This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
=== Subject: Re: Linux (x server) stability From: Rick Moen <rick@linuxmafia.com> Date: Mon, 10 Jan 2000 14:33:52 -0800 Quoting Dire Red (deirdre@deirdre.net): > I always get ssh from the source. Call me paranoid. And, of course, "the source" _these_ days should be one of the official OpenSSH mirrors, listed at http://violet.ibs.com.au/openssh/files/ . (I like to use ftp://ftp.localhost.ca/pub/openssh/files/ .) Because, of course, there's no longer any need to use the non-free SSH. On Debian "potato", you just "apt-get install ssh" to install OpenSSH binaries from the non-US Debian sites (Ylonen's ssh having been recently renamed "ssh-nonfree"). If still running Debian "slink", you can get it from http://www.hands.com/~phil/debian/ . === Subject: Re: Linux (x server) stability From: Aaron T Porter <atporter@primate.net> Date: Mon, 10 Jan 2000 17:10:23 -0600 (CST) On Mon, 10 Jan 2000, Rick Moen wrote: > And, of course, "the source" _these_ days should be one of the official > OpenSSH mirrors, listed at http://violet.ibs.com.au/openssh/files/ . > (I like to use ftp://ftp.localhost.ca/pub/openssh/files/ .) > > Because, of course, there's no longer any need to use the non-free SSH. Not quite true, at least one recent version of OpenSSH has trouble communicating with VanDyke Software's SecureCRT, make sure you're able to back out OpenSSH to ssh-nonfree if/when users start to complain. Also note the config files are not 100% compatible and can make "down grading" remotely a bit painful. That said, OpenSSH works great for me 99% of the time. === Subject: Re: Linux (x server) stability From: Rick Moen <rick@linuxmafia.com> Date: Mon, 10 Jan 2000 15:26:36 -0800 Quoting Aaron T Porter (atporter@primate.net): > On Mon, 10 Jan 2000, Rick Moen wrote: >> Because, of course, there's no longer any need to use the non-free SSH. > > Not quite true, at least one recent version of OpenSSH has trouble > communicating with VanDyke Software's SecureCRT [...] Consider what I wrote earlier to be hereby corrected to say "there's no longer any need _worth worrying about_ to use the non-free SSH." I've been using the latest OpenSSH releases without mishap. No idea if there's still a SecureCRT glitch, but I don't consider that or the different configuration files a serious obstacle. === Subject: Re: Linux (x server) stability From: Aaron T Porter <atporter@primate.net> Date: Mon, 10 Jan 2000 17:42:06 -0600 (CST) On Mon, 10 Jan 2000, Rick Moen wrote: > > Not quite true, at least one recent version of OpenSSH has trouble > > communicating with VanDyke Software's SecureCRT [...] > > Consider what I wrote earlier to be hereby corrected to say "there's > no longer any need _worth worrying about_ to use the non-free SSH." Your worries must be much different than mine... ensuring that a substantial and active installed user base can continue to access services is something I worry about. > I've been using the latest OpenSSH releases without mishap. No idea > if there's still a SecureCRT glitch, but I don't consider that or > the different configuration files a serious obstacle. I note the config file issue since doing an apt-get install ssh, then trying to move back to ssh-nonfree can result in ssh failing on startup. Some of us have servers hundreds or thousands of miles away, and trying to talk J. Random NocEngineer through fixing a config file with vi is not my idea of fun. === Subject: Re: Linux (x server) stability From: Rick Moen <rick@linuxmafia.com> Date: Mon, 10 Jan 2000 15:56:55 -0800 Quoting Aaron T Porter (atporter@primate.net): >> Consider what I wrote earlier to be hereby corrected to say "there's >> no longer any need _worth worrying about_ to use the non-free SSH." > > Your worries must be much different than mine... ensuring that a > substantial and active installed user base can continue to access > services is something I worry about. Reality check, here: I count _ten_ SSH client packages for Win32. Your concerns involve problems of _one_ of those ten, and (as far as we know) in conjunction with one of the earlier betas of the OpenSSH daemon. I don't know if that glitch still exists, but either it already got ironed out during the rapid beta cycle, or one of my users will eventually let me know it's still there. At which point, I'll probably recomment PuTTY as a temporary measure. So, I _do_ think you rather drastically exaggerate. > I note the config file issue since doing an apt-get install ssh, then > trying to move back to ssh-nonfree can result in ssh failing on > startup. So, don't do that, then. Or keep a safety copy of /etc/sshd_config. === Subject: Re: Linux (x server) stability From: Rick Moen <rick@linuxmafia.com> Date: Mon, 10 Jan 2000 16:36:32 -0800 Quoting J C Lawrence (claw@cp.net): > For now I trust non-free SSH 1.2.27 more than OpenSSH. This is not to > say that OpenSSH is "bad", just that I'd like to see it weather a > little more and change a little less rapidly before I bet system > security on it. FYI, I adopted it because it had, in fact, stopped changing rapidly. The fact that it's the OpenBSD people who are the core developers, and that they were able to benefit from Ylonen's 1.1.12 codebase as a starting point, tends to give me confidence I might otherwise have lacked. === Subject: Re: Linux (x server) stability From: J C Lawrence <claw@cp.net> Date: Mon, 10 Jan 2000 16:32:25 -0800 On Mon, 10 Jan 2000 14:33:52 -0800 Rick Moen <rick@linuxmafia.com> wrote: > Because, of course, there's no longer any need to use the non-free > SSH. For now I trust non-free SSH 1.2.27 more than OpenSSH. This is not to say that OpenSSH is "bad", just that I'd like to see it weather a little more and change a little less rapidly before I bet system security on it. Unless there's a known exploit, security is something I generally believe in moving very slowly on and then only as _functionally_ demanded. === Subject: Re: Linux (x server) stability From: J C Lawrence <claw@cp.net> Date: Mon, 10 Jan 2000 16:45:34 -0800 On Mon, 10 Jan 2000 16:36:32 -0800 Rick Moen <rick@linuxmafia.com> wrote: > Quoting J C Lawrence (claw@cp.net): >> For now I trust non-free SSH 1.2.27 more than OpenSSH. This is >> not to say that OpenSSH is "bad", just that I'd like to see it >> weather a little more and change a little less rapidly before I >> bet system security on it. > FYI, I adopted it because it had, in fact, stopped changing > rapidly. <nod> I suspect I have a higher threshhold than you. I basically figure on waiting for at least 3 and probably 6 months of stability before moving over. Yes, I'm uber-paranoid and I check signatures _and_ the webs of trust leading up to the provided keys too. > The fact that it's the OpenBSD people who are the core developers, > and that they were able to benefit from Ylonen's 1.1.12 codebase > as a starting point, tends to give me confidence I might otherwise > have lacked. Oh yes, it is extremely promising. That said what I'd really like to see is a decent and compleat version of the SSH v2 protocol, both client and server. The basic protocol definition itself is far cleaner, more useful and more flexible than the SSH v1 protocol. === Subject: Re: Linux (x server) stability From: "Jeffrey B. Siegal" <jbs@quiotix.com> Date: Mon, 10 Jan 2000 19:25:33 -0800 Deirdre Saoirse wrote: > I run a system with other users. I don't want THEM to be able to connect > to my X session. xhost allowing localhost connections is less secure than > using ssh to forward the display. That's what $XAUTHORITY is for. After su-ing, do export XAUTHORITY=~jbs/.Xauthority [substitute your username for jbs] and you will be able to start X apps without opening up to localhost generally. su preserves $DISPLAY but not $XAUTHORITY. ===