#129171 HAP-Patches for openssh

#129171#5
Date:
2002-01-14 11:17:17 UTC
From:
To:
Hank Leininger has written a couple of useful patches for OpenSSH available
at http://www.theaimsgroup.com/~hlein/haqs/openssh-3.0.2p1-hap-2.diff
(full page at http://www.theaimsgroup.com/~hlein/haqs/); he has been
maintaining them for now quite a long time (I know these patches from
OpenSSH 2.5.x on) and I regularly use them on my systems:
---cut
-Adds key fingerprint logging for the specific RSA1/RSA/DSA key which 
 authenticates a session
-Idle connection traffic generation by Dick Streefland
-TCP keepalives for local and remote port-forwarded connections by 
 Manoj Kasichainula
-Includes the chroot patch (with a small bugfix) from the openssh contrib code 
-Includes a first cut of improved logging for the sftp subsystem by Jason Dour.
 This adds logging of success and failure for file retrieval, mkdir, chmod, etc.
 I will probably add file-listing (ls) to the list--the idea is to be able to
 log as verbosely as ftpd's. Currently the extra information is logged at
 INFO loglevel; perhaps this should be a seperate sshd_config keyword?
---cut

Especially the fingerprint logging has been useful to me in the past
(find out who used a shared account or which tool didn't work properly),
but the other ones are also interesting features.

In the past, I used to manually patch Debian's OpenSSH and repackage it
for our own use, but one (idle traffic generation) out of the five
features provided by Hank Leininger's patches has also been included in
the current packages under a different configuration option, so a clean merge
isn't that easy and needs manual work being done.

Since these patches have proven to be both very stable and useful to me, I'd
like to have Hank's patches also included in the standard debian packages
for OpenSSH (or at least a debian source package onto which Hanks patches
may be cleanly applied :-).

Anders
-- 
Schlund + Partner AG              Systemadministration
Erbprinzenstrasse 4-12            v://49.721.91374.50
D-76133 Karlsruhe                 f://49.721.91374.212

#129171#10
Date:
2002-01-14 17:01:57 UTC
From:
To:
Anders Henke writes:
 > Package: ssh
 > Version: 3.0.2p1
 > Severity: wishlist
 >
 > Hank Leininger has written a couple of useful patches for OpenSSH available
 > at http://www.theaimsgroup.com/~hlein/haqs/openssh-3.0.2p1-hap-2.diff
 > (full page at http://www.theaimsgroup.com/~hlein/haqs/); he has been
 > maintaining them for now quite a long time (I know these patches from
 > OpenSSH 2.5.x on) and I regularly use them on my systems:

Why are they not in upstream?

Matthew

#129171#15
Date:
2002-01-14 17:45:13 UTC
From:
To:
This patch isn't maintained anymore and has been removed by the upstream
authors. See the entry in the ChangeLog for 20011223.

Christian

#129171#20
Date:
2002-01-28 18:47:46 UTC
From:
To:
Anders,

Key fingerprint logging is in the upstream -current and will be
included in 3.1.0 release.   I'm sorry I don't remember the exact
CVS patch in which it came in (it was part of a cleanup).

- Ben