2) enable ssh2:
server: add 'Protocol 2,1' to /etc/sshd_config
client: ssh -o 'Protocol 2,1', or add to .ssh/config
- 3) interop w/ ssh.com dsa-keys:
+ 3) DSA authentication similar to RSA (add keys to ~/.ssh/authorized_keys2)
+ interop w/ ssh.com dsa-keys:
ssh-keygen -f /key/from/ssh.com -X >> ~/.ssh/authorized_keys2
and vice versa
ssh-keygen -f /privatekey/from/openssh -x > ~/.ssh2/mykey.pub
encryption: blowfish-cbc, 3des-cbc, arcfour, cast128-cbc
mac: hmac-md5, hmac-sha1, (hmac-ripemd160)
compression: zlib, none
- secsh-userauth: passwd only
+ secsh-userauth: passwd and pubkey with DSA
secsh-connection: pty+shell or command, flow control works (window adjust)
- tcp-forwarding: -L works
- dss: verification works,
- key database in ~/.ssh/known_hosts with bits == 0 hack
- dss: signature works, keygen w/ openssl
+ tcp-forwarding: -L works, -R incomplete
+ x11-fwd
+ dss/dsa: host key database in ~/.ssh/known_hosts2
client interops w/ sshd2, lshd
- server interops w/ ssh2, lsh, ssh.com's Windows client, SecureCRT, F-Secure SSH Client 4.0
+ server interops w/ ssh2, lsh, ssh.com's Windows client, SecureCRT, F-Secure SSH Client 4.0, SecureFX (secure ftp)
server supports multiple concurrent sessions (e.g. with SSH.com Windows client)
todo:
re-keying
secsh-connection features:
- tcp-forwarding, agent-fwd, x11-fwd
- auth other than passwd:
- pubkey, keyboard-interactive
+ tcp-forwarding, agent-fwd
+ auth other than passwd, and DSA-pubkey:
+ keyboard-interactive, (PGP-pubkey?)
config
server-auth w/ old host-keys
cleanup