please decrypt your manuals

Doru Georgescu headset001 at yahoo.com
Thu Apr 22 17:10:56 EST 2010 

Thank you for the check and for the corrections. 

I finally got it right, 
Doru 


--- On Wed, 4/21/10, Keisial <keisial at gmail.com> wrote:

> From: Keisial <keisial at gmail.com>
> Subject: Re: please decrypt your manuals
> To: "Doru Georgescu" <headset001 at yahoo.com>, openssh-unix-dev at mindrot.org
> Date: Wednesday, April 21, 2010, 11:22 AM

> > The encryption keys are regenerated during
> communication (~R in man ssh, RekeyLimit in man ssh_config).
> 
> >   
> They are generated at the beginning, and may be regenerated
> during
> communication. It is worth to make explicit that it is
> different than
> the authentication key mentioned below.
> 
> 
> > The authenticated machine's (usually the server) host
> authentication keys are used to authenticate it in front of
> other machines or user accounts. These keys are memorized on
> the authenticated machine: 
> > /etc/ssh/ssh_host_[rd]sa_key
> > /etc/ssh/ssh_host_[rd]sa_key.pub
> > ssh-keygen - authentication key generation and
> management 
> >
> > The authenticating machine or user account (usually
> the client) can memorize known machines' public host keys in
> /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts. 
> >
> > Authentication of the server machine in front of the
> client user account: 
> >
> >     the client verifies that the
> server's public host key is known: 
> >
> >     a. with a stupid question to
> the unknowing human at the client's console 
> >     b. verifying the server's
> public host key against the lists of servers' public host
> keys in: 
> >     
>    //client/etc/ssh/ssh_known_hosts and
> //client/~/.ssh/known_hosts 
> >   
> Step b done before a.
> 
> 
> 
> 
> >      the authentication key is created
> on the client with: 
> >      ssh-keygen -t rsa
> >      ll gives: 
> >      -rw-------    1
> dave     dave       
>   526 Nov  3 01:21 id_rsa
> >      -rw-r--r--    1
> dave     dave       
>   330 Nov  3 01:21 id_rsa.pub
> >      and can be copied from the client
> with (just a direct copy from //client/~/.ssh/id_rsa.pub to
> //server/~/.ssh/authorized_keys, or append to preserve other
> keys): 
> >      ssh-copy-id username at server 
> >   
> 
> ssh-keygen -t rsa generates a rsa key. Other acceptable
> values for -t
> are rsa1 and dsa. I would just note that they are created
> by ssh-keygen,
> and let people check
> 
> ssh-keygen(1) for more information.
> 
> 
>

More information about the openssh-unix-dev mailing list