Linux Journal: A Rough Year for SSH

“Just as 2000 was a rough year for firewalls, with
holes blown in both commercial and open-source products, 2001 was a
most uncomfortable year for the secure shell, or ssh. Several
groups focused their attentions on this cornerstone of the net, and
several problems emerged. ssh has emerged from this scrutiny a
stronger product.

Not all of these issues affect all ssh users, so it’s important
to understand the vulnerabilities, their impact, and how to
mitigate these risks. In this piece, several of the
vulnerabililities found in 2001 are discussed, and some general
recommendations for the ssh user are offered.

Briefly, two major vendors of ssh products have emerged, SSH
Communications, who originally developed the software, and OpenSSH,
who produce an open-source derivative. When referring to the ssh
client from SSH Communications, the term Ssh will be used. When
referred to the OpenSSH client, the term OpenSSH will be used. This
is important as they sometimes do not share security
vulnerabilities. SSH1 refers to the version 1 protocol for ssh, and
SSH2 refers to the second version of the protocol.”


Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis