[OmniOS-discuss] OmniOS Bloody update
Lauri Tirkkonen
lotheac at iki.fi
Thu Sep 17 12:15:05 UTC 2015
On Thu, Sep 17 2015 13:54:56 +0200, Jim Klimov wrote:
> Is there some defimitive list of functional difference between OpenSSH
> vanilla and SunSSH as of today (given the latter started as a fork of
> the former, IIRC)? Am I wrong to think the benefits of SunSSH revolved
> around integration with Solaris security features like RBAC and PAM?
> Was there more to it? Why is it hard to upstream and just get the
> common (or specially ifdef'ed) OPENSSH to become SUNSSH + more new
> features/bugfixes, and not maintain and reconcile two forks?
My personal view is that SunSSH is largely unmaintained, and it's
downright incompatible with recent OpenSSH versions by default. I'm not
very familiar with the history there, but AFAIK one big reason for the
fork was that SunSSH had a different privilege separation model [0].
As I understand it, Joyent are working on patching the parts of SunSSH
on top of OpenSSH and shipping that. I'm not familiar with the
differences apart from the privsep and haven't had time to review, but I
guess their patchset [1] would be a good starting point for a list like
the one you ask for. The packaging change to allow vanilla OpenSSH
installation on OmniOS is a separate effort; Dan hinted that OmniOS
might include some of Joyent's patches in OpenSSH in the future, but I
can't speak for him or OmniTI :)
[0]: http://src.illumos.org/source/xref/illumos-gate/usr/src/cmd/ssh/README.altprivsep
[1]: https://github.com/joyent/illumos-extra/tree/master/openssh/Patches
--
Lauri Tirkkonen | lotheac @ IRCnet
More information about the OmniOS-discuss
mailing list