From 6a885ee06515c2a8dfa3e0594123ef76cda9672a Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 10 Nov 2015 12:35:31 +0100 Subject: ssh: updated ssh_app.xml with ecdsa info --- lib/ssh/doc/src/ssh_app.xml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'lib/ssh/doc/src/ssh_app.xml') diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index 4c85585820..0baa44a6a7 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -62,10 +62,13 @@ authorized_keys2 id_dsa id_rsa + id_ecdsa ssh_host_dsa_key ssh_host_rsa_key + ssh_host_ecdsa_key

By default, ssh looks for id_dsa, id_rsa, + id_ecdsa_key, known_hosts, and authorized_keys in ~/.ssh, and for the host key files in /etc/ssh. These locations can be changed by the options user_dir and system_dir. @@ -79,7 +82,7 @@

Public Keys -

id_dsa and id_rsa are the users private key files. +

id_dsa, id_rsa and id_ecdsa are the users private key files. Notice that the public key is part of the private key so the ssh application does not use the id_<*>.pub files. These are for the user's convenience when it is needed to convey the user's @@ -104,8 +107,8 @@

Host Keys

RSA and DSA host keys are supported and are - expected to be found in files named ssh_host_rsa_key and - ssh_host_dsa_key. + expected to be found in files named ssh_host_rsa_key, + ssh_host_dsa_key and ssh_host_ecdsa_key.

-- cgit v1.2.3 From 05f4a611d3269b12edd709a988fa1da4c4690a82 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Tue, 10 Nov 2015 13:01:38 +0100 Subject: ssh: links to crypto and public_key in the ssh app ref --- lib/ssh/doc/src/ssh_app.xml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'lib/ssh/doc/src/ssh_app.xml') diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index 0baa44a6a7..1ae1558607 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -41,11 +41,14 @@
DEPENDENCIES -

The ssh application uses the applications public_key and - crypto to handle public keys and encryption. Hence, these +

The ssh application uses the applications + public_key and + crypto + to handle public keys and encryption. Hence, these applications must be loaded for the ssh application to work. In an embedded environment this means that they must be started with - application:start/[1,2] before the ssh application is started. + application:start/1,2 before the + ssh application is started.

-- cgit v1.2.3 From 7448114c9bc35815051fbaf6f4b1ed7846d97b69 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 11 Nov 2015 16:05:53 +0100 Subject: ssh: moved "supported" section from ssh module man page to SSH_app man page --- lib/ssh/doc/src/ssh_app.xml | 82 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 81 insertions(+), 1 deletion(-) (limited to 'lib/ssh/doc/src/ssh_app.xml') diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index 1ae1558607..f461f87d1b 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -52,7 +52,7 @@

-
+
CONFIGURATION

The ssh application does not have an application- @@ -119,6 +119,86 @@

The ssh application uses the default OTP error logger to log unexpected errors or print information about special events.

+
+ + SUPPORTED +

The supported SSH version is 2.0.

+ + Algorithms +

The actual set of algorithms may vary depending on which OpenSSL crypto library that is installed on the machine. + For the list on a particular installation, use the command + ssh:default_algorithms/0. + The user may override the default algorithm configuration both on the server side and the client side. + See the option preferred_algorithms in the ssh:daemon/1,2,3 and + ssh:connect/3,4 functions. +

+ +

Supported algorithms are:

+ + + Public key algorithms + + + ecdsa-sha2-nistp256 + ecdsa-sha2-nistp384 + ecdsa-sha2-nistp521 + ssh-rsa + ssh-dss + + + + MAC algorithms + + + hmac-sha2-256 + hmac-sha2-512 + hmac-sha1 + + + + Encryption algorithms + + + aes128-ctr + aes192-ctr + aes256-ctr + aes128-cbc + 3des-cbc + + + + Key exchange algorithms + + + ecdh-sha2-nistp256 + ecdh-sha2-nistp384 + ecdh-sha2-nistp521 + diffie-hellman-group-exchange-sha1 + diffie-hellman-group-exchange-sha256 + diffie-hellman-group14-sha1 + diffie-hellman-group1-sha1 + + + + Compression algorithms + + + none + zlib@openssh.com + zlib + + + + + Unicode support +

Unicode filenames are supported if the emulator and the underlaying OS support it. See section DESCRIPTION in the + file manual page in kernel for information about this subject. +

+

The shell and the cli support unicode. +

+ +
+
SEE ALSO

application(3)

-- cgit v1.2.3 From 65ac12ef11a869fa45f63dd64e905e55b1c7cdd5 Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Wed, 11 Nov 2015 16:54:37 +0100 Subject: ssh: list supported rfcs --- lib/ssh/doc/src/ssh_app.xml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'lib/ssh/doc/src/ssh_app.xml') diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index f461f87d1b..f91285d8b8 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -202,6 +202,36 @@
SEE ALSO

application(3)

+

The following rfc:s are supported:

+ + RFC 4251, The Secure Shell (SSH) Protocol Architecture. + (Except 9.4.6, 9.5.2, 9.5.3) + + RFC 4252, The Secure Shell (SSH) Authentication Protocol. + (Except 9. Host-Based Authentication: "hostbased") + + RFC 4253, The Secure Shell (SSH) Transport Layer Protocol. + + RFC 4254, The Secure Shell (SSH) Connection Protocol. + (Except 6.3. X11 Forwarding, 7. TCP/IP Port Forwarding) + + RFC 4256, Generic Message Exchange Authentication for + the Secure Shell Protocol (SSH). + (Except num-prompts > 1, password changing, other identification methods than userid-password) + + RFC 4419, Diffie-Hellman Group Exchange for + the Secure Shell (SSH) Transport Layer Protocol. + + RFC 4716, The Secure Shell (SSH) Public Key File Format. + + RFC 5656, Elliptic Curve Algorithm Integration in + the Secure Shell Transport Layer. + (Except 5. ECMQV Key Exchange, 6.4. ECMQV Key Exchange and Verification Method Name, + 7.2. ECMQV Message Numbers, 10.2. Recommended Curves) + + + +
-- cgit v1.2.3 From 777c373cee742f2ba14246a437a4a12e68f93b5b Mon Sep 17 00:00:00 2001 From: Hans Nilsson Date: Fri, 13 Nov 2015 12:21:15 +0100 Subject: ssh: alternative look --- lib/ssh/doc/src/ssh_app.xml | 71 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 56 insertions(+), 15 deletions(-) (limited to 'lib/ssh/doc/src/ssh_app.xml') diff --git a/lib/ssh/doc/src/ssh_app.xml b/lib/ssh/doc/src/ssh_app.xml index f91285d8b8..29cbbd79a2 100644 --- a/lib/ssh/doc/src/ssh_app.xml +++ b/lib/ssh/doc/src/ssh_app.xml @@ -121,9 +121,10 @@
- SUPPORTED + SUPPORTED SPECIFICATIONS AND STANDARDS

The supported SSH version is 2.0.

- +
+
Algorithms

The actual set of algorithms may vary depending on which OpenSSL crypto library that is installed on the machine. For the list on a particular installation, use the command @@ -189,49 +190,89 @@ - +

+
Unicode support

Unicode filenames are supported if the emulator and the underlaying OS support it. See section DESCRIPTION in the file manual page in kernel for information about this subject.

-

The shell and the cli support unicode. +

The shell and the cli both support unicode.

-
- SEE ALSO -

application(3)

+ Rfcs

The following rfc:s are supported:

RFC 4251, The Secure Shell (SSH) Protocol Architecture. - (Except 9.4.6, 9.5.2, 9.5.3) +

Except + + 9.4.6 Host-Based Authentication + 9.5.2 Proxy Forwarding + 9.5.3 X11 Forwarding + +

+ RFC 4252, The Secure Shell (SSH) Authentication Protocol. - (Except 9. Host-Based Authentication: "hostbased") +

Except + + 9. Host-Based Authentication: "hostbased" + +

+ RFC 4253, The Secure Shell (SSH) Transport Layer Protocol. +

+ RFC 4254, The Secure Shell (SSH) Connection Protocol. - (Except 6.3. X11 Forwarding, 7. TCP/IP Port Forwarding) +

Except + + 6.3. X11 Forwarding + 7. TCP/IP Port Forwarding + +

+ RFC 4256, Generic Message Exchange Authentication for the Secure Shell Protocol (SSH). - (Except num-prompts > 1, password changing, other identification methods than userid-password) +

Except + + num-prompts > 1 + password changing + other identification methods than userid-password + +

+ RFC 4419, Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer Protocol. +

+ RFC 4716, The Secure Shell (SSH) Public Key File Format. +

+ RFC 5656, Elliptic Curve Algorithm Integration in the Secure Shell Transport Layer. - (Except 5. ECMQV Key Exchange, 6.4. ECMQV Key Exchange and Verification Method Name, - 7.2. ECMQV Message Numbers, 10.2. Recommended Curves) +

Except + + 5. ECMQV Key Exchange + 6.4. ECMQV Key Exchange and Verification Method Name + 7.2. ECMQV Message Numbers + 10.2. Recommended Curves + +

- -
+ +
+ +
+ SEE ALSO +

application(3)

-- cgit v1.2.3