Date: Sun, 16 Oct 2016 18:01:51 -0700 From: David Wolfskill <david@catwhisker.org> To: Kevin Oberman <rkoberman@gmail.com> Cc: stable@freebsd.org Subject: Re: sshd whines & dies after releng/10 "freebsd-update" run Message-ID: <20161017010151.GB2480@albert.catwhisker.org> In-Reply-To: <CAN6yY1sgX7-QujHOODjbmi10gkic1pyM3gsVBjSRrtgVRsQKHQ@mail.gmail.com> References: <20161016162605.GG1069@albert.catwhisker.org> <e411c763-30b7-dee1-24d0-5c6278ef6a65@delphij.net> <20161016174540.GI1069@albert.catwhisker.org> <CAN6yY1sgX7-QujHOODjbmi10gkic1pyM3gsVBjSRrtgVRsQKHQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--l76fUT7nc3MelDdI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Oct 16, 2016 at 05:32:57PM -0700, Kevin Oberman wrote: > ... > I believe sshd no longer supports ssh1 compatibility and it looks like you > might still have an entry in /etc/sshd/sshd.config trying to touch v1. > Check the file for any non-default entries. Compare your sshd_config with > the default version in /usr/src/crypto/openssh. > .... I used to explicitly disable v1 compatibility..... The machine that's a target of the "freebsd-update" attention has no sources, so I copied sshd_config from it to /tmp on my laptop (which does): g1-252(11.0-S)[4] diff -u /S2/usr/src/crypto/openssh/sshd_config /tmp/sshd_= config --- /S2/usr/src/crypto/openssh/sshd_config 2016-03-13 04:13:31.3236900= 00 -0700 +++ /tmp/sshd_config 2016-06-05 06:37:55.000000000 -0700 @@ -1,5 +1,5 @@ -# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ -# $FreeBSD: stable/10/crypto/openssh/sshd_config 296781 2016-03-12 23= :53:20Z des $ +# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $ +# $FreeBSD: stable/10/crypto/openssh/sshd_config 264692 2014-04-20 12= :46:18Z des $ =20 # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -120,7 +120,7 @@ #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none -#VersionAddendum FreeBSD-20160310 +#VersionAddendum FreeBSD-20140420 =20 # no default banner path #Banner none @@ -128,6 +128,18 @@ # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server =20 +# Disable HPN tuning improvements. +#HPNDisabled no + +# Buffer size for HPN to non-HPN connections. +#HPNBufferSize 2048 + +# TCP receive socket buffer polling for HPN. Disable on non autotuning ke= rnels. +#TcpRcvBufPoll yes + +# Allow the use of the NONE cipher. +#NoneEnabled no + # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no g1-252(11.0-S)[5]=20 On the off-chance that the VersionAddendum might be confusing at least one of us, I copied the stable/11 version of the file to the appropiate place on the freebsd-update target machine, then rebooted. Still no joy: other things work, but not ssh. Thanks for the suggestion. I'm a bit... perplexed. [The machine in question would be the last machine I have still running FreeBSD-10 -- I've migrated each of the others to stable/11.] Peace, david --=20 David H. Wolfskill david@catwhisker.org Those who would murder in the name of God or prophet are blasphemous coward= s. See http://www.catwhisker.org/~david/publickey.gpg for my public key. --l76fUT7nc3MelDdI Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQF8BAEBCgBmBQJYBCL/XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDQ0I3Q0VGOTE3QTgwMUY0MzA2NEQ3N0Ix NTM5Q0M0MEEwNDlFRTE3AAoJEBU5zECgSe4XMegH+wZaaeXpH8JF/Z/l2P22igfG 9N9VE047qoHPoa16y0hQ7nN8+6sUeVBOm4Kl8F9pdrs5PKdfhbwh4YvmoPnyFc82 ed9pNyCP4jIcXz8SEmO1WGG342UDLk1YZ7rTMlyZrzLIqvsjVXMLpukOlvsQMBR7 Pwv5QUpEtKiiDYpQavVRDWzdqpZhv1Nnj4v/6HM64MvZKl14Q+ZLpVDj+D1jdWMp Ffg1EJAFSa2w7KDw4TRafV/4D6BjvOi34ULbYK3yvXeTjR+Lorw6/oDEXEh6huqP bL2E9itKRdZxsecfwb02ibmnLVnVsu/ZlRWp3vaywlMMBjVUiH5YvAflxlcgbmQ= =gZD4 -----END PGP SIGNATURE----- --l76fUT7nc3MelDdI--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161017010151.GB2480>