×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

OpenSSH Going Strong After 10 Years With Release of v5.3

timothy posted more than 4 years ago | from the can't-even-speak-plainly dept.

Encryption 249

An anonymous reader writes "OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. It encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions. Version 5.3 marks the 10th anniversary of the OpenSSH project."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

249 comments

I know I'm not alone in this... (5, Insightful)

93 Escort Wagon (326346) | more than 4 years ago | (#29613359)

Thank you to everyone that's worked on OpenSSH over its lifetime - it's certainly made my (working) life easier.

And, unlike the Slashdot submission system, OpenSSH pretty much always works!

Re:I know I'm not alone in this... (4, Informative)

e9th (652576) | more than 4 years ago | (#29613391)

Please consider buying one or more of their so-ugly-they're-cute T-shirts. [openssh.org]

Re:I know I'm not alone in this... (1)

the_humeister (922869) | more than 4 years ago | (#29613509)

I'd rather just donate the money directly to the project. I have enough nerdy t-shirts.

Re:I know I'm not alone in this... (0)

Anonymous Coward | more than 4 years ago | (#29613589)

Hey, that's even better! Of course, then the coolness of owning a Puffy tee is missing.

Re:I know I'm not alone in this... (1)

BikeHelmet (1437881) | more than 4 years ago | (#29613469)

You noticed that too, huh?

I was going to make a "First Post - after 2 hours!" joke, but the submission error prevented me.

Congrats, OpenSSH team! I think anyone that has used linux has probably used SSH, intentionally or not!

Re:I know I'm not alone in this... (-1, Flamebait)

Brian Gordon (987471) | more than 4 years ago | (#29613495)

Slashdot is a news site. We don't need to be notified every time something exists for 10 years. Unless this "encrypting traffic" thing is new in OpenSSH v5.3

Re:I know I'm not alone in this... (3, Insightful)

grub (11606) | more than 4 years ago | (#29613711)


Slashdot is a news site. We don't need to be notified every time something exists for 10 years. Unless this "encrypting traffic" thing is new in OpenSSH v5.3

It's not new to OpenSSH but OpenBSD's default disabling of telnet (when everyone used it) and pushing OpenSSH helped make secure connections the standard.

Re:I know I'm not alone in this... (-1, Troll)

Anonymous Coward | more than 4 years ago | (#29613593)

just shut the fuck up you dumb bitch. no one gives a fuck about you.

Re:I know I'm not alone in this... (1)

velen (1198819) | more than 4 years ago | (#29614251)

Life with openssh is hard to imagine. We use it without a second thought these days. A very big thank you to all those who contributed to it.

Re:I know I'm not alone in this... (0)

Anonymous Coward | more than 4 years ago | (#29614417)

First time posting on slashdot, I just want to say thanks to the OpenSSH people in case one of them read these comments. I use SSH daily to access my work computer, it certainly makes life easier. Cheers and thanks for keeping it free!

Happy birth-day OpenSSH (2, Funny)

La Gris (531858) | more than 4 years ago | (#29613379)

This wonder-full versatile tool shaped the world of remote administration or the other way round.

Would you ?

1) Abandon SSH or OpenSSH
2) Loose an arm
3) I'm a snake
4) Telnet everywhere
5) I live in a data-center

Re:Happy birth-day OpenSSH (2, Funny)

CSMatt (1175471) | more than 4 years ago | (#29613409)

3) I'm a snake
5) I live in a data-center

Huh?

Re:Happy birth-day OpenSSH (0)

Anonymous Coward | more than 4 years ago | (#29613445)

You know.......For the kids!

Re:Happy birth-day OpenSSH (2, Funny)

dragonturtle69 (1002892) | more than 4 years ago | (#29613489)

I think something was lost in the translation in that post, French to English.

Re:Happy birth-day OpenSSH (1)

Derleth (197102) | more than 4 years ago | (#29613825)

Has anyone really been far even as decided to use even go want to do look more like?

MEOW! MEOW! MEOW!

La Lune Noir! Noir! Chat!

Re:Happy birth-day OpenSSH (4, Funny)

holloway (46404) | more than 4 years ago | (#29613805)

3) I'm a snake

Huh?

Step 4 ????
Step 5 Badger badger badger badger badger

Re:Happy birth-day OpenSSH (1)

Derleth (197102) | more than 4 years ago | (#29613815)

6) My toad loves cheese

7) I live with two mimes, and I cannot scream

8) Loose a thumb, but only on Thursdays

9) I'm a wallaby. Mooo!

10) Unicorn. Love. Hate.

11) Understanding you'r Swede

And best of all... (2, Insightful)

Timothy Brownawell (627747) | more than 4 years ago | (#29613385)

...it remembers what key goes with what server, rather than unconditionally giving each of a few dozen outside groups the ability to tell it that yes, your secure server really did just get a new key (so that new Russian IP address must be correct).

but does it... (0, Flamebait)

postmortem (906676) | more than 4 years ago | (#29613387)

run on iPhone?

Nope, it does not without unlocking the phone from Apple to you.

Re:but does it... (1, Informative)

Anonymous Coward | more than 4 years ago | (#29613583)

run on iPhone?

It sure does. TouchTerm, for example, uses OpenSSH.
http://jbrink.net/touchterm/

Re:but does it... (2, Informative)

MichaelSmith (789609) | more than 4 years ago | (#29613703)

run on iPhone?

It sure does. TouchTerm, for example, uses OpenSSH.
http://jbrink.net/touchterm/ [jbrink.net]

Not the server though.

Re:but does it... (1)

tlhIngan (30335) | more than 4 years ago | (#29613809)

run on iPhone?

It sure does. TouchTerm, for example, uses OpenSSH.
http://jbrink.net/touchterm/ [jbrink.net]

Not the server though.

Jailbreak it. OpenSSH is a package available via Cydia, including the server.

localhost:~ mobile$ uname -a
Darwin localhost 9.4.1 Darwin Kernel Version 9.4.1: Sat Nov 1 19:09:48 PDT 2008
; root:xnu-1228.7.36~2/RELEASE_ARM_S5L8900X iPhone1,1 arm M68AP Darwin
localhost:~ mobile$ ps auxwww | grep sshd
mobile 565 6.0 0.5 273304 644 s001 R+ 9:01PM 0:00.04 grep sshd
 
root 559 0.0 0.0 0 0 ?? 9:00PM 0:00.00 (sshd)
localhost:~ mobile$

Just remember to install bsd-utils and change the password for root and mobile.

Thanks OpenBSD (4, Insightful)

Spit (23158) | more than 4 years ago | (#29613415)

For the rest as well.

Re:Thanks OpenBSD (3, Insightful)

atheistmonk (1268392) | more than 4 years ago | (#29613613)

They really are a gift that keeps giving. I'm not really much of an OpenBSD user... I don't always like that Theo de Raadt assumes he knows what's best for me. Unfortunately... He's probably right. May it live forever and spawn more and more secure and useful tools for the F/OSS world.

Re:Thanks OpenBSD (4, Interesting)

JackieBrown (987087) | more than 4 years ago | (#29613857)

What is interesting is how secure and easy it is to use.

I use it with fuse to mount my networked partitions. It involved no work and the fact that it is secure is just a bonus since there is no noticable speed loss for my transfers

Re:Thanks OpenBSD (4, Insightful)

Anonymous Coward | more than 4 years ago | (#29614141)

Theo de Raadt is not all powerful. The project is stagnating now in some areas in spite of him being the leader. However nobody can deny he and his team are some of the best programmers around.
OpenBSD source code is the best I have ever seen and the first thing I do on any new Linux installation is to install OpenBSD tools.
Really if someone is reading this and wants to flee the Linux gulag, OpenBSD is a system to check. It is not the fastest, it is not the smallest, but it is the most secure and consistent.

Re:Thanks OpenBSD (0)

Anonymous Coward | more than 4 years ago | (#29613835)

MOD PARENT UP. Thanks Theo.

Re:Thanks OpenBSD (3, Informative)

Dadoo (899435) | more than 4 years ago | (#29614097)

I'd like to thank the OpenBSD project, as well, but I'd also like to point out a few issues.

OpenSSH still won't work with certificates signed by a CA.

OpenSSH doesn't allow an unencrypted connection (after authentication). Not all CPUs can encrypt/decrypt at 1Gbps.

OpenSSH doesn't work - as advertised - with an exclamation point in a "Match" statement.

Other than that, OpenSSH is possibly one of the most capable and reliable pieces of software I've ever had the privilege to use.

How was life possible without it? (5, Insightful)

stox (131684) | more than 4 years ago | (#29613419)

To think we used to use telnet and rlogin to access everything.

OpenSSH is a far more significant technology than it has gotten credit for.

Re:How was life possible without it? (3, Funny)

the_humeister (922869) | more than 4 years ago | (#29613515)

Same with zippers. What would life be like without zippers?

Re:How was life possible without it? (4, Funny)

grub (11606) | more than 4 years ago | (#29613743)


What would life be like without zippers?

I'd have far fewer painful memories of getting wang-skin caught in them.
R

Re:How was life possible without it? (2, Insightful)

evil_aar0n (1001515) | more than 4 years ago | (#29613793)

Just a suggestion, but maybe you should wear underwear... Of course, there are situations where you have to zip-and-dash, like when your girlfriend's husband walks in, unannounced - the nerve... - but, generally, I've found that the judicious use of Underoos helps prevent biting zip-ups.

Re:How was life possible without it? (1)

grcumb (781340) | more than 4 years ago | (#29613919)

Same with zippers. What would life be like without zippers?

I have 4 pairs of Levi 501s, you insensitive clod!

(And one pair of 504s - endlessly and sometimes comically confusing, especially in crucial moments.)

Re:How was life possible without it? (3, Insightful)

Anonymous Coward | more than 4 years ago | (#29613541)

Except OpenSSH really shouldn't get the credit. Tatu Ylönen created ssh, not OpenBSD. The original OpenSSH implementation was based on Tatu's code. I'm not arguing that OpenSSH isn't useful, or that they haven't done good work, but it is not the origin of the technology.

Re:How was life possible without it? (5, Informative)

evilviper (135110) | more than 4 years ago | (#29613987)

The original OpenSSH implementation was based on Tatu's code.

Yes it was. But Tatu's SSH was the old, insecure protocol.

And there were many secure remote access tools before it. kerberized telnet, telnet/ftp over SSL, and limitless others.

It's not the magical protocol (which is quite similar to SSL plus RSH/RCP), or the initial few lines of code that got it started. It's the fact that it was open, secure, widely available, and being pushed by the OpenSSH folks to be used as the default form of remote access on Unix systems.

Tatu didn't have anything to do with it. He was too busy commercializing it, and repeatedly threatened, and then suing the OpenSSH project for all their hard work. If he had chosen to keep SSH open, we'd have been a LOT further along. As other posters correctly remember, support for SSH very nearly died with that step. Many programs included SSHv1 support, and then just stagnated and let the code rot. If not for OpenSSH, it would be another relic of secure telnet protocols tried and failed, not having gone anywhere, and we'd go merrily along, using telnet and rsh, bemoaning the fact that it's so insecure, and that nothing better ever came along.

Re:How was life possible without it? (1)

mlts (1038732) | more than 4 years ago | (#29614527)

The only other protocol available at the time that might have even approached SSH would be a SSL based telnet. I'm not sure how rlogin would have been secured (because it is UDP based), but it likely would be nowhere near as elegant as what ssh offers.

To boot, neither telnet or rlogin offered port forwarding (which meant an easy way to use X clients over an insecure network), variable security methods (so you wouldn't need to worry about a password, but could use a private .identity key), multiple encryption algorithms (in v2.)

So overall, even with the hurdle of the ssh/openSSH mess in the early part of the decade and the re-implementation of v1 and v2 of the protocol, ssh is as part of daily life for almost any admin as DHCP is, perhaps more so since a lot of admins use static IPs.

10 years of fear reading sec lists (5, Insightful)

VonGuard (39260) | more than 4 years ago | (#29613429)

No matter the OS, no matter the exploit, that name alone in the title of an email to bugtraq can send shivers down the spine.

Re:10 years of fear reading sec lists (0)

Anonymous Coward | more than 4 years ago | (#29613567)

yes, OpenSSH is very cool, but for a couple years it was the exploit of the month.

Uh, update every OpenSSH install to latest version x.y.z , we cannot tell you why, you MUST update NOW, across every OS, across every server, NOW. Within two days, do regression tests on all versions of your OS and distribute updates to all your clients, and have them update NOW. Sorry, cannot tell you why though.

For a while I had telnet open (for local connects across my LAN) because I would have to disable openssh from the world, except for telnet from my two remote locations. Yea, good times....

Re:10 years of fear reading sec lists (1)

_Sprocket_ (42527) | more than 4 years ago | (#29614279)

I remember more rumors of vulnerabilities than vulnerabilities. Not that there weren't any - there have been more than a dozen vulnerabilities over the last decade. But the fear of an exploit seemed to be the exploit as often as an actual bug discovery.

Yay! (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29613443)

The copy/paste bug in Solaris has been fixed!

 

* Skip the tcgetattr call on the pty master on Solaris, since it never
      succeeds and can hang if large amounts of data is sent to the slave
      (eg a copy-paste). bz#1528

i dont need ssh (4, Funny)

digitalsushi (137809) | more than 4 years ago | (#29613459)

i dont need ssh... for some reason inetd was installed with a call to bash, running as root. i can just telnet right in. it actually saves me a ton of time, since lately i can't even seem to remember what my password is.

Re:i dont need ssh (3, Funny)

dazjorz (1312303) | more than 4 years ago | (#29613485)

Interesting. Would you mind telling me what host and port this is, so I can.. um... diagnose the uh.. problem?

Re:i dont need ssh (5, Funny)

David_W (35680) | more than 4 years ago | (#29613685)

since lately i can't even seem to remember what my password is

It's hunter2.

Re:i dont need ssh (0)

Anonymous Coward | more than 4 years ago | (#29614037)

Can you type that again? All I see are asterisks!

Re:i dont need ssh (0)

Anonymous Coward | more than 4 years ago | (#29614317)

How did you know his password?

encrypted port forwarding (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29613503)

orgasim

Re:encrypted port forwarding (1)

slack_justyb (862874) | more than 4 years ago | (#29613611)

Yeap that will about do it for any geek. I mean my definition of computer porn is heading over to newegg. Does any one else feel there's a Futurama quote somewhere in there?

Apt.... (0)

Anonymous Coward | more than 4 years ago | (#29613517)

I wonder how long until this makes its way down the pipes into the apt for Debian...

You mean... (0)

Anonymous Coward | more than 4 years ago | (#29613519)

...the Feds have allowed OpenSSH to keep going "strong" after 10 years.

Re:You mean... (1)

mlts (1038732) | more than 4 years ago | (#29614555)

The Feds need security too. I'm sure, if there is any weaknesses (and this is theory mind you, not anything based in fact), it likely would be the larger organizations having knowledge (or specialized hardware like a TWIRL device which is just theory as of now) of how to factor public keys faster than conventional brute force ways. I'm pretty sure a lot of machines out there (especially ssh v1 boxes) still have 512 bit keys as their host key, and if someone targeted that box specifically, they could obtain the key, then try to insert themselves into the network stream for a MITM attack against people logging on via remote.

The SSH v2 protocol by itself has proven quite strong, and is one of the two bigger protocols for sending encrypted data over the Internet with decent security. Perhaps three, factoring in PPTP.

Is OpenSSH still speed limited? (2, Insightful)

TheSlashaway (1032228) | more than 4 years ago | (#29613549)

Did OpenSSH ever fix the performance limitation on fast networks (>100Mbps)? They have static internal flow buffers that prevent fast scp/ssh! HPN has a patch but OpenSSH has to my knowledge never adopted it. http://www.psc.edu/networking/projects/hpn-ssh/ [psc.edu]

Re:Is OpenSSH still speed limited? (0)

Anonymous Coward | more than 4 years ago | (#29613579)

I regularly see 50MB/sec on my cluster using scp... sometime it spikes to 66MB/sec

Re:Is OpenSSH still speed limited? (1)

TheSlashaway (1032228) | more than 4 years ago | (#29613679)

Ummmm. 300Mbps ? What kind of network do you have? Anyways, my original question is still to be answered...

Re:Is OpenSSH still speed limited? (0)

Anonymous Coward | more than 4 years ago | (#29613747)

cluster interconnect is a Cisco Catalyst 4503 Layer 2/3 network switch.

Re:Is OpenSSH still speed limited? (2, Interesting)

0123456 (636235) | more than 4 years ago | (#29613763)

Yeah, scp gets about 55MB/sec between Linux systems at work with gigabit LAN.

Re:Is OpenSSH still speed limited? (1)

Techman83 (949264) | more than 4 years ago | (#29613781)

I find I'm pushing Disk/CPU/Network rather then limitations with SCP. I figure the encryption is causing the CPU load, the rest is obvious.

Re:Is OpenSSH still speed limited? (4, Informative)

WuphonsReach (684551) | more than 4 years ago | (#29613801)

Like the other poster, I've see 30-50 MB/s (300-500 Mbps) over a gigabit network when copying between boxes using scp. The limitations were more the frame size (not using jumbo frames on that network) along with the read/write speeds of the system on each end.

So, it's no slouch and better then SMB/CIFS.

I remember switching to openSSH. (4, Interesting)

Vellmont (569020) | more than 4 years ago | (#29613687)

It was likely not far after openSSH became available, and the original SSH was starting to get less and less friendly. The great thing about SSH is is all started out free and open. Early on it was experimental (though very cool). This later changed when the original SSH became commercialized, and the licensing started closing up (thus my switching to openSSH). This was back in the days when an ssh client was something you had to hunt around for and much of the time all that was available was cruddy ssh1 clients.

We've come a long way since then. These days putty and SCP are available for any platform. I haven't even thought about the original ssh from Tatu for years, though I certainly used it so many years ago.

License (1)

MichaelSmith (789609) | more than 4 years ago | (#29613831)

The openssh web page [openssh.com] says:

Please take note of our Who uses it page, which list just some of the vendors who incorporate OpenSSH into their own products -- as a critically important security / access feature -- instead of writing their own SSH implementation or purchasing one from another vendor. This list specifically includes companies like Cisco, Juniper, Apple, Red Hat, and Novell; but probably includes almost all router, switch or unix-like operating system vendors. In the 10 years since the inception of the OpenSSH project, these companies have contributed not even a dime of thanks in support of the OpenSSH project (despite numerous requests).

Not wanting to troll but, you know, if openssh was GPL licensed said commercial vendors would have to release the source for openssh with their products, including any modifications they made. The project could also offer LGPL or BSD licensed versions in exchange for cold, hard, cash.

Re:License (2, Insightful)

Yosho (135835) | more than 4 years ago | (#29613889)

Not wanting to troll but, you know, if openssh was GPL licensed said commercial vendors would have to release the source for openssh with their products, including any modifications they made. The project could also offer LGPL or BSD licensed versions in exchange for cold, hard, cash.

You're assuming that the commercial vendors would still use OpenSSH if it was GPLed. What makes you think they wouldn't either roll their own SSH server or use some other proprietary implementation?

Re:License (1)

MichaelSmith (789609) | more than 4 years ago | (#29613913)

Not wanting to troll but, you know, if openssh was GPL licensed said commercial vendors would have to release the source for openssh with their products, including any modifications they made. The project could also offer LGPL or BSD licensed versions in exchange for cold, hard, cash.

You're assuming that the commercial vendors would still use OpenSSH if it was GPLed. What makes you think they wouldn't either roll their own SSH server or use some other proprietary implementation?

It would come down to economics. Is an LGPL version of openssh cheaper than commercial implementation X? This approach works for adacore. [adacore.com]

But for sure, fewer products would contain openssh if it was GPLed. But with more money it might be a better product, so there might be a net iimprovement in security that way.

Re:License (0)

Anonymous Coward | more than 4 years ago | (#29614065)

No. One of the main reasons for a really free OpenSSH and OpenBSD is that Corporations have shown that they will choose a product they can keep closed if they ever distribute anything(Even if they only plan to use it internally!) than a superior product.

OpenSSH is already the superior product, It being a bit superior wouldn't improve the situation much. Companies using their own MSSH, iSSH, SunSH, GSSH, etc. would only result in worse security, because you know, you don't live alone in this world. If your client/server is very secure but the other end is pwned *YOU* lose.

Re:License (1)

Secret Rabbit (914973) | more than 4 years ago | (#29614099)

Throwing money at security won't make something more secure. That's really up to who is doing the programming i.e. how competent they are. Just look at all the security products out there that have massive security holes in them regardless of whether they are commercial or open-source.

Re:License (3, Insightful)

Secret Rabbit (914973) | more than 4 years ago | (#29614081)

I do believe that you've entirely missed the point of that paragraph. They still wouldn't have to pay a dime. As in, who cares if they would have to offer the source to something where the source is already available.

The GPL is not the godsend that many people believe it to be. In fact, if looking at current (and past) business practice is any indication, the GPL would have actually hindered OpenSSH's adoption, not promoted it. Businesses really hate that viral open source thing in the GPL regardless of whether there code actually touches the GPL'd code. Just not worth the risk for many (most?).

Re:License (2, Interesting)

rtfa-troll (1340807) | more than 4 years ago | (#29614353)

Businesses really hate that viral open source thing in the GPL

You seem to think that we're on some ideological crusade to take over everything. In the real world, we just don't care at all about anything which is not "core business". The GPL is an excellent thing since we can give back source code without much need to think. The business justification is one check box (because we have to) rather than weeks of meetings about whether this feature is strategic. When you somehow end up giving away a feature to a GPL app, you know that even if the competition gains the same, they still have to make any fixes they make available to other people.

Speaking for most "businesses" everywhere.

Re:License (4, Insightful)

onefriedrice (1171917) | more than 4 years ago | (#29614261)

Not wanting to troll but, you know, if openssh was GPL licensed said commercial vendors would have to release the source for openssh with their products, including any modifications they made. The project could also offer LGPL or BSD licensed versions in exchange for cold, hard, cash.

Instead they do the noble thing and release their hard work without strings attached. They understand the alternatives but actively choose to stick with a license that doesn't childishly punish those who cannot or won't return the favor. They do what they do not to "stick it" to corporations but rather because they love to code and love when their code is used to improve peoples' lives. They even love it when somebody is able to take what they've done and build off of it or incorporate it into a product. It's a matter of love, and love must be given without strings and viral conditions. It's true charity, and charity is for the giver as much as the receiver. It's the BSD philosophy, and it's not often understand by the GNU herd. But that's okay, because the software we write is for them, too. And we love it even if they don't understand why.

Thanks OpenBSD. You're awesome. I hope a lot of people today make good use of this link [openssh.com].

Fast, Weak sshfs (2, Interesting)

Doc Ruby (173196) | more than 4 years ago | (#29613951)

I find sshfs to be a much easier to use ad-hoc network fileystem mounter than the other popular alternatives. And it's secure by default.

But it's too secure. Or rather, there are scenarios in which the network transfer doesn't need the ssh security, but encrypting it takes too long (or too much CPU from other tasks, especially on dinky embedded network devices). Is there a way to force sshfs to use a much less compute intensive encryption, or maybe even a null crypto module? Without hacking the source directly, that is - like an execution option, a compile option, a config rule, etc.

Re:Fast, Weak sshfs (1)

someSnarkyBastard (1521235) | more than 4 years ago | (#29614123)

I might be off-base here but if I remember correctly, in one of the ssh config files, there is a section where you can specify what crypto systems your server would accept. That said, i never knew there was such a thing as "too secure", besides, these days a lot of chips include at least some hardware crypto functions to speed things up because crypto is so integral to online communication.

Re:Fast, Weak sshfs (0)

Anonymous Coward | more than 4 years ago | (#29614179)

Indeed, the notion of a null crypto method does exist in the form of separate patches. The OpenSSH folks refuse to include this in their source tree.

On the other hand, after waiting 9 of the last 10 years OpenSSH's server implementation now provides the (obvious) chroot jail of shell sessions.

Re:Fast, Weak sshfs (1)

Rennt (582550) | more than 4 years ago | (#29614185)

A null-crypto secure-shell file-system?

Two thoughts spring to mind - "Why?" and "NFS"

Re:Fast, Weak sshfs (1)

Father Dupuis (699235) | more than 4 years ago | (#29614201)

This should work for you: sshfs -o ssh_command="ssh -c arcfour -o Compression=no" user@remote.host /your/mountpoint

Re:Fast, Weak sshfs (1)

Kjella (173770) | more than 4 years ago | (#29614523)

I don't think the OpenSSH guys want to add it, and I agree with them. It's a tool used by so many that understand so little, but at least they've sorta understood that SSH = secure. They'd still fall for any certificate trickery because they don't really understand, but I digress. The point is that once sshfs means maybe secure, maybe not secure you can bet idiots will do stuff like disable crypto and go "Hey look, it's still ssh, it's still secure, and it's 100x faster" and completely ignore all the blinkenlights.

If you don't want SSH, what's wrong with NFS/FTP and remote telnet/X? You're going naked anyway, there's no point to pretend you're even remotely secure. That'd be a pathetic attempt at security by obscurity since the source is out there and any "weak mode" crypto would be a plugin in the hacker tools in no time. I think it's fairly proven now that insecure crypto is probably the worst of all worlds, not being secure yet people mindlessly using it as if it were. So no crypto and then there's really no point in calling it ssh either. The notsshfs, perhaps.

rsync over SSH for backups (4, Informative)

Cato (8296) | more than 4 years ago | (#29614475)

One of the best things about SSH is rsync - you only need an SSH enabled login on a machine, with a copy of rsync, to be able to efficiently copy data with block-level incremental efficiency. Even better, there are excellent backup tools such as rsnapshot that build on rsync to store multiple versions of a file in the backup file tree, using hard links to avoid storing the same version twice - so every backup is a full backup in terms of easy recovery, but an incremental backup in terms of network and storage efficiency.

See http://slashdot.org/comments.pl?sid=1371703&cid=29451267 [slashdot.org] for more about rsnapshot and friends.

Who doesn't know about OpenSSH (1)

cecom (698048) | more than 4 years ago | (#29614521)

The fact that the editors thought that Slashdot needed an explanation of what OpenSSH is makes me feel dirty. It is like explaining what H2O is. If you don't know what OpenSSH is you should not be reading Slashdot, you bastards!

Fixed the root exploit? (1, Troll)

shish (588640) | more than 4 years ago | (#29614563)

Did they fix the hole that allowed imageshack and such to get hacked a while back? Did they ever even find out what that hole was?

(The hackers claim 5.2 is safe, but for all we know, that could be a trick to make us upgrade to an even buggier version... the hack was in the name of avoiding full disclosure, so we'll probably never know exactly what they did, and thus not be sure it's fixed, and thus the incredibly anti-full-disclosure people demonstrate exactly why full disclosure is a good thing :-/ )

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...