Damien Miller | 2a44f89 | 2000-05-09 15:05:45 +1000 | [diff] [blame] | 1 | $Id: README.openssh2,v 1.8 2000/05/07 18:30:03 markus Exp $ |
| 2 | |
| 3 | howto: |
| 4 | 1) generate server key: |
| 5 | $ ssh-keygen -d -f /etc/ssh_host_dsa_key -N '' |
| 6 | 2) enable ssh2: |
| 7 | server: add 'Protocol 2,1' to /etc/sshd_config |
| 8 | client: ssh -o 'Protocol 2,1', or add to .ssh/config |
| 9 | 3) DSA authentication similar to RSA (add keys to ~/.ssh/authorized_keys2) |
| 10 | interop w/ ssh.com dsa-keys: |
| 11 | ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2 |
| 12 | and vice versa |
| 13 | ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub |
| 14 | echo Key mykey.pub >> ~/.ssh2/authorization |
| 15 | |
| 16 | works: |
| 17 | secsh-transport: works w/o rekey |
| 18 | proposal exchange, i.e. different enc/mac/comp per direction |
| 19 | encryption: blowfish-cbc, 3des-cbc, arcfour, cast128-cbc |
| 20 | mac: hmac-md5, hmac-sha1, (hmac-ripemd160) |
| 21 | compression: zlib, none |
| 22 | secsh-userauth: passwd and pubkey with DSA |
| 23 | secsh-connection: pty+shell or command, flow control works (window adjust) |
| 24 | tcp-forwarding: -L works, -R incomplete |
| 25 | x11-fwd |
| 26 | dss/dsa: host key database in ~/.ssh/known_hosts2 |
| 27 | client interops w/ sshd2, lshd |
| 28 | server interops w/ ssh2, lsh, ssh.com's Windows client, SecureCRT, F-Secure SSH Client 4.0, SecureFX (secure ftp) |
| 29 | server supports multiple concurrent sessions (e.g. with SSH.com Windows client) |
| 30 | todo: |
| 31 | re-keying |
| 32 | secsh-connection features: |
| 33 | tcp-forwarding, agent-fwd |
| 34 | auth other than passwd, and DSA-pubkey: |
| 35 | keyboard-interactive, (PGP-pubkey?) |
| 36 | config |
| 37 | server-auth w/ old host-keys |
| 38 | cleanup |
| 39 | advanced key storage? |
| 40 | keynote |
| 41 | sftp |
| 42 | |
| 43 | -markus |
| 44 | $Date: 2000/05/07 18:30:03 $ |