> Excuse me, but isn't that the way the current SSH2 license is worded
> already?
>
> Yes, we do have some faculty members and grad students, but the majority
> of the population in my place of employment survives on research and
> development funded by government or commercial entities. How much safer
> will the network actually be if I can only provide SSH to the pure,
> non-commercial faculty and students? The majority of computers on a
> university network will still be just as vulnerable and not protected.
> And if users utilize the same passwords between protected and
> non-protected platforms, the use of SSH is nullified.
Please let me clarify. Universities will be allowed to use SSH Secure
Shell also for research, administration, etc. Generally very
liberally (probably without any exceptions).
The details of the new license are currently being worked on to make
them match the new university grant. It will be posted here in a few
days as soon as it is ready.
> OpenSSH has been free to all for quite some time. And there are enough
> free version 1 Windows clients like TTSSH to make it a viable
> alternative. The licensing is not an issue; it is why I have not
> migrated to version 2. Why didn't SANS offer to help the development of
> what was already free rather than chase after a product that will still
> have restrictions on "commercial" use for universities?
Please remember that you need an RSA patent license to use SSH1, but
not for SSH2.
OpenSSH is based on my version from back in 1995 or 1996. The OpenSSH
folks have fixed many of the (security) bugs in that version, but not
all of them when I last checked. Some of the problems in SSH1 are
very fundamental.
I do not recommend use of OpenSSH (or SSH1 generally, for that matter).
Regards,
Tatu
--
SSH Communications Security http://www.ssh.com/
SSH IPSEC Toolkit http://www.ipsec.com/
SSH Secure Shell http://www.ssh.com/ssh
