On 03/14/2017 11:40 AM, Damien Miller wrote:
Hi,
OpenSSH 7.5p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.
[...]
This release includes a number of changes that may affect existing
configurations:
* This release deprecates the sshd_config UsePrivilegeSeparation
option, thereby making privilege separation mandatory. Privilege
separation has been on by default for almost 15 years.
Hello,
I don't see this option deprecated in current portable master. Still in
place. How are we going to be able to switch between Sandbox and just
privilege separation?
As far as I remember, various people still use this use case to test
other SSH implementation (privsep requires running a root, isn't it?).
* Fix various fallout and sharp edges caused by removing SSH protocol
1 support from the server, including the server banner string being
incorrectly terminated with only \n (instead of \r\n), and
confusing error messages from ssh-keyscan bz#2583.
I would vouch for this bug get fixed too in the relation to the SSH1
removal:
https://bugzilla.mindrot.org/show_bug.cgi?id=2686
Also this one is a bit confusing:
https://bugzilla.mindrot.org/show_bug.cgi?id=2682
I took the package through the basic sanity testing and so far all tests
passed.
Thanks,
--
Jakub Jelen
Software Engineer
Security Technologies
Red Hat
commit 425a28b1efa6f6cd5552a312ef615ee9863c6b7a
Author: Jakub Jelen <jjelen@xxxxxxxxxx>
Date: Tue Feb 21 15:54:30 2017 +0100
fix
diff --git a/readconf.c b/readconf.c
index 9d59493..a49ffd5 100644
--- a/readconf.c
+++ b/readconf.c
@@ -2544,7 +2544,7 @@ dump_client_config(Options *o, const char *host)
dump_cfg_fmtint(oProxyUseFdpass, o->proxy_use_fdpass);
dump_cfg_fmtint(oPubkeyAuthentication, o->pubkey_authentication);
dump_cfg_fmtint(oRequestTTY, o->request_tty);
-#ifdef WITH_RSA1
+#ifdef WITH_SSH1
dump_cfg_fmtint(oRhostsRSAAuthentication, o->rhosts_rsa_authentication);
dump_cfg_fmtint(oRSAAuthentication, o->rsa_authentication);
#endif
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev