OpenSSH Going Strong After 10 Years With Release of v5.3

An anonymous reader writes "OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. It encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions. Version 5.3 marks the 10th anniversary of the OpenSSH project."

I know I'm not alone in this...

[93+Escort+Wagon]

Thank you to everyone that's worked on OpenSSH over its lifetime - it's certainly made my (working) life easier.

And, unlike the Slashdot submission system, OpenSSH pretty much always works!

How was life possible without it?

[stox]

To think we used to use telnet and rlogin to access everything.

OpenSSH is a far more significant technology than it has gotten credit for.

Re:How was life possible without it?

[evilviper]

The original OpenSSH implementation was based on Tatu's code.

Yes it was. But Tatu's SSH was the old, insecure protocol.

And there were many secure remote access tools before it. kerberized telnet, telnet/ftp over SSL, and limitless others.

It's not the magical protocol (which is quite similar to SSL plus RSH/RCP), or the initial few lines of code that got it started. It's the fact that it was open, secure, widely available, and being pushed by the OpenSSH folks to be used as the default form of remote access on Unix systems.

Tatu didn't have anything to do with it. He was too busy commercializing it, and repeatedly threatened, and then suing the OpenSSH project for all their hard work. If he had chosen to keep SSH open, we'd have been a LOT further along. As other posters correctly remember, support for SSH very nearly died with that step. Many programs included SSHv1 support, and then just stagnated and let the code rot. If not for OpenSSH, it would be another relic of secure telnet protocols tried and failed, not having gone anywhere, and we'd go merrily along, using telnet and rsh, bemoaning the fact that it's so insecure, and that nothing better ever came along.

Re:How was life possible without it?

Version 2 of the SSH protocol was also developed by Tatu YlÃnen and his company SSH Communication Security. It was just that they when they made the new, improved protocol they also switched to a proprietary license with SSH v2. It took a couple of years before the OpenBSD folks had developed the open source SSH v1 code to the point where it supported all features of the SSH v2 protocol. The two implementations of v2 still aren't fully compatible on client-side stuff like key storage, but nowadays it is the proprietary SSH that is considered the odd one out.

I don't consider Tatu YlÃnen here as a bad guy. What he has given to the world free of charge is 1) the SSH v1 protocol specification, 2) the SSH v1 open source implementation, and 3) the SSH v2 protocol specification. On top of that he has managed to make a living off of the SSH v2 code, and he certainly has the right to do that.

10 years of fear reading sec lists

[VonGuard]

No matter the OS, no matter the exploit, that name alone in the title of an email to bugtraq can send shivers down the spine.

Re:i dont need ssh

[MichaelSmith]

All that gives me is a web page with tentacle porn....

Re:i dont need ssh

[David_W]

since lately i can't even seem to remember what my password is

It's hunter2.

Re:i dont need ssh

For the young folk who are scratching their heads...

http://www.bash.org/?244321