Re: OpenSSH HPN

Bryan Drewery writes: > Actually I am missing the client-side VersionAddendum support (ssh.c). I > only have server-side (sshd.c). This is just due to lack of motivation > to import the changes. Pretty sure I sent Damien the patch a few years ago... There was also a bug

regression in igb/clang?

Hi, I' updated a system with -current as of r287323 (end August) to r290633 (yesterday). Result: no network connection (not even ping) on igb. Ping internally (local addresses) works, anything outgoing/incoming doesn't. I disabled HW support (tso4, lro, rxcsum, txcsum): doesn't help. Did I

Re: OpenSSH HPN

On Wednesday, 11 November 2015, John-Mark Gurney wrote: > Ben Woods wrote this message on Wed, Nov 11, 2015 at 15:40 +0800: > > I have to agree that there are cases when the NONE cipher makes sense, > and > > it is up to the end user to make sure they know what they are doing.

FreeBSD_HEAD-tests - Build #1681 - Still Unstable

FreeBSD_HEAD-tests - Build #1681 - Still Unstable: Build information: https://jenkins.FreeBSD.org/job/FreeBSD_HEAD-tests/1681/ Full change log: https://jenkins.FreeBSD.org/job/FreeBSD_HEAD-tests/1681/changes Full build log: https://jenkins.FreeBSD.org/job/FreeBSD_HEAD-tests/1681/console Change

Re: OpenSSH HPN

On 11/10/15 5:42 PM, Dag-Erling Smørgrav wrote: Some of you may have noticed that OpenSSH in base is lagging far behind the upstream code. The main reason for this is the burden of maintaining the HPN patches. They are extensive, very intrusive, and touch parts of the OpenSSH code that change

Re: OpenSSH HPN

On 11/10/15 7:16 PM, Dag-Erling Smørgrav wrote: Bob Bishop writes: Is removing HPN going to impact the performance of tunnelled X connexions? yes if your rtt is greater than about 85 mSec I don't know he details but I noticed a big difference. I had thought X wouldn't show

Re: OpenSSH HPN

For a fast transfer of large files see sysutils/bbcp. It uses ssh to establish authorized connection, then does a transfer over multiple parallel TCP sessions by itself. If data encryption is needed, combine it with security/hpenc Mark ___

Build failed in Jenkins: Build-UFS-image #2711

See -- Started by upstream project "Build_Image_and_Run_Tests_in_Bhyve_HEAD" build number 1753 originally caused by: Started by upstream project "FreeBSD_HEAD" build number 3511 originally caused

Re: OpenSSH HPN

On 11/11/2015 10:13 AM, Slawa Olhovchenkov wrote: > On Wed, Nov 11, 2015 at 05:51:25PM +0100, Dag-Erling Smørgrav wrote: > >> Bryan Drewery writes: >>> Another thing that I did with the port was restore the tcpwrapper >>> support that upstream removed. Again, if we decide

Re: OpenSSH HPN

On 11/11/2015 1:04 AM, Dag-Erling Smørgrav wrote: > Ben Woods writes: >> Personally I have used it at home to backup my old FreeBSD server >> (which does not have AESNI) over a dedicated network connection to a >> backup server using rsync/ssh. Since it was not possible for

Re: OpenSSH HPN

On 11/10/2015 3:48 AM, Dag-Erling Smørgrav wrote: > Willem Jan Withagen writes: >> "Dag-Erling Smørgrav" writes: >>> Willem Jan Withagen writes: Are they still willing to accept changes to the old version that is currently in base? >>>

Re: OpenSSH HPN

Daniel Kalchev writes: > I must have missed the explanation. But why having a NONE cypher > compiled in, but disabled in the configuration is a bad idea? It increases the cost of maintaining OpenSSH in base noticeably without providing real value unless you are one of the few

bsd.subdir.mk: Recursing on dependent targets

The current behavior of bsd.subdir.mk has a very surprising behavior that I think is wrong and think that changing it will have no real impact. Consider: SUBDIR_TARGETS= all foo all: foo If you call 'make foo' it will recurse 'foo' on all sub-directories as expected. If you call 'make all' it

Re: OpenSSH HPN

Slawa Olhovchenkov writes: > Can you explain what is problem? Radical suggestion: read the first email in the thread. > PS: As I today know, kerberos heimdal is practicaly dead as opensource > project. Have FreeBSD planed switch to MIT Kerberos? I am know about >

Re: OpenSSH HPN

On 11/11/2015 1:23 AM, Dag-Erling Smørgrav wrote: > Bryan Drewery writes: >> Actually I am missing the client-side VersionAddendum support (ssh.c). I >> only have server-side (sshd.c). This is just due to lack of motivation >> to import the changes. > > Pretty sure I sent

Re: OpenSSH HPN

Bryan Drewery writes: > Another thing that I did with the port was restore the tcpwrapper > support that upstream removed. Again, if we decide it is not worth > keeping in base I will remove it as default in the port. I want to keep tcpwrapper support - it is another reason

Re: bsd.subdir.mk: Recursing on dependent targets

Hi Bryan & all, I'm in a rush so will read yours again later, but will quickly mention I've long ago added a load of *-recursive macros to my Mk/ but never submitted them, they are under http://www.berklix.com/~jhs/src/bsd/fixes/FreeBSD/ports/gen/Mk/ (but it seems something in apache httpd.conf

Re: bsd.subdir.mk: Recursing on dependent targets

On 11/11/2015 9:50 AM, Julian H. Stacey wrote: > Hi Bryan & all, > I'm in a rush so will read yours again later, but will quickly mention > I've long ago added a load of *-recursive macros to my Mk/ > but never submitted them, they are under >

Re: bsd.subdir.mk: Recursing on dependent targets

On 11/11/2015 9:37 AM, Bryan Drewery wrote: > > With the change I would like to make, to only recurse on *called* > targets This also has the benefit of no longer having 'realinstall' be a thing that bsd.subdir.mk needs to care about. Just recursing 'install' would handle all of the ordering and

Re: OpenSSH HPN

On Wed, Nov 11, 2015 at 05:51:25PM +0100, Dag-Erling Smørgrav wrote: > Bryan Drewery writes: > > Another thing that I did with the port was restore the tcpwrapper > > support that upstream removed. Again, if we decide it is not worth > > keeping in base I will remove it as

Re: OpenSSH HPN

On 11/11/2015 8:51 AM, Dag-Erling Smørgrav wrote: > Bryan Drewery writes: >> Another thing that I did with the port was restore the tcpwrapper >> support that upstream removed. Again, if we decide it is not worth >> keeping in base I will remove it as default in the port. >

Re: FYI: SVN to GIT converter currently broken, github is falling behind

Lars, Try to remove .git/gc.log then re-run fetch. If that doesn't work then move ".git/refs/remotes/origin/HEAD" to backup location outside of your .git directory and try again. -Alfred On 11/11/15 4:03 AM, Eggert, Lars wrote: Hi, I just got this error when fetching from remote; related?

Re: OpenSSH HPN

On 11/11/2015 7:49 AM, Daniel Kalchev wrote: > It is my understanding, that using the NONE cypher is not identical to using > “the old tools” (rsh/rlogin/rcp). > > When ssh uses the NONE cypher, credentials and authorization are still > encrypted and verified. Only the actual data payload is

Re: OpenSSH HPN

> On 11 Nov 2015, at 16:53 , Bryan Drewery wrote: > > On 11/11/2015 8:51 AM, Dag-Erling Smørgrav wrote: >> Bryan Drewery writes: >>> Another thing that I did with the port was restore the tcpwrapper >>> support that upstream removed. Again, if we

Re: OpenSSH HPN

On 11/11/15 7:56 PM, Dag-Erling Smørgrav wrote: Julian Elischer writes: The inclusion of the HPN patches meant that we could drop a custom unsupported HPN enabled ssh from our build process. It makes ssh actually usable. Define "usable". Does it actually make a

Re: OpenSSH HPN

On Tue, Nov 10, 2015 at 09:52:16AM -0800, John-Mark Gurney wrote: > Dag-Erling Smrgrav wrote this message on Tue, Nov 10, 2015 at 10:42 +0100: > > Therefore, I would like to remove the HPN patches from base and refer > > anyone who really needs them to the openssh-portable port, which has > >

Re: OpenSSH HPN

On Tue, Nov 10, 2015 at 11:59:30PM -0800, John-Mark Gurney wrote: > Ben Woods wrote this message on Wed, Nov 11, 2015 at 15:40 +0800: > > On Wednesday, 11 November 2015, Bryan Drewery wrote: > > > > > On 11/10/15 9:52 AM, John-Mark Gurney wrote: > > > > My vote is to

Re: OpenSSH HPN

Julian Elischer writes: > Bob Bishop writes: > > Is removing HPN going to impact the performance of tunnelled X > > connexions? > yes if your rtt is greater than about 85 mSec With an RTT of 85 ms, X is unusable with or without HPN. DES -- Dag-Erling

Re: OpenSSH HPN

Julian Elischer writes: > Now we'll have to resurrect all that framework and pain. I guess pain is fine as long as it's not yours... > have you mentioned this plan to Brooks? Didn't he add it? These are public lists, but by all means, mention it to him if he hasn't noticed

Re: OpenSSH HPN

It is my understanding, that using the NONE cypher is not identical to using “the old tools” (rsh/rlogin/rcp). When ssh uses the NONE cypher, credentials and authorization are still encrypted and verified. Only the actual data payload is not encrypted. Perhaps similar level of security could

Re: OpenSSH HPN

On Wed, Nov 11, 2015 at 6:59 PM, John-Mark Gurney wrote: > If you have a trusted network, why not just use nc? Perhaps more generally relevant is that ssh/scp are *waves hands* vaguely analogous to secure versions of rsh/rlogin/rcp. I'd think that most cases of "I wanted to

Re: OpenSSH HPN

Ben Woods writes: > Personally I have used it at home to backup my old FreeBSD server > (which does not have AESNI) over a dedicated network connection to a > backup server using rsync/ssh. Since it was not possible for anyone > else to be on that local network, and the server

RE: strange kernel crash

> -Original Message- > From: owner-freebsd-hack...@freebsd.org > [mailto:owner-freebsd-hack...@freebsd.org] On Behalf Of Andriy Gapon > Sent: Wednesday, November 11, 2015 3:02 AM > To: John Baldwin > Cc: Hans Petter Selasky ; FreeBSD Hackers >

Re: OpenSSH HPN

Julian Elischer writes: > The inclusion of the HPN patches meant that we could drop a custom > unsupported HPN enabled ssh from our build process. It makes ssh > actually usable. Define "usable". Does it actually make a measurable difference with the latest OpenSSH? And if

Wake on LAN broken (probably between r290542 - r290606)?

My build machine ("freebeast") spends most of the time powered off. One of my "always on" machines has a crontab entry for 23:47 to use /usr/local/bin/wol (from ports/net/wol) to wake it up in time to do some periodinc "daily" things, update its local mirror of the SVN repos, and update it ports

Re: FYI: SVN to GIT converter currently broken, github is falling behind

Hi, I just got this error when fetching from remote; related? [elars@laurel: ~/src] git fetch --all Fetching origin Auto packing the repository in background for optimum performance. See "git help gc" for manual housekeeping. Fetching upstream remote: Counting objects: 557, done. remote:

Re: OpenSSH HPN

On 11/11/15 09:27, Ben Woods wrote: On Wednesday, 11 November 2015, John-Mark Gurney wrote: Ben Woods wrote this message on Wed, Nov 11, 2015 at 15:40 +0800: I have to agree that there are cases when the NONE cipher makes sense, and it is up to the end user to make sure

Jenkins build is back to normal : Build-UFS-image #2714

See ___ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Build failed in Jenkins: Build-UFS-image #2716

See -- Started by upstream project "Build_Image_and_Run_Tests_in_Bhyve_HEAD" build number 1757 originally caused by: Started by upstream project "FreeBSD_HEAD" build number 3515 originally caused

FreeBSD_HEAD-tests - Build #1682 - Still Unstable

FreeBSD_HEAD-tests - Build #1682 - Still Unstable: Build information: https://jenkins.FreeBSD.org/job/FreeBSD_HEAD-tests/1682/ Full change log: https://jenkins.FreeBSD.org/job/FreeBSD_HEAD-tests/1682/changes Full build log: https://jenkins.FreeBSD.org/job/FreeBSD_HEAD-tests/1682/console Change

kereros telnet/rlogin/etc. (was Re: OpenSSH HPN)

On Wed, 11 Nov 2015, Daniel Kalchev wrote: > > Perhaps similar level of security could be achieved by “the old tools” > if they were by default compiled with Kerberos. Although, this still > requires building additional infrastructure. The kerberized versions of the old tools are basically

Re: OpenSSH HPN

On Wed, Nov 11, 2015 at 10:18:08AM -0800, Bryan Drewery wrote: > On 11/11/2015 10:13 AM, Slawa Olhovchenkov wrote: > > On Wed, Nov 11, 2015 at 05:51:25PM +0100, Dag-Erling Smørgrav wrote: > > > >> Bryan Drewery writes: > >>> Another thing that I did with the port was

Re: OpenSSH HPN

On 11/11/2015 3:56 PM, Slawa Olhovchenkov wrote: > On Wed, Nov 11, 2015 at 10:18:08AM -0800, Bryan Drewery wrote: > >> On 11/11/2015 10:13 AM, Slawa Olhovchenkov wrote: >>> On Wed, Nov 11, 2015 at 05:51:25PM +0100, Dag-Erling Smørgrav wrote: >>> Bryan Drewery writes:

Re: OpenSSH HPN

On Wed, Nov 11, 2015 at 03:58:35PM -0800, Bryan Drewery wrote: > > Some for as ports version? > > Or ports version different? > > Or port mantainer have more time (this is not to blame for DES)? > > I am just don't know what is different between port ssh and base ssh. > > We need ssh 6.x in base,

Re: OpenSSH HPN

On Wed, Nov 11, 2015 at 01:32:27PM -0800, Bryan Drewery wrote: > On 11/10/2015 1:42 AM, Dag-Erling Smørgrav wrote: > > I would also like to remove the NONE cipher > > patch, which is also available in the port (off by default, just like in > > base). > > Fun fact, it's been broken in the port

Re: OpenSSH HPN

On 11/11/15 4:05 PM, Slawa Olhovchenkov wrote: > On Wed, Nov 11, 2015 at 03:58:35PM -0800, Bryan Drewery wrote: > >>> Some for as ports version? >>> Or ports version different? >>> Or port mantainer have more time (this is not to blame for DES)? >>> I am just don't know what is different between

Re: OpenSSH HPN

On Wed, 11 Nov 2015, Dag-Erling Sm?rgrav wrote: I want to keep tcpwrapper support - it is another reason why I still haven't upgraded OpenSSH, but to the best of my knowledge, it is far less intrusive than HPN. There's also inetd's tcpwrapper support if you call sshd from inetd for D/DOS

Re: OpenSSH HPN

Ben Woods wrote this message on Wed, Nov 11, 2015 at 16:27 +0800: > On Wednesday, 11 November 2015, John-Mark Gurney wrote: > > > Ben Woods wrote this message on Wed, Nov 11, 2015 at 15:40 +0800: > > > I have to agree that there are cases when the NONE cipher makes sense, > >

Re: OpenSSH HPN

On Wed, Nov 11, 2015 at 07:18:31PM +0100, Dag-Erling Smørgrav wrote: > Slawa Olhovchenkov writes: > > Can you explain what is problem? > > Radical suggestion: read the first email in the thread. I am read and don't understund (you talk about trouble of maintaining the HPN

Re: OpenSSH HPN

Daniel Kalchev wrote this message on Wed, Nov 11, 2015 at 17:49 +0200: > It is my understanding, that using the NONE cypher is not identical to using > ???the old tools??? (rsh/rlogin/rcp). > > When ssh uses the NONE cypher, credentials and authorization are still > encrypted and verified. Only

Re: OpenSSH HPN

On Tue, Nov 10, 2015 at 04:40:42PM -0800, Bryan Drewery wrote: > On 11/10/15 1:42 AM, Dag-Erling Sm??rgrav wrote: > > Some of you may have noticed that OpenSSH in base is lagging far behind > > the upstream code. > > > > The main reason for this is the burden of maintaining the HPN patches. > >

Re: Build failed in Jenkins: Build-UFS-image #2712

On 11/11/2015 12:07 PM, jenkins-ad...@freebsd.org wrote: > See > > -- > Started by upstream project "Build_Image_and_Run_Tests_in_Bhyve_HEAD" build > number 1754 > originally caused by: > Started by

Build failed in Jenkins: Build-UFS-image #2712

See -- Started by upstream project "Build_Image_and_Run_Tests_in_Bhyve_HEAD" build number 1754 originally caused by: Started by upstream project "FreeBSD_HEAD" build number 3512 originally caused

Re: OpenSSH HPN

On 11/10/2015 1:42 AM, Dag-Erling Smørgrav wrote: > I would also like to remove the NONE cipher > patch, which is also available in the port (off by default, just like in > base). Fun fact, it's been broken in the port for several months with no complaints. It was just reported and fixed

Build failed in Jenkins: Build-UFS-image #2713

See -- Started by upstream project "Build_Image_and_Run_Tests_in_Bhyve_HEAD" build number 1755 originally caused by: Started by upstream project "FreeBSD_HEAD" build number 3513 originally caused

Re: OpenSSH HPN

Ben Woods wrote this message on Wed, Nov 11, 2015 at 15:40 +0800: > On Wednesday, 11 November 2015, Bryan Drewery wrote: > > > On 11/10/15 9:52 AM, John-Mark Gurney wrote: > > > My vote is to remove the HPN patches. First, the NONE cipher made more > > > sense back when we

Re: strange kernel crash

On 10/11/2015 20:42, John Baldwin wrote: > On Tuesday, November 10, 2015 10:48:08 AM Andriy Gapon wrote: >> On 09/11/2015 22:16, John Baldwin wrote: >>> On Friday, November 06, 2015 07:02:59 PM Hans Petter Selasky wrote: On 11/06/15 12:20, Andriy Gapon wrote: > Now the strange part: >