RFE: Portable OpenSSH

David Terrell dbt at meat.net
Wed Mar 28 06:34:04 EST 2001


On Tue, Mar 27, 2001 at 10:37:38AM -0800, Dan Kaminsky wrote:
>     Here's da scoop.  So we put out a package of OpenSSH 2.2.0p1 a while
> back that required a Perl2Exe'd package of EGD.  Got adopted by about five
> people.  Turns out that the more system-level dependencies you put on
> software, the less likely people are going to be willing or able to install
> it.

Yep.  I've had trouble convincing people it's superior simply because it
takes more stuff.

Here's a really bad idea that might get people thinking of better solutions
along this line:

Why not include PRNGd source with OpenSSH, install it, and if sshd
fails to get any entropy, start PRNGd and try again?  It doesn't
work for client-only ssh usage (though if the ssh command is setuid,
it could, but that's probably a really bad idea for other reasons).

The normal autoconf widgets (if PRNGd is already installed don't 
do this, etc etc) would apply.  And of course it would only be 
for platforms with no /dev/*random.

-- 
David Terrell           | If a crypto algorithm is cracked in a forest
Nebcorp Prime Minister  | and a tree falls on a mime, does microsoft
dbt at meat.net            | need to publish an advisory on it?
http://wwn.nebcorp.com/



More information about the openssh-unix-dev mailing list