LWN.net Logo

Advertisement

TrustCommerce

E-Commerce & credit card processing - the Open Source way!

Advertise here

Not logged in

Log in now

Create an account

Subscribe to LWN

Weekly Edition

Return to the Press page

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LWN.net Weekly Edition for November 20, 2008

MinGW and why Linux users should care

LWN.net Weekly Edition for November 13, 2008

NLUUG/ELCE: Embedded devices and free software

The sad story of the em28xx driver

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Secure Shell standard moving forward (NewsForge)

[Posted January 27, 2006 by ris]

NewsForge reports that the Secure Shell protocol is one step closer to becoming an Internet Engineering Task Force (IETF) standard. "IETF standards define a number of protocols that make the Internet what it is today. For example, TCP/IP, the Simple Mail Transfer Protocol (SMTP), the Post Office Protocol (POP), and the Hypertext Transfer Protocol (HTTP) are all standards that most users depend on every day. Without adherence to these standards it would be difficult for users and devices to communicated effectively using different mail clients and servers, Web browsers, and network adapters."
(Log in to post comments)

Secure Shell standard moving forward (NewsForge)

Posted Jan 30, 2006 2:13 UTC (Mon) by elicriffield (subscriber, #33738) [Link]

7 years and they still haven't made it a standard, several years of arguing over wording? I think IETF has made themselves obsolete.

Eli

Secure Shell standard moving forward (NewsForge)

Posted Jan 30, 2006 4:23 UTC (Mon) by Zarathustra (guest, #26443) [Link]

I think ssh has made itself obsolete by creating one of the most complex and messy protocols ever conceived.

Secure Shell standard moving forward (NewsForge)

Posted Jan 30, 2006 4:57 UTC (Mon) by bk (guest, #25617) [Link]

Please point to a better, practical alternative (for the love of god don't say rsh).

Secure Shell standard moving forward (NewsForge)

Posted Jan 31, 2006 9:14 UTC (Tue) by Zarathustra (guest, #26443) [Link]

I don't think anyone in their right mind would ever think seriously of using rsh for anything.

The problem with SSH is that is trying to solve way too many things with a single protocol, network protocols should follow the same rules as Unix programs: do one thing, and do it well. Network protocol stacking has the same role as pipes in Unix.

In the case of SSH, TLS is a much better alternative to handle encryption of network connections, it's much simpler and cleaner and easier to implement(and we all know that simpler == more secure).

For authentication there are many alternatives, but it certainly should be handled transparently for the application, so far the best solution i have seen is factotum which allows an application to handle a wide range of authentication methods without having to care about how they are implemented(not only that, but the application doesn't even need access to the keys involved in the authentication! so even a vulneravility in the application code would not compromise the private keys)

Secure Shell standard moving forward (NewsForge)

Posted Jan 30, 2006 5:29 UTC (Mon) by mikec (guest, #30884) [Link]

I second the first response to this comment...

Short of OpenVPN/IPsec, there is little that accomplishes anything close and those examples offer nothing short of a profoundly complex interface and protocol comparatively... (I am continually dumbfounded that IPsec setup is still as obtuse as it is... Plenty of good people have stepped in to "wrap" it, but why the !@#$ is it so horrible in the first place?)

Not only does ssh enjoy "defacto" standard status - I use it frequently, from many different places via many differet OSes and short of distribution specific configuration oddities, rarely see compatibility issues. In fact, I cannot think of a time in the past 5 years that I have seen anything other than poor choices on the part of RedHat/Fedora in the default config...

Even more interesting are the technologies piggy-backing on ssh - like NX...

The fact that ssh _IS_ a standard already and the IETF is still squabbling over it is yet another testiment of the usefulness of committees...

Such political bodies have graced us over the years with:
- delay of downloadable music (legal)
- delay of downloadable movies (legal)
- delay of blue-ray and like technologies for DVDs that store 2-10X mroe
- delay of DVD standard prior to that
- delay of CD standard prior to that
- Lawsuits from JEDEC members using submarine patents on DRAM
- The EU - need I say more?
- The US - need I say more?
- LSB - need I say more?
- IEEE's frequent mangling of technology a day late...

The result is inevitable as is the formation of such bodies. It is a bit like terrorism... If you pay attention, you are only feeding them... Just look away...

Secure Shell standard moving forward (NewsForge)

Posted Jan 30, 2006 18:32 UTC (Mon) by dd9jn (subscriber, #4459) [Link]

Please don't mix the protocol with actual implementations. OpenSSH has indeed a wealth of options and implementation nits not easy to understand - but still worth having.

Having implemented a Secure Shell protocol library (GSTI) I must say, that the specifications are very clear and straightforword. It was actually fun to implement this. I can't say this from other security protocols with the worst being CMS of course. Even the OpenPGP protocol seems to be hard to implement for someone who didn't followed closely the WG since 97.

Secure Shell standard moving forward (NewsForge)

Posted Jan 30, 2006 12:15 UTC (Mon) by cpm (subscriber, #3554) [Link]

"I think IETF has made themselves obsolete."

The IETF is just a community, just like a lot of other things "internet".

don't like what they do, join and participate.

Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds