From owner-freebsd-current@FreeBSD.ORG Thu Dec 16 05:40:32 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E4B0116A4CE for ; Thu, 16 Dec 2004 05:40:32 +0000 (GMT) Received: from alpha.siliconlandmark.com (alpha.siliconlandmark.com [209.69.98.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5111443D68 for ; Thu, 16 Dec 2004 05:40:32 +0000 (GMT) (envelope-from andy@siliconlandmark.com) Received: from alpha.siliconlandmark.com (andy@localhost [127.0.0.1]) iBG5eTO1072517; Thu, 16 Dec 2004 00:40:29 -0500 (EST) (envelope-from andy@siliconlandmark.com) Received: from localhost (andy@localhost)iBG5eRHA072514; Thu, 16 Dec 2004 00:40:29 -0500 (EST) (envelope-from andy@siliconlandmark.com) X-Authentication-Warning: alpha.siliconlandmark.com: andy owned process doing -bs Date: Thu, 16 Dec 2004 00:40:27 -0500 (EST) From: Andre Guibert de Bruet To: Matthias Andree In-Reply-To: <20041215175001.GB17597@merlin.emma.line.org> Message-ID: <20041216001335.X19917@alpha.siliconlandmark.com> References: <44115.1103109518@critter.freebsd.dk> <20041215095337.T19917@alpha.siliconlandmark.com> <20041215175001.GB17597@merlin.emma.line.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean cc: current@freebsd.org Subject: Re: Networked single-user recovery (Was: Re: Background fsck is broken) X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Dec 2004 05:40:33 -0000 On Wed, 15 Dec 2004, Matthias Andree wrote: > On Wed, 15 Dec 2004, Andre Guibert de Bruet wrote: > >> You realize that you're advocating a statically linked sshd in /rescue, >> right? :-) > > Dropbear is a smaller SSH implementation than the fully-fledged OpenSSH. > Only tried it on Linux so far, and that was a year ago. It appears to > ship with some SSL stuff built-in, and it doesn't need much besides a > host-key (generator is in the dropbear package) and /dev/random or > something. Dropbear appears to be put together from many pieces, all of which seem to carry a BSD-compatible license (IANAL etc etc). It is currently in ports (security/dropbear) and the built, stripped binary appear to "only" be 53K smaller than the OpenSSH one. Because an sshd is a network daemon, security is of course a concern -- Is the 53K of saved space in /rescue (But additional space somewhere else for the convert and key utilities) worth the hassles of tracking upstream distributions of two seperate sshds? I personally tend to think not, but I'm open for comments on this one. I get my numbers from the following: bling# ls -l dropbear* | grep r-x -rwxr-xr-x 1 root wheel 126688 Dec 16 00:21 dropbear -rwxr-xr-x 1 root wheel 134060 Dec 16 00:21 dropbearconvert -rwxr-xr-x 1 root wheel 134928 Dec 16 00:21 dropbearkey bling# ls -l /usr/sbin/sshd -r-xr-xr-x 1 root wheel 179952 Dec 9 20:24 /usr/sbin/sshd >> I've always wanted a network recovery mode, and am currently looking into >> implementing such a beast (For racks devoid of serial console muxers and >> annoying jungles of kvm wires, for example). > > Or when there's insufficient documentation on how to get the LOM client > to work under Linux/Solaris/*BSD... I hear you loud and clear on this one! Regards, Andy | Andre Guibert de Bruet | Enterprise Software Consultant > | Silicon Landmark, LLC. | http://siliconlandmark.com/ >