Ian Bicking: the old part of his blog

Re: Centralized vs. Decentralized 2

What's wrong with SSH? If your goal is to support authenticated write access, using SSH makes a lot more sense than trying to hack together your own cryptographically sound transport mechanism. You should also support anonymous read access, of course.

Comment on Centralized vs. Decentralized 2
by Aaron Bentley


Working with ssh via TortoiseSVN on Windows is not endearing to ssh. Of course in this case it's my own fault for not having an https access method to the repository... which is to say, it's my fault for not using the superior server support Subversion provides via HTTP. Anyway, ssh doesn't make for a very good, complete experience. SSH servers and clients are not as easy to abstract or build upon as with other protocols, so actually building ssh support into the server and client is rather hard, and you end up with hacky (IMHO) command-line solutions.

# Ian Bicking

I think you're talking more about bad ssh use than problems with ssh, itself. If you're building your own protocol, layering it on top of SSH takes care of security. If you just want access to files, sftp comes with SSH and is capable-- much nicer than http for filesystem access.

# Aaron Bentley

SSH requires OS level user accounts. That's just not possible in many situations.

# Stephen

Not true. Nothing in the SSH protocol requires OS-level accounts.

Admittedly implementations of it that don't require OS-level accounts are rare, but they exist. For instance, Canonical provides SFTP space for Bazaar archives (and soon Bazaar-NG branches) for anyone with a Launchpad (https://launchpad.net/) account. These are then mirrored to the world via HTTP.

We implement this SFTP server using Twisted's Conch SSH library, and I can assure you we don't create OS-level accounts for every Launchpad user :) ... it was actually surprisingly easy to use Conch for this.

# Andrew