Well, seeing how 2.0 is actually a commercial product and supposedly re-written, I can see why they'd want to sell it. If you want to run ssh and don't want to pay for it, you're stuck with the 1.x version. Those that can pay do, and those that don't whine for some reason. It's not like you couldn't take the source to 1.2.26 and alter it now, is it?
Have you ever stopped to look at the src to 2.0? Large portions of it is unfinished. Hell the only symetric ciphers they have are DES (do we even have to go here), RC4 (a stream cipher that has been implimented wrong in SSH before), and Mars (an AES candidate from IBM which has known attacks against it). -- Richard Steenbergen <humble@lightning.net> Data Innovations System Admin http://www.bitchx.com/~humble - humble@EFnet - PGP KeyID: 0x21581362 PGP Fingerprint: 7552 6AB2 B9C7 5A1B F1B6 8EA3 DFCF 793D 2158 1362 Remember - Boss spelled backwards is "double S.O.B"
At 08:09 PM 11/3/98 -0500, Richard Steenbergen wrote:
Well, seeing how 2.0 is actually a commercial product and supposedly re-written, I can see why they'd want to sell it. If you want to run ssh and don't want to pay for it, you're stuck with the 1.x version. Those that can pay do, and those that don't whine for some reason. It's not like you couldn't take the source to 1.2.26 and alter it now, is it?
Have you ever stopped to look at the src to 2.0? Large portions of it is unfinished. Hell the only symetric ciphers they have are DES (do we even have to go here), RC4 (a stream cipher that has been implimented wrong in SSH before), and Mars (an AES candidate from IBM which has known attacks against it).
We plopped v1.2.21 into production over a year (Aug97) ago. We use the F-secure WinNT client. We have not seen compelling reason to upgrade. Insignificat additional features and huge risk that our WinNT clients would also have to be upgraded. I am not aware of published exploits against this version, or higher, of SSH. We have been watching more recent version have their problems. Recently it has been the 2.x series. We feel quite justified in using what works, in production. ___________________________________________________ Roeland M.J. Meyer, ISOC (InterNIC RM993) e-mail: <mailto:rmeyer@mhsc.com>rmeyer@mhsc.com Internet phone: hawk.mhsc.com Personal web pages: <http://www.mhsc.com/~rmeyer>www.mhsc.com/~rmeyer Company web-site: <http://www.mhsc.com/>www.mhsc.com/ ___________________________________________ I bet the human brain is a kludge. -- Marvin Minsky
At 09:44 PM 11/2/98 -0800, Roeland M.J. Meyer wrote:
We plopped v1.2.21 into production over a year (Aug97) ago. We use the F-secure WinNT client. We have not seen compelling reason to upgrade. Insignificat additional features and huge risk that our WinNT clients would also have to be upgraded. I am not aware of published exploits against this version, or higher, of SSH.
Right. The kicker for me has been that i can't get a V1 client to work with V2 sshd (and BTW i can't get a V2 client to work with V1 sshd). So this would mean a wholesale upgrade of all clients, including Windex ones... Joe Loiacono Phone: (301) 794-2509 Computer Sciences Corporation Fax: (301) 794-9530
At 09:04 AM 11/3/98 -0500, Joe Loiacono wrote:
At 09:44 PM 11/2/98 -0800, Roeland M.J. Meyer wrote:
We plopped v1.2.21 into production over a year (Aug97) ago. We use the F-secure WinNT client. We have not seen compelling reason to upgrade. Insignificat additional features and huge risk that our WinNT clients would also have to be upgraded. I am not aware of published exploits against this version, or higher, of SSH.
Right. The kicker for me has been that i can't get a V1 client to work with V2 sshd (and BTW i can't get a V2 client to work with V1 sshd). So this would mean a wholesale upgrade of all clients, including Windex ones...
Joe Loiacono Phone: (301) 794-2509 Computer Sciences Corporation Fax: (301) 794-9530
We've currently got F-secure WinNT client v1.1 installed on our PCs. We also have both ssh V1 and V2 installed on Unix servers. The V2 sshd recognizes V1 connections and passes them off to the V1 sshd. The trick I had to stumble on is that you have to have both V1 sshd and V2 sshd installed, with V2 sshd running as the default ssh. Connections from a V2 ssh likewise will pass the outgoing connection off to the V1 ssh if the remote server is a V1 server. Again, you have to have both V1 and V2 clients installed to make this work. Dan -- Dan Watts Vitts Networks dwatts@vitts.com
participants (4)
-
Dan Watts
-
Joe Loiacono
-
Richard Steenbergen
-
Roeland M.J. Meyer