diff options
| author | Damien Miller <djm@mindrot.org> | 2000-11-13 22:57:25 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2000-11-13 22:57:25 +1100 |
| commit | 0bc1bd814e3c2b5e92d6f595930051960d17f47f (patch) | |
| tree | 176c7dc2844ecc2c1de0f72d221449556ffa5209 /ssh.1 | |
| parent | 559d383037b0872fcde4e6c40188b649c574be74 (diff) | |
- (djm) Merge OpenBSD changes:
- markus@cvs.openbsd.org 2000/11/06 16:04:56
[channels.c channels.h clientloop.c nchan.c serverloop.c]
[session.c ssh.c]
agent forwarding and -R for ssh2, based on work from
jhuuskon@messi.uku.fi
- markus@cvs.openbsd.org 2000/11/06 16:13:27
[ssh.c sshconnect.c sshd.c]
do not disabled rhosts(rsa) if server port > 1024; from
pekkas@netcore.fi
- markus@cvs.openbsd.org 2000/11/06 16:16:35
[sshconnect.c]
downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net
- markus@cvs.openbsd.org 2000/11/09 18:04:40
[auth1.c]
typo; from mouring@pconline.com
- markus@cvs.openbsd.org 2000/11/12 12:03:28
[ssh-agent.c]
off-by-one when removing a key from the agent
- markus@cvs.openbsd.org 2000/11/12 12:50:39
[auth-rh-rsa.c auth2.c authfd.c authfd.h]
[authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h]
[readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c]
[ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config]
[sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c]
[ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h]
add support for RSA to SSH2. please test.
there are now 3 types of keys: RSA1 is used by ssh-1 only,
RSA and DSA are used by SSH2.
you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA
keys for SSH2 and use the RSA keys for hostkeys or for user keys.
SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before.
- (djm) Fix up Makefile and Redhat init script to create RSA host keys
- (djm) Change to interim version
Diffstat (limited to 'ssh.1')
| -rw-r--r-- | ssh.1 | 53 |
1 files changed, 29 insertions, 24 deletions
| @@ -34,7 +34,7 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: ssh.1,v 1.64 2000/10/16 21:46:31 markus Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.68 2000/11/12 19:50:38 markus Exp $ |
| 38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
| 39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
| 40 | .Os | 40 | .Os |
| @@ -209,9 +209,9 @@ At first, the client attempts to authenticate using the public key method. | |||
| 209 | If this method fails password authentication is tried. | 209 | If this method fails password authentication is tried. |
| 210 | .Pp | 210 | .Pp |
| 211 | The public key method is similar to RSA authentication described | 211 | The public key method is similar to RSA authentication described |
| 212 | in the previous section except that the DSA algorithm is used | 212 | in the previous section except that the DSA or RSA algorithm is used |
| 213 | instead of the patented RSA algorithm. | 213 | instead. |
| 214 | The client uses his private DSA key | 214 | The client uses his private key |
| 215 | .Pa $HOME/.ssh/id_dsa | 215 | .Pa $HOME/.ssh/id_dsa |
| 216 | to sign the session identifier and sends the result to the server. | 216 | to sign the session identifier and sends the result to the server. |
| 217 | The server checks whether the matching public key is listed in | 217 | The server checks whether the matching public key is listed in |
| @@ -331,7 +331,7 @@ identifications for all hosts it has ever been used with. | |||
| 331 | RSA host keys are stored in | 331 | RSA host keys are stored in |
| 332 | .Pa $HOME/.ssh/known_hosts | 332 | .Pa $HOME/.ssh/known_hosts |
| 333 | and | 333 | and |
| 334 | DSA host keys are stored in | 334 | host keys used in the protocol version 2 are stored in |
| 335 | .Pa $HOME/.ssh/known_hosts2 | 335 | .Pa $HOME/.ssh/known_hosts2 |
| 336 | in the user's home directory. | 336 | in the user's home directory. |
| 337 | Additionally, the files | 337 | Additionally, the files |
| @@ -352,7 +352,8 @@ The | |||
| 352 | .Cm StrictHostKeyChecking | 352 | .Cm StrictHostKeyChecking |
| 353 | option (see below) can be used to prevent logins to machines whose | 353 | option (see below) can be used to prevent logins to machines whose |
| 354 | host key is not known or has changed. | 354 | host key is not known or has changed. |
| 355 | .Sh OPTIONS | 355 | .Pp |
| 356 | The options are as follows: | ||
| 356 | .Bl -tag -width Ds | 357 | .Bl -tag -width Ds |
| 357 | .It Fl a | 358 | .It Fl a |
| 358 | Disables forwarding of the authentication agent connection. | 359 | Disables forwarding of the authentication agent connection. |
| @@ -407,7 +408,7 @@ something like | |||
| 407 | Allows remote hosts to connect to local forwarded ports. | 408 | Allows remote hosts to connect to local forwarded ports. |
| 408 | .It Fl i Ar identity_file | 409 | .It Fl i Ar identity_file |
| 409 | Selects the file from which the identity (private key) for | 410 | Selects the file from which the identity (private key) for |
| 410 | RSA authentication is read. | 411 | RSA or DSA authentication is read. |
| 411 | Default is | 412 | Default is |
| 412 | .Pa $HOME/.ssh/identity | 413 | .Pa $HOME/.ssh/identity |
| 413 | in the user's home directory. | 414 | in the user's home directory. |
| @@ -552,6 +553,22 @@ Forces | |||
| 552 | .Nm | 553 | .Nm |
| 553 | to use IPv6 addresses only. | 554 | to use IPv6 addresses only. |
| 554 | .El | 555 | .El |
| 556 | .Pp | ||
| 557 | If | ||
| 558 | .Nm | ||
| 559 | is not invoked with one of the standard program names | ||
| 560 | .Pf ( Dq ssh , | ||
| 561 | .Dq slogin , | ||
| 562 | .Dq rsh , | ||
| 563 | .Dq rlogin , | ||
| 564 | or | ||
| 565 | .Dq remsh ) , | ||
| 566 | it uses this name as its | ||
| 567 | .Ar hostname | ||
| 568 | argument. | ||
| 569 | This is consistent with traditional | ||
| 570 | .Xr rsh 1 | ||
| 571 | behavior. | ||
| 555 | .Sh CONFIGURATION FILES | 572 | .Sh CONFIGURATION FILES |
| 556 | .Nm | 573 | .Nm |
| 557 | obtains configuration data from the following sources (in this order): | 574 | obtains configuration data from the following sources (in this order): |
| @@ -660,14 +677,12 @@ Specifies the number of tries (one per second) to make before falling | |||
| 660 | back to rsh or exiting. | 677 | back to rsh or exiting. |
| 661 | The argument must be an integer. | 678 | The argument must be an integer. |
| 662 | This may be useful in scripts if the connection sometimes fails. | 679 | This may be useful in scripts if the connection sometimes fails. |
| 663 | .It Cm DSAAuthentication | 680 | .It Cm PubkeyAuthentication |
| 664 | Specifies whether to try DSA authentication. | 681 | Specifies whether to try public key authentication. |
| 665 | The argument to this keyword must be | 682 | The argument to this keyword must be |
| 666 | .Dq yes | 683 | .Dq yes |
| 667 | or | 684 | or |
| 668 | .Dq no . | 685 | .Dq no . |
| 669 | DSA authentication will only be | ||
| 670 | attempted if a DSA identity file exists. | ||
| 671 | Note that this option applies to protocol version 2 only. | 686 | Note that this option applies to protocol version 2 only. |
| 672 | .It Cm EscapeChar | 687 | .It Cm EscapeChar |
| 673 | Sets the escape character (default: | 688 | Sets the escape character (default: |
| @@ -745,16 +760,6 @@ syntax to refer to a user's home directory. | |||
| 745 | It is possible to have | 760 | It is possible to have |
| 746 | multiple identity files specified in configuration files; all these | 761 | multiple identity files specified in configuration files; all these |
| 747 | identities will be tried in sequence. | 762 | identities will be tried in sequence. |
| 748 | .It Cm IdentityFile2 | ||
| 749 | Specifies the file from which the user's DSA authentication identity | ||
| 750 | is read (default | ||
| 751 | .Pa $HOME/.ssh/id_dsa | ||
| 752 | in the user's home directory). | ||
| 753 | The file name may use the tilde | ||
| 754 | syntax to refer to a user's home directory. | ||
| 755 | It is possible to have | ||
| 756 | multiple identity files specified in configuration files; all these | ||
| 757 | identities will be tried in sequence. | ||
| 758 | .It Cm KeepAlive | 763 | .It Cm KeepAlive |
| 759 | Specifies whether the system should send keepalive messages to the | 764 | Specifies whether the system should send keepalive messages to the |
| 760 | other side. | 765 | other side. |
| @@ -1096,7 +1101,7 @@ spaces). | |||
| 1096 | This file is not highly sensitive, but the recommended | 1101 | This file is not highly sensitive, but the recommended |
| 1097 | permissions are read/write for the user, and not accessible by others. | 1102 | permissions are read/write for the user, and not accessible by others. |
| 1098 | .It Pa $HOME/.ssh/authorized_keys2 | 1103 | .It Pa $HOME/.ssh/authorized_keys2 |
| 1099 | Lists the DSA keys that can be used for logging in as this user. | 1104 | Lists the public keys (DSA/RSA) that can be used for logging in as this user. |
| 1100 | This file is not highly sensitive, but the recommended | 1105 | This file is not highly sensitive, but the recommended |
| 1101 | permissions are read/write for the user, and not accessible by others. | 1106 | permissions are read/write for the user, and not accessible by others. |
| 1102 | .It Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2 | 1107 | .It Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2 |
| @@ -1104,7 +1109,7 @@ Systemwide list of known host keys. | |||
| 1104 | .Pa /etc/ssh_known_hosts | 1109 | .Pa /etc/ssh_known_hosts |
| 1105 | contains RSA and | 1110 | contains RSA and |
| 1106 | .Pa /etc/ssh_known_hosts2 | 1111 | .Pa /etc/ssh_known_hosts2 |
| 1107 | contains DSA keys. | 1112 | contains DSA or RSA keys for protocol version 2. |
| 1108 | These files should be prepared by the | 1113 | These files should be prepared by the |
| 1109 | system administrator to contain the public host keys of all machines in the | 1114 | system administrator to contain the public host keys of all machines in the |
| 1110 | organization. | 1115 | organization. |
| @@ -1219,7 +1224,7 @@ above. | |||
| 1219 | A version of this library which includes support for the RSA algorithm | 1224 | A version of this library which includes support for the RSA algorithm |
| 1220 | is required for proper operation. | 1225 | is required for proper operation. |
| 1221 | .El | 1226 | .El |
| 1222 | .Sh AUTHOR | 1227 | .Sh AUTHORS |
| 1223 | OpenSSH | 1228 | OpenSSH |
| 1224 | is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen, | 1229 | is a derivative of the original (free) ssh 1.2.12 release by Tatu Ylonen, |
| 1225 | but with bugs removed and newer features re-added. | 1230 | but with bugs removed and newer features re-added. |