The latest officially released version is is 1.2.20.
Ssh currently runs on UNIX or related systems, plus under OS/2. Ports have been successful to all "mainstream" UNIX systems. There are two versions for MS-Windows. There is a free beta version by Cedomir Igaly, which can be obtained from http://public.srce.hr/~cigaly/ssh or, preferably, from a mirror at ftp://hotline.pvt.net/pub/win_utils/winsock/ssh/ .
There's also a commercial version by Tatu Ylönen, the original author of ssh. There's also a beta version for the Mac, available from Datafellows.
The UNIX version of ssh 1.2.20 may be used and distributed freely, but must not be sold commercially as a separate product, as part of a bigger product or project, or otherwise used for financial gain without a separate license.
Earlier versions of ssh had a less restrictive license; see the file COPYING in the accompanying source distributions.
Tatu Ylönen's MS-Windows version of ssh is a commercial product, which requires licensing.
In some countries, particularly France, Russia, Iraq, and Pakistan, it may be illegal to use any encryption at all without a special permit.
If you are in the United States, you should be aware that, while ssh was written outside the United States using information publicly available everywhere, the US Government may consider it a criminal offence to export this software from the US once it has been imported, including putting it on a ftp site. Contact the Office of Defence Trade Controls if you need more information.
The algorithms RSA and IDEA, which are used by ssh, are claimed as patented in different countries, including the US. Linking against the RSAREF library, which is possible, may or may not make it legal to use ssh for non-commercial purposes in the US. You may need to obtain licenses for commercial use of IDEA; ssh can be configured to work without it. Ssh works perfectly fine without IDEA, however.
For more detail, refer to the file COPYING
in the ssh source
distribution.
For information on software patents in general, see the Leauge
for Programming Freedom's homepage at
http://lpf.org/
.
Ssh has been freely available in the Unix environment, and almost certainly will remain to be so in future.
Tatu Ylönen, the original author of ssh, has started a company, SSH
Communications Security Oy, that will provide commercial support and
licenses for ssh. This company is working together with Data Fellows,
who are the sole contact for licensing ssh. More information can be
found at
http://www.europe.datafellows.com/
and
http://www.ssh.fi/
.
The central site for distributing ssh is
ftp://ftp.cs.hut.fi/pub/ssh/
.
Official releases are PGP-signed, with the key ID
DCB9AE01 1995/04/24 Ssh distribution key <ylo@cs.hut.fi> Key fingerprint = C8 90 C8 5A 08 F0 F5 FD 61 AF E6 FF CF D4 29 D9The latest development version is available from
ftp://ftp.cs.hut.fi/pub/ssh/snapshots/
.
Ssh is also available via anonymous ftp from the following sites:
Get the file from a site near you, then unpack it with
gzip -c -d ssh-1.2.20.tar.gz | tar xvf -then change into the directory
ssh-1.2.20
, read the
file INSTALL
, and follow the directions in it.
You can install and run a ssh
binary, which you can use to
log into another system on which sshd
is running.
If you want to log in to the remote system without typing in your
password, you'll have to generate a private key in your home directory
using ssh-keygen
, then put your public key into
$HOME/.ssh/authorized_keys
.
You can also start up sshd
yourself as non-root, supplying
the -p
option so it binds to a non-privileged port (>1024),
and then connect from another system with ssh -p
. This will
only allow connections to your own account, and sshd
will, as
a rule, not be restarted when your machine reboots.
You will have to decide wether this is useful for you or not.
First of all, read the documentation, this document :-)
and the ssh home page, at
http://www.cs.hut.fi/ssh/
.
For users, there is an introduction at
http://www.tac.nyc.ny.us/~kim/ssh/
.
If these resources don't help, you can post to the Usenet
newsgroup comp.security.ssh
or send mail to the
gatewayed mailing list for ssh users at ssh@clinet.fi
.
To subscribe, send mail to majordomo@clinet.fi
with
subscribe sshin the body of the message.
Before subscribing, you might like to take a look at the archives
of the mailing list, at
http://www.cs.hut.fi/ssh/ssh-archive
.
Heikki Suonsivu (hsu@clinet.fi) and Michael Henits (moi@dio.com) each offered a US$ 100 reward for the first stable, freely redistributable version for either MS-Windows or MacOS.
There was a preliminary version for MS-Windows by Cedomir Igaly.
Unfortunately, it does not appear to be available any more.
You can try out archie; look for the filename
ssh-1-2-.zip
.
The commercial version by Tatu Ylönen, the original author of
ssh, is available from
http://www.europe.datafellows.com/f-secure/fssh-reg.htm
.
Bernt.Budde@udac.uu.se is working on a Mac port.
A port to VMS, by Mark Martinec (Mark.Martinec@nsc.ijs.si), is being worked on.
A port to OS/2 can be obtained from
ftp://ftp.cs.hut.fi/pub/ssh/os2/
.
There is a special mailing list for the OS/2 version of ssh.
To subscribe, send mail to majordomo@clinet.fi
with
subscribe ssh-os2in the body of the message.
The central problem of administering ssh is the management of host keys. To allow a client to connect to a remote host with RSA host authentication, the server needs to know the client's public key.
You can collect these automatically each night using either
make-ssh-known-hosts.pl
(distributed with the ssh source
distribution) or with the much faster ssh-keyscan
, from
ftp://cag.lcs.mit.edu/pub/dm/
(also available from
ftp://ftp.cs.hut.fi/ssh/contrib/
).
Thomas König has written a script to process output from one of
these utilities, check for new keys, warn about hosts which have
changed their keys (which could be an indication of a man in the
middle attack) and generate a complete new file. This script is
available from
http://www.uni-karlsruhe.de/~ig25/ssh-faq/comp-host-list
.
With these utilities, you can write scripts to verify public keys on a regular basis. When new machines are running ssh or people have changed public keys, you may want to contact the people in question directly, to make sure there were no man in the middle attacks (to which these utilities are vulnerable).
A fingerprint scheme (equivalent to PGP fingerprints) has been proposed to make this easier; it will probably be implemented in the next release.
Next Chapter, Previous Chapter
Table of contents of this chapter, General table of contents
Top of the document, Beginning of this Chapter