Difference between revisions of "Console SSH"

From IPLOG
Jump to: navigation, search
(English corretions)
 
Line 1: Line 1:
The console is used for accessing the IPLOG-GAMA units configuration and management features using text terminals, either remotely using the SSH TCP/IP or directly SSH via USB. The console is also used for writing scripts. This manual describes the general console operation principles.  
+
This console is used for accessing the IPLOG-GAMA units configuration and management features using text terminals, either remotely using the SSH TCP/IP or directly SSH via USB. The console is also used for writing scripts. This manual describes the general console operation principles.  
  
== SSH (Cryptographic network protocol) ==  
+
== SSH (Cryptographic Network Protocol) ==  
 
'''Secure Shell (SSH)''' is a cryptographic network protocol for operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users.
 
'''Secure Shell (SSH)''' is a cryptographic network protocol for operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users.
  
Line 12: Line 12:
 
The '''SSH protocol''' is available in two incompatible varieties: '''SSH 1''' and SSH '''2'''.
 
The '''SSH protocol''' is available in two incompatible varieties: '''SSH 1''' and SSH '''2'''.
  
The older '''SSH 1''' protocol comes in two major sub-variants: protocol 1.3 and protocol 1.5. Support for both has been removed from OpenSSH as of the 7.6 release. Both of used the asymmetric cryptography algorithm RSA (for which the USA patent has expired, allowing full use by everyone) for key negotiation and authentication, 3DES and Blowfish for privacy. It used a simple CRC for data integrity, which turned out to be flawed.
+
The older '''SSH 1''' protocol comes in two major sub-variants: protocol 1.3 and protocol 1.5. Support for both has been removed from OpenSSH as of the 7.6 release. Both used the asymmetric cryptography algorithm RSA (for which the USA patent has expired, allowing full use by everyone) for key negotiation and authentication, 3DES and Blowfish for privacy. It used a simple CRC for data integrity, which turned out to be flawed.
  
 
The second major variety of SSH is the '''SSH 2''' protocol. '''SSH 2''' was invented to avoid the patent issues regarding RSA (patent issues which no longer apply, since the patent has expired), to fix the CRC data integrity problem that SSH1 has, and for a number of other technical reasons. By using the asymmetric DSA and DH algorithms, protocol 2 avoids all patents. The CRC problem is also solved by using a real HMAC algorithm. The SSH 2 protocol supports the many other choices for symmetric ciphers, as well as many other new features
 
The second major variety of SSH is the '''SSH 2''' protocol. '''SSH 2''' was invented to avoid the patent issues regarding RSA (patent issues which no longer apply, since the patent has expired), to fix the CRC data integrity problem that SSH1 has, and for a number of other technical reasons. By using the asymmetric DSA and DH algorithms, protocol 2 avoids all patents. The CRC problem is also solved by using a real HMAC algorithm. The SSH 2 protocol supports the many other choices for symmetric ciphers, as well as many other new features

Latest revision as of 10:54, 13 February 2019

This console is used for accessing the IPLOG-GAMA units configuration and management features using text terminals, either remotely using the SSH TCP/IP or directly SSH via USB. The console is also used for writing scripts. This manual describes the general console operation principles.

SSH (Cryptographic Network Protocol)

Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users.

SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2.

More:Secure Shell (SSH)

Overview

The SSH protocol is available in two incompatible varieties: SSH 1 and SSH 2.

The older SSH 1 protocol comes in two major sub-variants: protocol 1.3 and protocol 1.5. Support for both has been removed from OpenSSH as of the 7.6 release. Both used the asymmetric cryptography algorithm RSA (for which the USA patent has expired, allowing full use by everyone) for key negotiation and authentication, 3DES and Blowfish for privacy. It used a simple CRC for data integrity, which turned out to be flawed.

The second major variety of SSH is the SSH 2 protocol. SSH 2 was invented to avoid the patent issues regarding RSA (patent issues which no longer apply, since the patent has expired), to fix the CRC data integrity problem that SSH1 has, and for a number of other technical reasons. By using the asymmetric DSA and DH algorithms, protocol 2 avoids all patents. The CRC problem is also solved by using a real HMAC algorithm. The SSH 2 protocol supports the many other choices for symmetric ciphers, as well as many other new features


Current package version: OpenSSH_7.4p1, OpenSSL 1.0.2k

Default settings: SSH2

=
root@buildroot:cat /etc/ssh/ssh_config

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   GSSAPIAuthentication no
#   GSSAPIDelegateCredentials no
#   BatchMode no
#   CheckHostIP yes
#   AddressFamily any
#   ConnectTimeout 0
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   IdentityFile ~/.ssh/id_ecdsa
#   IdentityFile ~/.ssh/id_ed25519
#   Port 22
#   Protocol 2
#   Cipher 3des
#   Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc
#   MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160
#   EscapeChar ~
#   Tunnel no
#   TunnelDevice any:any
#   PermitLocalCommand no
#   VisualHostKey no
#   ProxyCommand ssh -q -W %h:%p gateway.example.com
#   RekeyLimit 1G 1h

Information about the last connection parameters:

root@buildroot: ssh -G host