# AUTHOR , YEAR. # msgid "" msgstr "" "Project-Id-Version: Fedora Deployment Guide\n" "POT-Creation-Date: 2011-02-22T00:50:58\n" "PO-Revision-Date: 2011-08-21 07:43+0000\n" "Last-Translator: Automatically generated\n" "Language-Team: None\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Language: aln\n" "Plural-Forms: nplurals=2; plural=(n != 1)\n" #. Tag: title #, no-c-format msgid "OpenSSH" msgstr "" #. Tag: indexterm #, no-c-format msgid "OpenSSH" msgstr "" #. Tag: para #, no-c-format msgid "" "SSH (Secure Shell) is a protocol" " which facilitates secure communications between two systems using a " "client/server architecture and allows users to log into server host systems " "remotely. Unlike other remote communication protocols, such as FTP or Telnet, SSH encrypts the login session, " "rendering the connection difficult for intruders to collect unencrypted " "passwords." msgstr "" #. Tag: para #, no-c-format msgid "" "The ssh program is designed to replace older, " "less secure terminal applications used to log into remote hosts, such as " "telnet or rsh. A related program " "called scp replaces older programs designed to copy files" " between hosts, such as rcp. Because these older " "applications do not encrypt passwords transmitted between the client and the" " server, avoid them whenever possible. Using secure methods to log into " "remote systems decreases the risks for both the client system and the remote" " host." msgstr "" #. Tag: para #, no-c-format msgid "" "&MAJOROS; includes the general OpenSSH package " "(openssh) as well as the OpenSSH server (openssh-server) and client (openssh-" "clients) packages. Note, the OpenSSH packages require the OpenSSL" " package (openssl) which installs several important " "cryptographic libraries, enabling OpenSSH to provide encrypted " "communications." msgstr "" #. Tag: title #, no-c-format msgid "The SSH Protocol" msgstr "" #. Tag: title #, no-c-format msgid "Why Use SSH?" msgstr "" #. Tag: indexterm #, no-c-format msgid "SSH protocol security risks" msgstr "" #. Tag: para #, no-c-format msgid "" "Potential intruders have a variety of tools at their disposal enabling them " "to disrupt, intercept, and re-route network traffic in an effort to gain " "access to a system. In general terms, these threats can be categorized as " "follows:" msgstr "" #. Tag: term #, no-c-format msgid "Interception of communication between two systems" msgstr "" #. Tag: para #, no-c-format msgid "" "The attacker can be somewhere on the network between the communicating " "parties, copying any information passed between them. He may intercept and " "keep the information, or alter the information and send it on to the " "intended recipient." msgstr "" #. Tag: para #, no-c-format msgid "" "This attack is usually performed using a packet " "sniffer, a rather common network utility that captures each " "packet flowing through the network, and analyzes its content." msgstr "" #. Tag: term #, no-c-format msgid "Impersonation of a particular host" msgstr "" #. Tag: para #, no-c-format msgid "" "Attacker's system is configured to pose as the intended recipient of a " "transmission. If this strategy works, the user's system remains unaware that" " it is communicating with the wrong host." msgstr "" #. Tag: para #, no-c-format msgid "" "This attack can be performed using a technique known as DNS " "poisoning, or via so-called IP spoofing. " "In the first case, the intruder uses a cracked DNS server to point client " "systems to a maliciously duplicated host. In the second case, the intruder " "sends falsified network packets that appear to be from a trusted host." msgstr "" #. Tag: para #, no-c-format msgid "" "Both techniques intercept potentially sensitive information and, if the " "interception is made for hostile reasons, the results can be disastrous. If " "SSH is used for remote shell login and file copying, these security threats " "can be greatly diminished. This is because the SSH client and server use " "digital signatures to verify their identity. Additionally, all communication" " between the client and server systems is encrypted. Attempts to spoof the " "identity of either side of a communication does not work, since each packet " "is encrypted using a key known only by the local and remote systems." msgstr "" #. Tag: title #, no-c-format msgid "Main Features" msgstr "" #. Tag: indexterm #, no-c-format msgid "SSH protocol features" msgstr "" #. Tag: indexterm #, no-c-format msgid "OpenSSH SSH" msgstr "" #. Tag: para #, no-c-format msgid "The SSH protocol provides the following safeguards:" msgstr "" #. Tag: term #, no-c-format msgid "No one can pose as the intended server" msgstr "" #. Tag: para #, no-c-format msgid "" "After an initial connection, the client can verify that it is connecting to " "the same server it had connected to previously." msgstr "" #. Tag: term #, no-c-format msgid "No one can capture the authentication information" msgstr "" #. Tag: para #, no-c-format msgid "" "The client transmits its authentication information to the server using " "strong, 128-bit encryption." msgstr "" #. Tag: term #, no-c-format msgid "No one can intercept the communication" msgstr "" #. Tag: para #, no-c-format msgid "" "All data sent and received during a session is transferred using 128-bit " "encryption, making intercepted transmissions extremely difficult to decrypt " "and read." msgstr "" #. Tag: para #, no-c-format msgid "Additionally, it also offers the following options:" msgstr "" #. Tag: term #, no-c-format msgid "It provides secure means to use graphical applications over a network" msgstr "" #. Tag: para #, no-c-format msgid "" "Using a technique called X11 forwarding, the client " "can forward X11 (X Window " "System) applications from the server." msgstr "" #. Tag: term #, no-c-format msgid "It provides a way to secure otherwise insecure protocols" msgstr "" #. Tag: para #, no-c-format msgid "" "The SSH protocol encrypts everything it sends and receives. Using a " "technique called port forwarding, an SSH server can " "become a conduit to securing otherwise insecure protocols, like " "POP, and increasing overall system and data security." msgstr "" #. Tag: term #, no-c-format msgid "It can be used to create a secure channel" msgstr "" #. Tag: para #, no-c-format msgid "" "The OpenSSH server and client can be configured to create a tunnel similar " "to a virtual private network for traffic between server and client machines." msgstr "" #. Tag: term #, no-c-format msgid "It supports the Kerberos authentication" msgstr "" #. Tag: para #, no-c-format msgid "" "OpenSSH servers and clients can be configured to authenticate using the " "GSSAPI (Generic Security Services Application Program " "Interface) implementation of the Kerberos network authentication protocol." msgstr "" #. Tag: title #, no-c-format msgid "Protocol Versions" msgstr "" #. Tag: indexterm #, no-c-format msgid "SSH protocol version 1" msgstr "" #. Tag: indexterm #, no-c-format msgid "SSH protocol version 2" msgstr "" #. Tag: para #, no-c-format msgid "" "Two varieties of SSH currently exist: version 1, and newer version 2. The " "OpenSSH suite under &MAJOROS; uses SSH version 2, which has an enhanced key " "exchange algorithm not vulnerable to the known exploit in version 1. " "However, for compatibility reasons, the OpenSSH suite does support version 1" " connections as well." msgstr "" #. Tag: title #, no-c-format msgid "Important: Avoid Using SSH Version 1" msgstr "" #. Tag: para #, no-c-format msgid "" "To ensure maximum security for your connection, it is recommended that only " "SSH version 2-compatible servers and clients are used whenever possible." msgstr "" #. Tag: title #, no-c-format msgid "Event Sequence of an SSH Connection" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "SSH protocol connection sequence" msgstr "" #. Tag: para #, no-c-format msgid "" "The following series of events help protect the integrity of SSH " "communication between two hosts." msgstr "" #. Tag: para #, no-c-format msgid "" "A cryptographic handshake is made so that the client can verify that it is " "communicating with the correct server." msgstr "" #. Tag: para #, no-c-format msgid "" "The transport layer of the connection between the client and remote host is " "encrypted using a symmetric cipher." msgstr "" #. Tag: para #, no-c-format msgid "The client authenticates itself to the server." msgstr "" #. Tag: para #, no-c-format msgid "" "The remote client interacts with the remote host over the encrypted " "connection." msgstr "" #. Tag: title #, no-c-format msgid "Transport Layer" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "SSH protocol layers " "transport layer" msgstr "" #. Tag: para #, no-c-format msgid "" "The primary role of the transport layer is to facilitate safe and secure " "communication between the two hosts at the time of authentication and during" " subsequent communication. The transport layer accomplishes this by handling" " the encryption and decryption of data, and by providing integrity " "protection of data packets as they are sent and received. The transport " "layer also provides compression, speeding the transfer of information." msgstr "" #. Tag: para #, no-c-format msgid "" "Once an SSH client contacts a server, key information is exchanged so that " "the two systems can correctly construct the transport layer. The following " "steps occur during this exchange:" msgstr "" #. Tag: para #, no-c-format msgid "Keys are exchanged" msgstr "" #. Tag: para #, no-c-format msgid "The public key encryption algorithm is determined" msgstr "" #. Tag: para #, no-c-format msgid "The symmetric encryption algorithm is determined" msgstr "" #. Tag: para #, no-c-format msgid "The message authentication algorithm is determined" msgstr "" #. Tag: para #, no-c-format msgid "The hash algorithm is determined" msgstr "" #. Tag: para #, no-c-format msgid "" "During the key exchange, the server identifies itself to the client with a " "unique host key. If the client has never communicated" " with this particular server before, the server's host key is unknown to the" " client and it does not connect. OpenSSH gets around this problem by " "accepting the server's host key. This is done after the user is notified and" " has both accepted and verified the new host key. In subsequent connections," " the server's host key is checked against the saved version on the client, " "providing confidence that the client is indeed communicating with the " "intended server. If, in the future, the host key no longer matches, the user" " must remove the client's saved version before a connection can occur." msgstr "" #. Tag: title #, no-c-format msgid "Caution" msgstr "" #. Tag: para #, no-c-format msgid "" "It is possible for an attacker to masquerade as an SSH server during the " "initial contact since the local system does not know the difference between " "the intended server and a false one set up by an attacker. To help prevent " "this, verify the integrity of a new SSH server by contacting the server " "administrator before connecting for the first time or in the event of a host" " key mismatch." msgstr "" #. Tag: para #, no-c-format msgid "" "SSH is designed to work with almost any kind of public key algorithm or " "encoding format. After an initial key exchange creates a hash value used for" " exchanges and a shared secret value, the two systems immediately begin " "calculating new keys and algorithms to protect authentication and future " "data sent over the connection." msgstr "" #. Tag: para #, no-c-format msgid "" "After a certain amount of data has been transmitted using a given key and " "algorithm (the exact amount depends on the SSH implementation), another key " "exchange occurs, generating another set of hash values and a new shared " "secret value. Even if an attacker is able to determine the hash and shared " "secret value, this information is only useful for a limited period of time." msgstr "" #. Tag: title #, no-c-format msgid "Authentication" msgstr "" #. Tag: indexterm #, no-c-format msgid "SSH protocol authentication" msgstr "" #. Tag: para #, no-c-format msgid "" "Once the transport layer has constructed a secure tunnel to pass information" " between the two systems, the server tells the client the different " "authentication methods supported, such as using a private key-encoded " "signature or typing a password. The client then tries to authenticate itself" " to the server using one of these supported methods." msgstr "" #. Tag: para #, no-c-format msgid "" "SSH servers and clients can be configured to allow different types of " "authentication, which gives each side the optimal amount of control. The " "server can decide which encryption methods it supports based on its security" " model, and the client can choose the order of authentication methods to " "attempt from the available options." msgstr "" #. Tag: title #, no-c-format msgid "Channels" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "SSH protocol layers " "channels" msgstr "" #. Tag: para #, no-c-format msgid "" "After a successful authentication over the SSH transport layer, multiple " "channels are opened via a technique called " "multiplexingA multiplexed connection " "consists of several signals being sent over a shared, common medium. With " "SSH, different channels are sent over a common secure " "connection.. Each of these channels handles communication " "for different terminal sessions and for forwarded X11 sessions." msgstr "" #. Tag: para #, no-c-format msgid "" "Both clients and servers can create a new channel. Each channel is then " "assigned a different number on each end of the connection. When the client " "attempts to open a new channel, the clients sends the channel number along " "with the request. This information is stored by the server and is used to " "direct communication to that channel. This is done so that different types " "of sessions do not affect one another and so that when a given session ends," " its channel can be closed without disrupting the primary SSH connection." msgstr "" #. Tag: para #, no-c-format msgid "" "Channels also support flow-control, which allows them" " to send and receive data in an orderly fashion. In this way, data is not " "sent over the channel until the client receives a message that the channel " "is open." msgstr "" #. Tag: para #, no-c-format msgid "" "The client and server negotiate the characteristics of each channel " "automatically, depending on the type of service the client requests and the " "way the user is connected to the network. This allows great flexibility in " "handling different types of remote connections without having to change the " "basic infrastructure of the protocol." msgstr "" #. Tag: title #, no-c-format msgid "An OpenSSH Configuration" msgstr "" #. Tag: para #, no-c-format msgid "" "In order to perform tasks described in this section, you must have superuser" " privileges. To obtain them, log in as root by typing:" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]$ su -\n" "Password:" msgstr "" #. Tag: title #, no-c-format msgid "Configuration Files" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "SSH protocol configuration files" msgstr "" #. Tag: para #, no-c-format msgid "" "There are two different sets of configuration files: those for client " "programs (that is, ssh, scp, and " "sftp), and those for the server (the " "sshd daemon)." msgstr "" #. Tag: indexterm #, no-c-format msgid "" "SSH protocol configuration files " "system-wide configuration files" msgstr "" #. Tag: para #, no-c-format msgid "" "System-wide SSH configuration information is stored in the " "/etc/ssh/ directory. See for a description of its content." msgstr "" #. Tag: title #, no-c-format msgid "System-wide configuration files" msgstr "" #. Tag: entry #, no-c-format msgid "Configuration File" msgstr "" #. Tag: entry #, no-c-format msgid "Description" msgstr "" #. Tag: entry #, no-c-format msgid "/etc/ssh/moduli" msgstr "" #. Tag: entry #, no-c-format msgid "" "Contains Diffie-Hellman groups used for the Diffie-Hellman key exchange " "which is critical for constructing a secure transport layer. When keys are " "exchanged at the beginning of an SSH session, a shared, secret value is " "created which cannot be determined by either party alone. This value is then" " used to provide host authentication." msgstr "" #. Tag: entry #, no-c-format msgid "/etc/ssh/ssh_config" msgstr "" #. Tag: entry #, no-c-format msgid "" "The default SSH client configuration file. Note that it is overridden by " "~/.ssh/config if it exists." msgstr "" #. Tag: entry #, no-c-format msgid "/etc/ssh/sshd_config" msgstr "" #. Tag: entry #, no-c-format msgid "The configuration file for the sshd daemon." msgstr "" #. Tag: entry #, no-c-format msgid "/etc/ssh/ssh_host_dsa_key" msgstr "" #. Tag: entry #, no-c-format msgid "The DSA private key used by the sshd daemon." msgstr "" #. Tag: entry #, no-c-format msgid "/etc/ssh/ssh_host_dsa_key.pub" msgstr "" #. Tag: entry #, no-c-format msgid "The DSA public key used by the sshd daemon." msgstr "" #. Tag: entry #, no-c-format msgid "/etc/ssh/ssh_host_key" msgstr "" #. Tag: entry #, no-c-format msgid "" "The RSA private key used by the sshd daemon for version 1" " of the SSH protocol." msgstr "" #. Tag: entry #, no-c-format msgid "/etc/ssh/ssh_host_key.pub" msgstr "" #. Tag: entry #, no-c-format msgid "" "The RSA public key used by the sshd daemon for version 1 " "of the SSH protocol." msgstr "" #. Tag: entry #, no-c-format msgid "/etc/ssh/ssh_host_rsa_key" msgstr "" #. Tag: entry #, no-c-format msgid "" "The RSA private key used by the sshd daemon for version 2" " of the SSH protocol." msgstr "" #. Tag: entry #, no-c-format msgid "/etc/ssh/ssh_host_rsa_key.pub" msgstr "" #. Tag: entry #, no-c-format msgid "" "The RSA public key used by the sshd for version 2 of the " "SSH protocol." msgstr "" #. Tag: indexterm #, no-c-format msgid "" "SSH protocol configuration files " "user-specific configuration files" msgstr "" #. Tag: para #, no-c-format msgid "" "User-specific SSH configuration information is stored in the user's home " "directory within the ~/.ssh/ directory. See for a description of its" " content." msgstr "" #. Tag: title #, no-c-format msgid "User-specific configuration files" msgstr "" #. Tag: entry #, no-c-format msgid "~/.ssh/authorized_keys" msgstr "" #. Tag: entry #, no-c-format msgid "" "Holds a list of authorized public keys for servers. When the client connects" " to a server, the server authenticates the client by checking its signed " "public key stored within this file." msgstr "" #. Tag: entry #, no-c-format msgid "~/.ssh/id_dsa" msgstr "" #. Tag: entry #, no-c-format msgid "Contains the DSA private key of the user." msgstr "" #. Tag: entry #, no-c-format msgid "~/.ssh/id_dsa.pub" msgstr "" #. Tag: entry #, no-c-format msgid "The DSA public key of the user." msgstr "" #. Tag: entry #, no-c-format msgid "~/.ssh/id_rsa" msgstr "" #. Tag: entry #, no-c-format msgid "" "The RSA private key used by ssh for version 2 of the SSH " "protocol." msgstr "" #. Tag: entry #, no-c-format msgid "~/.ssh/id_rsa.pub" msgstr "" #. Tag: entry #, no-c-format msgid "" "The RSA public key used by ssh for version 2 of the SSH " "protocol" msgstr "" #. Tag: entry #, no-c-format msgid "~/.ssh/identity" msgstr "" #. Tag: entry #, no-c-format msgid "" "The RSA private key used by ssh for version 1 of the SSH " "protocol." msgstr "" #. Tag: entry #, no-c-format msgid "~/.ssh/identity.pub" msgstr "" #. Tag: entry #, no-c-format msgid "" "The RSA public key used by ssh for version 1 of the SSH " "protocol." msgstr "" #. Tag: entry #, no-c-format msgid "~/.ssh/known_hosts" msgstr "" #. Tag: entry #, no-c-format msgid "" "Contains DSA host keys of SSH servers accessed by the user. This file is " "very important for ensuring that the SSH client is connecting the correct " "SSH server." msgstr "" #. Tag: para #, no-c-format msgid "" "Refer to the ssh_config and " "sshd_config man pages for information concerning the " "various directives available in the SSH configuration files." msgstr "" #. Tag: title #, no-c-format msgid "Starting an OpenSSH Server" msgstr "" #. Tag: indexterm #, no-c-format msgid "OpenSSH server" msgstr "" #. Tag: title #, no-c-format msgid "Note: Make Sure You Have Relevant Packages Installed" msgstr "" #. Tag: para #, no-c-format msgid "" "To run an OpenSSH server, you must have the openssh-" "server and openssh packages installed. Refer to" " for more information on how to install " "new packages in &MAJOROS;." msgstr "" #. Tag: indexterm #, no-c-format msgid "" "OpenSSH server " "starting" msgstr "" #. Tag: para #, no-c-format msgid "" "To start the sshd daemon, type the following at a shell " "prompt:" msgstr "" #. Tag: screen #, no-c-format msgid "~]# service sshd start" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "OpenSSH server " "stopping" msgstr "" #. Tag: para #, no-c-format msgid "" "To stop the running sshd daemon, use the following " "command:" msgstr "" #. Tag: screen #, no-c-format msgid "~]# service sshd stop" msgstr "" #. Tag: para #, no-c-format msgid "If you want the daemon to start automatically at the boot time, type:" msgstr "" #. Tag: screen #, no-c-format msgid "~]# chkconfig sshd on" msgstr "" #. Tag: para #, no-c-format msgid "" "This will enable the service for all runlevels. For more configuration " "options, refer to for" " the detailed information on how to manage services." msgstr "" #. Tag: para #, no-c-format msgid "" "Note that if you reinstall the system, a new set of identification keys will" " be created. As a result, clients who had connected to the system with any " "of the OpenSSH tools before the reinstall will see the following message:" msgstr "" #. Tag: screen #, no-c-format msgid "" "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n" "@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @\n" "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\n" "IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\n" "Someone could be eavesdropping on you right now (man-in-the-middle attack)!\n" "It is also possible that the RSA host key has just been changed." msgstr "" #. Tag: para #, no-c-format msgid "" "To prevent this, you can backup the relevant files from the /etc/ssh/ directory (see for a complete list), and " "restore them whenever you reinstall the system." msgstr "" #. Tag: title #, no-c-format msgid "Requiring SSH for Remote Connections" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "SSH protocol insecure protocols" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "SSH protocol requiring for remote " "login" msgstr "" #. Tag: para #, no-c-format msgid "" "For SSH to be truly effective, using insecure connection protocols should be" " prohibited. Otherwise, a user's password may be protected using SSH for one" " session, only to be captured later while logging in using Telnet. Some " "services to disable include telnet, " "rsh, rlogin, and " "vsftpd." msgstr "" #. Tag: para #, no-c-format msgid "" "To disable these services, type the following commands at a shell prompt:" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]# chkconfig telnet off\n" "~]# chkconfig rsh off\n" "~]# chkconfig rlogin off\n" "~]# chkconfig vsftpd off" msgstr "" #. Tag: para #, no-c-format msgid "" "For more information on runlevels and configuring services in general, refer" " to ." msgstr "" #. Tag: title #, no-c-format msgid "Using a Key-Based Authentication" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "OpenSSH using key-based " "authentication" msgstr "" #. Tag: para #, no-c-format msgid "" "To improve the system security even further, you can enforce the use the " "key-based authentication by disabling the standard password authentication. " "To do so, open the /etc/ssh/sshd_config configuration file in a " "text editor such as vi or " "nano, and change the " " option as follows:" msgstr "" #. Tag: screen #, no-c-format msgid "PasswordAuthentication no" msgstr "" #. Tag: para #, no-c-format msgid "" "To be able to use ssh, scp, or " "sftp to connect to the server from a client machine, " "generate an authorization key pair by following the steps below. Note that " "keys must be generated for each user separately." msgstr "" #. Tag: para #, no-c-format msgid "" "&MAJOROSVER; uses SSH Protocol 2 and RSA keys by default (see for more information)." msgstr "" #. Tag: title #, no-c-format msgid "Important: Do Not Generate Key Pairs as root" msgstr "" #. Tag: para #, no-c-format msgid "" "If you complete the steps as root, only root will be able to use the keys." msgstr "" #. Tag: title #, no-c-format msgid "" "Tip: Backup Your ~/.ssh/ Directory" msgstr "" #. Tag: para #, no-c-format msgid "" "If you reinstall your system and want to keep previously generated key pair," " backup the ~/.ssh/ directory. " "After reinstalling, copy it back to your home directory. This process can be" " done for all users on your system, including root." msgstr "" #. Tag: title #, no-c-format msgid "Generating Key Pairs" msgstr "" #. Tag: indexterm #, no-c-format msgid "RSA keys generating" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "OpenSSH RSA keys " "generating" msgstr "" #. Tag: para #, no-c-format msgid "" "To generate an RSA key pair for version 2 of the SSH protocol, follow these " "steps:" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "OpenSSH ssh-keygen " "RSA" msgstr "" #. Tag: para #, no-c-format msgid "Generate an RSA key pair by typing the following at a shell prompt:" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]$ ssh-keygen -t rsa\n" "Generating public/private rsa key pair.\n" "Enter file in which to save the key (/home/john/.ssh/id_rsa):" msgstr "" #. Tag: para #, no-c-format msgid "" "Press Enter to confirm the default location (that is, " "~/.ssh/id_rsa) for the newly created key." msgstr "" #. Tag: para #, no-c-format msgid "" "Enter a passphrase, and confirm it by entering it again when prompted to do " "so. For security reasons, avoid using the same password as you use to log in" " to your account." msgstr "" #. Tag: para #, no-c-format msgid "After this, you will be presented with a message similar to this:" msgstr "" #. Tag: screen #, no-c-format msgid "" "Your identification has been saved in /home/john/.ssh/id_rsa.\n" "Your public key has been saved in /home/john/.ssh/id_rsa.pub.\n" "The key fingerprint is:\n" "e7:97:c7:e2:0e:f9:0e:fc:c4:d7:cb:e5:31:11:92:14 john@penguin.example.com\n" "The key's randomart image is:\n" "+--[ RSA 2048]----+\n" "| E. |\n" "| . . |\n" "| o . |\n" "| . .|\n" "| S . . |\n" "| + o o ..|\n" "| * * +oo|\n" "| O +..=|\n" "| o* o.|\n" "+-----------------+" msgstr "" #. Tag: para #, no-c-format msgid "" "Change the permissions of the ~/.ssh/ directory:" msgstr "" #. Tag: screen #, no-c-format msgid "~]$ chmod 755 ~/.ssh" msgstr "" #. Tag: para #, no-c-format msgid "" "Copy the content of ~/.ssh/id_rsa.pub into the " "~/.ssh/authorized_keys on the machine to which you want" " to connect, appending it to its end if the file already exists." msgstr "" #. Tag: para #, no-c-format msgid "" "Change the permissions of the ~/.ssh/authorized_keys " "file using the following command:" msgstr "" #. Tag: screen #, no-c-format msgid "~]$ chmod 644 ~/.ssh/authorized_keys" msgstr "" #. Tag: indexterm #, no-c-format msgid "DSA keys generating" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "OpenSSH DSA keys " "generating" msgstr "" #. Tag: para #, no-c-format msgid "" "To generate a DSA key pair for version 2 of the SSH protocol, follow these " "steps:" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "OpenSSH ssh-keygen " "DSA" msgstr "" #. Tag: para #, no-c-format msgid "Generate a DSA key pair by typing the following at a shell prompt:" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]$ ssh-keygen -t dsa\n" "Generating public/private dsa key pair.\n" "Enter file in which to save the key (/home/john/.ssh/id_dsa):" msgstr "" #. Tag: para #, no-c-format msgid "" "Press Enter to confirm the default location (that is, " "~/.ssh/id_dsa) for the newly created key." msgstr "" #. Tag: screen #, no-c-format msgid "" "Your identification has been saved in /home/john/.ssh/id_dsa.\n" "Your public key has been saved in /home/john/.ssh/id_dsa.pub.\n" "The key fingerprint is:\n" "81:a1:91:a8:9f:e8:c5:66:0d:54:f5:90:cc:bc:cc:27 john@penguin.example.com\n" "The key's randomart image is:\n" "+--[ DSA 1024]----+\n" "| .oo*o. |\n" "| ...o Bo |\n" "| .. . + o. |\n" "|. . E o |\n" "| o..o S |\n" "|. o= . |\n" "|. + |\n" "| . |\n" "| |\n" "+-----------------+" msgstr "" #. Tag: screen #, no-c-format msgid "~]$ chmod 775 ~/.ssh" msgstr "" #. Tag: para #, no-c-format msgid "" "Copy the content of ~/.ssh/id_dsa.pub into the " "~/.ssh/authorized_keys on the machine to which you want" " to connect, appending it to its end if the file already exists." msgstr "" #. Tag: indexterm #, no-c-format msgid "" "RSA Version 1 keys generating" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "OpenSSH RSA Version 1 keys " "generating" msgstr "" #. Tag: para #, no-c-format msgid "" "To generate an RSA key pair for version 1 of the SSH protocol, follow these " "steps:" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "OpenSSH ssh-keygen RSA " "Version 1" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]$ ssh-keygen -t rsa1\n" "Generating public/private rsa1 key pair.\n" "Enter file in which to save the key (/home/john/.ssh/identity):" msgstr "" #. Tag: para #, no-c-format msgid "" "Press Enter to confirm the default location (that is, " "~/.ssh/identity) for the newly created key." msgstr "" #. Tag: para #, no-c-format msgid "" "Enter a passphrase, and confirm it by entering it again when prompted to do " "so. For security reasons, avoid using the same password as you use to log " "into your account." msgstr "" #. Tag: screen #, no-c-format msgid "" "Your identification has been saved in /home/john/.ssh/identity.\n" "Your public key has been saved in /home/john/.ssh/identity.pub.\n" "The key fingerprint is:\n" "cb:f6:d5:cb:6e:5f:2b:28:ac:17:0c:e4:62:e4:6f:59 john@penguin.example.com\n" "The key's randomart image is:\n" "+--[RSA1 2048]----+\n" "| |\n" "| . . |\n" "| o o |\n" "| + o E |\n" "| . o S |\n" "| = + . |\n" "| . = . o . .|\n" "| . = o o..o|\n" "| .o o o=o.|\n" "+-----------------+" msgstr "" #. Tag: para #, no-c-format msgid "" "Copy the content of ~/.ssh/identity.pub into the " "~/.ssh/authorized_keys on the machine to which you want" " to connect, appending it to its end if the file already exists." msgstr "" #. Tag: para #, no-c-format msgid "" "Refer to for " "information on how to set up your system to remember the passphrase." msgstr "" #. Tag: title #, no-c-format msgid "Important: Never Share Your Private Key" msgstr "" #. Tag: para #, no-c-format msgid "" "The private key is for your personal use only, and it is important that you " "never give it to anyone." msgstr "" #. Tag: title #, no-c-format msgid "Configuring ssh-agent" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "OpenSSH ssh-agent " "" msgstr "" #. Tag: indexterm #, no-c-format msgid " ssh-agent " msgstr "" #. Tag: para #, no-c-format msgid "" "To store your passphrase so that you do not have to enter it each time you " "initiate a connection with a remote machine, you can use the ssh-" "agent authentication agent. If you are running GNOME, you can " "configure it to prompt you for your passphrase whenever you log in and " "remember it during the whole session. Otherwise you can store the passphrase" " for a certain shell prompt." msgstr "" #. Tag: para #, no-c-format msgid "To save your passphrase during your GNOME session, follow these steps:" msgstr "" #. Tag: para #, no-c-format msgid "" "Make sure you have the openssh-askpass package installed." " If not, refer to for more information " "on how to install new packages in &MAJOROS;." msgstr "" #. Tag: para #, no-c-format msgid "" "Select " "SystemPreferencesStartup" " Applications from the panel. The " "Startup Applications Preferences will be started," " and the tab containing a list of available startup programs will be shown " "by default." msgstr "" #. Tag: title #, no-c-format msgid "Startup Applications Preferences" msgstr "" #. Tag: para #, no-c-format msgid "" "Click the Add button on the right, and enter " "/usr/bin/ssh-add in the Command " "field." msgstr "" #. Tag: indexterm #, no-c-format msgid "" "OpenSSH ssh-add " "" msgstr "" #. Tag: indexterm #, no-c-format msgid " ssh-add " msgstr "" #. Tag: title #, no-c-format msgid "Adding new application" msgstr "" #. Tag: para #, no-c-format msgid "" "Click Add and make sure the check box next to the " "newly added item is selected." msgstr "" #. Tag: title #, no-c-format msgid "Enabling the application" msgstr "" #. Tag: para #, no-c-format msgid "" "Log out and then log back in. A dialog box will appear prompting you for " "your passphrase. From this point on, you should not be prompted for a " "password by ssh, scp, or " "sftp." msgstr "" #. Tag: title #, no-c-format msgid "Entering a passphrase" msgstr "" #. Tag: para #, no-c-format msgid "" "To save your passphrase for a certain shell prompt, use the following " "command:" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]$ ssh-add\n" "Enter passphrase for /home/john/.ssh/id_rsa:" msgstr "" #. Tag: para #, no-c-format msgid "" "Note that when you log out, your passphrase will be forgotten. You must " "execute the command each time you log in to a virtual console or a terminal " "window." msgstr "" #. Tag: title #, no-c-format msgid "OpenSSH Clients" msgstr "" #. Tag: indexterm #, no-c-format msgid "OpenSSH client" msgstr "" #. Tag: para #, no-c-format msgid "" "To connect to an OpenSSH server from a client machine, you must have the " "openssh-clients and openssh packages " "installed. Refer to for more information" " on how to install new packages in &MAJOROS;." msgstr "" #. Tag: title #, no-c-format msgid "Using the ssh Utility" msgstr "" #. Tag: indexterm #, no-c-format msgid " ssh OpenSSH" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "OpenSSH client " "ssh " msgstr "" #. Tag: para #, no-c-format msgid "" "ssh allows you to log in to a remote machine and execute " "commands there. It is a secure replacement for the " "rlogin, rsh, and " "telnet programs." msgstr "" #. Tag: para #, no-c-format msgid "" "Similarly to telnet, to log in to a remote machine named " "penguin.example.com, type the " "following command at a shell prompt:" msgstr "" #. Tag: screen #, no-c-format msgid "~]$ ssh penguin.example.com" msgstr "" #. Tag: para #, no-c-format msgid "" "This will log you in with the same username you are using on a local " "machine. If you want to specify a different one, use a command in the " "ssh " "username@hostname" " form. For example, to log in as john, type:" msgstr "" #. Tag: screen #, no-c-format msgid "~]$ ssh john@penguin.example.com" msgstr "" #. Tag: para #, no-c-format msgid "" "The first time you initiate a connection, you will be presented with a " "message similar to this:" msgstr "" #. Tag: screen #, no-c-format msgid "" "The authenticity of host 'penguin.example.com' can't be established.\n" "RSA key fingerprint is 94:68:3a:3a:bc:f3:9a:9b:01:5d:b3:07:38:e2:11:0c.\n" "Are you sure you want to continue connecting (yes/no)?" msgstr "" #. Tag: para #, no-c-format msgid "" "Type yes to confirm. You will see a notice that the " "server has been added to the list of known hosts, and a prompt asking for " "your password:" msgstr "" #. Tag: screen #, no-c-format msgid "" "Warning: Permanently added 'penguin.example.com' (RSA) to the list of known hosts.\n" "john@penguin.example.com's password:" msgstr "" #. Tag: title #, no-c-format msgid "Important" msgstr "" #. Tag: para #, no-c-format msgid "" "If the SSH server's host key changes, the client notifies the user that the " "connection cannot proceed until the server's host key is deleted from the " "~/.ssh/known_hosts file. To do so, open the file in a " "text editor, and remove a line containing the remote machine name at the " "beginning. Before doing this, however, contact the system administrator of " "the SSH server to verify the server is not compromised." msgstr "" #. Tag: para #, no-c-format msgid "" "After entering the password, you will be provided with a shell prompt for " "the remote machine." msgstr "" #. Tag: para #, no-c-format msgid "" "Alternatively, the ssh program can be used to execute a " "command on the remote machine without logging in to a shell prompt. The " "syntax for that is ssh " "[username@]hostname " "command. For example, if you want to " "execute the whoami command on penguin.example.com, type:" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]$ ssh john@penguin.example.com whoami\n" "john@penguin.example.com's password:\n" "john" msgstr "" #. Tag: para #, no-c-format msgid "" "After you enter the correct password, the username will be displayed, and " "you will return to your local shell prompt." msgstr "" #. Tag: title #, no-c-format msgid "Using the scp Utility" msgstr "" #. Tag: indexterm #, no-c-format msgid " scp OpenSSH" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "OpenSSH client " "scp " msgstr "" #. Tag: indexterm #, no-c-format msgid " rcp " msgstr "" #. Tag: para #, no-c-format msgid "" "scp can be used to transfer files between machines over a" " secure, encrypted connection. In its design, it is very similar to " "rcp." msgstr "" #. Tag: para #, no-c-format msgid "" "To transfer a local file to a remote system, use a command in the following " "form:" msgstr "" #. Tag: screen #, no-c-format msgid "" "scp localfile " "username@hostname:remotefile" msgstr "" #. Tag: para #, no-c-format msgid "" "For example, if you want to transfer taglist.vim to a " "remote machine named penguin.example.com, type the following at" " a shell prompt:" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]$ scp taglist.vim john@penguin.example.com:.vim/plugin/taglist.vim\n" "john@penguin.example.com's password:\n" "taglist.vim 100% 144KB 144.5KB/s 00:00" msgstr "" #. Tag: para #, no-c-format msgid "" "Multiple files can be specified at once. To transfer the contents of " ".vim/plugin/ to the same directory on the remote " "machine penguin.example.com, " "type the following command:" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]$ scp .vim/plugin/* john@penguin.example.com:.vim/plugin/\n" "john@penguin.example.com's password:\n" "closetag.vim 100% 13KB 12.6KB/s 00:00 \n" "snippetsEmu.vim 100% 33KB 33.1KB/s 00:00 \n" "taglist.vim 100% 144KB 144.5KB/s 00:00" msgstr "" #. Tag: para #, no-c-format msgid "" "To transfer a remote file to the local system, use the following syntax:" msgstr "" #. Tag: screen #, no-c-format msgid "" "scp " "username@hostname:remotefile" " localfile" msgstr "" #. Tag: para #, no-c-format msgid "" "For instance, to download the .vimrc configuration file" " from the remote machine, type:" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]$ scp john@penguin.example.com:.vimrc .vimrc\n" "john@penguin.example.com's password:\n" ".vimrc 100% 2233 2.2KB/s 00:00" msgstr "" #. Tag: title #, no-c-format msgid "Using the sftp Utility" msgstr "" #. Tag: indexterm #, no-c-format msgid " sftp OpenSSH" msgstr "" #. Tag: indexterm #, no-c-format msgid "" "OpenSSH client " "sftp " msgstr "" #. Tag: para #, no-c-format msgid "" "The sftp utility can be used to open a secure, " "interactive FTP session. In its design, it is similar to " "ftp except that it uses a secure, encrypted connection." msgstr "" #. Tag: para #, no-c-format msgid "To connect to a remote system, use a command in the following form:" msgstr "" #. Tag: screen #, no-c-format msgid "" "sftp " "username@hostname" msgstr "" #. Tag: para #, no-c-format msgid "" "For example, to log in to a remote machine named penguin.example.com with john as a username, type:" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]$ sftp john@penguin.example.com\n" "john@penguin.example.com's password:\n" "Connected to penguin.example.com.\n" "sftp>" msgstr "" #. Tag: para #, no-c-format msgid "" "After you enter the correct password, you will be presented with a prompt. " "The sftp utility accepts a set of commands similar to " "those used by ftp (see )." msgstr "" #. Tag: title #, no-c-format msgid "A selection of available sftp commands" msgstr "" #. Tag: entry #, no-c-format msgid "Command" msgstr "" #. Tag: entry #, no-c-format msgid "ls [directory]" msgstr "" #. Tag: entry #, no-c-format msgid "" "List the content of a remote directory. If none " "is supplied, a current working directory is used by default." msgstr "" #. Tag: entry #, no-c-format msgid "cd directory" msgstr "" #. Tag: entry #, no-c-format msgid "" "Change the remote working directory to directory." msgstr "" #. Tag: entry #, no-c-format msgid "mkdir directory" msgstr "" #. Tag: entry #, no-c-format msgid "Create a remote directory." msgstr "" #. Tag: entry #, no-c-format msgid "rmdir path" msgstr "" #. Tag: entry #, no-c-format msgid "Remove a remote directory." msgstr "" #. Tag: entry #, no-c-format msgid "" "put localfile " "[remotefile]" msgstr "" #. Tag: entry #, no-c-format msgid "Transfer localfile to a remote machine." msgstr "" #. Tag: entry #, no-c-format msgid "" "get remotefile " "[localfile]" msgstr "" #. Tag: entry #, no-c-format msgid "Transfer remotefile from a remote machine." msgstr "" #. Tag: para #, no-c-format msgid "" "For a complete list of available commands, refer to the " "sftp man page." msgstr "" #. Tag: title #, no-c-format msgid "More Than a Secure Shell" msgstr "" #. Tag: para #, no-c-format msgid "" "A secure command line interface is just the beginning of the many ways SSH " "can be used. Given the proper amount of bandwidth, X11 sessions can be " "directed over an SSH channel. Or, by using TCP/IP forwarding, previously " "insecure port connections between systems can be mapped to specific SSH " "channels." msgstr "" #. Tag: title #, no-c-format msgid "X11 Forwarding" msgstr "" #. Tag: indexterm #, no-c-format msgid "SSH protocol X11 forwarding" msgstr "" #. Tag: para #, no-c-format msgid "" "To open an X11 session over an SSH connection, use a command in the " "following form:" msgstr "" #. Tag: screen #, no-c-format msgid "" "ssh -Y " "username@hostname" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]$ ssh -Y john@penguin.example.com\n" "john@penguin.example.com's password:" msgstr "" #. Tag: para #, no-c-format msgid "" "When an X program is run from the secure shell prompt, the SSH client and " "server create a new secure channel, and the X program data is sent over that" " channel to the client machine transparently." msgstr "" #. Tag: para #, no-c-format msgid "" "X11 forwarding can be very useful. For example, X11 forwarding can be used " "to create a secure, interactive session of the Printer " "Configuration utility. To do this, connect to the server using" " ssh and type:" msgstr "" #. Tag: screen #, no-c-format msgid "~]$ system-config-printer &" msgstr "" #. Tag: para #, no-c-format msgid "" "The Printer Configuration Tool will appear, " "allowing the remote user to safely configure printing on the remote system." msgstr "" #. Tag: title #, no-c-format msgid "Port Forwarding" msgstr "" #. Tag: indexterm #, no-c-format msgid "SSH protocol port forwarding" msgstr "" #. Tag: para #, no-c-format msgid "" "SSH can secure otherwise insecure TCP/IP protocols via port forwarding. When " "using this technique, the SSH server becomes an encrypted conduit to the SSH" " client." msgstr "" #. Tag: para #, no-c-format msgid "" "Port forwarding works by mapping a local port on the client to a remote port" " on the server. SSH can map any port from the server to any port on the " "client. Port numbers do not need to match for this technique to work." msgstr "" #. Tag: title #, no-c-format msgid "Note: Using Reserved Port Numbers" msgstr "" #. Tag: para #, no-c-format msgid "" "Setting up port forwarding to listen on ports below 1024 requires root level" " access." msgstr "" #. Tag: para #, no-c-format msgid "" "To create a TCP/IP port forwarding channel which listens for connections on " "the localhost, use a command " "in the following form:" msgstr "" #. Tag: screen #, no-c-format msgid "" "ssh -L local-port:remote-" "hostname:remote-port " "username@hostname" msgstr "" #. Tag: para #, no-c-format msgid "" "For example, to check email on a server called mail.example.com using POP3 through an encrypted connection, use " "the following command:" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]$ ssh -L 1100:mail.example.com:110 mail.example.com" msgstr "" #. Tag: para #, no-c-format msgid "" "Once the port forwarding channel is in place between the client machine and " "the mail server, direct a POP3 mail client to use port " "1100 on the localhost to check for new email. Any " "requests sent to port 1100 on the client system will be " "directed securely to the mail.example.com server." msgstr "" #. Tag: para #, no-c-format msgid "" "If mail.example.com is not " "running an SSH server, but another machine on the same network is, SSH can " "still be used to secure part of the connection. However, a slightly " "different command is necessary:" msgstr "" #. Tag: screen #, no-c-format msgid "" "~]$ ssh -L 1100:mail.example.com:110 other.example.com" msgstr "" #. Tag: para #, no-c-format msgid "" "In this example, POP3 requests from port 1100 on the " "client machine are forwarded through the SSH connection on port " "22 to the SSH server, other.example.com. Then, other.example.com connects to port " "110 on mail.example.com to check for new email. " "Note that when using this technique, only the connection between the client " "system and other.example.com " "SSH server is secure." msgstr "" #. Tag: para #, no-c-format msgid "" "Port forwarding can also be used to get information securely through network" " firewalls. If the firewall is configured to allow SSH traffic via its " "standard port (that is, port 22) but blocks access to other ports, a " "connection between two hosts using the blocked ports is still possible by " "redirecting their communication over an established SSH connection." msgstr "" #. Tag: title #, no-c-format msgid "Important: A Connection Is Only as Secure as a Client System" msgstr "" #. Tag: para #, no-c-format msgid "" "Using port forwarding to forward connections in this manner allows any user " "on the client system to connect to that service. If the client system " "becomes compromised, the attacker also has access to forwarded services." msgstr "" #. Tag: para #, no-c-format msgid "" "System administrators concerned about port forwarding can disable this " "functionality on the server by specifying a parameter " "for the line in " "/etc/ssh/sshd_config and restarting the " "sshd service." msgstr "" #. Tag: title #, no-c-format msgid "Additional Resources" msgstr "" #. Tag: indexterm #, no-c-format msgid "OpenSSH additional resources" msgstr "" #. Tag: indexterm #, no-c-format msgid "OpenSSL additional resources" msgstr "" #. Tag: para #, no-c-format msgid "" "The OpenSSH and OpenSSL projects are in constant development, and the most " "up-to-date information for them is available from their websites. The man " "pages for OpenSSH and OpenSSL tools are also good sources of detailed " "information." msgstr "" #. Tag: title #, no-c-format msgid "Installed Documentation" msgstr "" #. Tag: term #, no-c-format msgid "man ssh" msgstr "" #. Tag: para #, no-c-format msgid "" "The manual page for ssh containing the full " "documentation on its usage." msgstr "" #. Tag: term #, no-c-format msgid "man scp" msgstr "" #. Tag: para #, no-c-format msgid "" "The manual page for scp containing the full " "documentation on its usage." msgstr "" #. Tag: term #, no-c-format msgid "man sftp" msgstr "" #. Tag: para #, no-c-format msgid "" "The manual page for sftp containing the full " "documentation on its usage." msgstr "" #. Tag: term #, no-c-format msgid "man sshd" msgstr "" #. Tag: para #, no-c-format msgid "" "The manual page for sshd containing the full " "documentation on its usage." msgstr "" #. Tag: term #, no-c-format msgid "man ssh-keygen" msgstr "" #. Tag: para #, no-c-format msgid "" "The manual page for ssh-keygen containing the " "full documentation on its usage." msgstr "" #. Tag: term #, no-c-format msgid "man ssh_config" msgstr "" #. Tag: para #, no-c-format msgid "" "The manual page with full description of available SSH client configuration " "options." msgstr "" #. Tag: term #, no-c-format msgid "man sshd_config" msgstr "" #. Tag: para #, no-c-format msgid "" "The manual page with full description of available SSH daemon configuration " "options." msgstr "" #. Tag: title #, no-c-format msgid "Useful Websites" msgstr "" #. Tag: term #, no-c-format msgid "" msgstr "" #. Tag: para #, no-c-format msgid "" "The OpenSSH home page containing further documentation, frequently asked " "questions, links to the mailing lists, bug reports, and other useful " "resources." msgstr "" #. Tag: term #, no-c-format msgid "" msgstr "" #. Tag: para #, no-c-format msgid "" "The OpenSSL home page containing further documentation, frequently asked " "questions, links to the mailing lists, and other useful resources." msgstr "" #. Tag: term #, no-c-format msgid "" msgstr "" #. Tag: para #, no-c-format msgid "Another implementation of an SSH server." msgstr ""