From owner-freebsd-net@FreeBSD.ORG Fri Jun 13 19:02:58 2008 Return-Path: Delivered-To: net@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C3F921065672 for ; Fri, 13 Jun 2008 19:02:58 +0000 (UTC) (envelope-from oberman@es.net) Received: from postal1.es.net (postal4.es.net [IPv6:2001:400:6000:1::66]) by mx1.freebsd.org (Postfix) with ESMTP id 55A278FC21 for ; Fri, 13 Jun 2008 19:02:58 +0000 (UTC) (envelope-from oberman@es.net) Received: from ptavv.es.net (ptavv.es.net [198.128.4.29]) by postal4.es.net (Postal Node 4) with ESMTP (SSL) id TZP15857; Fri, 13 Jun 2008 12:02:57 -0700 Received: from ptavv.es.net (ptavv.es.net [127.0.0.1]) by ptavv.es.net (Tachyon Server) with ESMTP id 0B4AE4500E; Fri, 13 Jun 2008 12:02:56 -0700 (PDT) To: Garrett Wollman In-Reply-To: Your message of "Fri, 13 Jun 2008 14:43:39 EDT." <18514.49115.708560.587859@hergotha.csail.mit.edu> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_1213383776_53832P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Fri, 13 Jun 2008 12:02:56 -0700 From: "Kevin Oberman" Message-Id: <20080613190256.0B4AE4500E@ptavv.es.net> X-Sender-IP: 198.128.4.29 X-Sender-Domain: es.net X-Recipent: ;;; X-Sender: X-To_Name: Garrett Wollman X-To_Domain: bimajority.org X-To: Garrett Wollman X-To_Email: wollman@bimajority.org X-To_Alias: wollman Cc: Kris Kennaway , net@FreeBSD.org Subject: Re: ssh window X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jun 2008 19:02:58 -0000 --==_Exmh_1213383776_53832P Content-Type: text/plain; charset=us-ascii Content-Disposition: inline > Date: Fri, 13 Jun 2008 14:43:39 -0400 > From: Garrett Wollman > Sender: owner-freebsd-net@freebsd.org > > < said: > > > Garrett Wollman wrote: > >> Am I the only one who would be happier if openssh were not in the base > >> system at all? > > > Quite possibly :) > > > I don't think it's at all viable to ship FreeBSD without an ssh client > > in this day and age. > > If that were what I had suggested, you might have a point. I'm want > FreeBSD to ship with an ssh client, too. I just want it shipped as a > package, so that it's easier to delete when I'm ready to replace it > with one that meets my requirements (about an hour after install). > Having it be easier to update when there's a security issue would be > an added bonus. Replacing the base ssh with the port is utterly trivial. You already are setting configuration options, so OVERWRITE_BASE is no more than a few key presses and a one-liner in make.conf or src.conf is pretty trivial. V7---Add "WITHOUT_OPENSSH=" to /etc/src.conf Pre-V7--=-Add "NO_OPENSSH=" to /etc/make.conf That is all it takes. We use SmartCards for authentication, so I already have a bunch of systems that are configured this way. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 --==_Exmh_1213383776_53832P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) Comment: Exmh version 2.5 06/03/2002 iD8DBQFIUsRgkn3rs5h7N1ERAmpZAKCdvYUce/MRDxu2kIFkrKsjfQfk+wCeNUtf JqOQJLDn0IwMhZE6yJDdsj8= =ctW2 -----END PGP SIGNATURE----- --==_Exmh_1213383776_53832P--