# # SSH Config Files # # vi /etc/sshd_config (server configuration file) vi /etc/ssh_config (client configuration file - defaults for users) vi /etc/ssh_known_hosts /etc/ssh_host_key /etc/ssh_host_key.pub /etc/ssh_random_seed vi /etc/rc.local or equivalent to start sshd at boot ssh host command sshd Server program run on the server machine. This listens for connections from client machines, and whenever it receives a connection, it performs authentication and starts serving the client. ssh This is the client program used to log into another machine or to execute commands on the other machine. "slogin" is another name for this program. scp Securely copies files from one machine to another. ssh-keygen Used to create RSA keys (host keys and user authentication keys). ssh-agent Authentication agent. This can be used to hold RSA keys for authentication. ssh-add Used to register new keys with the agent. make-ssh-known-hosts Used to create the /etc/ssh_known_hosts file. planet:~# ssh planet date root@planet's password: /usr/X11R6/bin/xauth: creating new authority file /home/root/.Xauthority Thu Apr 9 02:15:53 PDT 1998 recommended way to start a shell in a remote machine xterm -e ssh host & recommended way to execute an X11 application in a remote machine is ssh -n host emacs & > You can always use ssh's port forwarding option to create a secure channel > through which you can tunnel things like POP. ie: > > ssh secure.net. -L 2110:pop.secure.net:110 > > ..will make port 2110 on the local host redirect to port 110 on pop.secure.net > over an encrypted channel. Then point fetchmail (or whatever) at > localhost:2110 to fetch your mail via POP3. > > An alternative is to implement APOP (cucipop and qpopper both support this.) > The sniffers will still be able to read your mail, but they won't > be able to sniff your password. ---- > http://sunsite.unc.edu/LDP/HOWTO/mini/Secure-POP+SSH.html # # http://www.ssh.fi/employment/ # http://www.employees.org/~satch/ssh/faq/ http://www.tac.nyc.ny.us/~kim/ssh/ http://www.sunworld.com/sunworldonline/swol-02-1998/swol-02-security.html SSH Intro http://www.sunworld.com/sunworldonline/swol-03-1998/swol-03-security.html Config/Install http://www.magnicomp.com/rdist/ rdist-6.1.1 or later with ssh ftp://samba.anu.edu.au/pub/rsync/ works with ssh http://www.sunworld.com/sunworldonline/swol-02-1998/swol-02-security.html SSH Intro --------------------- To establish trust, Unix normally requires that the /etc/hosts.equiv and $HOME/.rhosts The public key of the local host needs to be added to the /etc/ssh_known_hosts file on all remote systems that the current host wants to access via .rhosts or hosts.equiv. Alternatively, a user can add the remote host's public key to her $HOME/.ssh/known_hosts file on the remote host they want to access. ---------------------------- 4.6 Can I use ssh to securely forward UDP-based services, such as NFS or NIS? RPC-based services, such as NIS. You can download it from ftp://ftp.tu-chemnitz.de/pub/Local/informatik/sec_rpc/ 4.8 Can I use ssh to protect services like ftp or POP? Secure POP ftp://ftp.internatif.org/pub/unix/gwpop/ Secure ftp myhost$ ssh -L 1234:ftphost.example.com:21 ssh-server - another window myhost$ ftp localhost 1234 220 ftphost FTP server (Foonix 08/15) ready. Name: (myhost:yourname): 331 Password required for yourname Password: 230 User yourname logged in. 6.4 Alternatives to SSH srp: http://srp.stanford.edu/srp/ stunnel: http://mike.daewoo.com.pl/computer/stunnel/ ssleay-related: http://www.psy.uq.edu.au:8080/~ftp/Crypto/ # # # end of file