SSH works by the exchange and verification of information, using public and private keys, to identify hosts and users. The ssh-keygen command creates a directory ~/.ssh and files that contain your authentication information, The public key is stored in ~/.ssh/identity.pub and the private key is stored in ~/.ssh/identity/. Share only your public key. Never share your private key.

I upgraded to OpenSSH 3.1 and X11 forwarding stopped working. Starting with OpenSSH 3.1, the sshd x11 forwarding server listens on localhost by default; see the sshd X11UseLocalhost option to revert to prior behaviour if your older X11 clients do not function with this configuration. In general, X11 clients using X11 R6 should work with the default setting. Some vendors, including HP, ship X11 clients with R6 and R5 libs, so some clients will work, and others will not work. See similar questions...

The reason why .shosts authentication does not work by default in more recent versions of FreeBSD is because ssh(1) is not installed suid root by default. To ''fix'' this, you can do one of the following: a temporary fix, change the mode on /usr/bin/ssh to 4555 by running chmod 4555 /usr/bin/ssh as root. Then add ENABLE_SUID_SSH= true to /etc/make.conf so the change takes effect the next time make world is run. See similar questions...

SSH 2.3 and earlier versions contain a flaw in their HMAC implementation. Their code was not supplying the full data block output from the digest, and instead always provided 128 bits. For longer digests, this caused SSH 2.3 to not interoperate with OpenSSH. OpenSSH 2.2.0 detects that SSH 2.3 has this flaw. Recent versions of SSH will have this bug fixed. Or you can add the following to SSH 2.3 sshd2_config. See similar questions...

SSH is similar to telnet, but it's more secure. It uses high level encryption and compression to make sure nobody can takeover or eavesdrop on your telnet session. Most hosts no longer allow Telnet for security reasons. See similar questions...

The symptom: there is a long delay between the time the TCP connection is established and the time when the client software asks for a password (or, in telnet(1)'s case, when a login prompt appears). The problem: more likely than not, the delay is caused by the server software trying to resolve the client's IP address into a hostname. See similar questions...

If you ssh directly into the TeraFlop LAN from your own LAN, you should not need to set the DISPLAY variable. If you are remotely logged into your LAN, and want to export the display, you will need to set the DISPLAY variable before executing ssh. See similar questions...

You may have to use a different absolute pathname, whatever the location of imapd on your mailserver is. This option tells fetchmail that instead of opening a connection on the server's port 143 and doing standard IMAP authentication, fetchmail should ssh to the server and run imapd, using the more secure ssh authentication (as well as getting ssh's end-to-end encryption). Most IMAP daemons will detect that they've been called from the command line and assume the connection is preauthenticated. See similar questions...

SSH/SCP applications are based on keys of individual computers to realize the encryption. Doing ssh or scp to andrew.cmu.edu or unix.andrew.cmu.edu (that are not individual computers, but generic name for a pool of computers) will use one computer in the pool (say unix3.andrew.cmu.edu) for the connection. Next time ssh is used to the same andrew.cmu.edu, the connection is done to another computer in the pool having another key. See similar questions...

Zanfel works safely into the dermal layer of your skin, binds to the urushiol oil, and, when rinsed off, takes the oil with it down the drain. See similar questions...