[OmniOS-discuss] Switching to OpenSSH
Eric Sproul
esproul at omniti.com
Mon Jul 15 18:31:08 UTC 2013
On Mon, Jul 15, 2013 at 2:12 PM, Paul B. Henson <henson at acm.org> wrote:
> The openbsd crew has a pretty good reputation on security; I'm not sure what
> issues the portability layer might lay on top of the native privilege
> separation model, but I still think I'd rather go with "actively maintained"
> over "about as dead as a doornail" ;).
No question about that. The only issue in my mind is whether the
"actively maintained" piece is the standard, upstream portable OpenSSH
or a resurrected SunSSH (because we require it for some reason) that
is actively kept up within some reasonable tolerance to the upstream
version.
>
> Are you guys thinking about it some point dropping SunSSH from omnios and
> bundling in standard OpenSSH? I'd definitely be a +1 on that :), sunssh has
> been falling by the wayside as openssh continues to introduce new features,
> and it's annoying to have disparity between illumos based servers and my
> other boxes.
>
> As far as upstream, do you think it would be better to try and get them to
> swap out sunssh for openssh too, or maybe it would be better to just drop
> ssh completely from illumos-gate and have that be a distribution add-on like
> other user space utilities?
I think if we can demonstrate that upstream OpenSSH "just works" as a
replacement for SunSSH, that would bolster the effort to remove it
from illumos-gate. I'm not sure what other obstacles may lurk there
(integration with other major subsystems, like internationalization
maybe.) That's why I'd like to encourage others to try it on their
OmniOS systems. I'm fairly confident the typical
login-for-remote-access will work fine-- it's the other, more
esoteric, use cases that I haven't thought of that I'm not sure about.
Eric
More information about the OmniOS-discuss
mailing list