Mailing List Archive

Hash: SHA1

Thanks to Michael H. Warfield <> for reminding me of
the need for upgrade instructions. The following text will be included
in the UPGRADING file in the next release:

Niels & Markus - have I missed anything? Feel free to adapt this for
your own purposes if you so desire.

Damien Miller

- ----------

OpenSSH is almost completely compatible with the commercial SSH 1.2.x.
There are, however, a few exceptions that you will need to bear in
mind while upgrading:

1. OpenSSH does not support any patented transport algorithms.

Only 3DES and Blowfish can be selected. This difference may manifest
itself in the ssh command refusing to read its config files.

Solution: Edit ssh_config and select a different "Cipher" option
("3des" or "blowfish"). "3des" is the default and is considered the
most secure, "blowfish" is significantly faster.

2. Old versions of commercial SSH encrypt host keys with IDEA

The old versions of SSH used a patented algorithm to encrypt their
ssh_host_key files.

This problem will manifest as sshd not being able to read its host

Solution: You will need to run the *commercial* version of ssh-keygen
over the host's private key:

ssh-keygen -u /path/to/ssh_host_key

3. Incompatible changes to sshd_config format.

OpenSSH extends the sshd_config file format in a number of ways. There
is currently one change which is incompatible.

Commercial SSH controlled logging using the "QuietMode" and
"FascistLogging" directives. OpenSSH introduces a more general set of
logging options "SyslogFacility" and "LogLevel". See the sshd manual
page for details.

- ----------

- --
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller -
| Email: (home) -or- (work)

Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see

Re: UPGRADING text [ In reply to ]
In message <>, Dami
en Miller writes:
>Niels & Markus - have I missed anything? Feel free to adapt this for
>your own purposes if you so desire.
yes, the upgrading.txt is good information. We will probably use it
for the FAQ.