Available Versions

SSH is currently available for free in several different versions - at least three versions for Unix, and at least two free ones for Windows. Version 1 of SSH is available for free for non-commercial use, but is under a more restrictive license than the Gnu Public Licence. It is maintained by SSH Communications Security Limited - although they intend to drop support for SSH 1 soon. Version 2 is being maintained and developed by the same people, including Tatu Ylönen who originally wrote SSH - like SSH, it's available free for non-commercial and educational use, but the license is still not GPL.

There is also the OpenSSH project currently under way. It was developed by the OpenBSD people, under the OpenBSD licence. OpenSSH has port forwarding with the same command line as SSH 1, although X forwarding is disabled at installation for security reasons with the RPM packages of OpenSSH that we worked with. Most versions also rely on OpenSSL, so you should have that installed before you try to install OpenSSH.

In the Windows world, you can use TTSSH or PuTTY to connect to an SSH server. TTSSH supports port forwarding both from the GUI and the command line. PuTTY doesn't seem to support forwarding at all yet, but it's still beta. There are also pay versions of SSH for Windows available (primarily from F-Secure, who are directly associated with SSH Ltd.), but we won't be discussing these. We will be addressing SSH v1 on Unix, and to some extent connecting to Unix from Windows clients.

SSH is available from ftp.ssh.com:/pub/ssh as a tarball. RedHat and other users of rpm packages might be able to get ssh and openssh from rpmfind.net, but major distribution vendors don't seem to be contributing, so make sure you trust the source of the package. In the case of cryptography packages like this one, they used to link to www.replay.com. Replay is now Zedz.net, and rpmfind no longer links to them. To the best of our knowledge, Zedz.net's service is still sound: you can find packages at ftp://ftp.zedz.net/pub/crypto/redhat/i386/ . Binary packages are available for other distributions as well. If you're really serious about your cryptography, you'll get the sources, check the PGP signature, check the source for backdoors, and compile it yourself. However, that's a fairly arduous task, and not what we're here to discuss.