Re: Call for testing: OpenSSH 7.5p1

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 03/14/2017 11:40 AM, Damien Miller wrote:
Hi,

OpenSSH 7.5p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.

[...]

This release includes a number of changes that may affect existing
configurations:

 * This release deprecates the sshd_config UsePrivilegeSeparation
   option, thereby making privilege separation mandatory. Privilege
   separation has been on by default for almost 15 years.

Hello,
I don't see this option deprecated in current portable master. Still in place. How are we going to be able to switch between Sandbox and just privilege separation?

As far as I remember, various people still use this use case to test other SSH implementation (privsep requires running a root, isn't it?).

 * Fix various fallout and sharp edges caused by removing SSH protocol
   1 support from the server, including the server banner string being
   incorrectly terminated with only \n (instead of \r\n), and
   confusing error messages from ssh-keyscan bz#2583.

I would vouch for this bug get fixed too in the relation to the SSH1 removal:

https://bugzilla.mindrot.org/show_bug.cgi?id=2686

Also this one is a bit confusing:

https://bugzilla.mindrot.org/show_bug.cgi?id=2682

I took the package through the basic sanity testing and so far all tests passed.

Thanks,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
commit 425a28b1efa6f6cd5552a312ef615ee9863c6b7a
Author: Jakub Jelen <jjelen@xxxxxxxxxx>
Date:   Tue Feb 21 15:54:30 2017 +0100

    fix

diff --git a/readconf.c b/readconf.c
index 9d59493..a49ffd5 100644
--- a/readconf.c
+++ b/readconf.c
@@ -2544,7 +2544,7 @@ dump_client_config(Options *o, const char *host)
 	dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass);
 	dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication);
 	dump_cfg_fmtint(oRequestTTY, o->request_tty);
-#ifdef WITH_RSA1
+#ifdef WITH_SSH1
 	dump_cfg_fmtint(oRhostsRSAAuthentication, o->rhosts_rsa_authentication);
 	dump_cfg_fmtint(oRSAAuthentication, o->rsa_authentication);
 #endif
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux