diff options
author | kris <kris@FreeBSD.org> | 2000-09-22 07:37:29 +0800 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2000-09-22 07:37:29 +0800 |
commit | f63038505859ce0b75f62472fe45b68238da91e2 (patch) | |
tree | c0a6652b02e088c49a74d6ab48b1a4d4f513e5d5 /security/ssh/pkg-descr | |
parent | 0aba2221cec313410d795755bce3be5fd27bf94e (diff) | |
download | freebsd-ports-gnome-f63038505859ce0b75f62472fe45b68238da91e2.tar.gz freebsd-ports-gnome-f63038505859ce0b75f62472fe45b68238da91e2.tar.zst freebsd-ports-gnome-f63038505859ce0b75f62472fe45b68238da91e2.zip |
Fennerize MASTER_SITES and replace with a fresh set which a) actually carry
the distfile and b) are probably better sorted networkologically for the
majority of users. Trim DESCR down to a sane length.
Diffstat (limited to 'security/ssh/pkg-descr')
-rw-r--r-- | security/ssh/pkg-descr | 93 |
1 files changed, 0 insertions, 93 deletions
diff --git a/security/ssh/pkg-descr b/security/ssh/pkg-descr index 14497e434279..e08cd3baca01 100644 --- a/security/ssh/pkg-descr +++ b/security/ssh/pkg-descr @@ -3,96 +3,3 @@ to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. It is intended as a replacement for rlogin, rsh, and rcp. - -FEATURES - - o Complete replacement for rlogin, rsh, and rcp. - - o Strong authentication. Closes several security holes (e.g., IP, - routing, and DNS spoofing). New authentication methods: .rhosts - together with RSA based host authentication, and pure RSA - authentication. - - o Improved privacy. All communications are automatically and - transparently encrypted. RSA is used for key exchange, and a - conventional cipher (normally IDEA, DES, or triple-DES) for - encrypting the session. Encryption is started before - authentication, and no passwords or other information is - transmitted in the clear. Encryption is also used to protect - against spoofed packets. - - o Secure X11 sessions. The program automatically sets DISPLAY on - the server machine, and forwards any X11 connections over the - secure channel. Fake Xauthority information is automatically - generated and forwarded to the remote machine; the local client - automatically examines incoming X11 connections and replaces the - fake authorization data with the real data (never telling the - remote machine the real information). - - o Arbitrary TCP/IP ports can be redirected through the encrypted channel - in both directions (e.g., for e-cash transactions). - - o No retraining needed for normal users; everything happens - automatically, and old .rhosts files will work with strong - authentication if administration installs host key files. - - o Never trusts the network. Minimal trust on the remote side of - the connection. Minimal trust on domain name servers. Pure RSA - authentication never trusts anything but the private key. - - o Client RSA-authenticates the server machine in the beginning of - every connection to prevent trojan horses (by routing or DNS - spoofing) and man-in-the-middle attacks, and the server - RSA-authenticates the client machine before accepting .rhosts or - /etc/hosts.equiv authentication (to prevent DNS, routing, or - IP-spoofing). - - o Host authentication key distribution can be centrally by the - administration, automatically when the first connection is made - to a machine (the key obtained on the first connection will be - recorded and used for authentication in the future), or manually - by each user for his/her own use. The central and per-user host - key repositories are both used and complement each other. Host - keys can be generated centrally or automatically when the software - is installed. Host authentication keys are typically 1024 bits. - - o Any user can create any number of user authentication RSA keys for - his/her own use. Each user has a file which lists the RSA public - keys for which proof of possession of the corresponding private - key is accepted as authentication. User authentication keys are - typically 1024 bits. - - o The server program has its own server RSA key which is - automatically regenerated every hour. This key is never saved in - any file. Exchanged session keys are encrypted using both the - server key and the server host key. The purpose of the separate - server key is to make it impossible to decipher a captured session by - breaking into the server machine at a later time; one hour from - the connection even the server machine cannot decipher the session - key. The key regeneration interval is configurable. The server - key is normally 768 bits. - - o An authentication agent, running in the user's laptop or local - workstation, can be used to hold the user's RSA authentication - keys. Ssh automatically forwards the connection to the - authentication agent over any connections, and there is no need to - store the RSA authentication keys on any machine in the network - (except the user's own local machine). The authentication - protocols never reveal the keys; they can only be used to verify - that the user's agent has a certain key. Eventually the agent - could rely on a smart card to perform all authentication - computations. - - o The software can be installed and used (with restricted - functionality) even without root privileges. - - o The client is customizable in system-wide and per-user - configuration files. Most aspects of the client's operation can - be configured. Different options can be specified on a per-host basis. - - o Automatically executes conventional rsh (after displaying a - warning) if the server machine is not running sshd. - - o Optional compression of all data with gzip (including forwarded X11 - and TCP/IP port data), which may result in significant speedups on - slow connections. |