Last sweep on OpenSSH section:
- Some tagging: OpenSSH is an <application> (set of tools), SSH is the protocol so no tags and use uppercase, the other cases are <command> (or use of manual page entities) - s/Secure shell/OpenSSH/, which is less confusing, and some s/SSH/OpenSSH/ where needed - Use application tags for telnet since we talk in a "general way" - s/Draconian/draconian/ in a sentence.
This commit is contained in:
Marc Fonvieille
parent
3d946b3438
commit
e19c0e1953
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=17850
1 changed files with 17 additions and 17 deletions
|
|
@ -3805,18 +3805,18 @@ ipfw add 1 allow ipencap from W.X.Y.Z to A.B.C.D
|
|||
<secondary>OpenSSH</secondary>
|
||||
</indexterm>
|
||||
|
||||
<para>Secure shell is a set of network connectivity tools used to
|
||||
<para><application>OpenSSH</application> is a set of network connectivity tools used to
|
||||
access remote machines securely. It can be used as a direct
|
||||
replacement for <command>rlogin</command>,
|
||||
<command>rsh</command>, <command>rcp</command>, and
|
||||
<command>telnet</command>. Additionally, any other TCP/IP
|
||||
connections can be tunneled/forwarded securely through ssh.
|
||||
ssh encrypts all traffic to effectively eliminate eavesdropping,
|
||||
connections can be tunneled/forwarded securely through SSH.
|
||||
<application>OpenSSH</application> encrypts all traffic to effectively eliminate eavesdropping,
|
||||
connection hijacking, and other network-level attacks.</para>
|
||||
|
||||
<para>OpenSSH is maintained by the OpenBSD project, and is based
|
||||
<para><application>OpenSSH</application> is maintained by the OpenBSD project, and is based
|
||||
upon SSH v1.2.12 with all the recent bug fixes and updates. It
|
||||
is compatible with both SSH protocols 1 and 2. OpenSSH has been
|
||||
is compatible with both SSH protocols 1 and 2. <application>OpenSSH</application> has been
|
||||
in the base system since FreeBSD 4.0.</para>
|
||||
|
||||
<sect2>
|
||||
|
|
@ -3826,7 +3826,7 @@ ipfw add 1 allow ipencap from W.X.Y.Z to A.B.C.D
|
|||
data is sent over the network in an clear, un-encrypted form.
|
||||
Network sniffers anywhere in between the client and server can
|
||||
steal your user/password information or data transferred in
|
||||
your session. OpenSSH offers a variety of authentication and
|
||||
your session. <application>OpenSSH</application> offers a variety of authentication and
|
||||
encryption methods to prevent this from happening.</para>
|
||||
</sect2>
|
||||
|
||||
|
|
@ -3840,7 +3840,7 @@ ipfw add 1 allow ipencap from W.X.Y.Z to A.B.C.D
|
|||
<para>Be sure to make the following addition to your
|
||||
<filename>rc.conf</filename> file:</para>
|
||||
<screen>sshd_enable="YES"</screen>
|
||||
<para>This will load &man.sshd.8;, the daemon program for <application>ssh</application>,
|
||||
<para>This will load &man.sshd.8;, the daemon program for <application>OpenSSH</application>,
|
||||
the next time your system initializes. Alternatively, you can
|
||||
simply run directly the <application>sshd</application> daemon by typing <command>sshd</command> on the command line.</para>
|
||||
</sect2>
|
||||
|
|
@ -3875,12 +3875,12 @@ user@example.com's password: <userinput>*******</userinput></screen>
|
|||
<filename>~/.ssh/known_hosts2</filename> for SSH v2
|
||||
fingerprints.</para>
|
||||
|
||||
<para>By default, OpenSSH servers are configured to accept both
|
||||
<para>By default, <application>OpenSSH</application> servers are configured to accept both
|
||||
SSH v1 and SSH v2 connections. The client, however, can choose
|
||||
between the two. Version 2 is known to be more robust and
|
||||
secure than its predecessor.</para>
|
||||
|
||||
<para><command>ssh</command> can be forced to use either protocol
|
||||
<para>The &man.ssh.1; command can be forced to use either protocol
|
||||
by passing it the <option>-1</option> or <option>-2</option> argument
|
||||
for v1 and v2, respectively.</para>
|
||||
</sect2>
|
||||
|
|
@ -3922,7 +3922,7 @@ COPYRIGHT 100% |*****************************| 4735
|
|||
<secondary>configuration</secondary>
|
||||
</indexterm>
|
||||
|
||||
<para>The system-wide configuration files for both the OpenSSH
|
||||
<para>The system-wide configuration files for both the <application>OpenSSH</application>
|
||||
daemon and client reside within the <filename>/etc/ssh</filename>
|
||||
directory.</para>
|
||||
|
||||
|
|
@ -3988,7 +3988,7 @@ Your identification has been saved in /home/user/.ssh/identity.
|
|||
utilities used in managing multiple passworded private keys.</para>
|
||||
|
||||
<warning><para>The various options and files can be different
|
||||
according to the OpenSSH version you have on your system, to
|
||||
according to the <application>OpenSSH</application> version you have on your system, to
|
||||
avoid problems you should consult the &man.ssh-keygen.1;
|
||||
manual page.</para></warning>
|
||||
</sect2>
|
||||
|
|
@ -4000,11 +4000,11 @@ Your identification has been saved in /home/user/.ssh/identity.
|
|||
<secondary>tunneling</secondary>
|
||||
</indexterm>
|
||||
|
||||
<para>OpenSSH has the ability to create a tunnel to encapsulate
|
||||
<para><application>OpenSSH</application> has the ability to create a tunnel to encapsulate
|
||||
another protocol in an encrypted session.</para>
|
||||
|
||||
<para>The following command tells &man.ssh.1; to create a tunnel
|
||||
for telnet.</para>
|
||||
for <application>telnet</application>:</para>
|
||||
|
||||
<screen>&prompt.user; <userinput>ssh -2 -N -f -L <replaceable>5023:localhost:23 user@foo.example.com</replaceable></userinput>
|
||||
&prompt.user;</screen>
|
||||
|
|
@ -4019,7 +4019,7 @@ Your identification has been saved in /home/user/.ssh/identity.
|
|||
<listitem>
|
||||
<para>Forces <command>ssh</command> to use version 2 of
|
||||
the protocol. (Do not use if you are working with older
|
||||
ssh servers)</para>
|
||||
SSH servers)</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
|
|
@ -4071,8 +4071,8 @@ Your identification has been saved in /home/user/.ssh/identity.
|
|||
<para>In the example, port <replaceable>5023</replaceable> on
|
||||
<hostid>localhost</hostid> is being forwarded to port
|
||||
<replaceable>23</replaceable> on <hostid>localhost</hostid>
|
||||
of the remote machine. Since <replaceable>23</replaceable> is telnet,
|
||||
this would create a secure telnet session through an SSH tunnel.</para>
|
||||
of the remote machine. Since <replaceable>23</replaceable> is <application>telnet</application>,
|
||||
this would create a secure <application>telnet</application> session through an SSH tunnel.</para>
|
||||
|
||||
<para>This can be used to wrap any number of insecure TCP protocols
|
||||
such as SMTP, POP3, FTP, etc.</para>
|
||||
|
|
@ -4122,7 +4122,7 @@ user@ssh-server.example.com's password: <userinput>******</userinput></screen>
|
|||
<sect4>
|
||||
<title>Bypassing a Draconian Firewall</title>
|
||||
|
||||
<para>Some network administrators impose extremely Draconian
|
||||
<para>Some network administrators impose extremely draconian
|
||||
firewall rules, filtering not only incoming connections,
|
||||
but outgoing connections. You may be only given access
|
||||
to contact remote machines on ports 22 and 80 for SSH
|
||||
|
|
|
|||
Loading…
Reference in a new issue