Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Markus Friedl (markusopenbsd.org)
Date: Tue Nov 13 2001 - 04:32:19 CST
On Mon, Nov 12, 2001 at 10:34:56PM +0000, Chris Evans wrote:
> Before the 1.0 release details, something potentially interesting: my next
> project. Before I start investigating the feasability, I want to judge the
> demand. I'm considering a "vssshd", which would be a very cut down/minimal
> server-only implementation of the ssh2 protocol. The intended audience
> would be paranoid people who want no-frills secure remote access. I'm not
> saying the current sshd implementations are insecure; however, their
> design leaves something to be desired. In particular there seems to be
> rather too much use of "root" (witness the severity of the deattack.c
> flaw). I am tempted to investigate the possibility of writing a minimal
> sshd where all protocol parsing and in particular SSL code runs as
> non-root in a chroot() environment.
protocol parsing is no the problem in openssh.
the problem is keeping compatibility with all current SSH versions.
another issue is the openssl code. another issue the support
for multiple unix systems.
doing a sshd that does only passwd auth and no forwarding at all
should be very simple.
i can try to strip openssh's sshd to this level if someone is