openssh port patch
Michael Bushkov
bushman at rsu.ru
Tue Aug 9 10:46:05 GMT 2005
Hello!
As a participant of Google's Summer Of Code, I'm working on improving the
nsswitch subsytem. The work is currently in progress, but some things are
already completed.
The patch for security/openssh-portable port is ready. It allows openssh
to get the host keys not only from the ssh_known_hosts file, but from all
possible nsswitch sources too. Files and NIS sources are implemented.
Here is the link to download the patch:
http://perforce.freebsd.org/fileDownLoad.cgi?FSPC=//depot/projects/soc2005/nsswitch%5fcached/tests/ssh%5fhostkeys%5ftest/patches/openssh%2dportable%5fport.patch&REV=1
To add the NIS map, copy the appropriate ssh_known_hosts file to the
yp.src folder and the run the patched Makefile. The patch for the
/var/yp/Makefile is here:
http://perforce.freebsd.org/fileDownLoad.cgi?FSPC=//depot/projects/soc2005/nsswitch%5fcached/tests/ssh%5fhostkeys%5ftest/patches/var%5fyp%5fmakefile.patch&REV=1
After patching, OpenSSH will still use ~/.ssh/known_hosts files, but
instead of looking through /usr/local/etc/ssh/ssh_known_hosts file
directly, it will use nsswitch. So, with the help of the NIS, the
known_hosts keys can be shared among different hosts.
I'll be really glad to answer your questions and bug-reports.
With best regards,
Michael Bushkov
Rostov State University
More information about the freebsd-hackers
mailing list