OpenSSH 5.0 released [LWN.net]

OpenSSH 5.0 released

Posted Apr 4, 2008 6:55 UTC (Fri) by Wummel (subscriber, #7591)
Parent article: OpenSSH 5.0 released

I wonder why they have to release two SSH branches - one for BSD and one portable for all other Unixes.
On the Portable SSH page they claim a lot of differences in authentication between UNIXes. Isn't PAM now a standard library in pretty much all UNIX implementations? Or is it the crypto stuff that differs?

It seems harder to maintain and verify two codelines instead of a merged one, especially from a security point of view. But the developers may have a magic ingredient for this (some half-automatic syncing mechanism maybe).

(Log in to post comments)

OpenSSH 5.0 released

Posted Apr 4, 2008 10:18 UTC (Fri) by djm (subscriber, #11651) [Link]

Not everyone uses PAM - OpenBSD uses "BSD auth" (derived from BSDI IIRC), which is IMO a much
cleaner and safer design than PAM. Most of the differences lie in missing library routines or
systems calls, or ones with different semantics. [uw]tmp/lastlog handling (actually login
handling in general) is another area of wild divergence.

Yes, we use some tools to merge changes from the OpenBSD tree to the portable tree - it isn't
much of an overhead at all.

OpenSSH 5.0 released

Posted Apr 6, 2008 22:17 UTC (Sun) by smoogen (subscriber, #97) [Link]

They have one for OpenBSD and one for the rest of the world. The rest of the world covers
other BSD's. The OpenBSD tree is what they are going to worry about the most because they see
it integrating and working with their OS. Theo, Marcus, etc were quite clear that they do not
know Solaris, Linux, etc and really did not have the time or energy to do so. That is up to
people who know FreeBSD, Solaris, Linux, MacOS etc to put what they know into it.