OpenSSH protocol 1.6 proposal
David Rankin
drankin at bohemians.lexington.ky.us
Tue Jan 4 01:07:08 EST 2000
On Mon, Jan 03, 2000 at 07:30:58PM +1100, Damien Miller wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> While I agree that a free version of SSH 2.x is a worthwhile goal,
> it will take _months_ of effort (of course I would be happy to be
> proved wrong on this).
It's probably a 2-4 month job to take OpenSSH 1.2.1 and implement SSH 2.0
start to finish, but it could be significantly less. The main difference
between 1.5 and 2.0 is the change in the transport protocol (and those
aren't that major). All of the encryption changes (DSS/DSA, blowfish, etc.)
are already in OpenSSL, with the exception of twofish.
> We already have a strong SSH 1.x implementation, why not clean up its
> few remaining nits (which may take only weeks)?
Please don't get me wrong. I believe that OpenSSH 1.2.1 needs to be
working now. I just happen to think that extending the SSH 1.5 protocol
should yield to implementing the 2.0 protocol, especially where the 1.6
features are a subset of the 2.0 protocol. Of course IMHO.
> Apart from standards-compliance, what does SSH2 buy you over a cleaned
> up SSH1?
I know it's been mentioned already, but the #1 is you can do PAM
challenge/response authentication correctly. You can also handle
"You must change your password" correctly.
David
--
David W. Rankin, Jr. Husband, Father, and UNIX Sysadmin.
Email: drankin at bohemians.lexington.ky.us Address/Phone Number: Ask me.
"It is no great thing to be humble when you are brought low; but to be humble
when you are praised is a great and rare accomplishment." St. Bernard
More information about the openssh-unix-dev
mailing list