Date: Sun, 2 Jan 2000 12:20:34 -0500 From: Garance A Drosihn <drosih@rpi.edu> To: Brian Fundakowski Feldman <green@FreeBSD.ORG> Cc: security@FreeBSD.ORG Subject: Re: OpenSSH protocol 1.6 proposal Message-ID: <v04210103b49530a9c448@[128.113.24.47]> In-Reply-To: <20000101143951.A4719@osaka.louisville.edu> References: <Pine.BSF.4.10.10001011324420.756-100000@green.dyndns.org> <20000101143951.A4719@osaka.louisville.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
At 2:39 PM -0500 1/1/00, Keith Stevenson wrote: >On Sat, Jan 01, 2000 at 01:49:22PM -0500, Brian Fundakowski Feldman wrote: > > Let me know what you all think! > > >First of all, allow me to thank you for all of the work you have done >maintaining OpenSSH for FreeBSD. I am looking forward to its entry >into the base tree. (I'm also planning to convert from SSH to OpenSSH >on all my systems as soon as it is feasible.) > >That said, the prospect of having a FreeBSD specific branch of OpenSSH >disturbs me. I manage an extremely heterogeneous Unix environment and >eventually hope to have OpenSSH running an all of my systems. I wouldn't mind having a freebsd-specific branch of OpenSSH, but I am uneasy that this is being proposed so soon after OpenSSH appeared. They are still in the process of rapid development, and I'd like to see their work settle down a bit before the freebsd project decides it "must" branch. We've all lived with the deficiencies of the ssh1 protocol for several years now, and my guess is that we could live a few more months with it to see if openSSH gets something closer to the version 2 protocol working. I have a much bigger problem trying to interrupt a flood of output to my ssh session (due to cat-ing the wrong file, for instance), then I have with malicious interceptors trying playback attacks (or any other kind of attacks). A control-channel for interrupts would be of much more practical benefit to me. I am also uneasy about a fork at this time because I use ssh on multiple platforms. I do understand that your change is backward-compatible, but what good is an improvement which only happens between a half-dozen freebsd boxes I have, if it isn't going to be on the 300-400 aix, irix, and solaris boxes which is where I'm making most of my connections to? I have some optimism that the OpenSSH project will track cross-platform issues (maybe not "supreme confidence", but "optimism"). If freebsd is going to fork so soon, is it also going to track cross-platform issues? My guess is "they won't be a priority". The actual change you're proposing seems fine to me (not that I'd know enough to debate the issues anyway...). I'm just uneasy that we couldn't let openssh settle down a bit before considering forks. (note that I'm also assuming that openSSH will find itself forking from the original protocols to address deficiencies, so I'd like any freebsd-version to catch those changes before adding more improvements). You asked what for our thoughts. The above are mine. Note that my thoughts are unrelated on how easy or hard it is to work with Theo, or much of anyone else on the planet. I'm not going to debate that topic at all, as that would certainly be an utterly fruitless debate. And as Keith noted, I do appreciate the work to get OpenSSH into the freebsd world so rapidly. --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04210103b49530a9c448>