OT: reasoning behind open vs. closed SSH

Jake Hawkes jakehawkes2001 at yahoo.com
Tue Nov 25 03:28:13 EST 2003

Let me preface this message by saying that the "General Discusion" mailing list archived was
filled with 99% spam, so I though I'd post here instead to get some real people.

My employer is using SSH to replace rcp, rsh and rlogin in its UNIX products.

Our experience so far is that the commercial product is slow(1), and difficult to use in scripts
where standard input and output are being used, especially if not attached to a terminal.

(1) This could be caused by the type of authentication we are using

Also, the support is woefull.  One of our guys was on-site at a customer, called SSH up for
support and was told that the problem he was having is a "known bug" and there is no way around it
at the moment.

My question is, what reasons should we go with the commercial product?  Reasons given me have
  1 - support
  2 - legal liability
  3 - upgrades and patches
  4 - more secure

All of these seem bunk to me.

My company has told me that the reasons they are going with SSH from SSH Communications Security
Corp are basing on a whitepaper entitled:

SSH Secure Shell vs.Open Source Secure Shell:
Deployment Considerations for Enterprises, Financial Institutions, and Government Agencies

Instead of trying to explain the bias the artical has, perhaps I'll just quote the opening

"This paper discusses the differences between SSH Secure Shell, a commercial Secure Shell
application developed by the original inventor of the Secure Shell protocol, SSH Communications
Security Corp, and an open source application, OpenSSH.

Open source applications play an important role in academia, home use, non-profit organizations,
and non-commercial applications. In general, open source applications are sufficient when support
and downtime do not play a critical role. 

Commercial applications satisfy the critical business needs of enterprises, government agencies,
and financial institutions. Commercial applications provide features that are developed
specifically to address customer needs and are supported by a professional organization. Many open
source applications lack robust features that are needed in today’s business environments,
including quick resolution to support issues."

"© 2003 SSH Communications Security Corp. All rights reserved. ssh is a registered
trademark of SSH Communications Security Corp in the United States and in certain other
jurisdictions. The SSH logo, SSH2, and SSH Secure Shell are trademarks of SSH Communications
Security Corp and may be registered in certain jurisdictions. All other names and marks are the
property of their respective owners."
[ Full whitepaper available here
http://www.infinitylimited.net/code/SSH%20vs%20OpenSSH%20-%20March%202003_FINAL.pdf ]

Does anyone have any comments?

Jacob Hawkes, B. Eng (CSE)
jakehawkes2001 at yahoo.com

Do you Yahoo!?
Free Pop-Up Blocker - Get it now

More information about the openssh-unix-dev mailing list