OpenBSD Journal

Interview with Damien Miller

Contributed by marco on from the openssh-does-vpn-too dept.

Developer Chad Loder pointed the following out:
Federico Biancuzzi interviews OpenSSH developer Damien Miller to discuss features included in the upcoming version 4.3, public key crypto protocols details, timing based attacks and anti-worm measures.

(Comments are closed)


Comments
  1. By yeah, the anonymous (80.136.153.135) on

    Hey, when is OpenSSH 4.3 suposed to come out?
    the new tunneling sounds really cool.
    would say it's a openvpn killer.

    Comments
    1. By Anonymous Coward (72.14.0.174) on

      Not anytime soon, OpenVPN transports over UDP.

      Comments
      1. By djm@ (203.58.120.11) on

        Use IPsec with NAT-T (in OpenBSD for a while now) if you want VPN over UDP. With ipsecctl it is quite simple too.

  2. By Where is Everybody? (140.226.4.44) on

    Interesting interview, as they always are. One thing I wonder, is it possible to do a complete "net flows" monitoring using OpenBSD? After reading the articles by Lucas over at Oreilly:

    http://www.onlamp.com/pub/a/bsd/2005/08/18/Big_Scary_Daemons.html

    and

    http://www.onlamp.com/pub/a/bsd/2005/09/15/Big_Scary_Daemons.html

    But it leaves a little to be desired if you just want to use OpenBSD. I got Damiens softflowd to work just fine, but getting FlowScan to work was a headache. It seems the version in packages is old, the current version didn't compile completely, and yada yada. I don't want to learn FreeBSD just to have Flowscan usable.

    My question? what is anyone using for that sort of monitoring? Capture the flows, store the flows, graph the flows.

    WIE

  3. By cellx (68.12.154.246) on

    Is chrooting via SCP connection on the planboard? Maybe a simple toggle in sshd_config?

    Comments
    1. By Anonymous Coward (145.238.2.120) on

      Well, Kerberos/GSSAPI authentication on multihomed hosts would be nice to have too.
      http://bugzilla.mindrot.org/show_bug.cgi?id=928

      Comments
      1. By Darren Tucker (203.217.17.96) on

        The gssapi/krb guys haven't agreed on what the Right Thing to do is in this case, though. There's been some discussions (see threads 1, 2 3) but no agreement. I also asked Simon Wilkinson (the author of the current GSSAPI code) about this and a related issue and the response was that he needed to do some more research on it.

        Comments
        1. By Anonymous Coward (145.238.2.120) on

          Great... it is nice to know people are still working/thinking about it.
          Thanks for the feedback on this.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]