This file contains instructions for getting ssh to run
on the SecureEdge.

SSHD - the server
=================

Sshd runs out of inetd.  All the necessary configuration for this is
performed automatically by the build environment.

The sshd_config file is installed into the unit.  This should be examine
and possibly edited so it corresponds to what is desired.

Also note that it uses /etc/config/passwd, and /etc/config/group so you
might want to get this stuff going appropriate using tinylogin. I haven't
got the server configured to use shadow groups simply because uClinux
does not support shadow passwords. Also for the SecureEdge, anybody that
logs on has to be root.  In this case creating shadow passwords is a bit
of a waste of time.  The romfs build procedure includes both of these
files with a single "root" entry defined.

The ssh_host_dsa_key and ssh_host_key files must have modes of 400 or 600.
If the ssh-keygen program is installed, these keys will be created at
boot time.  This does take a little time, especially for the DSA key.
The other key is generated first to allow earlier (and probably less
safe) connections.  If the key generation program is not enabled,
these key files will have to be manually inserted into the unit.
Of course, key generation can be enabled, the unit booted, the flash
file system saved (sync or sync -f) and the key generation disabled
(edit /etc/config/start).  This will produce random key files for the
unit that persist between reboots.  Alternatively, keys can be generated
on the host system if the necessary software is installed.


Bugs:

The server takes a long time to respond to connection requests.  This is
because a new encryption key has to be generated and doing so involves
working with some very large numbers in fairly complex ways.  Reducing the
length of the session encryption keys will help reduce this wait but it
will also decrease the effectiveness of the package significantly.

A final invalid packet is sent (or maybe only received by the client)
when ssh
v2 is disconnected.

SSH - The client
================
Simply copy it into the box.  Make sure that any user that you want
to have using the client is defined in /etc/config/passwd.  Once again
tinylogin allows you to play with login names etc.

I copied in the ssh_config file to get it working, although I don't
think that this is actually required.  This copying is done during the
rom file system build process.

Any comments, etc send them to matthewn@lineo.com.