[rootshell] Security Bulletin #25

As this conversation has carried over to NANOG this should be of interest.


SSH 2.0 has a more restrictive software license than 1.2.26. The paranoid
among us would wonder whether this was a deliberate attempt to convince
people to upgrade to 2.0, incidentally forcing many of them to pay for
the new license.

Nah; nobody would exploit FUD to make a buck, would they?


Well, seeing how 2.0 is actually a commercial product and supposedly
re-written, I can see why they'd want to sell it. If you want to run ssh
and don't want to pay for it, you're stuck with the 1.x version. Those
that can pay do, and those that don't whine for some reason. It's not
like you couldn't take the source to 1.2.26 and alter it now, is it?

Joseph Shaw - jshaw@insync.net
NetAdmin/Security - Insync Internet Services
Free UNIX advocate - "I hack, therefore I am."