version 1.48, 2000/05/03 22:19:29 |
version 1.49, 2000/05/06 17:45:37 |
|
|
The forked daemons handle |
The forked daemons handle |
key exchange, encryption, authentication, command execution, |
key exchange, encryption, authentication, command execution, |
and data exchange. |
and data exchange. |
.Pp |
This implementation of |
.Nm |
.Nm |
|
supports both SSH protocol version 1 and 2 simultaneously. |
|
.Nm |
works as follows. |
works as follows. |
|
.Pp |
|
.Ss SSH protocol version 1 |
|
.Pp |
Each host has a host-specific RSA key |
Each host has a host-specific RSA key |
(normally 1024 bits) used to identify the host. |
(normally 1024 bits) used to identify the host. |
Additionally, when |
Additionally, when |
|
|
Whenever a client connects the daemon responds with its public |
Whenever a client connects the daemon responds with its public |
host and server keys. |
host and server keys. |
The client compares the |
The client compares the |
host key against its own database to verify that it has not changed. |
RSA host key against its own database to verify that it has not changed. |
The client then generates a 256 bit random number. |
The client then generates a 256 bit random number. |
It encrypts this |
It encrypts this |
random number using both the host key and the server key, and sends |
random number using both the host key and the server key, and sends |
|
|
.Xr rsh 1 |
.Xr rsh 1 |
into the machine). |
into the machine). |
.Pp |
.Pp |
|
.Ss SSH protocol version 2 |
|
.Pp |
|
Version 2 works similar: |
|
Each host has a host-specific DSA key used to identify the host. |
|
However, when the daemon starts, it does not generate a server key. |
|
Forward security is provided through a Diffie-Hellman key agreement. |
|
This key agreement results in a shared session key. |
|
The rest of the session is encrypted |
|
using a symmetric cipher, currently |
|
Blowfish, 3DES or CAST128 in CBC mode or Arcfour. |
|
The client selects the encryption algorithm |
|
to use from those offered by the server. |
|
Additionally, session integrity is provided |
|
through a crytographic message authentication code |
|
(hmac-sha1 or hmac-md5). |
|
.Pp |
|
Protocol version 2 provides a public key based |
|
user authentication method (DSAAuthentication) |
|
and conventional password authentication. |
|
.Pp |
|
.Ss Command execution and data forwarding |
|
.Pp |
If the client successfully authenticates itself, a dialog for |
If the client successfully authenticates itself, a dialog for |
preparing the session is entered. |
preparing the session is entered. |
At this time the client may request |
At this time the client may request |
|
|
this many seconds, the server disconnects and exits. |
this many seconds, the server disconnects and exits. |
A value of zero indicates no limit. |
A value of zero indicates no limit. |
.It Fl h Ar host_key_file |
.It Fl h Ar host_key_file |
Specifies the file from which the host key is read (default |
Specifies the file from which the RSA host key is read (default |
.Pa /etc/ssh_host_key ) . |
.Pa /etc/ssh_host_key ) . |
This option must be given if |
This option must be given if |
.Nm |
.Nm |
|
|
can be used as wildcards in the patterns. |
can be used as wildcards in the patterns. |
Only user names are valid, a numerical user ID isn't recognized. |
Only user names are valid, a numerical user ID isn't recognized. |
By default login is allowed regardless of the user name. |
By default login is allowed regardless of the user name. |
|
.It Cm DSAAuthentication |
|
Specifies whether DSA authentication is allowed. |
|
The default is |
|
.Dq yes . |
|
Note that this option applies to protocol version 2 only. |
.It Cm GatewayPorts |
.It Cm GatewayPorts |
Specifies whether remote hosts are allowed to connect to ports |
Specifies whether remote hosts are allowed to connect to ports |
forwarded for the client. |
forwarded for the client. |
|
|
Specifies whether password authentication is allowed. |
Specifies whether password authentication is allowed. |
The default is |
The default is |
.Dq yes . |
.Dq yes . |
|
Note that this option applies to both protocol version 1 and 2. |
.It Cm PermitEmptyPasswords |
.It Cm PermitEmptyPasswords |
When password authentication is allowed, it specifies whether the |
When password authentication is allowed, it specifies whether the |
server allows login to accounts with empty password strings. |
server allows login to accounts with empty password strings. |
|
|
Specifies whether pure RSA authentication is allowed. |
Specifies whether pure RSA authentication is allowed. |
The default is |
The default is |
.Dq yes . |
.Dq yes . |
|
Note that this option applies to protocol version 1 only. |
.It Cm ServerKeyBits |
.It Cm ServerKeyBits |
Defines the number of bits in the server key. |
Defines the number of bits in the server key. |
The minimum value is 512, and the default is 768. |
The minimum value is 512, and the default is 768. |
|
|
pattern, it is not accepted (by that line) even if it matched another |
pattern, it is not accepted (by that line) even if it matched another |
pattern on the line. |
pattern on the line. |
.Pp |
.Pp |
Bits, exponent, and modulus are taken directly from the host key; they |
Bits, exponent, and modulus are taken directly from the RSA host key; they |
can be obtained, e.g., from |
can be obtained, e.g., from |
.Pa /etc/ssh_host_key.pub . |
.Pa /etc/ssh_host_key.pub . |
The optional comment field continues to the end of the line, and is not used. |
The optional comment field continues to the end of the line, and is not used. |