www/crypto.html - diff

Return to crypto.html CVS log

Up to [local] / www

Diff for /www/crypto.html between version 1.54 and 1.55

version 1.54, 2000/05/01 01:18:46

version 1.55, 2000/05/02 10:01:25

Line 84

<h3><font color=#e00000>OpenSSH</font></h3><p>

What is the first thing most people do after installing OpenBSD?

They install Secure Shell (

They install Secure Shell

<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=ssh>ssh</a>)

(<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=ssh>ssh</a>)

from the ports tree or the packages on the FTP sites. Until now, that is.<p>

As of the upcoming 2.6 release, OpenBSD contains

As of the 2.6 release, OpenBSD contains

<a href="http://www.openssh.com/">OpenSSH</a>, an absolutely free and

patent unencumbered version of ssh.

<a href="http://www.openssh.com/">OpenSSH</a> interoperates with ssh

As of the OpenBSD 2.6 release date,

version 1 and has many added features,

<a href="http://www.openssh.com/">OpenSSH</a> interoperated with ssh

version 1 and had many added features,

<ul>

<li>

all components of a restrictive nature (ie. patents, see

<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=ssl>ssl</a>))

have been directly removed from the source code; any licensed or

had been directly removed from the source code; any licensed or

patented components are chosen from external libraries.

patented components used external libraries.

</li>

<li>

has been updated to support ssh protocol 1.5.

had been updated to support ssh protocol 1.5.

</li>

<li>

contains added support for

contained added support for

<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=kerberos>kerberos</a>

authentication and ticket passing.

</li>

<li>

supports one-time password authentication with

supported one-time password authentication with

<a href=http://www.openbsd.org/cgi-bin/man.cgi?query=skey>skey</a>.

</li>

</ul>

<p>

We took a free license release of ssh and OpenBSD-ifyed it. We

Roughly, we took a free license release of ssh and OpenBSD-ifyed it.

get around the USA-based RSA patent by providing an easy way to

We get around the USA-based RSA patent by providing an easy way to

automatically download and install a RSA-enabled package containing

shared library versions of libcrypto and libssl. These packages are

based on OpenSSL. People living outside the USA can freely use the

Line 125

Line 126

can use the RSA libraries too, as long as RSA is not used in a profit

generating role.<p>

But this way almost everyone will get ssh built-in.<p>

But this way almost everyone will get ssh built into their OS.<p>

<strong>NEW! OpenSSH supports protocol 2.0!</strong><p>

Recently, we have extended OpenSSH so that it also does SSH 2 protocol.

Having a ssh daemon which can do all 3 major SSH protocols

(1.3, 1.5, 2.0) permits us much flexibility. Protocol 2.0 does not

use RSA for it's public key cryptography, relying instead on the DH

and DSA algorithms. In OpenBSD 2.7 -- which will ship with the new

OpenSSH -- you get protocol 2.0 support right out of the box! If

you wish to also support protocol 1.3 and 1.5, you simply add the

RSA package (as described our

manual page), and restart the daemon.

<h3><font color=#e00000>Pseudo Random Number Generators</font></h3><p>