[plug] OpenSSH and security holes

Christian christian at global.net.au
Tue Dec 14 09:18:59 WST 1999 

On Mon, 13 Dec 1999, Leon Brooks wrote:

> >> OpenSSH was split from standard SSH at the last free version, then all
> >> patent-encumbered stuff stripped out. This would naturally include RSA.
> >> It uses OpenSSL, not the BSD libraries, for SSL.

Of course OpenSSH uses RSA -- this is complete nonsense.  As for using
"OpenSSL not the BSD libraries", OpenSSL *IS* the OpenBSD SSL library I
believe.  Read ssl(8) on an OpenBSD system if you don't believe me.
 
> > Unfortunately it doesn't quite work like that.
> 
> Actually, it does. There's only one tree, which uses OpenSSL.

No Leon, it doesn't.

<record type=broken> OpenSSL/SSH use RSA.  And RSA comes in two*
implementations:  RSAREF and the independent, OpenSSL one.  RSAREF is for
the US (non-commercial users)  and the independent, OpenSSL version is for
non-US people.  If you're a non-commercial user in the US then you MUST
use RSAREF, it is illegal to do otherwise.  (If you're a commercial user
I'm not sure whether you are restricted as to which implementation you use
or not -- but either way you have to pay for using the patented algorithm
so RSADSI probably don't care!) Since the OpenSSL implementation is better
than the RSAREF one, OpenBSD distributes two versions for each
implementation depending on whether the end-user is in the US or not.  If
the Linux port of OpenSSH only uses OpenSSL then it would be illegal to
use it in the US.  Another option would be to only distributed RSAREF
(non-OpenSSL) implementations.  If they do this then your OpenSSH is
vulnerable to the security problem already cited by Matt and myself (which
was the point of what I was trying to explain to you originally). 
Alternately they may use two distribution methods like OpenBSD does in
which case you will want to check which RSA implementation you are using
(what I also said originally).
</record>

I (really) hope this clears things up.  If you're still confused then read
ssl(8)  on an OpenBSD system and also read Theo de Raadt's posting to
BUGTRAQ and openbsd-misc entitled "2.6 sslUSA security problem". 

Regards,

Christian.

* Of course RSA comes in more than two implementations but for the
purposes of this discussion there are only two relevant categories.

============================================================================
"Those who do not understand Unix are condemned to reinvent it, poorly."
                					-- Henry Spencer

More information about the plug mailing list