login about faq

Out of the 42 "-o" options supported by OpenSSH, only 3 are supported by Tectia SSH. Is this s deliberate restriction?

It's causing problems for me while attempting to migrate several scripts that use PSSH to distribute software packages, which require (at least) the options "SendEnv" and "NumberOfPasswordPrompts".

EDIT: My client is running SSH Tectia 6.0.12 on all their new server builds. PSSH is nothing to do with OpenSSH, but relies on the above options at the very least.

asked Jan 10 '12 at 16:14

m0thr4's gravatar image

m0thr4
1112

edited Jan 13 '12 at 12:21


It is hard to say anything if you don't mention the SSH Tectia version you are referring to.

In my sshg3 version 6.2.2 the sshg3 -h says:

-o option                  Process an SSH 4.x style config option.
                           Currently supported are ForwardAgent,
                           ForwardX11, AllowedAuthentications and
                           PidFile. Other options are ignored.

It does not talk about OpenSSH at all. To my understanding the SSH Tectia Client/Server solution has not been ment as a replacement for OpenSSH. It is completely different product with different configuration logic.

I see it rather odd that OpenSSH community didn't implement any compatibily options with Tectia products. Let me remind you the original SSH implementation comes from Tectia company (nowadays named again also SSH Communications Security corp.) and its current CEO. I talk only on my behalf here. Not representing the company.

However, this incompatibility is only on configuration level. The 2 (OpenSSH and Tectia SSH) should be completely interoperable on the wire.

Regards,

Martin

link

answered Jan 12 '12 at 22:48

Martin%20Dobsik's gravatar image

Martin Dobsik
599126

Well, I'm using version 6.0.12, but it hardly matters as the man page for 6.2.2 above says it all (exactly the same as the 6.0.12 man page).

SSH Tectia currently only supports ForwardAgent, ForwardX11, AllowedAuthentications and PidFile - anything else is ignored.

OpenSSH provides a further 39 options, at least two of which the software I'm using relies on (SendEnv and NumberOfPasswordPrompts).

(Jan 13 '12 at 12:10) m0thr4 m0thr4's gravatar image

Tectia clients 5.x and higher do not have the "-o" option to support OpenSSH options. It is to support some cases of migration from 4.x version of Tectia client to 5.x. It refers to "-o" options of 4.x version of Tectia client and not OpenSSH! In version 5.x the configuration logic has been changed completely.

For the options you reffer to there are alternatives in 5.x and newer Tectia clients:

+a    Enable agent forwarding.
+x    Enable X11 forwarding.
--remote-environment name=value

For number of password prompts I found no alternative, but I don't see how that could be relevat to any scripts. Proper authentication of automated scripts should be done with certificates or at least public keys.

If you reffer to this pssh: http://www.theether.org/pssh/, then I have found this sentence there: "This package provides parallel versions of the openssh tools". Tectia clients are not OpenSSH tools!

The decision to change configuration logic completely has been done before I joined the company, so I cannot comment on that.

link

answered Jan 13 '12 at 14:22

Martin%20Dobsik's gravatar image

Martin Dobsik
599126

So the bottom line is: the PSSH devs would have to want to support Tectia Clients, and then implement some changes on their side in order to do so. This is what I suspected. Thanks for your input.

(Jan 13 '12 at 16:36) m0thr4 m0thr4's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×24
×3

Asked: Jan 10 '12 at 16:14

Seen: 4,605 times

Last updated: Jan 13 '12 at 16:36

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.