Setting up "HPN-SSH - High Performance SSH/SCP" on Mac OS X
As you'd expect from the name, HPN-SSH - High Performance SSH/SCP is a "high performance" patch of SSH/SCP.
I've installed a newer version of OpenSSL via Homebrew (brew install openssl).
I've downloaded the source code (openssh-6.1p1.tar.gz) and applied the patch (openssh-6.1p1-hpn13v14.diff.gz), compiled it, and installed it to /usr/local/.
However, the default version of ssh/sshd seems to be hard-coded into the OS enough that I can't get the new version to work after editing /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist and /System/Library/LaunchDaemons/ssh.plist.
I was getting this error:
ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261): image not found [preauth]
I found an answer here which suggested editing /usr/local/etc/sshd_config to change UsePrivilegeSeparation sandbox to UsePrivilegeSeparation yes but that is apparently not recommended (for reasons I do not entirely understand).
At this point I do not know what to do next.
Can someone explain why UsePrivilegeSeparation yes is such a bad idea?
Is there a way for me to run HPN-SSH and regular SSH at the same time? (I was thinking of setting the new sshd on a different port than the regular sshd but I'm not sure if that is a good idea or if there is something else I should be doing.)
As you'd expect from the name, HPN-SSH - High Performance SSH/SCP is a "high performance" patch of SSH/SCP.
I've installed a newer version of OpenSSL via Homebrew (brew install openssl).
I've downloaded the source code (openssh-6.1p1.tar.gz) and applied the patch (openssh-6.1p1-hpn13v14.diff.gz), compiled it, and installed it to /usr/local/.
However, the default version of ssh/sshd seems to be hard-coded into the OS enough that I can't get the new version to work after editing /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist and /System/Library/LaunchDaemons/ssh.plist.
I was getting this error:
ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261): image not found [preauth]
I found an answer here which suggested editing /usr/local/etc/sshd_config to change UsePrivilegeSeparation sandbox to UsePrivilegeSeparation yes but that is apparently not recommended (for reasons I do not entirely understand).
At this point I do not know what to do next.
Can someone explain why UsePrivilegeSeparation yes is such a bad idea?
Is there a way for me to run HPN-SSH and regular SSH at the same time? (I was thinking of setting the new sshd on a different port than the regular sshd but I'm not sure if that is a good idea or if there is something else I should be doing.)
No comments:
Post a Comment