diff options
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 165 |
1 files changed, 90 insertions, 75 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.221 2005/12/16 18:14:40 jmc Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.222 2005/12/20 21:59:43 jmc Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -613,12 +613,38 @@ Enables trusted X11 forwarding. | |||
613 | Trusted X11 forwardings are not subjected to the X11 SECURITY extension | 613 | Trusted X11 forwardings are not subjected to the X11 SECURITY extension |
614 | controls. | 614 | controls. |
615 | .El | 615 | .El |
616 | .Ss SSH protocol version 1 | 616 | .Sh AUTHENTICATION |
617 | The first authentication method is the | 617 | The OpenSSH SSH client supports OpenSSH protocols 1 and 2. |
618 | .Em rhosts | 618 | Protocol 2 is the default, with |
619 | or | 619 | .Nm |
620 | .Em hosts.equiv | 620 | falling back to protocol 1 if it detects protocol 2 is unsupported. |
621 | method combined with RSA-based host authentication. | 621 | These settings may be altered using the |
622 | .Cm Protocol | ||
623 | option in | ||
624 | .Xr ssh_config 5 , | ||
625 | or enforced using the | ||
626 | .Fl 1 | ||
627 | and | ||
628 | .Fl 2 | ||
629 | options (see above). | ||
630 | Both protocols support similar authentication methods, | ||
631 | but protocol 2 is preferred since | ||
632 | it provides additional mechanisms for confidentiality | ||
633 | (the traffic is encrypted using AES, 3DES, Blowfish, CAST128, or Arcfour) | ||
634 | and integrity (hmac-md5, hmac-sha1, hmac-ripemd160). | ||
635 | Protocol 1 lacks a strong mechanism for ensuring the | ||
636 | integrity of the connection. | ||
637 | .Pp | ||
638 | The methods available for authentication are: | ||
639 | host-based authentication, | ||
640 | public key authentication, | ||
641 | challenge-response authentication, | ||
642 | and password authentication. | ||
643 | Authentication methods are tried in the order specified above, | ||
644 | though protocol 2 has a configuration option to change the default order: | ||
645 | .Cm PreferredAuthentications . | ||
646 | .Pp | ||
647 | Host-based authentication works as follows: | ||
622 | If the machine the user logs in from is listed in | 648 | If the machine the user logs in from is listed in |
623 | .Pa /etc/hosts.equiv | 649 | .Pa /etc/hosts.equiv |
624 | or | 650 | or |
@@ -631,33 +657,42 @@ or | |||
631 | exist in the user's home directory on the | 657 | exist in the user's home directory on the |
632 | remote machine and contain a line containing the name of the client | 658 | remote machine and contain a line containing the name of the client |
633 | machine and the name of the user on that machine, the user is | 659 | machine and the name of the user on that machine, the user is |
634 | considered for log in. | 660 | considered for login. |
635 | Additionally, if the server can verify the client's | 661 | Additionally, the server |
636 | host key (see | 662 | .Em must |
663 | be able to verify the client's | ||
664 | host key (see the description of | ||
637 | .Pa /etc/ssh/ssh_known_hosts | 665 | .Pa /etc/ssh/ssh_known_hosts |
638 | and | 666 | and |
639 | .Pa ~/.ssh/known_hosts | 667 | .Pa ~/.ssh/known_hosts , |
640 | in the | 668 | below) |
641 | .Sx FILES | 669 | for login to be permitted. |
642 | section), only then is login permitted. | ||
643 | This authentication method closes security holes due to IP | 670 | This authentication method closes security holes due to IP |
644 | spoofing, DNS spoofing and routing spoofing. | 671 | spoofing, DNS spoofing, and routing spoofing. |
645 | [Note to the administrator: | 672 | [Note to the administrator: |
646 | .Pa /etc/hosts.equiv , | 673 | .Pa /etc/hosts.equiv , |
647 | .Pa ~/.rhosts , | 674 | .Pa ~/.rhosts , |
648 | and the rlogin/rsh protocol in general, are inherently insecure and should be | 675 | and the rlogin/rsh protocol in general, are inherently insecure and should be |
649 | disabled if security is desired.] | 676 | disabled if security is desired.] |
650 | .Pp | 677 | .Pp |
651 | As a second authentication method, | 678 | Public key authentication works as follows: |
652 | .Nm | 679 | The scheme is based on public-key cryptography, |
653 | supports RSA based authentication. | 680 | using cryptosystems |
654 | The scheme is based on public-key cryptography: there are cryptosystems | 681 | where encryption and decryption are done using separate keys, |
655 | where encryption and decryption are done using separate keys, and it | 682 | and it is unfeasible to derive the decryption key from the encryption key. |
656 | is not possible to derive the decryption key from the encryption key. | ||
657 | RSA is one such system. | ||
658 | The idea is that each user creates a public/private | 683 | The idea is that each user creates a public/private |
659 | key pair for authentication purposes. | 684 | key pair for authentication purposes. |
660 | The server knows the public key, and only the user knows the private key. | 685 | The server knows the public key, and only the user knows the private key. |
686 | .Nm | ||
687 | implements public key authentication protocol automatically, | ||
688 | using either the RSA or DSA algorithms. | ||
689 | Protocol 1 is restricted to using only RSA keys, | ||
690 | but protocol 2 may use either. | ||
691 | The | ||
692 | .Sx HISTORY | ||
693 | section of | ||
694 | .Xr ssl 8 | ||
695 | contains a brief discussion of the two algorithms. | ||
661 | .Pp | 696 | .Pp |
662 | The file | 697 | The file |
663 | .Pa ~/.ssh/authorized_keys | 698 | .Pa ~/.ssh/authorized_keys |
@@ -666,84 +701,64 @@ When the user logs in, the | |||
666 | .Nm | 701 | .Nm |
667 | program tells the server which key pair it would like to use for | 702 | program tells the server which key pair it would like to use for |
668 | authentication. | 703 | authentication. |
669 | The server checks if this key is permitted, and if so, | 704 | The client proves that it has access to the private key |
670 | sends the user (actually the | 705 | and the server checks that the corresponding public key |
671 | .Nm | 706 | is authorized to accept the account. |
672 | program running on behalf of the user) a challenge, a random number, | ||
673 | encrypted by the user's public key. | ||
674 | The challenge can only be decrypted using the proper private key. | ||
675 | The user's client then decrypts the challenge using the private key, | ||
676 | proving that he/she knows the private key | ||
677 | but without disclosing it to the server. | ||
678 | .Pp | 707 | .Pp |
679 | .Nm | 708 | The user creates his/her key pair by running |
680 | implements the RSA authentication protocol automatically. | ||
681 | The user creates his/her RSA key pair by running | ||
682 | .Xr ssh-keygen 1 . | 709 | .Xr ssh-keygen 1 . |
683 | This stores the private key in | 710 | This stores the private key in |
684 | .Pa ~/.ssh/identity | 711 | .Pa ~/.ssh/identity |
712 | (protocol 1), | ||
713 | .Pa ~/.ssh/id_dsa | ||
714 | (protocol 2 DSA), | ||
715 | or | ||
716 | .Pa ~/.ssh/id_rsa | ||
717 | (protocol 2 RSA) | ||
685 | and stores the public key in | 718 | and stores the public key in |
686 | .Pa ~/.ssh/identity.pub | 719 | .Pa ~/.ssh/identity.pub |
720 | (protocol 1), | ||
721 | .Pa ~/.ssh/id_dsa.pub | ||
722 | (protocol 2 DSA), | ||
723 | or | ||
724 | .Pa ~/.ssh/id_rsa.pub | ||
725 | (protocol 2 RSA) | ||
687 | in the user's home directory. | 726 | in the user's home directory. |
688 | The user should then copy the | 727 | The user should then copy the public key |
689 | .Pa identity.pub | ||
690 | to | 728 | to |
691 | .Pa ~/.ssh/authorized_keys | 729 | .Pa ~/.ssh/authorized_keys |
692 | in his/her home directory on the remote machine (the | 730 | in his/her home directory on the remote machine. |
731 | The | ||
693 | .Pa authorized_keys | 732 | .Pa authorized_keys |
694 | file corresponds to the conventional | 733 | file corresponds to the conventional |
695 | .Pa ~/.rhosts | 734 | .Pa ~/.rhosts |
696 | file, and has one key | 735 | file, and has one key |
697 | per line, though the lines can be very long). | 736 | per line, though the lines can be very long. |
698 | After this, the user can log in without giving the password. | 737 | After this, the user can log in without giving the password. |
699 | .Pp | 738 | .Pp |
700 | The most convenient way to use RSA authentication may be with an | 739 | The most convenient way to use public key authentication may be with an |
701 | authentication agent. | 740 | authentication agent. |
702 | See | 741 | See |
703 | .Xr ssh-agent 1 | 742 | .Xr ssh-agent 1 |
704 | for more information. | 743 | for more information. |
705 | .Pp | 744 | .Pp |
706 | If other authentication methods fail, | 745 | Challenge-response authentication works as follows: |
746 | The server sends an arbitrary | ||
747 | .Qq challenge | ||
748 | text, and prompts for a response. | ||
749 | Protocol 2 allows multiple challenges and responses; | ||
750 | protocol 1 is restricted to just one challenge/response. | ||
751 | Examples of challenge-response authentication include | ||
752 | BSD Authentication (see | ||
753 | .Xr login.conf 5 ) | ||
754 | and PAM (some non-OpenBSD systems). | ||
755 | .Pp | ||
756 | Finally, if other authentication methods fail, | ||
707 | .Nm | 757 | .Nm |
708 | prompts the user for a password. | 758 | prompts the user for a password. |
709 | The password is sent to the remote | 759 | The password is sent to the remote |
710 | host for checking; however, since all communications are encrypted, | 760 | host for checking; however, since all communications are encrypted, |
711 | the password cannot be seen by someone listening on the network. | 761 | the password cannot be seen by someone listening on the network. |
712 | .Ss SSH protocol version 2 | ||
713 | When a user connects using protocol version 2, | ||
714 | similar authentication methods are available. | ||
715 | Using the default values for | ||
716 | .Cm PreferredAuthentications , | ||
717 | the client will try to authenticate first using the hostbased method; | ||
718 | if this method fails, public key authentication is attempted, | ||
719 | and finally if this method fails, keyboard-interactive and | ||
720 | password authentication are tried. | ||
721 | .Pp | ||
722 | The public key method is similar to RSA authentication described | ||
723 | in the previous section and allows the RSA or DSA algorithm to be used: | ||
724 | The client uses his private key, | ||
725 | .Pa ~/.ssh/id_dsa | ||
726 | or | ||
727 | .Pa ~/.ssh/id_rsa , | ||
728 | to sign the session identifier and sends the result to the server. | ||
729 | The server checks whether the matching public key is listed in | ||
730 | .Pa ~/.ssh/authorized_keys | ||
731 | and grants access if both the key is found and the signature is correct. | ||
732 | The session identifier is derived from a shared Diffie-Hellman value | ||
733 | and is only known to the client and the server. | ||
734 | .Pp | ||
735 | If public key authentication fails or is not available, a password | ||
736 | can be sent encrypted to the remote host to prove the user's identity. | ||
737 | .Pp | ||
738 | Additionally, | ||
739 | .Nm | ||
740 | supports hostbased or challenge response authentication. | ||
741 | .Pp | ||
742 | Protocol 2 provides additional mechanisms for confidentiality | ||
743 | (the traffic is encrypted using AES, 3DES, Blowfish, CAST128 or Arcfour) | ||
744 | and integrity (hmac-md5, hmac-sha1, hmac-ripemd160). | ||
745 | Note that protocol 1 lacks a strong mechanism for ensuring the | ||
746 | integrity of the connection. | ||
747 | .Ss Login session and remote execution | 762 | .Ss Login session and remote execution |
748 | When the user's identity has been accepted by the server, the server | 763 | When the user's identity has been accepted by the server, the server |
749 | either executes the given command, or logs into the machine and gives | 764 | either executes the given command, or logs into the machine and gives |