The Secure Shell (SSH) Frequently Asked Questions

0. Meta-info

• 0.1. Where can I get this document?
• 0.2. Who maintains this document?
• 0.3. Where do I send questions, additions, corrections etc. about this document?
• 0.4. Revision history
• 0.5. Legalese
• 0.6. Credits

1. About Secure Shell (SSH)

• 1.1. What is Secure Shell (SSH)?
• 1.2. How widespread is its use?
• 1.3. What protocols does it use?
• 1.4. What encryption algorithms does SSH use?
• 1.5. How does SSH authenticate?
• 1.6. What does SSH protect against?
• 1.7. What doens't SSH protect against?
• 1.8. What is the difference between SSH1 and SSH2?
• 1.9. Who maintains SSH?
• 1.10. Can I run SSH legally?
• 1.10.1. Licensing
• 1.10.2. Cryptography laws
• 1.10.3. Patents on cryptographic algorithms
• 1.11. What operating systems does SSH run on?
• 1.12. Shouldn't I be using only SSH2?

2. Getting SSH

• 2.1. Where is the official SSH distribution and mirror sites?
• 2.1.1. Official Site
• 2.1.2. Mirrors
• 2.2. How about getting other relatively free versions of SSH?
• 2.2.1. UNIX
• 2.2.2. Java
• 2.2.3. Windows
• 2.2.4. Macintosh
• 2.2.5. OpenVMS
• 2.2.6. Handheld devices
• 2.2.7. BeOS
• 2.2.8. OS/2
• 2.3. How about getting commerically supported versions of SSH?
• 2.3.1. SSH Secure Shell
• 2.3.2. Van Dyke Software SecureCRT
• 2.3.3. F-Secure Tunnel and Terminal

3. Installing SSH

• 3.1. What is the latest version of SSH?
• 3.2. How do I install SSH?
• 3.3. Does it make sense to install SSH as a non-root user on UNIX?
• 3.4. Where do I get pre-compiled binaries for SSH?

4. Running SSH

• 4.1. How do I run SSH1?
• 4.1.1. ssh1
• 4.1.2. scp1
• 4.1.3. sshd1
• 4.1.4. ssh-agent1
• 4.1.5. ssh-add1
• 4.2. How do I run SSH2?
• 4.2.1. ssh2
• 4.2.2. scp2
• 4.2.3. sshd2
• 4.2.4. ssh-agent2
• 4.2.5. ssh-add2
• 4.2.6. sftp2
• 4.3. How do I administer SSH after I have the daemon running?

5. SSH and other applications

• 5.1. Can I run backups over ssh?
• 5.2. Can I use ssh to communicate across a firewall?
• 5.3. Can I use rdist or rsync with ssh?
• 5.4. Can I use ssh to securely connect two subnets across the Internet?
• 5.5. Can I use ssh to securely forward UDP-based services, such as NFS or NIS?
• 5.6. Can I use ssh to protect services like ftp or POP?
• 5.7. Can I use ssh across a Socks firewall?
• 5.8. Is there ssh support for AFS/Kerberos?
• 5.9. Can I use TCP wrappers for added security on SSH?
• 5.10. How do I tunnel X through SSH?
• 5.11 Can I forward SGI GL connections over ssh?
• 5.12 Does SSH support digital certificates?
• 5.13 Does SSH work with PGP keys?

6. Patches for SSH

• 6.1. Applying patches for SSH
• 6.2. Official patch distribution from SSH Communications Security
• 6.3. Other patch distributions

7. Troubleshooting SSH

• 7.1. Common compiling problems
• 7.1.1. Compiling fails with some error messages from the assembler.
• 7.1.2. The configure process cannot find xauth!
• 7.2. General troubleshooting tips
• 7.2.1. Ssh is doing wrong things for multi-homed hosts!
• 7.2.2. Ssh asks me for passwords despite .rhosts!
• 7.2.3. Why does ssh loop with "Secure connection refused'?
• 7.2.4. ssh hangs when forwarding multiple TCP connections.
• 7.2.5. I still see cleartext packages on the net when I run ssh!
• 7.2.6. I have problems with RSAREF, something to do with too many bits!
• 7.2.7. Connections are forwarded as root by ssh!
• 7.3. X11 Forwarding problems
• 7.3.1 ssh otherhosh xclient & does not work
• 7.3.2 ssh-agent does not work with rxvt!
• 7.3.3 X authorization always fails.
• 7.3.4 What does Warning: remote host denied X11 forwarding mean?
• 7.4. Linux
• 7.4.1 X11 forwarding does not work for an SCO binary with the iBCS2 emulator under Linux.
• 7.4.2 On Linux, compilation aborts with some error message about libc.so.4
• 7.5. Solaris
• 7.5.1 Compiling with Solaris 2.5 fails!
• 7.5.2 Ssh fails with "Resource temporarily unavailable" for Solaris
• 7.5.3 Sshd hangs under Solaris 2.5!
• 7.5.4 ssh-keygen dumps core on Solaris or SunOS
• 7.6. Other operating systems
• 7.6.1 ssh-keygen dumps core on Alpha OSF!
• 7.6.2 On HP-UX 9, X authorization sometimes fails.
• 7.6.3 Userid swapping is broken under AIX!

8. Getting support for SSH

• 8.1. Who provides support for SSH?
• 8.1.1. What groups can help me with the "free" versions?
• 8.1.2. How can I get commercial support for UNIX SSH?
• 8.2. So, I'm confused. If Datafellows sells Secure Shell, what does SSH Communications Security do?
• 8.3. SSH Mailing list
• 8.4. Tutorials
• 8.5. Web pages
• 8.6. Publications

9. The ever-popular miscellaneous section

• 9.1. Should I turn encryption off, for performance reasons?
• 9.2. Known security bugs with SSH
• 9.3. I don't like the commercial aspects of SSH.
• 9.4. Making SSH more transparent to users
• 9.5. Alternatives to SSH