Thanks to everyone who responsed. Due to the overwhelming responses (and my busy schedule), it has taken a while to summarize this. 34 people currently use ssh1 and 23 user ssh2. ssh1 has been used with 4.0d, 4.0e, 4.0f and 5.0. ssh2 has been used with 4.0d and 4.0f. Each on a variety of machines. The most popular version is 1.2.27. Many are also running 2.0.13. 2.1 is currently in beta.
This product is free to universities. For more information see
http://www.ssh.com/about/press/release01032000.html
Here is some information from Tom Webster:
I'm using ssh 1.2.27, and I am quite happy with it. As far as I know, there are only three open security issues with 1.2.27:
1. If you compile with the RSAREF libs (which you should do in the US to avoid software patent problems), there is a buffer overflow issue. Check with secuityfocus.com for details on the patch. Versions compiled without using the RSAREF libs do not have this problem.
2. There is an issue with the way that xauth is handled that could
lead to problems if you allow X forwarding on a server with an
"untrustworthy" superuser. This affects both the 1.2.x versions
and the 2.0.x versions of ssh. OpenSSH is supposed to have a fix, but Tru64 isn't a supported platform (yet?).
3. There is an issue with the way that ssh-agent uses UNIX domain socket when it is providing automatic logins. If you don't use ssh-agent and type in your passwords/passphrase by hand, it isn't an issue.
I've tried the ssh 2.0.x version but was not impressed by the beta
feel of the code. The lack of an scp work-alike in 2.0.13 and
incompatibility with the older protocols* proved to be show stoppers.
Scp (like a secure verion of rcp) is one of the really nice features
of ssh.
* Ssh 2.0.x provides ssh 1.x compatibility by having you install ssh
1.x and then calling it if someone connect with the old protocols.
Ssh 2.0.x has a drastically revised license, which make many of the free uses of ssh 1.x now require a commercial license with 2.0.x. There is also a dearth of third party clients with 2.0.x compatibility.
Mary J. Aumann
Lead Operations Specialist
Saginaw Valley State University
Received on Tue Apr 04 2000 - 13:57:22 NZST