X.509 support in ssh (revisited)

[Dan Kaminsky]

> > We really need a ./configure --with-upgrade to set all paths correctly
such
> > that this occurs more then one out of a hundred times.
>
> OpenSSH's "make install" will never overwrite existing key files, I
> can't see what more we can do than that.

We can make it work under real world conditions.  Specific flags are often
required for recompilation to be effective(--with-md5-passwords being most
common).  Very commonly, the daemon itself will have been configured to live
in /usr/sbin or /usr/local/sbin, but keying material will live in /etc or
/etc/ssh.  Lets not even talk about the problem of people being afraid to
kill the very same service they're reconfiguring a system through, and thus
end up leaving the old daemon residing in memory indefinitely.  Plus there's
other reasons for upgrade breakage that I don't even know.

Clients have trouble figuring out local port forward syntax; servers are
confounded by upgrading without at the very least wiping out their old keys.
It's just the way it is, and why nobody's surprised when keys change.

I'm not complaining about this just to complain -- I'm going to eventually
do something about this.  I'm thinking about embedding the configure options
in the sshd itself and using the process table to discover which sshd to
clone(probably allowing --with-upgrade=/usr/sbin as an override).

--Dan