Project Goals

The SSH protocol is available in two incompatible varieties: SSH 1 and SSH 2.

The older SSH 1 protocol comes in two major sub-variants: protocol 1.3 and protocol 1.5. Both are supported by OpenSSH. Both of these use the asymmetric cryptography algorithm RSA (for which the USA patent has expired, allowing full use by everyone) for key negotiation, and then use a short list of symmetric algorithms for data hiding: 3DES and Blowfish. (There used to be a few other algorithms like RC4, but their implementations had security problems). Some SSH 1 protocol implementations also support the IDEA symmetric algorithm, but since this algorithm is patented in some nations, and because the other two supplied algorithms are sufficient, OpenSSH ships without support for IDEA.

The SSH 1 protocol uses a simple CRC for data integrity, which turns out to be flawed; an insertion attack is known to be possible, however due to a number of bandaids which have been applied to SSH implementations over the years, attacks against it are very difficult to perform. When the 3DES cipher is used, the insertion attack is significantly less possible. (We may solve this soon).

The second major variety of SSH is the SSH 2 protocol. SSH 2 was invented to avoid the patent issues regarding RSA (patent issues which no longer apply, since the patent has expired), and to fix the CRC data integrity problem that SSH1 has, and for a number of other technical reasons. By using the asymmetric DSA and DH algorithms, protocol 2 avoids all patents. The CRC problem is also solved by using a real HMAC algorithm. SSH 2 protocol supports many other choices for symmetric ciphers, as well as many other new features.

OpenSSH code including full SSH 1.3 and SSH 1.5 protocol support shipped on December 1, 1999.

For many of its cryptography features, OpenSSH relies on the non-GPL'd OpenSSL library.

Almost immediately after we shipped our SSH 1 protocol implementation, various non-OpenBSD groups got very, very interested. Damien Miller, Philip Hands, and handful of others started porting OpenSSH to Linux and various other Unix operating systems. From the start of our own efforts, we have felt that even the original SSH implementation was too complicated; it simply had too many operating system dependencies to deal with. Our approach to writing completely secure and rock solid code avoids dealing with excessive differences like that. Thus, to make the entire development process easier on us all, we decided to split our core development efforts from portability developments. This has worked out very well for us. (As a case in point, compare the number of lines of code between the baseline and portable versions).

Continuing that trend, the OpenBSD project members who worked on OpenSSH made a push at supporting the SSH 2 protocol as well. This work was primarily done by Markus Friedl. Around May 4, 2000, the SSH 2 protocol support was implemented sufficiently to be useable.

Are you still using "in the clear" logins?