ssh public key auth. incompatible between 2.3.0 vs. 2.9?

[David Wolfskill]

OK; there's something about the (relatively) new ssh (2.9) in -CURRENT
I'm not understanding.  I have hunted around for some clues (via man pages
& the like), but it could well be that I'm still failing to notice
something -- quite possibly something that should be obvious to even me
-- and I welcome a clue.

Basically, the setup I use in -STABLE, where I'm able to use my
public/private key pair for authentication, is not working in -CURRENT.
(ssh in -CURRENT is reverting to password authentication.)

On the machine (my laptop, where I have been tracking both -STABLE and
-CURRENT daily for the past 1.5 months or so, and each environment has
its own / and /usr, but /usr/local, /var, and my home directory are
common -- as is the local CVS respository), I have it set up to start X
(4.0.3) via xdm.  Thus, my ~/.xsession script is run when I login.

The first part of that script reads:

#! /bin/csh

if { test -x `which ssh-askpass` } then
  eval `ssh-agent`
  ssh-add
  set ssh_test = `ssh-add -l` || exit 1
  echo "$ssh_test" | grep '@' >/dev/null
  if ( $? ) then
echo "What part of 'Need passphrase' don't you understand?"
exit 2
  endif
endif

set in_xdm = "1"
source ~/.cshrc





(I do *not* normally use csh for script-writing.  However, since I use
it (well, tcsh) as my normal shell, there are some advantages to having
the ssh-agent stuff use csh semantics.  And it allows a bit more
consistency forfiguring out things like my customized execution path.
And prior to ssh .29 in -CURRENT, this was also working in -CURRENT...
but it took a couple of days for things to get to a reasonably steady
state or ssh 2.9 in -CURRENT, which is why I didn't write about this
earlier:  I figured it's sufficiently messy that it was a little
premature to do that just yet.  But I certainly want folks to be aware
of what is going on, now that I've started seeing requested to MFC ssh
2.9.)

Now, as noted, my home directory is common between the 2 environments,
so I have a high degree of confidence that the files look the same from
either environment.  And I built the first -CURRENT environment from
FreeBSD 4.3-STABLE near the 2nd week of March; that part's been tracking
-CURRENT since... and this was after /etc/ssh had been populated
originally, so the host keys are the same.  Here's /etc/ssh on the
-STABLE side:

dhcp-140[1] ls -la /S1/etc/ssh
total 37
drwxr-xr-x   2 root  wheel512 May  3 06:57 .
drwxr-xr-x  17 root  wheel   2560 May 12 07:07 ..
-rw-r--r--   1 root  wheel  26346 May  3 06:57 primes
-rw-r--r--   1 root  wheel976 Mar  6 07:46 ssh_config
-rw---   1 root  wheel668 Mar  6 09:33 ssh_host_dsa_key
-rw-r--r--   1 root  wheel595 Mar  6 09:33 ssh_host_dsa_key.pub
-rw---   1 root  wheel520 Mar  6 09:33 ssh_host_key
-rw-r--r--   1 root  wheel324 Mar  6 09:33 ssh_host_key.pub
-rw-r--r--   1 root  wheel   1480 Mar  6 07:46 sshd_config
dhcp-140[2] 


and the -CURRENT side:
dhcp-140[2] ls -la /etc/ssh
total 39
drwxr-xr-x   2 root  wheel512 May  9 10:18 .
drwxr-xr-x  16 root  wheel   2560 May 11 09:56 ..
-rw-r--r--   1 root  wheel  26346 Mar 27 08:01 primes
-rw-r--r--   1 root  wheel909 Mar  7 21:29 ssh_config
-rw---   1 root  wheel668 Mar  6 09:33 ssh_host_dsa_key
-rw-r--r--   1 root  wheel595 Mar  6 09:33 ssh_host_dsa_key.pub
-rw---   1 root  wheel520 Mar  6 09:33 ssh_host_key
-rw-r--r--   1 root  wheel324 Mar  6 09:33 ssh_host_key.pub
-rw---   1 root  wheel529 May  9 10:18 ssh_host_rsa_key
-rw-r--r--   1 root  wheel333 May  9 10:18 ssh_host_rsa_key.pub
-rw-r--r--   1 root  wheel   1776 May  6 09:41 sshd_config
dhcp-140[3] 

and in particular:

dhcp-140[3] sudo cmp {/S1,}/etc/ssh/ssh_host_key
Password:
dhcp-140[4] sudo cmp {/S1,}/etc/ssh/ssh_host_key.pub
dhcp-140[5] sudo cmp {/S1,}/etc/ssh/ssh_config
/S1/etc/ssh/ssh_config /etc/ssh/ssh_config differ: char 196, line 5
dhcp-140[6] sudo diff -u {/S1,}/etc/ssh/ssh_config
--- /S1/etc/ssh/ssh_config  Tue Mar  6 07:46:45 2001
+++ /etc/ssh/ssh_config Wed Mar  7 21:29:09 2001
@@ -2,7 +2,7 @@
 # defaults for users, and the values can be changed in per-user configuration
 # files or on the command line.
 #
-# $FreeBSD: src/crypto/openssh/ssh_config,v 1.6 2000/09/10 09:35:38 kris Exp $
+# $FreeBSD$
 
 # Configuration data is parsed as follows:
 #  1. command line options
dhcp-140[7] 


OK; I *think* that's a difference that ought not be relevant to the
issue I'm seeing  :-}


[Sorry if things get disjointed at this point.  My laptop re-booted; as
far as I know, I had just hit the "A" key.  The /var filesystem needed a
manual fsck, which I did, then I re-booted.  It seems to have done
Kirk's "background fsck" magic OK; I HUPped the process (which was still
hanging around on the machine where I was composing this note) and
recovered the buffer up to this parenthetical comment.  dhw]

So, I tried an experiment to illustrate the issue.  I booted -CURRENT,
and (under script) issued an "ssh -v bunrab". 

Re: modules broken at nge

[David Wolfskill]

>Date: Sat, 12 May 2001 23:24:27 -0400
>From: Vladimir Savichev <[EMAIL PROTECTED]>

>it's apparently fixed, check it in cvs-all
>May 12 Bill Paul   cvs commit: src/sys/modules/nge Makefile src/sys/dev

Yes; applying that pair of patches allows today's -CURRENT to build -- and
run: I'm running it now:

FreeBSD dhcp-140.catwhisker.org 5.0-CURRENT FreeBSD 5.0-CURRENT #62: Sat May 12 
14:01:53 PDT 2001 
[EMAIL PROTECTED]:/common/C/obj/usr/src/sys/LAPTOP_30W  i386

Cheers,
david
-- 
David H. Wolfskill  [EMAIL PROTECTED]
As a computing professional, I believe it would be unethical for me to
advise, recommend, or support the use (save possibly for personal
amusement) of any product that is or depends on any Microsoft product.

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Re: modules broken at nge

[Vladimir Savichev]

it's apparently fixed, check it in cvs-all
May 12 Bill Paul   cvs commit: src/sys/modules/nge Makefile src/sys/dev
-- Vlad


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Re: Re: -CURRENT b0rked?

[Matthew D. Fuller]

On Sat, May 12, 2001 at 10:07:20PM -0500 I heard the voice of
Ken Wills, and lo! it spake thus:
> 
> Deleting keymap.h (autogenerated, in obj/* somewhere, I forget), and restarting
> the build got me past this.

I start all my builds with an empty /usr/obj and a freshly co'd /usr/src.
Re-newfs'ing everything here and trying again, just to make doubly sure
now, but I'm pretty sure I cleaned up as always.


-- 
Matthew Fuller (MF4839) |[EMAIL PROTECTED]
Unix Systems Administrator  |[EMAIL PROTECTED]
Specializing in FreeBSD |http://www.over-yonder.net/

"The only reason I'm burning my candle at both ends, is because I
  haven't figured out how to light the middle yet"

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Re: Re: -CURRENT b0rked?

[Ken Wills]

* Matthew D. Fuller <[EMAIL PROTECTED]> [010512 19:35]:
> On Sat, May 12, 2001 at 12:21:55PM +0300 I heard the voice of
> Maxim Sobolev, and lo! it spake thus:
> > 
> > It seems that sysinstall(8) was not fully integrated into
> > buildworld - it depends on content of /usr/share/syscons/keymaps,
> > while it shouldn't.
> > 
> > I've just committed a patch that should fix this problem.
> 
> Hoo, here I come to make your life a living hell once more...
> 
> In file included from /usr/src/usr.sbin/sysinstall/keymap.c:40:
> keymap.h:2: `keymap_be_iso' undeclared here (not in a function)
> keymap.h:2: initializer element is not constant
> keymap.h:2: (near initialization for `keymapInfos[0].map')
> keymap.h:3: `keymap_br275_iso' undeclared here (not in a function)
> keymap.h:3: initializer element is not constant
> keymap.h:3: (near initialization for `keymapInfos[1].map')
> 

Deleting keymap.h (autogenerated, in obj/* somewhere, I forget), and restarting
the build got me past this.

K

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Re: Re: -CURRENT b0rked?

[Matthew D. Fuller]

On Sat, May 12, 2001 at 12:21:55PM +0300 I heard the voice of
Maxim Sobolev, and lo! it spake thus:
> 
> It seems that sysinstall(8) was not fully integrated into
> buildworld - it depends on content of /usr/share/syscons/keymaps,
> while it shouldn't.
> 
> I've just committed a patch that should fix this problem.

Hoo, here I come to make your life a living hell once more...

In file included from /usr/src/usr.sbin/sysinstall/keymap.c:40:
keymap.h:2: `keymap_be_iso' undeclared here (not in a function)
keymap.h:2: initializer element is not constant
keymap.h:2: (near initialization for `keymapInfos[0].map')
keymap.h:3: `keymap_br275_iso' undeclared here (not in a function)
keymap.h:3: initializer element is not constant
keymap.h:3: (near initialization for `keymapInfos[1].map')



-- 
Matthew Fuller (MF4839) |[EMAIL PROTECTED]
Unix Systems Administrator  |[EMAIL PROTECTED]
Specializing in FreeBSD |http://www.over-yonder.net/

"The only reason I'm burning my candle at both ends, is because I
  haven't figured out how to light the middle yet"

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

[HEADSUP] iicbus/smbus testers before major commit

[Nicolas Souchu]

Hi folks,

I finally have an update for the iicbus/smbus in -current.

See http://people.freebsd.org/~nsouch/iicbus.html - April 2001

The major improvments are:

- loadable / unloadable by means of modules
- major cleanup of bus framework
- support for the VIA 82C586 chipset
- support for AMD 760 chipset (needs testing)

By the way, I propose to remove the i386/isa/pcf.c iicbus/if_ic.c and
ppbus/lpbb.c files from the tree since I can't do non-regression tests
anymore for it. They could be maintained on a personal page instead...

Tanks for you feedbacks.

-- 
[EMAIL PROTECTED]
Alcôve - Open Source Software Engineer - http://www.alcove.com

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Jetzt gewinnen, in über 100 Gewinnspielen!

[Mail-Service]

Falls unerwünscht, bitte sofort löschen!

Gewinn24.de meldet Sie jeden Monat bei über 100 der
besten Gewinnspiele im Internet an. Sie sparen mit
Gewinn24.de eine Menge Zeit und Geld. Für maximal
2,- DM pro Monat sind Sie dabei und haben jeden Monat
Gewinnchancen auf viele tolle Preise im Gesamtwert
von mehreren Millionen DM. 

http://www.Gewinn24.de/index.php3?partner=7294

*Bei Beschwerden bitte an [EMAIL PROTECTED] *


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Re: [kris@obsecurity.org: Re: cvs commit: src/etc rc]

[Doug Barton]

Kris Kennaway wrote:
> 
> On Fri, May 11, 2001 at 12:16:18PM -0700, Kirk McKusick wrote:
> 
> > At the moment there is no provision for notifying the system
> > administrator since the output of fsck is simply being sent
> > to the `logger' program (which by default will put the messages
> > into /var/log/messages).

You can feed 'logger' the -p option with a facility.level pair that will
let syslogd decide how to handle it, although I agree that fsck should
really use syslog() instead.

> > It would be possible to add a syslog
> > (or wall) call to the fsck program itself. Another alternative
> > would be to have fsck forcibly downgrade the offending filesystem
> > to read-only mode. However, if it were say the /var filesystem,
> > the system would fall apart pretty quickly. I am open to
> > suggestions on how best to proceed.
> 
> Working under the assumption that the only time fsck is likely to fail
> in this manner is if there are FS errors which can't be resolved in
> the background, and which may result in further FS damage if left
> uncorrected, the best option seems to be to take some action which
> prevents this damage.
> 
> The best series of actions might be the following:
> 
> 1) Downgrade the FS to readonly mode.

This is reasonable, and IMO even more important for an fs like /var that
is likely to be written to early in the life of the system. 
 
> 2) syslog(LOG_EMERG, "Unrecoverable error in background check of %s,
> FS downgraded to readonly mode.  Reboot in 60 seconds to attempt to
> repair the error.  Kill PID %d now to abort.", ...)
> 
> 3) Reboot in 60 seconds

I'm not sure that always rebooting is a good idea however. This may be
more effort than it's worth, but what about a flag in fstab that indicates
something to the effect of, "This partition is essential to the system,
reboot automatically to fix it?" For instance, if my /usr/obj partition
comes up dirty, I can deal with it by hand, whereas if something important
is hosed, I'd like the system to deal with it more drastically. We could
default it to on, and let people load the foot-shooting gun themselves if
desired. 

-- 
I need someone really bad. Are you really bad?

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Re: new function for libdevstat

[Sergey A. Osokin]

On Fri, May 11, 2001 at 07:35:50PM +0200, Poul-Henning Kamp wrote:
> In message <[EMAIL PROTECTED]>, "Sergey A. Osokin" writes:
> 
> >Hello.
> >2 monthes ago I talked in -current about new features for libdevstat.
> >Here is a new function, which calculate more statistics then 
> >existing compute_stats(). (compute_stats() calculate only average
> >results, not read/write results).
> >Please see my first step. Comments are welcome.
> 
> I really don't think this is the way...
> 
> I would far rather see:
> 
>   enum DEVSTAT_METRIC {
>   DEVSTAT_BYTES,
>   DEVSTAT_BYTES_READ,
>   DEVSTAT_BYTES_WRITE,
>   ...
>   }
> 
>   int
>   devstat_compute_statistics(
>   struct devstat *current,
>   struct devstat *previous,
>   enum DEVSTAT_METRIC metric,
>   double *destination);
> 
> Since that can be extended with new metrics without changing
> the ABI...

OK. Please see attachment.
Thanks.
-- 

Rgdz,/"\ 
Sergey Osokin aka oZZ,   \ /  ASCII RIBBON CAMPAIGN
[EMAIL PROTECTED]X AGAINST HTML MAIL
http://freebsd.org.ru/~osa/  / \


enum DEVSTAT_METRIC {
DEVSTAT_TOTAL_BYTES,
DEVSTAT_TOTAL_BYTES_READ,
DEVSTAT_TOTAL_BYTES_WRITE,
DEVSTAT_TOTAL_TRANSFERS,
DEVSTAT_TOTAL_TRANSFERS_READ,
DEVSTAT_TOTAL_TRANSFERS_WRITE,
DEVSTAT_TOTAL_TRANSFERS_OTHER,
DEVSTAT_TOTAL_BLOCKS,
DEVSTAT_TOTAL_BLOCKS_READ,
DEVSTAT_TOTAL_BLOCKS_WRITE,
DEVSTAT_KB_PER_TRANSFER,
DEVSTAT_KB_PER_TRANSFER_READ,
DEVSTAT_KB_PER_TRANSFER_WRITE,
DEVSTAT_TRANSFERS_PER_SECOND,
DEVSTAT_TRANSFERS_PER_SECOND_READ,
DEVSTAT_TRANSFERS_PER_SECOND_WRITE,
DEVSTAT_TRANSFERS_PER_SECOND_OTHER,
DEVSTAT_MB_PER_SECOND,
DEVSTAT_MB_PER_SECOND_READ,
DEVSTAT_MB_PER_SECOND_WRITE,
DEVSTAT_BLOCKS_PER_SECOND,
DEVSTAT_BLOCKS_PER_SECOND_READ,
DEVSTAT_BLOCKS_PER_SECOND_WRITE,
DEVSTAT_MS_PER_TRANSACTION,
DEVSTAT_MS_PER_TRANSACTION_READ,
DEVSTAT_MS_PER_TRANSACTION_WRITE
};

int
devstat_compute_statistics(struct devstat *current, struct devstat *previous,
long double etime, enum DEVSTAT_METRIC metric,
long double *destination)
{
u_int64_t totalbytes, totalbytes_read, totalbytes_write;
u_int64_t totaltransfers, totaltransfers_read, totaltransfers_write, 
totaltransfers_other;
u_int64_t totalblocks, totalblocks_read, totalblocks_write;
char *func_name = "devstat_compute_statistics";

/*
 * current is the only mandatory field.
 */

if (current == NULL) {
sprintf(devstat_errbuf, "%s: current stats structure was NULL",
func_name);
return(-1);
}

totalbytes_read = current->bytes_read - ((previous) ? previous->bytes_read : 
0);

if (metric == DEVSTAT_TOTAL_BYTES_READ) {
*destination = totalbytes_read;
return 0;
}

totalbytes_write = current->bytes_written - ((previous) ? 
previous->bytes_written : 0);

if (metric == DEVSTAT_TOTAL_BYTES_WRITE) {
*destination = totalbytes_write;
return 0;
}

/*
totalbytes = (current->bytes_written + current->bytes_read) -
((previous) ? (previous->bytes_written +
previous->bytes_read) : 0);
*/

totalbytes = totalbytes_read + totalbytes_write;

if (metric == DEVSTAT_TOTAL_BYTES) {
*destination = totalbytes;
return 0;
}

totaltransfers_read = current->num_reads - ((previous) ? (previous->num_reads) 
: 0);

if (metric == DEVSTAT_TOTAL_TRANSFERS_READ) {
*destination = totaltransfers_read;
return 0;
}

totaltransfers_write = current->num_writes - ((previous) ? 
(previous->num_writes) : 0);

if (metric == DEVSTAT_TOTAL_TRANSFERS_WRITE) {
*destination = totaltransfers_write;
return 0;
}

totaltransfers_other = current->num_other - ((previous) ? 
(previous->num_other) : 0);

if (metric == DEVSTAT_TOTAL_TRANSFERS_OTHER) {
*destination = totaltransfers_other;
return 0;
}
/*
totaltransfers = (current->num_reads +
  current->num_writes +
  current->num_other) -
((previous) ?
 (previous->num_reads +
  previous->num_writes +
  previous->num_other) : 0);
*/

totaltransfers = totaltransfers_read + totaltransfers_write + 
totaltransfers_other;

if (metric == DEVSTAT_TOTAL_TRANSFERS) {
*destination = 

-current broken at /usr/src/usr.sbin/sysinstall/keymap.c

[Radoslav Vasilev]

This is supposed to be a reply to Mathew D. Fuller
Yeah, I've the same problem with building the -current, so you aren't
alone.Unfortunelly, I haven't managed to sort it out yes. I just wonder
what's your start point, because I'm trying to update an 4.3STABLE
machine, what about yours?


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

OT: Was Re: make installworld runs out of space on / ...

[Terry Lambert]

> A Microsoft Certified Systems Engineer is to computing what
> a McDonalds Certified Food Specialist is to fine cuisine.

An engineer without a Microsoft certification is like a
statue without pigeons...


-- Terry

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Re: Re: -CURRENT b0rked?

[Maxim Sobolev]

On Sat, 12 May 2001 08:48:24 +0300 (EEST), Maxim Sobolev wrote:
> On Fri, 11 May 2001 23:44:17 -0500, Matthew D. Fuller wrote:
> > On several attempts to build world, I'm getting ths same error:
> > 
> > In file included from /usr/src/usr.sbin/sysinstall/keymap.c:40:
> > keymap.h:3606: `keymap_ua_koi8_u_shift_alt' undeclared here (not in a
> > function)
> > keymap.h:3606: initializer element is not constant
> > keymap.h:3606: (near initialization for `keymapInfos[21].map')
> > 
> > at which point the build bombs out.  This is with completely clean src/
> > and obj/ each time, and I haven't seen any commits to the file in the
> > last 24+ hours.  OTOH, I haven't seen a peep about this from anybody
> > else, so am I just hitting some sort of really weird condition that
> > nobody else has ever heard of here, or is nobody else building -CURRENT
> > right now?
> 
> It is unlikely that nobody else is doing buildworld. Please
> try to do the following and restart buildworld:
> # cd /usr/src/share/syscons/keymaps && make all install cleandir

It seems that sysinstall(8) was not fully integrated into
buildworld - it depends on content of /usr/share/syscons/keymaps,
while it shouldn't.

I've just committed a patch that should fix this problem.

-Maxim

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message