version 1.54, 2000/05/01 01:18:46 |
version 1.55, 2000/05/02 10:01:25 |
|
|
<h3><font color=#e00000>OpenSSH</font></h3><p> |
<h3><font color=#e00000>OpenSSH</font></h3><p> |
|
|
What is the first thing most people do after installing OpenBSD? |
What is the first thing most people do after installing OpenBSD? |
They install Secure Shell ( |
They install Secure Shell |
<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=ssh>ssh</a>) |
(<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=ssh>ssh</a>) |
from the ports tree or the packages on the FTP sites. Until now, that is.<p> |
from the ports tree or the packages on the FTP sites. Until now, that is.<p> |
|
|
As of the upcoming 2.6 release, OpenBSD contains |
As of the 2.6 release, OpenBSD contains |
<a href="http://www.openssh.com/">OpenSSH</a>, an absolutely free and |
<a href="http://www.openssh.com/">OpenSSH</a>, an absolutely free and |
patent unencumbered version of ssh. |
patent unencumbered version of ssh. |
<a href="http://www.openssh.com/">OpenSSH</a> interoperates with ssh |
As of the OpenBSD 2.6 release date, |
version 1 and has many added features, |
<a href="http://www.openssh.com/">OpenSSH</a> interoperated with ssh |
|
version 1 and had many added features, |
<ul> |
<ul> |
<li> |
<li> |
all components of a restrictive nature (ie. patents, see |
all components of a restrictive nature (ie. patents, see |
<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=ssl>ssl</a>)) |
<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=ssl>ssl</a>)) |
have been directly removed from the source code; any licensed or |
had been directly removed from the source code; any licensed or |
patented components are chosen from external libraries. |
patented components used external libraries. |
</li> |
</li> |
<li> |
<li> |
has been updated to support ssh protocol 1.5. |
had been updated to support ssh protocol 1.5. |
</li> |
</li> |
<li> |
<li> |
contains added support for |
contained added support for |
<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=kerberos>kerberos</a> |
<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=kerberos>kerberos</a> |
authentication and ticket passing. |
authentication and ticket passing. |
</li> |
</li> |
<li> |
<li> |
supports one-time password authentication with |
supported one-time password authentication with |
<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=skey>skey</a>. |
<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=skey>skey</a>. |
</li> |
</li> |
</ul> |
</ul> |
<p> |
<p> |
|
|
We took a free license release of ssh and OpenBSD-ifyed it. We |
Roughly, we took a free license release of ssh and OpenBSD-ifyed it. |
get around the USA-based RSA patent by providing an easy way to |
We get around the USA-based RSA patent by providing an easy way to |
automatically download and install a RSA-enabled package containing |
automatically download and install a RSA-enabled package containing |
shared library versions of libcrypto and libssl. These packages are |
shared library versions of libcrypto and libssl. These packages are |
based on OpenSSL. People living outside the USA can freely use the |
based on OpenSSL. People living outside the USA can freely use the |
|
|
can use the RSA libraries too, as long as RSA is not used in a profit |
can use the RSA libraries too, as long as RSA is not used in a profit |
generating role.<p> |
generating role.<p> |
|
|
But this way almost everyone will get ssh built-in.<p> |
But this way almost everyone will get ssh built into their OS.<p> |
|
|
|
<strong>NEW! OpenSSH supports protocol 2.0!</strong><p> |
|
|
|
Recently, we have extended OpenSSH so that it also does SSH 2 protocol. |
|
Having a ssh daemon which can do all 3 major SSH protocols |
|
(1.3, 1.5, 2.0) permits us much flexibility. Protocol 2.0 does not |
|
use RSA for it's public key cryptography, relying instead on the DH |
|
and DSA algorithms. In OpenBSD 2.7 -- which will ship with the new |
|
OpenSSH -- you get protocol 2.0 support right out of the box! If |
|
you wish to also support protocol 1.3 and 1.5, you simply add the |
|
RSA package (as described our |
|
<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=ssl>ssl</a> |
|
manual page), and restart the daemon. |
|
|
<a name=prng></a> |
<a name=prng></a> |
<h3><font color=#e00000>Pseudo Random Number Generators</font></h3><p> |
<h3><font color=#e00000>Pseudo Random Number Generators</font></h3><p> |