For the last couple of months, the OpenBSD team has been working hard to implement the SSH2 protocol in OpenSSH. The SSH2 protcol offers a number of advantages over the SSH1 protocol including standards compliance (SSH2 is on the IETF standards track), improved security and operation without RSA (which is patented in some countries). This release of the portable version incorporates this work and adds inbuilt entropy collection for Unices which lack a kernel random number pool. Since there is a lot of new and changed code, we are keen to gather feedback from users of the new features. In particular: - SSH2. Please read README.openssh2 and add "Protocol 2,1" to your sshd_config and ssh_config. - Entropy collection. There is little documentation on this so far. If your system lacks both a kernel random pool and EGD, a file ssh_prng_cmds will be created. This file contains the commands which will be used to seed the random number generator. We are interested in additional commands and refinements to the current set. Please send in the output of "ssh -v", which includes the amounts of entropy gathered. The beta release is available from http://violet.ibs.com.au/openssh/files/beta Note that this release _requires_ OpenSSL 0.9.5 or greater. Regards, Damien Miller -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)
Damien Miller wrote:> The beta release is available from > http://violet.ibs.com.au/openssh/files/beta > > Note that this release _requires_ OpenSSL 0.9.5 or greater.Thank you for the great openssh package. I have downloaded and began testing the beta. A few things I noticed. - For unknown reasons, I failed to ftp the .sig file for beta from au site. (Strange. Maybe this is my peculiar netscape bug or something. YMMV.) - The use of atomicio for read/write that saved the people who experienced scp failures is not reflected in scp.c, it seems. read() calls are not wrapped in atomicio at all. Most of write() calls except two are wrapped in atomicio. Happy Hacking, Ishikawa
>Note that this release _requires_ OpenSSL 0.9.5 or greater.If so, then the configure script should be changed to eliminate references to SSLeay, especially the message checking for OpenSSL/SSLeay directory ... When I had the problem I reported the other day in finding openssl, I was initially confused by this message because I had SSLeay but not OpenSSL already installed on my system. Phil
Yo Damien! Hooray! All it took to build on UnixWare 7.1.0 was: ./configure && make && make install I also edited the ssh*_config files as required. All the old stuff works fine so far and no more EGD! opensshd: I was unable to connect to the new sshd with SecureCRT Ver 3.0. If: I connect from that with 3DES or RC4 I get: "disconnect, reason code: 2" ?? If I connect from that with twofish, it says: "no compatible ciphers". Blowfish is not a SecureCRT option with SSH2. Similar results connecting from ssh 2.0.13 on Linux to opensshd ossh: openssh was able to connect out to ssh ver 2.0.13. On Tue, 2 May 2000, Damien Miller wrote:> The beta release is available from > http://violet.ibs.com.au/openssh/files/betaRGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701 gem at rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
Yo Damien! Ooops, I forgot to say that ssh1 protol work fine, I only had problems with the ssh2 protocol inbound. RGDS GARY On Tue, 2 May 2000, Gary E. Miller wrote:> I was unable to connect to the new sshd with SecureCRT Ver 3.0. If:[...] --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701 gem at rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
Could you please provide the debugging output from the sshd? e.g., start with # sshd -d -p 2222 I used SecureCRT while adding my SSH2 support to OpenSSH and it did work fine (3des and rc4). Also, make sure you select "Standard" instead of datafellows server. -markus On Tue, May 02, 2000 at 05:20:28PM -0700, Gary E. Miller wrote:> Yo Damien! > > Hooray! All it took to build on UnixWare 7.1.0 was: > ./configure && make && make install > > I also edited the ssh*_config files as required. > > All the old stuff works fine so far and no more EGD! > > opensshd: > > I was unable to connect to the new sshd with SecureCRT Ver 3.0. If: > > I connect from that with 3DES or RC4 I get: > "disconnect, reason code: 2" ?? > > If I connect from that with twofish, it says: > "no compatible ciphers". > > Blowfish is not a SecureCRT option with SSH2. > > Similar results connecting from ssh 2.0.13 on Linux to opensshd > > ossh: > > openssh was able to connect out to ssh ver 2.0.13. > > On Tue, 2 May 2000, Damien Miller wrote: > > > The beta release is available from > > http://violet.ibs.com.au/openssh/files/beta > > RGDS > GARY > --------------------------------------------------------------------------- > Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701 > gem at rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676 > >
On Tue, 2 May 2000, Phil Karn wrote:> >Note that this release _requires_ OpenSSL 0.9.5 or greater. > > If so, then the configure script should be changed to eliminate > references to SSLeay, especially the message > > checking for OpenSSL/SSLeay directory ...Thanks, fixed. -d -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)