Summary:
My question really had two parts. The first part about compiling/packaging
ssh was something I didn't want to waste effort doing if it had already been
done. I wanted to install ssh on several machines which don't have
compilers, so I wanted the package format. (Which I figured out well
enough.)
The second part of the question was the more sticky part. Ssh was
originally developed in Finland, so it is _imported_ into the US, not
exported. However, the previous export regulations prevented US companies
(such as linux/unix distributors) from distributing ssh bundled with their
products. There is hope that the relaxed export regulations will allow this
([1]).
However, there is still a problem with the RSA algorithm, which is patented
([2]) and required by SSH. RSA Security charges royalty fees for commercial
use. The patent expires September 2000.
A great summary of the lineage of various ssh packages is available from
[3]. It also contains information about a free SSH2 implementation
(currently alpha).
Gordon
ghopper@found.com
References:
[1] http://securityportal.com/direct.cgi?/research/ssh-part1.html
[2] http://www.rsasecurity.com/rsalabs/faq/6-3-1.html
[3] http://www.net.lut.ac.uk/psst/fascist.html
----------------------------------------------------------------------
My original Question was:
From: ghopper@found.com
Sent: Tuesday, March 28, 2000 15:18
To: sun-managers
Subject: ssh 2.0.13
Now that the US government has relaxed export regulations on encryption
software, I thought it would be easier to find an ssh2 package for
solaris2.6 (and/or 7). Does anyone know where I could find one?
(I have found ssh 1.x.x packages, but not 2.0.x where x>=12).
Thanks,
Gordon
Excerpts from several replies follow:
(Thank you for all the responses. Due to the number of responses, I
was not able to include them all)
----------------------------------------------------------------------
Personally, I've put OpenSSH on my solaris boxes, it's a bit tougher to
install, but I like that's it's not encumbered by any licensing or patent
problems. And it's being actively maintained also, so bug fixes are being
taken care of. Check it out: http://www.openssh.com
Dennis J. Behrens
----------------------------------------------------------------------
Although in the security community 1.2.27 is still considered the most
secure and stable release.
Michael DeSimone
----------------------------------------------------------------------
The outfit in Finland--SSH Communications--that has always developed
ssh is now in business for itself. They have version 2.1 in beta.
However, it is now under an ironclad commercial license, and is only free
for educational use.
F-Secure (formerly known as DataFellows) no longer has the rights to
sell ssh versions greater that 2.0.13. See http://www.datafellows.com/
Tim Evans
----------------------------------------------------------------------
You can get it at www.ssh.org. Don't forget that and ssh product starting
with a 2 has their crappy licensing stuff attached. EVALUATION,
NON-COMMERCIAL USE, AND UNIVERSITY USE, etc.
I'd stick with ssh1.2.27.
Mark Studebaker
----------------------------------------------------------------------
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:05 CDT