From owner-freebsd-ports Mon Nov 1 11:27:12 1999 Delivered-To: freebsd-ports@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id DE14F14FF7; Mon, 1 Nov 1999 11:27:07 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id CED721CD734; Mon, 1 Nov 1999 11:27:07 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Mon, 1 Nov 1999 11:27:07 -0800 (PST) From: Kris Kennaway To: security@freebsd.org Cc: ports@freebsd.org Subject: OpenSSH patches Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org As has been mentioned here recently, the OpenBSD guys have taken an old version of SSH, from before it caught a restrictive license, cleaned it up (replugged the security holes, etc), and released it as OpenSSH (actually I think it's due to be released "officially" with OpenBSD 2.6). The patch at http://www.freebsd.org/~kris/openssh-991031.patch allows the OpenSSH sources from 991031 (now that it seems to have stabilized somewhat) to build under FreeBSD - the changes are all just tweakery to deal with different location of header and library files in OpenBSD. You need to have the openssl port installed (with RSA support enabled), and the following environment variables must be defined before building will proceed: KERBEROS AFS SKEY TCP_WRAPPERS These should (presumably) be either 'YES' or 'NO' depending on whether or not your system has the relevant libraries available. Note that I have only tested building with TCP_WRAPPERS, since my system doesn't use any of the others. It may build, or it may not. I also haven't tested whether this actually WORKS, because my machine isn't on the 'net right now. It builds fine, though - I'd be interested to hear from people about how it works (it's supposedly interoperable with the "true" SSH 1.x client/servers). Binary size is about 50k larger than the ssh-1.x binaries, because it uses OpenSSL instead of internal crypto routines, and probably pulls in extra stuff indirectly which it doesn't actually use. Making a port would be fairly trivial - you'll have to obtain the source from the OpenBSD CVS repository directly, though - see http://www.openbsd.org/ for information. You can use 'cvs get' from the appropriate server to download the usr.bin/ssh directory. If it wasn't for the US crypto restrictions we all know and love, I'd put the tarball up on my website. Roll on the revolution! :-) Kris ---- Cthulhu for President! For when you're tired of choosing the _lesser_ of two evils.. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message