EGD requirement a show stopper for me

Dave Dykstra dwd at bell-labs.com
Sat Jan 29 03:13:19 EST 2000


On Fri, Jan 28, 2000 at 10:05:00AM +1100, Damien Miller wrote:
> > The memory requirement isn't the worse problem for me:  I currently
> > distribute the ssh 1.2.27 client via a non-root user id *very* widely
> > throughout my company (on 8 unix variants), and there isn't any reasonable
> > way for me to start a shared long-running process on every machine that may
> > run ssh.  It's not a problem for the machines that are running sshd, since
> > that has to run as root anyway, but it is a big problem on machines that
> > run the ssh client only.  I could start a shared processes on the servers
> > that receive the distribution under my non-root user id, but that doesn't
> > help for all the workstations that nfs-mount the package from servers.
> 
> I have received a patch to enable the EGD support in OpenSSH to
> use a TCP socket for communications with EGD. This would allow
> multiple users on a machine to share a single instance of
> EGD. Though I wouldn't recommend it be used over a network.

Could that be used in such a way that the first person on a machine to use
openssh would start up EGD under their own user id (via a front-end script
to 'ssh' which I would write so they don't have to do anything special),
and subsequent users would share the same socket?  Even if that's what's
intended, it sure doesn't sound like a good idea because a malicious user
could start up a hacked EGD and control what other users get.


> > I need a mechanism like the one used in commercial ssh, where the random
> > seed is saved in a file.
> 
> Sun do have a random driver which may be of use:
> 
> BH> You can install the SUNWski package.

This is not an option for me; I have no control over what packages are on
all the machines that get my distribution, so I can only rely on standard
stuff.  I use the same binaries for a variety of OS releases as well, for
example on solaris it is 2.5.1 through 2.7.

- Dave Dykstra





More information about the openssh-unix-dev mailing list