Personally, I feel that there are many pluses to the Sun version of SSH(Kerberos, GSS-API, etc). Besides, I'd rather call Sun up for a patch than to have to recompile, package, deploy every time OpenSSH breaks.
But I do agree that the features in Sun's SSH and OpenSSH should be insync. Sun should work very closely with the OpenSSH folks because there have been times where Sun's verion of SSH has not been vulnerable to issues in OpenSSH due to the code reviews and modifications. This has also been the case going the other way. I know that recently, the Sun kerberos tree was synced with MIT's. I think a similiar sync should be done with OpenSSH to keep everyone happy. I don't think this is impossible if there are enough ppl at Sun working on this. It's such a critical part of Unices today, that Sun should pay more attention to it. Octave --- Mike Bo <[EMAIL PROTECTED]> wrote: > Greetings - > While Sun ships SSH as part of Solaris now, I don't use it for a > couple reasons... > > First, Sun support is great. However, there are frequent revisions to > OpenSSH. When time is of the essence, like immediately following the > discovery of a weakness, OpenSSH is going to be patched almost > immediately. With all due respect to Sun, I don't think they can > possibly be as responsive. > > Second, when you connect to a Sun supplied sshd (try "telnet host > 22"), it identifies itself as "SSH-2.0-Sun_SSH_1.1". Sorry, but I > don't want any of my machines identifying what OS they are running - > especially if they are accessible from the Net. (I'm aware that > certain peculiarities of TCP stack behavior can also tell a smart > hacker what OS is being run, I just don't like advertising.) > > Building OpenSSH is fairly easy and it's worth the trouble for my > piece of mind. I wonder how other admins feel about this... > > I believe the latest stuff is OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct > 2005. Get the components you need at http://www.openssh.org, > http://www.openssl.org, http://www.zlib.org. > Best regards, > mikebo > This message posted from opensolaris.org > _______________________________________________ > opensolaris-discuss mailing list > [email protected] > *********************************** * Octave J. Orgeron * * Solaris Infrastructure Architect* * http://unixconsole.blogspot.com * * [EMAIL PROTECTED] * *********************************** __________________________________ Yahoo! for Good - Make a difference this year. http://brand.yahoo.com/cybergivingweek2005/ _______________________________________________ opensolaris-discuss mailing list [email protected]
