Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
RE: [suse-security] ssh, kernel updates
  • From: Daniel Carroll <suse@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Thu, 15 Feb 2001 11:51:43 -0700
  • Message-id: <200102151856.LAA23612@xxxxxxxxxxxxxxxxxxxxx>
Roman Drahtmueller <draht@xxxxxxx> writes:
>
> > I'd like to see a response to Roman's comment about OpenSSH lacking
> > functionality and stability.
>
> I think I will have to give it another try. I was running backups (tar
> through an ssh stdio connection) through openssh, the version we had
> before 2.3.0p1 (don't remember it), and with two machines it crashed every
> once in a while. But as you said, things change rapidly in the open source
> community. Which makes me glad that I work with it.
>
> A brief question: Has anybody seen any problems like crashes, terminated
> connections or anything alike after some weeks of permanent connection, a
> few hundred megs running through it with all kinds of data, with thousands
> of connection forward attempts (both X11 as well as tcp ports) or
> anything like that with the latest openssh versions?

I've had problems with OpenSSH 2.3.0p1, but they're problems with
establishing connections, not with the connection flaking out after
it has successfully started.

(FWIW: the licensing for ssh-2.4.0 (from ssh.com) is less restrictive
than some of the previous versions of the ssh-2.x software. It's still
not free for everyone, but at least non-profit organizations can use it
without paying hefty fees.)

I've just started working with OpenSSH recently, so there may be some
configuration issues that I've just missed, but here are some of my
observations:

With regards to OpenSSH 2.3.0p1:
- Under some circumstances I could not get 'scp' to work. It was
always with a particular host (call it host A), and I'm guessing
that it had to do with a long banner message that was printed
when logging into this host. Anyway, scp would always fail with
a "protocol error: bad mode" message when connecting to this host.
For example:

user@hostB:~ > scp -v -v -v hostA:/etc/passwd .
Executing: program /usr/local/bin/ssh host hostA, user (unspecified), command scp -v -f /etc/
passwd
user@hostA's password:
protocol error: bad mode
user@hostB:~ > Write failed flushing stdout buffer.
Sending file modes: C0644 266430 passwd
write stdout: Broken pipe

- There are some interoperability issues between the ssh.com version of
scp (version 2.4.0) and the one in OpenSSH: I can't use scp from
the ssh.com version to connect to the OpenSSH version of scp,
though I can connect in the other direction fine.

- It appears that the "RhostsRSAAuthentication" option for authentication
is not available when using the ssh 2.0 protocol (though it does work
with the 1.5 protocol). This appears to be a "working as designed"
issue.

- And one non-Linux issue: the SIA authentication for the Dec OSF/1
version of unix doesn't work (I had to do modify some of the source
code in OpenSSH to get it to work).

- Dan (Daniel Carroll)


< Previous Next >
References