1. about secure shell
this section should answer general questions about secure shell and what it does and doesn't do. click here for the contents of this section.
1.1. what is secure shell?
to paraphrase the readme file:

secure shell is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. it provides strong authentication and secure communications over unsecure channels. it is intended as a replacement for telnet, rlogin, rsh, and rcp. for ssh2, there is a replacement for ftp: sftp.

additionally, secure shell provides secure x connections and secure forwarding of arbitrary tcp connections. you can also use secure shell as a tool for things like rsync and secure network backups.

the traditional bsd 'r' - commmands (rsh, rlogin, rcp) are vulnerable to different kinds of attacks. somebody who has root access to machines on the network, or physical access to the wire, can gain unauthorized access to systems in a variety of ways. it is also possible for such a person to log all the traffic to and from your system, including passwords (which ssh never sends in the clear).

the x window system also has a number of severe vulnerabilities. with ssh, you can create secure remote x sessions which are transparent to the user. as a side effect, using remote x clients with ssh is more convenient for users.

there are two versions of secure shell available: ssh1 and ssh2. this faq does its best to distinguish when the situation calls for the difference between the two.

1.2 how widespread is its use?
the most current figures available are over 2 million secure shell users in over 60 countries. this is not an accurate amount, but an estimate. it also does not necessarily include the different implementations of secure shell for different operating systems.

note that this includes both ssh1 and ssh2 implementations.

1.3 what protocols does secure shell use?
it should be noted that the ssh1 and ssh2 protocols are in fact different and not compatible with each other.

for the ssh1 protocol, you can find this information in an old ietf draft available here. it is also available with the latest source distribution for ssh1 at ftp.ssh.com/pub/ssh/ssh-1.2.27.tar.gz.

for the ssh2 protocol, you can find this information in the ssh2 ietf drafts:

the fifth ietf draft for secure shell, generic message exchange authentication for secure shell is no longer available and expired after 6 months.

1.4 what encryption algorithms does secure shell use?
secure shell uses the following ciphers for encryption: cipher ssh1 ssh2
des yes no
3des yes yes
idea yes no
blowfish yes yes
twofish no yes
arcfour no yes
cast128-cbc no yes

secure shell uses the following ciphers for authentication: cipher ssh1 ssh2
rsa yes no
dsa no yes

ciphers may be added or deleted later depending on implementations.

1.5 how does secure shell authenticate?
secure shell authenticates using one or more of the following:

password (the /etc/passwd or /etc/shadow in unix)
user public key (rsa or dsa, depending on the release)
kerberos (for ssh1)
hostbased (.rhosts or /etc/hosts.equiv in ssh1 or public key in ssh2)
since there is quite a big demand for it, there are some patches available for various forms of authentication. it is up to the authors to make those available. if you wish to have a particular type of authentication in secure shell, please submit a feature request to the ssh secure shell team. for openssh features, please contact the openssh team.

1.6 what does secure shell protect against?
secure shell protects against (again, from the readme):

ip spoofing, where a remote host sends out packets which pretend to come from another, trusted host. ssh even protects against a spoofer on the local network, who can pretend he is your router to the outside.
ip source routing, where a host can pretend that an ip packet comes from another, trusted host.
dns spoofing, where an attacker forges name server records
interception of cleartext passwords and other data by intermediate hosts
manipulation of data by people in control of intermediate hosts
attacks based on listening to x authentication data and spoofed connection to the x11 server
in other words, ssh never trusts the net; somebody hostile who has taken over the network can only force ssh to disconnect, but cannot decrypt or play back the traffic, or hijack the connection.

the above only holds if you actually use encryption. secure shell does have an option to use encryption of type "none" this is only for debugging purposes, and should not be used.

1.7 what doesn't secure shell protect against?
secure shell will not help you with anything that compromises your host's security in some other way. once an attacker has gained root access to a machine, he can then subvert ssh, too.

if somebody malevolent has access to your home directory, then security is nonexistent. this is very much the case if your home directory is exported via nfs.

1.8 what is the difference between ssh1 and ssh2?
the difference between ssh1 and ssh2 is they are two entirely different protocols. ssh1 and ssh2 encrypt at different parts of the packets, and ssh1 uses server and host keys to authenticate systems where ssh2 only uses host keys. ssh2 is a complete rewrite of the protocol, and it does not use the same networking implementation that ssh1 does. also, ssh2 is more secure.
because of the different protocol implementation, they are not compatible.

in a nutshell, ssh2 is a rewrite of the ssh1 protocol, with improvements to security, performance, and portability.

1.9 who maintains secure shell?
ssh communications security, is the developer of secure shell (secsh) protocol and maintains the releases of ssh1 and ssh2. the ietf maintains the secure shell standards, which is vendor-neutral. the standards are currently in draft form; once there are two independent implementations available, then they can be submitted as an rfc.

there are currently several implementors, both freeware and commercial, of secure shell.

1.10 can i run secure shell legally?
most likely. it depends on your country's laws for cryptography and which version of secure shell that you're using. check out the information on licensing, cryptography laws, and patents on cryptographic algorithms below.

1.10.1 licensing
the licensing for ssh2 as of the 2.1.0 release has been completely revised. you can use secure shell for free if you are a university user (student, professor, staff, etc) or if you are using it for non-commercial use (playing games, checking personal email, etc.). for any commercial use, you need to have the appropriate license for secure shell. click here for the current licensing information and click here for an faq on the licensing from ssh communications security.

the unix version of ssh 1.2.27 may be used freely for non-commercial purposes and may not be sold commercially as a separate product, as part of a bigger product or project, or otherwise used for financial gain without a separate license. the definition of "commercial use" is generally interpreted as using ssh for anything that would generate financial gain, such as logging into a customers system to do administration, or providing ssh as a secure login to your partners or vendors.

other licensing is developer-dependent.

1.10.2 cryptography laws
in some countries, particularly france, russia, iraq, and pakistan, it may be illegal to use any encryption at all without a special permit.

if you are in the united states, you should be aware that, while ssh was written outside the united states using information publicly available everywhere, the us government may consider it a criminal offence to export this software from the us once it has been imported, including putting it on a ftp site. contact the bureau of export administration, which is under the department of commerce.

there's a really good link that keeps up to date with the wassenaar agreement and the cryptography laws throughout the world. check out bert-jaap koops crypto law survey.

1.10.3 patents on cryptographic algorithms
the algorithms rsa and idea, which are used by ssh, are claimed as patented in different countries, including the us. linking against the rsaref library, which is possible, may or may not make it legal to use ssh for non-commercial purposes in the us. you may need to obtain licenses for commercial use of idea; ssh can be configured without idea and works perfectly fine without it.

for information on software patents in general, see the league for programming freedom's homepage at http://lpf.ai.mit.edu/.

1.11 what operating systems does secure shell run on?
from the secure shell home page:

for ssh1 and the current release of ssh2 (2.2.0), check out the portability page at http://www.ssh.com/ssh/portability.html. for compatability with openssh, check out http://www.openssh.com/portable.html.

there are also non-commercial ports of secure shell for ssh1 including palmos, windows, macintosh, os/2, beos, windowsce, java, and openvms. see section 2 of this faq for information on how to get secure shell.

1.12 . shouldn't i be using only ssh2?
maintainer's note: since this brought up an interesting discussion on the mailing list, it seems to be a good idea to incorporate some of the helpful information that folks brought up. thanks! also, if someone has a better way to organize this section, please let me know.

the ssh1 protocol is not being developed anymore, as ssh2 is being developed as the standard. even if you are not using ssh2, many folks are establishing a path towards it. with three implementations (and growing) of ssh2 currently in the works, there is growing support (especially with the ssh2 protocol in ietf draft). however, there are arguments for and against running ssh1.

note: if you have any additional arguments either way, i'll post them. -ac

there are structural weaknesses in ssh1 which leave it open to additional attacks
ssh1 is subject to a man-in-the-middle attack
ssh1 has more supported platforms
ssh1 supports .rhosts authentication (it's against the draft for ssh2
ssh1 has more diverse authentication support (afs, kerberos, etc.)
performance for ssh2 is not equal to ssh1
rick moen posted this software matrix on the mailing list that shows software from diverse authors will perhaps partially explain protocol 1.5's persistence:

highest protocol version supported in software that is:

straight proprietary gratis-usage (non-commercial) unconditional gratis-usage open source [1]
openvms - - - 1.5

os/2 - 1.5 none none

unix 2.0 2.0 none 2.0

win32 - 2.0 none 2.0

straight proprietary gratis-usage (non-commercial) unconditional gratis-usage open source [1]
amiga os 1.5 1.5 none none

beos - 1.5 none none

java - - none 1.5 [2]

macintosh 2.0 - 1.5 none

openvms - - - 1.5

os/2 2.0 1.5 none none

palmos - - 1.5 none

unix 2.0 2.0 1.5 2.0

win16 2.0 1.4 none none

win32 2.0 2.0 1.5 2.0

wince 1.5 none - none

[1] as is defined by the open source initiative at http://www.opensource.org/osd.html. the three columns leftwards are breakdowns of all non-open-source categories, i.e., different classes of proprietary licences.

[2] mats andersson says mindterm will soon support secsh 2.0.

diane yi of the beckman institute had some slides that compare the protocols:

if you are installing a daemon, check to make sure your remote clients are connecting to you with the right version of secure shell. an ssh1 daemon will only work with ssh1 clients. an ssh2 daemon will work with ssh2 clients. however, an ssh2 daemon built with ssh1 compability will support both ssh1 and ssh2 clients. for more information on building ssh2 with ssh1 compatibility, see section 9.5.

2. getting secure shell
this section should give you information on where to pick up different implementations of secure shell. click here for the contents of this section.
2.1. where is the official secure shell distribution and mirror sites?
if you're looking for the official release of secure shell, it is listed below. remember that non-commercial users (universities, non-profit, and personal use) is free of charge. otherwise, ssh secure shell must be properly licensed.

all official releases are signed, and now you can use dss/dsa signatures to check for those of us who have to deal with the rsa patents *grumble* *grumble*.

2.1.1 offical site
the central site for distributing ssh is at ssh communication security. the application is available at ftp://ftp.ssh.com/pub/ssh/. if you wish to license ssh secure shell for either commercial or university distribution (remember, no cost to universities or non-profit organizations), please go to http://commerce.ssh.com

information on how to check signatures is available at ftp.ssh.com/pub/ssh/howto-check-signatures.

official releases of ssh1 are pgp-signed (rsa only), with the following key id: type bits key id date user id
rsa 1024 dcb9ae01 1995/04/24 ssh distribution key <[email protected]>
key fingerprint = c8 90 c8 5a 08 f0 f5 fd 61 af e6 ff cf d4 29 d9

official releases of ssh2 are pgp-signed (both rsa and dsa), with the following key ids *: type bits key id date user id
rsa 2048 afca7459 1998/07/11 ssh 2 distribution key <[email protected]>
key fingerprint = 2a 06 2c 83 f0 a6 72 52 3a 4d 4a fa 20 15 ee 74
dsa 1024 83fb127c 2000/06/13 ssh 2 distribution key <[email protected]>
key fingerprint = a348 205d f1d8 2297 0a46 d961 ed7b 28cd 83fb 127c

note: these keys also use the [email protected] address for signing.

2.1.2 mirrors
secure shell is also available via anonymous ftp from the sites listed at http://www.ssh.com/ssh/download.html. because they are updated regularly, it is too difficult to keep them up to date here.

2.2 how about getting other relatively free versions of secure shell?

here is a list of other implementations secure shell clients and servers. the official distribution from ssh communications security is not included with these downloads. please note that they should interoperate with each other; however, this is developer-dependent.

please note that these distributions may or may not be actively maintained. the owners may not notify people if they are still maintaining the software, and it may or may not work. this information is up here for your information, and if you legally can run the software--to play with it.

if you're looking for a really complete list of secure shell clients, take a look at rick moen's list at http://linuxmafia.com/pub/linux/security/ssh-clients.

2.2.1 unix
niels mцller is developing a gpl'd c implementation of the ssh version 2 protocol. pick up the latest release (which is currently at 0.9.13) at http://www.net.lut.ac.uk/psst/download.html.

the folks from openbsd has also created a free secure shell implementation of ssh1 and ssh2. you can find it at http://www.openssh.com/. the ports are available for linux, solaris, freedbsd, and many others.

openssh is part of the base os for openbsd, just as rsh, telnet, ksh, etc are installed. if you download the ftp://ftp.openbsd.org/pub/openbsd/2..../base26.tar.gz you will find that ./usr/bin/ssh is one of the files included. in other words, it is part of the base tarball that everybody on every install gets.

at the end of the install, one has the option of installing the usa based rsa implementation, the international rsa implementation, or no rsa implementation; in this last case, only protocol v2 will be used. (if installed, rsa gets retrieved via ftp to avoid patent problems).

you can also get bjoern groenvall's ossh (an older freeware port of ssh1) at ftp://ftp.pdc.kth.se/pub/krypto/ossh/.

2.2.2 java
there are a couple of different java implementations of secure shell.

cйdric gourio's ssh1 java-applet - http://www.cl.cam.ac.uk/~fapp2/software/java-ssh/.
mindterm and mindtunnel - http://www.mindbright.se/english/technology
mindvnc, a virtual network computer using ssh1 - http://www.mindbright.se/english/technology
java telnet application has an secure shell plugin - http://www.mud.de/se/jta/doc/plugins/ssh.html
2.2.3 windows
for some reason, a lot of people have created secure shell ports to windows :-). this is the current list of windows ports.
robert o'callahan's ttssh, ssh1 extension to teraterm client - http://www.zip.com.au/~roca/ttssh.html
gorden chaffee's command line port of ssh1 and scp1 - http://bmrc.berkeley.edu/people/chaffee/winntutil.html
sergey okhapkin's ssh1 and ssh2 servers and clients port to 32-bit windows - http://www.lexa.ru/sos/
corinna vinschen has ported openssh to cygwin- ftp://ftp.franken.de/pub/win32/devel...corinna/v1.1.1
putty, simon tatham's 32-bit windows (ssh 1 & 2) client - http://www.chiark.greenend.org.uk/~sgtatham/putty.html
fissh, mass confusion's 32-bit ssh1 client for windows - http://mit.edu/ssh/fissh
cynus win32 port of secure shell 1.2.2 by raju mathur - http://reality.sgi.com/raju/software.html
penguinet secure shell and telnet client - http://www.siliconcircus.com/penguinet (shareware)
cedomir igaly's ssh1 windows 16 and 32 bit clients are no longer available.

2.2.4 macintosh
niftytelnet 1.1 secure shell is jonas wallden's implementation of ssh1 for macintosh. it is available at http://www.lysator.liu.se/~jonasw/freeware.html.

macssh is an ssh2 implementation for mac clients. you can find it at http://www.macssh.com.

2.2.5 openvms
there is david jones' openvms ssh1 server available at http://www.er6.eng.ohio-state.edu/~jonesd/ssh/. the openvms ssh1 client is done by christer weinigel and richard levitte and is available at http://www.free.lp.se/fish/.

2.2.6 handheld devices
the isaac group released a version of the ssh1 client for the palm pilot, top gun ssh 1.2. it's available at http://www.isaac.cs.berkeley.edu/pilot/.

mov software has released a port of ssh1 to windowsce called sshce. you can register for beta testing at http://www.movsoftware.com/sshce.htm. please note that this has been in "late beta testing" for over a year now, so we're not sure if this is actively being worked on.

2.2.7 beos
the current beos r4 port of ssh1 for intel and powerpc platforms is available through bebits at http://www.bebits.com/app/703. also, check out the sshlogin client at http://www.bebits.com/app/746.

2.2.8 os/2
the most current port of the ssh1 client to os/2 is available at ftp://hobbes.nmsu.edu/pub/os2/apps/i...-1.2.27-b1.zip, which runs on os/2 warp 3+. there is also another secure shell program available at ftp://hobbes.nmsu.edu/pub/os2/apps/i.../sshos203.zip; however, we have no idea what it is.

2.2.9 dos
there's now a port of ssh1 to dos (yes, disk operating system) available at http://www.vein.hu/~nagyd.

2.3 how about getting commerically supported versions of secure shell?
there are three current commercial releases of secure shell. they are distributed by ssh communication security, f-secure (formally datafellows), and van dyke software.

2.3.1 ssh secure shell
ssh secure shell is available from http://www.ssh.com/ssh. the product includes clients for windows (which integrates secure file transfer in a gui) and unix (which includes a server that allows two simultaneous connetions), and server available for unix as well. please contact ssh communications security directly for more information.

2.3.2 van dyke software securecrt
securecrt is available at http://www.vandyke.com/products/securecrt/. this secure shell client runs on windows platforms and supports the ssh1 and ssh2 protocol. they also have securefx, a file transfer product that does ftp tunneling over ssh2. please contact van dyke directly for more information.

2.3.3 f-secure tunnel and terminal
f-secure tunnel and terminal is available at http://www.f-secure.com/products/cry...hy/f-sshtt.htm. it runs on unix, windows, and macintosh. it implements the ssh2 protocol, and does have a command-line scp for windows. please contact f-secure directly for more information.
2.3.4 appgate client and server
appgate provides a gateway for applications using a centralized database for authentication using secure shell. it works on win16, win32, unix, os/2, and macintosh. go to http://www.appgate.com for more information.

2.3.5 emtec zoc
emtec's zoc is a terminal emulator that supports secure shell. it runs on os/2 and windows 32-bit. for more information, please see http://www.emtec.com/zoc/.

3. installing secure shell
this section gives you basic information on how to install the secure shell distribution from ssh communications security. click here for the contents of this section.

3.1. what is the latest version of secure shell?
the latest version of ssh1 is 1.2.27, and ssh2 is 2.2.0. if you are not using the latest version, you may run into problems.

the latest version of lsh is 0.9.14, and be aware that lsh is still in testing mode and is not ready for prime-time yet.

3.2. how do i install secure shell?
to install secure shell (either ssh1 or ssh2), download the tar files and place in a directory (either /tmp or /usr/local/src). then do the following:

# gzip -dc ssh-2.2.0.tar.gz | tar -xvf -
# cd ssh-2.2.0
# ./configure
# make
# make install
please read the install file for more specifc instructions on ssh1, and for ssh2, please read the readme.

if you run into any problems, check out the troubleshooting section before sending it to the secure shell mailing list.

note: you may have to use specific options with configure to get secure shell to work the way you want (with certain ciphers, using tcp wrappers, socks support, etc.).

3.3 does it make sense to install secure shell as a non-root user on unix?
if you run the server, sshd or sshd2, as a user other than root then you can only login as that user.

if you install the client, ssh or ssh2, non setuid root you will still be able to connect and login to remote servers, but you will not be able to use hostbased authentication.

you can also start up sshd yourself as non-root, supplying the -p option so it binds to a non-privileged port (port number higher than 1024), and then connect from another system with ssh -p. this will only allow connections to your own account, and sshd will, as a rule, not be restarted when your machine reboots.

you will have to decide whether this is useful for you or not.

3.4 where do i get pre-compiled binaries for secure shell?
redhat rpms:

ssh-2.2.0 - ftp://ftp.ssh.com/pub/ssh/rpms. this includes both binaries (with and without x) and source
ssh-2.0.11 - ftp://ftp.zedz.net/pub/cryptoi/linux/redhat/test_rpms
openssh - ftp://ftp.openbsd.org/pub/openbsd/openssh/portable/rpm
solaris 2.6, 2.7:

ssh-1.2.27 with sdi patch - ftp://ftp.parc.xerox.com/pub/jean/so...g/5.6/sshsdi.z
pgp signature - ftp://ftp.parc.xerox.com/pub/jean/so...6/sshsdi.z.asc
ssh communications security and f-secure also include binaries for several flavors of unix.

4. running secure shell
this section gives you basic information on how to run the clients and servers from ssh1 and ssh2. this covers the secure shell distribution from ssh communications security. click here for the contents of this section.
4.1. how do i run ssh1?
this part goes into some very basic usage about the latest release of ssh1, 1.2.27. if this doesn't answer your question, try the man pages that came with the distribution (read the fine manual :-).

4.1.1 ssh1
to use ssh1 to login to a computer with the same username:

$ ssh remote.example.org

to use ssh1 to login to a computer with a different username:

$ ssh -l username remote.example.org

to use ssh1 to securely send a command to a remote system:

$ ssh remote.example.org command

you can also define the cipher, turn on compression, define configuration file location, forwarding, and many other things. for more information, check out the ssh1 man page.

4.1.2 scp1
to use scp1 to copy a file to a remote system:

$ scp localdir/to/filelocation [email protected]:/dir/for/file

to use scp1 to copy a remote file to the local system:

$ scp [email protected]:/dir/for/file localdir/to/filelocation

to keep the file attributes of the source file from the source host, use -p:

$ scp -p [email protected]:/dir/for/file localdir/to/filelocation

for more information, check out the scp1 man page.

4.1.3 sshd1
to run the sshd1, just type it on the command line (usually as root, unless you're not running an ssh daemon as root).

# sshd

you can also define the host key files, the configuration files, the port, and the number of bits in the server key. see the man page for more details.

note: to make sure the ssh daemon starts up whenever the system is rebooted, be sure to add it to your startup scripts. do not try to start sshd from init.

4.1.4 ssh-agent1
to put public keys in memory, use ssh-agent. to run it by itself, it will run in the background and load your public key into memory:

$ ssh-agent

if you want to run it with an x-window (like xterm or dtterm), you can run it like so:

$ ssh-agent xterm &

here's the man page.

4.1.5 ssh-add1
you can add other identities to ssh-agent using ssh-add. you can also list and delete identities with ssh-add (which should have been named ssh-identity manager :-).

to add an identity:

$ ssh-add identityfile

if used without any file defined, it will automatically add the default identification file. see the man page for more details.

4.2. how do i run ssh2?
this part goes into some very basic usage about the latest release of ssh2, 2.0.13. if this doesn't answer your question, like ssh1--try the man pages that came with the distribution.

4.2.1 ssh2
in ssh2, it uses similar syntax that ssh1 uses. to use ssh2 to login to a computer with the same username:

$ ssh2 remote.example.org

to use ssh2 to login to a computer with a different username:

$ ssh2 -l username remote.example.org

to use ssh2 to securely send a command to a remote system:

$ ssh2 remote.example.org command

you can play with more functionality on ssh2 than ssh1 like toggling the forwarding for the authentication agent and x traffic. note that the options are different from ssh1. for more information, check out the ssh2 man page.

4.2.2 scp2
to use scp2 to copy a file to a remote system:

$ scp2 localdir/to/filelocation [email protected]:/dir/for/file

to use scp2 to copy a remote file to the local system:

$ scp2 [email protected]:/dir/for/file localdir/to/filelocation

to keep the file attributes of the source file from the source host, use -p:

$ scp2 -p [email protected]:/dir/for/file localdir/to/filelocation

also note that scp2 has other functionality such as simulating a smv (secure move) command with the -u option. for more information, check out the scp2 man page.

4.2.3 sshd2
to run the sshd2, just type it on the command line (usually as root, unless you're not running an ssh daemon as root).

# sshd2

you can also define the host key files, the configuration files, the port, and other options (there is no server key in sshd2). see the man page for more details.

note: to make sure the ssh daemon starts up whenever the system is rebooted, be sure to add it to your startup scripts. do not try to start sshd from init.

4.2.4 ssh-agent2
to put public keys in memory for ssh2, use ssh-agent2. to run it by itself, it will run in the background and load your public key into memory:

$ ssh-agent2

if you want to run it with an x-window (like xterm or dtterm), you can run it like so:

$ ssh-agent2 xterm &

here's the man page.

4.2.5 ssh-add2
you can add other identities to ssh-agent2 using ssh-add2. you can also list and delete identities with ssh-add2 (which should have been named ssh-identity2 manager :-).

to add an identity:

$ ssh-add2 identityfile

if used without any file defined, it will automatically add the default identification file. see the man page for more details.

4.2.6 sftp2
to transfer data using secure shell, use the sftp2 client. the syntax is:

$ sftp2 remoteserver user

the remote server should be running sshd2. see the man page for details.

4.3. how do i administer secure shell after i have the daemon running?
the central problem of administering ssh is the management of host keys. to allow a client to connect to a remote host with public key host authentication, the server needs to know the client's public key.

for ssh1, you can collect these automatically each night using either make-ssh-known-hosts.pl (distributed with the ssh source distribution) or with the much faster ssh-keyscan, from ftp://ftp.ssh.com/pub/ssh/contrib/.

with these utilities, you can write scripts to verify public keys on a regular basis. when new machines are running ssh or people have changed public keys, you may want to contact the people in question directly, to make sure there were no man in the middle attacks (to which these utilities are vulnerable).

there will be more information later for managing host keys with ssh2.

4.4. how do i get hostbased authentication to work with ssh2?
for ssh2 release earlier than 2.2, please upgrade. it's so much easier to get hostbased authentication working with 2.2 than the earlier releases.

most of this is from the faq that comes with the 2.2 distribution; however, i've made some more additions to this to make it easier.

megatron is the secure shell server into which you're trying to connect. megatronuser is the username on the server into which you'd like to login. optimus is the machine running a secure shell client. optimususer is the username on the client that you'd like to allow to login to the megatron as the server user.

step 1.

of course, install secure shell on the megatron and optimus machines. do not forget to install the hostkey. if your installation did this, or you already have a copy of your /etc/ssh2/hostkey and /etc/ssh2/hostkey.pub, you do not need to do this:

# ssh-keygen2 -p /etc/ssh2/hostkey

step 2 - ssh2

copy the optimus's /etc/ssh2/hostkey.pub file over to megatron and name it to /etc/ssh2/knownhosts/optimus.ssh.com.ssh-dss.pub.

you'll want to use the long hostname (the fully qualified hostname). at least linux can be a real pain if the system doesn't recognize the hostname as megatron.ssh.com and recognizes it as megatron. you can find this out while running sshd2 in verbose mode when trying to make connections.

to make sure that secure shell finds your complete domain name, not just the hostname, you can make sure you change the following line in the configuration file /etc/ssh2/ssh2_config:

defaultdomain your.domain.here

this gives megatron optimus's public key so megatron can verify optimus's identity based on a public key signature. by contrast, rsh only uses the ip address for authentication.

step 3.

on megatron, create a file in the megatronuser's home directory named .shosts. the contents of this file should be the optimus hostname, some tabs or spaces, and the optimususer username.

contents of ~/.shosts:

optimus.ssh.com optimususer

be sure to chown and chmod the .shosts file. the .shosts file must be owned by the remote user and should be mode 0400.

step 4 - ssh2.

check the file /etc/ssh2/sshd2_config and make sure that allowedauthentications contains the word hostbased for example, it may read:

allowedauthentications hostbased,passwd

it doesn't matter what's in there, just make sure that the hostbased variable is in the list somewhere.

if you had to modify the sshd2_config file, you'll have to hup the sshd to make the change take effect.

# kill -hup `cat /var/run/sshd2_22.pid`

step 5.

on optimus, you need to make sure that you have the allowedauthentications field in /etc/ssh2/ssh2_config set to included hostbased. if hostbased is not in there, this will not work. step 6.

you should be all set.

on optimus, log in as the clientuser and try this:

$ ssh [email protected] uptime

you should get back the results of uptime run on the remote server.

note: the first time you run ssh to that particular server, you'll have to answer "yes" when asked if you want to connect to the server. this is because the local ssh doesn't yet have the remote server's secure shell public key. this will only happen the first time.


with ssh2, did you name the hostkey file appropriately? it should be /etc/ssh2/knownhosts/hostname.ssh-dss.pub and hostname may need to be the short hostname or the long hostname. if you're not using dns, you'll need to make sure you're /etc/hosts file has the long host name (fqdn) listed:

myhost.example.com myhost

did you copy the hostkey properly?
did it get mangled when you copied it over?
check your spelling in the .shosts file.
make sure the .shosts file is owned by the megatronuser?
run the server with the -v flag (for ssh2). this is a great way to see if a hostkey file is missing, or if something is misconfigured.
4.5. how do i get user public key authentication to work with ssh2?
from the faq in the 2.2 distribution (i'll add more to this later):

in remote_host (this is the host where you want to connect to): add the following line to file ~/.ssh2/authorization:

key id_dsa_1024_a.pub #or whatever is your pub keys name

in local_host (this is the host you want to connect from): add the following line to ~/.ssh2/identification:

idkey id_dsa_1024_a #or whatever is your private keys name

you have to create your keypair in local_host, and transfer the .pub-part to remote_host to your $home/.ssh2/ there. generate the keys using ssh-keygen (see 'man ssh-keygen' for details).

4.6. can i run secure shell from inetd?
yes, you can. no, you generally shouldn't. and boy, do i hate this question

when the secure shell daemon is started, it processes its configuration file and generates a cryptographic key. this can take several seconds, especially on a slow or busy server, and the startup time can be unacceptably long.

however, as mike friedman writes: "what many people (including me) do is run a 'backup' sshd at a non-standard port out of inetd, for use just when the standalone sshd has failed. this gives you a way to login to restart the regular sshd (or to investigate why it won't start!), but the latter would still be what most users normally connect to (at the standard port 22)."

if you decide to run secure shell via inetd:

to reduce the startup time for ssh1, you can reduce the size of the key that is generated with the -b flag (e.g. "-b 512"). the default keysize is 768 bits, and a keysize of 512 bits should be small enough to reduce the startup time. this is not recommended, however, as a 512-bit key is significantly easier to break than a larger key. the key size cannot be altered at runtime with ssh2; a new server key must be generated with ssh-keygen2.

when starting sshd from inetd, be sure to pass it the -i flag so it behaves properly.

5. secure shell and other applications
this section gives you some information on how getting secure shell to work with other applications. click here for the contents of this section.
5.1. can i run backups over ssh?
yes. the easiest possible way to do this is:

# tar cvf - | ssh [email protected] "dd of=/dev/tape"

since ssh is a drop-in replacement for rsh, backup scripts should continue to work. you can use datbkr by david cinege, which uses secure shell to do backups over an secure shell connection. you can get datbkr at http://www.psychosis.com/datbkr.

you can also use rdist and rsync, which there is more information at below.

5.2. can i use ssh to communicate across a firewall?
yes. all you need is an open port on the firewall and the sshd or sshd2 listening on the other side.

most people do this on port 22 (the standard port for secure shell), but if you have a bofh, you can also tunnel through another open port through the firewall (i'm sure all those system admins love me now :-) by running a daemon on the remote side on a port that's allowed through a firewall, like ssl (port 443).

set up the remote daemon running sshd on port 443:

# sshd -p 443

then, on your local system, open a connection on port 443:

$ ssh -p 443 remotehost.example.org

you can also use secure shell to tunnel insecure traffic like pop, imap, and others through the firewall as well.

5.3. can i use rdist or rsync with ssh?

if you use rdist, don't forget to compile the path to ssh into it. alternatively, you may specify the -p option so rdist uses ssh, and not rsh.

if you use password authentication with rdist 6.1.2 through 6.1.5, you will need to apply the following patch to rdist to make it work:

--- src/rshrcmd.c.orig tue jun 11 16:51:21 1996
+++ src/rshrcmd.c tue jun 11 16:52:05 1996
@@ -63,7 +63,7 @@
/* child. we use sp[1] to be stdin/stdout, and close
sp[0]. */
(void) close(sp[0]);
- if (dup2(sp[1], 0) < 0 || dup2(0,1) < 0 || dup2(0, 2) < 0) {
+ if (dup2(sp[1], 0) < 0 || dup2(0,1) < 0) {
error("dup2 failed: %s.", syserr);
this also applies if you get a "warning: denied agent forwarding because the other end has too old version." error (which occurs if your client is 1.2.17 or later, and it connects to an older server).
another alternative would be to use rsync, a rdist replacement, which was designed to work with ssh, and makes better use of bandwidth. more information can be found at http://rsync.samba.org/rsync. you can use the --rsh=/usr/local/bin/ssh option to use secure shell as a transport.

5.4. can i use ssh to securely connect two subnets across the internet?
you can run ppp over a regular ssh connection. see http://www.inka.de/~bigred/sw/ssh-ppp-new.txt for a working solution. it's a good idea to enable compression for this. another implementation of this is available at http://www.linuxdoc.org/howto/mini/vpn.html.

however, this may cause problems for forwarding tcp connections, because both the tcp connection over which ssh runs and a tcp connection forwarded over the ppp/ssh tunnel may retransmit at the same time. in this case, it is better to use encrypted ip tunneling via udp. a possible implementation of this is http://www.inka.de/~bigred/devel/cipe.html .

also look into magnus lundstrцm's replacement for ssh-ppp in c for linux, which is now being ported to other os's. see http://detached.net/vpnstarter. the vpnstarter is more reliable (and easier to set up) than ssh-ppp.

5.5. can i use ssh to securely forward udp-based services, such as nfs or nis?
this is not currently implemented in ssh1 or ssh2.

however, there is a general working solution for rpc-based services. this project uses secure shell to increase the security of rpc-based services; so far this has been implemented for nis and nfs.

you can download the latest version of this software from http://www.math.ualberta.ca/imaging/snfs/.
more information is available at ftp://ftp.tu-chemnitz.de/pub/local/i...rpc/readme.rpc

5.6. can i use ssh to protect services like ftp or pop?
if you want to avoid sending ftp passwords in cleartext over the net, you can use ssh to encrypt your command channel. this will still leave your data channel open to all attacks on tcp, and will not work through a firewall.

you can either use ftpsshd by per-erik martin at http://www.docs.uu.se/~pem/hacks/ for ssh1, or you can do this by hand.

ssh1: suppose you are on a host called myhost and want to initiate a ftp connection to ftphost. on myhost, you do

myhost$ ssh -l 1234:ftphost.example.com:21 ssh-server
this logs you on to ftphost and also forwards connections to 1234 on myhost to ftphost.
note: you need to use -g if you're forwarding to localhost (ssh1 only).

then, in another window, you do

myhost$ ftp localhost 1234
220 ftphost ftp server (foonix 08/15) ready.
name: (myhost:yourname):
331 password required for yourname
230 user yourname logged in.
this works if the remote ftp daemon accepts port commands which specify a different host from the one the command channel appears to come from, and if the ftp client always uses port. this is true for vanilla unix ftp client and ftpd servers; it may not work for more advanced ftpds, such as wu-ftpd.
for servers which do not accept this, you can see wether you ftp client supports passive mode, and wether the ftp server accepts pasv.

note, however, that unencrypted ftp data connections are still vulnerable to session hijacking and snooping.

ssh2: just use sftp instead. :-)

for pop, stephane bortzmeyer ([email protected]) has written a script which protects the mail transfer and passwords ussing ssh. it requires no modification to existing pop servers or clients, and is available from ftp://ftp.internatif.org/pub/unix/gwpop/ .

or, you can use similar means for secure pop:

myhost$ ssh -l 1234opserver.example.com:110 ssh-server
other services could be secured by similar means.

5.7. can i use ssh across a socks firewall?
socks 4 and 5 support should work in 1.2.16 or later. socks support in version 2.0.11 and later should work.

5.8. is there ssh support for afs/kerberos?
there's two patches available for afs in secure shell. see section 6 of the secure shell faq.

5.9. can i use tcp wrappers for added security on secure shell?
yes, the secure shell daemon can use tcp wrappers. unlike other tcpwrapped services, the secure shell daemon is not run via inetd and tcpd (doing that will give "packet too long" errors). tcp wrapper support (also called "libwrap support") is compiled into the sshd binary and the sshd runs as a standalone daemon.

to build secure shell with libwrap support, run ./configure with the --with-libwrap=path flag, where path is the full pathname to the libwrap.a file that you installed when you built the tcp wrappers. for example:

./configure --with-libwrap=/usr/local/lib/libwrap.a

when you installed tcp wrappers, you should have kept the tcpd.h and libwrap.a files. usually tcpd.h goes in /usr/local/include and libwrap.a goes in /usr/local/lib. by default, installing tcp wrappers doesn't install these two files, so you may need to grab the tcp wrappers source and recompile it, then install those two files.
in the /etc/hosts.allow and /etc/hosts.deny files, make an entry for the secure shell daemon. be sure that the name of the service matches the name of the sshd binary you're running. e.g. if you run the daemon as "sshd2" then the service must be named "sshd2", and if you run it as "sshd" then the service name must be "sshd"

here are some example hosts.allow entries. for more examples, check the hosts_access(5) man page that came with the tcp wrapper distribution.

# example 1 - allow secure shell from this one subnet
# secure shell daemon is started as /usr/local/sbin/sshd

# example 2 - allow secure shell access from two subnets
# secure shell is started as /usr/sbin/sshd2

# example 3 - won't work because service name is wrong, unless
# you really start your daemon as ssh instead of sshd!

see the tcp wrappers documentation for more details.

5.10. how do i tunnel x through secure shell?
to configure the sources and create an secure shell build that supports x forwarding:

# ./configure --with-x

run make and make install normally. you'll also want to make sure your configuration file is set properly. note that this is the default, and you really do not need --with-w defined.

5.10.1 basic configuration
for ssh1:
in /etc/ssh_config:
forwardx11 yes

in /etc/sshd_config:
x11forwarding yes

for ssh2:
in /etc/ssh2/sshd2_config:
forwardx11 yes

note that you do not have to change the /etc/ssh2/ssh2_config file. if you are running tcp wrappers along with x forwarding, you need to make sure you add the necessary sshdfwd-x11: line in the /etc/hosts.allow file. this should not contain the host you are coming from.

you also do not need to open any additional ports. everything is sent through port 22.

5.10.2 can i configure xdm to go through secure shell?
it is not possible to forward xdmcp over ssh, because it uses udp, not tcp. see section 5.5 of this faq.
in a nutshell: if you want the pc to look like an x terminal, you can't do this securely.

but maybe you'll be able to start dtwm manually after having logged in, if your x server on the pc allows you to use a window manager on the remote end instead of using windows for that purpose. i seem to remember exceed used to allow this, but it's a good while since i did anything with windows, so i'm not so sure about the current breed.

thanks to atro tossavainen for this information.

5.11. can i forward sgi gl connections over ssh?
it is not likely that this will be implemented. gl uses a totally different protocol from x, and at least gld would have to be replaced.

opengl, when run as an x server extension, should pose no problem. you may need to set the environment variable glforcedirect=no.

5.12. does secure shell support digital certificates?
no, not currently. as digital certificates become more popular, secure shell will probably support digital certificates in the future.

5.13. does secure shell work with pgp keys?
only in ssh2. it's supported in release 2.0.13 or later.

6. patches for secure shell

this section gives you information on how to get and apply patches for secure shell. click here for the contents of this section.
6.1. applying patches for secure shell
when you download the patch, make sure you store it in the directory that the distribution is in. for example, if you download the source and store it in /usr/local/src, put the patch in /usr/local/src.

please cd to your ssh source directory, and give the command:

% patch -p 0 < /path/to/sshpath

then run make uninstall, make distclean, configure, make, and make install again.

for each individual patch, you may have to follow different instructions. also, check man patch for more details. the patch command is different on different operating systems.

6.2. official patch distribution from ssh communications security
the official location for recent patches to ssh1 and ssh2 is available from http://www.ssh.com/ssh/patches.html.

6.3. other patch distributions
these patches may use different instructions than the ones listed above.

jim barlow's afs/kerberos5 patch - http://www.ncsa.uiuc.edu/general/cc/.../afs_krb5.html.
dug song's afs/kerberos4 patch - http://www.monkey.org/~dugsong/ssh-afs.
secure shell user contributed patches - http://www.tigerlair.com/ssh/patches.
james barlow maintains a repository for ssh patches at:


his comments:

"i have put in a few patches we have done, a few that have been posted to the newsgroup, and a few others that i know of. there is a page that describes submitting patches, and if anybody has comments they can let me know. most of the patches currently relate to the 1.2.x version, but i can put up patches for the 2.0.x version as well."

7. troubleshooting secure shell
this section gives you very basic information on how to troubleshoot secure shell. this section is especially crucial to get any additions or corrections as secure shell continues to grow and get used. click here for the contents of this section.
7.1. common compiling problems
this section goes over compiling problems that may affect any platform.

7.1.1 compiling fails with some error messages from the assembler.
for some operating systems, there are bugs in the gmp assembler routines. try:

# make distclean
# configure --disable-asm
# make
# make install

to compile.

7.1.2 the configure process cannot find xauth!
check your path. make sure you can find xauth with the "whereis xauth" or "which xauth" command. if not, add the path to xauth the way your shell likes you to do this, then run ./configure again.

another option is to ./configure --without-x.
7.1.3 the configure process cannot find nm"

under solaris, the directory /usr/ccs/bin should be in your path.

7.2. general troubleshooting tips
this section covers some of the problems with running secure shell that are not operating system dependent.

7.2.1 secure shell is doing wrong things for multi-homed hosts!
check whether gethostbyname() really returns the complete lists of possible ip addresses (you might, for example, have your system configured to search /etc/hosts first, which might contain only one of the ip addresses).

7.2.2 ssh asks me for passwords despite .rhosts!
there are several possibilities why this could be the case in ssh1; common ones include
the remote hosts's /etc/ssh_known_hosts is not world readable.
the client host key is not stored in the known_hosts file. note that this has to be the canonical (usually, the fully qualified) domain name.
the client host does not have a reverse mapping in the name servers. note that ssh requires that it has both a reverse mapping, and a forward mapping that contains the original ip address.
a multi-homed client or host does not have all of its ip addresses listed in the dns entry. note that versions prior to 1.2.12 have bugs in handling multi-homed hosts.
user's home directory or ~/.rhosts is world or group-writable (see strictmodes server configuration option).
on some machines, if the home directory is on an nfs volume, ~/.rhosts and your home directory may need to be world-readable.
the root account has to use ~/.rhosts or ~/.shosts; /etc/shosts.equiv and /etc/hosts.equiv are disregarded for root.
confusion between rhostsrsaauthentication and rsaauthentication.
rhostsrsaauthentication is a functional replacement for the 'r' utilities; this requires the ssh program to be setuid root, a secret key in /etc/ssh_host_key file on the client, a corresponding public key entry in /etc/ssh_known_hosts, plus entries in ~/.[sr]hosts or /etc/[s]hosts.equiv.

rsaauthentication is done on a per-user basis and requires a ~/.ssh/identity file on the client side (to be generated with ssh-keygen), plus a matching ~/.ssh/authorized_keys on the server side.

7.2.3 why does ssh loop with "secure connection refused'?
this is a configuration problem.
ssh1 attempts to fall back to the "r" commands when it cannot connect to an ssh daemon on the remote host. it does this by execing your old rsh to use the old protocol.

there are two possibilities why this could be:

you probably have installed ssh as rsh, and forgotten to give the --with-rsh=path option to configure the second time. when ssh is looking for rsh, it keeps executing itself (or an older version of itself). to solve this, recompile ssh with the correct place for rsh.
you moved the old rsh and rlogin into a different directory and correctly are calling the old rsh. the old rsh has a hard-coded path to the old rlogin program, so you wind up execing the old rsh which in turn execs the new replacement (ssh)rlogin.
in that case, you might want to move the old rsh and rlogin binaries into /usr/old, patch the old rsh binary by running the perl script

perl -pi.orig -e 's+/usr/(bin|ucb)/rlogin+/usr/old/rlogin+g ;' /usr/old/rsh
which will generate a patched version of rsh and save the old one in /usr/old/rsh.orig.
reconfigure ssh with --with-rsh=/usr/old/rsh.

ssh2 doesn't ever use rsh. and won't in the future, either. it would be against the draft.

7.2.4 ssh hangs when forwarding multiple tcp connections.
this is due to a known race condition in the ssh protocol before 1.2.13.

some changes have been made to the protocol in 1.2.14 to prevent this. unfortunately, these changes may also cause hangs when using tcp forwarding between 1.2.14 and earlier versions. in these cases, upgrade to 1.2.27 on both ends.

7.2.5 i still see cleartext packages on the net when i run ssh!
it is very likely that you are looking at a telnet, rlogin or x session to the machine that you run ssh on. check that those packets really are ssh packets (for example by checking their port number; sshd listens on port 22).

7.2.6 i have problems with rsaref, something to do with too many bits!
this is a limitation in the rsaref library. you should set a host key with at most 896 bits.

7.2.7 connections are forwarded as root by ssh!
when a client connects, sshd forks a child that does the protocol handling, and this child forks a second child for the user shell or command. the problem is that the setuid() call to the correct user appears only in the second child, so the first child keeps running as root.

among other potential problems this means that connections redirected with -lxstort will be made from the root uid to hostort, since the first child does them. this means that when the target host does an ident query, it gets back only "root" and no indication of the actual user.

this has been reported as a bug; it is not known wether this will be fixed in a future release.

7.2.8 why do i get a connection refused message?
your ssh daemon is likely not running (or unreachable through a firewall). try telnet hostname 22 and see if secure shell answers. also, make sure that the ssh daemon is started by your system's startup scripts, or else the daemon will not automatically start when the system is rebooted.

7.3. x11 forwarding problems
this section goes over some known problems with forwarding x traffic through secure shell.

7.3.1 ssh otherhosh xclient & does not work
no, it doesn't. use "ssh -f otherhost xclient" instead, or "ssh -n otherhost xclient &" if you want a script to be compatible with rsh.

7.3.2 ssh-agent does not work with rxvt!
rxvt closes all file descriptors when starting up, including the one used by ssh-agent. use xterm, or look at the mailing list archives at http://www.cs.hut.fi/ssh/ssh-archive/ for timo rinne's rxvt patch.

7.3.3 x authorization always fails.
this can happen if the xauth program was not found at configure time. correct the path, reconfigure and recompile.

it can also happen if ssh was configured with the --with-libwrap option and the necessary sshdfwd-x11: line in the /etc/hosts.allow file doesn't contain the host you are coming from.

another problem is with solaris. cameron simpson's experience:

we have a longstanding problem with xauth on solaris. about a year ago the solaris x distribution was rebuilt to put the unix socket in a special directory in /var to avoid a security issue with having it in /tmp (an attacker could move it sideways and insert a fake one). then some months later the x distribution was modified again, moving the socket back because the better fix was more careful use of permissions in /tmp.

meanwhile, we'd built our own x distributions for extra stuff and because the sun one lags behind the x.org one. so now we have various x servers and xauth programs lying around which have different ideas about where the x socket it, and ssh forwarding can break if the xauth the sshd runs and the x server the user is using have different mindsets.

the solution is to make sure your homegrown x builds match the current os distribution's ideas. so we're going to have to clean out our old local copies and rebuild, but we've not had time yet. the workaround is to put a symlink in one spot pointing at the other, so both paths to the socket work.

at any rate, you should add "xauth and the x server have different ideas about where the unix domain socket is" to the list of possible causes of xauth failure, listing the above situation as an example.

7.3.4 what does warning: remote host denied x11 forwarding mean?
either the remote end has disabled x11 forwarding (forwardx11 no in the config file), or either the xauth command or the x11 libraries were not found when compiling the server.

7.4. linux
this section goes over some known problems with secure shell on linux systems.

7.4.1 x11 forwarding does not work for an sco binary with the ibcs2 emulator under linux.
you need to set the hostname to the fully qualified domain name for this to work. some linux distributions set the hostname to the first part of the fqdn only.

7.4.2 on linux, compilation aborts with some error message about libc.so.4
this is an incorrectly configured linux system; do a "cd /usr/lib; ln -s libc.sa libg.sa" as root to remedy this.

7.5. solaris
this section goes over some known problems with secure shell on solaris systems.

7.5.1 compiling with solaris 2.5 fails!
set the cpp environment variable to "cc -e -xs" before running configure.
7.5.2 ssh fails with "resource temporarily unavailable" for solaris
for solaris 2.4, this s a kernel bug. get the patch 101945-37 to fix it. please note that at least one earlier version, 101945-36, seems to have reintroduced the bug.

if you experience the same problem with solaris 2.5.1, upgrade to ssh 1.2.27 (this was fixed in 1.2.14), which should solve the problem.

7.5.3 sshd hangs under solaris 2.5!
this is a problem with the solaris shared library code, which causes a hang with some name server functions.
get patch 103187-02 (for x86, 103188-02) to fix this. this problem may or may not be fixed in solaris 2.5.1.

7.5.4 ssh-keygen dumps core on solaris or sunos
this is a bug in gcc 2.7.0, which causes it to generated incorrect code without optimization. supply the "-o" or "-o -g" options to gcc when compiling. alternatively, upgrade to gcc 2.7.2 or later.

7.5.5 i can't get tcp wrappers to work under solaris
some known bugs in secure shell and solaris:
hostbased authentication does not work under solaris is tcp wrappers are used with an secure shell implementation before 2.1.0.pl2 (the connection hangs)
tcp wrappers do not work at all wtih ssh2 under solaris 2.5.1 (the connection hangs)
7.6. other operating systems
this section goes over some known problems with secure shell on other operating systems not covered above. this currently includes aix, hp-ux, and alpha osf/1.

7.6.1 ssh-keygen dumps core on alpha osf!
for alpha osf/1 1.3.2, this is due to a bug in the vendor-supplied compiler with maximum optimization.
turn off all optimization for ssh-keygen, or use gcc. gcc 2.7.2 is known to have problems on the alpha, however.

7.6.2 on hp-ux 9, x authorization sometimes fails.
this is believed to be a bug in hp-ux 9 xauth, sr 5003209619. patch phss_5568 is believed to fix this problem.

7.6.3 userid swapping is broken under aix!
this is a bug in aix 3.2.5, reported as apar ix38941, and fixed by patches u435001, u427862, u426915, and a few others. contact your ibm representative for details.

8. getting support for secure shell
this section gives you a list of references to help you when you run into a problem with secure shell.click here for the contents of this section.
8.1. who provides support for secure shell?
before going to anyone for support, please read the faq (this document :-). please also read the readme and ssh2.quickstart for any general help with ssh2.

the other thing to note is that ssh communications security provides support for their commercial customer; however, they do not have bandwidth to handle non-commercial users.

for the non-commercial releases of secure shell (including other implementations for unix, windows, etc.), please use the ssh mailing list for support.

there are other links listed below including tutorials and publications that may help you.

if you are using the non-commercial release of ssh secure shell as an evaluation before purchasing, please contact ssh communications security directly.

8.1.1. what groups can help me with the "free" versions?
even though secure shell does not provide support for the non-commercial release, you can always ask the nice people on the secure shell mailing list for help. :-)

also, you'll see ssh communications security staff on the list answering questions at times as well.

8.1.2. how can i get commercial support for unix secure shell?
contact ssh communications security directly. if you have purchased another vendor's product, please contact them for commercial support.

8.1.3. how can i get ssh secure shell support for universities?
note: if you know where the sans link is to this, please let one of the maintainers know.

from steve acheson, who is responsible for the sans university secure shell program:

ssh2 is now fully available for university use and distribution. the software is available from the ssh, inc. web site for download with a minimal registration procedure.

the license file is included with the software and is also posted on the web at http://www.ssh.com/products/ssh/ssh_...agreement.html. this license covers the use of the software by any student, faculty member, researcher, employee or administrator affiliated with a university, other accredited non-profit educational or university-affiliated research institution, or charitable organization.

there is also the ability for any of the above organizations to register for a redistribution license in the event they wish to distribute the software to their constituents themselves.

to get the non-commercial version of the software go to http://commerce.ssh.com and scroll to the bottom of the page and click on the link for the version you are interested in.

to get the re-distribution license, please go to


and register for the license.

support for the software is not provided by ssh, inc. if you are having trouble with the software or have questions, please refer them to the mailing list, [email protected].

sans is drafting up a plan to coordinate support issues for universities by a few key universities, when this is available sans will issue additional information at that time.

8.2. if f-secure sells secure shell, what does ssh communications security do?
ssh communications security develops the ssh technology along with ipsec toolkits. however, up until now, ssh communications security was not selling secure shell--they were licensing it strictly through f-secure. ssh communications security now sells secure shell, both windows and unix applications. f-secure still licenses the unix server, but sells their own clients for windows and macintosh.

if you have support issues with your commercial product, please contact the appropriate company. please do not contact ssh communications security for problems with f-secure products, and do not contact f-secure with problems with ssh communications security products.

8.3. secure shell mailing list
if these resources don't help, you can post to the usenet newsgroup comp.security.ssh or send email to the gatewayed mailing list for ssh users at [email protected].

8.3.1. subscribing
to subscribe to the secure shell mailing list, send an email to [email protected], leave the subject and body empty.

if you would like to reduce the volume of messages you receive from the list, but still want to stay informed on the discussions, you can receive a digest of all messages once daily rather than each message individually.

to subscribe to the digest, email: [email protected], leave the subject and body empty. remember to unsubscribe from the regular list if you were subscribed and decide to receive the digest instead.

when you subscribe to the list or digest, you will receive a confirmation message back to the subscribed address. when you receive it, simply follow the instructions to complete the subscription.

8.3.2. unsubscribing
to remove your address from the list, just send a message to the address in the ``list-unsubscribe'' header of any list message. if you haven't changed addresses since subscribing, you can also send a message to: [email protected]

or to unsubscribe from the digest, send a message to: [email protected]

remember to leave the subject and body empty.

when you receive the confirmation message, simply follow the instructions to complete the transaction.

8.3.3. help / administration
for help and a description of available commands, send a message to: [email protected]

if you need to get in touch with the human owner of this list, please send a message to: s[email protected]

please include a forwarded list message with all headers intact to make it easier to help you.

8.3.4. mailing list archives
before subscribing, you might like to take a look at the archives of the mailing list, at

http://www.mail-archive.com/[email protected]#00416

8.4. tutorials
there is a decent user level tutorials available on the web:

kimmo suominen's introduction to secure shell: http://www.tac.nyc.ny.us/~kim/ssh/

8.5. web pages
there are some web pages on various aspects of secure shell. here are the ones i have:


8.6. publications
there are two articles in sunworld by steve acheson on secure shell:

introduction to secure shell, features, etc: http://www.sunworld.com/sunworldonli...-security.html
configuration, installation, etc: http://www.sunworld.com/sunworldonli...-security.html
there is a book out on secure shell (both ssh1 and ssh2), unix secure shell, isbn 0071349332 by anne carasik, available from mcgraw-hill publishing. for those outside of the united states, the book is available without the cd-rom. i hate the us crypto laws.. :-(

9. tips and tricks of secure shell
this section gives you some tips from folks out there who have found some cool ways to get secure shell working in their environment. click here for the contents of this section.

9.1 making secure shell more transparent to users
here is a simple script by ross golder to make using ssh more transparent. when you first login (open an xterm etc.), you'll be prompted for your passphrase. after that, it will automatically configure your environment to the ssh-agent it started.

when logging out of a multi-user machine, i just use a 'killall ssh-agent' (not as root!).

install the following file as $home/.ssh/setup and set the execute permission (chmod 700 setup), and add a call to it in your $home/.bashrc.

# this script is intended to reside in your ~/.ssh directory (don't
# forget to 'chmod 700'), and be included in your shell init script.
# it works by checking for a working ssh agent, otherwise it starts one
# and requests the passphrase.
# if used on a network-connected machine that is up 24/7, you should
# take care to kill your agent when you leave your machine, using
# "eval `ssh-agent -k`".
# for bash and ksh users:
# include the following in your ~/.bashrc or ~/.kshrc or ~/.profile
# . $home/.ssh/setup
# for csh and tcsh users:
# include the following in your ~/.cshrc or ~/.tcshrc
# source $home/.ssh/setup

# configuration #

# enable this if using you have gnome and the following program.
#export ssh_askpass

# if using nfs-based home directories, you probably should specify one
# main workstation here, otherwise it could cause mayhem.

# end of configuration #

function start_agent {
echo "initialising new secure shell agent..."
ssh-agent | head -2 > ${ssh_env}
chmod 600 ${ssh_env}
. ${ssh_env} > /dev/null
ssh-add /dev/null
ps ${ssh_agent_pid} > /dev/null || {

9.2. how do i find out which version of secure shell is running at the remote end?
the simpliest way is to do a telnet hostname 22.

the response you get is something like ssh-[1.99]-2.x.x for a version 2 server and ssh-[1.5]-1.x.x for a version 1 server.

connected to hostname.example.com.
escape character is '^]'.
ssh-1.99-2.1.0.pl2 ssh secure shell

9.3. how do i get ssh2 to compile on a macosx server?
(contributed from dorian moore) here's what i had to do:

# untar ssh1
# cd
# cp /usr/libexec/config.* .
# ./configure --host=nextstep --disable-asm
# mv gmp-2.0.2-ssh-2/gmp-impl.h gmp-2.0.2-ssh-2/gmp-impl.h.old
# sed "s/\!defined(next)/defined(next)/g" gmp-2.0.2-ssh-2/gmp-impl.h.old > \
# make

and it seems to work fine, though the make install doesn't work. i don't know if there is a way of patching the makefile to do the above changes, as thats not really my area.

credit for this info goes to joshua marker ([email protected]) and i found the info via:

9.4. running ssh2 with ssh1 compatibility
since there are many folks still running ssh1, many people want to run ssh2. even though the protocols are incompatible, you can set up "compatibility" with ssh1 and ssh2--so ssh2 forwards the ssh1 connections to the sshd1.

9.4.1 what is ssh1 compatibility?
the ssh1 and ssh2 protocols are not compatible. this means that ssh1 clients cannot connect to a ssh2 daemon. however, the ssh2 daemon can be configured to start up a ssh1 daemon when it receives a connection from a ssh1 client. this allows both ssh1 and ssh2 clients to connect to such a secure shell daemon. the process of handing off to a ssh1 daemon is transparent to the end user.

9.4.2 setting up compatibility
by default, ssh2's ./configure process will look for a compatible ssh1 and will build itself with support for ssh1 compatibility. this means that if you want to set up ssh2 with ssh1 compatibility on a machine that' s not running any secure shell at all, you should install ssh1 first so that ssh2's configure process will find it.

if you are already running ssh2 and you want to add in ssh1 compatibility, it is not necessary to rebuild ssh2. build and install ssh1. then, in the sshd2_config file, make sure that the "ssh1compatibility" variable is set to "yes" and that the "sshd1path" variable is set to the path to your sshd1 binary. example:

ssh1compatibility yes
sshd1path "/usr/local/sbin/sshd1"

be careful about the "sshd" symbolic link. the installation process for both ssh1 and ssh2 changes the sshd symbolic link to point to their binary, either sshd1 or sshd2. if you run your secure shell daemon as "sshd", make sure that the symbolic link is correct so that the right daemon is being started!
a note on startup performance

when a ssh1 request comes in, a ssh1 daemon is started up at that time to process the incoming connection. because the ssh1 daemon has to initialize itself at that time, the initial connection for ssh1 clients can take longer than if the ssh1 server were running as a standalone daemon. the effect is much the same as running the ssh1 daemon via inetd, which is discussed elsewhere in section 4.6.

making changes to the sshd_config file

since the ssh1 daemon is started up with every connection, it will reread the sshd_config file with each new connection. if the sshd_config file is modified, there is no need to hup the ssh2 daemon to make the ssh1 daemon see the changes.

9.4.3 about tcp wrappers and ssh1 compatibility
the ssh2 daemon answers the incoming requests. as such, the tcpwrapper entries pertaining to your ssh2 daemon prevail and any such entries pertaining to your ssh1 daemon aren't processed at all.

for example, if you had these entries in your /etc/hosts.allow file, then ssh1 connections would in fact be allowed from the entire subnet because it is the sshd2 that answers the incoming request.

# allow ssh1 only from a specific computer
# allow ssh2 from the entire subnet

9.4.4 authentication in compatibility mode
the ssh2 daemon handles the incoming connection, including tcpwrapper processing. after that point, it hands off to the ssh1 daemon. this means that the ssh1 daemon handles authentication for ssh1 clients, and the ssh2 daemon handles authentication for ssh2 clients.

this means that if a ssh1 client is trying to use hostbased or publickey authentication, the ssh1 daemon must be properly configured to handle those requests. the ssh2 daemon doesn't need to be configured to handle those requests at all (in fact, those authentication methods could be disabled in the ssh2 daemon), unless such requests will be coming from ssh2 clients.

9.4.5 how do i get hostbased authentication to work with ssh2 and ssh1?
below is a stepwise howto for setting up hostbased authentication for ssh1 or ssh2 or ssh2 with ssh1 compatibility. also included are some notes on using ssh2 with ssh1 compatibility.
note that, before ssh 2.1.0.pl2, hostbased authentication does not work properly on a solaris 2.6 server if libwrap support is compiled into the ssh daemon. for older version fo the ssh daemon, a workaround using ssh2 with ssh1 compatiblity is discussed below.

here, i'll use the following terms:

the server is the secure shell server into which you're trying to connect.
the serveruser is the username on the server into which you'd like to login.
the client is the machine running a secure shell client.
the clientuser is the username on the client that you'd like to allow to login to the server as the server user.
as an example, our backups are done via username "backup" on host tapeserv. on our authserv server, user "root" is trying to connect to tapeserv to make authserv's backups on tapeserv's tape drive. this means that the server is tapeserv, the serveruser is backup, the client is authserv, and the clientuser is "root".
step 1.

of course, install secure shell on the server and client machines.

step 2 - ssh1.

on the client, cat the file /etc/ssh_host_key.pub and copy-n-paste it into notepad or some other text editor. it will look something like this:

1024 35 1255908028087833976430... [email protected]
(the actual number will be much longer)

remove the [email protected] from the end and add the client hostname to the beginning:

authserv 1024 35 1255908028087833976430...

then copy-n-paste this single, very long line into server's /etc/ssh_known_hosts file.
this gives the server the client's public key so the server can verify the client's identity based on a public key signature. by contrast, rsh only uses the ip address for authentication.

step 3 - ssh2.

copy the client's /etc/ssh2/hostkey.pub file over to the server and name it /etc/ssh2/knownhosts/authserv.ssh-dss.pub

of course, since your host isn't named authserv, use your own hostname. generally, you'll want to use the "short" hostname and not the fully qualified hostname.

this gives the server the client's public key so the server can verify the client's identity based on a public key signature. by contrast, rsh only uses the ip address for authentication.

step 4.

on the server, create a file in the serveruser's home directory named ".shosts". the contents of this file should be the client hostname, some tabs or spaces, and the clientuser username.

for example, to allow [email protected] to log into [email protected], i'd place this .shosts file into backup's home directory on tapeserv:

authserv root
be sure to chown and chmod the .shosts file. the .shosts file must be owned by the remote user and should be mode 0400.

step 5 - ssh1.

make sure that this line exists in /etc/sshd_config:

rhostsrsaauthentication yes
this enables the ssh1 daemon to do what we need it to do.
for safety, you may also want to verify this line:

rhostsauthentication no
this disables the use of rhosts-style authentication without corresponding public key authentisation.
if you had to modify the sshd_config file, you have to hup the sshd to make the change take effect.

step 6 - ssh2.

check the file /etc/ssh2/sshd2_config and make sure that allowedauthentications contains the word "hostbased" for example, it may read:

allowedauthentications hostbased,password

if you had to modify the sshd2_config file, you'll have to hup the sshd to make the change take effect.
step 7.

you should be all set.

on the client, log in as the clientuser and try this:

ssh [email protected] uptime
you should get back the results of "uptime" run on the remote server.
the first time you run ssh to that particular server, you'll have to answer "yes" when asked if you want to connect to the server. this is because the local ssh doesn't yet have the remote server's secure shell public key. this will only hapen the first time.

common pitfalls

did you copy the hostkey properly? did it get mangled when you copied it over?

with ssh2, did you name the hostkey file appropriately? it should be /etc/ssh2/knownhosts/hostname.ssh-dss.pub and hostname may need to be the short hostname or the long hostname.

check your spelling in the .shosts file

is the .shosts file owned by the serveruser?

try running the server with the -v flag (for ssh2) or the -d flag (for ssh1) and see if anything useful is generated. this is a great way to see if a hostkey file is missing.

about ssh1 and ssh2 compatibility

at our site we use ssh2 with password-based authentication for interactive sessions. because hostbased authentication doesn't work with ssh2 on solaris, we installed ssh2 with ssh1 compatibility and we use ssh1 for noninteractive hostbased-authenticated backups. it is important to note that it is ssh1 and not ssh2 which handles the hostbased sessions, which means the following:

the server's ssh2 doesn't need the client's ssh2 hostkey. the server's ssh1 needs the client's ssh1 hostkey.
the server's ssh2 doesn't need hostbased authentication enabled.
there's no need to hup anything on the server. the sshd1 is spawned on demand and will see the changes to /etc/sshd_config at that time.
on the client, be sure to use "ssh1" to be sure that the right client is being invoked, e.g.: ssh1 [email protected] uptime

10. the ever-popular miscellaneous section
this section covers some miscellaneous things about secure shell.click here for the contents of this section.
10.1. should i turn encryption off, for performance reasons?
no; you should keep it turned on, for security reasons.

today's cpus are fast enough that performance losses (if any) only are noticable for local ethernet speeds, or faster.

you might want to specify blowfish encryption instead of the default, idea for ssh1 and 3des for ssh2, with -c blowfish, for faster operation.

following are some measurements where the different encryption methods were applied between a p5/90 and a 486/100, both running linux, for copying files with scp across a lightly loaded ethernet.

the model chosen was t=a+x/b; a is the startup time in seconds, and b the sustainable transfer rate in kb/s. also given are the 68.3% confidence intervals for the data, as determined by the levenberg-marquardt algorithm as implemented a pre-3.6 version of gnuplot.

encryption a[s] da[s] b[kb/s] db[kb/s]
none 2.37 0.37 386.1 5.8
rc4 1.96 0.27 318.2 2.9
tss 2.33 0.37 298.5 3.5
des 2.07 0.19 218.8 1.0
idea 2.25 0.45 169.6 1.3
3des 1.92 0.11 118.2 0.2
across a heavily loaded ethernet, rc4 encryption together with compression may actually be faster than using rcp.

10.2. known security bugs with secure shell

all versions of ssh prior to 1.2.12 had a security flaw which allowed local users to get access to the secret host key. this is fixed in 1.2.13 and later. upgrade to 1.2.27 to fix this.
if you run ssh 1.2.13 on alpha osf 1.3 or sco in c2 security mode, local users can gain root access. upgrade to 1.2.27 to fix this. or by upgrading to 1.2.27.
versions of ssh prior to 1.2.17 had problems with authentication agent handling on some machines. there is a chance (a race condition) that a malicious user could steal another user's credentials. this should be fixed in 1.2.17.
the arcfour cipher is used in a way which makes it susceptible in version 1 of the ssh protocol. therefore, its use has been disabled in 1.2.18 and later.
in versions prior to 1.2.23 there was a crc32 compensation attack that allowed the possibility of executing arbitrary commands. make sure you upgrade to 1.2.27.
with 2.0.12,an sshd connection would not die, even if a complete connection was never fully established. that is, when he came from server b to server a, the session on server a would hang when he exits. upgrading to 2.0.13 should fix this problem.

10.3 i don't like the commercial aspects of ssh.
the licensing of ssh secure shell has changed so that if you are using it for non-commercial use, you can use it free of charge. see the licensing agreement for more details.

the good news is the protocols ssh uses are freely available. there are no restrictions if anybody wants to write a version that is available under different conditions and is interoperable with existing secure shell installations.

secure shell 2 is also on the internet standards track. this means that a second, independent implementation is required. the other current ssh2 implementations are lsh and openssh. for ssh1, you have quite a few resources as well, check out section 2.

you will have to be aware of patents, like rsa and idea, and export control issues before writing a second implementation.

10.4 alternatives to secure shell
there are several other secure connection or authentication bits of software about. you might want to check them out as well.
srp: http://srp.stanford.edu/
stunnel: http://www.stunnel.org/
openssl: http://www.openssl.org
ssleay-related: http://www.psy.uq.edu.au:8080/~ftp/crypto/
stone: http://hp.vector.co.jp/authors/va000770/stone/

excellent post shtirlitz!

list of free shell provides:

another list of free shells:

another list of free shells: