Index of /~fujiik/mklinux/Packages/dr3/RPMS/ssh

[ICO]NameLast modifiedSizeDescription

[PARENTDIR]Parent Directory   -  
[TXT]CHANGES 1998-10-19 23:18 2.8K 
[TXT]LICENSING 1998-10-19 23:18 12K 
[   ]ssh-1.2.27-1a.nosrc.rpm1999-05-27 12:24 7.2K 
[   ]ssh-1.2.27-1a.ppc.rpm 1999-05-27 12:25 1.0M 
[   ]ssh-default-1.2.27-1..>1999-05-27 12:25 3.5K 
[DIR]SPECS/ 1999-05-27 12:32 -  
[DIR]SOURCES/ 1999-05-27 12:33 -  
[   ]ssh-2.0.13-1b.nosrc.rpm1999-06-16 11:44 8.3K 
[   ]ssh-2.0.13-1b.ppc.rpm 1999-06-16 11:44 1.4M 
[   ]ssh-default-2.0.13-1..>1999-06-16 11:44 3.8K 

MkLinux Installation Notes(English)

Descriptions of the Current Directory

Ssh: Secure Shell

Japanese Page is here.

News

Files

This directory contains the secure shell programs:
   	CHANGES                       : official change log
   	LICENSING                     : licensing notice
   	SPECS                         : containing spec files
   	SOURCES                       : containing patches, etc
        README.html                   : this file
        ssh-1.2.27-1a.nosrc.rpm       : no source RPM for v.1.x
        ssh-1.2.27-1a.ppc.rpm         : binary RPM for v.1.x
        ssh-default-1.2.27-1a.ppc.rpm : binary RPM for v.1.x
        ssh-2.0.13-1b.nosrc.rpm       : no source RPM for v.2.x
        ssh-2.0.13-1b.ppc.rpm         : binary RPM for v.2.x
        ssh-default-2.0.13-1b.ppc.rpm : binary RPM for v.2.x
   

Installation Instructions for Version 1.x

Caution Before downloading and using the secure shell package, you need to understand legal restrictions, if any, in your country against the use of cryptographic software. Note also that as of version 2.x ssh became non-free, available only for non-commercial use. Look at LICENSING for the licensing matter.

Even if you agree to using version 2.0, you had better install version 1.x for backward compatibility:

Install version 1.x by

# rpm -Uvh <somewhere>/ssh-1.2.27-1a.ppc.rpm
# rpm -Uvh <somewhere>/ssh-default-1.2.27-1a.ppc.rpm
then regenerate host keys by
# ssh-keygen -b 1024 -f /etc/ssh_host_key -N ''
This will renew /etc/ssh_host_key, /etc/ssh_host_key.pub, and /etc/ssh_random_seed. It is insecure to keep using the keys contained in the package, since everybody who downloaded this package would know the keys.

You can start the secure shell daemon manually by

# /etc/rc.d/init.d/sshd.init start
or automatically at the boot time.

Usage of Version 1.x

You need to generate your own keys by
$ ssh-keygen1
......
in order to create $HOME/.ssh/identity, $HOME/.ssh/identity.pub, and $HOME/.ssh/random_seed. You will be asked to supply a pass phrase here.
$ cd $HOME/.ssh
$ ls
identity
identity.pub
random_seed
$ cat identity.pub >> authorized_keys

In order to use the secure shell, your public keys for the (remote) hosts have to be registered in the "authorized_keys". The last line above ensures that your account at the local host be contained in the valid public keys. On the other hand, you should never let the secret key (identity) be accessible from network.

You can now try, for instance,

$ slogin <your_host_name>
At the first time, since you do not have $HOST/.ssh/known_hosts, you will be asked to continue logging in without the host key. Going ahead automatically creates a "known_hosts" file, getting the public host key from the target host. You will then be asked to supply your pass phrase. If your pass phrase is accepted, your secure login procedure is complete.

The use of the secure shell can significantly improve network security via complete encryption of communication. I am using this for ppp-connections from home.

Consult man pages for slogin, ssh, scp, ssh-keygen, ssh-agent, ssh-add, etc. for more information.

Installation Instructions for Version 2.x

Caution Before downloading and using the secure shell package, you need to understand legal restrictions, if any, in your country against the use of cryptographic software. Note also that as of version 2.x ssh became non-free, available only for non-commercial use. Look at LICENSING for the licensing matter.

Even if you agree to using version 2.0, you had better install version 1.x for backward compatibility. See above for installation instructions.

First stop version 1.x sshd:

# /etc/rc.d/init.d/sshd.init stop

Install version 2.0 by

# rpm -ivh <somewhere>/ssh-2.0.13-1b.ppc.rpm
# rpm -Uvh <somewhere>/ssh-default-2.0.13-1b.ppc.rpm
Be aware that you should use "-ivh" instead of "-Uvh" for the base package, since you want backward compatibility: you want to connect to a system only supporting version 1.x.

Now regenerate host keys by

# ssh-keygen -b 1024 -P -o /etc/ssh2/hostkey
This will renew /etc/ssh2/hostkey, /etc/ssh2/hostkey.pub, and /etc/ssh2/random_seed. It is insecure to keep using the keys contained in the package, since everybody who downloaded this package would know the keys. Note also that the command line arguments have changed from those of version 1.x.

You can start the secure shell daemon manually by

# /etc/rc.d/init.d/sshd.init start
or automatically at the boot time.

Usage of Version 2.x

You need to generate your own keys by
$ ssh-keygen
......
in order to create your private and public keys for version 2. By default this will create: $HOME/.ssh2/id_dsa_1024_a, $HOME/.ssh2/id_dsa_1024_a.pub, and $HOME/.ssh2/random_seed. You will be asked to supply a pass phrase here.
$ cd $HOME/.ssh2
$ ls
id_dsa_1024_a
id_dsa_1024_a.pub
random_seed
$ echo "IdKey id_dsa_1024_a" >> identification
$ echo "Key id_dsa_1024_a.pub" >> authorization

In order to use the secure shell, your public keys for the (remote) hosts have to be in the $HOME/.ssh2 directory and their "file names" have to be registered in $HOME/.ssh2/authorization. The last line above ensures that your account at the local host be contained in the valid public keys. On the other hand, you should never let the secret key (id_dsa_1024_a in this example) be accessible from network. Note that you can rename the key files: id_dsa_1024_a, id_dsa_1024_a.pub,.. as long as being consistent with the names listed in "identification" and "authorization".

You can now try, for instance,

$ slogin <your_host_name>
At the first time, you do not have the public hostkey for the target host, but it will be automatically retrieved and stored in $HOME/.ssh2/hostkeys/. You will then be asked to supply your pass phrase. If your pass phrase is accepted, your secure login procedure is complete.

The use of the secure shell can significantly improve network security via complete encryption of communication. I am using this for ppp-connections from home.

Consult man pages for slogin, ssh, scp, ssh-keygen, ssh-agent, ssh-add, etc. for more information.


Back to Keisuke Fujii's MkLinux Page
fujiik@jlcuxf.kek.jp Jun. 22, 1998