]>
Commit | Line | Data |
---|---|---|
e78a59f5 | 1 | $Id$ |
2 | ||
a8be9f80 | 3 | howto: |
4 | 1) generate server key: | |
a306f2dd | 5 | $ ssh-keygen -d -f /etc/ssh_host_dsa_key -N '' |
a8be9f80 | 6 | 2) enable ssh2: |
7 | server: add 'Protocol 2,1' to /etc/sshd_config | |
8 | client: ssh -o 'Protocol 2,1', or add to .ssh/config | |
0b242b12 | 9 | 3) DSA authentication similar to RSA (add keys to ~/.ssh/authorized_keys2) |
10 | interop w/ ssh.com dsa-keys: | |
a306f2dd | 11 | ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2 |
12 | and vice versa | |
13 | ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub | |
14 | echo Key mykey.pub >> ~/.ssh2/authorization | |
a8be9f80 | 15 | |
e78a59f5 | 16 | works: |
17 | secsh-transport: works w/o rekey | |
18 | proposal exchange, i.e. different enc/mac/comp per direction | |
19 | encryption: blowfish-cbc, 3des-cbc, arcfour, cast128-cbc | |
20 | mac: hmac-md5, hmac-sha1, (hmac-ripemd160) | |
21 | compression: zlib, none | |
0b242b12 | 22 | secsh-userauth: passwd and pubkey with DSA |
e78a59f5 | 23 | secsh-connection: pty+shell or command, flow control works (window adjust) |
0b242b12 | 24 | tcp-forwarding: -L works, -R incomplete |
25 | x11-fwd | |
26 | dss/dsa: host key database in ~/.ssh/known_hosts2 | |
e78a59f5 | 27 | client interops w/ sshd2, lshd |
f6cde515 | 28 | server interops w/ ssh2, lsh, ssh.com's Windows client, SecureCRT, F-Secure SSH Client 4.0, SecureFX (secure ftp) |
e78a59f5 | 29 | server supports multiple concurrent sessions (e.g. with SSH.com Windows client) |
30 | todo: | |
31 | re-keying | |
32 | secsh-connection features: | |
0b242b12 | 33 | tcp-forwarding, agent-fwd |
34 | auth other than passwd, and DSA-pubkey: | |
35 | keyboard-interactive, (PGP-pubkey?) | |
e78a59f5 | 36 | config |
37 | server-auth w/ old host-keys | |
38 | cleanup | |
39 | advanced key storage? | |
40 | keynote | |
41 | sftp | |
42 | ||
43 | -markus | |
44 | $Date$ |