Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSH Turns Five Years Old

Posted by CmdrTaco on from the edoc-eht-kaerb dept.

heydrick writes "The OpenSSH project is five years old. Project member Damien Miller writes, 'Five years ago, in late September 1999, the OpenSSH project was started. It began with an audit, cleanup and update of the last free version of Tatu Ylonen's legacy ssh-1.2.12 code. The project quickly gathered pace, attracting a portability effort and, in early 2000, an independent implementation of version 2 of the SSH protocol. Since then, OpenSSH has led in the implementation of proactive security techniques such as privilege separation & auto-reexecution.' Yaa for OpenSSH."

6 of 146 comments (clear)

  1. This story turns 8 months old by Anonymous Coward · · Score: 5, Informative

    And it's a dupe, too. Remember when editors actually read submissions?

  2. 5 years since the first *release* by heatdeath · · Score: 5, Informative

    The project was first released as OpenSSH 5 years ago today. The project was started, however, much earlier than that.

    --
    I'm sorry. The number you have reached is imaginary. Please rotate your phone 90 degrees and try again.
  3. 5 years since OpenSSH 2.0 by ikkibr · · Score: 4, Informative

    From openssh.com: "With the OpenBSD 2.6 release out of the way, Markus Friedl decided to pursue SSH 2 protocol support. Slaving away for months, he managed to keep OpenSSH slim and lean, while at the same time managing to turn it into a single piece of software that could do both the SSH 1 and SSH 2 protocols. This version, called OpenSSH 2.0, shipped with OpenBSD 2.7 on June 15, 2000. Most of the checking of Markus' changes were done by Niels Provos and Theo de Raadt. Bob Beck is to be thanked for updating OpenSSL to a newer version."

  4. They are also trying to get publicity. by Some+Random+Username · · Score: 4, Informative

    Yes, SSL and SSH are vulnerable to MITM attacks if used incorectly. This is not news, and has been known for years. Trying to pretend this is new and interesting and "easily crackable" is dishonest.

  5. Re:auto-reexecution? by slavemowgli · · Score: 4, Informative

    From the Changelog for OpenSSH 3.9:

    Make sshd(8) re-execute itself on accepting a new connection. This security measure ensures that all execute-time randomisations are reapplied for each connection rather than once, for the master process' lifetime. This includes mmap and malloc mappings, shared library addressing, shared library mapping order, ProPolice and StackGhost cookies on systems that support such things.

    Hope this helps. :)

    --
    quidquid latine dictum sit altum videtur.
  6. Re:Ettercap team claim SSH / SSL is easy crackable by kasperd · · Score: 3, Informative

    Would it be practical to have a summetric cipher with 4094 bit encryption, or would that make things run a bit slow?

    256 bit AES use 14 rounds with a 128 bit key in each round. Rather than generating the 1792 bit keyschedule from the 256 bit key, you could just use a 1792 bit key. The speed would be the same as 256 bit AES. But don't expect it to be much more secure.

    Most likely the cipher isn't the weakest point anyway. If you want to have 256 bits of entropy in your password you need aproximately 42 random characters.

    --

    Do you care about the security of your wireless mouse?