Using SSH

Corey Merchant cmerchant at LURHQ.COM
Wed Feb 2 08:09:36 EST 2000 

Everything you ever wanted to know about ssh...
http://www.ietf.org/ids.by.wg/secsh.html
--
Corey Merchant
Network Security Engineer
LURHQ Corporation
Network Security Specialists
~~-~-~-~-~-~-~-~-~-~-~-~-~-~->
(843) 347-1075 ext.362
cmerchant at lurhq.com
www.lurhq.com

S Ramakrishnan wrote:
>
> Hi -
>
> Thanks for the useful information.
> My questions about the protocols
> used in SSH was with regards to:
>
>  (a) what key exchange protocol is used
>       by SSH?
>  (b) what authentication protocol is used?
>  (c) Are the encryption keys used by SSH
>      derived off the authentication information
>      provided by the client (such as the
>      password or some such)?
>  (d) Can the client authentication be
>      bound to RADIUS?
>
> Thanks !
>
>  - r
>
> On Mon, 31 Jan 2000 15:36:36   Cramer, Matthew wrote:
> >For the NT server side, you can install a replacement POSIX subsystem and the
> >GNU compiler.  My personal favourite is U/WIN from ATT Labs - there is info out
> >there on getting GCC to work with U/WIN (see the U/WIN users list).  With that,
> >one could compile SSH and then run it as a service.  I've heard of it done, but
> >never done it.
> >
> >NT Client side - there is DataFellows F-Secure, SecureTTY (both commercial), and
> >PuTTY (free, but does not do RSA auth).
> >
> >SSH supports more than the algorithms you list - also IDEA (default) and ARCFOUR
> >(a implementation of RC4 (in theory) published to Usenet).  Those are of course
> >just the symmetric cryptography; RSA is used for the asymmetric key exchange.
> >OpenSSH from the OpenBSD folks probably uses Diffie-Hellman for key exchange
> >(since RSA is patent restricted by US patent law until fall of 2000).
> >
> >Your statement about location does not make sense - SSH is available from all
> >sorts of places, .fi and .nl, for example, which are not bound by US Export
> >restrictions.  Don't download any crypto from us Americans - first of all our
> >Government needs their head's examined, secondly stronger crypto is available
> >everywhere else!
> >
> >
> >
> >
> >From: Saravana Ram <Torx at TM.NET.MY> on 01/30/2000 03:36 AM
> >
> >Please respond to Saravana Ram <Torx at TM.NET.MY>
> >
> >To:   VPN at SECURITYFOCUS.COM
> >cc:    (bcc: Matthew S Cramer/Lancaster/Corporate/Armstrong)
> >Subject:  Re: Using SSH
> >
> >
> >
> >From: "S Ramakrishnan" <rk_ at MAILCITY.COM>
> >
> >
> >> Can SSH be used on an NT box?
> >> Are there sample blusprints to
> >> get up and started on SSH based
> >> access control schemes?
> >
> >Which will be the server side, a Linux box or an NT box? That is more
> >important. The full SSH package is easily available on unix flavours, but I
> >know not of any server-side implementations for NT. SSH clients, though, are
> >available on both platforms. (How could you use it on the server side,
> >anyway?)
> >
> >> What underlying security protocol is
> >> SSH based on?
> >
> >If you are asking about cryptographic transfroms, the original SSH uses DES,
> >3DES, and Blowfish. But if you're not in America, you're left with only DES.
> >
> >VPN is sponsored by SecurityFocus.COM
> >
> >VPN is sponsored by SecurityFocus.COM
> >
>
> MailCity. Secure Email Anywhere, Anytime!
> http://www.mailcity.com
>
> VPN is sponsored by SecurityFocus.COM

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list