Descriptions of the Current Directory
Ssh: Secure Shell
Japanese Page is here.
News
- Jun 16, 1999: (ssh-2.0.13-1b) a new init file and its sym.links to accomodate with sysconfig. A patch to fix sftp's progress bar.
- May 27, 1999: (ssh-1.2.27-1a,ssh-2.0.13-1a) 1st rpm releases of versions 1.2.27 and 2.0.13 built from the source files from
http://www.cs.hut.fi/ssh/.
An unofficial ppc patch to build ssh-2.0.13-1a on MkLinux DR3
has been prepared and can be found
in the SOURCES directory.
The package building procedure is descirbed in their
SPEC files: ssh-1.2.27.spec and ssh-2.0.13.spec.
- Mar 17, 1999: (ssh-2.0.12-1a) 1st rpm release of version 2.0.12 built from the source files from
http://www.cs.hut.fi/ssh/.
An unofficial ppc patch to build ssh-2.0.12-1a on MkLinux DR3
has been prepared and can be found
in the SOURCES directory.
The package building procedure is descirbed in its
SPEC file.
- Jan 10, 1999: (ssh-2.0.11-1a) 1st rpm release of version 2.0.11 built from the source files from
http://www.cs.hut.fi/ssh/.
An unofficial ppc patch to build ssh-2.0.11-1a on MkLinux DR3
has been prepared and can be found
in the SOURCES directory.
The package building procedure is descirbed in its
SPEC file.
- Oct 30, 1998: (ssh-2.0.10-1a) 1st rpm release of version 2.0.10 built from the source files from
http://www.cs.hut.fi/ssh/.
The unofficial ppc patch to build ssh-2.0.10-1a on MkLinux DR3
has been renewed and can be found
in the SOURCES directory.
The package building procedure is descirbed in its
SPEC file.
- Sep 26, 1998: (ssh-2.0.9-1a) 1st rpm release of version 2.0.9 built from the source files from
http://www.cs.hut.fi/ssh/.
Unofficial patches to build ssh-2.0.9-1a on MkLinux DR3 are prepared
in the SOURCES directory, and the package
building procedure is descirbed in its
SPEC file.
- Sep 06, 1998: (ssh-2.0.8-1b) 1st rpm release of version 2.0.8 built from the source files from
http://www.cs.hut.fi/ssh/.
The building of version 2.0.8 was not straightforward.
I needed to apply some patches to routines using "va_list",
since ppc's va_list is not a pointer but an array of a
structure (see /opt/egcs/lig/gcc-lib/.../include/va-ppc.h).
The unofficial patches are prepared
in the SOURCES directory,
where you can find other patches and init scripts for ppc and
HP-UX. A package building procedure is given in a
SPEC file.
This version is not well tested yet.
As usual, use it at your own risk. If you find a problem,
never e-mail the original author but report the problem to me.
- Sep 06, 1998: (ssh-1.2.26-1b) 2nd rpm release of version 1.2.26 rebuilt from the source files from
http://www.cs.hut.fi/ssh/. This version has 2 separated packages: ssh-1.2.26-1b and ssh-default-1.2.26-1b, where the former is the body of the package containing binary
files while the latter provides init scripts and
various sym-links to make the package default ssh.
This separation was necessary for ssh v.1.x to coexit
with ssh v2.x.
- Jun 22, 1998: (ssh-1.2.22-1a) 1st rpm of version 1.2.22 created
from the source files from
http://www.cs.hut.fi/ssh/.
Files
This directory contains the secure shell programs:
CHANGES : official change log
LICENSING : licensing notice
SPECS : containing spec files
SOURCES : containing patches, etc
README.html : this file
ssh-1.2.27-1a.nosrc.rpm : no source RPM for v.1.x
ssh-1.2.27-1a.ppc.rpm : binary RPM for v.1.x
ssh-default-1.2.27-1a.ppc.rpm : binary RPM for v.1.x
ssh-2.0.13-1b.nosrc.rpm : no source RPM for v.2.x
ssh-2.0.13-1b.ppc.rpm : binary RPM for v.2.x
ssh-default-2.0.13-1b.ppc.rpm : binary RPM for v.2.x
Installation Instructions for Version 1.x
Caution Before downloading and using
the secure shell package, you need to understand legal restrictions,
if any, in your country against the use of cryptographic software.
Note also that as of version 2.x ssh became non-free, available only
for non-commercial use. Look at LICENSING for the
licensing matter.
Even if you agree to using version 2.0, you had better install
version 1.x for backward compatibility:
Install version 1.x by
- # rpm -Uvh <somewhere>/ssh-1.2.27-1a.ppc.rpm
- # rpm -Uvh <somewhere>/ssh-default-1.2.27-1a.ppc.rpm
then regenerate host keys by
- # ssh-keygen -b 1024 -f /etc/ssh_host_key -N ''
This will renew /etc/ssh_host_key, /etc/ssh_host_key.pub, and
/etc/ssh_random_seed.
It is insecure to keep using the keys
contained in the package, since everybody who downloaded
this package would know the keys.
You can start the secure shell daemon manually by
- # /etc/rc.d/init.d/sshd.init start
or automatically at the boot time.
Usage of Version 1.x
You need to generate your own keys by
- $ ssh-keygen1
- ......
in order to create $HOME/.ssh/identity, $HOME/.ssh/identity.pub,
and $HOME/.ssh/random_seed. You will be asked to supply a pass phrase here.
- $ cd $HOME/.ssh
- $ ls
- identity
- identity.pub
- random_seed
- $ cat identity.pub >> authorized_keys
In order to use the secure shell, your public keys for the (remote) hosts
have to be registered in the "authorized_keys". The last line
above ensures that your account at the local host be contained
in the valid public keys. On the other hand, you should never let the
secret key (identity) be accessible from network.
You can now try, for instance,
- $ slogin <your_host_name>
At the first time, since you do not have $HOST/.ssh/known_hosts,
you will be asked to continue logging in without the host key.
Going ahead automatically creates a "known_hosts" file, getting
the public host key from the target host.
You will then be asked to supply your pass phrase.
If your pass phrase is accepted, your secure login procedure is
complete.
The use of the secure shell can significantly improve network
security via complete encryption of communication.
I am using this for ppp-connections from home.
Consult man pages for slogin, ssh, scp, ssh-keygen, ssh-agent,
ssh-add, etc. for more information.
Installation Instructions for Version 2.x
Caution Before downloading and using
the secure shell package, you need to understand legal restrictions,
if any, in your country against the use of cryptographic software.
Note also that as of version 2.x ssh became non-free, available only
for non-commercial use. Look at LICENSING for the
licensing matter.
Even if you agree to using version 2.0, you had better install
version 1.x for backward compatibility. See above for
installation instructions.
First stop version 1.x sshd:
- # /etc/rc.d/init.d/sshd.init stop
Install version 2.0 by
- # rpm -ivh <somewhere>/ssh-2.0.13-1b.ppc.rpm
- # rpm -Uvh <somewhere>/ssh-default-2.0.13-1b.ppc.rpm
Be aware that you should use "-ivh" instead of "-Uvh" for the base
package, since you want backward compatibility: you want to
connect to a system only supporting version 1.x.
Now regenerate host keys by
- # ssh-keygen -b 1024 -P -o /etc/ssh2/hostkey
This will renew /etc/ssh2/hostkey, /etc/ssh2/hostkey.pub, and
/etc/ssh2/random_seed.
It is insecure to keep using the keys
contained in the package, since everybody who downloaded
this package would know the keys.
Note also that the command line arguments have changed from
those of version 1.x.
You can start the secure shell daemon manually by
- # /etc/rc.d/init.d/sshd.init start
or automatically at the boot time.
Usage of Version 2.x
You need to generate your own keys by
- $ ssh-keygen
- ......
in order to create your private and public keys for version 2. By default
this will create:
$HOME/.ssh2/id_dsa_1024_a, $HOME/.ssh2/id_dsa_1024_a.pub,
and $HOME/.ssh2/random_seed. You will be asked to supply a pass phrase here.
- $ cd $HOME/.ssh2
- $ ls
- id_dsa_1024_a
- id_dsa_1024_a.pub
- random_seed
- $ echo "IdKey id_dsa_1024_a" >> identification
- $ echo "Key id_dsa_1024_a.pub" >> authorization
In order to use the secure shell, your public keys for the (remote) hosts
have to be in the $HOME/.ssh2 directory and their "file names" have
to be registered in $HOME/.ssh2/authorization.
The last line
above ensures that your account at the local host be contained
in the valid public keys. On the other hand, you should never let the
secret key (id_dsa_1024_a in this example) be accessible from network. Note that you can rename the key files: id_dsa_1024_a, id_dsa_1024_a.pub,..
as long as being consistent with the names listed in "identification" and "authorization".
You can now try, for instance,
- $ slogin <your_host_name>
At the first time, you do not have the public hostkey for
the target host, but it will be automatically retrieved
and stored in $HOME/.ssh2/hostkeys/.
You will then be asked to supply your pass phrase.
If your pass phrase is accepted, your secure login procedure is
complete.
The use of the secure shell can significantly improve network
security via complete encryption of communication.
I am using this for ppp-connections from home.
Consult man pages for slogin, ssh, scp, ssh-keygen, ssh-agent,
ssh-add, etc. for more information.
Back to Keisuke Fujii's MkLinux Page
fujiik@jlcuxf.kek.jp Jun. 22, 1998