Date: Wed, 3 May 2000 11:24:26 -0700 (PDT) From: "Eric J. Schwertfeger" <ejs@bfd.com> To: Forrest Aldrich <forrie@forrie.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: OpenSSH algorithms Message-ID: <Pine.BSF.4.10.10005031109350.5772-100000@harlie.bfd.com> In-Reply-To: <4.3.1.2.20000503140108.00b5e340@216.67.12.69>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 3 May 2000, Forrest Aldrich wrote: > Does our OpenSSH port only use the RSA algorithm? I didn't see any > options to use other algorithms (idea, etc) which may be free from > patent issues. This would be a good thing to have, IMHO, and would > avoid all these other problems with RSA usage. > > Or did I miss something :) As I understand it, the RSA algorithm is used in multiple parts of the ssh1 protocol, hardcoded in at least one place, but can be substituted in at least one place. Unfortunately, this means that OpenSSH is still a no-no for those that can't use RSAREF (commercial use within the US). I've got most of an lsh port done (LSH being a GPL SECSH (ssh2) implementation), and would appreciate some wider testing before I submit it. http://geekzilla.geekazoid.com/lsh/ if you want to see what I've got. I should be upgrading the port from 0.9.5 to 0.9.7 this weekend at the latest, though I haven't heard of any major stability improvements in that step. The only parts of 0.9.5 that didn't compile cleanly involve assuming that /bin/sh is a bash shell (lsh-authorize is the big problem there, so I included a major rewrite of it that works for /bin/sh) and some minor problems in the configure script that triggers a bug in /bin/sh in FreeBSD versions prior to 3.4R (approximately). As to the status of LSH on FreeBSD, it works at least mostly-reliably at the sites I've got it installed at (I've been told of one connection that died unexplicably). Remote login seems the most solid, and remote execution works well enough for rsync to work, though there seems to be an issue with stdout not getting completely flushed before the connection gets torn down (This doesn't affect rsync, since it gets confirmation before closing everything down). Private keys are *NOT* currently passphrase-protected, though it looks like that is coming soon (0.9.7 implements it for the keywrite command, but not for the lsh command itself). Since the SECSH RFC doesn't define any rcp-like ability, lsh doesn't have the ability to do that yet, though it is coming. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10005031109350.5772-100000>