From owner-freebsd-current Sat May 6 23:59:28 2000 Delivered-To: freebsd-current@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 2D7BC37B69F for ; Sat, 6 May 2000 23:59:25 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id XAA59349 for ; Sat, 6 May 2000 23:59:25 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sat, 6 May 2000 23:59:24 -0700 (PDT) From: Kris Kennaway To: current@freebsd.org Subject: OpenSSH SSH2 support Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I've finished merging the latest OpenSSH changes into our version (vice versa, actually) since I'm told it's stabilized enough to be useful. OpenSSH now has SSH2 protocol support, meaning several things: * Support for DSA keys, removing the need to use RSA (and hence RSAREF), so people in commercial environments in the US can now use it, and can use >1024 bit keys * Interoperability with at least some other SSH2 clients/servers (I don't know how extensive yet, but I can log in using both the ssh and ssh2 ports) * More secure protocol than the SSH1 protocol. Unfortunately, there is no support for Kerberos 4 or OPIE (or Kerb5) in SSH2 mode yet - hopefully these will be added soon. Because of the extensive changes to the code since the version we currently have, it was quite difficult to merge in all of our local fixes - I think I've done it correctly, but can't be sure (I have no way to test Kerberos support, for example). I'm going to try and get some of these merged back upstream to make my life easier in the future. I haven't yet updated the manpages, so the instructions below will install the OpenBSD ones. Another side-effect of this patch is that it enables OPIE login support. I would like everyone who is able to to test this to make sure it still works for them (as well as testing the new features) - if you don't test it now and it breaks when I import it and you go and install it on all of your boxes, tough! Test it now! :-) Installation instructions: 1) Grab http://www.freebsd.org/~kris/ssh2.tgz and unpack it in /usr/src 2) Apply the patch which was just unpacked into /usr/src/openssh.diff 3) make world 4) To set up sshd to do SSH2, see the docs in crypto/openssh/README.openssh2 Kris ---- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message