UPGRADING text

Damien Miller djm at mindrot.org
Tue Nov 16 08:02:00 EST 1999


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Thanks to Michael H. Warfield <mhw at wittsend.com> for reminding me of
the need for upgrade instructions. The following text will be included
in the UPGRADING file in the next release:

Niels & Markus - have I missed anything? Feel free to adapt this for 
your own purposes if you so desire.

Regards,
Damien Miller

- ----------

OpenSSH is almost completely compatible with the commercial SSH 1.2.x.
There are, however, a few exceptions that you will need to bear in
mind while upgrading:

1. OpenSSH does not support any patented transport algorithms.

Only 3DES and Blowfish can be selected. This difference may manifest
itself in the ssh command refusing to read its config files.

Solution: Edit ssh_config and select a different "Cipher" option 
("3des" or "blowfish"). "3des" is the default and is considered the
most secure, "blowfish" is significantly faster.

2. Old versions of commercial SSH encrypt host keys with IDEA

The old versions of SSH used a patented algorithm to encrypt their
ssh_host_key files.

This problem will manifest as sshd not being able to read its host
key.

Solution: You will need to run the *commercial* version of ssh-keygen
over the host's private key:

ssh-keygen -u /path/to/ssh_host_key

3. Incompatible changes to sshd_config format.

OpenSSH extends the sshd_config file format in a number of ways. There
is currently one change which is incompatible.

Commercial SSH controlled logging using the "QuietMode" and
"FascistLogging" directives. OpenSSH introduces a more general set of
logging options "SyslogFacility" and "LogLevel". See the sshd manual
page for details.

- ----------


- --
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE4MHTQormJ9RG1dI8RAjW4AJ489xMeoSZOinUyfueqdbcnlE4N0wCg1PGY
XeJUTxVhdufdu79iQxm7lx4=
=4yJn
-----END PGP SIGNATURE-----






More information about the openssh-unix-dev mailing list