folding Apple tweaks into openssh

[Ben Lindstrom]

On Jan 7, 2009, at 5:52 AM, Jim Reid wrote:

> Hi. Apple have a bunch of patches to openssh that they have folded
> into the version that's shipped with MacOSX. Some of these are very
> convenient: like automagically starting an ssh-agent at login/boot
> time

There is nothing to integrate for this.  When you log in it starts  
"ssh-agent".   I've done this for years under OpenBSD and Linux using  
gnome/kde.  Apple just happens to do this via launchd instead of  
during X11 initrc scripts or other standard X startup processes (for  
good reason, since X isn't their GUI =).


> and the ability to have SSH passphrases stored and fetched from
> the Keychain.

There is already 3rd party keychain software (e.g. http://www.sshkeychain.org/) 
.  However, to me this more belongs with the OS provider (Redhat,  
Microsoft, SuSE, Apple, etc) than OpenSSH team.   This is really more  
an integration issue than an OpenSSH issue.

Apple's patches pretty much boil down to GSSAPI (which upstream  
version have been rejected due to complexity), launchd features  
(currently still very Apple centric), and Apple only patches.   There  
are a few patches that would be interested to dig around to see why  
Apple applies them, but no real upstream features that would improve  
everyones' life.

Interesting enough, not much has changed (other than Launchd) since  
the last time I looked at the patches.  Just a bit less.

- Ben