os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Whitespace change only.

Browse source 
PR:		docs/31580
Submitted by:	Martin Heinen <martin@sumuk.de>
This commit is contained in:
Murray Stokely 2001-10-29 11:02:50 +00:00
parent 58a809138a
commit 9e043bbbd6
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=11069
1 changed files with 62 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
en_US.ISO8859-1/books/handbook/security/chapter.sgml
View file

@ -2577,8 +2577,7 @@ FreeBSD BUILT-19950429 (GR386) #0: Sat Apr 29 17:50:09 SAT 1995</screen>
<filename>/etc/rc.conf.local</filename> or <filename>/etc/rc.conf.local</filename> or
<filename>/etc/rc.conf</filename> to enable your firewall, <filename>/etc/rc.conf</filename> to enable your firewall,
it is important to make sure your firewall is enabled before it is important to make sure your firewall is enabled before
any IP interfaces are configured. any IP interfaces are configured.</para>
</para>
<para>The next problem is what your firewall should actually <para>The next problem is what your firewall should actually
<emphasis>do</emphasis>! This is largely dependent on what access to <emphasis>do</emphasis>! This is largely dependent on what access to
@ -3094,8 +3093,7 @@ spdadd 10.6.7.8 10.2.3.4 any -P out ipsec
</indexterm> </indexterm>
<para>The &man.ssh.1; utility works similarly to <para>The &man.ssh.1; utility works similarly to
&man.rlogin.1;. &man.rlogin.1;.</para>
</para>
<screen>&prompt.root <userinput>ssh <replaceable>user@example.com</replaceable></userinput> <screen>&prompt.root <userinput>ssh <replaceable>user@example.com</replaceable></userinput>
Host key not found from the list of known hosts. Host key not found from the list of known hosts.
@ -3113,8 +3111,8 @@ user@example.com's password: <userinput>*******</userinput></screen>
will alert you if the saved fingerprint differs from the will alert you if the saved fingerprint differs from the
received fingerprint on future login attempts. The fingerprints received fingerprint on future login attempts. The fingerprints
are saved in <filename>~/.ssh/known_hosts</filename>, or are saved in <filename>~/.ssh/known_hosts</filename>, or
<filename>~/.ssh/known_hosts2</filename> for SSH v2 fingerprints. <filename>~/.ssh/known_hosts2</filename> for SSH v2
</para> fingerprints.</para>
<para>By default, OpenSSH servers are configured to accept both <para>By default, OpenSSH servers are configured to accept both
SSH v1 and SSH v2 connections. The client, however, can choose SSH v1 and SSH v2 connections. The client, however, can choose
@ -3166,12 +3164,11 @@ COPYRIGHT 100% |*****************************| 4735
<para>The system-wide configuration files for both the OpenSSH <para>The system-wide configuration files for both the OpenSSH
daemon and client reside within the <filename>/etc/ssh</filename> daemon and client reside within the <filename>/etc/ssh</filename>
directory. directory.</para>
</para>
<para><filename>ssh_config</filename> configures the client <para><filename>ssh_config</filename> configures the client
settings, while <filename>sshd_config</filename> configures the settings, while <filename>sshd_config</filename> configures the
daemon. daemon.</para>
</para>
<para>Additionally, the <option>sshd_program</option> <para>Additionally, the <option>sshd_program</option>
(<filename>/usr/sbin/sshd</filename> by default), and (<filename>/usr/sbin/sshd</filename> by default), and
@ -3183,8 +3180,7 @@ COPYRIGHT 100% |*****************************| 4735
<title>ssh-keygen</title> <title>ssh-keygen</title>
<para>Instead of using passwords, &man.ssh-keygen.1; can <para>Instead of using passwords, &man.ssh-keygen.1; can
be used to generate RSA keys to authenticate a user. be used to generate RSA keys to authenticate a user.</para>
</para>
<screen>&prompt.user <userinput>ssh-keygen</userinput> <screen>&prompt.user <userinput>ssh-keygen</userinput>
Initializing random number generator... Initializing random number generator...
@ -3203,8 +3199,7 @@ Your identification has been saved in /home/user/.ssh/identity.
<filename>~/.ssh/identity</filename>, whereas the public key is <filename>~/.ssh/identity</filename>, whereas the public key is
stored in <filename>~/.ssh/identity.pub</filename>. The public stored in <filename>~/.ssh/identity.pub</filename>. The public
key must be placed in <filename>~/.ssh/authorized_keys</filename> key must be placed in <filename>~/.ssh/authorized_keys</filename>
of the remote machine in order for the setup to work. of the remote machine in order for the setup to work.</para>
</para>
<para>This will allow connection to the remote machine based upon <para>This will allow connection to the remote machine based upon
RSA authentication instead of passwords.</para> RSA authentication instead of passwords.</para>
@ -3226,8 +3221,7 @@ Your identification has been saved in /home/user/.ssh/identity.
machine.</para> machine.</para>
<para>&man.ssh-agent.1; and &man.ssh-add.1; are <para>&man.ssh-agent.1; and &man.ssh-add.1; are
utilities used in managing multiple passworded private keys. utilities used in managing multiple passworded private keys.</para>
</para>
</sect2> </sect2>
<sect2> <sect2>
@ -3239,6 +3233,7 @@ Your identification has been saved in /home/user/.ssh/identity.
<para>OpenSSH has the ability to create a tunnel to encapsulate <para>OpenSSH has the ability to create a tunnel to encapsulate
another protocol in an encrypted session.</para> another protocol in an encrypted session.</para>
<para>The following command tells &man.ssh.1; to create a tunnel <para>The following command tells &man.ssh.1; to create a tunnel
for telnet.</para> for telnet.</para>
@ -3307,12 +3302,10 @@ Your identification has been saved in /home/user/.ssh/identity.
localhost is being forwarded to port localhost is being forwarded to port
<replaceable>23</replaceable> on localhost of the remote <replaceable>23</replaceable> on localhost of the remote
machine. Since <replaceable>23</replaceable> is telnet, this machine. Since <replaceable>23</replaceable> is telnet, this
would create a secure telnet session through an SSH tunnel. would create a secure telnet session through an SSH tunnel.</para>
</para>
<para>This can be used to wrap any number of insecure TCP protocols <para>This can be used to wrap any number of insecure TCP protocols
such as smtp, pop3, ftp, etc. such as smtp, pop3, ftp, etc.</para>
</para>
<para>A typical SSH Tunnel</para> <para>A typical SSH Tunnel</para>
<screen>&prompt.user; <userinput>ssh -2 -N -f -L <replaceable>5025:localhost:25 user@mailserver.example.com</replaceable></userinput> <screen>&prompt.user; <userinput>ssh -2 -N -f -L <replaceable>5025:localhost:25 user@mailserver.example.com</replaceable></userinput>
@ -3326,8 +3319,7 @@ Escape character is '^]'.
<para>This can be used in conjunction with an &man.ssh-keygen.1; <para>This can be used in conjunction with an &man.ssh-keygen.1;
and additional user accounts to create a more seamless/hassle-free and additional user accounts to create a more seamless/hassle-free
SSH tunneling environment. Keys can be used in place of typing SSH tunneling environment. Keys can be used in place of typing
a password, and the tunnels can be run as a separate user. a password, and the tunnels can be run as a separate user.</para>
</para>
<sect3> <sect3>
<title>Practical SSH Tunneling Examples</title> <title>Practical SSH Tunneling Examples</title>