tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

status of HPN patch for OpenSSH


I have a working version of security/openssh bumbep with our
patches for OpenSSH 6.2, and the only reason why I haven't
pushed it already to pkgsrc is because of the `hpn' option,
whose patch does not exist for OpenSSH 6.2.
From what I understand, we use the same patch as FreeBSD,
which ports version is also stuck at OpenSSH 5.8, so my
question is, what should we do with this?

We don't know when (of even if) 6.2 version of the hpn patch
will be released and meanwhile, our pkgsrc version is stuck
at 5.8. I'd really like to have OpenSSH 6.2 available in order
to be able to use the famous AuthorizedKeysCommand feature
which is a great step forward in terms of public key
retrieval, as an example, simply add this to sshd_config:

AuthorizedKeysCommand /usr/local/bin/

and you'll be able to fetch user's public keys using this
external script, thus making obsolete the old OpenSSH-LPK
patch. Moreover, think about the endless possibilities of
external programs being able to fetch public keys from
HTTP or actally whatever method you'd like.

Back to hpn, should I wait? commit the changes for 6.2
and comment the hpn option until it's updated? The patch
is about 2k lines long and I'd find it really painful
to port, I'd rather avoid that solution.

What do you think?

Emile `iMil' Heitor .°. <imil@{,,}>
              |        | ASCII ribbon campaign ( )
              |  |  - against HTML email  X
              |        |              & vCards / \

Home | Main Index | Thread Index | Old Index