On Fri, 2019-03-29 at 12:29 +0100, Jakub Jelen wrote: > On Wed, 2019-03-27 at 22:00 +1100, Damien Miller wrote: > > Hi, > > > > OpenSSH 8.0p1 is almost ready for release, so we would appreciate > > testing > > on as many platforms and systems as possible. > > > > Snapshot releases for portable OpenSSH are available from > > http://www.mindrot.org/openssh_snap/ > > > > The OpenBSD version is available in CVS HEAD: > > http://www.openbsd.org/anoncvs.html > > > > Portable OpenSSH is also available via git using the > > instructions at http://www.openssh.com/portable.html#cvs > > At https://anongit.mindrot.org/openssh.git/ or via a mirror at > > Github: > > https://github.com/openssh/openssh-portable > > > > Running the regression tests supplied with Portable OpenSSH does > > not > > require installation and is a simply: > > > > $ ./configure && make tests > > For now, I have only one comment, but I plan to run more tests in our > environment. There is also changed semantics of the ssh-keygen when listing keys from PKCS#11 modules. In the past, it was not needed to enter a PIN for this, but now. At least, it is not consistent with a comment in the function pkcs11_open_session(), which says 727 * if pin == NULL we delay login until key use Being logged in before listing keys prevents bug #2430, but as a side effect, even the ssh can not list keys before login and if the configuration contains a PKCS#11 module, the user is always prompted for a PIN, which is not very user friendly. I see this is a regression and the bug #2430 should get solved as proposed in the patches (will need some tweaks after the big refactoring). Regards, -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
