Date: Thu, 16 Dec 2004 00:40:27 -0500 (EST) From: Andre Guibert de Bruet <andy@siliconlandmark.com> To: Matthias Andree <matthias.andree@gmx.de> Cc: current@freebsd.org Subject: Re: Networked single-user recovery (Was: Re: Background fsck is broken) Message-ID: <20041216001335.X19917@alpha.siliconlandmark.com> In-Reply-To: <20041215175001.GB17597@merlin.emma.line.org> References: <44115.1103109518@critter.freebsd.dk> <20041215095337.T19917@alpha.siliconlandmark.com> <20041215175001.GB17597@merlin.emma.line.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 15 Dec 2004, Matthias Andree wrote: > On Wed, 15 Dec 2004, Andre Guibert de Bruet wrote: > >> You realize that you're advocating a statically linked sshd in /rescue, >> right? :-) > > Dropbear is a smaller SSH implementation than the fully-fledged OpenSSH. > Only tried it on Linux so far, and that was a year ago. It appears to > ship with some SSL stuff built-in, and it doesn't need much besides a > host-key (generator is in the dropbear package) and /dev/random or > something. Dropbear appears to be put together from many pieces, all of which seem to carry a BSD-compatible license (IANAL etc etc). It is currently in ports (security/dropbear) and the built, stripped binary appear to "only" be 53K smaller than the OpenSSH one. Because an sshd is a network daemon, security is of course a concern -- Is the 53K of saved space in /rescue (But additional space somewhere else for the convert and key utilities) worth the hassles of tracking upstream distributions of two seperate sshds? I personally tend to think not, but I'm open for comments on this one. I get my numbers from the following: bling# ls -l dropbear* | grep r-x -rwxr-xr-x 1 root wheel 126688 Dec 16 00:21 dropbear -rwxr-xr-x 1 root wheel 134060 Dec 16 00:21 dropbearconvert -rwxr-xr-x 1 root wheel 134928 Dec 16 00:21 dropbearkey bling# ls -l /usr/sbin/sshd -r-xr-xr-x 1 root wheel 179952 Dec 9 20:24 /usr/sbin/sshd >> I've always wanted a network recovery mode, and am currently looking into >> implementing such a beast (For racks devoid of serial console muxers and >> annoying jungles of kvm wires, for example). > > Or when there's insufficient documentation on how to get the LOM client > to work under Linux/Solaris/*BSD... I hear you loud and clear on this one! Regards, Andy | Andre Guibert de Bruet | Enterprise Software Consultant > | Silicon Landmark, LLC. | http://siliconlandmark.com/ >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041216001335.X19917>