SSH
SSH
http://www.cryptography.org/cgibin/crypto.cgi/ssh/
my version of 1.2.26 with fast x86 DES code export-controlled site (must be US citizen or permanent resident)
Installing SSH
# tar xzvf ssh-1.2.26.tar.gz # cd ssh-1.2.26 # ./configure # make install Thats it!
you might have to edit a boot script to start sshd
Remote X windows
When you log into a remote host conventionally, you set the $DISPLAY variable so that remote X applications can connect back to your local X display, e.g. set DISPLAY=myworkstation:0 Problems with security and firewalls:
firewall may block the inbound connection others may connect to your X server and do nasty things
SSH X forwarding
With ssh/slogin, the remote sshd posts a listen on local TCP port 6000+n and sets DISPLAY=:n.0 Remote X applications connect to what they think is a secondary local X display SSH intercepts and forwards over the encrypted TCP channel to the local X display
Inside SSH
Session encrypted with IDEA, 3DES, Blowfish, Arcfour, DES (deprecated) Session key generated by client, doubly encrypted with RSA and sent to server Two RSA keys:
host key - fixed 1024 bit RSA key server key - 768 bit RSA key, changes every hour
User Authentication
User passwords, typed down the encrypted channel
can be disabled for increased security
ssh-add
prompts for passphrase, adds to agent
ssh-add -d
destroys previously entered passphrase
identity.pub
users public RSA key
known_hosts
list of known host public keys
authorized_keys
list of public keys that can authenticate this user
To learn more
Read the documentation! SSH has many configuration options and optional features; fortunately, the defaults are pretty reasonable