I remember when ssh appeared in the early builds of Solaris 9 and I was pretty happy about that. There are definitely differences between the OpenSSH and the SunSSH code bases. The three things I point out as show stoppers for anyone trying to shoe horn OpenSSH into Solaris are:
- PAM integration.. somewhat broken. - BSM integration.. shaky at best. - GSS-API/Kerberos broken Now that OpenSolaris has synced up with the MIT Kerberos, it may simply be a matter of fixing the BSM components in OpenSSH. I haven't tried this, so it's really anyones guess. I do know the biggest complaint from OpenSSH users are the differences in command line flags and features. There are some things that are missing from the SunSSH that are in the OpenSSH and vice-verse. It's unfortunate that the OpenSSH folks have not been interested in fixing this relationship. Perhaps this can be patched up now that the BSD's are benefiting from OpenSolaris (Dtrace and ZFS)? Octave --- [EMAIL PROTECTED] wrote: > > >Thus : > > > > > http://polaris.blastwave.org/browser/on/trunk/usr/src/cmd/ssh/ssh/ssh.c > > > > First thing I notice : > > > > * Author: Tatu Ylonen <[EMAIL PROTECTED]> > > * Copyright (c) 1995 Tatu Ylonen <[EMAIL PROTECTED]>, Espoo, Finland > > * All rights reserved > > > >And then this : > > > >/* > > * Copyright 2004 Sun Microsystems, Inc. All rights reserved. > > * Use is subject to license terms. > > */ > > Yes, coyright notices are generally additive. (All people who > modify code have/hold copyright) > > >What were the reasons behind this new Sun SSH as opposed to OpenSSH > that > >all the Linux users and regular [1] people are generally using. > > Several reasons: > > - lack of proper PAM support and lack of willingness to fix > PAM support > - lack of BSM support > - lack of i18n support > - lack of gss-api support > - OpenSSH primary development is a OpenBSD specific > variant which is then ported to various platforms > (or shoehorned into a portable version) > > we believed that the requirements for these were very strong and > indeed unconditional; unfortunately, we have no control over > patches being taken back. Because of the lack of BSM in Linux > and the Lack of a proper pam stack in others, this was somewhat > difficult to achive (not to mention i18n) > > (This is from memory; those who know better can correct me if I am > wrong) > > >If this Sun SSH is a variation on the OpenSSH then why was the code > NOT > >pushed upstream such that the recent OpenSSH 4.3p2 has all the same > >features, functions and BSM integration ? > > We can push as hard as we like, but we cannot force changes to > be accepted. > > >Is the current Sun SSH that we see in Solaris 10 and Solaris Nevada > >essentially the same as what we had in Solaris 9 or was there some > fork > >in the road with the Solaris 10 release? This is not really an > important > >question as we are past this now. > > No; as witnessed by the Sun SSH S10 backport to S9, we made a lot > of changes to the SSH version in Solaris 10. > > >Lastly, what are the real reasons why a number of the ciphers are > not > >included in the Solaris 10 shipping product, the current wos and > even > >our most recent Solaris Nevada Community Release? > > > Some implementations can be encumbered (using arcfour was difficult > and there was an implied implemnetation key length limit which we are > now trying to lift) > > Casper > _______________________________________________ > opensolaris-discuss mailing list > [email protected] > *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Octave J. Orgeron Solaris Systems Engineer http://www.opensolaris.org/os/community/sysadmin/ http://unixconsole.blogspot.com [EMAIL PROTECTED] *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ opensolaris-discuss mailing list [email protected]
