Open SSH question

Jim Knoble jmknoble at pobox.com
Tue Aug 26 08:37:05 EST 2003 

Circa 2003-08-25 09:53:22 -0600 dixit STrujillo at BudgetTruck.com:

: If we download a copy of this software to a business machine for
: internal business usage only will we need to purchase licenses for
: each individual that will be accessing this application.  [1]
: 
: How do you protect your downloads from viruses when they are
: downloaded to keep my computer from getting infected?  [2]
: 
: Is Binary coding for compiling available for us to use?  [3]

Circa 2003-08-25 13:25:28 -0600 dixit STrujillo at BudgetTruck.com:

  [the same thing]


I've numbered your questions above, and my answers are numbered the
same way.

(1) OpenSSH is free software.  You don't need to purchase any licenses
    to use it.  In fact, you can copy it, modify it, sell it,
    distribute it, or hang it on your wall---the only requirement is
    that you preserve the copyright notices included with the software.

    By the same token, OpenSSH comes with no warranty.  You can do
    whatever you want with it, but there is no one to blame if
    something goes wrong or if it does not meet your expectations.

(2) OpenSSH is generally distributed as "source code" which must be
    configured, compiled, and installed onto a target system before it
    is usable.

    The OpenSSH source code is available from the locations listed on
    the OpenSSH website ( http://www.openssh.com/portable.html ).
    Detached cryptographic signatures are available from the same
    locations.  You can use the (freely available) GnuPG tool
    ( http://www.gnupg.org/ ) to verify the signature against the
    archive containing the source code.  The public key necessary to
    validate the signatures is also available from the same locations
    as the source code, but it's not a good idea to trust that key;
    it's better to get the necessary key from a public keyserver (or,
    even better, from someone you trust).

    Various kinds of pre-compiled packages of OpenSSH are available;
    you should only use these if you trust their source and can verify
    the integrity of the packages yourself.

(3) See answer number 2 above.

Good luck.

--
jim knoble  |  jmknoble at pobox.com  |  http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
"We have guided missiles and misguided men." --Martin Luther King, Jr.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 256 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20030825/7f49bc34/attachment.bin

More information about the openssh-unix-dev mailing list