Re: OpenSSH3.5p1 vs. Commercial SSH 3.2

From: Richard E. Silverman (slade@shore.net)
Date: 01/28/03 

From: slade@shore.net (Richard E. Silverman)
Date: 28 Jan 2003 09:34:40 -0500

>>>>> "NKG" == Nico Kadel-Garcia <nkadel@bellatlantic.net> writes:

    NKG> For the same reasons POP2 and POP3 are on different ports. Using
    NKG> the same port means a bit of nastiness working out which protocol
    NKG> you want to use, based on negotiating the order of preferences,
    NKG> which protocols your client supports, which protocols your server
    NKG> supports, and then poking around for appropriate public keys if
    NKG> those are in use.

These issues all have nothing to do with whether we use a separate port.
They would still exist and need to be addressed if the protocols were on
separate ports, except that you'd have the added complication that the
client would have to try two different TCP connections to figure out which
protocol versions the server supports instead of one. In fact it could
end up being worse, since if a server did not support one protocol it
would often have that port blocked off with a firewall which silently
drops packets, causing a lenghty delay while the connection attempt timed
out. How is any of this a win over the current situation?

    NKG> The feature sets of each protocol are fairly significantly
    NKG> different: using the same one has complicated a lot of setups,
    NKG> especially for the ssh.com code which used the "ssh1 must be
    NKG> installed first and detected at compilation time to install the
    NKG> ssh2 daemon with support for ssh1" approach to the
    NKG> world.

Again, this is an implementation issue: there is NO connection whatsoever
between the decision to keep both protocol versions on the same well-known
port, and ssh.com's decision on how to implement their protocol 1
support. None at all. Why do you keep implying that one caused the other?
I don't get it. 

-- 
  Richard Silverman
  slade@shore.net

Relevant Pages

  • Re: Processs PreciseMail AntiSpam Gateway - any experience so far ?
    ... >>This protocol is designed to be used between domain Email Service ... > randomly generated the port number and communicated that back to the sender ... > before closing the connection. ... if the receiver ESP can make that work. ...
    (comp.os.vms)
  • Re: NetworkFacade 0.4
    ... This means that the protocol is similar to DRb, but different, ... with regards to connection caching and what happens if connections are ... can be made in both directions down the same socket. ... hostname and a port on the firewall which forwards inbound connections. ...
    (comp.lang.ruby)
  • Re: How do I configure ISA server to allow access to computer game server
    ... How to Allow Third-Party Internet Application Connections Through ISA Server ... > Protocol Definitions and define a protocol (port to open). ... > first port the primary connection and then specify the remaining posts as ...
    (microsoft.public.isa)
  • Re: To allow inbound traffic from a specific ip
    ... create a new protocol for ... specify in the Primary connection in the Protocol field TCP ... TCP, and the direction as inbound, and the port range that you seen, note ...
    (microsoft.public.isa.configuration)
  • Re: HTTPhandlers
    ... debates weather or not HTTP is a suitable protocol is not what I am looking ... I need to know how I can have a TcpListener listen on port 80 eventhough IIS ... > which you make the request to do the connection with the user and maintain ... >> HTTP is a stateless protocol. ...
    (microsoft.public.dotnet.framework)