SSH vs SSL/Telnet 15
tyr asks: "I am setting up a masquerade server for our church to access the Internet. I want to be able to remotely administer the server, but other people have concerns about security. I have decided to implement some type of encrypted login. I have heard rumors that SSH compresses the stream to cut down on the bloat caused by encryption. Is this really significant for a text only login? Anyway I just wanted to see discussion on the relative technical merits of each of the options like SSH 1.x, SSH 2.x, OpenSSH, SSL/telnet, and any others you would recommend."
OpenSSH is slower than (closed) ssh (Score:1)
For interactive sessions OpenSSH may be fine but it has about 1/3 the performance of ClosedSSH for bulk transfers, e.g., (r|s)cp, network backups.
Re:OpenSSH (Score:1)
Sorry to pick on just this post, but this is something that has been bothering me about slashdot comments for some time... NOT EVERYONE CARES WHETHER IT IS A ``FREE'' LICENSE OR NOT!
I certainly don't give a rat's ass about the GPL. The GPL is a damn virus. I like Linux, and associated products - but I wish it was all under the truly free BSD license.
-Jeff
Encryption doesn't use more bandwidth (Score:1)
duh. (Score:1)
Re:OpenSSH (SSH 2.x lisencing issues) (Score:1)
From OpenSSH History and Credits [openssh.com]:
Rapidly after the 1.2.12 release, newer versions bore successively more restrictive licenses. Earlier restrictive licenses forbade people from making a Windows or DOS version. Later licenses (read - v2.x) restricted the use of ssh in a commercial environment, instead requiring companies to buy an expensive version from Datafellows.
Re:OpenSSH (Score:1)
You are a wise man.
Re:OpenSSH (Score:1)
The GPL is not a damn virus, it is the reason for the success of Linux and the failure of the free BSD's, as was featured on an article on slashdot. It disallows people to go away from the freedom policy.
Patola
Re:SSH (Score:1)
You won't notice a difference between SSH and Telnet for text login, even over a modem. This means of course you should go with SSH.
I think this statement needs to be qualified a bit. When I switched from telnet to ssh, I didn't notice a *bandwidth* hit, but the *latency* of the connection went up. This makes sense, really, when you think about all the processing involved.
In any case, the difference was hardly noticeable over a 33.6K modem. So, yeah, you should go with SSH. OpenSSH is based on the original SSH1 source code, with lots o' bug fixes. SSH2 fixes some problems with the SSH1 protocol, but is non-free for commercial use (AFAIR).
Re:duh. (Score:2)
OpenSSH, while vulnerable when implementing the 1.5 ssh protocol, also supports an incompatible "1.6" ssh protocol that is immune to the known vulnerabilities of the 1.5 protocol; between OpenSSH clients, this protocol can be spoken instead, improving security.
I'm not great at security, but I try to pay attention to those who are
SSH (Score:2)
--
openssh (Score:2)
ssh1 vs. ssh2 vs. openssh vs. telnet over ssl (Score:2)
i'm not a security expert, but i have had ample opportunity to ponder this and related questions. my (admittedly basic) research has led me to these conclusions.
some random notes:
Re:OpenSSH (Score:2)
What licensing issues ? How does the ssh1.2 license differ from the ssh2 license ?
OpenSSH (Score:3)
A wealthy eccentric who marches to the beat of a different drum. But you may call me "Noodle Noggin."