cmd:ssh (Secure Shell)

Prev

SSH2 Version: 2.3.0

latest non-commercial Unix SSH2 version

Info

What has changed since SSH1?

SSH has been 98% rewritten.
SSH now supports other key-exchange methods besides double- encrypting RSA key exchange. The current distribution comes with Diffie-Hellman key exchange.
SSH now has support for DSA and other public key algorithms besides RSA.
The protocol is more secure and allows future integration into public key infrastructures.
The protocol complies with the upcoming 'secsh' internet standard.
SSH now supports "subsystems", platform-independent modules that implement particular functions such as file transfers.
SSH now has built-in SOCKS support.
A new feature has been added: sftp, the secure file transfer protocol.

Source

Master site for SSH
ftp://ftp.ssh.com/pub/ssh

Utoronto Mirror
ftp://ftp.utoronto.ca/mirror/packages/ssh/
ftp://ftp.utoronto.ca/mirror/packages/ssh/ssh-2.3.0.tar.gz

Articles

ssh-howto
http://www.csua.berkeley.edu/ssh-howto.html

Getting started with SSH
http://www.tac.nyc.ny.us/~kim/ssh/
A good overview of this procedure, along with troubleshooting info.

links2go SSH Collection
http://www.links2go.com/topic/SSH

http://www.heimhardt.de/htdocs/ssh.html

http://nago.cs.colorado.edu/udp/ssh-howto.html http://www.cs.colorado.edu/csops/FAQ/ssh.html#2

Build, Test run & Installation

Steps

uninstall old version 1st!

root@sunny:/export/pub/installs/ssh-1.2.27# make uninstall

build
```
./configure
make
```

Install

pkg=ssh
make -n install | tee ../logs/$pkg.log.0
make install | tee ../logs/$pkg.log.1

This should set everything up and create the host key.

The old files are moved to *.old files. If you don't want them around, goto apps/ssh and run

# cd apps/ssh
/export/pub/installs/ssh-2.3.0/apps/ssh

# make clean-up-old

Configuration & Twisting

$ dir /etc/ssh2/hostkey.pub /etc/ssh2/hostkey
-rw-------   1 root     root          828 Sep 28 00:31 /etc/ssh2/hostkey
-rw-r--r--   1 root     root          697 Sep 28 00:31 /etc/ssh2/hostkey.pub

— Public and private hostkeys for sshd2. Created by "make install".

.rhosts

Also, a user has to set up her/his ~/.shosts (which only SSH uses) or ~/.rhosts file (insecure, as it is also used by the r*-commands). If the username is the same in both hosts, it is adequate to put the public hostkey to /etc/ssh2/knownhosts and add the host's name to /etc/shosts.equiv (or /etc/hosts.equiv).

/etc/hosts.equiv

This file is used during .rhosts authentication. In its simplest form, this file contains host names, one per line. Users on those hosts are permitted to log in without a password, provided that they have the same user name on both machines.

Comment

buggy document

The document for Official SSH is way tooooo buggy.

For host based authentication:

The README file says ~/.ssh2/knownhosts/xxxxyyyy.pub

The man page says ~/.ssh2/hostkey_PORTNUMBER_HOSTNAME.pub

But I found out the program actually looks for ~/.ssh2/hostkeys/key_PORTNUMBER_HOSTNAME.pub e.g.: ~/.ssh2/hostkeys/key_22_sunny.pub

What's more no detail explanation about how to setup ~/.rhosts!

buggy implementation

Why does SSH 2.3 have problems interoperating with OpenSSH 2.1.1?

SSH 2.3 and earlier versions contain a flaw in their HMAC implementation. Their code was not supplying the full data block output from the digest, and instead always provided 128 bits. For longer digests, this caused SSH 2.3 to not interoperate with OpenSSH.

documented on: Aug 25 2000

Version: v1.2.27

Build, Test run & Installation

Help

For most machines and configurations, the above is all you need.

will install to /usr/local

Comments

Might need to "make distclean" first

make: *** No rule to make target `distclean'.  Stop.

One should be careful not to use "xin" or "xstart" or other similar scripts that explicitly set DISPLAY to start X sessions in a remote machine, because the connection will then not go over the secure channel. The recommended way to start a shell in a remote machine is