To David Wolfskil, your mail server keeps refusing my mail, so I'm sending you my reply here:
Hello David sorry I didn't mean to sound critic towards the work of anyone but I can assure you 100% that we never touched that file for any particular reason. What I can assure you tho, is that the machine used to be a FreeBSD 8/9 in the beginning. What I just checked is that the man page for sshd_config lists the allowed values for MAC and hmac-ripemd160 disappeared since 12.0 - you can check it in the online man page: https://www.freebsd.org/cgi/man.cgi?query=sshd_config&apropos=0&sektion=5&manpath=FreeBSD+11.2-RELEASE&arch=default&format=html vs https://www.freebsd.org/cgi/man.cgi?sshd_config(5) Furthermore I just checked some other of our machines that were upgraded from previous versions of FreeBSD (always 8/9 era): root@cianuro:/etc/ssh # freebsd-version 11.2-RELEASE-p7 root@cianuro:/etc/ssh # cat /etc/ssh/sshd_config | grep MACs MACs hmac-sha1,hmac-ripemd160 root@cianuro:/etc/ssh # While a fresh new 11.x doesn't have that line: root@phpengine-ams301:~ # freebsd-version 11.2-RELEASE-p5 root@phpengine-ams301:~ # cat /etc/ssh/sshd_config | grep MACs root@phpengine-ams301:~ # --- Andrea Brancatelli Schema31 S.p.a. Chief Technology Officier ROMA - FI - PA ITALY Tel: +39.06.98.358.472 Cell: +39.331.2488468 Fax: +39.055.71.880.466 Società del Gruppo OVIDIO TECH S.R.L. On 2018-12-21 18:10, Andrea Brancatelli wrote: > Hello. > > Just a quick head up.... Today we update a FreeBSD 11.2 to 12.0 machine > and our SSHD got broken. > > The problem is with HMAC line in the config file, specifically the > hmac-ripemd160 value. It was legit in 11.2 (and I suspect > default-enabled for a previous FreeBSD version because never in the > world we would change that line - I don't even knot what's for) but it > doesn't work anymore in 12.0. > > So as a check, before upgrading check your /etc/ssh/sshd_config. > > -- > > Andrea Brancatelli > Schema31 S.p.a. > Chief Technology Officier > > ROMA - FI - PA > ITALY > Tel: +39.06.98.358.472 > Cell: +39.331.2488468 > Fax: +39.055.71.880.466 > Società del Gruppo OVIDIO TECH S.R.L. > _______________________________________________ > [email protected] mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "[email protected]" _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[email protected]"
