Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Encryption Announcements Privacy Security

OpenSSH Going Strong After 10 Years With Release of v5.3 249

Posted by timothy from the can't-even-speak-plainly dept.
An anonymous reader writes "OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. It encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions. Version 5.3 marks the 10th anniversary of the OpenSSH project."
This discussion has been archived. No new comments can be posted.

OpenSSH Going Strong After 10 Years With Release of v5.3 More

OpenSSH Going Strong After 10 Years With Release of v5.3

Comments Filter:

  • Re:I know I'm not alone in this... (Score:4, Informative)

    by e9th ( 652576 ) <e9th@[ ]odex.com ['tup' in gap]> on Thursday October 01, 2009 @10:33PM (#29613391)
    Please consider buying one or more of their so-ugly-they're-cute T-shirts. [openssh.org]

  • Re:but does it... (Score:2, Informative)

    by stinkytoe ( 955163 ) on Thursday October 01, 2009 @10:52PM (#29613483)
    Ditto for android.

  • Re:but does it... (Score:1, Informative)

    by Anonymous Coward on Thursday October 01, 2009 @11:11PM (#29613583)

    run on iPhone?

    It sure does. TouchTerm, for example, uses OpenSSH.
    http://jbrink.net/touchterm/

  • Re:but does it... (Score:3, Informative)

    by MichaelSmith ( 789609 ) on Thursday October 01, 2009 @11:36PM (#29613703) Homepage Journal

    run on iPhone?

    It sure does. TouchTerm, for example, uses OpenSSH.
    http://jbrink.net/touchterm/ [jbrink.net]

    Not the server though.

  • Re:Is OpenSSH still speed limited? (Score:5, Informative)

    by WuphonsReach ( 684551 ) on Friday October 02, 2009 @12:00AM (#29613801)
    Like the other poster, I've see 30-50 MB/s (300-500 Mbps) over a gigabit network when copying between boxes using scp. The limitations were more the frame size (not using jumbo frames on that network) along with the read/write speeds of the system on each end.

    So, it's no slouch and better then SMB/CIFS.

  • Re:How was life possible without it? (Score:5, Informative)

    by evilviper ( 135110 ) on Friday October 02, 2009 @12:53AM (#29613987) Journal

    The original OpenSSH implementation was based on Tatu's code.

    Yes it was. But Tatu's SSH was the old, insecure protocol.

    And there were many secure remote access tools before it. kerberized telnet, telnet/ftp over SSL, and limitless others.

    It's not the magical protocol (which is quite similar to SSL plus RSH/RCP), or the initial few lines of code that got it started. It's the fact that it was open, secure, widely available, and being pushed by the OpenSSH folks to be used as the default form of remote access on Unix systems.

    Tatu didn't have anything to do with it. He was too busy commercializing it, and repeatedly threatened, and then suing the OpenSSH project for all their hard work. If he had chosen to keep SSH open, we'd have been a LOT further along. As other posters correctly remember, support for SSH very nearly died with that step. Many programs included SSHv1 support, and then just stagnated and let the code rot. If not for OpenSSH, it would be another relic of secure telnet protocols tried and failed, not having gone anywhere, and we'd go merrily along, using telnet and rsh, bemoaning the fact that it's so insecure, and that nothing better ever came along.

  • Re:Thanks OpenBSD (Score:4, Informative)

    by Dadoo ( 899435 ) on Friday October 02, 2009 @01:24AM (#29614097) Journal

    I'd like to thank the OpenBSD project, as well, but I'd also like to point out a few issues.

    OpenSSH still won't work with certificates signed by a CA.

    OpenSSH doesn't allow an unencrypted connection (after authentication). Not all CPUs can encrypt/decrypt at 1Gbps.

    OpenSSH doesn't work - as advertised - with an exclamation point in a "Match" statement.

    Other than that, OpenSSH is possibly one of the most capable and reliable pieces of software I've ever had the privilege to use.

  • Re:i dont need ssh (Score:5, Informative)

    by Anonymous Coward on Friday October 02, 2009 @01:34AM (#29614143)

    For the young folk who are scratching their heads...

    http://www.bash.org/?244321 [bash.org]

  • rsync over SSH for backups (Score:5, Informative)

    by Cato ( 8296 ) on Friday October 02, 2009 @03:13AM (#29614475)

    One of the best things about SSH is rsync - you only need an SSH enabled login on a machine, with a copy of rsync, to be able to efficiently copy data with block-level incremental efficiency. Even better, there are excellent backup tools such as rsnapshot that build on rsync to store multiple versions of a file in the backup file tree, using hard links to avoid storing the same version twice - so every backup is a full backup in terms of easy recovery, but an incremental backup in terms of network and storage efficiency.

    See http://slashdot.org/comments.pl?sid=1371703&cid=29451267 [slashdot.org] for more about rsnapshot and friends.

  • Re:Is OpenSSH still speed limited? (Score:1, Informative)

    by Anonymous Coward on Friday October 02, 2009 @04:44AM (#29614759)

    In actual answer, no, the performance is not fixed at all, unfortunately. It is quite bad, for many cases. Fast networks are not the most significant problem - it is high-latency networks. A Boston-Seattle connection can be 100x slower than it should be, easily.

    A tweaked SSH client is enough to fix most of this, even without modifying the server. A tweaked server helps a little more. (Unfortunately again, both client and server in OpenSSH are rather antiquated in design, and quite awkward to make portable, instead of being installed to fixed paths systemwide.)

    I am surprised how many people will post without understanding the issue or having anything to contribute.

  • Re:I know I'm not alone in this... (Score:5, Informative)

    by TheRaven64 ( 641858 ) on Friday October 02, 2009 @06:55AM (#29615117) Journal
    OpenSSH is developed by OpenBSD. They accept PayPal donations via the link on this page [openbsd.org].

  • Re:Fast, Weak sshfs (Score:3, Informative)

    by TheRaven64 ( 641858 ) on Friday October 02, 2009 @07:14AM (#29615167) Journal
    NFS4 is starting to be quite well supported (Linux, Solaris, FreeBSD and - I think - OS X now implement it) and supports encryption. It uses a very different model to things like CIFS and SSHFS though. NFS is designed for sharing filesystems to computers, while CIFS and SSHFS are designed for sharing filesystems to users. This is a critical distinction. A user can mount a remote share using one of these protocols, with their own credentials, and use it. NFS (or AFS and derivatives) requires the administrator to set up the mounts and make sure authentication between the two machines (Kerberos or similar) works, but then it's completely transparent to users. The others are much easier for ad-hoc shares.

  • Re:Still no tunneling on OSX (Score:3, Informative)

    by TheRaven64 ( 641858 ) on Friday October 02, 2009 @07:33AM (#29615231) Journal
    The -w option creates a virtual network adaptor and forwards IP packets or Ethernet frames over it. If you use it in Layer 3 (IP) mode then it will forward TCP, UDP, SCTP, and any other IP protocol. If you use it in Layer 2 mode then it will also work with non-IP protocols, such as AppleTalk. -L and -R, in contrast, only work with TCP. Both of these support routing, so your client can connect to any arbitrary server on any port and have packets passed along the encrypted connection as the first hop. This allows you to set up a VPN quite trivially. For example, you can use ssh with -w between two machines in different LANs, configure forwarding between their tun device and their physical Ethernet device, and have things like AppleTalk printers on one LAN accessible to the other. p. A half-way step is -D, which sets up a SOCKS proxy on the client machine, forwarding connections to the server. This requires the client to support SOCKS proxies, but a lot of things do these days.

  • Re:Thanks OpenBSD (Score:3, Informative)

    by Chris Pimlott ( 16212 ) on Friday October 02, 2009 @07:47AM (#29615277)

    OpenSSH doesn't allow an unencrypted connection (after authentication). Not all CPUs can encrypt/decrypt at 1Gbps.

    I believe there is a compile-time option to include a noop cipher as a run-time option, it's just not included by default.

  • Re:Thanks OpenBSD (Score:3, Informative)

    by gad_zuki! ( 70830 ) on Friday October 02, 2009 @10:13AM (#29616417)

    >Not all CPUs can encrypt/decrypt at 1Gbps.

    FTPS does this. You can disable/enable encryption on the fly. I believe this functionality is disable in filezilla by default, but other servers support it.

Slashdot Top Deals

"Gravitation cannot be held responsible for people falling in love." -- Albert Einstein

Close