On Sun, Oct 16, 2016 at 05:32:57PM -0700, Kevin Oberman wrote: > ... > I believe sshd no longer supports ssh1 compatibility and it looks like you > might still have an entry in /etc/sshd/sshd.config trying to touch v1. > Check the file for any non-default entries. Compare your sshd_config with > the default version in /usr/src/crypto/openssh. > ....
I used to explicitly disable v1 compatibility..... The machine that's a target of the "freebsd-update" attention has no sources, so I copied sshd_config from it to /tmp on my laptop (which does): g1-252(11.0-S) diff -u /S2/usr/src/crypto/openssh/sshd_config /tmp/sshd_config --- /S2/usr/src/crypto/openssh/sshd_config 2016-03-13 04:13:31.323690000 -0700 +++ /tmp/sshd_config 2016-06-05 06:37:55.000000000 -0700 @@ -1,5 +1,5 @@ -# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ -# $FreeBSD: stable/10/crypto/openssh/sshd_config 296781 2016-03-12 23:53:20Z des $ +# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $ +# $FreeBSD: stable/10/crypto/openssh/sshd_config 264692 2014-04-20 12:46:18Z des $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -120,7 +120,7 @@ #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none -#VersionAddendum FreeBSD-20160310 +#VersionAddendum FreeBSD-20140420 # no default banner path #Banner none @@ -128,6 +128,18 @@ # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server +# Disable HPN tuning improvements. +#HPNDisabled no + +# Buffer size for HPN to non-HPN connections. +#HPNBufferSize 2048 + +# TCP receive socket buffer polling for HPN. Disable on non autotuning kernels. +#TcpRcvBufPoll yes + +# Allow the use of the NONE cipher. +#NoneEnabled no + # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no g1-252(11.0-S) On the off-chance that the VersionAddendum might be confusing at least one of us, I copied the stable/11 version of the file to the appropiate place on the freebsd-update target machine, then rebooted. Still no joy: other things work, but not ssh. Thanks for the suggestion. I'm a bit... perplexed. [The machine in question would be the last machine I have still running FreeBSD-10 -- I've migrated each of the others to stable/11.] Peace, david -- David H. Wolfskill da...@catwhisker.org Those who would murder in the name of God or prophet are blasphemous cowards. See http://www.catwhisker.org/~david/publickey.gpg for my public key.
Description: PGP signature