[openssh.git] / README.openssh2

$Id$

howto:
	1) generate server key:
		$ ssh-keygen -d -f /etc/ssh_host_dsa_key -N ''
	2) enable ssh2:
		server: add 'Protocol 2,1' to /etc/sshd_config
		client: ssh -o 'Protocol 2,1', or add to .ssh/config
	3) DSA authentication similar to RSA (add keys to ~/.ssh/authorized_keys2)
	   interop w/ ssh.com dsa-keys:
		ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2
	   and vice versa
		ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub
		echo Key mykey.pub >> ~/.ssh2/authorization

works:
	secsh-transport: works w/o rekey
	secsh-userauth: passwd and pubkey with DSA
	secsh-connection: pty+shell or command, flow control works (window adjust)
		tcp-forwarding: -L works, -R incomplete
		x11-fwd
	dss/dsa: host key database in ~/.ssh/known_hosts2
	ssh-agent: supports SSH1-RSA and ssh-dss keys
	client interops w/ sshd2, lshd
	server interops w/ ssh2, lsh, ssh.com's Windows client, SecureCRT, F-Secure SSH Client 4.0, SecureFX (secure ftp)
	server supports multiple concurrent sessions (e.g. with SSH.com Windows client)
	server supports SFTP (interops with ssh.com's windows, sftp2, scp2)
todo:
	RE-KEYING
	secsh-connection features:
		 complete tcp-forwarding, agent-fwd
	auth other than passwd, and DSA-pubkey:
		 keyboard-interactive, (PGP-pubkey?), kerberos
	config
	server-auth w/ old host-keys
	cleanup
	advanced key storage?
	keynote

-markus
$Date$
Commit	Line	Data
e9976690	1	$Id$
	2
	3	howto:
	4	1) generate server key:
	5	$ ssh-keygen -d -f /etc/ssh_host_dsa_key -N ''
	6	2) enable ssh2:
	7	server: add 'Protocol 2,1' to /etc/sshd_config
	8	client: ssh -o 'Protocol 2,1', or add to .ssh/config
	9	3) DSA authentication similar to RSA (add keys to ~/.ssh/authorized_keys2)
	10	interop w/ ssh.com dsa-keys:
	11	ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2
	12	and vice versa
	13	ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub
	14	echo Key mykey.pub >> ~/.ssh2/authorization
	15
	16	works:
	17	secsh-transport: works w/o rekey
e9976690	18	secsh-userauth: passwd and pubkey with DSA
	19	secsh-connection: pty+shell or command, flow control works (window adjust)
	20	tcp-forwarding: -L works, -R incomplete
	21	x11-fwd
	22	dss/dsa: host key database in ~/.ssh/known_hosts2
b5e300c2	23	ssh-agent: supports SSH1-RSA and ssh-dss keys
e9976690	24	client interops w/ sshd2, lshd
	25	server interops w/ ssh2, lsh, ssh.com's Windows client, SecureCRT, F-Secure SSH Client 4.0, SecureFX (secure ftp)
	26	server supports multiple concurrent sessions (e.g. with SSH.com Windows client)
b5e300c2	27	server supports SFTP (interops with ssh.com's windows, sftp2, scp2)
e9976690	28	todo:
b5e300c2	29	RE-KEYING
e9976690	30	secsh-connection features:
b5e300c2	31	complete tcp-forwarding, agent-fwd
e9976690	32	auth other than passwd, and DSA-pubkey:
b5e300c2	33	keyboard-interactive, (PGP-pubkey?), kerberos
e9976690	34	config
	35	server-auth w/ old host-keys
	36	cleanup
	37	advanced key storage?
	38	keynote
e9976690	39
	40	-markus
	41	$Date$