diff options
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | sshd.8 | 231 |
2 files changed, 121 insertions, 117 deletions
@@ -4,6 +4,11 @@ | |||
4 | [ssh_config.5] | 4 | [ssh_config.5] |
5 | - word change, agreed w/ markus | 5 | - word change, agreed w/ markus |
6 | - consistency fixes | 6 | - consistency fixes |
7 | - jmc@cvs.openbsd.org 2006/01/25 09:04:34 | ||
8 | [sshd.8] | ||
9 | move the options description up the page, and a few additional tweaks | ||
10 | whilst in here; | ||
11 | ok markus | ||
7 | 12 | ||
8 | 20060129 | 13 | 20060129 |
9 | - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the | 14 | - (dtucker) [configure.ac opensshd.init.in] Bug #1144: Use /bin/sh for the |
@@ -3729,4 +3734,4 @@ | |||
3729 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 3734 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
3730 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 3735 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
3731 | 3736 | ||
3732 | $Id: ChangeLog,v 1.4095 2006/01/31 10:39:03 djm Exp $ | 3737 | $Id: ChangeLog,v 1.4096 2006/01/31 10:45:53 djm Exp $ |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.211 2006/01/12 22:20:00 jmc Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.212 2006/01/25 09:04:34 jmc Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -56,16 +56,14 @@ | |||
56 | .Ek | 56 | .Ek |
57 | .Sh DESCRIPTION | 57 | .Sh DESCRIPTION |
58 | .Nm | 58 | .Nm |
59 | (SSH Daemon) is the daemon program for | 59 | (OpenSSH Daemon) is the daemon program for |
60 | .Xr ssh 1 . | 60 | .Xr ssh 1 . |
61 | Together these programs replace rlogin and rsh, and | 61 | Together these programs replace rlogin and rsh, and |
62 | provide secure encrypted communications between two untrusted hosts | 62 | provide secure encrypted communications between two untrusted hosts |
63 | over an insecure network. | 63 | over an insecure network. |
64 | The programs are intended to be as easy to | ||
65 | install and use as possible. | ||
66 | .Pp | 64 | .Pp |
67 | .Nm | 65 | .Nm |
68 | is the daemon that listens for connections from clients. | 66 | listens for connections from clients. |
69 | It is normally started at boot from | 67 | It is normally started at boot from |
70 | .Pa /etc/rc . | 68 | .Pa /etc/rc . |
71 | It forks a new | 69 | It forks a new |
@@ -73,122 +71,13 @@ daemon for each incoming connection. | |||
73 | The forked daemons handle | 71 | The forked daemons handle |
74 | key exchange, encryption, authentication, command execution, | 72 | key exchange, encryption, authentication, command execution, |
75 | and data exchange. | 73 | and data exchange. |
76 | This implementation of | ||
77 | .Nm | ||
78 | supports both SSH protocol version 1 and 2 simultaneously. | ||
79 | .Nm | ||
80 | works as follows: | ||
81 | .Ss SSH protocol version 1 | ||
82 | Each host has a host-specific RSA key | ||
83 | (normally 2048 bits) used to identify the host. | ||
84 | Additionally, when | ||
85 | the daemon starts, it generates a server RSA key (normally 768 bits). | ||
86 | This key is normally regenerated every hour if it has been used, and | ||
87 | is never stored on disk. | ||
88 | .Pp | ||
89 | Whenever a client connects, the daemon responds with its public | ||
90 | host and server keys. | ||
91 | The client compares the | ||
92 | RSA host key against its own database to verify that it has not changed. | ||
93 | The client then generates a 256-bit random number. | ||
94 | It encrypts this | ||
95 | random number using both the host key and the server key, and sends | ||
96 | the encrypted number to the server. | ||
97 | Both sides then use this | ||
98 | random number as a session key which is used to encrypt all further | ||
99 | communications in the session. | ||
100 | The rest of the session is encrypted | ||
101 | using a conventional cipher, currently Blowfish or 3DES, with 3DES | ||
102 | being used by default. | ||
103 | The client selects the encryption algorithm | ||
104 | to use from those offered by the server. | ||
105 | .Pp | ||
106 | Next, the server and the client enter an authentication dialog. | ||
107 | The client tries to authenticate itself using | ||
108 | .Em .rhosts | ||
109 | authentication combined with RSA host | ||
110 | authentication, RSA challenge-response authentication, or password | ||
111 | based authentication. | ||
112 | .Pp | ||
113 | Regardless of the authentication type, the account is checked to | ||
114 | ensure that it is accessible. An account is not accessible if it is | ||
115 | locked, listed in | ||
116 | .Cm DenyUsers | ||
117 | or its group is listed in | ||
118 | .Cm DenyGroups | ||
119 | \&. The definition of a locked account is system dependant. Some platforms | ||
120 | have their own account database (eg AIX) and some modify the passwd field ( | ||
121 | .Ql \&*LK\&* | ||
122 | on Solaris and UnixWare, | ||
123 | .Ql \&* | ||
124 | on HP-UX, containing | ||
125 | .Ql Nologin | ||
126 | on Tru64, | ||
127 | a leading | ||
128 | .Ql \&*LOCKED\&* | ||
129 | on FreeBSD and a leading | ||
130 | .Ql \&!! | ||
131 | on Linux). If there is a requirement to disable password authentication | ||
132 | for the account while allowing still public-key, then the passwd field | ||
133 | should be set to something other than these values (eg | ||
134 | .Ql NP | ||
135 | or | ||
136 | .Ql \&*NP\&* | ||
137 | ). | ||
138 | .Pp | ||
139 | .Nm rshd , | ||
140 | .Nm rlogind , | ||
141 | and | ||
142 | .Nm rexecd | ||
143 | are disabled (thus completely disabling | ||
144 | .Xr rlogin | ||
145 | and | ||
146 | .Xr rsh | ||
147 | into the machine). | ||
148 | .Ss SSH protocol version 2 | ||
149 | Version 2 works similarly: | ||
150 | Each host has a host-specific key (RSA or DSA) used to identify the host. | ||
151 | However, when the daemon starts, it does not generate a server key. | ||
152 | Forward security is provided through a Diffie-Hellman key agreement. | ||
153 | This key agreement results in a shared session key. | ||
154 | .Pp | ||
155 | The rest of the session is encrypted using a symmetric cipher, currently | ||
156 | 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. | ||
157 | The client selects the encryption algorithm | ||
158 | to use from those offered by the server. | ||
159 | Additionally, session integrity is provided | ||
160 | through a cryptographic message authentication code | ||
161 | (hmac-sha1 or hmac-md5). | ||
162 | .Pp | ||
163 | Protocol version 2 provides a public key based | ||
164 | user (PubkeyAuthentication) or | ||
165 | client host (HostbasedAuthentication) authentication method, | ||
166 | conventional password authentication and challenge response based methods. | ||
167 | .Ss Command execution and data forwarding | ||
168 | If the client successfully authenticates itself, a dialog for | ||
169 | preparing the session is entered. | ||
170 | At this time the client may request | ||
171 | things like allocating a pseudo-tty, forwarding X11 connections, | ||
172 | forwarding TCP connections, or forwarding the authentication agent | ||
173 | connection over the secure channel. | ||
174 | .Pp | ||
175 | Finally, the client either requests a shell or execution of a command. | ||
176 | The sides then enter session mode. | ||
177 | In this mode, either side may send | ||
178 | data at any time, and such data is forwarded to/from the shell or | ||
179 | command on the server side, and the user terminal in the client side. | ||
180 | .Pp | ||
181 | When the user program terminates and all forwarded X11 and other | ||
182 | connections have been closed, the server sends command exit status to | ||
183 | the client, and both sides exit. | ||
184 | .Pp | 74 | .Pp |
185 | .Nm | 75 | .Nm |
186 | can be configured using command-line options or a configuration file | 76 | can be configured using command-line options or a configuration file |
187 | (by default | 77 | (by default |
188 | .Xr sshd_config 5 ) . | 78 | .Xr sshd_config 5 ) ; |
189 | Command-line options override values specified in the | 79 | command-line options override values specified in the |
190 | configuration file. | 80 | configuration file. |
191 | .Pp | ||
192 | .Nm | 81 | .Nm |
193 | rereads its configuration file when it receives a hangup signal, | 82 | rereads its configuration file when it receives a hangup signal, |
194 | .Dv SIGHUP , | 83 | .Dv SIGHUP , |
@@ -338,6 +227,116 @@ USER@HOST pattern in | |||
338 | or | 227 | or |
339 | .Cm DenyUsers . | 228 | .Cm DenyUsers . |
340 | .El | 229 | .El |
230 | .Pp | ||
231 | This implementation of | ||
232 | .Nm | ||
233 | supports both SSH protocol version 1 and 2 simultaneously. | ||
234 | .Nm | ||
235 | works as follows: | ||
236 | .Ss SSH protocol version 1 | ||
237 | Each host has a host-specific RSA key | ||
238 | (normally 2048 bits) used to identify the host. | ||
239 | Additionally, when | ||
240 | the daemon starts, it generates a server RSA key (normally 768 bits). | ||
241 | This key is normally regenerated every hour if it has been used, and | ||
242 | is never stored on disk. | ||
243 | .Pp | ||
244 | Whenever a client connects, the daemon responds with its public | ||
245 | host and server keys. | ||
246 | The client compares the | ||
247 | RSA host key against its own database to verify that it has not changed. | ||
248 | The client then generates a 256-bit random number. | ||
249 | It encrypts this | ||
250 | random number using both the host key and the server key, and sends | ||
251 | the encrypted number to the server. | ||
252 | Both sides then use this | ||
253 | random number as a session key which is used to encrypt all further | ||
254 | communications in the session. | ||
255 | The rest of the session is encrypted | ||
256 | using a conventional cipher, currently Blowfish or 3DES, with 3DES | ||
257 | being used by default. | ||
258 | The client selects the encryption algorithm | ||
259 | to use from those offered by the server. | ||
260 | .Pp | ||
261 | Next, the server and the client enter an authentication dialog. | ||
262 | The client tries to authenticate itself using | ||
263 | .Em rhosts | ||
264 | authentication combined with RSA host | ||
265 | authentication, RSA challenge-response authentication, or password | ||
266 | based authentication. | ||
267 | .Pp | ||
268 | Regardless of the authentication type, the account is checked to | ||
269 | ensure that it is accessible. An account is not accessible if it is | ||
270 | locked, listed in | ||
271 | .Cm DenyUsers | ||
272 | or its group is listed in | ||
273 | .Cm DenyGroups | ||
274 | \&. The definition of a locked account is system dependant. Some platforms | ||
275 | have their own account database (eg AIX) and some modify the passwd field ( | ||
276 | .Ql \&*LK\&* | ||
277 | on Solaris and UnixWare, | ||
278 | .Ql \&* | ||
279 | on HP-UX, containing | ||
280 | .Ql Nologin | ||
281 | on Tru64, | ||
282 | a leading | ||
283 | .Ql \&*LOCKED\&* | ||
284 | on FreeBSD and a leading | ||
285 | .Ql \&!! | ||
286 | on Linux). If there is a requirement to disable password authentication | ||
287 | for the account while allowing still public-key, then the passwd field | ||
288 | should be set to something other than these values (eg | ||
289 | .Ql NP | ||
290 | or | ||
291 | .Ql \&*NP\&* | ||
292 | ). | ||
293 | .Pp | ||
294 | System security is not improved unless | ||
295 | .Nm rshd , | ||
296 | .Nm rlogind , | ||
297 | and | ||
298 | .Nm rexecd | ||
299 | are disabled (thus completely disabling | ||
300 | .Xr rlogin | ||
301 | and | ||
302 | .Xr rsh | ||
303 | into the machine). | ||
304 | .Ss SSH protocol version 2 | ||
305 | Version 2 works similarly: | ||
306 | Each host has a host-specific key (RSA or DSA) used to identify the host. | ||
307 | However, when the daemon starts, it does not generate a server key. | ||
308 | Forward security is provided through a Diffie-Hellman key agreement. | ||
309 | This key agreement results in a shared session key. | ||
310 | .Pp | ||
311 | The rest of the session is encrypted using a symmetric cipher, currently | ||
312 | 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. | ||
313 | The client selects the encryption algorithm | ||
314 | to use from those offered by the server. | ||
315 | Additionally, session integrity is provided | ||
316 | through a cryptographic message authentication code | ||
317 | (hmac-sha1 or hmac-md5). | ||
318 | .Pp | ||
319 | Protocol version 2 provides a public key based | ||
320 | user (PubkeyAuthentication) or | ||
321 | client host (HostbasedAuthentication) authentication method, | ||
322 | conventional password authentication and challenge response based methods. | ||
323 | .Ss Command execution and data forwarding | ||
324 | If the client successfully authenticates itself, a dialog for | ||
325 | preparing the session is entered. | ||
326 | At this time the client may request | ||
327 | things like allocating a pseudo-tty, forwarding X11 connections, | ||
328 | forwarding TCP connections, or forwarding the authentication agent | ||
329 | connection over the secure channel. | ||
330 | .Pp | ||
331 | Finally, the client either requests a shell or execution of a command. | ||
332 | The sides then enter session mode. | ||
333 | In this mode, either side may send | ||
334 | data at any time, and such data is forwarded to/from the shell or | ||
335 | command on the server side, and the user terminal in the client side. | ||
336 | .Pp | ||
337 | When the user program terminates and all forwarded X11 and other | ||
338 | connections have been closed, the server sends command exit status to | ||
339 | the client, and both sides exit. | ||
341 | .Sh CONFIGURATION FILE | 340 | .Sh CONFIGURATION FILE |
342 | .Nm | 341 | .Nm |
343 | reads configuration data from | 342 | reads configuration data from |