Slashdot Mirror
OpenSSH Going Strong After 10 Years With Release of v5.3
An anonymous reader writes "OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. It encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions. Version 5.3 marks the 10th anniversary of the OpenSSH project."
Thank you to everyone that's worked on OpenSSH over its lifetime - it's certainly made my (working) life easier.
And, unlike the Slashdot submission system, OpenSSH pretty much always works!
#DeleteChrome
This wonder-full versatile tool shaped the world of remote administration or the other way round.
Would you ?
1) Abandon SSH or OpenSSH
2) Loose an arm
3) I'm a snake
4) Telnet everywhere
5) I live in a data-center
Léa Gris
...it remembers what key goes with what server, rather than unconditionally giving each of a few dozen outside groups the ability to tell it that yes, your secure server really did just get a new key (so that new Russian IP address must be correct).
For the rest as well.
POKE 36879,8
To think we used to use telnet and rlogin to access everything.
OpenSSH is a far more significant technology than it has gotten credit for.
"To those who are overly cautious, everything is impossible. "
No matter the OS, no matter the exploit, that name alone in the title of an email to bugtraq can send shivers down the spine.
Don't Crease the Weasel!
i dont need ssh... for some reason inetd was installed with a call to bash, running as root. i can just telnet right in. it actually saves me a ton of time, since lately i can't even seem to remember what my password is.
slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
Ditto for android.
Did OpenSSH ever fix the performance limitation on fast networks (>100Mbps)? They have static internal flow buffers that prevent fast scp/ssh! HPN has a patch but OpenSSH has to my knowledge never adopted it. http://www.psc.edu/networking/projects/hpn-ssh/
My hats off to probably the best open source package ever made
It was likely not far after openSSH became available, and the original SSH was starting to get less and less friendly. The great thing about SSH is is all started out free and open. Early on it was experimental (though very cool). This later changed when the original SSH became commercialized, and the licensing started closing up (thus my switching to openSSH). This was back in the days when an ssh client was something you had to hunt around for and much of the time all that was available was cruddy ssh1 clients.
We've come a long way since then. These days putty and SCP are available for any platform. I haven't even thought about the original ssh from Tatu for years, though I certainly used it so many years ago.
AccountKiller
run on iPhone?
It sure does. TouchTerm, for example, uses OpenSSH.
http://jbrink.net/touchterm/
Not the server though.
http://michaelsmith.id.au
Not wanting to troll but, you know, if openssh was GPL licensed said commercial vendors would have to release the source for openssh with their products, including any modifications they made. The project could also offer LGPL or BSD licensed versions in exchange for cold, hard, cash.
You're assuming that the commercial vendors would still use OpenSSH if it was GPLed. What makes you think they wouldn't either roll their own SSH server or use some other proprietary implementation?
Karma: Terrifying (mostly affected by atrocities you've committed)
I find sshfs to be a much easier to use ad-hoc network fileystem mounter than the other popular alternatives. And it's secure by default.
But it's too secure. Or rather, there are scenarios in which the network transfer doesn't need the ssh security, but encrypting it takes too long (or too much CPU from other tasks, especially on dinky embedded network devices). Is there a way to force sshfs to use a much less compute intensive encryption, or maybe even a null crypto module? Without hacking the source directly, that is - like an execution option, a compile option, a config rule, etc.
--
make install -not war
I do believe that you've entirely missed the point of that paragraph. They still wouldn't have to pay a dime. As in, who cares if they would have to offer the source to something where the source is already available.
The GPL is not the godsend that many people believe it to be. In fact, if looking at current (and past) business practice is any indication, the GPL would have actually hindered OpenSSH's adoption, not promoted it. Businesses really hate that viral open source thing in the GPL regardless of whether there code actually touches the GPL'd code. Just not worth the risk for many (most?).
Not wanting to troll but, you know, if openssh was GPL licensed said commercial vendors would have to release the source for openssh with their products, including any modifications they made. The project could also offer LGPL or BSD licensed versions in exchange for cold, hard, cash.
Instead they do the noble thing and release their hard work without strings attached. They understand the alternatives but actively choose to stick with a license that doesn't childishly punish those who cannot or won't return the favor. They do what they do not to "stick it" to corporations but rather because they love to code and love when their code is used to improve peoples' lives. They even love it when somebody is able to take what they've done and build off of it or incorporate it into a product. It's a matter of love, and love must be given without strings and viral conditions. It's true charity, and charity is for the giver as much as the receiver. It's the BSD philosophy, and it's not often understand by the GNU herd. But that's okay, because the software we write is for them, too. And we love it even if they don't understand why.
Thanks OpenBSD. You're awesome. I hope a lot of people today make good use of this link.
This author takes full ownership and responsibility for the unpopular opinions outlined above.
Businesses really hate that viral open source thing in the GPL
You seem to think that we're on some ideological crusade to take over everything. In the real world, we just don't care at all about anything which is not "core business". The GPL is an excellent thing since we can give back source code without much need to think. The business justification is one check box (because we have to) rather than weeks of meetings about whether this feature is strategic. When you somehow end up giving away a feature to a GPL app, you know that even if the competition gains the same, they still have to make any fixes they make available to other people.
Speaking for most "businesses" everywhere.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
is it better than telnet?????
One of the best things about SSH is rsync - you only need an SSH enabled login on a machine, with a copy of rsync, to be able to efficiently copy data with block-level incremental efficiency. Even better, there are excellent backup tools such as rsnapshot that build on rsync to store multiple versions of a file in the backup file tree, using hard links to avoid storing the same version twice - so every backup is a full backup in terms of easy recovery, but an incremental backup in terms of network and storage efficiency.
See http://slashdot.org/comments.pl?sid=1371703&cid=29451267 for more about rsnapshot and friends.
The constant pissing match between GPL and BSD advocates is a bit silly IMO. It seems to me (not being a programmer but being a user of BSD and GPL licensed software) that each licence is appropriate for difference circumstances, according to the desires of the author.
It's like arguing that knives are superior to forks, so I only eat with knives! Licenses are a tool, each suitable for it's purpose.
I don't agree that the GPL "childishly punishes" anyone, nor that it is viral. It is copyright that provides the "virality" (virusness?), not the GPL, and even BSD has the requirement of attribution making it just as viral (through copyright) though with less onerous conditions.
http://marriedmansexlife.com/
Unfortunately, on OSX, while the option (-w) is documented, OpenSSH still doesn't support tunneling, even after installing tuntap.
{{.sig}}
Meh, check out Theo's wikiquote page:
"So the HP guy comes up to me (at the Melbourne conference) and he says, 'If you say nasty things like that to vendors you're not going to get anything'. I said 'no, in eight years of saying nothing, we've got nothing, and I'm going to start saying nasty things, in the hope that some of these vendors will start giving me money so I'll shut up'."
Doesn't sound much like "love" or "charity" to me. Sounds to me like a man that's tried of giving and giving and giving and never getting anything back, yet refuses to acknowledge that as long as the license doesn't require anyone to give anything back, corporations don't. Their obligations are to the stockholders, not to fair dealings. Squeeze your costs as much as possible, get as much money as possible out of your customers, turn a big profit. That's what drives most companies all the time and all companies most of the time. Theo seems to be going by much the same drive as Linus, he wants to do this "right", he wants to make the best possible product. But unlike Linus, he hasn't gotten everyone else on board.
It's possible what is in OpenBSD is better, per se. But compared to Linux it's like an obscure niche site compared to wikipedia, it's where everyone contributes and it's huge, hard to manage but ends up being so much more useful. You got people working on Linux to make it run better on everything from cell phones to supercomputers. You got people working on getting all sorts of wierd hardware work. You got people working on desktop responsiveness and heavy server workloads. You got all sorts of research work, build farms and regression tests being run all over the place. OpenSSH may be a polished gem, but it's only the front door lock. But for everything else if you're relying on the masses to develop your OS, I'm going where the masses are. That is in no small part the license, though I know there's also other reasons...
Live today, because you never know what tomorrow brings
http://lwn.net/Articles/354891/
Otherwise, OpenSSH is fantastically secure. :)
Seriously, how did parent get modded flamebate?
You Apple fanboys have to back off a little bit. Apple is a big company, they don't need you to rush to their defense every time some one posts a disparaging word.
And the truth, as the parent posted, can not be a flame.
Sig Battery depleted. Reverting to safe mode.
Yes but, does it run on Windows 7?
I tried installing sshwindows on Win7 the other day and the service wouldn't start. As far as I can tell, openssh has never officially supported Windows and never will.
Sure, it's useful for 'nix to 'nix connections, but I need my Windows PC in on the action, too.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
There are a few features in ssh related to that that a lot of people seem to be completely unaware of. The -D option runs a SOCKS4/5 proxy on a given port, which can dynamically forward things for you. As long as your client app supports SOCKS proxies, it will work transparently through this, forwarding ports as required. The -w option lets you set up the tun(4) device for forwarding. You can use this to forward at the IP or Ethernet layer. It gives you a virtual network device that forwards every frame or packet (depending on whether it's L2 or L3) to the matching interface on the other machine. You can use this to set up VPNs quite easily.
I am TheRaven on Soylent News
Install cygwin or Microsoft'w own SFU (services for unix). They give you sshd under windows, init scripts, NFS mounting etc. SFU is actually based on openbsd userspace.