|Home||Switchboard||Unix Administration||Red Hat||TCP/IP Networks||Neoliberalism||Toxic Managers|
May the source be with you, but remember the KISS principle ;-)
Skepticism and critical thinking is not panacea, but can help to understand the world better
SSH1 and the SSH-1 protocol were developed in 1995 by Tatu Ylönen, a researcher at the Helsinki University of Technology in Finland as a more secure re-implementation of rsh. After his university network was the victim of a password-sniffing attack earlier that year, Ylönen whipped up SSH1 for himself. When beta versions started gaining attention, however, he realized that his security product could be put to wider use.
In July 1995, SSH1 was released to the public as free software with source code, permitting people to copy and use the program without cost. By the end of the year, an estimated 20,000 users in 50 countries had adopted SSH1, and Ylönen was fending off 150 email messages per day requesting support. In response, Ylönen founded SSH Communications Security, Ltd., (SCS, http://www.ssh.com/) in December of 1995 to maintain, commercialize, and continue development of SSH. Today he is chairman and chief technology officer of the company.
Also in 1995, Ylönen documented the SSH-1 protocol as an Internet Engineering Task Force (IETF) Internet Draft, which essentially described the operation of the SSH1 software after the fact. It was a somewhat ad hoc protocol with a number of problems and limitations discovered as the software grew in popularity. These problems couldn't be fixed without losing backward compatibility, so in 1996, SCS introduced a new, major version of the protocol, SSH 2.0 or SSH-2, that incorporates new algorithms and is incompatible with SSH-1. In response, the IETF formed a working group called SECSH (Secure Shell) to standardize the protocol and guide its development in the public interest. The SECSH working group submitted the first Internet Draft for the SSH-2.0 protocol in February 1997.
In 1998, SCS released the software product "SSH Secure Shell" (SSH2), based on the superior SSH-2 protocol. However, SSH2 didn't replace SSH1 in the field, for two reasons. First, SSH2 was missing a number of useful, practical features and configuration options of SSH1. Second, SSH2 had a more restrictive license. The original SSH1 had been freely available from Ylönen and the Helsinki University of Technology. Newer versions of SSH1 from SCS were still freely available for most uses, even in commercial settings, as long as the software was not directly sold for profit or offered as a service to customers. SSH2, on the other hand, was a commercial product, allowing gratis use only for qualifying educational and non-profit entities. As a result, when SSH2 first appeared, most existing SSH1 users saw few advantages to SSH2 and continued to use SSH1. As of this writing, three years after the introduction of the SSH-2 protocol, SSH-1 is still the most widely deployed version on the Internet, even though SSH-2 is a better and more secure protocol.This situation promises to change, however, as a result of two developments: a loosening of the SSH2 license and the appearance of free SSH-2 implementations.
The main was OpenSSH which is a derivative of the original free ssh 1.2.12 release from Tatu Ylönen. This version was the last one which was free enough for codebase reuse. Parts of OpenSSH still bear Tatu's license which was contained in that release. This version, and earlier ones, used mathematical functions from the libgmp library. That library was also included with these early ssh versions. The libgmp library is made available under the (LGPL) Lesser GNU Public Licence, although versions of that era were under the regular (GPL) GNU Public Licence.
Rapidly after the 1.2.12 release, newer versions bore successively more restrictive licenses, even though libgmp was still included and necessary for using the software. Earlier restrictive licenses forbade people from making a Windows or DOS version. Later licenses restricted the use of ssh in a commercial environment, instead requiring companies to buy an expensive version from Datafellows.
Early in 1999, Björn Grönvall re-discovered this particular release and started fixing bugs. His version of ssh is called OSSH and initially had only support for SSH 1.3 protocol. Word of mouth has it that OSSH has been integrated into some commercial products in Sweden. As of today, OSSH still does not have SSH 2 protocol support.
OpenBSD project members became aware of Björn's work less than two months before the OpenBSD 2.6 release. As they wanted to include support for the ssh protocol in the 2.6 release the fork the OSSH release, and pursue rapid development in the same way as the original OpenBSD security auditing process had happened. As a result of this, at the time of release many of the source code files were already at RCS revision 1.34, some as high as 1.66. Development went very fast indeed, since there was a deadline to meet. The following team members participated:
Therefore, the version of OpenSSH was based on these older versions of ssh 1.2.12, but with many bugs removed and newer features re-added:
This effort created the OpenSSH 1.2.2, which was shipped with OpenBSD 2.6 in December 1, 1999.
"OpenBSD announced... the launch of OpenBSD 2.6, the first computer operating system to integrate the free open source OpenSSH secure communication tools in the base system."
"OpenSSH is a free and reusable implementation of the SSH suite of network connectivity tools... OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other network-level attacks."
The soft-spoken developer, now in his mid-30s, has been handling the portable OpenSSH project for some years now; mapping of SSH versions on the internet show that something like 81.25 percent of the SSH servers are running OpenSSH.
OpenSSH is run by the OpenBSD project which is headed by Theo de Raadt. SSH or Secure Shell is a program used to log into another computer over a network, to execute commands in a remote machine, and to move files from one machine to another. It provides strong authentication and secure communications over insecure channels. OpenSSH is a free implementation of the program.
Miller, a Melbourne lad, joined the project in 1999, a month or so after it had kicked off. At the time, he was working for a Melbourne company, called Internet Business Solutions (IBS). "One of the main products which I worked on was a managed firewall service, basically deploying Linux boxes at customers' sites. There was software which enabled us or the customer to handle things like mail, firewall and, in some cases, web caching as well. They had a couple of hundred of these boxes around the country and I worked on the operating system side of things for them, effectively building a Linux distribution and writing the management software. The software helped them run it and let the network operations people administer it remotely as well. That's the place where my involvement with OpenSSH started."
There was a version of SSH available at the time, put out by a Finnish developer named Tatu Ylonen, but the licensing terms were rather restrictive. "It was initially a kind of permissive licence which said that you could do what you liked with it but if you changed the protocol you were not allowed to call it SSH anymore," Miller says.
"Then slowly others (restrictions) were added, like you can't sell it, you can't use it for any commercial use, you can only use it for academic or personal use. We were a small company and we couldn't afford a couple of hundred bucks worth of software to plonk on each of these machines. So I wrote a fairly horrible equivalent using the SSL protocol which kept us going until I heard of the OpenBSD project's work on creating OpenSSH. I had used OpenBSD once or twice back then; it didn't fulfill the need I had so I kept using Linux. But I took a bit more notice of OpenBSD once I heard of OpenSSH because this was something which useful to our company."
For Miller to dip his toes in these waters is rather far from his roots - he is a self-taught developer, one who, like many others, had an interest in computers in his young days but then turned to other interests until some years had passed.
"My parents got me my first computer when I was about eight," he says. "Back in those days, owning a computer was very conducive to learning how to program because they didn't do much unless you programmed them to do something or bought some software which wasn't particularly widely available in Australia.
"I learnt to program fairly young and I didn't really pursue it much after that. I learnt and then forgot about it and then picked it up again in my mid-20s when I was in arts school, studying film sound in RMIT. There I learnt that you could use computers to write music, so I dusted off what I knew and started doing that for a while.
"At the same time, this internet thing was gathering steam and you could use computers to publish information online. So I set up a web server and found myself helping a friend to publish a site. I didn't have any formal training, I kind of picked it up as I went along."
"They made one computer under the aegis of the BBC as an educational tool for schools. It was quite a fun machine on which to learn to program; it had a BASIC interpreter as most machines of the time did but it also had a built-in assembler. You very quickly realised that programming it in BASIC was an exercise in frustration and you'd very quickly have to learn to program it in assembly language which is probably the first introduction I got to how a computer really works."
Once the interest in programming was rekindled, Miller taught himself to program in C and that led to his first real job, helping a friend in Singapore set up a web hosting company. in about 1995-96, the time when the web was beginning to be exploited as a commercial medium. From there he switched to the Melbourne company, IBS.
Once Miller heard of what the OpenBSD project had done with SSH, he decided that this would be a great thing for IBS to use. The OpenBSD developers had taken the code from Ylonen's SSH with the least restrictions and cleaned it up. "Initially that meant fixing a lot of security bugs that had been found in the intervening years between the last free version and the time the OpenSSH guys picked it up. It also included porting it over to OpenSSL, adding some features and making it a part of a BSD system. They were a couple of months into this process when I heard about it and decided that this would be a great thing for us in our company if we could run it on our Linux products as well."
There were quite a few people involved in OpenSSH from the OpenBSD side. "There were Theo de Raadt, Niels Provos, Markus Friedl, Dug Song, Aaron Campbell, and possibly Todd Miller," he recalls. "I wasn't an OpenBSD developer or user, certainly not back then."
He released his patchset to make OpenSSH run on Linux. "Then I probably got an email from Theo saying 'you're doing it all wrong'," he says. "And buried among all the constructive criticism, was one suggestion: 'you're basically re-implementing things which we've solved in our implementation. Why don't you take our implementation and use that?'
They were talking about some safe string handling functions that they had implemented well and I had implemented badly for my Linux port of OpenSSH.
"The standard C library defines some functions for copying and concatenating strings; and the standard ones, some of them have got flaws, and some of them lend themselves to unsafe use from a security perspective. Fairly early in the OpenBSD project, Todd Miller devised some variants of these which had an API that is much more conducive to safe use. One of the first things which the OpenSSH developers did was convert over the code to use these safe functions. Most operating systems back then didn't have these as part of their standard C library. These days apart from Linux, most others have them."
Once he had released a version for Linux and posted a message about it to the BugTRAQ security mailing list, Miller started to get feedback. A lot of it was patches that people had devised to make OpenSSH run on their own operating systems. Pretty soon, he says, that one email resulted in something akin to a project. "That's basically how the portable OpenSSH project started. Since then I've basically tracked the OpenBSD releases, and made corresponding changes so that OpenSSH would work on other platforms. Initially, it was just Linux and Solaris but other platforms were added very quickly - AIX, HP-UX, SGI, the other BSDs, and some operating systems which I'd never heard of before. And these were all contributed by other people."
The response did not surprise Miller. "People had kind of gotten hooked on SSH when it was free and were kind of miffed when it was taken away from them. And you know once you have been given something free and then had it taken from you, that's kind of the heroin dealer's model of getting clients. It might work in some cases, but it doesn't work for everyone. So there was a bit of pent-up demand. My experience was mostly with people who used Linux but it was part of a wider culture, all free operating systems. People had gotten used to having high-quality software being available free. And SSH was a piece of software which was first free and then wasn't so it went against expectations."
Not long after, the project got its first legal threat. "I think it was in 2000 when we got our first legal threat from ssh.com, which was the commercialisation of the original version. They basically threatened us with trademark infringements, saying you can't call your software SSH because SSH is a trademark. It was a bogus claim for a number of reasons: SSH is a contraction of secure shell and the legal advice we had was that one could not trademark an acronym. And then ssh.com had a history of encouraging people to call compatible products ssh; there was an ssh implementation for the Palm Pilot and the author of that had correspondence with one of the principals behind ssh.com encouraging its use. Our legal advice also said that if one did not take steps to defend one's trademark, one was basically abandoning it.
"Thirdly, most amusingly for me, they had botched the registration of their trademark. They had trademarked it as a logo rather than as a word or a term. So unless we were using the word SSH on a purple blob or whatever it was, we were on pretty safe ground. Once this was pointed out to them, they backed off."
He says de Raadt received most of the legal threats. "And, of course, he didn't back down. It was good because you hear of a lot of free software projects which stop what they are doing because of some legal threat or another when basically, they have a perfect right to go on doing what they are doing. So it's good that Theo fought the good fight on that one."
By then, the OpenSSH project had a good implementation of the SSH protocol 1. "In the years since there had been an IETF (Internet Engineering Task Force) effort to standardise on a newer version of the protocol which fixed a bunch of cryptographic weaknesses and made it a bit more flexible, which was basically SSH protocol version 2," Miller says. "The commercial versions of ssh.com supported this protocol. Markus Friedl implemented pretty much all of it himself in OpenSSH in an amazingly short period. I think it was in 2001 or 2002 that we released a version of OpenSSH based on Markus's work which supported protocol 2."
Markus's implementation made OpenSSH compatible with the SSH put out by ssh.com and fixed some cryptographic problems, "not things which could lead to break-ins but things which scared cryptographers and people like me," says Miller. "It was a moving target because protocol version 2 did not get standardised until 2005."
In 2003, Niels Provos did some remarkable work on OpenSSH to implement what is known as privilege separation. Says Miller: "The typical style of writing a UNIX login process was to run it as root, the most privileged user on the system. This server would run as root for its whole lifetime. The justification for this was it needed to log people in, it needed to be able to write to logfiles, it needed to be able to set the user ids so that joe can log in as joe rather than as some other account. The problem was that that left the server exposed to any bug, it made it a very attractive target and any bugs that could be exploited would give someone highly privileged access to the system. There had been a few bugs in OpenSSH, a couple of which had resulted in break-ins."
Niels introduced some architectural changes. "He split it into a couple of processes, one handles interaction with the network, the cryptography and the passing of data from the network to the computer. All of the complicated and hairy stuff gets done there. And that's the part that most likely to have the security bugs in it. There's a whole lot of complicated stuff there, you're dealing with binary data which has come from somebody who may or may not be hostile and it's the path that an attacker gets to interact with basically. Niels took this part out, separated it out from the server and made it run without any particular privilege so that if an attacker broke into that they would not get superuser privileges. They would find themselves jailed in a part of the system which really would not give them access to anything."
However, OpenSSH still needs root access to do a lot of things. "So he separated the parts which require this kind of access into a smaller sub-program which hangs on to these privileges and acts as a server to that part of OpenSSH that deals with the network. When this unprivileged network-facing part of OpenSSH wants to log a user in, it goes and asks the privileged part to do what it needs to. And the privileged part performs checks - like has this user authenticated themselves properly? Because it's got a very narrow and tight interface with the unprivileged part, it's a lot more difficult to attack."
Other circumstances led to privilege separation being introduced fairly quickly. "We got notification that a security research company had found a nasty bug in OpenSSH and were going to release the details in a couple of weeks. So Theo and Niels had a choice. One was to wait a couple of weeks and do a coordinated release with these security researchers. They were going to release their findings as soon as we made our release. And if that had been done then it would have been easy to find, by examining the difference between the old release and the new one, what the bug was.
"Or we could release a version with privilege separation turned on by default which would reduce the severity of this security problem from a root compromise of a system running OpenSSH to a compromise of an unprivileged part of OpenSSH. Theo decided to release a version with privilege separation turned on by default. Quite a few people yelled at us for releasing a fairly major bit of functionality at short notice. Two weeks later the security researchers released their bug details and we had saved quite a few people from getting broken into."
Miller says that part of the reasoning behind this release was the fact that OpenSSH, even at this stage, 2003, was used widely. "Theo heard from someone who was responsible for maintaining the university network in Japan that over 2001 and 2002, we'd basically killed telnet and rsh on their network. The use of these old unencrypted login protocols had diminished in direct proportion to the use of SSH which was driven by OpenSSH."
From about 2001, Miller became an OpenBSD developer and started working on the core OpenSSH product as well, apart from being the chief of the portable OpenSSH project. These days he does most of the work on it and has been responsible for making the releases for a couple of years. He still runs most of the infrastructure for the portable version, the bug-tracking system and the mailing list and things like that.
"That brings up to the present day more or less where OpenSSH is mostly done and we think very hard when we're implementing a new feature, whether it's worth it in terms of stability and maintainability. The curse of having a mature bit of software like OpenSSH is that unless you are scrambling to include features not many people are willing to work on maintenance. We get bug-fixes from various places - some of the people who bundle up OpenSSH with their operating systems send us fixes."
For the last two years, Miller has been working as a software engineer with Google. "I don't have a formal degree as an engineer. The downside of that is that I've had to go back and learn a lot of the boring but important fundamentals that you get by doing a computer science degree. I probably would have been a lot more productive ten years back had I done that. But you can fix these things up in retrospect. I probably could have been a more effective developer earlier had I done a degree. but teaching myself things has given me a perspective which has its own value."
He doesn't find this lack of a formal degree a disadvantage when attending a job interview. "Maybe (it was a disadvantage) 10 to 12 years ago. But these days, I think people look at results and being involved with OpenSSH and a few other free software projects is a tangible thing that I can point to. I think anyone who has any significant involvement in developing free software is instantly employable. If nothing else, it's a sign of real interest and eagerness and it demonstrates something that a degree cannot."
Though Miller is now an OpenBSD developer, he still keeps Linux around. "I use it for work and on my wife's laptop. I really came to like OpenBSD shortly after I started working on OpenSSH. It's a very developer-friendly project. The whole operating system is engineered as a cohesive whole. It's very easy to polish any bit that annoys you in any way and very easy to get changes submitted. Working on Linux and submitting changes back I've found to be a lot more difficult - you're dealing with half a dozen different projects if you're making a change to anything."
He says Linux gets all the buzz because of the huge headstart the project had. "I think Linux got a huge headstart because of all the legal problems in the original BSD project. When Linux was kind of a toy operating system - and I don't mean that in a pejorative sense - and it didn't really do much, BSD was a more or less complete system. Had it not been for the lawsuits, we'd probably all be using BSD instead of Linux today."
Miller has no problems with the BSD licence which allows people to take a snippet of code, use it in proprietary software and lock it away. "I don't see locking away code as necessarily a bad thing. If they are using our code, then they are not going to make the same mistakes that we made initially, so especially with security software, that's a good thing. If people take what we've made and make a better product, that's fine. They haven't taken anything away from us."For example, the version of SSH in the iPhone is our code which has been turned into a commercial product. But it doesn't take anything away from us. We do it because we enjoy it and because it makes our lives and other people's lives better.
He doesn't feel that if someone is benefitting from his work that others should benefit from that person's work. "There's an ethical imperative that they do that. I don't think that it should be in the form of a legal requirement."
These days, Miller is kept busy by his two-year-old son, Hugo. His wife, Simone, is not a technical person. "I met her through friends. I have a lot of friends, most of them have nothing to do with IT.
"Nowadays my interests are pretty much limited to being a dad. I used to like going running and watching movies, reading, and travelling. That's a bit limited but it's slowly becoming more possible as our son's becoming a lot more self-sufficient."
Simone, he says, has been incredibly tolerant. "She's put up with noisy computers under desks and me getting up at odd hours to deal with people in different timezones. Her tolerance has certainly made it possible for me to do a lot of what I've done."
Right now, work with OpenSSH is pretty much only maintenance. "We had a pretty large release a few months ago because we had two hackathons, one in Japan and the other in Canada, where we got quite a bit of OpenSSH work done. Quite a bit of that was bug-fixing; we made a real effort to bash away at the bug list. Some of these bugs dated back as much as seven years and they were real recalcitrant ones which we had to bash our heads together to fix. We added some new features as well, things which people had asked for for some years and which we finally got around to adding. That was our biggest release in years, we probably won't do another one like that for a while."
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2018 by Dr. Nikolai Bezroukov. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info|
The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.
Last modified: March, 12, 2019