Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 25 Mar 1999 10:39:56 -0800
From:      Mike Thompson <miket@dnai.com>
To:        Sheldon Hearn <sheldonh@iafrica.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Kerberos vs SSH 
Message-ID:  <4.1.19990325103002.00abc6e0@mail.dnai.com>
In-Reply-To: <375.922364125@axl.noc.iafrica.com>
References:  <Your message of "Wed, 24 Mar 1999 23:41:01 PST."             <4.1.19990324233231.00a02e40@mail.dnai.com>

next in thread | previous in thread | raw e-mail | index | archive | help
At 02:15 PM 3/25/99 +0200, Sheldon Hearn wrote:
>Why are you so interested in ssh2? It's a totally different piece of
>software from a different vendor. Are you sure it does something that
>you need done, and which ssh1 doesn't do just fine?

Being new to the security implications of web applications, it was
not apparent that SSH v2 is from a different vendor as SSH v1 (same
authors I believe). Both licenses with the shareware versions 
explicitly state the product is not to be used for commercial 
purposes and refer the reader to DataFellows to purchase a 
commercial license.  Granted, the licenses do differ in that 
SSH v1 can be used for free for such things as the internal 
operations of ISPs that are not sold as a service to users, but 
SSH v2 clearly cannot.  As a new software/internet company we 
want to be responsible for paying for the licensed software from 
both a moral and legal perspective.  

Also, one might naturally assume that SSH v2 is in active 
development and SSH v1 development has essentially stopped. 
I am beginning to thing that SSH v1 is actually a much more 
mature product that SSH v2.  It certainly seems to be a more
flexible product.

>> I am currently looking into what the licensing costs would be 
>> for us to license SSH v2 for our servers.  Does BEST.COM pay
>> to license SSH v1 or SSH v2 for internal use?
>
>There are no licensing costs involved in using ssh1.

In the COPYING file with SSH version 1.2.26 it states explicitly:

  For commercial licensing please contact Data Fellows, Ltd.  
  Data Fellows has exclusive licensing rights for the technology 
  for commercial purposes.  Data Fellows offers commercial versions 
  of SSH with maintenance agreements in addition to various 
  licensing options.

The license then goes on to indicate that SSH can actually be used
for some commercial purposes (ISPs are an example) where SSH is not 
being resold as a service or product to end users. 

My partners and I are looking to build a major web service and
the last thing we want to do is unwittingly make SSH a major 
part of our on-line web service architecture and then be hit 
with a lawsuit for licensing violations.  Not what an Internet 
start-up needs.

>Not exactly. All your Kerberos passwords are on the Kerberos server.
>However, sshd configuration still needs to be host-specific.

Got it.

Thanks,

Mike Thompson



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990325103002.00abc6e0>