Re: sshd didn't run after upgrade to FreeBSD 8.4
Scot Hetzel wrote:
On Thu, Jun 20, 2013 at 4:28 AM, Lee Dilkiel...@dilkie.com wrote:
On 6/19/2013 8:24 PM, Kimmo Paasiala wrote:
Ok, this is crazy. If you put one space after the VersionAddendum
keyword you get exactly what you want, an empty VersionAddendum
string. If there's no space but a newline right after the
VersionAddendum keyword, sshd(8) complains about the line and refuses
to start. So this is ok (without the single quotes, they are just to
show the endings of the lines):
'VersionAddendum'
But this is not:
'VersionAddendum'
What are the OpenSSH devs thinking?
-Kimmo
I'd call it a bug.
crypto/openssh/servconf.c
1553 case sVersionAddendum:
1554 if (cp == NULL)
1555 fatal(%.200s line %d: Missing
argument., filename,
1556 linenum);
1557 len = strspn(cp, WHITESPACE);
1558 if (*activep options-version_addendum == NULL) {
1559 if (strcasecmp(cp + len, none) == 0)
1560 options-version_addendum = xstrdup();
1561 else if (strchr(cp + len, '\r') != NULL)
1562 fatal(%.200s line %d: Invalid argument,
1563 filename, linenum);
1564 else
1565 options-version_addendum =
xstrdup(cp + len);
1566 }
1567 return 0;
Looks like if you specify:
VersionAddendum none
it won't display the additional info.
Thank you for your suggestion, none really works. I will use it as a
workaround.
I think the issue needs to be mentioned in Release Notes and/or UPDATING
anyway.
Miroslav Lachman
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: sshd didn't run after upgrade to FreeBSD 8.4
On Thu, Jun 20, 2013 at 4:28 AM, Lee Dilkie l...@dilkie.com wrote:
On 6/19/2013 8:24 PM, Kimmo Paasiala wrote:
Ok, this is crazy. If you put one space after the VersionAddendum
keyword you get exactly what you want, an empty VersionAddendum
string. If there's no space but a newline right after the
VersionAddendum keyword, sshd(8) complains about the line and refuses
to start. So this is ok (without the single quotes, they are just to
show the endings of the lines):
'VersionAddendum '
But this is not:
'VersionAddendum'
What are the OpenSSH devs thinking?
-Kimmo
I'd call it a bug.
crypto/openssh/servconf.c
1553 case sVersionAddendum:
1554 if (cp == NULL)
1555 fatal(%.200s line %d: Missing
argument., filename,
1556 linenum);
1557 len = strspn(cp, WHITESPACE);
1558 if (*activep options-version_addendum == NULL) {
1559 if (strcasecmp(cp + len, none) == 0)
1560 options-version_addendum = xstrdup();
1561 else if (strchr(cp + len, '\r') != NULL)
1562 fatal(%.200s line %d: Invalid argument,
1563 filename, linenum);
1564 else
1565 options-version_addendum =
xstrdup(cp + len);
1566 }
1567 return 0;
Looks like if you specify:
VersionAddendum none
it won't display the additional info.
--
DISCLAIMER:
No electrons were maimed while sending this message. Only slightly bruised.
___
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: sshd didn't run after upgrade to FreeBSD 8.4
On Jun 20, 2013, at 02:24, Kimmo Paasiala kpaas...@gmail.com wrote: ... Ok, this is crazy. If you put one space after the VersionAddendum keyword you get exactly what you want, an empty VersionAddendum string. If there's no space but a newline right after the VersionAddendum keyword, sshd(8) complains about the line and refuses to start. So this is ok (without the single quotes, they are just to show the endings of the lines): 'VersionAddendum ' But this is not: 'VersionAddendum' What are the OpenSSH devs thinking? I assume they did not take this scenario into account at all. The VersionAddendum setting had been a custom FreeBSD addition for some time, and was not available at all in upstream OpenSSH. When upstream decided to add it, they did not specifically care about backwards compatibility with (until that time) non-standard configuration files... -Dimitry ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: sshd didn't run after upgrade to FreeBSD 8.4
On 6/19/2013 8:24 PM, Kimmo Paasiala wrote: Ok, this is crazy. If you put one space after the VersionAddendum keyword you get exactly what you want, an empty VersionAddendum string. If there's no space but a newline right after the VersionAddendum keyword, sshd(8) complains about the line and refuses to start. So this is ok (without the single quotes, they are just to show the endings of the lines): 'VersionAddendum ' But this is not: 'VersionAddendum' What are the OpenSSH devs thinking? -Kimmo I'd call it a bug. -lee ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
sshd didn't run after upgrade to FreeBSD 8.4
The version of sshd in FreeBSD 8.4 is not backward compatible with older version from 8.3. OpenSSH_5.4p1 (on FreeBSD 8.3) OpenSSH_6.1p1 (on FreeBSD 8.4) # sshd -t /etc/ssh/sshd_config line 19: Missing argument. On line 19, there is: VersionAddendum It was OK in older versions. It will remove any default text appended to SSH protocol banner (for example 'FreeBSD-20120901'). On FreeBSD 8.4, there must be some string (any single character) I was really badly surprised that the machine was re-booted without ssh access! I think this change is worth to mention in Release Notes Miroslav Lachman ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: sshd didn't run after upgrade to FreeBSD 8.4
Given its often critical nature ssh really should never fail due to a bad config line, it should ignore and continue. - Original Message - From: Miroslav Lachman 000.f...@quip.cz To: freebsd-stable Stable freebsd-stable@FreeBSD.org Sent: Wednesday, June 19, 2013 11:17 PM Subject: sshd didn't run after upgrade to FreeBSD 8.4 The version of sshd in FreeBSD 8.4 is not backward compatible with older version from 8.3. OpenSSH_5.4p1 (on FreeBSD 8.3) OpenSSH_6.1p1 (on FreeBSD 8.4) # sshd -t /etc/ssh/sshd_config line 19: Missing argument. On line 19, there is: VersionAddendum It was OK in older versions. It will remove any default text appended to SSH protocol banner (for example 'FreeBSD-20120901'). On FreeBSD 8.4, there must be some string (any single character) I was really badly surprised that the machine was re-booted without ssh access! I think this change is worth to mention in Release Notes Miroslav Lachman ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmas...@multiplay.co.uk. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: sshd didn't run after upgrade to FreeBSD 8.4
On Thu, Jun 20, 2013 at 1:17 AM, Miroslav Lachman 000.f...@quip.cz wrote: The version of sshd in FreeBSD 8.4 is not backward compatible with older version from 8.3. OpenSSH_5.4p1 (on FreeBSD 8.3) OpenSSH_6.1p1 (on FreeBSD 8.4) # sshd -t /etc/ssh/sshd_config line 19: Missing argument. On line 19, there is: VersionAddendum It was OK in older versions. It will remove any default text appended to SSH protocol banner (for example 'FreeBSD-20120901'). On FreeBSD 8.4, there must be some string (any single character) I was really badly surprised that the machine was re-booted without ssh access! I think this change is worth to mention in Release Notes Miroslav Lachman How did you update to 8.4? This sounds more like messing up the mergemaster(8)/freebsd-update merge procedure than a real problem with the config file. This is the source configuration file straight from SVN releng/8.4 branch and as you can see the VersionAddendum on line 115 is commented out there: http://svnweb.freebsd.org/base/releng/8.4/crypto/openssh/sshd_config?view=markup -Kimmo ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: sshd didn't run after upgrade to FreeBSD 8.4
Kimmo Paasiala wrote: On Thu, Jun 20, 2013 at 1:17 AM, Miroslav Lachman000.f...@quip.cz wrote: The version of sshd in FreeBSD 8.4 is not backward compatible with older version from 8.3. OpenSSH_5.4p1 (on FreeBSD 8.3) OpenSSH_6.1p1 (on FreeBSD 8.4) # sshd -t /etc/ssh/sshd_config line 19: Missing argument. On line 19, there is: VersionAddendum It was OK in older versions. It will remove any default text appended to SSH protocol banner (for example 'FreeBSD-20120901'). On FreeBSD 8.4, there must be some string (any single character) I was really badly surprised that the machine was re-booted without ssh access! I think this change is worth to mention in Release Notes Miroslav Lachman How did you update to 8.4? This sounds more like messing up the mergemaster(8)/freebsd-update merge procedure than a real problem with the config file. This is the source configuration file straight from SVN releng/8.4 branch and as you can see the VersionAddendum on line 115 is commented out there: http://svnweb.freebsd.org/base/releng/8.4/crypto/openssh/sshd_config?view=markup It was upgraded by freebsd-update. It was intentionally left here as it was valid configuration for many years. That's why I think it should be mentioned in the Release Notes, that it is no longer valid configuration (empty VersionAddendum). The fact, that it is no longer in default sshd_config file doesn't mean it can't be used at all. It is still valid in the form which was in old default config: VersionAddendum FreeBSD-20100308, but is no longer valid if empty. That's the point. (and empty VersionAddendum was widely used, it is not my invention) Miroslav Lachman ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: sshd didn't run after upgrade to FreeBSD 8.4
On Thu, Jun 20, 2013 at 2:29 AM, Miroslav Lachman 000.f...@quip.cz wrote: Kimmo Paasiala wrote: On Thu, Jun 20, 2013 at 1:17 AM, Miroslav Lachman000.f...@quip.cz wrote: The version of sshd in FreeBSD 8.4 is not backward compatible with older version from 8.3. OpenSSH_5.4p1 (on FreeBSD 8.3) OpenSSH_6.1p1 (on FreeBSD 8.4) # sshd -t /etc/ssh/sshd_config line 19: Missing argument. On line 19, there is: VersionAddendum It was OK in older versions. It will remove any default text appended to SSH protocol banner (for example 'FreeBSD-20120901'). On FreeBSD 8.4, there must be some string (any single character) I was really badly surprised that the machine was re-booted without ssh access! I think this change is worth to mention in Release Notes Miroslav Lachman How did you update to 8.4? This sounds more like messing up the mergemaster(8)/freebsd-update merge procedure than a real problem with the config file. This is the source configuration file straight from SVN releng/8.4 branch and as you can see the VersionAddendum on line 115 is commented out there: http://svnweb.freebsd.org/base/releng/8.4/crypto/openssh/sshd_config?view=markup It was upgraded by freebsd-update. It was intentionally left here as it was valid configuration for many years. That's why I think it should be mentioned in the Release Notes, that it is no longer valid configuration (empty VersionAddendum). The fact, that it is no longer in default sshd_config file doesn't mean it can't be used at all. It is still valid in the form which was in old default config: VersionAddendum FreeBSD-20100308, but is no longer valid if empty. That's the point. (and empty VersionAddendum was widely used, it is not my invention) Miroslav Lachman You're missing my point totally. The line is commented out in the official source of 8.4 and there for I have very hard time believing that it would show up uncommented on a fresh 8.4 installation. -Kimmo ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: sshd didn't run after upgrade to FreeBSD 8.4
On Wed, Jun 19, 2013 at 6:32 PM, Kimmo Paasiala kpaas...@gmail.com wrote: You're missing my point totally. The line is commented out in the official source of 8.4 and there for I have very hard time believing that it would show up uncommented on a fresh 8.4 installation. I don't think this warrants a mention in the Release Notes for exactly this point, however it should probably be mentioned in UPDATING. If nothing else, that would at least keep UPDATING consistent with previous ssh major upgrades. -- Adam Vande More ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: sshd didn't run after upgrade to FreeBSD 8.4
- Original Message - From: Kimmo Paasiala kpaas...@gmail.com To: Miroslav Lachman 000.f...@quip.cz Cc: freebsd-stable Stable freebsd-stable@freebsd.org Sent: Thursday, June 20, 2013 12:32 AM Subject: Re: sshd didn't run after upgrade to FreeBSD 8.4 On Thu, Jun 20, 2013 at 2:29 AM, Miroslav Lachman 000.f...@quip.cz wrote: Kimmo Paasiala wrote: On Thu, Jun 20, 2013 at 1:17 AM, Miroslav Lachman000.f...@quip.cz wrote: The version of sshd in FreeBSD 8.4 is not backward compatible with older version from 8.3. OpenSSH_5.4p1 (on FreeBSD 8.3) OpenSSH_6.1p1 (on FreeBSD 8.4) # sshd -t /etc/ssh/sshd_config line 19: Missing argument. On line 19, there is: VersionAddendum It was OK in older versions. It will remove any default text appended to SSH protocol banner (for example 'FreeBSD-20120901'). On FreeBSD 8.4, there must be some string (any single character) I was really badly surprised that the machine was re-booted without ssh access! I think this change is worth to mention in Release Notes Miroslav Lachman How did you update to 8.4? This sounds more like messing up the mergemaster(8)/freebsd-update merge procedure than a real problem with the config file. This is the source configuration file straight from SVN releng/8.4 branch and as you can see the VersionAddendum on line 115 is commented out there: http://svnweb.freebsd.org/base/releng/8.4/crypto/openssh/sshd_config?view=markup It was upgraded by freebsd-update. It was intentionally left here as it was valid configuration for many years. That's why I think it should be mentioned in the Release Notes, that it is no longer valid configuration (empty VersionAddendum). The fact, that it is no longer in default sshd_config file doesn't mean it can't be used at all. It is still valid in the form which was in old default config: VersionAddendum FreeBSD-20100308, but is no longer valid if empty. That's the point. (and empty VersionAddendum was widely used, it is not my invention) Miroslav Lachman You're missing my point totally. The line is commented out in the official source of 8.4 and there for I have very hard time believing that it would show up uncommented on a fresh 8.4 installation. I believe Miroslav is saying he left his old but previously working sshd_config as was when updating, so its a change to the code which now fails on an empty VersionAddendum, where it previously didn't hence the problem. Regards Steve This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmas...@multiplay.co.uk. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: sshd didn't run after upgrade to FreeBSD 8.4
On Thu, Jun 20, 2013 at 2:40 AM, Steven Hartland kill...@multiplay.co.uk wrote: I believe Miroslav is saying he left his old but previously working sshd_config as was when updating, so its a change to the code which now fails on an empty VersionAddendum, where it previously didn't hence the problem. Regards Steve Err yes, your right. The proper way to specify empty VersionAddendum based on some googling seems to be now: VersionAddendum -Kimmo ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: sshd didn't run after upgrade to FreeBSD 8.4
On Jun 19, 2013, at 7:37 PM, Adam Vande More wrote: On Wed, Jun 19, 2013 at 6:32 PM, Kimmo Paasiala kpaas...@gmail.com wrote: You're missing my point totally. The line is commented out in the official source of 8.4 and there for I have very hard time believing that it would show up uncommented on a fresh 8.4 installation. I don't think this warrants a mention in the Release Notes for exactly this point, however it should probably be mentioned in UPDATING. If nothing else, that would at least keep UPDATING consistent with previous ssh major upgrades. +1 Even if you ran mergemaster and saw the change, without a comment above the VersionAddendum line or mention in UPDATING, you might make any number of assumptions about why it's commented out now.Given the behavior (ie: sshd does not start) for those that have chosen in the past not to tell the world what OS and build date they are running. Not really the best choice by the OpenSSH folks either, IMHO. I skim the OpenSSH release notes sent to the -announce list and totally missed this change. Charles -- Adam Vande More ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: sshd didn't run after upgrade to FreeBSD 8.4
Kimmo Paasiala wrote: On Thu, Jun 20, 2013 at 2:40 AM, Steven Hartland kill...@multiplay.co.uk wrote: I believe Miroslav is saying he left his old but previously working sshd_config as was when updating, so its a change to the code which now fails on an empty VersionAddendum, where it previously didn't hence the problem. Yes, this is my point - I left my old and previously working sshd_config with empty VersionAddendum. Err yes, your right. The proper way to specify empty VersionAddendum based on some googling seems to be now: VersionAddendum This is not true, it will add two quotes to the banner: SSH-2.0-OpenSSH_6.1_hpn13v11 Default banner (no VersionAddendum in sshd_config): SSH-2.0-OpenSSH_6.1_hpn13v11 FreeBSD-20120901 So I am fine with: VersionAddendum - It will print: SSH-2.0-OpenSSH_6.1_hpn13v11 - I don't need really empty addendum, I just don't want to show FreeBSD version info and empty VersionAddendum was working for me many years. Now it breaks sshd after final reboot on two of our upgraded servers. So Release Notes or better UPDATING entry will warn other users before the same mistake. Thanks to the remote management / KVM on Sun Fire and Supermicro servers that I didn't need to drive to the datacenter and I can fix it remotely. Miroslav Lachman ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
Re: sshd didn't run after upgrade to FreeBSD 8.4
On Thu, Jun 20, 2013 at 3:15 AM, Miroslav Lachman 000.f...@quip.cz wrote: Kimmo Paasiala wrote: On Thu, Jun 20, 2013 at 2:40 AM, Steven Hartland kill...@multiplay.co.uk wrote: I believe Miroslav is saying he left his old but previously working sshd_config as was when updating, so its a change to the code which now fails on an empty VersionAddendum, where it previously didn't hence the problem. Yes, this is my point - I left my old and previously working sshd_config with empty VersionAddendum. Err yes, your right. The proper way to specify empty VersionAddendum based on some googling seems to be now: VersionAddendum This is not true, it will add two quotes to the banner: SSH-2.0-OpenSSH_6.1_hpn13v11 Default banner (no VersionAddendum in sshd_config): SSH-2.0-OpenSSH_6.1_hpn13v11 FreeBSD-20120901 So I am fine with: VersionAddendum - It will print: SSH-2.0-OpenSSH_6.1_hpn13v11 - I don't need really empty addendum, I just don't want to show FreeBSD version info and empty VersionAddendum was working for me many years. Now it breaks sshd after final reboot on two of our upgraded servers. So Release Notes or better UPDATING entry will warn other users before the same mistake. Thanks to the remote management / KVM on Sun Fire and Supermicro servers that I didn't need to drive to the datacenter and I can fix it remotely. Miroslav Lachman Ok, this is crazy. If you put one space after the VersionAddendum keyword you get exactly what you want, an empty VersionAddendum string. If there's no space but a newline right after the VersionAddendum keyword, sshd(8) complains about the line and refuses to start. So this is ok (without the single quotes, they are just to show the endings of the lines): 'VersionAddendum ' But this is not: 'VersionAddendum' What are the OpenSSH devs thinking? -Kimmo ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to freebsd-stable-unsubscr...@freebsd.org
