Re: OpenSSH3.5p1 vs. Commercial SSH 3.2

From: Nico Kadel-Garcia (nkadel@bellatlantic.net)
Date: 01/28/03 

From: "Nico Kadel-Garcia" <nkadel@bellatlantic.net>
Date: Tue, 28 Jan 2003 14:03:30 GMT

"Richard E. Silverman" <slade@shore.net> wrote in message
news:m1lu1ftcrnw.fsf@syrinx.oankali.net...
> >>>>> "NKG" == Nico Kadel-Garcia <nkadel@bellatlantic.net> writes:
>
> NKG> Yeah, this little bit of silliness is really painful to cope
> NKG> with. It's a *different protocol*. They *should* have put it on a
> NKG> different port, and we've been paying the price for years now....
>
> As we've discussed before Nico, I just don't see your reasoning here.
> These two issues have nothing to do with one another. Putting protocols 1
> and 2 on separate ports is unnecessary, since they share an initial
> version identifier which allows both sides to select a compatible
> version; there is no interoperability problem. And in any case, this "bit
> of silliness" (ssh.com using an external program for SSH-1 support rather
> than integrating it) is an *implementation* issue, which has nothing to do
> with the protocol definition or which port it's running on. I just don't
> understand what you're on about with this.

For the same reasons POP2 and POP3 are on different ports. Using the same
port means a bit of nastiness working out which protocol you want to use,
based on negotiating the order of preferences, which protocols your client
supports, which protocols your server supports, and then poking around for
appropriate public keys if those are in use.

The feature sets of each protocol are fairly significantly different: using
the same one has complicated a lot of setups, especially for the ssh.com
code which used the "ssh1 must be installed first and detected at
compilation time to install the ssh2 daemon with support for ssh1" approach
to the world. Pfaugh....

At least OpenSSH did this correctly with a single well-written daemon to
monitor a single port.

Relevant Pages

  • Re: Sql Express (Build 2047) XP SP2 not listening
    ... I've rechecked all of teh settings in teh Sql Configuration Utility ... Protocols for SQLEXPRESS and Client Protocols. ... Is there somewhere else to set this other that heh Sql Configuration ... SqlExpress and the Client Protocols to TCP and port 1433. ...
    (microsoft.public.sqlserver.connect)
  • Re: skills for mastering border security (firewalls,ips etc)
    ... First, understand the protocols. ... different programs using port 80 for everything but knowledge of the ... Learn all of the latest penetration testing techniques in InfoSec Institute's Ethical Hacking class. ... Totally hands-on course with evening Capture The Flag exercises, Certified Ethical Hacker and Certified Penetration Tester exams, taught by an expert with years of real pen testing experience. ...
    (Security-Basics)
  • Re: unsual entry using ipchains -nL
    ... The ports shown are HTTP, Telnet, ... Two of the three major IP protocols specify port numbers ...
    (comp.os.linux.security)
  • Re: Firewalls Supporting Protocols
    ... this drifted way off topic with nitpicking about protocols. ... > protocols such as FTP for rewriting of packet data such as the PORT ... PORT commands and responses to PASV commands in order to transiently open ...
    (comp.security.firewalls)
  • RE: Need More iptable Rules
    ... > Fedora will not take ipp or afp as protocols. ... TCP or UDP with that port. ... You'll want to find out whether afp uses TCP or UDP, ...
    (Fedora)