version 1.279, 2015/05/01 07:11:47 |
version 1.280, 2015/07/03 03:49:45 |
|
|
.Nm |
.Nm |
is being run from |
is being run from |
.Xr inetd 8 . |
.Xr inetd 8 . |
|
If SSH protocol 1 is enabled, |
.Nm |
.Nm |
is normally not run |
should not normally be run |
from inetd because it needs to generate the server key before it can |
from inetd because it needs to generate the server key before it can |
respond to the client, and this may take tens of seconds. |
respond to the client, and this may take some time. |
Clients would have to wait too long if the key was regenerated every time. |
Clients may have to wait too long if the key was regenerated every time. |
However, with small key sizes (e.g. 512) using |
|
.Nm |
|
from inetd may |
|
be feasible. |
|
.It Fl k Ar key_gen_time |
.It Fl k Ar key_gen_time |
Specifies how often the ephemeral protocol version 1 server key is |
Specifies how often the ephemeral protocol version 1 server key is |
regenerated (default 3600 seconds, or one hour). |
regenerated (default 3600 seconds, or one hour). |
|
|
.Pp |
.Pp |
Forward security for protocol 1 is provided through |
Forward security for protocol 1 is provided through |
an additional server key, |
an additional server key, |
normally 768 bits, |
normally 1024 bits, |
generated when the server starts. |
generated when the server starts. |
This key is normally regenerated every hour if it has been used, and |
This key is normally regenerated every hour if it has been used, and |
is never stored on disk. |
is never stored on disk. |