Hi all, I've got another edition of the OpenSSH testing images for interested parties, with fixes for issues brought up so far:
https://us-east.manta.joyent.com/arekinath/public/platform-20150828T172856Z.tgz https://us-east.manta.joyent.com/arekinath/public/platform-20150828T172856Z.iso https://us-east.manta.joyent.com/arekinath/public/platform-20150828T172856Z.usb.bz2 Issues addressed since the last image: * Upgraded to OpenSSH 7.1p1 (fixing a key bug in the handling of without-password for root auth) * Re-enable DSA keys for authentication by default * ssh-agent now drops privileges properly during operation * krb5/gssapi fixes * Support for defaulting config options based on /etc/default/login I also have a list of current differences to SunSSH. I would sincerely appreciate assistance in filling out this list, so that it's as complete as possible. * Key fingerprint format has changed (eg in ssh-keygen) - To get old behaviour, use -E md5 and strip the leading MD5: * SunSSH used to support keys stored in RFC4716 and PKCS8 format -- this is no longer available * PreUserauthHook is no longer supported (it was never documented anyway) * ssh -X now behaves as it does elsewhere, rather than essentially acting as -Y does * i18n/gettext will no longer affect ssh text output * Locale negotiation will now work the same way it does in stock OpenSSH * Some deprecated options: - LookupClientHostnames => UseDNS (default no) - VerifyReverseMapping => UseDNS - MaxAuthTriesLog => MaxAuthTries (default 6) - RhostsAuthentication => HostbasedAuthentication (don't use this) * Some long-deprecated aliases of options are gone and will be considered invalid: - GSSKeyEx - GSSAuthentication - GSSDelegateCreds * SSH daemon will mkdir /var/empty if it doesn't exist, for privsep chroot. Deleting it is a bad idea. * Configurations which rely on pubkey auth not being sufficient (ie, that require both a pubkey AND interactive PAM to succeed) will no longer work. * Some workarounds for S10-era SunSSH builds will no longer be available. if you're trying to use clients or daemons from this era, you're probably already on your own. If you notice other non-trivial differences in behaviour that are not on this list, please let me (or the list) know! Thanks ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
