From owner-freebsd-hackers Tue May 15 1:31:42 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from smtp10.atl.mindspring.net (smtp10.atl.mindspring.net [207.69.200.246]) by hub.freebsd.org (Postfix) with ESMTP id 86A6D37B423 for ; Tue, 15 May 2001 01:31:38 -0700 (PDT) (envelope-from tlambert2@mindspring.com) Received: from mindspring.com (pool0356.cvx21-bradley.dialup.earthlink.net [209.179.193.101]) by smtp10.atl.mindspring.net (8.9.3/8.8.5) with ESMTP id EAA22510; Tue, 15 May 2001 04:31:18 -0400 (EDT) Message-ID: <3B00E96A.FB4F6828@mindspring.com> Date: Tue, 15 May 2001 01:31:38 -0700 From: Terry Lambert Reply-To: tlambert2@mindspring.com X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Mike Silbersack Cc: Peter Wemm , Erik Trulsson , hackers@FreeBSD.ORG Subject: Re: SSH Must Die References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Mike Silbersack wrote: > On Sun, 13 May 2001, Peter Wemm wrote: > > Mike Silbersack wrote: > > > 1. Is ssh working yet? > > > > Yes, it is working perfectly. The only problem is that it now works > > slightly differently to what people have expected. ie: it treats > > sshv1 rsa keys as totally seperate to sshv2 rsa keys. > > Let me rephrase: > > 1. Terry, is ssh working for you yet? The /etc/pam.conf additions have fixed some of the systems, but not all of them. The difference between the systems that work with the changes, and the onces which do not, is the precise upgrade process. The systems that work were booted from the CDROM, and upgraded via the sysinstall upgrade process. The systems which do not work were booted from the hard disk, and upgraded via the sysinstall upgrade process, using a copy of the sysinstall from one of the successfully upgraded systems (i.e. they were _not_ booted from CDROM, since the machines in question are rack-mounts without CDROMs in them). On the failing systems, I get: ---------- root% sshd error: ConnectionsPerPeriod has been deprecated! no RSA support in libssl and libcrypto. See ssl(8) Disabling protocol version 1 error: Could not load DSA host key: /etc/ssh/ssh_host_dsa_key Disabling protocol version 2 sshd: no hostkeys available -- exiting. sshd: no hostkeys available -- exiting. ---------- Ignore the lack of host keys: the key generation program has the same complaint about libssl and libcrypto. Running "nm" on the libraries in question shows RSA code is present. It would be nice if it would tell me how it is going about arriving at its erroneous conclusion. I have verified that all libraries in question on the working and non-working systems are, in fact, identical to each other. So are the ssh, sshd, and key generation tool. The earlier suggestion that I delete libcrypto.so.1 did not bear any fruit, either. Neither does replacing everything sshd and ssh is linked shared against, as well as the binaries themselves. There is just something strange about how SSH works, in combination with a boot vs. local run of the upgrade process. 8-(. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message