OpenSSH Project History and Credits

Project History and Credits

OpenSSH is a derivative of the original free ssh 1.2.12 release from Tatu Ylönen. This version was the last one which was free enough for reuse by our project. Parts of OpenSSH still bear Tatu's license which was contained in that release. This version, and earlier ones, used mathematical functions from the libgmp library. That library was also included with these early ssh versions. The libgmp library is made available under the (LGPL) Lesser GNU Public Licence, although versions of that era were under the regular (GPL) GNU Public Licence.

A combined licence for all the pieces is available at http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/LICENCE.

Rapidly after the 1.2.12 release, newer versions bore successively more restrictive licenses, even though libgmp was still included and necessary for using the software. Earlier restrictive licenses forbade people from making a Windows or DOS version. Later licenses restricted the use of ssh in a commercial environment, instead requiring companies to buy an expensive version from Datafellows.

Early in 1999, Björn Grönvall re-discovered this particular release and started fixing bugs. His version of ssh is called OSSH and had only support for SSH 1.3 protocol. Word of mouth has it that OSSH has been integrated into some commercial products in Sweden. As of today, OSSH still does not have SSH 2 protocol support.

OpenBSD project members became aware of Björn's work less than two months before the OpenBSD 2.6 release. We wanted to include support for the ssh protocol in the 2.6 release, but we had to make sure that it was perfect. Therefore, we decided to immediately fork from the OSSH release, and pursue rapid development in the same way as the original OpenBSD security auditing process had happened. As a result of this, at the time of release many of the source code files were already at RCS revision 1.34, some as high as 1.66. Development went very fast indeed, since we had a deadline to meet.

The following team members participated:

Theo de Raadt (CANADA) started by removing non-portabilities which made the code harder to read -- the goal being simpler source code, so that security holes and other issues could be spotted easier.
Niels Provos (GERMANY but living in USA) quickly removed the remaining cryptographic and GPL'd components by doing road trips to Canada, so that we could end up with a completely freely reusable source code base.
Markus Friedl (GERMANY) jumped in and very quickly managed to replace the SSH 1.3 protocol code from the 1.2.12 release, with a SSH 1.5 protocol implementation compatible with the modern "ssh 1.2.27" series (this change was needed to operate with a lot of SSH-compatible Windows clients which lack support for SSH 1.3 protocol). His implementation is now used in OSSH. He added SSH 1.5 protocol support in such a way that SSH 1.3 protocol support remained operational. Later, he also added support for SSH 2 protocol and SFTP.
Bob Beck (CANADA) helped with Makefile magic to ensure that we could compile OpenSSL without patented algorithms; because OpenBSD 2.6 was shipping before the RSA patent expiration date, we needed to ship our CD with libssl and libcrypto shared libraries which lacked RSA. At install time, the user was able to replace these libraries via FTP/HTTP over the Internet. Luckily this kind of hackery is no longer needed.
Aaron Campbell (CANADA) improved numerous documentation flaws and a few other code problems. It is mostly due to him that the manual pages are so complete.
Dug Song (USA) helped with some authentication issues in the KerberosIV case (his changes were carefully checked to ensure they stayed away from any cryptography, and only touched on authentication issues).

Therefore, the version of OpenSSH was based on these older versions of ssh 1.2.12, but with many bugs removed and newer features re-added:

has all components of a restrictive nature (i.e. patents, see ssl) directly removed from the source code; any licensed or patented components are chosen from external libraries (e.g. OpenSSL).
contains added support for KerberosIV authentication and ticket passing.
supports one-time password authentication with skey.
And hundreds of other changes that people can spot in the new man pages, and in the source code changes.

That marked the OpenSSH 1.2.2 release, which was shipped with OpenBSD 2.6 in December 1, 1999. As of that time, most OpenSSH development had been done by Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de Raadt, and Dug Song. We thank the many people who have found bugs and reported them.

Porting OpenSSH

Almost immediately after we shipped our protocol 1 implementation, various non-OpenBSD groups got very, very interested. Damien Miller, Philip Hands, and handful of others started porting OpenSSH to Linux and various other Unix operating systems. From the start of our own efforts, we have felt that even the original ssh code was too complicated, it simply had too many operating system dependencies to deal with. Our approach to writing completely secure and rock solid code avoids dealing with excessive differences like that. Thus, to make the entire development process easier on us all, we decided to split our core development efforts from portability developments. This has worked out very well for us. (As a case in point, compare the number of lines of code between the baseline and portable versions).

SSH 2 Protocol Support

With the OpenBSD 2.6 release out of the way, Markus Friedl decided to pursue SSH 2 protocol support. Slaving away for months, he managed to keep OpenSSH slim and lean, while at the same time managing to turn it into a single piece of software that could do both the SSH 1 and SSH 2 protocols. This version, called OpenSSH 2.0, shipped with OpenBSD 2.7 on June 15, 2000. Most of the checking of Markus' changes were done by Niels Provos and Theo de Raadt. Bob Beck is to be thanked for updating OpenSSL to a newer version.

SFTP Support

Support for the server side of the SFTP sub-protocol was written by Markus Friedl and released in the 2.3.0 release, in November 2000. Soon after, Damien Miller started work on an sftp client, which first shipped in 2.5.0.

Scanning SSH Server Versions

To facilitate the monitoring of deployed SSH servers, e.g. for a company network, Niels Provos wrote the scanssh tool. scanssh scans a list of addresses and networks for running SSH servers and their version numbers. It supports random selection of IP addresses from large network ranges and is useful for gathering statistics on the use of SSH servers in a company or the Internet as whole. The statistics include the SSH protocol supported, and the software versions that are being used.

scanssh is being used to gather statistics about the deployment and use of the SSH protocol on the Internet. The measurements allow insights into the distribution of the different SSH protocols and the market penetration of particular server versions.

SSH: Completely free at last.

www@openbsd.org
$OpenBSD: history.html,v 1.35 2004/12/22 02:06:00 david Exp $