Lines Matching refs:and
2 [ Please note that this file has not been updated for OpenSSH and
6 network, to execute commands in a remote machine, and to move files
7 from one machine to another. It provides strong authentication and
9 replacement for rlogin, rsh, rcp, and rdist.
12 license terms and other legal issues. See RFC for a description of
21 routing, and DNS spoofing). New authentication methods: .rhosts
22 together with RSA based host authentication, and pure RSA
25 o Improved privacy. All communications are automatically and
26 transparently encrypted. RSA is used for key exchange, and a
29 authentication, and no passwords or other information is
34 the server machine, and forwards any X11 connections over the
36 generated and forwarded to the remote machine; the local client
37 automatically examines incoming X11 connections and replaces the
45 automatically, and old .rhosts files will work with strong
54 spoofing) and man-in-the-middle attacks, and the server
62 recorded and used for authentication in the future), or manually
63 by each user for his/her own use. The central and per-user host
64 key repositories are both used and complement each other. Host
77 server key and the server host key. The purpose of the separate
87 authentication agent over any connections, and there is no need to
95 o The software can be installed and used (with restricted
98 o The client is customizable in system-wide and per-user
106 and TCP/IP port data), which may result in significant speedups on
109 o Complete replacement for rlogin, rsh, and rcp.
118 criminals, industrial spies, and governments. Some networks leak off
126 just to listen to the network and collect passwords. Programs for
131 monitored, recorded, and analyzed. For example, an intruder who has
133 that listens to all data flowing in the network, and whenever it
135 number (using the check digit), and saves the number plus any
136 surrounding text (to catch expiration date and holder) in a file.
139 the world, and disappears when the goods arrive but before anyone
156 personal interests and habits, professional data, job applications,
159 One should also be aware that economical intelligence and industrial
162 economical espionage as the primary task of the CIA, and the French
168 communications. Computer storage and analysis capability has
170 companies, and criminal organizations to automatically analyze,
171 identify, classify, and file information about millions of people over
176 systems, telephones, fax, computer networks, etc., and passively
179 sensitive, and many people would say there is no harm in someone
198 too effectively, it becomes too easy to locate and eliminate any
201 Fighting crime and terrorism are often used as grounds for domestic
202 surveillance and restricting encryption. These are good goals, but
208 contra-offical information and unable to overturn the government if it
213 For these reasons (privacy, protecting trade secrets, and making it
222 are no longer any grounds for this. The military can and will use its
224 protecting their privacy and secrets. Information on strong
226 and patent office around the world, and strong encryption software is
235 monitor ordinary people and petty criminals. It does not help against
246 listens for connections from client machines, and
248 authentication and starts serving the client.
256 ssh-keygen Used to create RSA keys (host keys and user
284 and /etc/hosts.equiv, RSA authentication, or conventional password
286 pseudo-terminal and starts an interactive shell or user program.
294 create a dummy X server and set DISPLAY accordingly. Any connections
296 and will be made to the real X server from the client side. An
297 arbitrary number of X programs can be started during the session, and
305 program then creates a port on one side, and whenever a connection is
306 opened to this port, it will be passed over the secure channel, and a
309 and cannot be used to forward privileged ports (unless the user is
318 ssh-keygen(1), ssh-agent(1), ssh-add(1), and make-ssh-known-hosts(1)
325 because there is no need to set the DISPLAY variable, and it provides
328 libraries would require special work for each machine, vendor and
331 same machine where the clients are run, and forwarding the connections
336 data, and sends the random data to the server. The server allocates
337 an X11 display number, and stores the (fake) Xauthority data for this
339 the connection over the secure channel to the client, and the client
341 authentication data for the fake data (if the fake data matched), and
345 unix domain socket in /tmp/.X11-unix, and use the unix domain socket
349 machine, and the server must have connections allowed from the local
361 and the recommended way to execute an X11 application in a remote
377 that there are two encryption keys, one for encryption and another for
380 the public key, because it can be given to anyone and it is not
381 secret. The decryption key, on the other hand, is secret, and is
392 and sends the value to the client. The client then decrypts the
394 resulting data, and sends the checksum back to the server. (Only a
397 and compares the checksums. Authentication is accepted if the
406 file and the passphrase. Without passphrase, authorization only
415 itself. RSA has been widely known since about 1978, and no effective
421 512 bits. However, as computer speeds and factoring methods are
423 factoring work is exponential, and 768 or 1024 bits are widely
429 Conventional .rhosts and hosts.equiv based authentication mechanisms
430 are fundamentally insecure due to IP, DNS (domain name server) and
433 tolerable, and been known and exploited for a long time.
436 because they are very convenient for the user (and allow easy
437 transition from rsh and rlogin). It permits these types of
441 The server has a list of host keys stored in /etc/ssh_known_host, and
444 looks for its public key in its known host files, and requires the
446 and routing spoofing attacks (as long as the client machine private
448 attacks (to a limited extent), and relies on the integrity of the
454 It is possible to enable conventional .rhosts and /etc/hosts.equiv
457 recommended, and is not done by default.
459 These weaknesses are present in rsh and rlogin. No improvement in
460 security will be obtained unless rlogin and rsh are completely
474 communications, and a very talented root user might even be able to
483 Beware that unwanted visitors might come to your home or office and
495 licensing, and distribution information.
497 In some countries, particularly France, Russia, Iraq, and Pakistan,
499 permit, and the rumor has it that you cannot get a permit for any
506 Note that any information and cryptographic algorithms used in this
507 software are publicly available on the Internet and at any major
521 archive of the mailing list, and detailed information about new
522 releases, mailing lists, and other relevant issues.
532 available via finger from ylo@cs.hut.fi and from the key servers. I
547 I thank Tero Kivinen, Timo Rinne, Janne Snabb, and Heikki Suonsivu for
548 their help and comments in the design, implementation and porting of
557 Surmacz, Alvar Vinacua, Petri Virkkula, Michael Warfield, and
560 Thanks also go to Philip Zimmermann, whose PGP software and the
561 associated legal battle provided inspiration, motivation, and many
562 useful techniques, and to Bruce Schneier whose book Applied