Totally agree! It's not worth trying to maintain OpenSSH,Kerberos,PAM. It's smarter to let Sun maintain SunSSH. If there is something that really needs to be fixed or added to SunSSH, then file a bug or RFE. As for the banner issue, all SSH implentations I've used have a banner:)
-Octave --- [EMAIL PROTECTED] wrote: > > >Darren wrote: > >> Why not ? Why can't OpenSolaris just be as quick as OpenBSD ? > > > >When there is a problem with OpenSSH, does the Sun team investigate > >whether it affects their forke d code base? If so, don't they have > to > >port the fix and then do regression testing? Doesn't this ta ke > time? > > Yes, and we also forward port new features. > > And while it may take time there's no reason why our investigation > should start after the OpenSSH fixes have been released. > > >I believe that knowing a machine's OS could possibly help an > attacker > >exploit version-specific security vulnerabilities. > > How do you exploit OS version specific vulnerabilities if all you can > connect to is SSH? And if you can connect to SSH, how much trouble > do you think it is to try all exploits in order? > > >> Have you actually read the SSH protocol specification ? > > > >No, I'm not an SSH developer. But UNIX admins are often in a > position > >to decide which SSH implemen tation to use. It might be interesting > to > >read a "how to" document that illustrates the SunSSH enha nced > >functionality with practical examples. But until the real benefits > >outweigh a perceived risk, I will continue to replace SunSSH with > >OpenSSH. > > Darren's suggestion about reading the protocol spec was to make > clear why it is we cannot change the banner strings. > > IT IS A REQUIREMENT OF THE SSH SPEC TO INCLUDE IMPLEMENTATION AND > VERSION > INFORMATION IN THE BANNER. > > If you change the version string, interoperability ceases and SSH no > longer works. > > I'm not sure what benefit you perceive from using an implementation > of SSH which is less well integrated (barely working PAM and other > missing items) considering the additional maintenance burden > it places on you. > > Casper > _______________________________________________ > opensolaris-discuss mailing list > [email protected] > *********************************** * Octave J. Orgeron * * Solaris Infrastructure Architect* * http://unixconsole.blogspot.com * * [EMAIL PROTECTED] * *********************************** __________________________________________ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com _______________________________________________ opensolaris-discuss mailing list [email protected]
