Re: Autodetecting sshd options (was Re: Unavailable sshd when not in PATH)
Date: Mon, 2 Apr 2007 03:22:10 +0200
2007/4/1, Dan Fandrich wrote:
> How about this as a solution: pick version 3.7 as a base OpenSSH
> version before which we just don't bother run (3.7 is the earliest that
> supports UsePAM, and it's almost 4 years old).
Commited a change that finds out the SSH daemon version, and bails out
if it isn't OpenSSH 3.7 or later.
I have some reasons to pick even later versions as the minimum OpenSSH
version supported for the SCP and SFTP tests.
OpenSSH version 3.8 and later support Kerberos 5 authentication and
authorization through Network Authentication Service Version 1.4. Any
future test related with this stuff will raise the minimum to 3.8,
version which already is three years old.
OpenSSH version 3.9 and later have the same behaviour relative to the
authentications options when PAM support is built in. In other words
version 3.9 is the first one to stabilize the PAM support interface,
version which is 2,5 years old.
My personal minimum version choice would be 3.9, this should ease out
coding of sshserver.pl for all the other checks that you foresee.
After all, if someone is running the bleeding edge version of libcurl,
why not require at least a 2,5 years old version of OpenSSH to run the
If someday it is done, besides OpenSSH supporting also the other
mainstream SSH daemon 'SSH Secure Shell' will bring 'additional fun'.
-- -=[Yang]=-Received on 2007-04-02