Subject: Re: Secure Shell now in mainline
To: None <thorpej@zembu.com>
From: John Nemeth <jnemeth@victoria.tc.ca>
List: current-users
Date: 10/26/2000 02:03:04
On Mar 11,  2:42am, Jason R Thorpe wrote:
} On Thu, Oct 19, 2000 at 03:58:01AM -0700, John Nemeth wrote:
} 
}  >      Can you tell us any more about this other implementation (i.e. how
}  > is it different, who is working on it, URL, etc.)?
} 
} It was originally written for an embedded realtime OS, but also works
} on Solaris and NetBSD.  It has independent reader/writer threads, for
} MUCH better performance than other Secure Shell implementations, has

     This sounds really good.  I'm currently running OpenSSH
2.2.0p1/openssl 0.9.6 on an old SparcStation IPX running SunOS 4.0.3
and an old SparcStation 2 running SunOS 5.5, and the performance is
just abyssmal.  It takes 15 seconds to open a connection.

} It is already being used inside at least one very popular commercial
} product.

     Hmm, would anybody care to reveal the product?

     On a side note, I have another application where I would like to
integrate an ssh.  It is a vertical turnkey application, called CSuite,
and I'm one of the primary developers.  It currently runs on RedHat
Linux, Solaris 2.5+, and HP-UX 10.20.  I may do a NetBSD port, since
one has been requested.  Anyways, the requirements for the ssh
implementation are a client that doesn't allow any kind of escape
except to close the connection.  The requirements for the server are:

- staff accounts can do anything
- user accounts aren't allowed access to dot files (this is for scp)
- user accounts shouldn't be allowed access to files outside their home
  directories, except for a configured list of directories (this is for
  scp)
- an alternative to the above two requirements would be to disable scp
  access for user accounts
- user accounts aren't allowed to run arbitrary programs (i.e. no ssh,
  just slogin)

Can this new ssh do this, or be relatively easily coerced into doing
this (I don't mind hacking on the code)?  I haven't yet had a chance to
figure out how to do all this with OpenSSH, or even if it can.

}-- End of excerpt from Jason R Thorpe