Specifications

ManualsBrandsCabletron Systems ManualsNetwork CardE2100

201

202

203

204

205

206

207

208

209

210

ssh-agent, which retains the private keys for the duration of an X session.

The entire X session will be started as a child process of ssh-agents. The

easiest way to do this is to set the variable usessh at the beginning of the

.xsession ﬁle to yes and log in via a display manager such as KDM or

XDM. Alternatively, enter ssh-agent startx.

Now you can use ssh or scp as usual. If you have distributed your pri-

vate key as described above, you are no longer prompted for your pass-

word. Take care of terminating your X session or locking it with a password-

protection, for instance xlock.

All the relevant changes which resulted from the introduction of version 2 of

the SSH protocol have also been documented in the ﬁle /usr/share/doc/

packages/openssh/README.SuSE.

X, Authentication, and Other Forwarding Mechanisms

Beyond the previously described security-related improvements, ssh also sim-

pliﬁes the use of remote X applications. If you run ssh with the option -X,

the DISPLAY variable will automatically be set on the remote machine and all

X output will be exported to the remote machine over the existing ssh con-

nection. At the same time, X applications started remotely and locally viewed

with this method cannot be intercepted by unauthorized persons.

By adding the option -A, the ssh-agent authentication mechanism will be

carried over to the next machine. This way, you can work from different ma-

chines without having to enter a password, but only if you have distributed

your public key to the destination hosts and properly saved it there.

Both mechanisms are deactivated in the default settings, but can be perma-

nently activated at any time in the system-wide conﬁguration ﬁle /etc/ssh/

sshd_config or the user’s ~/.ssh/config.

ssh can also be used to redirect TCP/IP connections. In the follow-

ing example, the SMTP and POP3 port is redirected through ssh:

ssh -L 25:sun:25 sun. Here, each connection directed to “earth port

25”, SMTP is redirected to the SMTP port on sun via an encrypted channel.

This is especially useful for those using SMTP servers without SMTP-AUTH

or POP-before-SMTP features. From any arbitrary location connected to a

network, e-mail can be transferred to the “home” mail server for delivery. In

a similar manner, the following command forwards all port 110 and POP3

requests on earth to the POP3 port of sun: ssh -L 110:sun:110 sun.

Both examples must be carried out by user root, because the connection

is made to privileged local ports. E-mail is sent and retrieved by normal

194 SSH — Secure Shell, the Safe Alternative