From owner-freebsd-security  Tue Nov  2  6:46:39 1999
Delivered-To: freebsd-security@freebsd.org
Received: from india.citi.umich.edu (india.citi.umich.edu [141.211.92.147])
	by hub.freebsd.org (Postfix) with ESMTP
	id 0689615139; Tue,  2 Nov 1999 06:46:32 -0800 (PST)
	(envelope-from provos@citi.umich.edu)
Received: from citi.umich.edu (IDENT:provos@india.citi.umich.edu [141.211.92.147])
	by india.citi.umich.edu (8.9.3/8.9.3) with ESMTP id JAA27912;
	Tue, 2 Nov 1999 09:46:00 -0500 (EST)
Message-Id: <199911021446.JAA27912@india.citi.umich.edu>
Subject: Re: OpenSSH patches 
From: Niels Provos <provos@citi.umich.edu>
In-Reply-To: Poul-Henning Kamp, Tue, 02 Nov 1999 07:13:16 +0100
To: Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>,
	Kris Kennaway <kris@hub.freebsd.org>, security@FreeBSD.ORG,
	ports@FreeBSD.ORG, markus@openbsd.org, dugsong@openbsd.org
Date: Tue, 02 Nov 1999 09:46:00 -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <23974.941523196@critter.freebsd.dk>, Poul-Henning Kamp writes:
>But if we cannot put it on the CD anyway, what is the point of using
>the weaker OpenSSH rather than "the real thing" ?
Why is it weaker?  And what are the differences?  OpenSSH talks
protocol 1.5 including X11 + agent forwarding.  If you had tracked
bugtraq recently, you would have noticed that there was an attack that
applied to normal ssh but not to OpenSSH. Actually, OpenSSH has many
benefits over normal ssh.  One of them, already convincing enough by
itself, is the free commercial use.

Greetings,
 Niels.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message