Mail Archives: cygwin/2000/12/21/19:25:17
Hi,
I have just uploaded a new version of OpenSSH.
**********************************************************************
*** Please note that this is a TEST VERSION. ***
**********************************************************************
It's not a final version but is created from the current OpenSSH
CVS repository. I have added this version here to allow a bit of
testing what will be new in the next official version of OpenSSH.
To update your installation, click on the "Install Cygwin now" link on
the http://sources.redhat.com/cygwin web page. This downloads setup.exe
to your system. Run setup and answer all of the questions.
**********************************************************************
*** PLEASE, PLEASE, PLEASE, choose a mirror site for your download ***
**********************************************************************
even if it might take a will until this new archive is propagated
to the mirrors. The 'sources.redhat.com' site is badly overloaded.
Ok, what's new and of interest:
- F-SECURE 2.0.12 support. This means, that SSH2 authentication
with F-SECURE is possible now. This should work in both
directions. Personally I have only tested the client side.
- -R portforwarding using SSH2 protocol.
- New SSH2 RSA authentication work and -R portforwarding for SSH2.
The new RSA authentications works similar to the current SSH2 DSA
keys, but requires a little modification to config files. Currently
RSA key cannot be shared between SSH1 and SSH2.
To generate keys, ssh-keygen now has a type '-t' parameter. Valid
types are 'rsa1' (for SSH1 RSA keys), 'rsa' (SSH2 RSA) and 'dsa'
(SSH2 DSA). Eg. "ssh-keygen -t rsa -f ~/.ssh/id_rsa" will generate
a new SSH2 RSA key.
For public key authentication, just copy the public portion of the
RSA key into your ~/.ssh/authorized_keys2 file. It is normal for the
public RSA keys to be shorter than DSA keys.
SSH2 RSA keys are fully supported by ssh-agent. Keys are tried in the
order in which they are added to the agent, so 'ssh-add' your RSA key
first if you want to try it out.
For the server, all hostkeys are now unified and sshd will
automatically detect the type of a host key. The 'HostDSAKey'
option is therefore deprecated in favor of 'HostKey'. To specify
RSA and DSA keys for SSH2 use, just use more 'HostKey' options.
The 'DSAAuthentication' option is deprecated in favour of the
general 'PubkeyAuthentication' option.
The host key section of my sshd_config looks like this:
HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
For the client, the 'IdentityFile2' option is deprecated in favor of
an autodetecting 'IdentityFile' option. You can specify rsa1, dsa and
rsa keys using this option.
RSA pubkey auth seems a little quicker than DSA and it is not
vulnerable to the problems described in the WARNING.RNG file in
the source archive.
- ssh-config now asks for creating the SSH2 RSA key files described
above. Additionally it creates some default entries for the "HostKey"
lines in /etc/ssh_config and /etc/sshd_config. However, these lines
are in comments to give you the choice which host keys you want to use.
This ssh-config will not be the final version. I'm planning to change
it so that the HostKey lines in the config files are created according
to the just created or already existing host key files and I want to
split up ssh-config into two files, one for the host configuration
and one for the user configuration.
Have fun,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:cygwin AT cygwin DOT com
Red Hat, Inc.
--
Want to unsubscribe from this list?
Check out: http://cygwin.com/ml/#unsubscribe-simple
- Raw text -