Master copy is at:
Last updated: 2009-08-31

SSH-Protocol Software for Sundry Platforms

Maintained by Rick Moen,

Summary: You no longer have any excuse for using telnet!

SSH clients
are available for BeOS, Java, Java MIDP, Macintosh OS, OpenVMS, OS/2, PalmOS, MS-DOS, SymbianOS all Unixes, Windows Mobile / WinCE, Amiga OS, Cisco IOS, z/OS (MVS), iPhone, BlackBerry, VxWorks, Microsoft Win32 (Win9x/WinME/WinNT/Win2k/WinXP/Vista), and Microsoft Win16. Note that any OS with a Java virtual machine can run the free-software Java clients — even MS Windows 3.1 and MS Windows CE. (Beware that some ssh v. 2.0-protocol clients do not include support for ssh 1.x-protocol servers.)
SSH servers
are available for all Unixes, OS/2, OpenVMS, Cisco IOS, z/OS (MVS), VxWorks, BlackBerry, SymbianOS, iPhone, Java, and Win32.

Protocol family support by OS platform follows. (Each OS's name links to a page of detailed listings.)

OS 2.0 1.5
BlackBerry FC, PCS FC, PC
Cisco IOS - PCS
Mac OS v. < 10 FC, PC FC, PC
PalmOS - PC
Unix incl. MacOS X FCS, PCS FCS, PCS
Win16 PC PC
Windows Mobile (WinCE) PC FC, PC


("Proprietary" in the software context means non-open-source.)

Notes / To Do:

Needs something about ssh-agent[2], ssh-add[2], ssh-keygen[2], ssh-askpass[2] (all client-side), ssh-signer2.

Timeline for release numbers, protocol versions, forks, licence changes, third-party implementations.

See also:

make-ssh-known-hosts, ssh-keyscan at and Related:

Script for PPP over SSH:

Speed issues; protocol choice (e.g., twofish-cbc, blowfish). list archive.*/ssh List archive by month, 1996-09 through 1999-09. List 1996-12 to present. List's recent posts, only.

Crypto regulation? Russia, Iraq, Pakistan, France, USA.

Users within France's jurisdiction currently may not legally use encryption supporting >128 bit encryption. "SSF" is an adaptation of Ylönen's SSH limited to 128 bits: The lifting of all remaining restrictions on usage within France is also expected (having been urged by Prime Minister Lionel Jospin on January 19, 1999). Regulatory site:

On platforms where there's no scp, can do "cat file | ssh host 'cat > file'". (Works over telnet, too.)

RSAREF/RSAREF2 limitations, performance problems, security problems. RSAREF has 1024-bit limit, limiting server ssh_host_key to at most 896 bits if RSAREF-based clients must be able to connect to it.

RSA patent (RSADSI, subsidiary of Security Dynamics, Inc.) in the USA _was_ scheduled to expire 2000-09-20 or 2000-09-21, and encumbered the RSA algorithm — but was contributed to the public domain on 2000-09-06. Lesser trademark & copyright issues remain. (On 1995-06-08, as part of an international Agreement on grade-Related Aspects of Intellectual Property, accompanying the Uruguay Round GATT, and passed on 1994-12-08, Public Law # 103-465 took effect modifying the US Patent Code, 35 USC 154. USA patent terms were changed from 17 years from date of issuance to 20 years from earliest application date. The 17-year RSA patent predated this change.) Better RSA implementation: Eric Young's OpenSSL (formerly SSLeay); independent implementation, which thus has no RSADSI copyright issue.

IDEA: US Pat. No. 5,214,703, applied for 1991-05-16, issued 1993-05-25 to James Massey and Xuejia Lai (Ascom Tech AG). Will expire 2010-05-25. European Patent Office (covering Austria, France, Germany, Italy, Netherlands, Spain, Sweden, Switzerland, United Kingdom) patent # 0482154, applied for 1991-05-16, issued 1993-06-30, expires 2011-05-16. Japan patent # 508119/1991, applied for 1991-05-16, still pending. Patent rights are held/administered by iT-SEC Systec Ltd.,

.shosts / .rhosts

PKI for distributing 2.0-protocol public keys with certificates, e.g., via OpenPGP. Equivalent to SSL 3.0 / TLS. Still need a means to distribute root certificate. v. 1 protocol limited to distribution of known_hosts files, or you have to live with possibility of man-in-the-middle attack during first exchange.

Is DSS/DSA based on Diffie-Hellman? (No, it seems.) Does it implement the El Gamal fix? (El Gamal appears to be supported separately.)

X.509 standard for certificates (recommended). ssh-dss standard (required). spki (optional). pgp / OpenPGP (optional).

IETF ssh1.5 draft standard IETF ssh2 draft standard IETF ssh2 sftp draft standard

IETF working group formed after an informal BOF on 1996-12-11 at the 37th IETF conference in San Jose. Majordomo list:

Note theoretical buffer-overflow attack against Kerberos5-enabled ssh 1.2.26: OpenSSH uses the KTH Kerberos v4 implementation, and is not vulnerable. That implementation has the advantage over MIT's Kerberos v5 implementation that it checks for suid-root programs opening arbitary ticket files. Ylönen SSH 1.2.27 sidesteps/masks the problem by disabling kerberos authentication if the ssh client is installed suid-root. (If ssh client isn't suid-root, .shosts authentication doesn't work.) Ylönen's (SSH Communications Security's) for Win32 doesn't. KTH = Kungl Tekniska Högskolan (Royal Institute of Technology), Stockholm, Sweden. KTH Kerberos:

Look up stream ciphers v. block ciphers. (Done.) (The former are not supported by OpenSSH.) Ordinarily, DES and IDEA are purely block ciphers, but Ylönen SSH uses them in CFB = stream-cipher mode without any reset operation. TCP over TCP situation?

As of Ylönen's (SSH Communications Security's) v. 2.1, F-Secure Corporation has no licence to sell the new SSH Win32 client, or other new SSH Communications products.

ssh 1.x: features are requested by the client. ssh 2.0: Server can (e.g.) force compression enabled. More differences at

Info on one RSAREF2 security hole, and that library's licence, at

Ylönen's 1.2.13 came out 1996-02-10 (increments ssh version to 1.3). 1.2.12 came out 1995-12. SSH 1.0 issued 1995-07-12. Right around the issuance of 1.2.13, the files for 1.2.1 through 1.2.12 were removed from the main SSH ftp site and its mirrors. The history of this is a little murky, but it may have been pursuant to the commercial distribution agreement signed between Ylönen's company, SSH Communications Security, Ltd. and Data Fellows, Ltd. (now F-Secure Corporation) at that time, when slightly more restrictive licensing was introduced. The licence was changed again starting with 1.2.28, requiring payment for any use in a commercial setting.

Functional Win9x ports were not possible until late 1996, when Mark Solinski <> wrote a fix to Win95's defective GetFileType function, which balked on sockets:

sftp and scp variants: To quote Markus Friedl:

openssh's scp command uses the RCP protocol over both SSH1 and SSH2. openssh's sftp command uses the SFTP protocol over both SSH1 and SSH2.'s sftp command uses the SFTP protocol over SSH2.'s scp2 command uses the SFTP protocol over SSH2.

So you cannot use openssh's scp to talk to a server, since they do not support the RCP protocol (unless you install a scp1 binary from openssh or from the ssh-1.2.x software).

The public key formats of's SSH and OpenSSH are different and incompatible. They can, however, be converted.

More clients:

Copyright (C) 2000-2009, Rick Moen,