Date: Mon, 3 Jan 2000 09:07:08 -0500 From: David Rankin <drankin@bohemians.lexington.ky.us> To: Damien Miller <djm@mindrot.org> Cc: Robert Watson <robert+freebsd@cyrus.watson.org>, David Rankin <drankin@bohemians.lexington.ky.us>, Brian Fundakowski Feldman <green@FreeBSD.org>, "Michael H. Warfield" <mhw@wittsend.com>, Dug Song <dugsong@monkey.org>, security@FreeBSD.org, openssh-unix-dev@mindrot.org Subject: Re: OpenSSH protocol 1.6 proposal Message-ID: <20000103090708.A3780@rumpole.bohemians.lexington.ky.us> In-Reply-To: <Pine.LNX.4.10.10001031922560.661-100000@mothra.mindrot.org>; from Damien Miller on Mon, Jan 03, 2000 at 07:30:58PM %2B1100 References: <Pine.BSF.3.96.1000103022509.7881A-100000@fledge.watson.org> <Pine.LNX.4.10.10001031922560.661-100000@mothra.mindrot.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jan 03, 2000 at 07:30:58PM +1100, Damien Miller wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > While I agree that a free version of SSH 2.x is a worthwhile goal, > it will take _months_ of effort (of course I would be happy to be > proved wrong on this). It's probably a 2-4 month job to take OpenSSH 1.2.1 and implement SSH 2.0 start to finish, but it could be significantly less. The main difference between 1.5 and 2.0 is the change in the transport protocol (and those aren't that major). All of the encryption changes (DSS/DSA, blowfish, etc.) are already in OpenSSL, with the exception of twofish. > We already have a strong SSH 1.x implementation, why not clean up its > few remaining nits (which may take only weeks)? Please don't get me wrong. I believe that OpenSSH 1.2.1 needs to be working now. I just happen to think that extending the SSH 1.5 protocol should yield to implementing the 2.0 protocol, especially where the 1.6 features are a subset of the 2.0 protocol. Of course IMHO. > Apart from standards-compliance, what does SSH2 buy you over a cleaned > up SSH1? I know it's been mentioned already, but the #1 is you can do PAM challenge/response authentication correctly. You can also handle "You must change your password" correctly. David -- David W. Rankin, Jr. Husband, Father, and UNIX Sysadmin. Email: drankin@bohemians.lexington.ky.us Address/Phone Number: Ask me. "It is no great thing to be humble when you are brought low; but to be humble when you are praised is a great and rare accomplishment." St. Bernard To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000103090708.A3780>