OpenSSH is a free version of the SSH suite of network connectivity tools that increasing numbers of people on the Internet are coming to rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks. Additionally, OpenSSH provides a myriad of secure tunnelling capabilities.
openssh-3.7.1p2: description + notes
The OpenSSH suite includes the ssh program which replaces rlogin and telnet, scp which replaces rcp, and sftp which replaces ftp. Also included are sshd and sftp-server (the server side of the package), and the other basic utilities like ssh-add, ssh-agent, and ssh-keygen. OpenSSH supports protocol versions 1.3, 1.5, and 2.0. The OpenSSH Home Page has more information.
The default daemon PATH is
/usr/sbin:/usr/bsd:/sbin:/usr/bin:/etc:/usr/etc:/usr/bin/X11:/usr/freeware/bin
. This is the standard IRIX default SUPATH from/etc/default/login
and/etc/default/su
, but with/usr/freeware/bin
appended so that the scp command will work.There are a few common problems people run into using this package:
- privilege separation is now enabled by default. To run sshd you must do the following:
Explicitly disabling "
- Create an unprivileged "
sshd
" user on your server. It should not be able to login (password '*' and shell/bin/false
), and should have home directory/var/empty
.- Create an "
sshd
" group, and place thesshd
user in it.UsePrivilegeSeparation
" in/etc/ssh/sshd_config
will also work, but is not recommended.- Unlike previous releases, configuration files are now stored in
/etc/ssh
rather than/etc
or/usr/freeware/etc
. If you are upgrading and want to preserve your customizations you must merge these files manually.- If you get warning messages about "Not enough entropy in RNG" try customizing
/etc/ssh/ssh_prng_cmds
. Your system may have more options available than the defaults provide.- If some X11 programs (e.g. synchronize) fail with an XIO error message connecting to X server "localhost:xx.0" check the
X11UseLocalhost
setting in/etc/ssh/sshd_config
. Try setting it to "no", as described in thesshd
man page.Some customers report that starting sshd with "
-c blowfish
" gives significantly better performance.
To auto-install this package, go back and click on the respective install icon.