-
Notifications
You must be signed in to change notification settings - Fork 9
/
README
118 lines (83 loc) · 3.31 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
$Id: README,v 1.23 2008/10/02 18:53:54 turnstep Exp $
This is Net::SSH::Perl. It contains implementations of
both the SSH1 and SSH2 protocols.
PREREQUISITES
Protocol 1
* Math::GMP (1.04 or greater)
* String::CRC32 (1.2 or greater)
* Digest::MD5
* IO::Socket
* Crypt::IDEA
Protocol 2
* CryptX (0.032 or greater)
* Crypt::Curve25519 (0.05 or greater)
* IO::Socket
It optionally requires Digest::BubbleBabble for
generating bubble babble fingerprints.
INSTALLATION
Net::SSH::Perl installation is relatively straightforward. If
your CPAN shell is set up, you should just be able to do
% perl -MCPAN -e 'install Net::SSH::Perl'
If you don't like that, you can download the distribution; the
latest version on CPAN can be found at
https://metacpan.org/module/Net::SSH::Perl
Download it, unpack it, then build it as per the usual:
% perl Makefile.PL
% make && make test
Then install it:
% make install
USAGE NOTES
The goal for V2 was to implement the latest SSH features while
providing very secure defaults.
The following Ciphers are available but not enabled by default
for SSH2 connections:
- Legacy ciphers arcfour, blowfish, DES, DES3, IDEA, RC4
(All considered obsolete and insecure)
- AES in CBC mode
To enable AES256 in CBC mode, for example, pass the option:
'Ciphers +aes256-cbc' to Net::SSH::Perl->new().
The following Key Exchange (KEX) mechanisms are disabled by
default:
- diffie-hellman-group1-sha1
- diffie-hellman-group14-sha1
- diffie-hellman-group-exchange-sha1
One can enable via the "KexAlgorithms" option. For example:
'KexAlgorithms +diffie-hellman-group1-sha1'
The following MACs are disabled by default:
- hmac-md5
- hmac-sha1
One can enable via the "MACs" option. For example:
'MACs +hmac-sha1'
SAMPLES/TUTORIALS
Take a look at the scripts in eg/ for help and examples of
using Net::SSH::Perl.
* eg/cmd.pl is just a simple example of some of the
functionality in the module;
# eg/pssh is an ssh-like client for running commands on
remote servers and connecting to a shell on remote servers;
* eg/pscp is a very simple scp-like script;
* eg/pssh-keygen is, as you might guess, an implementation of
ssh-keygen in Perl, using the Net::SSH::Perl key libraries.
It contains almost all of the functionality in the OpenSSH
version of ssh-keygen.
* eg/remoteinteract.pl is an example of using register_handler
to interact with a remote (interactive) command.
Both pssh and pscp support a subset of the command line options
that the actual tools support; obviously, only those options
supported by Net::SSH::Perl are supported by the two scripts.
David Robins / [email protected]
Support for the following features by:
Lance Kinley / [email protected]
Diffie-Hellman Group 14, 16, and 18 Key Exchange
Diffie-Hellman Group Exchange
Curve25519 Key Exchange ([email protected])
AES Cipher support (aes256-ctr,aes192-ctr,aes128-ctr)
Chacha20-Poly1305 cipher support ([email protected])
hmac-sha2-256,hmac-sha2-512 MAC support
Encrypt-then-MAC (ETM) MAC support
Ed25519 key support, including encrypted keys that are enciphered
with supported crypto algorithms
ECDSA Elliptical Curve DSA key support: ecdsa-sha2-nistp256,
ecdsa-sha2-nistp384, ecdsa-sha2-nistp521
SHA2 RSA signature methods