Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 18 Jan 2017 11:38:32 +0000
From:      bugzilla-noreply@freebsd.org
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   [Bug 216226] security/openssh-portable no longer providing HPN or none
Message-ID:  <bug-216226-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D216226

            Bug ID: 216226
           Summary: security/openssh-portable no longer providing HPN or
                    none
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: bdrewery@FreeBSD.org
          Reporter: dewayne@heuristicsystems.com.au
          Assignee: bdrewery@FreeBSD.org
             Flags: maintainer-feedback?(bdrewery@FreeBSD.org)

I appreciate that there has some discussion in the mailing list regarding t=
he
HPN and none (cipher) options.  However I just upgraded from 7.3.p1_1,1 to
OpenSSH_7.4p1, LibreSSL 2.4.4 on=20
11.0-STABLE FreeBSD 11.0-STABLE #0 r311660M: Sun Jan  8 21:30:51 AEDT 2017 =
and
upon restarting sshd received these little surprises:

/usr/local/etc/ssh/sshd_config: line 11: Bad configuration option: HPNDisab=
led
/usr/local/etc/ssh/sshd_config: line 12: Bad configuration option:
HPNBufferSize
/usr/local/etc/ssh/sshd_config: line 13: Bad configuration option: NoneEnab=
led
/usr/local/etc/ssh/sshd_config line 14: Bad SSH2 cipher spec
'aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-cbc,aes192-cbc=
,aes128-cbc,none'.

Unfortunately this did catch me out, as there were no remarks in the svn lo=
gs
nor UPDATING that would've alerted me to this change.  There is no harm don=
e as
internet facing systems don't use these options, but it might be worth draw=
ing
to the attention of others that might be adversely surprised/impacted .

I provide this in case its relevant:
make -C /usr/ports/security/openssh-portable  showconfig | grep =3Don
     BSM=3Don: OpenBSM Auditing
     HPN=3Don: HPN-SSH patch
     LIBEDIT=3Don: Command line editing via libedit
     NONECIPHER=3Don: NONE Cipher support

Kind regards.

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-216226-13>