Slashdot Mirror

← Back to Stories (view on slashdot.org)

SSH Claims Draw Open Source Ire

Posted by ScuttleMonkey on from the you-do-it-then-open-source-does-it-better dept.

JDStone writes to tell us eWeek is reporting that claims of OpenSSH not being an 'enterprise-class product' by SSH Communications, the creators of SSH, is being met with a great deal of resistance. Theo de Raadt, of OpenBSD fame and a member of the OpenSSH development team was quoted saying "OpenSSH is built into all Unix and Linux vendor operating systems, and is also built into almost all larger managed network switches, from Cisco through Foundry. It comes on Linksys and D-Link wireless and security routers too."

6 of 377 comments (clear)

  1. Man, the universe loves me. :) by Reality+Master+101 · · Score: 0, Troll
    I was just looking at the source to OpenSSH yesterday, and wished we'd have a story about it so I could write a rant. :)

    WHAT A PIECE OF F'ING CRAP.

    I'm really not trying to post flamebait here, but GAH, the people who work on that thing should hang their heads in embarrassment. Spaghetti code, no comments -- I'm talking a total mess. I was actually just looking for the code that clears the screen when you log out of a session (because I actually hate the automatic clear screen, and was hoping there was an option for it). I finally gave up in disgust.

    Now, I'm not saying that proprietary source is always golden (I mean, we know it isn't), but the worst code I've ever developed in my life is better than that rat's nest. I'd fire any programmer who dared to bring me such a horrible mess.

    Any, a big "thank you" to the universe for getting this story posted. :)

    --
    Sometimes it's best to just let stupid people be stupid.
  2. Re:What else would SSH Communications say? by Nazadus · · Score: 0, Troll

    I disagree, Linux is usually more secure. However the problem is that people say Linux is secure. Their is a difference between being secure and "more secure than another operating system". One implies a false sense of security.

    We chose Microsoft at my emplyoers place. Why? Becuase anyone can do it. For a small business, they can't afford a highly trained professional just to add a stinking user or make minor changes. Yeah, ideally you want a highly trained professional -- but unless the Linux Zealots are willing to work *for free* then the prhase of "put up and shut up" comes to mind... sadly, they don't shut up.

    I've come to the following conclusion: If you can afford to take the time configuring Linux *and* have someone always around *and* a backup to that person, then Linux *might* be the way to go.

    I like OpenBSD... it's becoming more and more pracitcal everyday without the fear of infections.

    Oh, and Chevy is better. ;-)

    But seriously, everyone should remember: Your operating system is a TOOL, not a religion. When you die, it doesn't go with you. It can only make your life better or worse. Everyone has a different need (otherwise, why be human? just be a drone? and we all just love drones, don't we?).

    I'll be modded to hell for this blasphemous post.

    --
    "Do or do not. There is no try." -- Master Yoda (Half man, half muppet)
  3. Well, they do have a point... by erikvcl · · Score: 0, Troll

    The OpenSSH developers don't have any problem pushing back enterprise features such as partial authentication. In fact, they aren't even SLIGHTLY interested in supporting it even though there are patches out there that implement such a feature.

    1. Re:Well, they do have a point... by erikvcl · · Score: 0, Troll

      I guess I should have been more clear... My company did "get off its corporate ass"!

      I implemented partial authentication for the current SSH versions based on some patches that are already out there. The OpenSSH developers are well aware of what partial authentication is (which is the ability to require two or more authentication methods before the user is allowed to log on). They just didn't want the patch because it is "too complicated" (both myself and the original author of the patch tried to convince the OpenSSH team that it was worthy). Since partial authentication is a relatively complex feature and OpenSSH doesn't have the right "hooks" in place, the patch is necessarily complicated.

      So you have all of these Slashdotters all up-in-arms because someone actually said the truth about the software that they love. Then you have the OpenSSH developers rejecting enterprise features when the work has already been done. Go figure.

  4. Re:Well it makes perfect sense by Anonymous Coward · · Score: 0, Troll
    However, updating OpenSSH servers involves an extremely laborious and time-consuming process

    Yeah, running
    apt-get update && apt-get install ssh
    is sooo hard.
  5. Theo doesn't want to fix brute force attack probs by Anonymous Coward · · Score: 0, Troll

    Theo and OpenSSH have a problem, brute force attacks. When asked about it he doesn't want to do the extra work to make OpenSSH more secure. Yea, it's a multi threading problem and he says just go use some other software that will mask his problem by putting up a firewall rule in front of his OpenSSH code.

    Then try talking to him about passphrases. This guy is a danger to everyone's security. OpenSSH should be replaced or forked as soon as possible (open source only please).

    Try asking him, watch what you get back.

    http://www.openssh.com/list.html