On 2015-08-18 10:37 AM, aixtools wrote:
FYI: About to leave on vacation, so no time to go deep. so sorry.
Downloaded openssh-7.0p1 and build using --without-openssl
First issue was:
make install DESTDIR=/var/aixtools/openbsd/openssh/7.0.0.1601 >
.buildaix/install.out
Could not load host key: /var/openssh/etc/ssh_host_rsa_key
Could not load host key: /var/openssh/etc/ssh_host_dsa_key
Could not load host key: /var/openssh/etc/ssh_host_ed25519_key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.
make: 1254-004 The error code from the last command is 1.
make: 1254-005 Ignored error code 1 from last command.
I did not run make check; neither am I sure if this is a new "make
install" issue.
However, I recall "make check" would fail when these keys did not
pre-exist.
Next:
after "make distclean" I get
root@x064:[/data/prj/openbsd/openssh/openssh-7.0p1]./configure
checking for gcc... no
checking for cc... cc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... no
checking whether cc accepts -g... yes
checking for cc option to accept ISO C89... -qlanglvl=extc89
configure: error: cannot run /bin/sh ./config.sub
Again, all FYI. When I am back in September I will look more closely,
if still needed.
Additional FYI.
I probably need to read the Change Notes - so probably it is not a
surprise that Putty 0.64 is not (always) working.
I thought I only had one "old cbc" cipher active to support an old SSH
client.
The surprising part is when sshd_config has this added:
ciphers
aes128-ctr,aes192-ctr,aes256-ctr,chacha20-poly1305@xxxxxxxxxxx,aes256-cbc
KexAlgorithms
curve25519-sha256@xxxxxxxxxx,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
macs hmac-sha2-256,hmac-sha2-512,hmac-sha1-96,hmac-sha1
openssh-7.0p1 sshd does actually ask for the password, rather than fail
outright with protocol mismatch
(which is what it does without the "backwards-compatible" ciphers, et
al, above., i.e., never gets to asking for password).
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev