Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 20 Jun 2013 01:29:29 +0200
From:      Miroslav Lachman <000.fbsd@quip.cz>
To:        Kimmo Paasiala <kpaasial@gmail.com>
Cc:        freebsd-stable Stable <freebsd-stable@freebsd.org>
Subject:   Re: sshd didn't run after upgrade to FreeBSD 8.4
Message-ID:  <51C23ED9.7070107@quip.cz>
In-Reply-To: <CA%2B7WWScSS16URJNQ3h1WjoXaBhG_gBn=ERb_SiCc4y%2BDhBeuKA@mail.gmail.com>
References:  <51C22E11.3020008@quip.cz> <CA%2B7WWScSS16URJNQ3h1WjoXaBhG_gBn=ERb_SiCc4y%2BDhBeuKA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Kimmo Paasiala wrote:
> On Thu, Jun 20, 2013 at 1:17 AM, Miroslav Lachman<000.fbsd@quip.cz>  wrote:
>> The version of sshd in FreeBSD 8.4 is not backward compatible with older
>> version from 8.3.
>>
>> OpenSSH_5.4p1 (on FreeBSD 8.3)
>> OpenSSH_6.1p1 (on FreeBSD 8.4)
>>
>> # sshd -t
>> /etc/ssh/sshd_config line 19: Missing argument.
>>
>> On line 19, there is:
>> VersionAddendum
>>
>> It was OK in older versions. It will remove any default text appended to SSH
>> protocol banner (for example 'FreeBSD-20120901').
>>
>> On FreeBSD 8.4, there must be some string (any single character)
>>
>> I was really badly surprised that the machine was re-booted without ssh
>> access!
>>
>> I think this change is worth to mention in Release Notes
>>
>> Miroslav Lachman
>
> How did you update to 8.4? This sounds more like messing up the
> mergemaster(8)/freebsd-update merge procedure than a real problem with
> the config file.
>
> This is the source configuration file straight from SVN releng/8.4
> branch and as you can see the VersionAddendum on line 115 is commented
> out there:
>
> http://svnweb.freebsd.org/base/releng/8.4/crypto/openssh/sshd_config?view=markup

It was upgraded by freebsd-update. It was intentionally left here as it 
was valid configuration for many years.
That's why I think it should be mentioned in the Release Notes, that it 
is no longer valid configuration (empty VersionAddendum).

The fact, that it is no longer in default sshd_config file doesn't mean 
it can't be used at all. It is still valid in the form which was in old 
default config: "VersionAddendum FreeBSD-20100308", but is no longer 
valid if empty. That's the point.

(and empty VersionAddendum was widely used, it is not my invention)

Miroslav Lachman

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51C23ED9.7070107>