| $Id: README.openssh2,v 1.9 2000/08/31 21:56:03 markus Exp $ |
| |
| howto: |
| 1) generate server key: |
| $ ssh-keygen -d -f /etc/ssh_host_dsa_key -N '' |
| 2) enable ssh2: |
| server: add 'Protocol 2,1' to /etc/sshd_config |
| client: ssh -o 'Protocol 2,1', or add to .ssh/config |
| 3) DSA authentication similar to RSA (add keys to ~/.ssh/authorized_keys2) |
| interop w/ ssh.com dsa-keys: |
| ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2 |
| and vice versa |
| ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub |
| echo Key mykey.pub >> ~/.ssh2/authorization |
| |
| works: |
| secsh-transport: works w/o rekey |
| secsh-userauth: passwd and pubkey with DSA |
| secsh-connection: pty+shell or command, flow control works (window adjust) |
| tcp-forwarding: -L works, -R incomplete |
| x11-fwd |
| dss/dsa: host key database in ~/.ssh/known_hosts2 |
| ssh-agent: supports SSH1-RSA and ssh-dss keys |
| client interops w/ sshd2, lshd |
| server interops w/ ssh2, lsh, ssh.com's Windows client, SecureCRT, F-Secure SSH Client 4.0, SecureFX (secure ftp) |
| server supports multiple concurrent sessions (e.g. with SSH.com Windows client) |
| server supports SFTP (interops with ssh.com's windows, sftp2, scp2) |
| todo: |
| RE-KEYING |
| secsh-connection features: |
| complete tcp-forwarding, agent-fwd |
| auth other than passwd, and DSA-pubkey: |
| keyboard-interactive, (PGP-pubkey?), kerberos |
| config |
| server-auth w/ old host-keys |
| cleanup |
| advanced key storage? |
| keynote |
| |
| -markus |
| $Date: 2000/08/31 21:56:03 $ |