OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
FreeBSD Security Archives: Re: OpenSSH protocol 1.6 proposal

Re: OpenSSH protocol 1.6 proposal

Subject: Re: OpenSSH protocol 1.6 proposal
From: Garance A Drosihn (drosihrpi.edu)
Date: Sun Jan 02 2000 - 11:20:34 CST

At 2:39 PM -0500 1/1/00, Keith Stevenson wrote:
>On Sat, Jan 01, 2000 at 01:49:22PM -0500, Brian Fundakowski Feldman wrote:
> > Let me know what you all think!
>
>
>First of all, allow me to thank you for all of the work you have done
>maintaining OpenSSH for FreeBSD. I am looking forward to its entry
>into the base tree. (I'm also planning to convert from SSH to OpenSSH
>on all my systems as soon as it is feasible.)
>
>That said, the prospect of having a FreeBSD specific branch of OpenSSH
>disturbs me. I manage an extremely heterogeneous Unix environment and
>eventually hope to have OpenSSH running an all of my systems.

I wouldn't mind having a freebsd-specific branch of OpenSSH, but I am
uneasy that this is being proposed so soon after OpenSSH appeared. They
are still in the process of rapid development, and I'd like to see their
work settle down a bit before the freebsd project decides it "must"
branch.

We've all lived with the deficiencies of the ssh1 protocol for several
years now, and my guess is that we could live a few more months with it
to see if openSSH gets something closer to the version 2 protocol working.
I have a much bigger problem trying to interrupt a flood of output to my
ssh session (due to cat-ing the wrong file, for instance), then I have
with malicious interceptors trying playback attacks (or any other kind
of attacks). A control-channel for interrupts would be of much more
practical benefit to me.

I am also uneasy about a fork at this time because I use ssh on multiple
platforms. I do understand that your change is backward-compatible,
but what good is an improvement which only happens between a half-dozen
freebsd boxes I have, if it isn't going to be on the 300-400 aix, irix,
and solaris boxes which is where I'm making most of my connections to?
I have some optimism that the OpenSSH project will track cross-platform
issues (maybe not "supreme confidence", but "optimism"). If freebsd is
going to fork so soon, is it also going to track cross-platform issues?
My guess is "they won't be a priority".

The actual change you're proposing seems fine to me (not that I'd know
enough to debate the issues anyway...). I'm just uneasy that we couldn't
let openssh settle down a bit before considering forks. (note that I'm
also assuming that openSSH will find itself forking from the original
protocols to address deficiencies, so I'd like any freebsd-version to
catch those changes before adding more improvements).

You asked what for our thoughts. The above are mine. Note that my
thoughts are unrelated on how easy or hard it is to work with Theo,
or much of anyone else on the planet. I'm not going to debate that
topic at all, as that would certainly be an utterly fruitless debate.

And as Keith noted, I do appreciate the work to get OpenSSH into the
freebsd world so rapidly. 

---
Garance Alistair Drosehn           =   gadeclipse.acs.rpi.edu
Senior Systems Programmer          or  drosihrpi.edu
Rensselaer Polytechnic Institute

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

This archive was generated by hypermail 2b27 : Sun Jan 02 2000 - 11:21:29 CST