New protocol out SSH2 not quite ready for prime time as important config parameters are not implemented yet and the default behaviour is not explained in the man pages.
SSH package includes secure shell ssh and secure copy scp which are versions of the familiar unix rsh, sh and rcp, cp commands which run over secure socket layer ssl.SSH2 also includes sftp a secure ftp over ssl.
SSH is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications ssl over insecure channels. It is intended as a replacement for rlogin, rsh, rcp, rdist and with ssh2 ftp.
In order to make SSH secure it is necessary to set the following parameters which prevent, among other things, SSH from falling out into clear/unencrypted mode.
Currently if using pre 1.2.26 versions the best idea is to step up to
1.2.26 which is both forward compatible with SSH 2 and backward compatible with SSH 1
an empty config file should be placed in the users home directory owned by root and writable only by root. This will force the system wide settings for all users.
The StrictHostKeyChecking option
May be set to "yes", "nopwd", or
"no".The "nopwd" value disables password-authenticated root
logins."nopwd" and "no" are equivalent unless you have a
.ssh/authorized_keys file in the root home directory.
The server has a configuration file /etc/sshd_config, It is explained in the sshd manual page.
The client reads a configuration file /etc/ssh_config, which gives site-wide defaults for various options. Options in this file can be overridden by per-user configuration files. The file is documented on the ssh manual page
Links for information about
Windows NT or 95 freeware version from Berkeley
or a commercial version for NT or 95 from Data Fellows
download ssh1.2.14 win32 Berkeley Version for NT or Win95
The General WWW home page for ssh is here.(mainly deals with SSH in the unix environment) It contains an archive of the mailing list, and detailed information about new releases, mailing lists, and other relevant issues.
Configure SSH on a Solaris box:
For most machines and configurations, the following is all you need
Then check (and edit if needed) the following files(see above table):
or for SSH2
You may also want to create the /etc/ssh_known_hosts for your site and update it periodically. See the manual page for make-ssh-known-hosts on how to do this easily. The file format is documented on the sshd manual page
You should also edit /etc/rc.local or equivalent to start sshd at boot
CLIENT SUID ROOT, SERVER RUN AS ROOT
This package installs two programs that need special privileges. Ssh is the client
program, and it is by default installed as suid root, because it needs to create a
privileged port in order to use .rhosts files for authentication. If it is not installed
as suid root, it will still be usable, but .rhosts authentication will not be available.
Also, the private host key file is readable by root only Sshd is the daemon that listens
for connections. It should preferably be run as root, because it is by normally listening
on a privileged port, and it needs to be able to do setuid(), update utmp, chown ptys etc.
when a user logs in. If it is not run as root, explicit "-p port" option must be
given to specify an alternate port (same port must also be specified for clients),
"-h host_key_file_path" must be given to specify an alternate host key file, and
it cannot be used to log in as any other user than the user running it (because it cannot
Both the server and the client have been carefully screened for possible security problems, and are believed to be secure. However, there can be no guarantee.
Configure SSH on an NT box:(extra points)
You'll need to create a c:\ssh\etc directory to keep your ssh_config, ssh_host_key, and ssh_host_key.pub in. You need to generate the keys on your Unix box with ssh-keygen (bug ssh-keygen doesnt work on NT)
Next, make sure your HOME environment variable is set. On NT, this can be done via the Control Panel->System.
Create a <HOME>\.ssh directory (don't forget the dot).
Setting up ssh to work without requiring any passwords
After installing SSH if you need a destination machine to trust the source machine. Do the following :