Re: ssh strangeness in -current...
[ just go back from one week of skiing, catching up ] According to Kris Kennaway: This sounds bad. Are you referring to the -o syntax differences, or actual incompatabilities? There have been unsubstantiated reports of interoperability problems, but nothing well documented here. You'll have a problem if you have very old "identity" files laying in .ssh because in the Old Days[tm] the private key was protected with IDEA on disk... You'll have to recreate the private/public RSA keys with ssh-keygen and copy the "identity.pub" content into your remote "authorized_keys" files. Ollivier, who got bitten by this :) -rw--- 1 roberto staff 540 Sep 7 1995 identity -rw-r--r-- 1 roberto staff 344 Sep 7 1995 identity.pub -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- [EMAIL PROTECTED] FreeBSD keltia.freenix.fr 4.0-CURRENT #78: Sun Feb 27 15:32:39 CET 2000 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
At 9:29 PM +0100 2000/3/7, Udo Erdelhoff wrote: Are you using OpenSSH or the 'normal' ssh on your Solaris box? The Solaris box is the only place where I have tried installing OpenSSH so far. @work: SunOS [...] 5.6 Generic_105181-05 [...] SSH Version 1.2.27 [sparc-sun-solaris2.6], protocol version 1.5. Standard version. Does not use RSAREF. Have you tried this side with OpenSSH? It's using OpenSSH on Solaris that is giving me problems -- These are my opinions and should not be taken as official Skynet policy = Brad Knowles, [EMAIL PROTECTED] Sys. Arch., Mail/News/FTP/Proxy Admin Note: No Microsoft programs were used in the creation or distribution of this message. If you are using a Microsoft program to view this message, be forewarned that I am not responsible for any harm you may encounter as a result. See http://i-want-a-website.com/about-microsoft/twelve-step.html for details. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
Oliver Fromme [EMAIL PROTECTED] writes: Apart from my stupidness of not checking the location of the binary first -- what did I do wrong, and what's the recommended way of handling this? Am I supposed to rm /usr/bin/ssh each time I install a new release or snapshot? I can't believe that. You could use /usr/bin/ssh, for a start. Note that this is OpenSSH, though, so there may be incompatibilities with ssh1. The other alternative is to put /usr/local/bin in the front of the path. A third alternative is to build without OpenSSH by tweaking make.conf. (Note that there is now /etc/default/make.conf which means that you can't look in /etc/make.conf for the new option.) kai -- ~/.signature: No such file or directory To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Mon, 06 Mar 2000 13:32:00 MST, Warner Losh wrote: : This sounds bad. Are you referring to the -o syntax differences, or : actual incompatabilities? I'm talking about the -o syntax difference specifically. How does the following sound? What about the off-by-one hostkey length problem? Is it supposed to be possible to drop a "1024-bit" host key from the old ssh1 port into /etc/ssh ? We don't seem to be having much luck with that over here. Ciao, Sheldon. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
At 1:10 AM +0100 2000/3/6, Oliver Fromme wrote: I have upgraded a machine to the latest -current snapshot (it was running a -current from the end of January before). Every- thing went fine, except for one thing: ssh didn't work anymore. It used to work fine before. I've been following this thread for a while, and I'd like to ask a related question -- can anyone else successfully use scp with OpenSSH? On the one machine on which I've installed OpenSSH so far, it appears that scp into the machine is totally broken. Of course, this machine isn't running FreeBSD, so I don't expect you folks to help me try to work this problem out, but I am wondering if scp with OpenSSH under FreeBSD does actually work. Thanks! -- These are my opinions and should not be taken as official Skynet policy = Brad Knowles, [EMAIL PROTECTED] Sys. Arch., Mail/News/FTP/Proxy Admin Note: No Microsoft programs were used in the creation or distribution of this message. If you are using a Microsoft program to view this message, be forewarned that I am not responsible for any harm you may encounter as a result. See http://i-want-a-website.com/about-microsoft/twelve-step.html for details. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
When I tried out OpenSSH on a 3.4-stable machine, I as well was unable to scp into the machine from another 3.4-stable machine using ssh 1.2.27, I didn't at the time attempt to discover much, I was in a rush and thus just installed 1.2.27 instead of OpenSSH which is too bad, I like the OpenSSH idea and development, gives me that safe warm feeling.. Matt -- Matt Heckaman [[EMAIL PROTECTED]|[EMAIL PROTECTED]] [Please do not send me] !Powered by FreeBSD/x86! [http://www.freebsd.org] [any SPAM (UCE) e-mail] On Tue, 7 Mar 2000, Brad Knowles wrote: : Date: Tue, 7 Mar 2000 09:55:52 -0500 : From: Brad Knowles [EMAIL PROTECTED] : To: [EMAIL PROTECTED] : Subject: Re: ssh strangeness in -current... : : At 1:10 AM +0100 2000/3/6, Oliver Fromme wrote: : : I have upgraded a machine to the latest -current snapshot (it : was running a -current from the end of January before). Every- : thing went fine, except for one thing: ssh didn't work anymore. : It used to work fine before. : : I've been following this thread for a while, and I'd like to ask : a related question -- can anyone else successfully use scp with : OpenSSH? On the one machine on which I've installed OpenSSH so far, : it appears that scp into the machine is totally broken. : : Of course, this machine isn't running FreeBSD, so I don't expect : you folks to help me try to work this problem out, but I am wondering : if scp with OpenSSH under FreeBSD does actually work. : : : Thanks! : : -- : These are my opinions and should not be taken as official Skynet policy : = : Brad Knowles, [EMAIL PROTECTED] Sys. Arch., Mail/News/FTP/Proxy Admin : : Note: No Microsoft programs were used in the creation or distribution of : this message. If you are using a Microsoft program to view this message, : be forewarned that I am not responsible for any harm you may encounter as : a result. : : See http://i-want-a-website.com/about-microsoft/twelve-step.html for : details. : : : To Unsubscribe: send mail to [EMAIL PROTECTED] : with "unsubscribe freebsd-current" in the body of the message : To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
At 10:17 AM -0500 2000/3/7, Matt Heckaman wrote: When I tried out OpenSSH on a 3.4-stable machine, I as well was unable to scp into the machine from another 3.4-stable machine using ssh 1.2.27, I didn't at the time attempt to discover much, I was in a rush and thus just installed 1.2.27 instead of OpenSSH which is too bad, I like the OpenSSH idea and development, gives me that safe warm feeling.. Hmm. What version of OpenSSH was that? Given that I've had conflicting reports already, I'd like to try to nail down which version people are using and having (or not having) what problems. This might help me figure out why I'm having problems on this other machine. Thanks! -- These are my opinions and should not be taken as official Skynet policy = Brad Knowles, [EMAIL PROTECTED] Sys. Arch., Mail/News/FTP/Proxy Admin Note: No Microsoft programs were used in the creation or distribution of this message. If you are using a Microsoft program to view this message, be forewarned that I am not responsible for any harm you may encounter as a result. See http://i-want-a-website.com/about-microsoft/twelve-step.html for details. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Tue, Mar 07, 2000 at 03:55:52PM +0100, Brad Knowles wrote: I've been following this thread for a while, and I'd like to ask a related question -- can anyone else successfully use scp with OpenSSH? On the one machine on which I've installed OpenSSH so far, it appears that scp into the machine is totally broken. Of course, this machine isn't running FreeBSD, so I don't expect you folks to help me try to work this problem out, but I am wondering if scp with OpenSSH under FreeBSD does actually work. It works fine for me, I just tested scp in both ways between 2 machines running: - FreeBSD 2.2.8 from Dec. 1998, using SSH 1.2.25 without RSAREF from the ports - FreeBSD 3.4 as of Dec. 27th 1999, using OpenSSH 1.2.1 installed as a port bye, Harold -- Someone should do a study to find out how many human life spans have been lost waiting for NT to reboot. Ken Deboy on Dec 24 1999 in comp.unix.bsd.freebsd.misc To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
Brad Knowles [EMAIL PROTECTED] writes: but I am wondering if scp with OpenSSH under FreeBSD does actually work. Well, it works fine for me. r.arthur ~ % uname -rs FreeBSD 4.0-CURRENT r.arthur ~ % ssh -V SSH Version OpenSSH-1.2.2, protocol version 1.5. Compiled with SSL. Roland To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
Oliver Fromme writes: As I said in my first message, it complained about a missing RSA library. (To reproduce the actual error message word by word, I'd have to install the whole stuff again.) you have to cvsup the secure stuff from internat. I did that and *sigh* As I wrote in a past message in this thread, i did not and cannot cvsup on that machine at all. I can only do binary installs (i.e. releases and snapshots) on that piece of hard- ware. That's what probably 95% of FreeBSD users do, anyway. Internat also have daily snapshots of -current and -stable. Because of our slow link, it is probably best to install the rest from somewhere else and then just the crypto stuff from internat. Just note that I only keep the last 3 snaps, so don't expect to be able to get the same thing a week later. :-) To answer another question in this thread, we do build releases based on the international crypto code and they are placed on internat. No CDs though. :-/ John -- John Hay -- [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
I have upgraded a machine to the latest -current snapshot (it was running a -current from the end of January before). Every- thing went fine, except for one thing: ssh didn't work anymore. It used to work fine before. You really need to read the -current mailing list if you're going to run -current. Saying that openssh took you by surprise as a -current user is sort of like saying you didn't know Elvis was dead. :-( - Jordan To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
I keep asking myself this question; a default sysinstall package would give us the same end result. I'm building with NO_OPENSSL and NO_OPENSSH and have still gotten hit with breakage. Would you guys quit spreading FUD and start actually giving us some DETAILS on this alleged breakage? You've been ridiculously silent on an issue which has been actively worked on and discussed for the last few weeks to come forward at this late stage and start waving your arms around. This entire thread has been content-free so far. - Jordan To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
At 4:58 PM +0100 2000/3/7, Roland Jesse wrote: Well, it works fine for me. Must be a FreeBSD vs. Solaris thing, because I've got the same version and it doesn't work for me. Sounds like I've got some more debugging to do. Thanks for all the info! -- These are my opinions and should not be taken as official Skynet policy = Brad Knowles, [EMAIL PROTECTED] Sys. Arch., Mail/News/FTP/Proxy Admin Note: No Microsoft programs were used in the creation or distribution of this message. If you are using a Microsoft program to view this message, be forewarned that I am not responsible for any harm you may encounter as a result. See http://i-want-a-website.com/about-microsoft/twelve-step.html for details. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
In article [EMAIL PROTECTED], Kris Kennaway [EMAIL PROTECTED] wrote: Ahh, so you can use the OpenSSH client to connect to some servers, but not the F-Secure one? That would definitely be a bug you should report to the OpenSSH developers. Is anyone else in the position to test this? In the past I have had interoperability problems between F-Secure and the open source versions of ssh. But the cause then was simply that the F-Secure keys were too long ( 1024 bits) for ssh's rsaref to cope with. John To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
Kris Kennaway wrote: This sounds bad. Are you referring to the -o syntax differences, or actual incompatabilities? There have been unsubstantiated reports of interoperability problems, but nothing well documented here. I know for a fact that one flag I used with ssh (ssh-agent's -p, I think) does not exist in openssh. Nevertheless, I haven't had problems with openssh. Well, actually, I haven't *tested* it, so who knows. :-) -- Daniel C. Sobral(8-DCS) [EMAIL PROTECTED] [EMAIL PROTECTED] One Unix to rule them all, One Resolver to find them, One IP to bring them all and in the zone bind them. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Tue, 7 Mar 2000, Jordan K. Hubbard wrote: I keep asking myself this question; a default sysinstall package would give us the same end result. I'm building with NO_OPENSSL and NO_OPENSSH and have still gotten hit with breakage. Would you guys quit spreading FUD and start actually giving us some DETAILS on this alleged breakage? You've been ridiculously silent on an issue which has been actively worked on and discussed for the last few weeks to come forward at this late stage and start waving your arms around. This entire thread has been content-free so far. I've been building and rebuilding in an attempt to make sure that its not some stupidity on my part. Be assured that when I'm positive I've got a reproducable error that I'll let everyone in on the details. -- | Matthew N. Dodd | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD | | [EMAIL PROTECTED] | 2 x '84 Volvo 245DL| ix86,sparc,pmax | | http://www.jurai.net/~winter | This Space For Rent | ISO8802.5 4ever | To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
In message [EMAIL PROTECTED] "Daniel C. Sobral" writes: : I know for a fact that one flag I used with ssh (ssh-agent's -p, I : think) does not exist in openssh. Nevertheless, I haven't had problems : with openssh. Well, actually, I haven't *tested* it, so who knows. :-) Other than the missing or different features, different default values, different error/warning message, pickier whining and the like, I've had no problem since I cut over :-). The programs interoperate, but there's definitely a learning curve for OpenSSH. Warner To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Tue, Mar 07, 2000 at 11:26:03AM +0200, Sheldon Hearn wrote: Is it supposed to be possible to drop a "1024-bit" host key from the old ssh1 port into /etc/ssh? It works for me. I've created my host key with ssh-1.2.26 and the base system OpenSSH accepted it without any problems. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Tue, Mar 07, 2000 at 06:48:56PM +0100, Brad Knowles wrote: Must be a FreeBSD vs. Solaris thing Are you using OpenSSH or the 'normal' ssh on your Solaris box? I've just tried to copy files between my FreeBSD box @home and one of 'my' Solaris boxes @work. All four possible directions work exactly as expected with both binary and text files. @home: FreeBSD 4.0, 05-MAR-2000, USA_RESIDENT=NO SSH Version OpenSSH-1.2.2, protocol version 1.5. Compiled with SSL. @work: SunOS [...] 5.6 Generic_105181-05 [...] SSH Version 1.2.27 [sparc-sun-solaris2.6], protocol version 1.5. Standard version. Does not use RSAREF. /s/Udo -- I'd like to meet the man who invented sex and see what he's working on now. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Tue, 7 Mar 2000, John Polstra wrote: In the past I have had interoperability problems between F-Secure and the open source versions of ssh. But the cause then was simply that the F-Secure keys were too long ( 1024 bits) for ssh's rsaref to cope with. That would certainly do it. OpenSSH should probably print a more helpful error message in this case, though. Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Tue, 7 Mar 2000, John Polstra wrote: In the past I have had interoperability problems between F-Secure and the open source versions of ssh. But the cause then was simply that the F-Secure keys were too long ( 1024 bits) for ssh's rsaref to cope with. That would certainly do it. OpenSSH should probably print a more helpful error message in this case, though. Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
Sheldon Hearn [EMAIL PROTECTED] wrote: What about the off-by-one hostkey length problem? The client gives a warning when you connect to an old server with this problem. Is it supposed to be possible to drop a "1024-bit" host key from the old ssh1 port into /etc/ssh ? I have switched several hosts from Ylonen-SSH to OpenSSH and have retained all host keys. -- Christian "naddy" Weisgerber [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Tue, 7 Mar 2000, Matthew N. Dodd wrote: I've been building and rebuilding in an attempt to make sure that its not some stupidity on my part. Be assured that when I'm positive I've got a reproducable error that I'll let everyone in on the details. If you give us an idea where your breakage is, we can tell you if it's a known problem. E.g., there is a known problem with PPP(D) and NO_OPENSSL that Kris and I have already worked out a fix for. Doug -- "Welcome to the desert of the real." - Laurence Fishburne as Morpheus, "The Matrix" To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Mon, 6 Mar 2000, Oliver Fromme wrote: Apart from my stupidness of not checking the location of the binary first -- what did I do wrong, and what's the recommended way of handling this? Am I supposed to rm /usr/bin/ssh each time I install a new release or snapshot? I can't believe that. I avoid the problem by structuring my paths along the lines of $HOME/bin:/usr/local/bin:/usr/bin:/bin (everythere, not just on FreeBSD). This way, if I (as sysadmin) install something in /usr/local, it over-rides whatever the vendor supplied. (Otherwise, I probably wouldn't have installed my own version). Likewise, anything I put in my private bin directory over-rides anything in the common areas. In this case, it would mean that the version of ssh installed (in /usr/local/bin) from the ports would over-ride the /usr/bin/ssh in the base system. Peter To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Tue, 7 Mar 2000, Doug Barton wrote: If you give us an idea where your breakage is, we can tell you if it's a known problem. E.g., there is a known problem with PPP(D) and NO_OPENSSL that Kris and I have already worked out a fix for. Yep, thats one of them. We'll see if I find anything else. -- | Matthew N. Dodd | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD | | [EMAIL PROTECTED] | 2 x '84 Volvo 245DL| ix86,sparc,pmax | | http://www.jurai.net/~winter | This Space For Rent | ISO8802.5 4ever | To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Tue, 7 Mar 2000, Matthew N. Dodd wrote: On Tue, 7 Mar 2000, Doug Barton wrote: If you give us an idea where your breakage is, we can tell you if it's a known problem. E.g., there is a known problem with PPP(D) and NO_OPENSSL that Kris and I have already worked out a fix for. Yep, thats one of them. We'll see if I find anything else. Ok, if you don't need PPP just delete that from /usr/src/usr.sbin/Makefile (there are 4 lines). If you do need PPP write back and I'll send you the patch, I don't have the info handy right this second. Doug -- "Welcome to the desert of the real." - Laurence Fishburne as Morpheus, "The Matrix" To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On 2000-Mar-08 13:55:45 +1100, Oliver Fromme [EMAIL PROTECTED] wrote: I also had to remove /etc/ssh. Somehow, /usr/local/bin/scp seems to pick up data from /etc/ssh and tries to invoke /usr/bin/ssh, no matter what. :-( I can't explain that. My installed-from-ports scp exec's /usr/local/bin/ssh1 and that ssh doesn't know anything about /etc/ssh. Try running "ktrace -i" on the scp and looking at what is actually exec'd and opened. Peter To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
Kris Kennaway [EMAIL PROTECTED] wrote in list.freebsd-current: On Mon, 6 Mar 2000, Oliver Fromme wrote: the ports (yeah, stupid me), to no avail. It complained about some RSA library missing. Did you read the error message? Yes, I did, it was not helpful. In fact, it was confusing. Perhaps you should. Perhaps reporting it here would help someone to actually fix your problem instead of having to guess. I do not have a problem, I fixed it myself after some struggling. Did you read my whole message? Maybe I was a bit unclear. Sorry for that. My question was just what I am expected to do, and whether removing /usr/bin/ssh is the suggested solution. Hmm. Can you try cvsupping your src-crypto and src-secure collections from another (non-US) cvsup server? I can't cvsup on that -current box, it's too small for a "make world" (and probably too slow, too). I just downloaded the 2228-current snapshot and installed it. Apart from my stupidness of not checking the location of the binary first -- what did I do wrong, and what's the recommended way of handling this? Am I supposed to rm /usr/bin/ssh each time I install a new release or snapshot? I can't believe that. Read /etc/defaults/make.conf Why? I didn't compile anything. By the way, _why_ is ssh in the base system now, and what is wrong with having it in the ports? I'm sorry if there was a "HEADS UP" on this list, then I must have missed it. Enough people wanted it in the base system For what reason? I'm sorry, I can't find anything in the archives which is answering my question. I'm quite surprised you've missed any discussion of OpenSSH here though, since it's probably been one of the most discussed topics here for the past few weeks. Hm. Strange. Regards, Oliver -- Oliver Fromme, Leibnizstr. 18/61, 38678 Clausthal, Germany (Info: finger userinfo:[EMAIL PROTECTED]) "In jedem Stück Kohle wartet ein Diamant auf seine Geburt" (Terry Pratchett) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Mon, 6 Mar 2000, Oliver Fromme wrote: Apart from my stupidness of not checking the location of the binary first -- what did I do wrong, and what's the recommended way of handling this? Am I supposed to rm /usr/bin/ssh each time I install a new release or snapshot? I can't believe that. I avoid the problem by structuring my paths along the lines of $HOME/bin:/usr/local/bin:/usr/bin:/bin (everythere, not just on FreeBSD). This way, if I (as sysadmin) install something in /usr/local, it over-rides whatever the vendor supplied. (Otherwise, I probably wouldn't have installed my own version). Likewise, anything I put in my private bin directory over-rides anything in the common areas. In this case, it would mean that the version of ssh installed (in /usr/local/bin) from the ports would over-ride the /usr/bin/ssh in the base system. Peter To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
At 11:23 PM -0500 3/5/00, John Baldwin wrote: On 06-Mar-00 Kris Kennaway wrote: On Mon, 6 Mar 2000, Oliver Fromme wrote: the ports (yeah, stupid me), to no avail. It complained about some RSA library missing. Did you read the error message? Perhaps you should. Perhaps reporting it here would help someone to actually fix your problem instead of having to guess. I think you've kind of missed the point though, Kris. How many other people are going to upgrade only to find that their previously working system is now broken. We should at least mention this in UPDATING so people have a ghost of a chance. My guess is that when he said "help someone to actually fix your problem", his desire was to fix it so people would NOT have a problem updating. From the activity on the current list, it's clear that he has been putting in a lot of hours trying to fix all the various odds and ends which broke when this went in. (and yes, there have been a lot of loose ends, but people have definitely been working on them). This must have been the most discussed topic on the current mailing list for the past two weeks, and I (for one) appreciate all the work people have been doing to get openssh as part of the base system. It's been a bit bumpy, but it is (IMO) a worthwhile addition for 4.0-release. I would have been happy to vote for openssh as part of the base system, even though that means a delay in 4.0-release. --- Garance Alistair Drosehn = [EMAIL PROTECTED] Senior Systems Programmer or [EMAIL PROTECTED] Rensselaer Polytechnic Institute To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
In message v04210113b4e9132e890c@[128.113.24.47] Garance A Drosihn writes: : My guess is that when he said "help someone to actually fix your problem", : his desire was to fix it so people would NOT have a problem updating. I've added a blurb to UPDATING. Warner To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
At 5:06 PM -0800 2000/3/5, Kris Kennaway wrote: Enough people wanted it in the base system - in fact, when the question was asked about importing it, I don't recall any objections - certainly it was not a significant opposition. In fact, there are a lot of us that explicitly *did* want it in the base system, and were very glad to see it go in. I got the chance this weekend to personally thank Jordan for making the tough decision to delay the release of 4.0 in order to get it in, and I'd like to now take this chance to publicly thank Kris and the rest of the guys for all their hard work in this area. Well done! Now, about some of those bugs ;-) -- These are my opinions and should not be taken as official Skynet policy = Brad Knowles, [EMAIL PROTECTED] Sys. Arch., Mail/News/FTP/Proxy Admin Note: No Microsoft programs were used in the creation or distribution of this message. If you are using a Microsoft program to view this message, be forewarned that I am not responsible for any harm you may encounter as a result. See http://i-want-a-website.com/about-microsoft/twelve-step.html for details. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On 06-Mar-00 Warner Losh wrote: In message v04210113b4e9132e890c@[128.113.24.47] Garance A Drosihn writes: : My guess is that when he said "help someone to actually fix your problem", : his desire was to fix it so people would NOT have a problem updating. I've added a blurb to UPDATING. Warner Thanks, Warner. -- John Baldwin [EMAIL PROTECTED] -- http://www.FreeBSD.org/~jhb/ PGP Key: http://www.cslab.vt.edu/~jobaldwi/pgpkey.asc "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
John Baldwin wrote: On 06-Mar-00 Kris Kennaway wrote: On Mon, 6 Mar 2000, Oliver Fromme wrote: the ports (yeah, stupid me), to no avail. It complained about some RSA library missing. Did you read the error message? Perhaps you should. Perhaps reporting it here would help someone to actually fix your problem instead of having to guess. I think you've kind of missed the point though, Kris. How many other people are going to upgrade only to find that their previously working system is now broken. We should at least mention this in UPDATING so people have a ghost of a chance. One possible source of breakage is not bringing over the existing server key. The key will need to be moved from /usr/local/etc to /etc/ssh. Did Warner include this with his changes to UPDATING about openssh in the base system (which I haven't seen yet). Jim Bloom [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Discussions and facts [Was: Re: ssh strangeness in -current...]
On Sun, 5 Mar 2000, Kris Kennaway wrote: I'm quite surprised you've missed any discussion of OpenSSH here though, since it's probably been one of the most discussed topics here for the past few weeks. I find it quite a problem that one is supposed to read very long threads of discussions (which one may not be interested in, does not have the time for, or cannot understand) in order to find the information necessary to run and keep up with current without problems. Or to solve any occuring problems. I know current is not for those who do not want to read this list as well as cvs-all. Nevertheless it may be a good thing if plain facts and fixes related to problems were posted as separate messages with a clear subject line and not buried somewhere inside a long thread (war). Or a separate list? The above remarks do not necessarily apply to the OpenSSH discussion on this list. I did not follow it intensely, as I have had no problems with ssh. It is something I wanted to write earlier. The quote at the top was what made me do it now. -- Marc Schneiders *-*-* [EMAIL PROTECTED] *-*-* http://superputer.com *-*-* *-*-* [EMAIL PROTECTED]*-*-* http://secureasy.com*-*-* propro2:50pm up 2 days, 16:23, load average: 2.17 2.04 2.01 To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Discussions and facts [Was: Re: ssh strangeness in -current...]
Marc Schneiders wrote: I find it quite a problem that one is supposed to read very long threads of discussions (which one may not be interested in, does not have the time for, or cannot understand) in order to find the information necessary to run and keep up with current without problems. Or to solve any occuring problems. In that case, I would just follow -current on muc.lists.freebsd.current, or one of the other usenet mirrors. If you want to reply to something, just reply to the person directly, and add [EMAIL PROTECTED] in your cc. That would be one solution. [using mozilla's mail reader, so sorry if this looks screwed up] - Donn To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Mon, 6 Mar 2000, Warner Losh wrote: + want to run the new servers. You may need to move your key + and other config files from /usr/local/etc to /etc. /etc/ssh + Openssh isn't 100% compatible with ssh, so some care needs to + be taken in its operation. This sounds bad. Are you referring to the -o syntax differences, or actual incompatabilities? There have been unsubstantiated reports of interoperability problems, but nothing well documented here. Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
In message [EMAIL PROTECTED] Kris Kennaway writes: : On Mon, 6 Mar 2000, Warner Losh wrote: : : + want to run the new servers. You may need to move your key : + and other config files from /usr/local/etc to /etc. : : /etc/ssh Thanks. : + Openssh isn't 100% compatible with ssh, so some care needs to : + be taken in its operation. : : This sounds bad. Are you referring to the -o syntax differences, or actual : incompatabilities? There have been unsubstantiated reports of : interoperability problems, but nothing well documented here. I'm talking about the -o syntax difference specifically. How does the following sound? Index: UPDATING === RCS file: /home/imp/FreeBSD/CVS/src/UPDATING,v retrieving revision 1.71 diff -u -r1.71 UPDATING --- UPDATING2000/02/23 05:51:02 1.71 +++ UPDATING2000/03/06 20:31:30 @@ -5,6 +5,27 @@ done items, please see the end of the file. Search for 'COMMON ITEMS:' +2303: + CMSG_XXX macros offset in sys/socket.h has changed to + conform RFC-2292. All affected applications have been + corrected. The i386 platform's offsets haven't changed, but + the alpha's did. When you build and install new kernel on + FreeBSD/alpha, you must also do a make world. + +2225: + OpenSSH has been added to FreeBSD. This may conflict with the + ssh port since it installs binaries into /usr/bin and the port + goes into /usr/local/bin. Most paths have /usr/bin in the path + before /usr/local/bin, so problems may arrise. If you don't + want OpenSSH, add NO_OPENSSH=yes to your make.conf. + + You will also need to enable openssh in /etc/rc.conf if you + want to run the new servers. You may need to move your key + and other config files from /usr/local/etc to /etc/ssh. + + Openssh's command line parsing isn't 100% compatible with ssh, + so some care needs to be taken in its operation. + 2205: The xinstall problem has kinda sorta been corrected. The following is known to work by the author of UPDATING. It Warner To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Mon, Mar 06, 2000 at 01:32:00PM -0700, Warner Losh wrote: : + Openssh isn't 100% compatible with ssh, so some care needs to : + be taken in its operation. : : This sounds bad. Are you referring to the -o syntax differences, or actual : incompatabilities? There have been unsubstantiated reports of : interoperability problems, but nothing well documented here. I'm talking about the -o syntax difference specifically. How does the following sound? [SNIP] + Openssh's command line parsing isn't 100% compatible with ssh, + so some care needs to be taken in its operation. I'd leave it saying that it isn't 100% compatible - it may sound bad but it's true. There are several other things that aren't the same: default options are different, some options have been removed (AllowHosts is one that I know of), it produces warning messages where the old ssh wouldn't have. I'm sure there are other differences too. David. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
If memory serves me right, David Malone wrote: On Mon, Mar 06, 2000 at 01:32:00PM -0700, Warner Losh wrote: : + Openssh isn't 100% compatible with ssh, so some care needs to : + be taken in its operation. : : This sounds bad. Are you referring to the -o syntax differences, or actua l : incompatabilities? There have been unsubstantiated reports of : interoperability problems, but nothing well documented here. I'm talking about the -o syntax difference specifically. How does the following sound? [SNIP] + Openssh's command line parsing isn't 100% compatible with ssh, + so some care needs to be taken in its operation. I'd leave it saying that it isn't 100% compatible - it may sound bad but it's true. There are several other things that aren't the same: default options are different, some options have been removed (AllowHosts is one that I know of), it produces warning messages where the old ssh wouldn't have. I'm sure there are other differences too. Rather than let the users guess at various incompatabilities (imagined and real), why not give them a few examples, as in your (David's) last message? "Care needs to be taken when converting from ssh to OpenSSH. OpenSSH's command-line parsing isn't 100% compatible with ssh, some of the default options have been changed, some options (such as AllowHosts) have been removed, and it produces a few more warning messages than ssh." Bruce. PGP signature
Re: ssh strangeness in -current...
On Mon, 6 Mar 2000, Warner Losh wrote: +2225: + OpenSSH has been added to FreeBSD. This may conflict with the + ssh port since it installs binaries into /usr/bin and the port You probably should refer to the ports by name: /usr/ports/security/ssh and /usr/ports/security/openssh (which is obsoleted by having it in the base) + goes into /usr/local/bin. Most paths have /usr/bin in the path + before /usr/local/bin, so problems may arrise. If you don't arise + want OpenSSH, add NO_OPENSSH=yes to your make.conf. + + You will also need to enable openssh in /etc/rc.conf if you + want to run the new servers. You may need to move your key + and other config files from /usr/local/etc to /etc/ssh. + + Openssh's command line parsing isn't 100% compatible with ssh, + so some care needs to be taken in its operation. This is better. Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Mon, 6 Mar 2000, David Malone wrote: I'd leave it saying that it isn't 100% compatible - it may sound bad but it's true. There are several other things that aren't the same: default options are different, some options have been removed (AllowHosts is one that I know of), it produces warning messages where the old ssh wouldn't have. I'm sure there are other differences too. None of these affect the operation of OpenSSH in your network. Sure, you have to check the config files when you migrate to it, but the point is it's not incompatible with other SSH implementations, and we don't want to scare people into thinking it has weird lurking bugs and they'd better not use it. Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Mon, 6 Mar 2000, Arindum Mukerji wrote: Also, going from an OpenSSH 1.2.2 box to an SSH-1.2.27 box is fine - it coughs up a hairball when going to the F-Secure 1.3.7 commercial variant though. Ahh, so you can use the OpenSSH client to connect to some servers, but not the F-Secure one? That would definitely be a bug you should report to the OpenSSH developers. Is anyone else in the position to test this? Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
Is this any better? I've removed the emotionally charged compatibility word. 2225: OpenSSH has been added to FreeBSD. This may conflict with the ports/security/ssh port since it installs binaries into /usr/bin and the port goes into /usr/local/bin. Most paths have /usr/bin in the path before /usr/local/bin, so problems may arrise. If you don't want OpenSSH, add NO_OPENSSH=yes to your make.conf. You will also need to enable openssh in /etc/rc.conf if you want to run the new servers. You may need to move your key and other config files from /usr/local/etc to /etc/ssh. Openssh's command line parsing, available options and default settings aren't the same as ssh, so some care needs to be taken in its operation. One should do a full audit of all configuration settings. Warner To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Mon, 6 Mar 2000, Warner Losh wrote: Is this any better? I've removed the emotionally charged compatibility word. Some more picking :) 2225: OpenSSH has been added to FreeBSD. This may conflict with the ports/security/ssh port since it installs binaries into /usr/bin and the port goes into /usr/local/bin. Most paths have /usr/bin in the path before /usr/local/bin, so problems may arrise. If you don't want OpenSSH, add NO_OPENSSH=yes to arise :) your make.conf. You will also need to enable openssh in /etc/rc.conf if you OpenSSH want to run the new servers. You may need to move your key host key and other config files from /usr/local/etc to /etc/ssh. Openssh's command line parsing, available options and default OpenSSH settings aren't the same as ssh, so some care needs to be taken in its operation. One should do a full audit of all configuration settings. Apart from those small nits I think it's fine. Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
ssh strangeness in -current...
Hi, I have upgraded a machine to the latest -current snapshot (it was running a -current from the end of January before). Every- thing went fine, except for one thing: ssh didn't work anymore. It used to work fine before. At first I was very suprised and had no clue what was going on. I couldn't imagine how the new -current base system could affect my ssh binary which had been installed from the ports long before. I even pkg_deleted it and re-installed it from the ports (yeah, stupid me), to no avail. It complained about some RSA library missing. Finally I got the great idea to type "which ssh", showing me that there now was a (non-functional) ssh binary in /usr/bin. I removed it, and everything started working again, picking up the ports version from /usr/local/bin. Apart from my stupidness of not checking the location of the binary first -- what did I do wrong, and what's the recommended way of handling this? Am I supposed to rm /usr/bin/ssh each time I install a new release or snapshot? I can't believe that. By the way, _why_ is ssh in the base system now, and what is wrong with having it in the ports? I'm sorry if there was a "HEADS UP" on this list, then I must have missed it. Regards Oliver PS: Just in case if it matters, I have USA_RESIDENT=NO in my make.conf. -- Oliver Fromme, Leibnizstr. 18/61, 38678 Clausthal, Germany (Info: finger userinfo:[EMAIL PROTECTED]) "In jedem Stück Kohle wartet ein Diamant auf seine Geburt" (Terry Pratchett) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Mon, 6 Mar 2000, Oliver Fromme wrote: By the way, _why_ is ssh in the base system now, and what is wrong with having it in the ports? I'm sorry if there was a "HEADS UP" on this list, then I must have missed it. I keep asking myself this question; a default sysinstall package would give us the same end result. I'm building with NO_OPENSSL and NO_OPENSSH and have still gotten hit with breakage. -- | Matthew N. Dodd | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD | | [EMAIL PROTECTED] | 2 x '84 Volvo 245DL| ix86,sparc,pmax | | http://www.jurai.net/~winter | This Space For Rent | ISO8802.5 4ever | To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Sun, 5 Mar 2000, Matthew N. Dodd wrote: I'm building with NO_OPENSSL and NO_OPENSSH and have still gotten hit with breakage. I can't fix this if you don't tell me what it is! Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Sun, 5 Mar 2000, Kris Kennaway wrote: On Sun, 5 Mar 2000, Matthew N. Dodd wrote: I'm building with NO_OPENSSL and NO_OPENSSH and have still gotten hit with breakage. I can't fix this if you don't tell me what it is! What? Nobody else is test compiling with NO_OPENSSL/NO_OPENSSH? -- | Matthew N. Dodd | '78 Datsun 280Z | '75 Volvo 164E | FreeBSD/NetBSD | | [EMAIL PROTECTED] | 2 x '84 Volvo 245DL| ix86,sparc,pmax | | http://www.jurai.net/~winter | This Space For Rent | ISO8802.5 4ever | To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
On Sun, 5 Mar 2000, Matthew N. Dodd wrote: I'm building with NO_OPENSSL and NO_OPENSSH and have still gotten hit with breakage. I can't fix this if you don't tell me what it is! What? Nobody else is test compiling with NO_OPENSSL/NO_OPENSSH? Your message wasn't clear you were talking about _world_ breakage. If this is your only problem, see my other message. Kris In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe [EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: ssh strangeness in -current...
"Matthew N. Dodd" wrote: On Sun, 5 Mar 2000, Kris Kennaway wrote: On Sun, 5 Mar 2000, Matthew N. Dodd wrote: I'm building with NO_OPENSSL and NO_OPENSSH and have still gotten hit with breakage. I can't fix this if you don't tell me what it is! What? Nobody else is test compiling with NO_OPENSSL/NO_OPENSSH? I am. I found an error, sent it to the list, and Kris came up with a fix. The whole point of gamma testing the release candidates is that when people find problems they report them and they get fixed. Doug -- "Welcome to the desert of the real." - Laurence Fishburne as Morpheus, "The Matrix" To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message