RE: Announce: OpenSSH 8.9 released

Damien Miller <djm@xxxxxxxxxxx> · Wed, 2 Mar 2022 13:00:09 +1100 (AEDT)

On Tue, 1 Mar 2022, Val Baranov wrote:

> On Wednesday, February 23, 2022 7:09 AM, Damien Miller <djm@xxxxxxxxxxxxxxx> wrote:
> <OpenSSH 8.9 has just been released. It will be available from the mirrors listed at https://urldefense.com/v3/__https://www.openssh.com/__;!!OToaGQ!8Cf0KPZ5tLwOiN5u2XUTZs2M3RI-4WweqkikJOlCHgDAnnS_4y14RrV9Wu4mI3-S8v8$  shortly.
> 
> Running "make tests" revealed 2 "cert type" tests in "hostkey-agent.sh" script to fail. Those 2 tests are not present in RC from Feb. 11, where all tests passed successfully.
> Those failed tests are "sk-ssh-*" and "sk-ecdsa-*" below (4 lines with errors are shifted to the right in output below):
> ok restrict pubkey type
> run test hostkey-agent.sh ...
> key type ssh-ed25519
> key type ssh-rsa
> key type ssh-dss
> key type ecdsa-sha2-nistp256
> key type ecdsa-sha2-nistp384
> key type ecdsa-sha2-nistp521
> cert type ssh-ed25519-cert-v01@xxxxxxxxxxx
> cert type sk-ssh-ed25519-cert-v01@xxxxxxxxxxx
>            cert type sk-ssh-ed25519-cert-v01@xxxxxxxxxxx failed
>            bad SSH_CONNECTION key type sk-ssh-ed25519-cert-v01@xxxxxxxxxxx
> cert type ssh-rsa-cert-v01@xxxxxxxxxxx
> cert type rsa-sha2-256-cert-v01@xxxxxxxxxxx
> cert type rsa-sha2-512-cert-v01@xxxxxxxxxxx
> cert type ssh-dss-cert-v01@xxxxxxxxxxx
> cert type ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx
> cert type ecdsa-sha2-nistp384-cert-v01@xxxxxxxxxxx
> cert type ecdsa-sha2-nistp521-cert-v01@xxxxxxxxxxx
> cert type sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx
>            cert type sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx failed
>            bad SSH_CONNECTION key type sk-ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx
> failed hostkey agent
> 
> Re-tested release candidate from Feb. 11 and no "cert type sk-*" tests were found. 
> Could it happened that the required priv/pub keys are missing in "./regress" subdir and this is why it says "bad key type" ?

It looks more like something went wrong with configuring or building
the security key support. Did you use a separate or clean tree for the
8.9 build? If not, then please try this first.

If that doesn't work, then please post a bug report at bugzilla.mindrot.org
and attach a full configure + compile log (oh, and mention what system
you're using)

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev