version 1.50, 2000/05/08 17:12:16 |
version 1.51, 2000/05/08 17:42:31 |
|
|
The client selects the encryption algorithm |
The client selects the encryption algorithm |
to use from those offered by the server. |
to use from those offered by the server. |
Additionally, session integrity is provided |
Additionally, session integrity is provided |
through a crytographic message authentication code |
through a cryptographic message authentication code |
(hmac-sha1 or hmac-md5). |
(hmac-sha1 or hmac-md5). |
.Pp |
.Pp |
Protocol version 2 provides a public key based |
Protocol version 2 provides a public key based |
|
|
used by SSH protocol 2.0. |
used by SSH protocol 2.0. |
Note that |
Note that |
.Nm |
.Nm |
disables protcol 2.0 if this file is group/world-accessible. |
disables protocol 2.0 if this file is group/world-accessible. |
.It Cm HostKey |
.It Cm HostKey |
Specifies the file containing the private RSA host key (default |
Specifies the file containing the private RSA host key (default |
.Pa /etc/ssh_host_key ) |
.Pa /etc/ssh_host_key ) |
used by SSH protocols 1.3 and 1.5. |
used by SSH protocols 1.3 and 1.5. |
Note that |
Note that |
.Nm |
.Nm |
disables protcols 1.3 and 1.5 if this file is group/world-accessible. |
disables protocols 1.3 and 1.5 if this file is group/world-accessible. |
.It Cm IgnoreRhosts |
.It Cm IgnoreRhosts |
Specifies that |
Specifies that |
.Pa .rhosts |
.Pa .rhosts |
|
|
However, this means that |
However, this means that |
connections will die if the route is down temporarily, and some people |
connections will die if the route is down temporarily, and some people |
find it annoying. |
find it annoying. |
On the other hand, if keepalives are not send, |
On the other hand, if keepalives are not sent, |
sessions may hang indefinitely on the server, leaving |
sessions may hang indefinitely on the server, leaving |
.Dq ghost |
.Dq ghost |
users and consuming server resources. |
users and consuming server resources. |
|
|
.Pa $HOME/.ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys |
file lists the RSA keys that are |
file lists the RSA keys that are |
permitted for RSA authentication in SSH protocols 1.3 and 1.5 |
permitted for RSA authentication in SSH protocols 1.3 and 1.5 |
Similarily, the |
Similarly, the |
.Pa $HOME/.ssh/authorized_keys2 |
.Pa $HOME/.ssh/authorized_keys2 |
file lists the DSA keys that are |
file lists the DSA keys that are |
permitted for DSA authentication in SSH protocol 2.0. |
permitted for DSA authentication in SSH protocol 2.0. |
|
|
This option might be useful |
This option might be useful |
to restrict certain RSA keys to perform just a specific operation. |
to restrict certain RSA keys to perform just a specific operation. |
An example might be a key that permits remote backups but nothing else. |
An example might be a key that permits remote backups but nothing else. |
Notice that the client may specify TCP/IP and/or X11 |
Note that the client may specify TCP/IP and/or X11 |
forwardings unless they are explicitly prohibited. |
forwarding unless they are explicitly prohibited. |
.It Cm environment="NAME=value" |
.It Cm environment="NAME=value" |
Specifies that the string is to be added to the environment when |
Specifies that the string is to be added to the environment when |
logging in using this key. |
logging in using this key. |