=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd.8,v retrieving revision 1.48 retrieving revision 1.49 diff -u -r1.48 -r1.49 --- src/usr.bin/ssh/sshd.8 2000/05/03 22:19:29 1.48 +++ src/usr.bin/ssh/sshd.8 2000/05/06 17:45:37 1.49 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: sshd.8,v 1.48 2000/05/03 22:19:29 markus Exp $ +.\" $Id: sshd.8,v 1.49 2000/05/06 17:45:37 markus Exp $ .\" .Dd September 25, 1999 .Dt SSHD 8 @@ -46,9 +46,14 @@ The forked daemons handle key exchange, encryption, authentication, command execution, and data exchange. -.Pp +This implementation of .Nm +supports both SSH protocol version 1 and 2 simultaneously. +.Nm works as follows. +.Pp +.Ss SSH protocol version 1 +.Pp Each host has a host-specific RSA key (normally 1024 bits) used to identify the host. Additionally, when @@ -59,7 +64,7 @@ Whenever a client connects the daemon responds with its public host and server keys. The client compares the -host key against its own database to verify that it has not changed. +RSA host key against its own database to verify that it has not changed. The client then generates a 256 bit random number. It encrypts this random number using both the host key and the server key, and sends @@ -97,6 +102,28 @@ .Xr rsh 1 into the machine). .Pp +.Ss SSH protocol version 2 +.Pp +Version 2 works similar: +Each host has a host-specific DSA key used to identify the host. +However, when the daemon starts, it does not generate a server key. +Forward security is provided through a Diffie-Hellman key agreement. +This key agreement results in a shared session key. +The rest of the session is encrypted +using a symmetric cipher, currently +Blowfish, 3DES or CAST128 in CBC mode or Arcfour. +The client selects the encryption algorithm +to use from those offered by the server. +Additionally, session integrity is provided +through a crytographic message authentication code +(hmac-sha1 or hmac-md5). +.Pp +Protocol version 2 provides a public key based +user authentication method (DSAAuthentication) +and conventional password authentication. +.Pp +.Ss Command execution and data forwarding +.Pp If the client successfully authenticates itself, a dialog for preparing the session is entered. At this time the client may request @@ -148,7 +175,7 @@ this many seconds, the server disconnects and exits. A value of zero indicates no limit. .It Fl h Ar host_key_file -Specifies the file from which the host key is read (default +Specifies the file from which the RSA host key is read (default .Pa /etc/ssh_host_key ) . This option must be given if .Nm @@ -280,6 +307,11 @@ can be used as wildcards in the patterns. Only user names are valid, a numerical user ID isn't recognized. By default login is allowed regardless of the user name. +.It Cm DSAAuthentication +Specifies whether DSA authentication is allowed. +The default is +.Dq yes . +Note that this option applies to protocol version 2 only. .It Cm GatewayPorts Specifies whether remote hosts are allowed to connect to ports forwarded for the client. @@ -407,6 +439,7 @@ Specifies whether password authentication is allowed. The default is .Dq yes . +Note that this option applies to both protocol version 1 and 2. .It Cm PermitEmptyPasswords When password authentication is allowed, it specifies whether the server allows login to accounts with empty password strings. @@ -488,6 +521,7 @@ Specifies whether pure RSA authentication is allowed. The default is .Dq yes . +Note that this option applies to protocol version 1 only. .It Cm ServerKeyBits Defines the number of bits in the server key. The minimum value is 512, and the default is 768. @@ -701,7 +735,7 @@ pattern, it is not accepted (by that line) even if it matched another pattern on the line. .Pp -Bits, exponent, and modulus are taken directly from the host key; they +Bits, exponent, and modulus are taken directly from the RSA host key; they can be obtained, e.g., from .Pa /etc/ssh_host_key.pub . The optional comment field continues to the end of the line, and is not used.