Slashdot Mirror

← Back to Stories (view on slashdot.org)

SSH and OpenSSH Comparisons?

Posted by Cliff on from the which-secure-shell dept.

Colonel Bleep asks: "My company is finally on the road to getting serious about Unix server security. Though there's a lot more to do, the current push is to replace telnet, ftp, rcp and the like with ssh. Problem is, the security team in charge of the transition is composed mostly of Microsoft-trained techicians that hold varying opinions of open source software. Non team members, such as myself, are kept abreast of developments via email. Input is encouraged. OpenSSH came up during a recent email exchange with the coordinator. It didn't take long for the "isn't proprietary is better?" mantra to rear its ugly head. Though I use OpenSSH at home I found myself at a loss to explain why the corp might want to consider using it over commercial SSH. That's aside from the obvious open source peer review argument, of course. I haven't been able to uncover any direct side-by-side reviews of the two products but I would very much like to pass such a comparison along. What say ye?" Update: 11/14 2:40p EDT by C : Users of SSHv1 may want to take a look at this security bulletin on a potential SSHv1 exploit that is rumored to be in the wild.

2 of 26 comments (clear)

  1. User Interface by macemoneta · · Score: 3, Interesting

    While the two are essentially the same in functionality from a user perspective, the commercial version does have a nice GUI. While it may not sound like much, it improves the usability, and probably reduces support costs.

    --

    Can You Say Linux? I Knew That You Could.

  2. The differences are minor... by pwagland · · Score: 3, Interesting
    Hi,

    The reality is that the differences are really minor, and, now that RSA is legal, openssh can be setup to act almost exactly the same as closedssh.

    The only signicant difference between them for most peole is the price.

    There used to be a fair bit of difference, but at least for unix, this is no longer true. Since 2.5 openssh has supported sftp. Since 3.0 it supports rekeying a session. With external PAM modules you can support smart cards and securid logins.

    The one advantage that ssh has over openssh is that this is all integrated into one package. The smartcard support is built in, you don't have to go looking for support.

    If you are not planning on using smartcards or tokens, then openssh wins based on price alone. You can get it pre-compiled for most platforms, so the compilation is not so much the issue. Otherwise you have to weigh the choices a little more carefully. Check to see if your required token/card is supported by both. If not, then it is likely to be easier to add support into openssh, having the source and all.

    In terms of windows clients...that is one big differentiator. Again, mostly money! We use tera-term and that works quite well, but does not do ssh V2 protocols.

    In either case, you are buying a big whack of security, but don't forget, passwords can be extremely weak! Don't let up on the other security policies just because you now have SSH. (And yes, I know that the poster is not responsible for this, this is just a general admonition :-)

    Whatever you get, I wish you the best of luck.

    Now for the gratuitous links: :-)

    securid and openssh

    some preliminary smartcard itegration with openssh

    another smartcard and openssh link