Forgot your password?

Close
typodupeerror
Encryption Announcements Privacy Security

OpenSSH Going Strong After 10 Years With Release of v5.3 249

Posted by timothy
from the can't-even-speak-plainly dept.
An anonymous reader writes "OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. It encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions. Version 5.3 marks the 10th anniversary of the OpenSSH project."
This discussion has been archived. No new comments can be posted.

OpenSSH Going Strong After 10 Years With Release of v5.3 More

OpenSSH Going Strong After 10 Years With Release of v5.3

Comments Filter:

  • I remember switching to openSSH. (Score:5, Interesting)

    by Vellmont (569020) on Thursday October 01 2009, @11:34PM (#29613687)

    It was likely not far after openSSH became available, and the original SSH was starting to get less and less friendly. The great thing about SSH is is all started out free and open. Early on it was experimental (though very cool). This later changed when the original SSH became commercialized, and the licensing started closing up (thus my switching to openSSH). This was back in the days when an ssh client was something you had to hunt around for and much of the time all that was available was cruddy ssh1 clients.

    We've come a long way since then. These days putty and SCP are available for any platform. I haven't even thought about the original ssh from Tatu for years, though I certainly used it so many years ago.

  • Re:Is OpenSSH still speed limited? (Score:3, Interesting)

    by 0123456 (636235) on Thursday October 01 2009, @11:51PM (#29613763)

    Yeah, scp gets about 55MB/sec between Linux systems at work with gigabit LAN.

  • Re:Thanks OpenBSD (Score:5, Interesting)

    by JackieBrown (987087) <dbroome@gmail.com> on Friday October 02 2009, @12:18AM (#29613857)

    What is interesting is how secure and easy it is to use.

    I use it with fuse to mount my networked partitions. It involved no work and the fact that it is secure is just a bonus since there is no noticable speed loss for my transfers

  • Fast, Weak sshfs (Score:3, Interesting)

    by Doc Ruby (173196) on Friday October 02 2009, @12:43AM (#29613951) Homepage Journal

    I find sshfs to be a much easier to use ad-hoc network fileystem mounter than the other popular alternatives. And it's secure by default.

    But it's too secure. Or rather, there are scenarios in which the network transfer doesn't need the ssh security, but encrypting it takes too long (or too much CPU from other tasks, especially on dinky embedded network devices). Is there a way to force sshfs to use a much less compute intensive encryption, or maybe even a null crypto module? Without hacking the source directly, that is - like an execution option, a compile option, a config rule, etc.

  • Re:License (Score:3, Interesting)

    by rtfa-troll (1340807) on Friday October 02 2009, @02:39AM (#29614353)

    Businesses really hate that viral open source thing in the GPL

    You seem to think that we're on some ideological crusade to take over everything. In the real world, we just don't care at all about anything which is not "core business". The GPL is an excellent thing since we can give back source code without much need to think. The business justification is one check box (because we have to) rather than weeks of meetings about whether this feature is strategic. When you somehow end up giving away a feature to a GPL app, you know that even if the competition gains the same, they still have to make any fixes they make available to other people.

    Speaking for most "businesses" everywhere.

  • Re:License (Score:3, Interesting)

    by rohan972 (880586) on Friday October 02 2009, @03:56AM (#29614593)
    The constant pissing match between GPL and BSD advocates is a bit silly IMO. It seems to me (not being a programmer but being a user of BSD and GPL licensed software) that each licence is appropriate for difference circumstances, according to the desires of the author.

    It's like arguing that knives are superior to forks, so I only eat with knives! Licenses are a tool, each suitable for it's purpose.

    I don't agree that the GPL "childishly punishes" anyone, nor that it is viral. It is copyright that provides the "virality" (virusness?), not the GPL, and even BSD has the requirement of attribution making it just as viral (through copyright) though with less onerous conditions.

  • Still no tunneling on OSX (Score:3, Interesting)

    by chrysalis (50680) on Friday October 02 2009, @04:04AM (#29614625) Homepage

    Unfortunately, on OSX, while the option (-w) is documented, OpenSSH still doesn't support tunneling, even after installing tuntap.

  • Re:How was life possible without it? (Score:5, Interesting)

    by Anonymous Coward on Friday October 02 2009, @04:26AM (#29614711)

    Version 2 of the SSH protocol was also developed by Tatu YlÃnen and his company SSH Communication Security. It was just that they when they made the new, improved protocol they also switched to a proprietary license with SSH v2. It took a couple of years before the OpenBSD folks had developed the open source SSH v1 code to the point where it supported all features of the SSH v2 protocol. The two implementations of v2 still aren't fully compatible on client-side stuff like key storage, but nowadays it is the proprietary SSH that is considered the odd one out.

    I don't consider Tatu YlÃnen here as a bad guy. What he has given to the world free of charge is 1) the SSH v1 protocol specification, 2) the SSH v1 open source implementation, and 3) the SSH v2 protocol specification. On top of that he has managed to make a living off of the SSH v2 code, and he certainly has the right to do that.

  • Beware of Linux-induced vulnerabilities (Score:3, Interesting)

    by fialar (1545) on Friday October 02 2009, @04:35AM (#29614733)

    http://lwn.net/Articles/354891/ [lwn.net]

    Otherwise, OpenSSH is fantastically secure. :)

  • Does it run... (Score:3, Interesting)

    by Aladrin (926209) on Friday October 02 2009, @06:54AM (#29615113)

    Yes but, does it run on Windows 7?

    I tried installing sshwindows on Win7 the other day and the service wouldn't start. As far as I can tell, openssh has never officially supported Windows and never will.

    Sure, it's useful for 'nix to 'nix connections, but I need my Windows PC in on the action, too.

  • Re:tunneling (Score:3, Interesting)

    by TheRaven64 (641858) on Friday October 02 2009, @07:23AM (#29615197) Journal
    There are a few features in ssh related to that that a lot of people seem to be completely unaware of. The -D option runs a SOCKS4/5 proxy on a given port, which can dynamically forward things for you. As long as your client app supports SOCKS proxies, it will work transparently through this, forwarding ports as required. The -w option lets you set up the tun(4) device for forwarding. You can use this to forward at the IP or Ethernet layer. It gives you a virtual network device that forwards every frame or packet (depending on whether it's L2 or L3) to the matching interface on the other machine. You can use this to set up VPNs quite easily.

  • Sure. (Score:3, Interesting)

    by Pegasus (13291) on Friday October 02 2009, @07:34AM (#29615243) Homepage

    Install cygwin or Microsoft'w own SFU (services for unix). They give you sshd under windows, init scripts, NFS mounting etc. SFU is actually based on openbsd userspace.

  • 10 years and still no smart card/pkcs#11 support! (Score:1, Interesting)

    by Anonymous Coward on Friday October 02 2009, @08:30AM (#29615457)

    OpenSSH is nice, but how come there is no way to use anything else than software keys in a sensible manner with OpenSSH? Hardware tokens, HSM accelerators, smart cards? Where is PKCS#11 support in OpenSSH?

    Shame, especially because there are patches available for years to do this. Check out https://bugzilla.mindrot.org/show_bug.cgi?id=1371

  • Re:Thanks OpenBSD (Score:4, Interesting)

    by Hatta (162192) * on Friday October 02 2009, @10:04AM (#29616299) Journal

    OpenSSH provides a lot more than just security. Sometimes I'd just like it to forward X over my LAN. In that case, encryption is completely unnecessary. Yeah, I could do it the old fashioned way, but it's been so long I've forgotten how.

  • Re:tunneling (Score:1, Interesting)

    by Anonymous Coward on Friday October 02 2009, @11:07AM (#29616993)

    However, that will be VPN over TCP which has many bad performance corner cases. Setting up OpenVPN securely, while different concepts to learn, is not really any more difficult than setting up OpenSSH VPNs securely. And OpenVPN has proper tunneling over UDP so you do not get those strange corner cases like application UDP or TCP congestion control stalling on top of the tunnel's TCP congestion control.

A CONS is an object which cares. -- Bernie Greenberg.