Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSH Turns Five Years Old

Posted by CmdrTaco on from the edoc-eht-kaerb dept.

heydrick writes "The OpenSSH project is five years old. Project member Damien Miller writes, 'Five years ago, in late September 1999, the OpenSSH project was started. It began with an audit, cleanup and update of the last free version of Tatu Ylonen's legacy ssh-1.2.12 code. The project quickly gathered pace, attracting a portability effort and, in early 2000, an independent implementation of version 2 of the SSH protocol. Since then, OpenSSH has led in the implementation of proactive security techniques such as privilege separation & auto-reexecution.' Yaa for OpenSSH."

5 of 146 comments (clear)

  1. This story turns 8 months old by Anonymous Coward · · Score: 5, Informative

    And it's a dupe, too. Remember when editors actually read submissions?

  2. 5 years since the first *release* by heatdeath · · Score: 5, Informative

    The project was first released as OpenSSH 5 years ago today. The project was started, however, much earlier than that.

    --
    I'm sorry. The number you have reached is imaginary. Please rotate your phone 90 degrees and try again.
  3. 5 years since OpenSSH 2.0 by ikkibr · · Score: 4, Informative

    From openssh.com: "With the OpenBSD 2.6 release out of the way, Markus Friedl decided to pursue SSH 2 protocol support. Slaving away for months, he managed to keep OpenSSH slim and lean, while at the same time managing to turn it into a single piece of software that could do both the SSH 1 and SSH 2 protocols. This version, called OpenSSH 2.0, shipped with OpenBSD 2.7 on June 15, 2000. Most of the checking of Markus' changes were done by Niels Provos and Theo de Raadt. Bob Beck is to be thanked for updating OpenSSL to a newer version."

  4. They are also trying to get publicity. by Some+Random+Username · · Score: 4, Informative

    Yes, SSL and SSH are vulnerable to MITM attacks if used incorectly. This is not news, and has been known for years. Trying to pretend this is new and interesting and "easily crackable" is dishonest.

  5. Re:auto-reexecution? by slavemowgli · · Score: 4, Informative

    From the Changelog for OpenSSH 3.9:

    Make sshd(8) re-execute itself on accepting a new connection. This security measure ensures that all execute-time randomisations are reapplied for each connection rather than once, for the master process' lifetime. This includes mmap and malloc mappings, shared library addressing, shared library mapping order, ProPolice and StackGhost cookies on systems that support such things.

    Hope this helps. :)

    --
    quidquid latine dictum sit altum videtur.