Jan Pechanec's weblog

Me, Christoph Schuba and Mark Phalan put a paper together entitled "New Security Features in OpenSolaris and Beyond" that was accepted for publication at the OpenSolaris Developer Conference in Prague this week. Me and Mark then gave the talk in Prague.[Read More]

I've been working for the past few weeks on a project that should provide X.509 support for server authentication and user public key authentication to SunSSH. At present, I've finished the design document and I also have a prototype version that doesn't have all the requested functionality but works well enough to confirm that it can be implemented according to the current design.[Read More]

We have been hearing complains that SSH is slow on Niagara boxes. I can't say anything else but to confirm it. However, there is a background story and a way to speed it up significantly.[Read More]

A few days ago I was giving an internal presentation here in Prague on new features that were recently integrated into SunSSH. There were quite a few resyncs with OpenSSH, a couple of new options based on ideas that materialized here or ideas of our customers, and also outlined there are some plans for the future.

I put the slides on SunSSH page at OpenSolaris.Org. If you are interested in what's going on around SunSSH, you can read the presentation slides here.

I've updated the recent patch because I was exporting some private attributes from the key store into the RSA structure; and that wasn't needed of course. Now only public attributes are exported and everything else performed in the token.[Read More]

We have received a couple of questions about whether our pkcs#11 engine can reference RSA keys using the label that is associated with the key in the key store. That way we could look up the key by the label and let all the crypto work be done without ever exporting the private key out of the token. [Read More]

Since the last update we found a couple of bugs in the engine.[Read More]

Have you ever wondered how the scp and rcp commands worked? The first time I did I haven't found any documentation on the subject. There is no RFC, no draft, not even README file describing it. After reading the source code I tried again and realized that old version of rcp.c might be really the only original documentation available. And since I worked on a couple of bugs in our scp(1) some time ago I put a note in my todo list to write something about it, for the next time I'm going to need it. [Read More]