OpenSSH Turns Five Years Old 146
heydrick writes "The OpenSSH project is five years old. Project member Damien Miller
writes, 'Five years ago, in late September 1999, the OpenSSH project was started. It began with an audit, cleanup and update of the last free version of Tatu Ylonen's legacy ssh-1.2.12 code. The project quickly gathered
pace, attracting a portability effort and, in early 2000, an independent
implementation of version 2 of the SSH protocol. Since then, OpenSSH
has led in the implementation of proactive security techniques such as
privilege separation & auto-reexecution.' Yaa for OpenSSH."
This story turns 8 months old (Score:5, Informative)
5 years since the first *release* (Score:5, Informative)
5 years since OpenSSH 2.0 (Score:4, Informative)
Re:What? (Score:3, Informative)
That marked the OpenSSH 1.2.2 release, which was shipped with OpenBSD 2.6 in December 1, 1999.
Further...
With the OpenBSD 2.6 release out of the way, Markus Friedl decided to pursue SSH 2 protocol support. Slaving away for months, he managed to keep OpenSSH slim and lean, while at the same time managing to turn it into a single piece of software that could do both the SSH 1 and SSH 2 protocols. This version, called OpenSSH 2.0, shipped with OpenBSD 2.7 on June 15, 2000.
That would make it over five years old, much older if you count the groundwork laid with OSSH, and 2.0 is coming up on its fifth birthday.
I use ports of it with public key authentication on Windows and Linux. I salute the people who've worked so hard on making and keeping this going. OpenSSH is at the top of my "must have working or it's a no-go" list of tools for remote access and security.
Re:Ettercap team claim SSH / SSL is easy crackable (Score:1, Informative)
They are also trying to get publicity. (Score:5, Informative)
OpenSSH (Score:3, Informative)
So hats off to OpenSSH, y'all. :)
SSH is wonderful, and yet users still don't get it (Score:3, Informative)
I love ssh. I use it everyday.
Where I used to work (I quit 2 months ago) it was a contant battle to get users to use ssh instead of telnet. Yes, that's right, telnet. When I first started working there, a little over a year ago, I was shocked to discover that thousands (no exageration) of developers were still using telnet to access unix hosts.
When I asked my manager about this, his explanations ranged from "that is how they have always worked" to "some of them just don't know how to use ssh."
When I spoke to the users themselves they just could not understand what is wrong telnet.
Of course, I should point out that this is also a company that suffered a massive data theft (something like 90,000 email addresses) last year...
Re:Cool... (Score:1, Informative)
If you use public-key authentication (and users don't have r/w access to the ~/.ssh/authorized_keys file, you can put restrictions on what each key can forward to.
Re:auto-reexecution? (Score:5, Informative)
From the Changelog for OpenSSH 3.9:
Hope this helps. :)
Re:Cool... (Score:3, Informative)
therefore you should be able to control them with iptables user matching
Re:Ettercap team claim SSH / SSL is easy crackable (Score:2, Informative)
Re:Ettercap team claim SSH / SSL is easy crackable (Score:4, Informative)
256 bit AES use 14 rounds with a 128 bit key in each round. Rather than generating the 1792 bit keyschedule from the 256 bit key, you could just use a 1792 bit key. The speed would be the same as 256 bit AES. But don't expect it to be much more secure.
Most likely the cipher isn't the weakest point anyway. If you want to have 256 bits of entropy in your password you need aproximately 42 random characters.