OpenSSH/scp ->> F-Secure SSH server Problems

mouring at etoh.eviladmin.org mouring at etoh.eviladmin.org
Tue Mar 13 11:39:35 EST 2001


On Mon, 12 Mar 2001, Thor Lancelot Simon wrote:
[..]
> 
> Ergo, a small, lightweight SSH implementation, even one that did v2,
> might quite reasonably choose to *not* implement SFTP; to me, at least,
> it sure seems to bring very little to the table in return for a lot
> of increase in code size and maintenance.  But that's just my point
> of view; clearly some people have put a lot of work into advancing
> SFTP and they must have a more substantial use for it than I do.
> 

How do you assure Windows end-users can transfer and manage files to a
webserver in a secure way?  Is there publicly accessable IPSec software
for Windows 98? What about TLS?  What about GSSAPI?  How much added load
do they put on a 200mhz - 400mhz machine?  Are they 100% stable and
usable?  How do they interact over dialups?  What unforseen issues will
crop up for day to day usage online and offline?

You seem to be suggesting that I should have to suffer for two to ten
years before older technology that is not progressing at any decent
rate to be cross-platform supported and commonly used.  Or maybe your
suggestion I need to wait twenty or more years before UNIX (Linux, BSD,
etc) are common desktop machines and this technology is then native.  I
consider it pretty unacceptable.

I need something today that will allow me to security against poorly
written ftpd attacks, against password sniffing, etc.  When we gained sftp
server support I started in look for a sftp client solution for my
end-users.

sftp is totally optional.  It's not even part of the main v2 specs.  It is
an add-on draft that is no required.  So if you don't want it.  Don't
enable it.  

- Ben






More information about the openssh-unix-dev mailing list