Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION Installation Manual page 856
Hide thumbs
Also See for LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION:
- Manual (184 pages) ,
- Supplementary manual (50 pages) ,
- Quick manual (12 pages)
Table of Contents
Advertisement
For the communication between SSH server and SSH client, OpenSSH supports ver-
sions 1 and 2 of the SSH protocol. Version 2 of the SSH protocol is used by default.
Override this to use version 1 of the protocol with the -1 switch. To continue using
version 1 after a system update, follow the instructions in /usr/share/doc/
packages/openssh/README.SuSE. This document also describes how an SSH 1
environment can be transformed into a working SSH 2 environment with just a few
steps.
When using version 1 of SSH, the server sends its public host key and a server key,
which is regenerated by the SSH daemon every hour. Both allow the SSH client to en-
crypt a freely chosen session key, which is sent to the SSH server. The SSH client also
tells the server which encryption method (cipher) to use.
Version 2 of the SSH protocol does not require a server key. Both sides use an algorithm
according to Diffie-Helman to exchange their keys.
The private host and server keys are absolutely required to decrypt the session key and
cannot be derived from the public parts. Only the SSH daemon contacted can decrypt
the session key using its private keys (see man
/usr/share/doc/packages/openssh/RFC.nroff). This initial connection
phase can be watched closely by turning on the verbose debugging option -v of the
SSH client.
The client stores all public host keys in ~/.ssh/known_hosts after its first contact
with a remote host. This prevents any man-in-the-middle attacks—attempts by foreign
SSH servers to use spoofed names and IP addresses. Such attacks are detected either
by a host key that is not included in ~/.ssh/known_hosts or by the server's inabil-
ity to decrypt the session key in the absence of an appropriate private counterpart.
It is recommended to back up the private and public keys stored in /etc/ssh/ in a
secure, external location. In this way, key modifications can be detected and the old
ones can be used again after a reinstallation. This spares users any unsettling warnings.
If it is verified that, despite the warning, it is indeed the correct SSH server, the existing
entry for the system must be removed from ~/.ssh/known_hosts.
838
Installation and Administration
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION
Related Products for Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION
- NOVELL BUSINESS CONTINUITY CLUSTERING 1.0 - ADMINISTRATION
- NOVELL CLIENT 1.0 FOR LINUX - README
- NOVELL SENTINEL LOG MANAGER 1.0.0.4 - S
- NOVELL SENTINEL LOG MANAGER 1.0.0.5 - S
- NOVELL ZENWORKS 10 ASSET MANAGEMENT SP3 - MIGRATION GUIDE 10.3 23-03-2010
- NOVELL ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - COMMAND LINE UTILITIES REFERENCE 10.3 30-03-2010
- NOVELL ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - PREBOOT SERVICES AND IMAGING REFERENCE 10.3 16-04-2010
- NOVELL ZENWORKS 10 CONFIGURATION MANAGEMENT SP3 - ZENWORKS REPORTING SERVER 10.3 30-04-2010
- NOVELL ZENWORKS 7.2 LINUX MANAGEMENT - SCENARIOS 1 03-30-2007
- NOVELL OPEN WORKGROUP SUITE SMALL BUSINESS EDITION 9.3 - ADMINISTRATION 10-2007
- Novell SUSELINUX ENTERPRISE DESKTOP 10 KDE
- Novell SUSE LINUX ENTERPRISE DESKTOP 10 SP1 KDE
- Novell LINUX ENTERPRISE 10 SP1 - LINUX AUDIT
- NOVELL BUSINESS CONTINUITY CLUSTERING FOR NETWARE 1.1 - ADMINISTRATION
- NOVELL DATA SYNCHRONIZER - UPDATE 1
- NOVELL LINUX ENTERPRISE DESKTOP 11 - KDE