1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
$Id: README.openssh2,v 1.3 2000/04/12 07:45:43 markus Exp $
howto:
1) generate server key:
$ umask 077
$ openssl dsaparam 1024 -out dsa1024.pem
$ openssl gendsa -out /etc/ssh_dsa_key dsa1024.pem -rand /dev/arandom
2) enable ssh2:
server: add 'Protocol 2,1' to /etc/sshd_config
client: ssh -o 'Protocol 2,1', or add to .ssh/config
works:
secsh-transport: works w/o rekey
proposal exchange, i.e. different enc/mac/comp per direction
encryption: blowfish-cbc, 3des-cbc, arcfour, cast128-cbc
mac: hmac-md5, hmac-sha1, (hmac-ripemd160)
compression: zlib, none
secsh-userauth: passwd only
secsh-connection: pty+shell or command, flow control works (window adjust)
tcp-forwarding: -L works
dss: verification works,
key database in ~/.ssh/known_hosts with bits == 0 hack
dss: signature works, keygen w/ openssl
client interops w/ sshd2, lshd
server interops w/ ssh2, lsh, ssh.com's Windows client, SecureCRT
server supports multiple concurrent sessions (e.g. with SSH.com Windows client)
todo:
re-keying
secsh-connection features:
tcp-forwarding, agent-fwd, x11-fwd
auth other than passwd:
pubkey, keyboard-interactive
config
server-auth w/ old host-keys
cleanup
advanced key storage?
keynote
sftp
-markus
$Date: 2000/04/12 07:45:43 $
|