OpenSSH Goals

Our goal is simple: Since telnet and rlogin are insecure, all operating systems should ship with support for the SSH protocol included.

The SSH protocol is available in two incompatible varieties: SSH 1 and SSH 2.

The older SSH 1 protocol comes in two major sub-variants: protocol 1.3 and protocol 1.5. Both are supported by OpenSSH, but disabled at compile time due to their insecurity. Both of these use the asymmetric cryptography algorithm RSA (for which the USA patent has expired, allowing full use by everyone) for key negotiation, and then use a short list of symmetric algorithms for data hiding: 3DES and Blowfish. (There used to be a few other algorithms like RC4, but their implementations had even worse security problems). Some SSH 1 protocol implementations also support the IDEA symmetric algorithm, but since this algorithm is patented in some nations, OpenSSH ships without support for IDEA. OpenSSH code including full SSH 1.3 and SSH 1.5 protocol support shipped on December 1, 1999.

The SSH 1 protocol uses a simple CRC for data integrity, which turns out to be flawed. An insertion attack is known to be possible, however, due to a number of bandaids which have been applied to SSH implementations over the years, attacks against it are very difficult to perform. When the 3DES cipher is used, the insertion attack is significantly less possible.

The second major variety of SSH is the SSH 2 protocol. SSH 2 was invented to avoid the patent issues regarding RSA (patent issues which no longer apply, since the patent has expired), to fix the CRC data integrity problem that SSH1 has, and for a number of other technical reasons. By using the asymmetric DSA and DH algorithms, protocol 2 avoids all patents. The CRC problem is also solved by using a real HMAC algorithm. The SSH 2 protocol supports many other choices for symmetric ciphers, as well as many other new features.

OpenSSH relies on the LibreSSL library for some of its cryptographic routines, AES-GCM being one example.

Continuing that trend, the OpenBSD project members who worked on OpenSSH made a push at supporting the SSH 2 protocol as well. This work was primarily done by Markus Friedl. Around May 4, 2000, the SSH 2 protocol support was implemented sufficiently to be usable.