djm at mindrot
Nov 15, 1999, 1:02 PM
Post #1 of 2
-----BEGIN PGP SIGNED MESSAGE-----
Thanks to Michael H. Warfield <mhw [at] wittsend> for reminding me of
the need for upgrade instructions. The following text will be included
in the UPGRADING file in the next release:
Niels & Markus - have I missed anything? Feel free to adapt this for
your own purposes if you so desire.
OpenSSH is almost completely compatible with the commercial SSH 1.2.x.
There are, however, a few exceptions that you will need to bear in
mind while upgrading:
1. OpenSSH does not support any patented transport algorithms.
Only 3DES and Blowfish can be selected. This difference may manifest
itself in the ssh command refusing to read its config files.
Solution: Edit ssh_config and select a different "Cipher" option
("3des" or "blowfish"). "3des" is the default and is considered the
most secure, "blowfish" is significantly faster.
2. Old versions of commercial SSH encrypt host keys with IDEA
The old versions of SSH used a patented algorithm to encrypt their
This problem will manifest as sshd not being able to read its host
Solution: You will need to run the *commercial* version of ssh-keygen
over the host's private key:
ssh-keygen -u /path/to/ssh_host_key
3. Incompatible changes to sshd_config format.
OpenSSH extends the sshd_config file format in a number of ways. There
is currently one change which is incompatible.
Commercial SSH controlled logging using the "QuietMode" and
"FascistLogging" directives. OpenSSH introduces a more general set of
logging options "SyslogFacility" and "LogLevel". See the sshd manual
page for details.
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm [at] mindrot (home) -or- djm [at] ibs (work)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----