os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Last sweep on OpenSSH section:

Browse source 
- Some tagging: OpenSSH is an <application> (set of tools), SSH is the
  protocol so no tags and use uppercase, the other cases are <command>
  (or use of manual page entities)
- s/Secure shell/OpenSSH/, which is less confusing, and some
  s/SSH/OpenSSH/ where needed
- Use application tags for telnet since we talk in a "general way"
- s/Draconian/draconian/ in a sentence.
This commit is contained in:
Marc Fonvieille 2003-08-14 10:11:29 +00:00
parent 3d946b3438
commit e19c0e1953
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=17850
1 changed files with 17 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

34
en_US.ISO8859-1/books/handbook/security/chapter.sgml
View file

@ -3805,18 +3805,18 @@ ipfw add 1 allow ipencap from W.X.Y.Z to A.B.C.D
<secondary>OpenSSH</secondary> <secondary>OpenSSH</secondary>
</indexterm> </indexterm>
<para>Secure shell is a set of network connectivity tools used to <para><application>OpenSSH</application> is a set of network connectivity tools used to
access remote machines securely. It can be used as a direct access remote machines securely. It can be used as a direct
replacement for <command>rlogin</command>, replacement for <command>rlogin</command>,
<command>rsh</command>, <command>rcp</command>, and <command>rsh</command>, <command>rcp</command>, and
<command>telnet</command>. Additionally, any other TCP/IP <command>telnet</command>. Additionally, any other TCP/IP
connections can be tunneled/forwarded securely through ssh. connections can be tunneled/forwarded securely through SSH.
ssh encrypts all traffic to effectively eliminate eavesdropping, <application>OpenSSH</application> encrypts all traffic to effectively eliminate eavesdropping,
connection hijacking, and other network-level attacks.</para> connection hijacking, and other network-level attacks.</para>
<para>OpenSSH is maintained by the OpenBSD project, and is based <para><application>OpenSSH</application> is maintained by the OpenBSD project, and is based
upon SSH v1.2.12 with all the recent bug fixes and updates. It upon SSH v1.2.12 with all the recent bug fixes and updates. It
is compatible with both SSH protocols 1 and 2. OpenSSH has been is compatible with both SSH protocols 1 and 2. <application>OpenSSH</application> has been
in the base system since FreeBSD&nbsp;4.0.</para> in the base system since FreeBSD&nbsp;4.0.</para>
<sect2> <sect2>
@ -3826,7 +3826,7 @@ ipfw add 1 allow ipencap from W.X.Y.Z to A.B.C.D
data is sent over the network in an clear, un-encrypted form. data is sent over the network in an clear, un-encrypted form.
Network sniffers anywhere in between the client and server can Network sniffers anywhere in between the client and server can
steal your user/password information or data transferred in steal your user/password information or data transferred in
your session. OpenSSH offers a variety of authentication and your session. <application>OpenSSH</application> offers a variety of authentication and
encryption methods to prevent this from happening.</para> encryption methods to prevent this from happening.</para>
</sect2> </sect2>
@ -3840,7 +3840,7 @@ ipfw add 1 allow ipencap from W.X.Y.Z to A.B.C.D
<para>Be sure to make the following addition to your <para>Be sure to make the following addition to your
<filename>rc.conf</filename> file:</para> <filename>rc.conf</filename> file:</para>
<screen>sshd_enable="YES"</screen> <screen>sshd_enable="YES"</screen>
<para>This will load &man.sshd.8;, the daemon program for <application>ssh</application>, <para>This will load &man.sshd.8;, the daemon program for <application>OpenSSH</application>,
the next time your system initializes. Alternatively, you can the next time your system initializes. Alternatively, you can
simply run directly the <application>sshd</application> daemon by typing <command>sshd</command> on the command line.</para> simply run directly the <application>sshd</application> daemon by typing <command>sshd</command> on the command line.</para>
</sect2> </sect2>
@ -3875,12 +3875,12 @@ user@example.com's password: <userinput>*******</userinput></screen>
<filename>~/.ssh/known_hosts2</filename> for SSH v2 <filename>~/.ssh/known_hosts2</filename> for SSH v2
fingerprints.</para> fingerprints.</para>
<para>By default, OpenSSH servers are configured to accept both <para>By default, <application>OpenSSH</application> servers are configured to accept both
SSH v1 and SSH v2 connections. The client, however, can choose SSH v1 and SSH v2 connections. The client, however, can choose
between the two. Version 2 is known to be more robust and between the two. Version 2 is known to be more robust and
secure than its predecessor.</para> secure than its predecessor.</para>
<para><command>ssh</command> can be forced to use either protocol <para>The &man.ssh.1; command can be forced to use either protocol
by passing it the <option>-1</option> or <option>-2</option> argument by passing it the <option>-1</option> or <option>-2</option> argument
for v1 and v2, respectively.</para> for v1 and v2, respectively.</para>
</sect2> </sect2>
@ -3922,7 +3922,7 @@ COPYRIGHT 100% |*****************************| 4735
<secondary>configuration</secondary> <secondary>configuration</secondary>
</indexterm> </indexterm>
<para>The system-wide configuration files for both the OpenSSH <para>The system-wide configuration files for both the <application>OpenSSH</application>
daemon and client reside within the <filename>/etc/ssh</filename> daemon and client reside within the <filename>/etc/ssh</filename>
directory.</para> directory.</para>
@ -3988,7 +3988,7 @@ Your identification has been saved in /home/user/.ssh/identity.
utilities used in managing multiple passworded private keys.</para> utilities used in managing multiple passworded private keys.</para>
<warning><para>The various options and files can be different <warning><para>The various options and files can be different
according to the OpenSSH version you have on your system, to according to the <application>OpenSSH</application> version you have on your system, to
avoid problems you should consult the &man.ssh-keygen.1; avoid problems you should consult the &man.ssh-keygen.1;
manual page.</para></warning> manual page.</para></warning>
</sect2> </sect2>
@ -4000,11 +4000,11 @@ Your identification has been saved in /home/user/.ssh/identity.
<secondary>tunneling</secondary> <secondary>tunneling</secondary>
</indexterm> </indexterm>
<para>OpenSSH has the ability to create a tunnel to encapsulate <para><application>OpenSSH</application> has the ability to create a tunnel to encapsulate
another protocol in an encrypted session.</para> another protocol in an encrypted session.</para>
<para>The following command tells &man.ssh.1; to create a tunnel <para>The following command tells &man.ssh.1; to create a tunnel
for telnet.</para> for <application>telnet</application>:</para>
<screen>&prompt.user; <userinput>ssh -2 -N -f -L <replaceable>5023:localhost:23 user@foo.example.com</replaceable></userinput> <screen>&prompt.user; <userinput>ssh -2 -N -f -L <replaceable>5023:localhost:23 user@foo.example.com</replaceable></userinput>
&prompt.user;</screen> &prompt.user;</screen>
@ -4019,7 +4019,7 @@ Your identification has been saved in /home/user/.ssh/identity.
<listitem> <listitem>
<para>Forces <command>ssh</command> to use version 2 of <para>Forces <command>ssh</command> to use version 2 of
the protocol. (Do not use if you are working with older the protocol. (Do not use if you are working with older
ssh servers)</para> SSH servers)</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -4071,8 +4071,8 @@ Your identification has been saved in /home/user/.ssh/identity.
<para>In the example, port <replaceable>5023</replaceable> on <para>In the example, port <replaceable>5023</replaceable> on
<hostid>localhost</hostid> is being forwarded to port <hostid>localhost</hostid> is being forwarded to port
<replaceable>23</replaceable> on <hostid>localhost</hostid> <replaceable>23</replaceable> on <hostid>localhost</hostid>
of the remote machine. Since <replaceable>23</replaceable> is telnet, of the remote machine. Since <replaceable>23</replaceable> is <application>telnet</application>,
this would create a secure telnet session through an SSH tunnel.</para> this would create a secure <application>telnet</application> session through an SSH tunnel.</para>
<para>This can be used to wrap any number of insecure TCP protocols <para>This can be used to wrap any number of insecure TCP protocols
such as SMTP, POP3, FTP, etc.</para> such as SMTP, POP3, FTP, etc.</para>
@ -4122,7 +4122,7 @@ user@ssh-server.example.com's password: <userinput>******</userinput></screen>
<sect4> <sect4>
<title>Bypassing a Draconian Firewall</title> <title>Bypassing a Draconian Firewall</title>
<para>Some network administrators impose extremely Draconian <para>Some network administrators impose extremely draconian
firewall rules, filtering not only incoming connections, firewall rules, filtering not only incoming connections,
but outgoing connections. You may be only given access but outgoing connections. You may be only given access
to contact remote machines on ports 22 and 80 for SSH to contact remote machines on ports 22 and 80 for SSH