openssh and nsswitch integration in FreeBSD

Michael Bushkov bushman at rsu.ru
Thu Jul 7 22:38:55 EST 2005


Hello!
I'm working on openssh and nsswitch integration in FreeBSD. I am lucky 
to participate in Googles' Summer of  Code and openssh+nsswitch 
integration is the part of my project. I've almost completed the patch. 
I'd like to describe some details here. I'll be glad to correct or 
change some things if you wish.

The idea is to replace system-wide known-hosts file with nsswitch source.
After examining openssh port, I've found 2 basic functions, which handle 
the known-hosts files (hostfile.h):

HostStatus check_host_in_hostfile(const char *, const char *, const Key 
*, Key *, int *);
int    lookup_key_in_hostfile_by_type(const char *, const char *, int, 
Key *, int *);

As far as I know, all other routines, that deal with these files are 
seem to be built on top of these 2 functions. So I'd like to implement 
another 2 functions:
HostStatus nsswitch_check_host(const char *, const Key *, Key *);
int    nsswitch_lookup_key_by_type(const char *, int, Key *);

They will be used instead of previous 2 in all places, where system-wide 
known-hosts file was accessed. But it will dispatch the calls to the 
nsswitch subsystem. Nsswitch 'files' module will have the same 
functionality as the previous 2 functions, but users will be able to 
store their public keys in LDAP, for example. Besides any other source 
can be implemented as the pluggable nsswitch module.

In ssh client the files module will take the system files path from the 
Options structure. And in the sshd (in case of hostbased 
authentication), it will use the default values.

So this is the way I want to integrate nsswitch and openssh in FreeBSD. 
Is this approach applicable?

With best regards,
Michael Bushkov
Rostov State University





More information about the openssh-unix-dev mailing list