The following descriptions are quoted or paraphrased from either the README or RFC files included with the source code package, Copyright (c) 1996 SSH Communications Security, Espoo, Finland.

16.1 What is SSH?

"SSH (Secure Shell) is a program to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It is intended as a replacement for rlogin, rsh, rcp, and rdist."

16.2 Features

"It provides strong authentication and secure communications over insecure channels. It closes several security holes (e.g., IP, routing, and DNS spoofing). All communications are automatically and transparently encrypted. RSA is used for key exchange, and a conventional cipher for encrypting the session. Encryption is started before authentication, and no passwords or other information is transmitted in the clear."

16.3 Quick Configuration

SSH includes many configuration options, including support for tcp_wrappers and complete replacement of the BSD remote commands. See the INSTALL file for custom configurations.

./configure  [ --with-libwrap --with-rsh=/usr/bin/rsh '--program-transform-name=s/^s/r/' ]
make all
make install
Check the server configuration in:  /etc/sshd_config
Check the client configuration in:  /etc/ssh_config
make-ssh-known-hosts <domainname>
eg: make-ssh-known-hosts world.std.com

16.4 Starting sshd

Add the command /usr/local/sbin/sshd/ to /etc/rc.d/rc.local/.

The following is quoted from the INSTALL file included with the source code package:

"The server is not started using inetd, because it needs to generate the RSA key before serving the connection, and this can take about a minute on slower machines. On a fast machine, and small (breakable) key size (< 512 bits) it may be feasible to start the server from inetd on every connection. The server must be given "-i" flag if started from inetd."

See the ssh (22) packet filtering rules in the firewall example above.