On Mon, Oct 16, 2006 at 02:05:36PM +0800, Uwe Dippel wrote:
> On Mon, 16 Oct 2006 13:26:46 +0800, Uwe Dippel wrote:
>
> > On Fri, 13 Oct 2006 17:27:50 +0200, Tobias Weisserth wrote:
> >
> >> I just patched OpenSSH on OpenBSD 3.8 and restarted OpenSSH.
> >>
> >> Now I can't login anymore using public/private key authentication.
>
> Confirmed.
> I reversed the patch (-R) and recompiled, sent a HUP, and it is back at
> work; keyboard and RSA-authentication.
After a bit of off-list info gathering I think I know what's going on.
Short answer:
cd /usr/src/usr.bin/ssh && make obj depend && make && make install
Long answer:
I think the root of the problem was that ssh had previously been built,
but did not have the dependency information (".depend" files).
When the patch was applied and sshd rebuilt, make (not knowing any
better) only rebuilt the changed files. Most of the time this doesn't
matter... except when the global structures change, which they do in
this particular patch. The end result is a mismatched sshd where the
old object files use the old structure, new files using the new structure
and it manages to limp along before eventually falling over.
I can reproduce the problem if I follow that chain of events exactly.
I think we need to change the patch installation instructions to say
"make obj depend" not just "make obj".
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
