Hey All, just need some comments on the following: 1. I've checked the ftp.suse.de for SSH in sec1 dir and did not find it ..i however found updates for OpenSSH ..is there any difference b/w the two besides one being commercially free ..are they the similar functionality wise? ...and I'm assuming that i can install the updates even tho i dont have the previous version. 2. If i do decide to use the SSH source ...there's an option on the ./configure --disable-suid-ssh ..is this practical and does it have any security implications? 3. Finally, is there any other security considerations one should take in terms of configuration if one decide to use the source instead of a precompiled rpm? This is for a SuSE 6.4 system btw ...thanks for any input =) cheerios, Draven Loving
1. I've checked the ftp.suse.de for SSH in sec1 dir and did not find it ..i however found updates for OpenSSH ..is there any difference b/w the two besides one being commercially free ..are they the similar functionality wise? ...and I'm assuming that i can install the updates even tho i dont have the previous version. The reason for the existance of OpenSSH but not SSH is that there had been a security hole in OpenSSH. Goto ftp://ftp.gwdg.de/pub/linux/suse/ e.g. 6.4/suse/sec1/ for SSH. OpenSSH has some things linke X-forward and auth forward disabled per default, moreover some encryption methodes cannot be used due to license issues. (If I recall correctly, you need OpenSSL additionally to OpenSSH, since
Hi, this package contains the crypto stuff.) OpenSSH 2 supports also the SSH 2.0 protocols (minus sftp), but I think it is only in SuSE 7.0 available. Question to SuSE: Will it be possible to release a SSH-2-RPM -- Now that the licence has changed? See: http://www.ssh.com/about/press/release15082000.html (For cross compatibility with other systems it should(?) still make sense to ship SSH 1.x since it is freer) Tobias
hi tobias, hi all seems You are pritty much into openSSH. i'm starting going into right now, so i've got some questions, too. I startet directly with the sources of openSSL and openSSH, compiled them and tried to connect from Windows Clients with different tools (for example the Windows-tools by F-SECURE). Now what happend is, i can connect only by ssh, but NOT by scp - which is - as far as i understand -, is different from sftp, and for that reason should work with openSSH. -- Attila Vidék RegioInformation GmbH & Co. KG Eupener Str. 161 A 50933 Koeln Fon: +49 221 949881-85 Fax: +49 221 949881-66 http://city-guide.de http://express.de http://ksta.de http://rundschau-online.de
hi tobias, hi all
seems You are pritty much into openSSH. i'm starting going into right now, so i've got some questions, too. I startet directly with the sources of openSSL and openSSH, compiled them and tried to connect from Windows Clients with different tools (for example the Windows-tools by F-SECURE). Now what happend is, i can connect only by ssh, but NOT by scp - which is - as far as i understand -, is different from sftp, and for that reason should work with openSSH.
There are some minor glitches in the scp program - one of them has been
fixed in SuSE-7.0's version of the ssh package (it's about the client scp
reading junk at the beginning of the connection from the shell started on
the remote side and not obeying to the own protocol. Seems that the same
paroblem also exists on the sending side...). Those problems never got
fixed because usually only tcsh users notice them.
openssh's scp program may suffer from the same defects.
The problems as mentioned are not security related.
Thanks,
Roman.
--
- -
| Roman Drahtmüller
Hi!
The reason for the existance of OpenSSH but not SSH is that there had been a security hole in OpenSSH. Goto ftp://ftp.gwdg.de/pub/linux/suse/ e.g. 6.4/suse/sec1/ for SSH. OpenSSH has some things linke X-forward and auth forward disabled per default, moreover some encryption methodes cannot be used due to license issues. (If I recall correctly, you need OpenSSL additionally to OpenSSH, since this package contains the crypto stuff.)
Both ssh and openssh work independently from openssl.
OpenSSH 2 supports also the SSH 2.0 protocols (minus sftp), but I think it is only in SuSE 7.0 available.
This is right. openssh was version 1.2.3 in SuSE-6.4, it is version 2.1.1p1 in 7.0.
Question to SuSE: Will it be possible to release a SSH-2-RPM -- Now that the licence has changed? See: http://www.ssh.com/about/press/release15082000.html
The license for distributors requires additional agreements, as compared to the individual commercial and non-commercial license. The status is SYN_WAIT. We hope to be able to distribute the package with 7.1, but please understand that the license may easily keep us from doing so. Did somebody test the software already?
(For cross compatibility with other systems it should(?) still make sense to ship SSH 1.x since it is freer)
ssh-1.2.x has proven to be reliable and fast, yes. Many people are using
it for backups and things like that, so that newer versions have to prove
these qualities.
Thanks,
Roman.
--
- -
| Roman Drahtmüller
participants (4)
-
Attila Vidék -
Draven Loving -
Roman Drahtmueller -
Tobias Burnus