From owner-freebsd-questions Wed Aug 4 9:37: 5 1999 Delivered-To: freebsd-questions@freebsd.org Received: from horst.bfd.com (horst.bfd.com [12.9.219.10]) by hub.freebsd.org (Postfix) with ESMTP id 6067F14D9F for ; Wed, 4 Aug 1999 09:37:03 -0700 (PDT) (envelope-from ejs@bfd.com) Received: from HARLIE.bfd.com (bastion.bfd.com [12.9.219.14]) by horst.bfd.com (8.9.2/8.9.2) with ESMTP id JAA39366; Wed, 4 Aug 1999 09:36:36 -0700 (PDT) (envelope-from ejs@bfd.com) Date: Wed, 4 Aug 1999 09:36:36 -0700 (PDT) From: "Eric J. Schwertfeger" To: Slawek Zak Cc: Doug , Thomas Mullaney , Charles Randall , freebsd-questions@FreeBSD.ORG Subject: Re: ssh/ssh2 In-Reply-To: <87iu6w4gyi.fsf@prioris.im.pw.edu.pl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 4 Aug 1999, Slawek Zak wrote: > ** "Eric J. Schwertfeger" wrote: > > Eric> On Mon, 2 Aug 1999, Doug wrote: > >> You can search the archives for this list and bugtraq to get a > >> better idea. Put another way, ssh version 1 is well tested and > >> free, whereas version 2 is less well tested, new, costs money > >> to use, and has no features that version 1 doesn't have. So, > >> why use version 2? > > Eric> Version 1 uses the RSA encryption algorithm, which isn't > Eric> free for commercial use within the US. > > prioris% ssh -v > SSH Version 1.2.26 [.......] > Standard version. Does not use RSAREF. From the SSH FAQ, section 2.5.1 SSH version 1.2.X "...Encryption keys are exchanged using RSA, and data used in the key exchange is destroyed every hour (keys are not saved anywhere). Every host has an RSA key which is used to authenticate the host when RSA host authentication is used... ... RSA keys are also used to authenticate hosts." Please note that no alternatives are used for Key exchange or host authentication. The v1 protocol doesn't allow for other key echange encryption algorithms. As I understand it, you can build it with or without RSAREF, but if you build it without RSAREF, it includes its own RSA implementation. The legal issues were the main reason for the development of ssh2. You can use RSAREF in noncommercial environments within the USA. You can license the technology, you can move outside the country, or you can break the law. I'm not a net laywer, but I do try to follow the legal issues involving crypto. This is also not a statement of endorsement of the RSA patent. You can compile openSSL to not include RSA and other infringing algorithms, but then you couldn't use that to compile against ssh. You could probably get SSLrsh to compile against it, however. You could also try the lsh implementation, which uses the SSH v2 protocol, though it is still in development stage, and requires some special patches to interoperate with ssh2. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message