these are some direct links to the openssh man pages, I know you said you read the man pages, the first one is how the whole connection setup works, this will let you know what sort of stuff you need to have available on the server and remote machines as far as public and private keys go....I'm pretty sure with TTermPro, you actually get a text box to enter the key into, but it's been a few months since I played with it, so I can't be positive...it may just be a text file that you point it to so it knows where to look when the server requests the key http://www.openbsd.org/cgi-bin/man.cgi?query=sshd&sektion=8 DESCRIPTION sshd (Secure Shell Daemon) is the daemon program for ssh(1). Together these programs replace rlogin and rsh programs, and provide secure en- crypted communications between two untrusted hosts over an insecure net- work. The programs are intended to be as easy to install and use as pos- sible. sshd is the daemon that listens for connections from clients. It is nor- mally started at boot from /etc/rc. It forks a new daemon for each incom- ing connection. The forked daemons handle key exchange, encryption, au- thentication, command execution, and data exchange. sshd works as follows. Each host has a host-specific RSA key (normally 1024 bits) used to identify the host. Additionally, when the daemon starts, it generates a server RSA key (normally 768 bits). This key is normally regenerated every hour if it has been used, and is never stored on disk. Whenever a client connects the daemon, the daemon sends its host and server public keys to the client. The client compares the host key against its own database to verify that it has not changed. The client then generates a 256 bit random number. It encrypts this random number using both the host key and the server key, and sends the encrypted num- ber to the server. Both sides then start to use this random number as a session key which is used to encrypt all further communications in the session. The rest of the session is encrypted using a conventional ci- pher, currently Blowfish and 3DES, with 3DES being is used by default. The client selects the encryption algorithm to use from those offered by the server. Next, the server and the client enter an authentication dialog. The client tries to authenticate itself using .rhosts authentication, .rhosts authentication combined with RSA host authentication, RSA challenge-re- sponse authentication, or password based authentication. Rhosts authentication is normally disabled because it is fundamentally insecure, but can be enabled in the server configuration file if desired. System security is not improved unless rshd(8), rlogind(8), rexecd(8), and rexd(8) are disabled (thus completely disabling rlogin(1) and rsh(1) into that machine). If the client successfully authenticates itself, a dialog for preparing the session is entered. At this time the client may request things like allocating a pseudo-tty, forwarding X11 connections, forwarding TCP/IP connections, or forwarding the authentication agent connection over the secure channel. Finally, the client either requests a shell or execution of a command. The sides then enter session mode. In this mode, either side may send data at any time, and such data is forwarded to/from the shell or command on the server side, and the user terminal in the client side. Now as for the ssh_host_key problem, I have a feeling this might be an appropriate link: http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1 this just goes over the keygen program, however I think the description section might give some info as to where the host key, etc need to be on the server DESCRIPTION ssh-keygen generates and manages authentication keys for ssh(1). Normal- ly each user wishing to use SSH with RSA authentication runs this once to create the authentication key in $HOME/.ssh/identity. Additionally, the system administrator may use this to generate host keys. Normally this program generates the key and asks for a file in which to store the private key. The public key is stored in a file with the same name but ``.pub'' appended. The program also asks for a passphrase. The passphrase may be empty to indicate no passphrase (host keys must have empty passphrase), or it may be a string of arbitrary length. Good passphrases are 10-30 characters long and are not simple sentences or otherwise easily guessable (English prose has only 1-2 bits of entropy per word, and provides very bad passphrases). The passphrase can be changed later by using the -p option. There is no way to recover a lost passphrase. If the passphrase is lost or forgotten, you will have to generate a new key and copy the corre- sponding public key to other machines. There is also a comment field in the key file that is only for conve- nience to the user to help identify the key. The comment can tell what the key is for, or whatever is useful. The comment is initialized to ``user@host'' when the key is created, but can be changed using the -c option. I have a feeling this may be part of the problem with /usr/local/etc/ssh_host_key not being found, like it says, when you run the keygen, it makes a host key and a server public key, you tell it the filename to save to, and also a passphrase if you so desire...the host key doesn't ahve a passphrase at all ("The passphrase may be empty to indicate no passphrase (host keys must have empty passphrase)"), but the public key may have a pass phrase. it's the public key that is copied to the host machines ("There is no way to recover a lost passphrase. If the passphrase is lost or forgotten, you will have to generate a new key and copy the corresponding public key to other machines.") There's more in terms of what the host does at http://www.openbsd.org/cgi-bin/man.cgi?query=ssh&sektion=1 however, that's mostly localized to the openssh client, I don't know how much of it is standardized from client to client you might also check out the online man pages for ssh-agent and ssh-add: http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-agent&sektion=1 http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-add&sektion=1 sorry I can't give much more help than that, it's been a while since I played with any of the configuration stuff, I might be able to find some more links if none of these are of any help Brian > -----Original Message----- > From: Subba Rao [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 19, 2000 12:06 PM > To: Linux Ladies > Subject: [techtalk] Re: ssh setup > > > > I have downloaded the OpenSSH and OpenSSL (prerequisite for OpenSSH). > The installation went fine. > > I have several questions about the public/private keys. When > I used the ssh-keygen, > the keys were generated. I am assuming you use one of these > keys with the ssh client. > The clients I will use are on Win95/NT and OS/2. > > Do I copy these keys and put them in the ssh clients directory? > > When I tried to start sshd, I got the following message. > > error: Could not load host key: /usr/local/etc/ssh_host_key: > No such file or directory > > I did not see any info about ssh_host_key in the ssh or sshd > man pages. What > is this key and how do I fix it? > > > Subba Rao > [EMAIL PROTECTED] > http://pws.prserv.net/truemax/ > > => Time is relative. Here is a new way to look at time. <= > http://www.smcinnovations.com > > ************ > [EMAIL PROTECTED] http://www.linuxchix.org > ************ [EMAIL PROTECTED] http://www.linuxchix.org
