SUMMARY: Sun SSH vs OpenSSH

From: Christopher L. Barnard <cbar44_at_tsg.cbot.com>
Date: Thu Feb 09 2006 - 17:10:15 EST
I asked:

> I have a question about Sun SSH vs OpenSSH.  When vulnerabilities are
> discovered and an alert is sent by CERT, IW, FSISAC, SAGE, etc, it indicates
> the vendor and version of software that is vulnerable.  Whenever the alert
> has to do with ssh, it indicates several vendors, but never Sun.  My
> understanding is that Sun SSH is based upon a version of OpenSSH.  The fact
> that Sun SSH is never mentioned in these alerts gives me the impression that
> the Sun SSH is not kept up to date.  So if one wants to keep abreast of
> security issues with the ssh protocol, use OpenSSH and not Sun SSH?

The results:

Pretty much half and half.  There are strong arguements for and against
both the SunSSH and OpenSSH.  Some of the arguements:

* Any vulnerability in OpenSSH is evaluated by Sun, and if it is pertinent
  a patch is issued for SunSSH.
* The versioning/revision control for Sun SSH is horrid.  With OpenSSH
  one can look at the version number and instantly know if it is current.
* SunSSH has the appropriate hooks for their auditing/quota/logging
  solutions.
* OpenSSH can be updated much much faster, since new code is released
  within hours of the announcement of a vulnerability.  Sun patches can take
  up to a month.

Thanks to all who replied.

+-----------------------------------------------------------------------+
| Christopher L. Barnard         O     When I was a boy I was told that |
| cbarnard@tsg.cbot.com         / \    anybody could become president.  |
| (312) 347-4901               O---O   Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard                --Clarence Darrow |
+----------PGP public key available via finger or PGP keyserver---------+
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Thu Feb 9 17:10:54 2006

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:55 EST