README.openssh2

$Id: README.openssh2,v 1.4 2000/04/29 13:57:09 damien Exp $

howto:
	1) generate server key:
		$ ssh-keygen -d -f /etc/ssh_host_dsa_key -N ''
	2) enable ssh2:
		server: add 'Protocol 2,1' to /etc/sshd_config
		client: ssh -o 'Protocol 2,1', or add to .ssh/config
	3) DSA authentication similar to RSA (add keys to ~/.ssh/authorized_keys2)
	   interop w/ ssh.com dsa-keys:
		ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2
	   and vice versa
		ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub
		echo Key mykey.pub >> ~/.ssh2/authorization

works:
	secsh-transport: works w/o rekey
		proposal exchange, i.e. different enc/mac/comp per direction
		encryption: blowfish-cbc, 3des-cbc, arcfour, cast128-cbc
		mac: hmac-md5, hmac-sha1, (hmac-ripemd160)
		compression: zlib, none
	secsh-userauth: passwd and pubkey with DSA
	secsh-connection: pty+shell or command, flow control works (window adjust)
		tcp-forwarding: -L works, -R incomplete
		x11-fwd
	dss/dsa: host key database in ~/.ssh/known_hosts2
	client interops w/ sshd2, lshd
	server interops w/ ssh2, lsh, ssh.com's Windows client, SecureCRT, F-Secure SSH Client 4.0
	server supports multiple concurrent sessions (e.g. with SSH.com Windows client)
todo:
	re-keying
	secsh-connection features:
		 tcp-forwarding, agent-fwd
	auth other than passwd, and DSA-pubkey:
		 keyboard-interactive, (PGP-pubkey?)
	config
	server-auth w/ old host-keys
	cleanup
	advanced key storage?
	keynote
	sftp

-markus
$Date: 2000/04/29 13:57:09 $