>>Thus :
>>
>> http://polaris.blastwave.org/browser/on/trunk/usr/src/cmd/ssh/ssh/ssh.c
>>
>> First thing I notice :
>>
>> * Author: Tatu Ylonen <[EMAIL PROTECTED]>
>> * Copyright (c) 1995 Tatu Ylonen <[EMAIL PROTECTED]>, Espoo, Finland
>> * All rights reserved
>>
>>And then this :
>>
>>/*
>> * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
>> * Use is subject to license terms.
>> */
>
> Yes, coyright notices are generally additive. (All people who
> modify code have/hold copyright)
A mildly silly concept that has done little good for mankind. Great
for making money .. but I digress.
>>What were the reasons behind this new Sun SSH as opposed to OpenSSH that
>>all the Linux users and regular [1] people are generally using.
>
> Several reasons:
>
> - lack of proper PAM support and lack of willingness to fix
> PAM support
An absolute necessity. That's clear.
> - lack of BSM support
Abundantly clear to me now.
> - lack of i18n support
Not so clear but .. yes .. I see.
> - lack of gss-api support
Even less clear but I'll defer to your superior knowledge.
> - OpenSSH primary development is a OpenBSD specific
> variant which is then ported to various platforms
> (or shoehorned into a portable version)
That is also clear. The OpenSSH site seems to be real clear on this
and the packages released by various places are the "portable" edition
with a letter "p" stuck in there. Hence the OpenSSH 4.3p designation:
http://www.blastwave.org/packages.php/openssh
> we believed that the requirements for these were very strong and
> indeed unconditional; unfortunately, we have no control over
> patches being taken back. Because of the lack of BSM in Linux
> and the Lack of a proper pam stack in others, this was somewhat
> difficult to achive (not to mention i18n)
<rant>
The Linux centric thinking is a pox and a pestilence upon the open
source world. I am personally sick of seeing so much code that compiles
in a flash on Linux but needs hours of work within the UNIX world.
</rant>
I see your point there also. Clearly.
> (This is from memory; those who know better can correct me if I am
> wrong)
>
>>If this Sun SSH is a variation on the OpenSSH then why was the code NOT
>>pushed upstream such that the recent OpenSSH 4.3p2 has all the same
>>features, functions and BSM integration ?
>
> We can push as hard as we like, but we cannot force changes to
> be accepted.
What was the show stopper ?
At the very least some IFDEFs surely would have enriched the quality
of the code.
#ifdef(__sun) __unix __sparc __i386 __SUNPRO __SVR4
something surely could have been done to get these features and enhancements
into the code.
Soulds like the OpenSSH people stonewalled for some reason.
>>Is the current Sun SSH that we see in Solaris 10 and Solaris Nevada
>>essentially the same as what we had in Solaris 9 or was there some fork
>>in the road with the Solaris 10 release? This is not really an important
>>question as we are past this now.
>
> No; as witnessed by the Sun SSH S10 backport to S9, we made a lot
> of changes to the SSH version in Solaris 10.
yep .. too true. OKay .. I should have known that but I rarely see
Solaris 9 anymore. Seems like theres a world of Solaris 8 users and
bunches of new Solaris 10 users with a vanishing middle class of Solaris
9 people. At least that based on my observations.
>>Lastly, what are the real reasons why a number of the ciphers are not
>>included in the Solaris 10 shipping product, the current wos and even
>>our most recent Solaris Nevada Community Release?
>
> Some implementations can be encumbered (using arcfour was difficult
> and there was an implied implemnetation key length limit which we are
> now trying to lift)
I have no clue who uses arcfour anyways. The higher level crypto key
lengths would seem to be obvious choices for government workers. Lets
face it, the new SunRay unit with a fibre network port wasn't created
at 100MB/sec ( not gigE ) because its faster. Its becuase you can't
sniff its traffic with an induction transducer. One would think that
the longer crypto keys in SunSSH are needed too. That explains the
separate SUNWcry package downloads. Where are they ?
--
Dennis Clarke
_______________________________________________
opensolaris-discuss mailing list
[email protected]
