• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
AUUG Winter 2002SSH tips, tricks & protocol tutorial
Damien Miller (djm@mindrot.org)August 2002
Contents
1 About this document 2
1.1 Copyright . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.2 Disclaimer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.3 Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.4 A note on the examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.5 Revision . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2 Introduction 3
2.1 What is SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32.2 History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
3 Basic SSH usage 4
3.1 Remote login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43.2 Initial server key discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43.3 Executing commands remotely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53.4 File transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
4 Public key authentication 9
4.1 Generating public keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94.2 Public key authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94.3 Using ssh-agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104.4 Public key restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
5 SSH Forwarding 13
5.1 Authentication agent forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135.2 X11 forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135.3 Port forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135.4 Dynamic port forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
6 SSH Implementations 15
6.1 OpenSSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156.2 SSH Communications Corporation . . . . . . . . . . . . . . . . . . . . . . . . . . . 156.3 Unix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156.4 Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156.5 Macintosh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166.6 Other . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
 
1 About this document
1.1 Copyright
This document is Copyright 2002 Damien Miller. Permission to use, modify and redistributethis document is granted provided this copyright message, list of conditions and the followingdisclaimer are retained.
1.2 Disclaimer
This document is offered in good faith. No responsibility is accepted by the author for any loss ordamage caused in any way to any person or equipment, as a direct or indirect consequence of useor misuse of the information contained herein.
1.3 Audience
This document is intended for users and administrators of Unix-like operating systems. It assumesa moderate level of familiarity with the Unix command-line and a basic working knowledge of TCP/IP networking.
1.4 A note on the examples
All the examples contained herein were written for OpenSSH 3.4. They should work relativelyunchanged on more or less recent versions of OpenSSH. They are unlikely to work on other SSHimplementations without adjustment.
1.5 Revision
This is the initial revision.2
 
2 Introduction
2.1 What is SSH
SSH (Secure SHell) is a network protocol which provides a replacement for insecure remote loginand command execution facilities, such as telnet, rlogin and rsh. SSH encrypts traffic in bothdirections, preventing traffic sniffing and password theft. SSH also offers several additional usefulfeatures:
Compression: traffic may be optionally compressed at the stream level.
Public key authentication: optionally replacing password authentication.
Authentication of the server: making ”man-in-the-middle” attack more difficult
Port forwarding: arbitrary TCP sessions can be forwarded over an SSH connection.
X11 forwarding: SSH can forward your X11 sessions too.
File transfer: the SSH protocol family includes two file transfer protocols.
2.2 History
SSH was created by Tatu Yl¨onen in 1995 and was at first released under an open-source license.Later versions were to bear increasing restrictive licenses, though they generally remained free fornon-commercial use. He went on to form SSH Communications security which sells commercialSSH implementations to this day. The earlier versions of his code implement what is now referredto as
SSH protocol v.1
.In 1997 a process began to make the SSH protocols Internet standards under the auspices of theIETF. This lead to the development of 
version 2 
of the SSH protocol. In the rewrite, the protocolwas split into a transport layer, and connection and authentication protocols. Several securityissues were also addressed as part of this process.In 1999, the OpenBSD
1
team discovered (by way of OSSH
2
) the early free versions for TatuYl¨onen’s original code and set about cleaning them up to modern standards. The result wasnamed ”OpenSSH” and debuted in the OpenBSD 2.6 release of December 1999. OpenSSH wasextended by Markus Friedl to support SSH protocol v.2 in early 2000. OpenSSH remains themost popular, complete and portable free SSH implementation and has been included in many OSreleases. The full history of OpenSSH is documented here
3
.
1
http://www.openbsd.org/
2
ftp://ftp.pdc.kth.se/pub/krypto/ossh/
3
http://www.openbsd.org/history.html
3
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...