From owner-freebsd-hackers@FreeBSD.ORG Tue Aug 9 10:46:05 2005 Return-Path: X-Original-To: hackers@freebsd.org Delivered-To: freebsd-hackers@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C3A416A420 for ; Tue, 9 Aug 2005 10:46:05 +0000 (GMT) (envelope-from bushman@rsu.ru) Received: from mail.r61.net (relay.r61.net [195.208.245.250]) by mx1.FreeBSD.org (Postfix) with ESMTP id A241C43D46 for ; Tue, 9 Aug 2005 10:46:02 +0000 (GMT) (envelope-from bushman@rsu.ru) Received: from stinger.cc.rsu.ru (stinger.cc.rsu.ru [195.208.252.82]) by mail.r61.net (8.13.4/8.13.4) with ESMTP id j79Ajr9J031457 for ; Tue, 9 Aug 2005 14:45:53 +0400 (MSD) (envelope-from bushman@rsu.ru) Date: Tue, 9 Aug 2005 14:48:59 +0400 (MSD) From: Michael Bushkov X-X-Sender: bushman@stinger.cc.rsu.ru To: hackers@freebsd.org Message-ID: <20050809143950.U921@stinger.cc.rsu.ru> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Virus-Scanned: ClamAV version 0.86.2, clamav-milter version 0.86 on asterix.rsu.ru X-Virus-Status: Clean X-Spam-Status: No, score=-5.7 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 autolearn=ham version=3.0.4 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on asterix.rsu.ru Cc: Subject: openssh port patch X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Aug 2005 10:46:05 -0000 Hello! As a participant of Google's Summer Of Code, I'm working on improving the nsswitch subsytem. The work is currently in progress, but some things are already completed. The patch for security/openssh-portable port is ready. It allows openssh to get the host keys not only from the ssh_known_hosts file, but from all possible nsswitch sources too. Files and NIS sources are implemented. Here is the link to download the patch: http://perforce.freebsd.org/fileDownLoad.cgi?FSPC=//depot/projects/soc2005/nsswitch%5fcached/tests/ssh%5fhostkeys%5ftest/patches/openssh%2dportable%5fport.patch&REV=1 To add the NIS map, copy the appropriate ssh_known_hosts file to the yp.src folder and the run the patched Makefile. The patch for the /var/yp/Makefile is here: http://perforce.freebsd.org/fileDownLoad.cgi?FSPC=//depot/projects/soc2005/nsswitch%5fcached/tests/ssh%5fhostkeys%5ftest/patches/var%5fyp%5fmakefile.patch&REV=1 After patching, OpenSSH will still use ~/.ssh/known_hosts files, but instead of looking through /usr/local/etc/ssh/ssh_known_hosts file directly, it will use nsswitch. So, with the help of the NIS, the known_hosts keys can be shared among different hosts. I'll be really glad to answer your questions and bug-reports. With best regards, Michael Bushkov Rostov State University