begin Atro Tossavainen quotation:
> I guess the working assumption from Tatu and the rest of the SSH folks
> was that everyone would be moving to SSH2 and backward compatibility
> would not be an issue.
Tatu and co., by dint of hard work, have made some very compelling
arguments for that migration. However, this matrix of available
software (from diverse authors, not just SSH Communications Security,
Ltd. and F-Secure Corporation) will perhaps partially explain
protocol 1.5's persistence:
Highest protocol version supported in software that is:
Straight Gratis-Usage for Unconditional
Proprietary Non-Commercial Gratis-usage Open-source [1]
----------- -------------- ------------ -----------
Clients
=======
Amiga OS 1.5 1.5 none none
BeOS - 1.5 none none
Java - - none 1.5 [2]
Macintosh OS 2.0 - 1.5 none
OpenVMS - - - 1.5
OS/2 2.0 1.5 none none
PalmOS - - 1.5 none
Unix 2.0 2.0 - 2.0
Win16 2.0 1.4 none none
Win32 2.0 2.0 1.5 2.0
WinCE 1.5 none - none
Servers
=======
OpenVMS - - - 1.5
OS/2 - 1.5 none none
Unix 2.0 2.0 none 2.0
Win32 - 2.0 none 2.0
The constituent packages are detailed in my list at
http://linuxmafia.com/pub/linux/security/ssh-clients . (Hey, I had a
few minutes to kill, so I thought I'd summarise my list in tabular
form.)
> More bugs have been found and corrected than in ssh2 so far, of course.
And there are known structural weaknesses in the 1.x protocols.
[1] As is defined by the Open Source Initiative at
http://www.opensource.org/osd.html . The three columns leftwards are
breakdowns of all non-open-source categories, i.e., different classes of
proprietary licences.
[1] Mats Andersson says MindTerm will soon support secsh 2.0.
--
Cheers, "Censeo Toto nos in Kansa esse decisse."
Rick Moen -- D. Gale
rick (at) linuxmafia.com