]>
Commit | Line | Data |
---|---|---|
e9976690 | 1 | $Id$ |
2 | ||
3 | howto: | |
4 | 1) generate server key: | |
5 | $ ssh-keygen -d -f /etc/ssh_host_dsa_key -N '' | |
6 | 2) enable ssh2: | |
7 | server: add 'Protocol 2,1' to /etc/sshd_config | |
8 | client: ssh -o 'Protocol 2,1', or add to .ssh/config | |
9 | 3) DSA authentication similar to RSA (add keys to ~/.ssh/authorized_keys2) | |
10 | interop w/ ssh.com dsa-keys: | |
11 | ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2 | |
12 | and vice versa | |
13 | ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub | |
14 | echo Key mykey.pub >> ~/.ssh2/authorization | |
15 | ||
16 | works: | |
17 | secsh-transport: works w/o rekey | |
18 | proposal exchange, i.e. different enc/mac/comp per direction | |
19 | encryption: blowfish-cbc, 3des-cbc, arcfour, cast128-cbc | |
20 | mac: hmac-md5, hmac-sha1, (hmac-ripemd160) | |
21 | compression: zlib, none | |
22 | secsh-userauth: passwd and pubkey with DSA | |
23 | secsh-connection: pty+shell or command, flow control works (window adjust) | |
24 | tcp-forwarding: -L works, -R incomplete | |
25 | x11-fwd | |
26 | dss/dsa: host key database in ~/.ssh/known_hosts2 | |
27 | client interops w/ sshd2, lshd | |
28 | server interops w/ ssh2, lsh, ssh.com's Windows client, SecureCRT, F-Secure SSH Client 4.0, SecureFX (secure ftp) | |
29 | server supports multiple concurrent sessions (e.g. with SSH.com Windows client) | |
30 | todo: | |
31 | re-keying | |
32 | secsh-connection features: | |
33 | tcp-forwarding, agent-fwd | |
34 | auth other than passwd, and DSA-pubkey: | |
35 | keyboard-interactive, (PGP-pubkey?) | |
36 | config | |
37 | server-auth w/ old host-keys | |
38 | cleanup | |
39 | advanced key storage? | |
40 | keynote | |
41 | sftp | |
42 | ||
43 | -markus | |
44 | $Date$ |