Date: Fri, 11 Apr 2014 07:02:03 -0700 (PDT) From: Dru Lavigne <dru.lavigne@att.net> To: Benjamin Kaduk <kaduk@MIT.EDU> Cc: "svn-doc-head@freebsd.org" <svn-doc-head@freebsd.org>, "svn-doc-all@freebsd.org" <svn-doc-all@freebsd.org>, "doc-committers@freebsd.org" <doc-committers@freebsd.org> Subject: Re: svn commit: r44520 - head/en_US.ISO8859-1/books/handbook/security Message-ID: <1397224923.21440.YahooMailNeo@web184904.mail.gq1.yahoo.com> In-Reply-To: <alpine.GSO.1.10.1404101449340.21026@multics.mit.edu> References: <201404101805.s3AI5XFJ061345@svn.freebsd.org> <alpine.GSO.1.10.1404101449340.21026@multics.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
=0A=0A=0A=0A----- Original Message -----=0A> From: Benjamin Kaduk <kaduk@MI= T.EDU>=0A> To: Dru Lavigne <dru@freebsd.org>=0A> Cc: doc-committers@freebsd= .org; svn-doc-all@freebsd.org; svn-doc-head@freebsd.org=0A> Sent: Thursday,= April 10, 2014 3:04 PM=0A> Subject: Re: svn commit: r44520 - head/en_US.IS= O8859-1/books/handbook/security=0A> =0A> On Thu, 10 Apr 2014, Dru Lavigne w= rote:=0A> =0A>> Modified: head/en_US.ISO8859-1/books/handbook/security/cha= pter.xml=0A>> =0A> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A>> --- head/en_US.ISO8859-1/books/handboo= k/security/chapter.xml=A0=A0=A0 Thu Apr 10 =0A> 16:57:57 2014=A0=A0=A0 (r44= 519)=0A>> +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml=A0= =A0=A0 Thu Apr 10 =0A> 18:05:32 2014=A0=A0=A0 (r44520)=0A>> @@ -2464,34 +2= 469,39 @@ =0A> racoon_enable=3D"yes"</programlisting>=0A>> =A0=A0=A0 <seco= ndary>client</secondary>=0A>> =A0 =A0 =A0 </indexterm>=0A>> =0A>> -=A0 = =A0 =A0 <para>To use &man.ssh.1; to connect to a system running=0A>> -=A0= =A0=A0 &man.sshd.8;, specify the username and host to log=0A>> -=A0=A0=A0 = into:</para>=0A>> +=A0 =A0 =A0 <para>To log into a <acronym>SSH</acronym> = server, =0A> use=0A>> +=A0=A0=A0 <command>ssh</command> and specify a user= name that exists =0A> on=0A>> +=A0=A0=A0 that server and the <acronym>IP</= acronym> address or =0A> hostname=0A>> +=A0=A0=A0 of the server.=A0 If thi= s is the first time a connection has=0A>> +=A0=A0=A0 been made to the spec= ified server, the user will be prompted=0A>> +=A0=A0=A0 to first verify th= e server's fingerprint:</para>=0A> =0A> There are a few cases where the use= r will not be prompted to verify the =0A> server's fingerprint on the first= connection (and also some where the user =0A> will be prompted on not-the-= first connection).=A0 They are probably uncommon =0A> enough that we don't = need to document them, but for the record, the ones I =0A> can think of are= :=0A> =0A> Successful GSSAPIKeyExchange will avoid the need for a prompt=0A= > =0A> VerifyHostKeyDNS in ssh_config in combination with SSHFP records fro= m =0A> DNSSEC can be configured to validate the key without prompting the u= ser=0A> =0A> If there is a software upgrade on either client or server such= that the =0A> negotiated key-exchange algorithm changes (e.g., from RSA to= ECDSA), the =0A> user will be re-prompted for the new key, even though an = old key for a =0A> different mechanism is saved.=0A> =0A>> +=A0 =A0 =A0 <p= ara>Since the fingerprint was already verified for this =0A> host,=0A>> += =A0=A0=A0 the server's key is automatically checked before prompting for=0A= >> +=A0=A0=A0 the user's password.</para>=0A>> +=0A>> +=A0 =A0 =A0 <para= >The arguments passed to =0A> <command>scp</command> are similar to=0A>> += =A0=A0=A0 <command>cp</command>.=A0 The file or files to copy is the =0A> f= irst=0A> =0A> It is probably worth noting a glaring discrepancy between scp= (1) and =0A> cp(1)'s arguments, here, namely with respect to recursive copi= es.=A0 scp =0A> takes -r, but cp takes -R.=0A> =0A>> +=A0=A0=A0 argument a= nd the destination to copy to is the second.=A0 Since the file=0A>> +=A0= =A0=A0 is fetched over the network, one or more of the file=0A>> =A0=A0=A0= arguments takes the form=0A>> =A0=A0=A0 =0A> <option>user@host:<path_t= o_remote_file></option>.</para>=0A>> =0A> [...]=0A>> +=A0 =A0 =A0 =A0 <= para>Instead of using passwords, a client can be configured=0A>> +=A0=A0= =A0 =A0 to connect to the remote machine=0A>> +=A0=A0=A0 =A0 using keys in= stead of=0A>> +=A0=A0=A0 =A0 passwords.=A0 To generate <acronym>DSA</acron= ym> or=0A> =0A> "instead of [using] passwords" is duplicated in this senten= ce.=0A=0A=0AThanks! See r44530 and r44521.=0A=0ACheers,=0A=0ADru=0A
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1397224923.21440.YahooMailNeo>