Hi. Apple have a bunch of patches to openssh that they have folded into the version that's shipped with MacOSX. Some of these are very convenient: like automagically starting an ssh-agent at login/boot time and the ability to have SSH passphrases stored and fetched from the Keychain. It would be nice if these could be considered for rolling in to a future release of openssh. FWIW the patches are at http://www.opensource.apple.com/darwinsource/10.5.6/OpenSSH-95.1.5/patches . As far as I'm aware they're open source and not encumbered by licensing nasties.
Jim, Most of the Apple patches have been submitted (via https://bugzilla.mindrot.org/ ) and can be found by searching OpenSSH's Bugzilla. A number have been incorporated into the upstream OpenSSH. If there are any specific patches on Apple's open source site (http://www.opensource.apple.com ) that you feel should be taken into the upstream source, please comment in the corresponding Bugzilla bug. Thanks. - Disco Vince Giffin On Jan 7, 2009, at 3:52 AM, Jim Reid wrote:> Hi. Apple have a bunch of patches to openssh that they have folded > into the version that's shipped with MacOSX. Some of these are very > convenient: like automagically starting an ssh-agent at login/boot > time and the ability to have SSH passphrases stored and fetched from > the Keychain. It would be nice if these could be considered for > rolling in to a future release of openssh. > > FWIW the patches are at http://www.opensource.apple.com/darwinsource/10.5.6/OpenSSH-95.1.5/patches > . As far as I'm aware they're open source and not encumbered by > licensing nasties. > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
On Jan 7, 2009, at 5:52 AM, Jim Reid wrote:> Hi. Apple have a bunch of patches to openssh that they have folded > into the version that's shipped with MacOSX. Some of these are very > convenient: like automagically starting an ssh-agent at login/boot > timeThere is nothing to integrate for this. When you log in it starts "ssh-agent". I've done this for years under OpenBSD and Linux using gnome/kde. Apple just happens to do this via launchd instead of during X11 initrc scripts or other standard X startup processes (for good reason, since X isn't their GUI =).> and the ability to have SSH passphrases stored and fetched from > the Keychain.There is already 3rd party keychain software (e.g. http://www.sshkeychain.org/) . However, to me this more belongs with the OS provider (Redhat, Microsoft, SuSE, Apple, etc) than OpenSSH team. This is really more an integration issue than an OpenSSH issue. Apple's patches pretty much boil down to GSSAPI (which upstream version have been rejected due to complexity), launchd features (currently still very Apple centric), and Apple only patches. There are a few patches that would be interested to dig around to see why Apple applies them, but no real upstream features that would improve everyones' life. Interesting enough, not much has changed (other than Launchd) since the last time I looked at the patches. Just a bit less. - Ben