mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-24 00:11:05 +01:00
45 lines
1.5 KiB
Plaintext
45 lines
1.5 KiB
Plaintext
$Id: README.openssh2,v 1.8 2000/05/07 18:30:03 markus Exp $
|
|
|
|
howto:
|
|
1) generate server key:
|
|
$ ssh-keygen -d -f /etc/ssh_host_dsa_key -N ''
|
|
2) enable ssh2:
|
|
server: add 'Protocol 2,1' to /etc/sshd_config
|
|
client: ssh -o 'Protocol 2,1', or add to .ssh/config
|
|
3) DSA authentication similar to RSA (add keys to ~/.ssh/authorized_keys2)
|
|
interop w/ ssh.com dsa-keys:
|
|
ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2
|
|
and vice versa
|
|
ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub
|
|
echo Key mykey.pub >> ~/.ssh2/authorization
|
|
|
|
works:
|
|
secsh-transport: works w/o rekey
|
|
proposal exchange, i.e. different enc/mac/comp per direction
|
|
encryption: blowfish-cbc, 3des-cbc, arcfour, cast128-cbc
|
|
mac: hmac-md5, hmac-sha1, (hmac-ripemd160)
|
|
compression: zlib, none
|
|
secsh-userauth: passwd and pubkey with DSA
|
|
secsh-connection: pty+shell or command, flow control works (window adjust)
|
|
tcp-forwarding: -L works, -R incomplete
|
|
x11-fwd
|
|
dss/dsa: host key database in ~/.ssh/known_hosts2
|
|
client interops w/ sshd2, lshd
|
|
server interops w/ ssh2, lsh, ssh.com's Windows client, SecureCRT, F-Secure SSH Client 4.0, SecureFX (secure ftp)
|
|
server supports multiple concurrent sessions (e.g. with SSH.com Windows client)
|
|
todo:
|
|
re-keying
|
|
secsh-connection features:
|
|
tcp-forwarding, agent-fwd
|
|
auth other than passwd, and DSA-pubkey:
|
|
keyboard-interactive, (PGP-pubkey?)
|
|
config
|
|
server-auth w/ old host-keys
|
|
cleanup
|
|
advanced key storage?
|
|
keynote
|
|
sftp
|
|
|
|
-markus
|
|
$Date: 2000/05/07 18:30:03 $
|