[OmniOS-discuss] Switching to OpenSSH

Tue Jul 16 02:08:52 UTC 2013

OpenSSH 6.2p1 + HPN patches from 2013Q2 (http://pkgsrc.joyent.com/packages/SmartOS/2013Q2/x86_64) 
Looking at the pkgsrc source for security/openssh, the patches that are there are for Interix, which tells me OpenSSH should be just fine in illumos. (IMO, It might be good to incorporate the HPN patches for performance reasons)

By default from pkgsrc, the privsep model is sandbox and seems to be working fine. 

I haven't tested the auditing support; will do that later in the week as time permits.

-- 
Carlos

On Monday, July 15, 2013 at 2:15 PM, Tim Rice wrote:

> On Mon, 15 Jul 2013, Paul B. Henson wrote:
> 
> > * sunssh is integrated into the Solaris auditing framework
> > 
> > * sunssh uses the Solaris cryptographic framework rather than openssl, which
> > historically gave it access to hardware acceleration that openssh didn't use,
> > but I think openssl supports the same framework now
> > 
> > I think the only real killer would be the auditing support, if somebody was
> > leveraging that.
> > 
> 
> 
> Back in the OpenSSH 4.0 days we see this in the ChangeLog
> 20050220
> - (dtucker) [LICENCE Makefile.in (http://Makefile.in) README.platform audit-bsm.c configure.ac (http://configure.ac)
> defines.h] Bug #125: Add *EXPERIMENTAL* BSM audit support. Configure
> --with-audit=bsm to enable. Patch originally from Sun Microsystems,
> parts by John R. Jackson. ok djm@
> 
> We're on 6.2 now.
> Let us know if something is not working right.
> 
> -- 
> Tim Rice Multitalents
> tim at multitalents.net (mailto:tim at multitalents.net)
> 
> 
> _______________________________________________
> OmniOS-discuss mailing list
> OmniOS-discuss at lists.omniti.com (mailto:OmniOS-discuss at lists.omniti.com)
> http://lists.omniti.com/mailman/listinfo/omnios-discuss
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omniosce.org/ml-archive/attachments/20130715/4a40e942/attachment.html>