version 1.41, 2000/04/12 23:00:28 |
version 1.42, 2000/05/01 08:19:58 |
|
|
.Nm |
.Nm |
(Secure Shell Daemon) is the daemon program for |
(Secure Shell Daemon) is the daemon program for |
.Xr ssh 1 . |
.Xr ssh 1 . |
Together these programs replace rlogin and rsh programs, and |
Together these programs replace rlogin and rsh, and |
provide secure encrypted communications between two untrusted hosts |
provide secure encrypted communications between two untrusted hosts |
over an insecure network. |
over an insecure network. |
The programs are intended to be as easy to |
The programs are intended to be as easy to |
|
|
This key is normally regenerated every hour if it has been used, and |
This key is normally regenerated every hour if it has been used, and |
is never stored on disk. |
is never stored on disk. |
.Pp |
.Pp |
Whenever a client connects the daemon, the daemon sends its host |
Whenever a client connects the daemon responds with its public |
and server public keys to the client. |
host and server keys. |
The client compares the |
The client compares the |
host key against its own database to verify that it has not changed. |
host key against its own database to verify that it has not changed. |
The client then generates a 256 bit random number. |
The client then generates a 256 bit random number. |
It encrypts this |
It encrypts this |
random number using both the host key and the server key, and sends |
random number using both the host key and the server key, and sends |
the encrypted number to the server. |
the encrypted number to the server. |
Both sides then start to use this |
Both sides then use this |
random number as a session key which is used to encrypt all further |
random number as a session key which is used to encrypt all further |
communications in the session. |
communications in the session. |
The rest of the session is encrypted |
The rest of the session is encrypted |
using a conventional cipher, currently Blowfish and 3DES, with 3DES |
using a conventional cipher, currently Blowfish or 3DES, with 3DES |
being used by default. |
being used by default. |
The client selects the encryption algorithm |
The client selects the encryption algorithm |
to use from those offered by the server. |
to use from those offered by the server. |
|
|
.Xr rlogin 1 |
.Xr rlogin 1 |
and |
and |
.Xr rsh 1 |
.Xr rsh 1 |
into that machine). |
into the machine). |
.Pp |
.Pp |
If the client successfully authenticates itself, a dialog for |
If the client successfully authenticates itself, a dialog for |
preparing the session is entered. |
preparing the session is entered. |
|
|
Do not print an error message if RSA support is missing. |
Do not print an error message if RSA support is missing. |
.It Fl V Ar client_protocol_id |
.It Fl V Ar client_protocol_id |
SSH2 compatibility mode. |
SSH2 compatibility mode. |
When this options is specified |
When this option is specified |
.Nm |
.Nm |
assumes the client has sent the given version string |
assumes the client has sent the supplied version string |
and skips the |
and skips the |
Protocol Version Identification Exchange. |
Protocol Version Identification Exchange. |
.It Fl 4 |
.It Fl 4 |