well i said i would write some more stuff so here it is
create a file called config in your .ssh folder in your /home dir and put the following in it
Host *
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p
Compression yes
Ciphers aes256-cbc,blowfish-cbc
what this does (if you didnt work it out already) is sets up the global options for every ssh connection (ie everything that has a hostname that matches *, see host *) if you want to create a config for a specific machine you connect to copy and paste this code again but rewrite the "host *" line to "host <yourhost addr>", this can be handy to seperate local and remote connections
a good example of this is
host 192.168.*
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p
Compression no #<<< note turning of commpresion for local coms
Ciphers aes256-cbc,blowfish-cbc
# for connecting to the Z, no compression (kills cpu) and a less cpu intensize algorithim, great for usbnet, in fact for that you could use almost on encryption
host zaurus # perhaps its better to specify an ip address here, ethier way you iwll have to change it to whatever your Z uses
ControlMaster auto
ControlPath ~/.ssh/master-%r@%h:%p
Compression no
Ciphers aes128-cbc,blowfish-cbc
there is some more info in "man ssh_config"
anyway back to the topic, control master is what allows resharing of an exsisting ssh connection, if you typed in a password and didnt set up public keys then this will automatically reuse an exsisting connection so you dont have to retype the password, ssh was designed to tunnel more than one connection over the one link, its how the shell and port fowarding are implemented at the same time
so now thatt we have the reusable connections bieng built and torn down on demand (the "auto" option) the next line is to tell ssh where to look for the connections, i belive it defaults to /tmp but i put it in my .ssh folder as i know its permissions are secure (only i can read and write) so i dont have to worry about permissions. may have problems with nfs but YMMV
i think compression=yes explains itself, requests compresion if the server supports it
and finally its tightening of the ciphers used by ssh, these are universial algorithms that every morden kernel ships with, i belive that if you had problems it would be with a comercial ssh server that dosent implement the cipehr or a windows ssh server (i am not sure what cipher spec they support)
for those intrested here is the default cipher spec in order of prefrence (letft to right)
‘‘aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,
arcfour256,arcfour,aes192-cbc,aes256-cbc,aes128-ctr,
aes192-ctr,aes256-ctr’’
note the 3des and other lower security settings .
basically its free security by turning on the harder to crack ciphers
thats all for today, next time it will be port fowarding with ssh and if i get it working "poor mans vpn: what to do with ssh and tap/tun or PPP"
if i ever get the server up i will show you how to set up openvpn as well