[OmniOS-discuss] common-factor key exchange

Paul B. Henson henson at acm.org
Sun Nov 30 03:06:52 UTC 2014


On Fri, Nov 28, 2014 at 04:19:36PM +0100, Richard PALO wrote:

> this seems to be a known issue for sun ssh.

I don't think anybody is maintaining the sun ssh fork in illumos :(. So
it's just going to get more and more obsolete.

Personally, I think the sun fork should just get dropped from
illumos-gate and openssh be added in by distributions. As I recall,
there were three motivations for the original sun fork; sun engineers
didn't agree with the way upstream decided to do privsep, they added in
RBAC support, and more support for solaris auditing features.

I'm not really qualified to comment on the difference of opinion
regarding privsep, but I think I'd take an upstream maintained version
over an abandoned one 8-/. And I don't use any of the RBAC/audit
features, although perhaps somebody does.

Hmm, interesting, I see omnios does have network/openssh and
network/openssh-server packages in the OS repo, I didn't realize that.
Any thoughts on making those the default for an install rather than the
native illumos ssh packages? Perhaps I'm biased by my own needs, but it
seems an up to date ssh implementation would be of more general use than
an outdated one with a few sun specific features.



More information about the OmniOS-discuss mailing list