On 02-May-01 Kurt Seifried wrote:
Hi,
looks like I didn't notice that SSH seems to be really commercial now. Is this right? Do I need to pay for it if I am still using it?
There are some exceptions however these are not in the actual license as far as I know, they are PR releases on the ssh.com website. I wouldn't completely trust it. In any event future usage is in question (remember, ssh used to be "free", Tatu sure has changed).
ssh by ssh.com/ssh.fi stems from the original authors of the (formerly free) software and provides ssh servers and clients for various OSs. Both the client and the server are free for personal/educational (non-commercial) use but have to be licensed in commercial environments.
Is OpenSSH a full-featured substitute for SSH? Are there major problems in configuration to expect if I try to deinstall SSH and go for OpenSSH?
Yes, actually many (myself included) would say that OpenSSH is better then SSH. OpenSSH for example has incorporated various security fixes in the older protocols that Commercial SSH has not, the reason for this is SSH communications wants to kill off the old protocols to sell more software.
To clarify this statement: There have been some security holes in SSH version 1, which should not be used anymore. AFAIK there are no real problems with version 2, neither in openssh nor in (commercial) ssh, apart from the usual man-in-the-middle thingy (dsniff et al.). I�m by far no strong supporter of either closed source or monopolistic attitudes, but I really don�t think that ssh Finland tries to "kill" anything; even the latest ssh version for both client and server includes backwards compatibility to ssh version 1 (if that is what you want to say concerning the "old protocols").
Something else to note: OpenSSH has grabbed a huge amount of market share and is growing. I know many many people using OpenSSH. Most SSH related articles I have read (and written =) use OpenSSH as the example and typically only mention commercial ssh as a footnote. I do not actually know of any company/etc using commercial ssh (if you are I'd like to know so I can claim I know at least one =).
You asked for it... Okay, we�re actually using the commercial version of ssh both for our servers and for our clients, for some reasons: 1.) I implemented ssh (version 1) years ago, updated to version 2 as soon as it was released, and don�t want to change now because of a serious backing of all of the ssh toolkit from our company and customers 2.) I am not convinced that openssh really is any better than ssh given the security leakages/problems discussed recently 3.) (Commercial-)ssh�s frontends for Win are much more useable than anything I�ve found in the open source/freeware community 4.) In the latest ssh server they�ve incorporated goodies like PAM authentication, Kerberos and more (don�t know wether openssh provides this though). However, commercial ssh licenses from ssh Finland are quite expensive, so openssh would be the way to go for a polished TCO... All of this should not damage openssh in any way. It is a good tool for secure authentication and can be happily recommended.
Marko
-Kurt
---
Boris Lorenz