Re: Call for testing: OpenSSH 8.9

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


On Fri, 11 Feb 2022, Corinna Vinschen wrote:

> On Feb 10 15:18, Damien Miller wrote:
> > Hi,
> > 
> > OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing
> > on as many platforms and systems as possible. This is a bugfix release.
> Builds OOTB on Cygwin x86_64, almost all tests pass, except a single
> test in hostkey-agent:
> -------------
>   FAIL: cert type sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx failed
>   FAIL: bad SSH_CONNECTION key type sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx
> -------------
> I'm building OPenSSH exactly as if I create a distro build, using the
> following configuration options:
>   --with-libedit
>   --with-xauth=/usr/bin/xauth
>   --disable-strip
>   --without-hardening
>   --with-security-key-builtin

It's passing for me with similar options (missing --with-libedit and
--with-security-key-builtin). I'm using:

> CYGWIN_NT-10.0 win10pro 3.2.0(0.340/5/3) 2021-03-29 08:42 x86_64 Cygwin

>   debug1: kex: host key algorithm: (no match)
>   Unable to negotiate with UNKNOWN port 65535: no matching host key type found.
>   Their offer:
>   ssh-ed25519-cert-v01@xxxxxxxxxxx,rsa-sha2-512-cert-v01@xxxxxxxxxxx,rsa-sha2-256-
>   cert-v01@xxxxxxxxxxx,ssh-rsa-cert-v01@xxxxxxxxxxx,ssh-dss-cert-v01@xxxxxxxxxxx,e
>   cdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx,ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx
>   ,ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx^M
> I wonder why sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx is not in the
> above list of cert type offers.  What explanation could that have?

It looks like the server offer is missing all SK keytypes. What does
'grep ENABLE_SK config.h' show? If it is disabled there, then config.log
might have clues as to why.

I'll try it again on an image with libfido2 just to rule that out, though
AFAIK it's not in the path for any of this (we use in the

openssh-unix-dev mailing list

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux