Date: Wed, 4 Aug 1999 09:36:36 -0700 (PDT) From: "Eric J. Schwertfeger" <ejs@bfd.com> To: Slawek Zak <zaks@prioris.im.pw.edu.pl> Cc: Doug <Doug@gorean.org>, Thomas Mullaney <thomas@pepperell.net>, Charles Randall <crandall@matchlogic.com>, freebsd-questions@FreeBSD.ORG Subject: Re: ssh/ssh2 Message-ID: <Pine.BSF.4.05.9908040919070.19100-100000@harlie.bfd.com> In-Reply-To: <87iu6w4gyi.fsf@prioris.im.pw.edu.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4 Aug 1999, Slawek Zak wrote: > ** "Eric J. Schwertfeger" <ejs@bfd.com> wrote: > > Eric> On Mon, 2 Aug 1999, Doug wrote: > >> You can search the archives for this list and bugtraq to get a > >> better idea. Put another way, ssh version 1 is well tested and > >> free, whereas version 2 is less well tested, new, costs money > >> to use, and has no features that version 1 doesn't have. So, > >> why use version 2? > > Eric> Version 1 uses the RSA encryption algorithm, which isn't > Eric> free for commercial use within the US. > > prioris% ssh -v > SSH Version 1.2.26 [.......] > Standard version. Does not use RSAREF. From the SSH FAQ, section 2.5.1 SSH version 1.2.X "...Encryption keys are exchanged using RSA, and data used in the key exchange is destroyed every hour (keys are not saved anywhere). Every host has an RSA key which is used to authenticate the host when RSA host authentication is used... ... RSA keys are also used to authenticate hosts." Please note that no alternatives are used for Key exchange or host authentication. The v1 protocol doesn't allow for other key echange encryption algorithms. As I understand it, you can build it with or without RSAREF, but if you build it without RSAREF, it includes its own RSA implementation. The legal issues were the main reason for the development of ssh2. You can use RSAREF in noncommercial environments within the USA. You can license the technology, you can move outside the country, or you can break the law. I'm not a net laywer, but I do try to follow the legal issues involving crypto. This is also not a statement of endorsement of the RSA patent. You can compile openSSL to not include RSA and other infringing algorithms, but then you couldn't use that to compile against ssh. You could probably get SSLrsh to compile against it, however. You could also try the lsh implementation, which uses the SSH v2 protocol, though it is still in development stage, and requires some special patches to interoperate with ssh2. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9908040919070.19100-100000>