have |
746 | multiple identity files specified in configuration files; all these | 761 | multiple identity files specified in configuration files; all these |
747 | identities will be tried in sequence. | 762 | identities will be tried in sequence. |
748 | .It Cm IdentityFile2 | ||
749 | Specifies the file from which the user's DSA authentication identity | ||
750 | is read (default | ||
751 | .Pa $HOME/.ssh/id_dsa | ||
752 | in the user's home directory). | ||
753 | The file name may use the tilde | ||
754 | syntax to refer to a user's home directory. | ||
755 | It is possible to have | ||
756 | multiple identity files specified in configuration files; all these | ||
757 | identities will be tried in sequence. | ||
758 | .It Cm KeepAlive | 763 | .It Cm KeepAlive |
759 | Specifies whether the system should send keepalive messages to the | 764 | Specifies whether the system should send keepalive messages to the |
760 | other side. | 765 | other side. |
@@ -1096,7 +1101,7 @@ spaces). | |||
1096 | This file is not highly sensitive, but the recommended | 1101 | This file is not highly sensitive, but the recommended |
1097 | permissions are read/write for the user, and not accessible by others. | 1102 | permissions are read/write for the user, and not accessible by others. |
1098 | .It Pa $HOME/.ssh/authorized_keys2 | 1103 | .It Pa $HOME/.ssh/authorized_keys2 |
1099 | Lists the DSA keys that can be used for logging in as this user. | 1104 | Lists the public keys (DSA/RSA) that can be used for logging in as this user. |
1100 | This file is not highly sensitive, but the recommended | 1105 | This file is not highly sensitive, but the recommended |
1101 | permissions are read/write for the user, and not accessible by others. | 1106 | permissions are read/write for the user, and not accessible by others. |
1102 | .It Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2 | 1107 | .It Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2 |
@@ -1104,7 +1109,7 @@ Systemwide list of known host keys. | |||
1104 | .Pa /etc/ssh_known_hosts | 1109 | .Pa /etc/ssh_known_hosts |
1105 | contains RSA and | 1110 | contains RSA and |
1106 | .Pa /etc/ssh_known_hosts2 | 1111 | .Pa /etc/ssh_known_hosts2 |
1107 | contains DSA keys. | 1112 | contains DSA or RSA keys for protocol version 2. |
1108 | These files should be prepared by the | 1113 | These files should be prepared by the |
1109 | system administrator to contain the public host keys of all machines in the | 1114 | system administrator to contain the public host keys of all machines in the |
1110 | organization. | 1115 | organization. |
@@ -1219,7 +1224,7 @@ above. | |||
1219 | A version of this library which includes support for the RSA algorithm | 1224 | A version of this library which includes support for the RSA algorithm |
1220 | is required for proper operation. | 1225 | is required for proper operation. |
1221 | .El | 1226 | .El |
1222 | .Sh AUTHOR | 1227 | .Sh AUTHORS |
1223 | OpenSSH | 1228 | OpenSSH |
1224 | is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen, | 1229 | is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen, |
1225 | but with bugs removed and newer features re-added. | 1230 | but with bugs removed and newer features re-added. |