Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSH Now Supports SSH2

Posted by jamie on from the coolness dept.

Anonymous Coward writes: "The OpenSSH project released version 2.1 earlier this month. It now supports the SSH2 protocol. SSH2 is regarded by many as a more secure protocol (but was for a long time only supported in a restricted license implementation)." Nice work, guys. I'm downloading the source, I'm buying a T-shirt, life is good.

11 of 49 comments (clear)

  1. Number two. by nazerim · · Score: 3

    Are you sure? Or do you want to catch the /. kiddies out in not being too knowledgeable?

    >Number two is that scp2 doesn't quite work, because it uses a proprietary protocol, although you can use scp1 over ssh2 fine.

    scp uses ssh to transfer files. ssh supports the version 2 protocol - this is clearly documented and not "proprietary" as you claimed. What is proprietary is the sftp protocol used by ssh.com's commercial server. Is this what you mean?

    --
    .my 2p
    1. Re:Number two. by Alan+Shutko · · Score: 3

      That's what I meant. Basically, I meant you can't scp to a server which is only running an ssh2 server. (Because scp2 uses sftp.)

  2. OpenBSD 2.7 waiting in the wings too... by stab · · Score: 3

    Dont forget that OpenSSH is also bundled as part of the forthcoming OpenBSD 2.7, which is due to be released on the 15th June.

    I just installed OpenBSD-current for the first time from anoncvs to test it out, as part of a migration from Linux to OpenBSD, and it utterly rocks so far! The huge difference is just the fact that it is secure out of the box, and comes with a wealth of audit scripts that scan the box every day and mail you with automated changelogs and security alerts. I can easily believe their claim that they have not had any remote exploits for over 2 years.

    Big kudos to the OpenSSH and OpenBSD teams .. I always had the impression of OpenBSD as lacking in features and friendliness compared to the other *nices, but after using Linux as a stepping stone to learn my way around, I cant wait to really sink my teeth into OpenBSD 2.7!

    PS: No affiliation to openbsd myself; I visited the webpage for the first time 3 days ago :D

    --
    Anil Madhavapeddy, anil@recoil.org

  3. Re:Before the cheering commences.. by x0dus · · Score: 4

    I had the same problem getting 'password incorrect' every time I tried to log in to my Slackware machine. After reading the FAQ, I found the solution. You have to link OpenSSH with libcrypt:

    LIBS=-lcrypt ./configure [options]

    Works perfectly for me now.

  4. Still a couple holes by Alan+Shutko · · Score: 4

    There are still a couple of holes in the support. Number one on my annoyance list is that the agent does not yet support DSA keys, so you have to type in a password whenever you connect to an ssh2 host. (Unless I've missed something somewhere.)

    Number two is that scp2 doesn't quite work, because it uses a proprietary protocol, although you can use scp1 over ssh2 fine.

    Otherwise, it works great. There's a tool to convert ssh2 keys into a form ossh understands, and I had no problem using it.

  5. Compatibility with SSH2 keys. by XNormal · · Score: 3

    From ssh-keygen man page: (my emphasis)

    -x This option will read a private OpenSSH DSA format file and print a SSH2-compatible public key to stdout.

    -X This option will read a SSH2-compatible public key file and print an OpenSSH DSA compatible public key to stdout.

    Am I the only one who finds this a little strange?

    Maybe that's why they call them asymmetric ciphers :-)

    ----

    --
    Stop worrying about the risks of nuclear power and start worrying about the risks of not using nuclear power.
  6. non openbsd versions by Phexro · · Score: 3
    the link provided was to the openbsd-specific source. there is a port for other unixes here - source is here , a diff against the `official' openbsd version (for those who downloaded from the incorrect link) is here

    --

  7. Whatever happened to the openssh org vs com debate by Anonymous Coward · · Score: 3

    A while ago Slashdot had an article on the OpenSSH dot org controversy. Emmet would write a follow up to it. But it never came. I would very much like to know how it ended and if the openbsd com site now finally supports other platforms (like GNU/Linux) or links to other free implementations.

  8. SSHv2 is crap by ClaudioLeite · · Score: 3

    For those of us who still have to suffer with modems, SSH version 2 is absolute crap. Sessions are extremely slow, and often halt for no reason. When both sides are on modems, results are even worse. It is absolutely impossible to do anything that requires frequent keypresses (try editing a file, its horrible) because of the extreme latency.

    SSHv1 and the old OpenSSH have none of these problems. SSHD2 with fallback to SSHD1 still has all these problems, even though it is using the SSH1 client.

    I always loved the fact that SSHv2 had bad licensing, so most people didn't use it. Now with this, more intelligent people will be using version 2 daemons, which means the rest of us who aren't lucky enough to have fast connections will suffer.

    --
    --- Free Dynamic DNS http://www.staticky.com/
  9. Before the cheering commences.. by uncleFester · · Score: 3

    I run a 'dual-platfom' shop (bread and butter boxes are HPUX, my desktop & primary mail reflector are linux) and was quite pleased to discover this Thursday. Built openssh for both platforms but only installed on the linux machine. I've since run into the problem of the old ssh clients (ssh-1.2.7) not consistently connecting to the new ssh (openssh) server using protocol v1. Things work fine after daemon init, but falter after some time. Forcing a ssh2/dsa connection is a little more reliable.

    This really hurts me with scp stuff back and forth.

    Problem manifests itself as a 'password incorrect' error. Nothing obvious when using -v at the client & debug/nodaemon flags at the server.

    I've not fully digested this problem yet so I haven't majorly pursued this (or filed any bug report). I want to make sure it's not MY fault. If you have a sizable ssh1 implementation you may want to stick this on a single box & watch it a day or two. I plan to upgrade ALL my unix boxes.. but will still need some ssh1 support as my PD win (HUSH) ssh clients only support ssh1.

    Thx to the OpenSSH team for 'helping' us with that goofyass ssh2 license problem the 'other' product has.

    --
    -'fester
  10. Better than the original (?)... by 1984 · · Score: 3
    One of the nicest things about the SSH v2 support in OpenSSH is that both protocol versions are supported in a single binary. No more installing SSH1 and then SSH2 over the top.

    Okay, so it wasn't that much hassle installing both versions, but the OpenSSH way is a neater solution.

    Now the real question -- apparent minor lack of functionality aside -- is: how long before we're all happy to chuck out our official copies of both SSH 1 and 2 and start using OpenSSH instead? How long do people wait before deciding "It's been out long enough that it's probably as secure as the alternative"? (It being something of a faith issue for those of us who don't have the time or skill to do a full audit of the code.)