[OmniOS-discuss] Switching to OpenSSH

[Paul B. Henson]

On 7/15/2013 6:48 AM, Eric Sproul wrote:

> The packaging situation is less important than discovering whether
> stock OpenSSH is an acceptable drop-in replacement for SunSSH.  I
> would love to see more people take a crack at running the stock
> version in their environments so we can find out how well it works (or
> doesn't).  SunSSH is pretty deeply embedded within illumos-gate, and I
> think the biggest obstacle to updating or replacing it is the
> (apparent) lack of qualified people to evaluate the ramifications of
> any changes to, e.g. the privsep model, which is the biggest
> difference from upstream OpenSSH.

The openbsd crew has a pretty good reputation on security; I'm not sure 
what issues the portability layer might lay on top of the native 
privilege separation model, but I still think I'd rather go with 
"actively maintained" over "about as dead as a doornail" ;).

Are you guys thinking about it some point dropping SunSSH from omnios 
and bundling in standard OpenSSH? I'd definitely be a +1 on that :), 
sunssh has been falling by the wayside as openssh continues to introduce 
new features, and it's annoying to have disparity between illumos based 
servers and my other boxes.

As far as upstream, do you think it would be better to try and get them 
to swap out sunssh for openssh too, or maybe it would be better to just 
drop ssh completely from illumos-gate and have that be a distribution 
add-on like other user space utilities?