Difference between revisions of "Console SSH"
| Line 2: | Line 2: | ||
The console is used for accessing the IPLOG-GAMA units configuration and management features using text terminals, either remotely using the SSH TCP/IP or directly SSH via USB. The console is also used for writing scripts. This manual describes the general console operation principles. | The console is used for accessing the IPLOG-GAMA units configuration and management features using text terminals, either remotely using the SSH TCP/IP or directly SSH via USB. The console is also used for writing scripts. This manual describes the general console operation principles. | ||
| − | ''' | + | The '''SSH protocol''' is available in two incompatible varieties: '''SSH 1''' and SSH '''2'''. |
| + | The older '''SSH 1''' protocol comes in two major sub-variants: protocol 1.3 and protocol 1.5. Support for both has been removed from OpenSSH as of the 7.6 release. Both of used the asymmetric cryptography algorithm RSA (for which the USA patent has expired, allowing full use by everyone) for key negotiation and authentication, 3DES and Blowfish for privacy. It used a simple CRC for data integrity, which turns out to be flawed. | ||
| + | The second major variety of SSH is the '''SSH 2''' protocol. '''SSH 2''' was invented to avoid the patent issues regarding RSA (patent issues which no longer apply, since the patent has expired), to fix the CRC data integrity problem that SSH1 has, and for a number of other technical reasons. By using the asymmetric DSA and DH algorithms, protocol 2 avoids all patents. The CRC problem is also solved by using a real HMAC algorithm. The SSH 2 protocol supports many other choices for symmetric ciphers, as well as many other new features | ||
| + | |||
| + | Current package version: '''OpenSSH_7.4p1, OpenSSL 1.0.2k''' | ||
| + | Default settings: '''SSH2''' | ||
| + | |||
| + | More information about SSH2 configuration: | ||
| + | {{NotePre|text== | ||
| + | root@buildroot:cat /etc/ssh/ssh_config | ||
| + | |||
| + | # Host * | ||
| + | # ForwardAgent no | ||
| + | # ForwardX11 no | ||
| + | # RhostsRSAAuthentication no | ||
| + | # RSAAuthentication yes | ||
| + | # PasswordAuthentication yes | ||
| + | # HostbasedAuthentication no | ||
| + | # GSSAPIAuthentication no | ||
| + | # GSSAPIDelegateCredentials no | ||
| + | # BatchMode no | ||
| + | # CheckHostIP yes | ||
| + | # AddressFamily any | ||
| + | # ConnectTimeout 0 | ||
| + | # StrictHostKeyChecking ask | ||
| + | # IdentityFile ~/.ssh/identity | ||
| + | # IdentityFile ~/.ssh/id_rsa | ||
| + | # IdentityFile ~/.ssh/id_dsa | ||
| + | # IdentityFile ~/.ssh/id_ecdsa | ||
| + | # IdentityFile ~/.ssh/id_ed25519 | ||
| + | # Port 22 | ||
| + | # Protocol 2 | ||
| + | # Cipher 3des | ||
| + | # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc | ||
| + | # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 | ||
| + | # EscapeChar ~ | ||
| + | # Tunnel no | ||
| + | # TunnelDevice any:any | ||
| + | # PermitLocalCommand no | ||
| + | # VisualHostKey no | ||
| + | # ProxyCommand ssh -q -W %h:%p gateway.example.com | ||
| + | # RekeyLimit 1G 1h | ||
| + | |||
| + | }} | ||
| + | |||
| + | Last connection parameters: | ||
| + | |||
| + | {{NotePre|text= | ||
| + | ssh -G host | ||
| + | }} | ||
Revision as of 11:18, 27 April 2018
Overview
The console is used for accessing the IPLOG-GAMA units configuration and management features using text terminals, either remotely using the SSH TCP/IP or directly SSH via USB. The console is also used for writing scripts. This manual describes the general console operation principles.
The SSH protocol is available in two incompatible varieties: SSH 1 and SSH 2.
The older SSH 1 protocol comes in two major sub-variants: protocol 1.3 and protocol 1.5. Support for both has been removed from OpenSSH as of the 7.6 release. Both of used the asymmetric cryptography algorithm RSA (for which the USA patent has expired, allowing full use by everyone) for key negotiation and authentication, 3DES and Blowfish for privacy. It used a simple CRC for data integrity, which turns out to be flawed.
The second major variety of SSH is the SSH 2 protocol. SSH 2 was invented to avoid the patent issues regarding RSA (patent issues which no longer apply, since the patent has expired), to fix the CRC data integrity problem that SSH1 has, and for a number of other technical reasons. By using the asymmetric DSA and DH algorithms, protocol 2 avoids all patents. The CRC problem is also solved by using a real HMAC algorithm. The SSH 2 protocol supports many other choices for symmetric ciphers, as well as many other new features
Current package version: OpenSSH_7.4p1, OpenSSL 1.0.2k
Default settings: SSH2
More information about SSH2 configuration:
= root@buildroot:cat /etc/ssh/ssh_config # Host * # ForwardAgent no # ForwardX11 no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # IdentityFile ~/.ssh/id_ecdsa # IdentityFile ~/.ssh/id_ed25519 # Port 22 # Protocol 2 # Cipher 3des # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,umac-64@openssh.com,hmac-ripemd160 # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h
Last connection parameters:
ssh -G host
About SSH
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users.
SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server. Common applications include remote command-line login and remote command execution, but any network service can be secured with SSH. The protocol specification distinguishes between two major versions, referred to as SSH-1 and SSH-2.
More information:Secure Shell (SSH)
