Slashdot Mirror
SSH-Based Solutions - Looking for Industry Proof?
mcwop asks: "My company's IT department is trying to set up secure FTP with a vendor. It would be set up on a Sun box (not running Solaris 9). I emailed suggesting they look at OpenSSH. The response I received stated that they don't like to use freeware, but only consider industry proven and supported software. I have found one commercial version
at SSH. What other commercial versions are out there (I know Solaris 9 comes with SSH)? But more importantly, what are some commercial successes? What large organizations are implementing SSH?"
Tera Term on Windows is the best.
Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
Perhaps I'm confused, but isn't OpenSSH a rather well-proven program?
Kein Mitleid für die Mehrheit.
You're going to be hard-pressed to find a commercial solution which is more widely used (and therefore proven in the industry) than OpenSSH.
Why don't you talk to the openssh team? I'm sure that for some nominal fee you can get extra priority support. OpenSSH is (IMHO) the best ssh implementation out there, and its from a dedicated team where security supercedes even functionality. The newest version of OpenSSH promises to be very hard to exploit.
Mac OS X (and X Server) ship with OpenSSH. Those are considered commercial OS's. I bet Solaris 9's SSH is also OpenSSH (don't know for sure though). Sounds like your managers have their heads where the sun doesn't shine.
In 1994, I took a job at a bank in Oklahoma. My boss at the time had the attitude "We're a bank, we pay for software".
:-)
Then I showed him screen. Suddenly the light went on in his head-- "Hey, I don't have to use 2 phone lines and 2 modems to get 2 shells at work!" To him, it was the greatest thing since sliced bread.
After that, he didn't have any problems letting me install emacs.
At least mafia-owned pizzarias make excellent pizza. Compare to Bill Gates.
so we can 0wn them. ;-)
seriously, any unix admin worth their paycheck isn't using unsecure telnet or ftp.. i sure know i'm not. (and i don't get paid enough)
abcdefghijklmnopqrstuvwxyz
OpenSSH is far more widely used than any commercial variant. You'd be hard pressed to find a fortune 500 company that isn't using it somewhere. Almost any provider of IT services or network services uses it, unless they have no *nix boxes at all and provide no services on anything other than a windows platform. Try a quick survey of network security companies and ask how they do remote access/filetransfer -- no matter how big, scp/ssh will be the answer, and it will be openssh for a majority of them.
Most businesses goes with SSH communications, www.ssh.com. They also have a low-memory-fotprint version, ipsec, tunneling software and some other stuff.
Both SSH (Company) and F-Secure sells commerical products of SSH. But maybe if you word it differently, your management should accept OpenSSH since it is being used by many companies. My company (a smaller 100+ person) uses OpenSSH extensively.
http://www.openssh.org/users.html
Also Nokia's IPSO (on their Checkpoint based firewalls uses openssh.
As you can see Sun uses it. Good enough. I thought so.
Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
...has a version of SSH available for Unices, Windows, Macs, even the Nokia 200. Don't know how good it is, but they've got a fair amount of info on the site.
F-Secure makes a rather kick-ass line of SSH products. We use them in production here (major tire manufacturer.), and it is FIPS 140-1 compliant. The client-side portion is pretty schweeeeeeet (esp the Windows client), even if you don't use the server portion.
http://www.f-secure.com/products/ssh/
List of platforms:
Server
All major Unix platforms; Solaris, Linux, HP-UX, AIX, BSD
Windows 2000, Windows NT 4.0
Client
All major Unix platforms; Solaris, Linux, HP-UX, AIX, BSD
Windows XP
Windows 2000
Windows NT 4.0
Windows 95
Windows 98
Windows ME
MacOS
Nokia 9200 Series Communicators
in fact, have them buy the cd. that'll lend some weight to your argument
https://https.openbsd.org/cgi-bin/order
besides, it's the right thing to do. =)
-Triumph
vodka, straight up, thank you!
Not sure what the requirements are, but if you are looking for secure access, you may want to consider a web-based file repository with an SSL front-end on it. You could have your choice of Apache & mod_ssl, or Stronghold (Apache derivative)
If using OpenSSH is questionable, using the #1 webserver shouldn't be. If Apache isn't proven or reliable in their eyes, then you have a really tough uphill battle.
I had the exact same situation about 6 months ago. I won, sorta. I simply said our industry is going through hard times right now and using OpenSSH will save your $500k in licensing fees.
We ended up compromising. They wanted vendor software, I wanted free. For the mission critical systems, we chose FSecure (fsecure.com) and for the high-importance and below (to include desktops), we went with OpenSSH.
Worked out well. With FSecure we also purchased Windows clients for the developers and if anything ever happened, they had the support they were looking for the vendor software. With everything else, OpenSSH did the job along with PuTTY on the peasants computers.
I am shocked that people think that SSH (OpenSSH) is not a industry standard. Here is a good client for windows. And of course you can get the server for free here.
~Shane
Our company had similar requirements:
1) Encrypted file transfer
2) User authentication
3) chroot jail environment
After initally looking at F-Secure's ssh server for Windows to match the system standards. We found out that certain SSH subsystems (namely sftp) we not 100% compatible with all clients. I'd put the openssh code up against commercial offerings if you can spend a little bit of time configuring.
In the end we waived standards and used Linux, openssh+openssl+ldap. It did require patching the sftp subsystem for chroot access that was obtained off of the openssh mailing list. This does require a suid executable, but since our customers are [semi] trusted, the risk of them smashing the stack is manageable.
Customers can now sftp or scp in and are rooted to the ~username directory. At present, implementation has be as easy as our dedicated line FTP customers. Ironically, we recommend commerical SSH clients...
There are several options for commercial SSH vendors. I found myself in a similar position a couple of years ago. I worked at a company that provided 24/7 security support to hundreds of companies, and _had_ to have a commercially supported SSH for both insurance and customer relation purposes. We started out using F-Secure, but the licensing and support was terrible. On top of that we found out that F-Secure simply licensed SSH.com's code and rebranded it. We worked a fantastic deal with ssh.com that allowed us to deploy SSH enterprise wide. On top of the good deal, we found the support to be excellent. At one point we needed some LDAP integration done and SSH.com had it done by the next release. I have also found SSH.com to be better security wise (since they do this to make money) than OpenSSH, check their track record. Anyhow, F-Secure, SSH.com and a couple of other companies offer SSH commercially. Good luck.
> What large organizations are implementing SSH?
All of them.
Slashdot? Oh, I just read it for the articles.
OpenSSH is by far the best SSH implementation available; the fact that it's freeware is a horrible reason not to use it. Explain to your employers that for a fee (and probably a smaller fee than most corporations would want) the OpenSSH team would most likely provide your company with expert support and services.
;D).
Don't to roll over and allow your firm to adopt a second-rate (and more expensive) security product simply because they don't trust open source. The answer to your problem, as uncomfortable a situation as it may be, is to try to inform the higher-ups of why they're misguided (without losing your job
They have .depot's available for 11.00 and 11i, and they are officially supporting it. That's a commerical OS/backing.
Moderation: Put your hand inside the puppet head!
http://www.openssh.org/usage/index.html
The OpenSSH team has put together a great page with a number of different usage statistics for SSH.
While it would be somewhat more complicated from an administrative and support standpoint to implement, a 'Kerberized' ftp daemon (I believe that one comes with the stock MIT KerberosV distribution) could possibly be a solution to your problem. Kerberos, while technically 'freeware' has been around for quite some time, has existed in several major UNIX distributions, and is used quite extesnivly in many major orginizations. Otherwise, if security is a concern, why not just set up a VPN between the client and your company and have the FTP go through that?
The company I work for ("a little hardware vendor in the Valley") switched from the Commercial ssh client and server package to OpenSSH for all of our servers. OpenSSH proved more robust and easier to support - not to mention much, much, less expensive. And yes, I'm including the "cost" of our SysAdmin's time and the time of the person who manages distribution of our 'approved' OpenSSH package.
There really is no reason to use a commercial product unless the management is stuck on the "We need someone to sue if it breaks" business model of software acquisition.
Never attribute to malice what can as easily be the result of incompetence...
ala FreeBSD, OpenBSD (One remote hole in the default install, in nearly 6 years!) , OpenSSH, Apache, etc.
Instead, let's use proprietary "secure" software, ala Win2000, IIS, etc.
While I can respect the company's policy of only wanting to deal with "respected and proven" commercial software, many commercial apps critical to secure operations are not "proven". Even SSH is relatively far behind the development curve of OpenSSH, its open-source counterpart. Nor is it in use in as many types of environments.
It may sound silly to suggest it again, but consider mentioning OpenSSH in your spread of possibilities. Even though it did have a possible remote root exploit exposed recently, look how fast working updates and/or workarounds were released. You'd be very hard pressed to find that in a commercial product.
...use IPSEC based VPN's. Most firewals will do this, just make sure they use a common key exchange method (i.e. don't use anything from Novell)
If you want a "industry proven and supported" product that supports SSH protocols, then the original SSH is what you want, but you'll (obviously) have to pay.
So how do they feel about Apache? I mean, IBM will sell it to you can IBM HTTPD, but it's still Apache. Or Java? Or... grrr
Sun themselves recommend OpenSSH. Just search http://www.sun.com.
s sh.pdfH .pdf
Some notable links:
http://www.sun.com/blueprints/0102/config
http://www.sun.com/blueprints/0701/openSS
The scripts for an automated package creation have been very useful for me over the past few months, as OpenSSH has blazed through the 3.x versions.
Ok, this is what you do:
Register a company called "Secure Products Inc.", and make a quick website, fake some letterhead, etc. Then, tell your boss you found a great SSH product from Secure Products for only $50 per seat. Then, download the newest version of OpenSSH, change the name to SPISSH and watch the $$$$ roll in!
Word.
I have run into the same situation myself, where the vendor I need to work with wants to transfer critical, sensitive or otherwise private data across the internet, using the very insecure FTP protocol.
I have suggested SSH to these vendors and each time they cite reasons relating to their use of Microsoft Windows (often a managed server at some hosting company like AT&T), or their refusal to use non-mainstream-commercial software. They also tend to try to argue that FTP is good enough, and that the law doesn't require anything more secure. As we all should know, this is just plain senseless, and dangerous.
In my hunt for an alternative that would be acceptable to them as well as me, AND would be able to be automated, I realized that good old HTTP over SSL (HTTPS) would work just fine for transferring the data. Not only would it be secure enough (at 128-bit) but I could automate the entire thing with OSS tools from my side, and they already had everything they would need to make it work on their end under Windows.
With just a little configuration on each end, and a simple little perl script, we have a secure transfer mechanism.
In our case our internal policy states that we initiate all secure data transfers from our side so making our transfers "bi-directional" was easy, but for others who do not have this policy, or where it would be inappropriate, it is quite simple to set up an http server on the local side to handle inbound transfers, even on a Windows server/host.
There are of course other possibilities including using a TLS enabled ftp client/server, and they all come with other considerations including some relating to compatibility. I highly suggest that you personally review each of the alternatives yourself and do not rely purely on the advice gleaned here on Slashdot, as accurate (or not) as it may be.
Hope this helps!
-Anon
Solaris 9 comes with a slightly modified OpenSSH (according to Sun).
The only commercial Unix ssh server that I'm aware of is from SSH.com
(it is resold be several companies like F-Secure IIRC).
Compaq^WHP supplies SSH.com's ssh for Tru64 Unix (free download from
Compaq's site, and I think will be included with Tru64 5.1B).
SSH is a proprietery product from SSH.COM. It is an outstanding technology that has been adopted by the open movement and SSH "tolerates" Open SSH. However, all other commercial products must license it from SSH. So, if you must get it from a commercial vendor then why not get it from the horses mouth, as it were.
Now, to answer your question regarding Open SSH specifically. The only major and well known company that I know for sure that uses Open SSH is Cisco. There are certainly many others but, there are probably few who use it as a matter of policy. But, that doesn't mean that their engineers, having half a brain, haven't all acquired a copy and rely heavily on Open SSH. Part of the problem with free software is that it doesn't show up on the radar unless it is used very heavily but, that doesn't mean that it isn't used by many.
You've got a tough sell ahead of you as you must sell mind share, which is very difficult. It's far eaisier to sell SSH on technical merit but, that's already been done for you. To add further insult, if anyone does take you seriously and checks into Open SSH they will likely find a couple of recent vulnerabilities which, although already fixed, won't help your arguement.
I'd say let it go. If they want to pay for SSH then let them. Comfort yourself in thinking that that money will be used by SSH to advance the product and some of those advancements will make it into OpenSSH too.
And has docs on it. Use things like sendmail and bind (DNS) as examples of opensource in practice. Also, show them the prices for a commercial SSH implementation on a large scale. Very little beats the bottom line of free, as in beer/books.
Email me, I can give you names and number for people using OpenSSH in a corporate envionment. (I am posting this to the main commments since the article poster doesn't have an email address).
I am willing to bet that when they said "freeware" they were thinking TuCows and fly-by-wire or 13-year-old VB h4x0r in his basement.
I'm sure your boss(es) need a good clue-bat to the head and they'll be fine.
In Soviet Russia...michael would be rotting in Siberia!
The response I received stated that they don't like to use freeware, but only consider industry proven and supported software.
Then your company needs to fire its IT management staff since it is apparent they have absolutely no idea what they're talking about. In the meantime, you can tell them that OpenSSH is NOT Freeware. I wouldn't trust freeware either. The difference? Freeware is typically closed source software that the authors refuse to release to code to because they think they're really "eleet" or some similar childish reason. I would also ask you: if you're a talented geek (assumption), why are you working for some lame company that refuses to touch Open Source software? Go somewhere where you're gonna make a difference. If you have the skills, you'll find plenty of jobs doing what you'd really like to do.
"SSH is now the de-facto standard for remote administration over the Internet. It is used in more than 50 countries by thousands of organizations, including e.g. MCI, Stanford University, Lawrence Livermore National Laboratories, and NASA."
Get your Unix fortune now!
The "security" admin there wanted to load F-Secure on everything.
Except he didn't know how to load it. I was tasked with "implementing SSH..."
I loaded OpenSSH on all the Sun boxes (90+). Loaded up putty for all the developers and started shutting off telnet/ftp.
The F-Secure sales rep called me to see "how things were going".
I told him we were going to go with OpenSSH. He asked about support... I laughed at him. 2 weeks later a major hole surfaced in SSH
(OpenSSH was not vulnerable to this one.) and F-Secure was the LAST vendor to come out with a fix, ala 2+ weeks later.
I have OpenSSH running on my HPUX box, all my Sun boxes, all my Linux boxes, and of course my OpenBSD boxes.
If OpenSSH is good enough for Sun/HP/Redhat it ought to be good enough for your managers. If not it might be time to go Bofh on them....
Just load it on there and then tell them you *didn't realize* it was already on there.... Then stuff them in a tape safe...
If you are on a Windows based machine somewhere, and you need to use ssh, you can quickly get PuTTY from the net. It is small (220k), so you could even keep it with you on a floppy. And it is only a single executable. PuTTY is THE ssh client for Windows, IMO.
My beliefs do not require that you agree with them.
If you really mean a SSH (not SSL) survey, by Netcraft, I don't know about it and can't find it on their website...where is it?
Both OpenSSH and SSH are industry proven and supported software. SSH is supported by the original author of the protocol, Tatu Ylonen, among others. OpenSSH is supported by acknowleged Open Source security experts including Markus Friedl, Dug Song, and Theo de Raadt.
The version of SSH that Sun is shipping with Solaris is in fact OpenSSH. Sun is not trying to hide this, they are proud of shipping it because it is an excellent program.
Most major insurance companies run SSH (if they are Microsoft shops) or OpenSSH (if they are not). Most hospitals run OpenSSH.
I use both products. Support is superb for both; but SSH.com has friendly, personable phone support while the OpenSSH support comes mostly from Usenet and Email (and can be fiery if you ask exceptionally stupid questions). OpenSSH fixes bugs faster than SSH.Com, but both products have had about the same number of problems, and all have been quickly and effectively resolved.
Popular clients for windows include putty and Teraterm SSH. Make sure you get a recent version, however, older versions of those programs use versions of SSH ( v 1.5) that have known bugs.
If you are dealing with a company that thinks commercial software is "better" than "freeware" you should be careful how you approach this project. If there is a single person who has created this mindset, that person is likely to be both powerful and not very analytical - a dangerous combination.
You mean the "very similar to the Netcraft Web Server Survey" done by the OpenSSH people?
Couldn't find anything at Netcraft, so I assumed this is what you were talking about.
You've asked the smaller question with a really awesome example (OpenSSH is one of the highest quality software products available, IMHO).
:)
However, the larger question is this: how do you convince your boss that you should be allowed to use lots of free software off the net. The answer is you should not, and he should not approve such a thing. What you should be doing is picking a vendor that will do things like chase down security updates, while also providing you with the kinds of features that you need.
Of course, this brings into question the entire spectrum of software that you run. Should you switch OS vendors to someone who embraces Open Source Software (e.g. a Linux vendor like Red Hat, Caldera, SuSe, etc.).
If you need high-quality software with the latest feature-set, you should be looking at who will give you what you need and support it well.
Can of worms you say? Well, yes but when you start talking about Linux these days you have a lot of amunition. IBM is shipping Linux-based systems. Everybody and his brother is using Linux-based servers in production (unless they're using BSD
OpenSSH is hard to argue against, and you'll probably win that battle hands-down. But what happens when you want remote management via VNC or OpenLDAP has some features you want or you need a quick-and-dirty database and don't want to spend $thousands?
Get an OS that comes with the best software already installed. Get Linux.
wrong question.
the correct question is, "should i get a new job?" and the answer is yes.
i'm totally serious. it's as if 100 or so years ago you worked at a overland transport company that said, "ah, that mechanical train thing is never going to catch on, i'm sticking to wagons!"
let your current employer waste their time and while you humor them with whatever they think they want to hear, go find a more sane place to work while you have the luxury of time.
US Citizen living abroad? Register to vote!
they don't like to use freeware, but only consider industry proven and supported software.
What, do they live under a rock? You'd be hard pressed to find another free software project used _more_ than OpenSSH.
Maybe you should forward a note to your CEO about how your clueless IT department is needlessly racking up support and licensing costs, while remaining ignorant of common IT practices.
-pmb
I've been with my present employer since Oct. of 1999. Every time we have a meeting where we discuss ways to accomplish some task I waited for an opportunity to say, "I could write a shell script to do that" or "We could do that with a Linux box". Early on it always got a big laugh. Then my technical lead started saying, "We could do that with a shell script." Now they're asking questions about using Linux for server consolidation. Some things take time. Patience my young apprentice.
--
As a matter of fact, I am a lawyer. But I play an actor on TV.
but only consider industry proven and supported software.
...the thin, whiny sound of an incompetent, bumbling, empire-building middle manager, easily identified by the unhyphenated buzz-phrase "industry-proven" which is part of the Management 2.0 Service Pack upgrade along with "customer-focused" and "memory-hungry."
It really is unfair to have such a staggering advantage over the competition.
No, please. PLEASE go overpay for your "industry-proven" version of the exact same thing everyone with a clue already has. Just don't lay off anyone when your budget runs out.
Cisco Systems uses SSH extensively. You can find SSH supported in some of their commercial products. And internally, SSH is becoming one of the standards for remote access. It might be interesting to note that they use a combination of SSH2 from SSH, Inc AND OpenSSH with both being officially sanctioned solutions.
Sun provides a /dev/random and a /dev/urandom now. Check out Patch 112438-01 for Sparc, or 112439-01 for X86 on sunsolve.sun.com
***There is no point in asking, you'll get no reply***
http://www.openssh.com/press.html
assert(expired(knowledge));
To secure FTP traffic, I highly recommend SafeTP from the folks at Berkeley. SafeTP is an RFC 2228 compliant FTP Security Extension that uses Public Key Crypto to authenticate and secure the link.
SafeTP is supported under Unix / Linux as well as Windows 95/98/ME/NT/2000/etc. Source code for Unix and compiled code for Windows is available free of cost.
This quote from the Berkeley folks may be useful:
We have found SafeTP to be both user friendly and expert friendly. We have been successfully using it now for several years. It works well behind firewalls. The code is both well written and stable.
chongo (was here)
Using commercial as a synonym for proprietary isn't logical. There's plenty of Open Source applications which have been produced for the primary aim of making money (RPM, Zope) and there's plenty of closed soruce apps which are produced for non-commercial reasons (eg, PowerArchiver back when it was called easyzip). The word proprietary is a much more accurate description of the software.
Wow. And here I've been building my own depots all this time.
. cgi/cgi/displayProductInfo.pl?productNumber=T1471A A
http://www.software.hp.com/cgi-bin/swdepot_parser
Thanks for the tip, Marx!
I work in a pre-field lab environment, where we make sure all our equipment going onto our network isn't going to blow anything up.
All of my machines are standard with OpenSSH now, and I know that all the new machines coming in are required to have SSH in place of Telnet... and OpenSSH is the defacto standard, although we will accept a commercial implimentation if the vendor provides it.
Anything Sprint PCS provided, though, is OpenSSH. Telnet as been officially "banned" from all new equipment, even if people are breaking this rule (much to my chagrin) on occasion.
They have builds of OpenSSH (and tons of other free software) for a variety of UNIX platforms, and they offer commercial support for them. I used them at my last employer, and was extremely satisfied with them. On several occasions they integrated or wrote fixes when I came across bugs, and submitted their fixes upstream to the maintainers. Their response was also much faster than the maintainers.
Sun Professional Services uses SSH to access the machines they are administrating. I guess if it's secure for all their customers, it should be good enough for the application in question too.
- Hubert
I worked for CNN.com for two years (1998 - 2000). We used SSH there to transfer news feeds between servers as part of our automated processing. A template would generate the data (XML, html, JavaScript, whatever), and then a Perl or shell script would scp (secure copy, a part of ssh) the file to the remote server using an ssh-agent.
When I left CNN, I went to a startup called ZapMedia. It was a much smaller company, but we used SSH for all communications to our production boxes (which were colocated at Exodus outside of our company LAN). We even did remote CVS checkouts over SSH as part of our code release process. The use of SSH was completely secure and worked very well.
- Vincit qui patitur.
We are (an unnamed) large computer services company and we use openSSH but the licence made our legal department throw fits. The wording in it is strange and basically says "I'm not sure what's in this code and there may be things that are or are not someone else's intellectual property but if anyone comes after you legally than I'm out of it..."
Before that we used F-Secure's SSH as a commercial version. It works great but is clearly more expensive than FREE.
This is one of those situations where I've actually been pleasantly surprised by both the commercial (SSH.com) and non-commerical (OpenSSH) products. I've used both, almost interchangeably, and like them both. It's really a toss-up for me.
Some people might point to the recent OpenSSH security holes trying to discredit them, but look at how quick the turnaround on patches was.. amazing.
One thing I did want to point out was the SSH.com Windows client. I really like it. It might not be worth the money, but if you fall into one of the categories where you get a free license (allows university use and non-commercial use according to their website), it's quite good. I especially like the ease in opening additional sessions or secure file transfer, etc. Worth checking out..
(And definitely don't use the TeraTerm SSH client. It's still SSH version 1, and is just a hack on top of TeraTerm... never seemed like the greatest solution to me, even if it did work)
You cannot find anything commercial that is more proven or better supported than OpenSSH. There may be commercial packages that are as good -- although I don't know of any -- but there can be none that are better. Support from commercial companies is, too often, a joke.
Case in point: very recently a bug was discovered in OpenSSH: if you used a certain form of challenge-response authentication, a remote compromise may be possible. Within days of the bug being announced, there was a workaround; and versions post-3.3 are not affected since they UsePrivilegeSeparation by default. This is the only significant bug I can remember off-hand.
In any case, SSH is a commercial product and is done by Tatu Ylonen, who was the original SSH guy; OpenSSH is the free version that the OpenBSD guys forked when SSH went commercial.
Unlimited growth == Cancer.
I've been working at dig.com since April, and we use OpenSSH on all our unix boxes. We use a bunch of other free software, and nobody thinks it's risky or anything. We could certainly afford commercial software if it provided anything we couldn't get in free software.
As it turns out, the prevailing attitude is that with commercial software we have to involve the vendor every time we want to do anything remotely unusual. If we improve the tool, the vendor probably won't support it. If the vendor improves the tool, they will probably require more money and a needlessly complicated upgrade for us to benefit from it.
Stand up to your managers. Don't just tell them that Free Is Better, show them.
Sheesh. Shame on Cliff for posting this troll.
Patrick Doyle
I mod down every jackass who puts his moderation policy in his sig. Oh, wait a sec....
would also ask you: if you're a talented geek (assumption), why are you working for some lame company that refuses to touch Open Source software? Go somewhere where you're gonna make a difference. If you have the skills, you'll find plenty of jobs doing what you'd really like to do.
Your remark is simply idiotic. The whole world doesn't revolve around spreading open source around. He/She needs to make a living, make some cash, and he/she's not going to give up his/her job because his/her company doesn't want to run open source software.
And, what makes you think going to a company that does touch open source will help "make a difference?" What? He's going to make a difference at the companies that DON'T touch it by convincing them to do so.
And having 'leet programming skills' doesn't have anything to do with whether you support open source or not. And maybe he/she likes the job they already do, regardless of the SSH daemon they use. That's one hell of a reason to quit your job.
void women (int money, time_t time);
That's fine. There are people who do commercial support for open source. Hire them and pay them! Cygnus Support was the classic business following this model, and they've been bought by Red Hat, so get support contracts from Red Hat. Or SuSe, or a few other similar companies. You get the software you want, with a source license, and you get someone to fix stuff for you for your money. Works just fine.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
A lot of large companies (like AOL TimeWarner, Sony and even Microsoft) run OpenSSH on BSD systems.
:-).
For example, at my previous company I did work for AOL, and we used FreeBSD servers to preprare user billing data for AOL - with OpenSSH of course. Personally I would have prefered Linux, but the other 2 systems engineers were FreeBSD fan's and I can respect that
The only - and I mean only - reason to have a commercial SSH client is if you need support for a trusted operating environment (i.e. Trusted Solaris, Argus Pitbull) and you typically purchase these from the vendor that sold you the OS in the first place - though with privliage seperation now present in OpenSSH, this could be a thing of the past.
If you've worked in big business you see how many use BSD and OpenSSH - though not to Linux, as most have reservations about it's sutibility for a corporate environment - and the use of free (as in beer) software is increasing as the cost benifits of a no-cost OS and cheap commodity Intel hardware are encoraging companies to move away from Sun hardware in certain situations.
oops, I think you are right.
Get your Unix fortune now!