Various platforms

Lutz Jaenicke Lutz.Jaenicke at aet.TU-Cottbus.DE
Tue Oct 10 19:29:48 EST 2000 

On Tue, Oct 10, 2000 at 04:34:59AM +0100, J.P. King wrote:
> > But isn't one of your goals security?  You can build an ssh that works
> > on 9.X if needed, but I'd recommend shipping a more modern build as
> > well.
> One of my goals is _improved_ security, however only of the
> communication with our machines by people connecting from the
> outside world.  Whilst I would like security in the world to
> be improved, it is hard for me to do this from the outside
> (projeects like OpenSSH not-withstanding).
> 
> Unless there is some security hole introduced into OpenSSH
> by building it on an older platform, then I don't see how
> I have lost.  In the meantime  I have gained because the
> people connecting from an old HP-UX box, and those connecting
> from a more modern one can all use a secure channel to talk
> to their machines back in Cambridge.

Support for HP-UX 9.03 has run out long ago, there even was a free upgrade
to HP-UX 10.20 (the first version of HP-UX being Y2K conformant when using
the necessary patches, and yes there is some 9.X for Motorola based machines).
I don't know whether there are security issues with respect to libc et al
for HP-UX 9.02, probably nobody knows as nobody cares any longer.

Given your situation, you have to support 9.03 because some people did not
upgrade when they should have upgraded. So you must provide a 9.03 binary.
That's fine.
As 10.20 is the minimum you should run by now, I however second Kevin's
recommondation to include the 10.20 binary as default and only offer 9.03
for those poor guys. At least the directory hierarchy for 10.X has changed
so that the PRNG commands might have changed considerably.
9.X is dead and gone, 10.x is the minimum to go, 11.x is a close relative
to 10.x (at least with respect to directory hierarchy and API).

> If I have failed to take account of something then I would
> like to know, but based on the last year this program has 
> had not trivial amounts of success in reducing passwords
> being sniffed by Cambridge 'scholars' visiting other
> institutions.
That's a really good thing to have :-)

Best regards,
	Lutz
-- 
Lutz Jaenicke                             Lutz.Jaenicke at aet.TU-Cottbus.DE
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153

More information about the openssh-unix-dev mailing list