[OpenIndiana-discuss] Replacing OI 151 ssh with OpenSSH 5.9?

Gary gdriggs at gmail.com
Wed Jan 18 22:59:46 UTC 2012


On Wed, Jan 18, 2012 at 2:22 PM, Bill Sommerfeld wrote:

> They're needed so that sshd correctly uses solaris's version of PAM and audit
> and other subsystems like that.

OpenSSH/portable already works with Solaris' PAM and default projects.
But the latest documentation I can find on SunSSH is here:

"These parts of SunSSH 1.5 are quite different from OpenSSH code:

    PAM
    GSS-API
    privilege separation implementation
    auditing code
    g11n (not present in OpenSSH)
    we support HW acceleration through the OpenSSL PKCS#11 engine by default"

http://hub.opensolaris.org/bin/view/Community+Group+security/SSH

However, the only Solaris specific change I'm seeing for OpenSSH
portable in regards to Solaris in the last couple of years is a mod
for project support;
ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog

So I'm not seeing a whole lot of incentive for me to stick with SunSSH
since I can't even easily find documentation of what's been patched in
SunSSH in the past 2-3 years. Unless someone's claiming that OpenSSH
just doesn't work with Solaris' implementation of PAM...?

q.v. http://blogs.oracle.com/janp/entry/sunssh_and_openssl_enhancements_in,
and https://www.google.com/search?q=site%3Amail.opensolaris.org+SunSSH



More information about the OpenIndiana-discuss mailing list