Slashdot Mirror
SSH and OpenSSH Comparisons?
Colonel Bleep asks: "My company is finally on the road to getting serious about Unix server security. Though there's a lot more to do, the current push is to replace telnet, ftp, rcp and the like with ssh. Problem is, the security team in charge of the transition is composed mostly of Microsoft-trained techicians that hold varying opinions of open source software. Non team members, such as myself, are kept abreast of developments via email. Input is encouraged. OpenSSH came up during a recent email exchange with the coordinator. It didn't take long for the "isn't proprietary is better?" mantra to rear its ugly head. Though I use OpenSSH at home I found myself at a loss to explain why the corp might want to consider using it over commercial SSH. That's aside from the obvious open source peer review argument, of course. I haven't been able to uncover any direct side-by-side reviews of the two products but I would very much like to pass such a comparison along. What say ye?" Update: 11/14 2:40p EDT by C : Users of SSHv1 may want to take a look at this security bulletin on a potential SSHv1 exploit that is rumored to be in the wild.
OpenSSH will save your company money. This has to be balanced against the lack of a commercial support contract, although I'm sure you could find someone prepared to sell you a supoprt contract for OpenSSH. Where the balance swings depends on your companies priorities.
OpenSSH gives you peace of mind that the software you're depending on isn't vulnerable to the financial failure of a commercial company.
Commercial ssh has a few features that aren't yet present in OpenSSH (twofish and IDEA ciphers, for example, or host based authentication).
"The invisible and the non-existent look very much alike." -- Delos B. McKown
For a nice, opensource windows client :-
t y/
http://www.chiark.greenend.org.uk/~sgtatham/put
Van Dyke Secure CRT is a really good GUI that support SSH2 with the most advanced encryption and authentication schemes (AES). My favourite features are:
You can probably implement all those features when you use OpenSSH via an Xterm, but it would take you days to research Xwindow configuration and expect scripting language.
The only feature that command line SSH (OpenSSH and the commercial ssh.fi ssh) has is the ability to forward authentication using ssh-agent.
I used to be a big Secure-CRT fan, but the latest releases of Putty provide about everything Secure-CRT does, and for about $90 cheaper.
I've found Putty interoperates better with OpenSSH 3.0 than Secure-CRT - at least versus SCRT version 3.1. This may be better in 3.4, but Van Dyke wants upgrade fees, so...
I also have a problem with the way Van Dyke forces you to pay upgrade fees - The 3.1 version I purchased from them won't even install anymore, it says it has expired. It's OK to charge for software upgrades, but it's wrong to disallow use of older versions!
Free for non-commercial use, the Windows ssh client at ssh.com is pretty decent and polished.
And there's always TeraTerm Pro. It used to be better than Putty, but recent builds of Putty have turned that around, IMHO. I believe TT supports only SSH1, and not SSH2.
As an example, recent Putty versions support port forwarding, SSH2 DSA keys, and agent forwarding. And as always, it has a very small footprint.
Lastly, iXplorer is a nice Windows GUI dropped on top of pscp/plink for secure (SCP) file transfers.
This post is licensed under the Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.
Comerical ssh has one good feature which is not supported by openssh. It supports chroot for sftp subsystem. It is not essential feature but still it is nice to have it.
--
Ilya Martynov (http://martynov.org/)