SSH Claims Draw Open Source Ire

JDStone writes to tell us eWeek is reporting that claims of OpenSSH not being an 'enterprise-class product' by SSH Communications, the creators of SSH, is being met with a great deal of resistance. Theo de Raadt, of OpenBSD fame and a member of the OpenSSH development team was quoted saying "OpenSSH is built into all Unix and Linux vendor operating systems, and is also built into almost all larger managed network switches, from Cisco through Foundry. It comes on Linksys and D-Link wireless and security routers too."

Name recognition

[shudde]

I realise I'm displaying my ignorance here but it should hopefully prove a point. I've used OpenSSH for years and until now I had no idea they didn't develop the protocol or that a commercial variant existed.

Couple that with the sheer number of servers and distributions using OpenSSH and the statements by Byron Rashed seem to have the ring of sour grapes.

No, it's no

[winkydink]

Enterprise-class is management speak for "has a pretty GUI that a monkey can use". If one is managing thousands or tens of thousands of accounts, one doesn't want to pay somebody big bucks to do it using Open Source if said open source requires an $80k/yr person to administer it. It's a TCO calculation, nothing more.

Define enterprise

[russg]

Not that I'm defending SSH, but it really depends on what specifically you are speaking of when it comes to comparing the offering of OpenSSH and SSH Communications. The two products are fairly similiar for base installs and function about the same. The problems with OpenSSH come into play in the enterprise when you want to manage the SSH installs globally or integrate the SSH server with other products.

Two examples from my own experience. We attempted integration with RSA and OpenSSH had significant problems that we had to resolve and in the end we could not resolve the final problem which was a session would hang after exiting the shell if the session was authenticated using the RSA PAM module.

The other example is related to distribution and configuration managment. We have started using SSH communications central management center to distribute new versions of Tectia server as well as centrally manage the configuration for Tectia/ssh. This has reduced our management overhead considerably. This is an "enterprise" feature.

--russ

Re:Man, the universe loves me. :)

[Suicyco]

What a dumbass.

If you can't figure out how to keep your screen from clearning (hint, NOT because of ssh) then what judge are you on the source code?

Ever seen the source code of the commercial SSH? Hmm. Is it even using the proper encryption algorithms? Is there a back door? We are talking heavy duty ENTERPRISE security here. You trust that level of security to a product that claims to protect your communications? Why not trust it to a product you KNOW protects your communications, because you can look right there in the source and then compile it yourself.

Re:but what about enterprise administration?

[Zak3056]

Think Microsoft GUIs and the absolutely terrible configuration options when you think about how bad this can become.

While, personally, I'm alot more comfortable doing things the *nix way (for example, I find httpd.conf to be a much better administrative interface than MS's IIS Manager) Microsoft's MMC based tools are pretty good these days--they cover about 95% of everything your average admin is going to do in the lifetime of the application. They're "good enough" to get the job done, and I think that most people who say otherwise probably haven't used them recently... or are simply more comfortable using different tools to do the job and just aren't willing to sit down and learn the MS way of doing things.