Date: Tue, 9 Aug 2005 14:48:59 +0400 (MSD) From: Michael Bushkov <bushman@rsu.ru> To: hackers@freebsd.org Subject: openssh port patch Message-ID: <20050809143950.U921@stinger.cc.rsu.ru>
next in thread | raw e-mail | index | archive | help
Hello! As a participant of Google's Summer Of Code, I'm working on improving the nsswitch subsytem. The work is currently in progress, but some things are already completed. The patch for security/openssh-portable port is ready. It allows openssh to get the host keys not only from the ssh_known_hosts file, but from all possible nsswitch sources too. Files and NIS sources are implemented. Here is the link to download the patch: http://perforce.freebsd.org/fileDownLoad.cgi?FSPC=//depot/projects/soc2005/nsswitch%5fcached/tests/ssh%5fhostkeys%5ftest/patches/openssh%2dportable%5fport.patch&REV=1 To add the NIS map, copy the appropriate ssh_known_hosts file to the yp.src folder and the run the patched Makefile. The patch for the /var/yp/Makefile is here: http://perforce.freebsd.org/fileDownLoad.cgi?FSPC=//depot/projects/soc2005/nsswitch%5fcached/tests/ssh%5fhostkeys%5ftest/patches/var%5fyp%5fmakefile.patch&REV=1 After patching, OpenSSH will still use ~/.ssh/known_hosts files, but instead of looking through /usr/local/etc/ssh/ssh_known_hosts file directly, it will use nsswitch. So, with the help of the NIS, the known_hosts keys can be shared among different hosts. I'll be really glad to answer your questions and bug-reports. With best regards, Michael Bushkov Rostov State University
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050809143950.U921>