+[ A Japanese translation of this document is available at
+[ http://www.unixuser.org/%7Eharuyama/security/openssh/index.html
+[ Thanks to HARUYAMA Seigo <haruyama@nt.phys.s.u-tokyo.ac.jp>
+
OpenSSH is almost completely compatible with the commercial SSH 1.2.x.
There are, however, a few exceptions that you will need to bear in
mind while upgrading:
Solution: You will need to run the *commercial* version of ssh-keygen
on the host's private key:
-ssh-keygen -u /etc/ssh/ssh_host_key
+ssh-keygen -u -f /etc/ssh/ssh_host_key
3. Incompatible changes to sshd_config format.
not add the "nullok" directive to your PAM configuration file unless
you specifically wish to allow empty passwords.
-7. Rhosts authentication does not work
-
-Make sure that ssh is installed with the setuid bit set. Note that the
-Makefile does not do this by default.
-
-8. X11 and/or agent forwarding does not work
+7. X11 and/or agent forwarding does not work
Check your ssh_config and sshd_config. The default configuration files
disable authentication agent and X11 forwarding.
-9. ssh takes a long time to connect with Linux/glibc 2.1
+8. ssh takes a long time to connect with Linux/glibc 2.1
The glibc shipped with Redhat 6.1 appears to take a long time to resolve
"IPv6 or IPv4" addresses from domain names. This can be kludged around
use IPv4-only address resolution. (IPv6 lookups may still be made by
specifying the -6 option).
+9. Logins from commercial ssh generate the error "Selected cipher type
+ idea not supported by server"
+
+This error is generated when a commercial ssh which has been configured to
+use the 'idea' cipher attempts to connect to an OpenSSH server. To rectify
+this, select a different cipher in ssh_config or ~/.ssh/config (3des for
+security or blowfish for speed).
+
+10. "can't locate module net-pf-10" messages in log under Linux
+
+The Linux kernel is looking (via modprobe) for protocol family 10 (IPv6).
+Either 1. load the appropriate kernel module, 2. enter the correct alias
+in /etc/modules.conf or 3. disable IPv6 in /etc/modules.conf.
+
+For some silly reason /etc/modules.conf may also be named /etc/conf.modules
+
+11. Password authentication doesn't work on Slackware 7.0
+
+Configure OpenSSH with --with-md5-passwords
+
+12. ./configure or sshd complain about lack of RSA support
+
+Ensure that your OpenSSL libraries have been built to include RSA support
+either internally or through RSAref.
+
+13. "scp: command not found" errors
+
+scp must be in the default PATH on both the client and the server. You may
+need to use the --with-default-path option to specify a custom path to
+search on the server. This option replaces the default path, so you need
+to specify all the current directories on your path as well as where you
+have installed scp. For example:
+
+./configure --with-default-path=/bin:/usr/bin:/usr/local/bin:/path/to/scp
+