OpenSSH Going Strong After 10 Years With Release of v5.3 249
An anonymous reader writes "OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. It encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions. Version 5.3 marks the 10th anniversary of the OpenSSH project."
Re:I know I'm not alone in this... (Score:4, Informative)
Re:but does it... (Score:2, Informative)
Re:but does it... (Score:1, Informative)
run on iPhone?
It sure does. TouchTerm, for example, uses OpenSSH.
http://jbrink.net/touchterm/
Re:but does it... (Score:3, Informative)
run on iPhone?
It sure does. TouchTerm, for example, uses OpenSSH.
http://jbrink.net/touchterm/ [jbrink.net]
Not the server though.
Re:Is OpenSSH still speed limited? (Score:5, Informative)
So, it's no slouch and better then SMB/CIFS.
Re:How was life possible without it? (Score:5, Informative)
Yes it was. But Tatu's SSH was the old, insecure protocol.
And there were many secure remote access tools before it. kerberized telnet, telnet/ftp over SSL, and limitless others.
It's not the magical protocol (which is quite similar to SSL plus RSH/RCP), or the initial few lines of code that got it started. It's the fact that it was open, secure, widely available, and being pushed by the OpenSSH folks to be used as the default form of remote access on Unix systems.
Tatu didn't have anything to do with it. He was too busy commercializing it, and repeatedly threatened, and then suing the OpenSSH project for all their hard work. If he had chosen to keep SSH open, we'd have been a LOT further along. As other posters correctly remember, support for SSH very nearly died with that step. Many programs included SSHv1 support, and then just stagnated and let the code rot. If not for OpenSSH, it would be another relic of secure telnet protocols tried and failed, not having gone anywhere, and we'd go merrily along, using telnet and rsh, bemoaning the fact that it's so insecure, and that nothing better ever came along.
Re:Thanks OpenBSD (Score:4, Informative)
I'd like to thank the OpenBSD project, as well, but I'd also like to point out a few issues.
OpenSSH still won't work with certificates signed by a CA.
OpenSSH doesn't allow an unencrypted connection (after authentication). Not all CPUs can encrypt/decrypt at 1Gbps.
OpenSSH doesn't work - as advertised - with an exclamation point in a "Match" statement.
Other than that, OpenSSH is possibly one of the most capable and reliable pieces of software I've ever had the privilege to use.
Re:i dont need ssh (Score:5, Informative)
For the young folk who are scratching their heads...
http://www.bash.org/?244321 [bash.org]
rsync over SSH for backups (Score:5, Informative)
One of the best things about SSH is rsync - you only need an SSH enabled login on a machine, with a copy of rsync, to be able to efficiently copy data with block-level incremental efficiency. Even better, there are excellent backup tools such as rsnapshot that build on rsync to store multiple versions of a file in the backup file tree, using hard links to avoid storing the same version twice - so every backup is a full backup in terms of easy recovery, but an incremental backup in terms of network and storage efficiency.
See http://slashdot.org/comments.pl?sid=1371703&cid=29451267 [slashdot.org] for more about rsnapshot and friends.
Re:Is OpenSSH still speed limited? (Score:1, Informative)
In actual answer, no, the performance is not fixed at all, unfortunately. It is quite bad, for many cases. Fast networks are not the most significant problem - it is high-latency networks. A Boston-Seattle connection can be 100x slower than it should be, easily.
A tweaked SSH client is enough to fix most of this, even without modifying the server. A tweaked server helps a little more. (Unfortunately again, both client and server in OpenSSH are rather antiquated in design, and quite awkward to make portable, instead of being installed to fixed paths systemwide.)
I am surprised how many people will post without understanding the issue or having anything to contribute.
Re:I know I'm not alone in this... (Score:5, Informative)
Re:Fast, Weak sshfs (Score:3, Informative)
Re:Still no tunneling on OSX (Score:3, Informative)
Re:Thanks OpenBSD (Score:3, Informative)
OpenSSH doesn't allow an unencrypted connection (after authentication). Not all CPUs can encrypt/decrypt at 1Gbps.
I believe there is a compile-time option to include a noop cipher as a run-time option, it's just not included by default.
Re:Thanks OpenBSD (Score:3, Informative)
>Not all CPUs can encrypt/decrypt at 1Gbps.
FTPS does this. You can disable/enable encryption on the fly. I believe this functionality is disable in filezilla by default, but other servers support it.