home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
linuxmafia.com 2016
/
linuxmafia.com.tar
/
linuxmafia.com
/
pub
/
linux
/
security
/
ssh-why-not.txt
< prev
next >
Wrap
Text File
|
2000-05-22
|
2KB
|
54 lines
WHY NOT TO USE ANY VERSION OF SSH
It's not _quite_ reasonable to dispose of SSH, the secure shell (and
other network functions) package -- but it's close.
The reference SSH 1.2.x code was released by its author, Tatu Ylonen,
under fairly free[1] licencing terms that explicitly classed most obvious
uses as "non-commercial" and permitted. It is still an essential
administration and communication tool for network servers, and is available
from primary ftp site ftp://ftp.cs.hut.fi/pub/ssh/, among other places.
SSH 2.x versions are being released under a severely restricted licence
by SSH Communications Security Ltd. of Finland -- with sharply
reduced support for encryption algorithms. It has been overwhelmingly
rejected and ignored by Internet sites. If implemented, the SSH v. 2
protocol supports fallback to v. 1.x for compatibility with 1.x-type
clients. (When last checked, that fallback mechanism was buggy.)
Both trees of SSH versions come in source and binary forms. 1.x has
patent encumbrances, specifically on the RSA algorithm (whose USA patent
expires September 20, 2000). Thus, 1.x comes in "international" and "US"
variants, where the "US" version substitutes a licenced (but slow and
limited) "RSAref" library for the reference RSA code.
Both the 1.x and 2.x families originate outside the USA, making USA export
restrictions inapplicable.
Commercial-use versions of SSH are available from Data Fellows, Ltd,
http://www.datafellows.com/.
Development of FREE-SOFTWARE VERSIONS of the ssh protocols is tracked
at http://www.net.lut.ac.uk/psst/. That page also has links to ssh-protocol
clients for many platforms.
LSH: This is the leading implementation, not quite ready for wide
adoption, but almost. Visit ftp://ftp.lysator.liu.se/pub/security/lsh/
or http://www.lysator.liu.se/~nisse/archive/.
[1] It's recently been noticed that ssh was actually under a truly
free licence through version 1.2.12. Although that version in itself
requires updating so it can be usable again, that is much easier than
writing a free ssh replacement from scratch. The OpenBSD Project
forked off a copy of ssh 1.2.12 as "ossh", stripped it of patented
algorithms (RSA and IDEA), and removed code covered by the GNU GPL
licence (since they prefer BSD-type licences). See:
http://www.OpenBSD.org/crypto.html#ssh
A Linux-compatible version of OpenSSH now exists, and is rapidly having
its rough spots removed. See: http://www.hands.com/~phil/debian/openssh/