Subject: Re: Off-Topic: NiftyTelnet with SSHv2 question
To: gabriel rosenkoetter <gr@eclipsed.net>
From: Henry B. Hotz <hotz@jpl.nasa.gov>
List: port-mac68k
Date: 09/22/2000 10:52:38
Thanks for the response. I forwarded part of it to the JPL-sysadmin
mailing list. Seems a lot of JPL SA's are sticking to ssh1 even
though we have a free site license to ssh2 because they need to
support Mac clients and they think they can't run both.
At 10:09 AM -0400 9/22/00, gabriel rosenkoetter wrote:
>On Thu, Sep 21, 2000 at 10:44:59AM -0700, Henry B. Hotz wrote:
> > Does it work? I seem to recall something said a long time ago about
> > it working, but only if you configured the fallback in some specific
> > way.
>
>As I recall, NiftyTelnet has only the ssh1 protocol. That may have
>changed recently, though.
No change, though there is a new, free, unrelated ssh2 client that
doesn't quite work yet. (It was announced on the mac-crypto list.)
Unlike the F-secure clients NiftyTelnet supports scp.
>But don't use ssh.com's software. They have a non-nice license and
>various bugs. Use OpenSSH (installing from pkgsrc should work fine,
>did on the couple of mac68ks in my cluster here, but they're 1.4.2 not
>1.5anything) instead. It supports both protocols in the same server
>and is generally better-written. (No personal offense meant to Tatu,
>but the ssh.com thing is way out of his hands these days.)
I'm running 1.2.27 on Solaris, and on NetBSD/macppc 1.5 alpha 1. My
remaining Mac68k box is only a IIcx and probably couldn't handle it
well. Almost all of the client connections in my case are from MacOS
so there seems little reason to figure out why people think SSH2 is
better. I'm interested to see that OpenSSH is now getting
recommendations that it may be ready for prime time.
For NetBSD I'm using the pkgsrc-patched-source, but I had to do the
configure and install the old fashioned way in order to get .rhosts
authentication to work. The only difference I see that might matter
is --without-rsh. Why anyone would want to run ssh with rsh fallback
escapes me since that would defeat the whole point of ssh. Why the
default configuration isn't --without-rsh *really* escapes me.
Signature held pending an ISO 9000 compliant
signature design and approval process.
h.b.hotz@jpl.nasa.gov, or hbhotz@oxy.edu