ssh public key auth. incompatible between 2.3.0 vs. 2.9?
OK; there's something about the (relatively) new ssh (2.9) in -CURRENT I'm not understanding. I have hunted around for some clues (via man pages & the like), but it could well be that I'm still failing to notice something -- quite possibly something that should be obvious to even me -- and I welcome a clue. Basically, the setup I use in -STABLE, where I'm able to use my public/private key pair for authentication, is not working in -CURRENT. (ssh in -CURRENT is reverting to password authentication.) On the machine (my laptop, where I have been tracking both -STABLE and -CURRENT daily for the past 1.5 months or so, and each environment has its own / and /usr, but /usr/local, /var, and my home directory are common -- as is the local CVS respository), I have it set up to start X (4.0.3) via xdm. Thus, my ~/.xsession script is run when I login. The first part of that script reads: #! /bin/csh if { test -x `which ssh-askpass` } then eval `ssh-agent` ssh-add set ssh_test = `ssh-add -l` || exit 1 echo "$ssh_test" | grep '@' >/dev/null if ( $? ) then echo "What part of 'Need passphrase' don't you understand?" exit 2 endif endif set in_xdm = "1" source ~/.cshrc (I do *not* normally use csh for script-writing. However, since I use it (well, tcsh) as my normal shell, there are some advantages to having the ssh-agent stuff use csh semantics. And it allows a bit more consistency forfiguring out things like my customized execution path. And prior to ssh .29 in -CURRENT, this was also working in -CURRENT... but it took a couple of days for things to get to a reasonably steady state or ssh 2.9 in -CURRENT, which is why I didn't write about this earlier: I figured it's sufficiently messy that it was a little premature to do that just yet. But I certainly want folks to be aware of what is going on, now that I've started seeing requested to MFC ssh 2.9.) Now, as noted, my home directory is common between the 2 environments, so I have a high degree of confidence that the files look the same from either environment. And I built the first -CURRENT environment from FreeBSD 4.3-STABLE near the 2nd week of March; that part's been tracking -CURRENT since... and this was after /etc/ssh had been populated originally, so the host keys are the same. Here's /etc/ssh on the -STABLE side: dhcp-140[1] ls -la /S1/etc/ssh total 37 drwxr-xr-x 2 root wheel512 May 3 06:57 . drwxr-xr-x 17 root wheel 2560 May 12 07:07 .. -rw-r--r-- 1 root wheel 26346 May 3 06:57 primes -rw-r--r-- 1 root wheel976 Mar 6 07:46 ssh_config -rw--- 1 root wheel668 Mar 6 09:33 ssh_host_dsa_key -rw-r--r-- 1 root wheel595 Mar 6 09:33 ssh_host_dsa_key.pub -rw--- 1 root wheel520 Mar 6 09:33 ssh_host_key -rw-r--r-- 1 root wheel324 Mar 6 09:33 ssh_host_key.pub -rw-r--r-- 1 root wheel 1480 Mar 6 07:46 sshd_config dhcp-140[2] and the -CURRENT side: dhcp-140[2] ls -la /etc/ssh total 39 drwxr-xr-x 2 root wheel512 May 9 10:18 . drwxr-xr-x 16 root wheel 2560 May 11 09:56 .. -rw-r--r-- 1 root wheel 26346 Mar 27 08:01 primes -rw-r--r-- 1 root wheel909 Mar 7 21:29 ssh_config -rw--- 1 root wheel668 Mar 6 09:33 ssh_host_dsa_key -rw-r--r-- 1 root wheel595 Mar 6 09:33 ssh_host_dsa_key.pub -rw--- 1 root wheel520 Mar 6 09:33 ssh_host_key -rw-r--r-- 1 root wheel324 Mar 6 09:33 ssh_host_key.pub -rw--- 1 root wheel529 May 9 10:18 ssh_host_rsa_key -rw-r--r-- 1 root wheel333 May 9 10:18 ssh_host_rsa_key.pub -rw-r--r-- 1 root wheel 1776 May 6 09:41 sshd_config dhcp-140[3] and in particular: dhcp-140[3] sudo cmp {/S1,}/etc/ssh/ssh_host_key Password: dhcp-140[4] sudo cmp {/S1,}/etc/ssh/ssh_host_key.pub dhcp-140[5] sudo cmp {/S1,}/etc/ssh/ssh_config /S1/etc/ssh/ssh_config /etc/ssh/ssh_config differ: char 196, line 5 dhcp-140[6] sudo diff -u {/S1,}/etc/ssh/ssh_config --- /S1/etc/ssh/ssh_config Tue Mar 6 07:46:45 2001 +++ /etc/ssh/ssh_config Wed Mar 7 21:29:09 2001 @@ -2,7 +2,7 @@ # defaults for users, and the values can be changed in per-user configuration # files or on the command line. # -# $FreeBSD: src/crypto/openssh/ssh_config,v 1.6 2000/09/10 09:35:38 kris Exp $ +# $FreeBSD$ # Configuration data is parsed as follows: # 1. command line options dhcp-140[7] OK; I *think* that's a difference that ought not be relevant to the issue I'm seeing :-} [Sorry if things get disjointed at this point. My laptop re-booted; as far as I know, I had just hit the "A" key. The /var filesystem needed a manual fsck, which I did, then I re-booted. It seems to have done Kirk's "background fsck" magic OK; I HUPped the process (which was still hanging around on the machine where I was composing this note) and recovered the buffer up to this parenthetical comment. dhw] So, I tried an experiment to illustrate the issue. I booted -CURRENT, and (under script) issued an "ssh -v bunrab".
Re: modules broken at nge
>Date: Sat, 12 May 2001 23:24:27 -0400 >From: Vladimir Savichev <[EMAIL PROTECTED]> >it's apparently fixed, check it in cvs-all >May 12 Bill Paul cvs commit: src/sys/modules/nge Makefile src/sys/dev Yes; applying that pair of patches allows today's -CURRENT to build -- and run: I'm running it now: FreeBSD dhcp-140.catwhisker.org 5.0-CURRENT FreeBSD 5.0-CURRENT #62: Sat May 12 14:01:53 PDT 2001 [EMAIL PROTECTED]:/common/C/obj/usr/src/sys/LAPTOP_30W i386 Cheers, david -- David H. Wolfskill [EMAIL PROTECTED] As a computing professional, I believe it would be unethical for me to advise, recommend, or support the use (save possibly for personal amusement) of any product that is or depends on any Microsoft product. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: modules broken at nge
it's apparently fixed, check it in cvs-all May 12 Bill Paul cvs commit: src/sys/modules/nge Makefile src/sys/dev -- Vlad To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Re: -CURRENT b0rked?
On Sat, May 12, 2001 at 10:07:20PM -0500 I heard the voice of Ken Wills, and lo! it spake thus: > > Deleting keymap.h (autogenerated, in obj/* somewhere, I forget), and restarting > the build got me past this. I start all my builds with an empty /usr/obj and a freshly co'd /usr/src. Re-newfs'ing everything here and trying again, just to make doubly sure now, but I'm pretty sure I cleaned up as always. -- Matthew Fuller (MF4839) |[EMAIL PROTECTED] Unix Systems Administrator |[EMAIL PROTECTED] Specializing in FreeBSD |http://www.over-yonder.net/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Re: -CURRENT b0rked?
* Matthew D. Fuller <[EMAIL PROTECTED]> [010512 19:35]: > On Sat, May 12, 2001 at 12:21:55PM +0300 I heard the voice of > Maxim Sobolev, and lo! it spake thus: > > > > It seems that sysinstall(8) was not fully integrated into > > buildworld - it depends on content of /usr/share/syscons/keymaps, > > while it shouldn't. > > > > I've just committed a patch that should fix this problem. > > Hoo, here I come to make your life a living hell once more... > > In file included from /usr/src/usr.sbin/sysinstall/keymap.c:40: > keymap.h:2: `keymap_be_iso' undeclared here (not in a function) > keymap.h:2: initializer element is not constant > keymap.h:2: (near initialization for `keymapInfos[0].map') > keymap.h:3: `keymap_br275_iso' undeclared here (not in a function) > keymap.h:3: initializer element is not constant > keymap.h:3: (near initialization for `keymapInfos[1].map') > Deleting keymap.h (autogenerated, in obj/* somewhere, I forget), and restarting the build got me past this. K To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Re: -CURRENT b0rked?
On Sat, May 12, 2001 at 12:21:55PM +0300 I heard the voice of Maxim Sobolev, and lo! it spake thus: > > It seems that sysinstall(8) was not fully integrated into > buildworld - it depends on content of /usr/share/syscons/keymaps, > while it shouldn't. > > I've just committed a patch that should fix this problem. Hoo, here I come to make your life a living hell once more... In file included from /usr/src/usr.sbin/sysinstall/keymap.c:40: keymap.h:2: `keymap_be_iso' undeclared here (not in a function) keymap.h:2: initializer element is not constant keymap.h:2: (near initialization for `keymapInfos[0].map') keymap.h:3: `keymap_br275_iso' undeclared here (not in a function) keymap.h:3: initializer element is not constant keymap.h:3: (near initialization for `keymapInfos[1].map') -- Matthew Fuller (MF4839) |[EMAIL PROTECTED] Unix Systems Administrator |[EMAIL PROTECTED] Specializing in FreeBSD |http://www.over-yonder.net/ "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
[HEADSUP] iicbus/smbus testers before major commit
Hi folks, I finally have an update for the iicbus/smbus in -current. See http://people.freebsd.org/~nsouch/iicbus.html - April 2001 The major improvments are: - loadable / unloadable by means of modules - major cleanup of bus framework - support for the VIA 82C586 chipset - support for AMD 760 chipset (needs testing) By the way, I propose to remove the i386/isa/pcf.c iicbus/if_ic.c and ppbus/lpbb.c files from the tree since I can't do non-regression tests anymore for it. They could be maintained on a personal page instead... Tanks for you feedbacks. -- [EMAIL PROTECTED] Alcôve - Open Source Software Engineer - http://www.alcove.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Jetzt gewinnen, in über 100 Gewinnspielen!
Falls unerwünscht, bitte sofort löschen! Gewinn24.de meldet Sie jeden Monat bei über 100 der besten Gewinnspiele im Internet an. Sie sparen mit Gewinn24.de eine Menge Zeit und Geld. Für maximal 2,- DM pro Monat sind Sie dabei und haben jeden Monat Gewinnchancen auf viele tolle Preise im Gesamtwert von mehreren Millionen DM. http://www.Gewinn24.de/index.php3?partner=7294 *Bei Beschwerden bitte an [EMAIL PROTECTED] * To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: [kris@obsecurity.org: Re: cvs commit: src/etc rc]
Kris Kennaway wrote: > > On Fri, May 11, 2001 at 12:16:18PM -0700, Kirk McKusick wrote: > > > At the moment there is no provision for notifying the system > > administrator since the output of fsck is simply being sent > > to the `logger' program (which by default will put the messages > > into /var/log/messages). You can feed 'logger' the -p option with a facility.level pair that will let syslogd decide how to handle it, although I agree that fsck should really use syslog() instead. > > It would be possible to add a syslog > > (or wall) call to the fsck program itself. Another alternative > > would be to have fsck forcibly downgrade the offending filesystem > > to read-only mode. However, if it were say the /var filesystem, > > the system would fall apart pretty quickly. I am open to > > suggestions on how best to proceed. > > Working under the assumption that the only time fsck is likely to fail > in this manner is if there are FS errors which can't be resolved in > the background, and which may result in further FS damage if left > uncorrected, the best option seems to be to take some action which > prevents this damage. > > The best series of actions might be the following: > > 1) Downgrade the FS to readonly mode. This is reasonable, and IMO even more important for an fs like /var that is likely to be written to early in the life of the system. > 2) syslog(LOG_EMERG, "Unrecoverable error in background check of %s, > FS downgraded to readonly mode. Reboot in 60 seconds to attempt to > repair the error. Kill PID %d now to abort.", ...) > > 3) Reboot in 60 seconds I'm not sure that always rebooting is a good idea however. This may be more effort than it's worth, but what about a flag in fstab that indicates something to the effect of, "This partition is essential to the system, reboot automatically to fix it?" For instance, if my /usr/obj partition comes up dirty, I can deal with it by hand, whereas if something important is hosed, I'd like the system to deal with it more drastically. We could default it to on, and let people load the foot-shooting gun themselves if desired. -- I need someone really bad. Are you really bad? To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: new function for libdevstat
On Fri, May 11, 2001 at 07:35:50PM +0200, Poul-Henning Kamp wrote: > In message <[EMAIL PROTECTED]>, "Sergey A. Osokin" writes: > > >Hello. > >2 monthes ago I talked in -current about new features for libdevstat. > >Here is a new function, which calculate more statistics then > >existing compute_stats(). (compute_stats() calculate only average > >results, not read/write results). > >Please see my first step. Comments are welcome. > > I really don't think this is the way... > > I would far rather see: > > enum DEVSTAT_METRIC { > DEVSTAT_BYTES, > DEVSTAT_BYTES_READ, > DEVSTAT_BYTES_WRITE, > ... > } > > int > devstat_compute_statistics( > struct devstat *current, > struct devstat *previous, > enum DEVSTAT_METRIC metric, > double *destination); > > Since that can be extended with new metrics without changing > the ABI... OK. Please see attachment. Thanks. -- Rgdz,/"\ Sergey Osokin aka oZZ, \ / ASCII RIBBON CAMPAIGN [EMAIL PROTECTED]X AGAINST HTML MAIL http://freebsd.org.ru/~osa/ / \ enum DEVSTAT_METRIC { DEVSTAT_TOTAL_BYTES, DEVSTAT_TOTAL_BYTES_READ, DEVSTAT_TOTAL_BYTES_WRITE, DEVSTAT_TOTAL_TRANSFERS, DEVSTAT_TOTAL_TRANSFERS_READ, DEVSTAT_TOTAL_TRANSFERS_WRITE, DEVSTAT_TOTAL_TRANSFERS_OTHER, DEVSTAT_TOTAL_BLOCKS, DEVSTAT_TOTAL_BLOCKS_READ, DEVSTAT_TOTAL_BLOCKS_WRITE, DEVSTAT_KB_PER_TRANSFER, DEVSTAT_KB_PER_TRANSFER_READ, DEVSTAT_KB_PER_TRANSFER_WRITE, DEVSTAT_TRANSFERS_PER_SECOND, DEVSTAT_TRANSFERS_PER_SECOND_READ, DEVSTAT_TRANSFERS_PER_SECOND_WRITE, DEVSTAT_TRANSFERS_PER_SECOND_OTHER, DEVSTAT_MB_PER_SECOND, DEVSTAT_MB_PER_SECOND_READ, DEVSTAT_MB_PER_SECOND_WRITE, DEVSTAT_BLOCKS_PER_SECOND, DEVSTAT_BLOCKS_PER_SECOND_READ, DEVSTAT_BLOCKS_PER_SECOND_WRITE, DEVSTAT_MS_PER_TRANSACTION, DEVSTAT_MS_PER_TRANSACTION_READ, DEVSTAT_MS_PER_TRANSACTION_WRITE }; int devstat_compute_statistics(struct devstat *current, struct devstat *previous, long double etime, enum DEVSTAT_METRIC metric, long double *destination) { u_int64_t totalbytes, totalbytes_read, totalbytes_write; u_int64_t totaltransfers, totaltransfers_read, totaltransfers_write, totaltransfers_other; u_int64_t totalblocks, totalblocks_read, totalblocks_write; char *func_name = "devstat_compute_statistics"; /* * current is the only mandatory field. */ if (current == NULL) { sprintf(devstat_errbuf, "%s: current stats structure was NULL", func_name); return(-1); } totalbytes_read = current->bytes_read - ((previous) ? previous->bytes_read : 0); if (metric == DEVSTAT_TOTAL_BYTES_READ) { *destination = totalbytes_read; return 0; } totalbytes_write = current->bytes_written - ((previous) ? previous->bytes_written : 0); if (metric == DEVSTAT_TOTAL_BYTES_WRITE) { *destination = totalbytes_write; return 0; } /* totalbytes = (current->bytes_written + current->bytes_read) - ((previous) ? (previous->bytes_written + previous->bytes_read) : 0); */ totalbytes = totalbytes_read + totalbytes_write; if (metric == DEVSTAT_TOTAL_BYTES) { *destination = totalbytes; return 0; } totaltransfers_read = current->num_reads - ((previous) ? (previous->num_reads) : 0); if (metric == DEVSTAT_TOTAL_TRANSFERS_READ) { *destination = totaltransfers_read; return 0; } totaltransfers_write = current->num_writes - ((previous) ? (previous->num_writes) : 0); if (metric == DEVSTAT_TOTAL_TRANSFERS_WRITE) { *destination = totaltransfers_write; return 0; } totaltransfers_other = current->num_other - ((previous) ? (previous->num_other) : 0); if (metric == DEVSTAT_TOTAL_TRANSFERS_OTHER) { *destination = totaltransfers_other; return 0; } /* totaltransfers = (current->num_reads + current->num_writes + current->num_other) - ((previous) ? (previous->num_reads + previous->num_writes + previous->num_other) : 0); */ totaltransfers = totaltransfers_read + totaltransfers_write + totaltransfers_other; if (metric == DEVSTAT_TOTAL_TRANSFERS) { *destination =
-current broken at /usr/src/usr.sbin/sysinstall/keymap.c
This is supposed to be a reply to Mathew D. Fuller Yeah, I've the same problem with building the -current, so you aren't alone.Unfortunelly, I haven't managed to sort it out yes. I just wonder what's your start point, because I'm trying to update an 4.3STABLE machine, what about yours? To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
OT: Was Re: make installworld runs out of space on / ...
> A Microsoft Certified Systems Engineer is to computing what > a McDonalds Certified Food Specialist is to fine cuisine. An engineer without a Microsoft certification is like a statue without pigeons... -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
Re: Re: -CURRENT b0rked?
On Sat, 12 May 2001 08:48:24 +0300 (EEST), Maxim Sobolev wrote: > On Fri, 11 May 2001 23:44:17 -0500, Matthew D. Fuller wrote: > > On several attempts to build world, I'm getting ths same error: > > > > In file included from /usr/src/usr.sbin/sysinstall/keymap.c:40: > > keymap.h:3606: `keymap_ua_koi8_u_shift_alt' undeclared here (not in a > > function) > > keymap.h:3606: initializer element is not constant > > keymap.h:3606: (near initialization for `keymapInfos[21].map') > > > > at which point the build bombs out. This is with completely clean src/ > > and obj/ each time, and I haven't seen any commits to the file in the > > last 24+ hours. OTOH, I haven't seen a peep about this from anybody > > else, so am I just hitting some sort of really weird condition that > > nobody else has ever heard of here, or is nobody else building -CURRENT > > right now? > > It is unlikely that nobody else is doing buildworld. Please > try to do the following and restart buildworld: > # cd /usr/src/share/syscons/keymaps && make all install cleandir It seems that sysinstall(8) was not fully integrated into buildworld - it depends on content of /usr/share/syscons/keymaps, while it shouldn't. I've just committed a patch that should fix this problem. -Maxim To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message