OpenSSH Goals

Our goal is simple: Since telnet and rlogin are insecure, all operating systems should ship with support for the SSH protocol included.

The SSH protocol is available in two incompatible varieties: SSH 1 and SSH 2.

The older SSH 1 protocol comes in two major sub-variants: protocol 1.3 and protocol 1.5. Support for both has been removed from OpenSSH as of the 7.6 release. Both of them used the asymmetric cryptography algorithm RSA (for which the USA patent has expired, allowing full use by everyone) for key negotiation and authentication, 3DES and Blowfish for privacy. It used a simple CRC for data integrity, which turns out to be flawed.

The second major variety of SSH is the SSH 2 protocol. SSH 2 was invented to avoid the patent issues regarding RSA (patent issues which no longer apply, since the patent has expired), to fix the CRC data integrity problem that SSH1 has, and for a number of other technical reasons. By requiring only the asymmetric DSA and DH algorithms, protocol 2 avoids all patents. The CRC problem is also solved by using a real HMAC algorithm. The SSH 2 protocol supports many other choices for symmetric and asymmetric ciphers, as well as many other new features.

OpenSSH relies on the LibreSSL library for some of its cryptographic routines, AES-GCM being one example.

Continuing that trend, the OpenBSD project members who worked on OpenSSH made a push at supporting the SSH 2 protocol as well. This work was primarily done by Markus Friedl. Around May 4, 2000, the SSH 2 protocol support was implemented sufficiently to be usable.