From owner-freebsd-stable@freebsd.org Mon Oct 17 01:01:54 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 17785C12168 for ; Mon, 17 Oct 2016 01:01:54 +0000 (UTC) (envelope-from david@catwhisker.org) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id F3E1B1A5F for ; Mon, 17 Oct 2016 01:01:53 +0000 (UTC) (envelope-from david@catwhisker.org) Received: by mailman.ysv.freebsd.org (Postfix) id F031AC12166; Mon, 17 Oct 2016 01:01:53 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EFD8DC12164 for ; Mon, 17 Oct 2016 01:01:53 +0000 (UTC) (envelope-from david@catwhisker.org) Received: from albert.catwhisker.org (mx.catwhisker.org [198.144.209.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C30A71A5D for ; Mon, 17 Oct 2016 01:01:52 +0000 (UTC) (envelope-from david@catwhisker.org) Received: from albert.catwhisker.org (localhost [127.0.0.1]) by albert.catwhisker.org (8.15.2/8.15.2) with ESMTP id u9H11pEP003861; Mon, 17 Oct 2016 01:01:51 GMT (envelope-from david@albert.catwhisker.org) Received: (from david@localhost) by albert.catwhisker.org (8.15.2/8.15.2/Submit) id u9H11pRu003860; Sun, 16 Oct 2016 18:01:51 -0700 (PDT) (envelope-from david) Date: Sun, 16 Oct 2016 18:01:51 -0700 From: David Wolfskill To: Kevin Oberman Cc: stable@freebsd.org Subject: Re: sshd whines & dies after releng/10 "freebsd-update" run Message-ID: <20161017010151.GB2480@albert.catwhisker.org> Mail-Followup-To: David Wolfskill , Kevin Oberman , stable@freebsd.org References: <20161016162605.GG1069@albert.catwhisker.org> <20161016174540.GI1069@albert.catwhisker.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="l76fUT7nc3MelDdI" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.7.0 (2016-08-17) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Oct 2016 01:01:54 -0000 --l76fUT7nc3MelDdI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Oct 16, 2016 at 05:32:57PM -0700, Kevin Oberman wrote: > ... > I believe sshd no longer supports ssh1 compatibility and it looks like you > might still have an entry in /etc/sshd/sshd.config trying to touch v1. > Check the file for any non-default entries. Compare your sshd_config with > the default version in /usr/src/crypto/openssh. > .... I used to explicitly disable v1 compatibility..... The machine that's a target of the "freebsd-update" attention has no sources, so I copied sshd_config from it to /tmp on my laptop (which does): g1-252(11.0-S)[4] diff -u /S2/usr/src/crypto/openssh/sshd_config /tmp/sshd_= config --- /S2/usr/src/crypto/openssh/sshd_config 2016-03-13 04:13:31.3236900= 00 -0700 +++ /tmp/sshd_config 2016-06-05 06:37:55.000000000 -0700 @@ -1,5 +1,5 @@ -# $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $ -# $FreeBSD: stable/10/crypto/openssh/sshd_config 296781 2016-03-12 23= :53:20Z des $ +# $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $ +# $FreeBSD: stable/10/crypto/openssh/sshd_config 264692 2014-04-20 12= :46:18Z des $ =20 # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -120,7 +120,7 @@ #MaxStartups 10:30:100 #PermitTunnel no #ChrootDirectory none -#VersionAddendum FreeBSD-20160310 +#VersionAddendum FreeBSD-20140420 =20 # no default banner path #Banner none @@ -128,6 +128,18 @@ # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server =20 +# Disable HPN tuning improvements. +#HPNDisabled no + +# Buffer size for HPN to non-HPN connections. +#HPNBufferSize 2048 + +# TCP receive socket buffer polling for HPN. Disable on non autotuning ke= rnels. +#TcpRcvBufPoll yes + +# Allow the use of the NONE cipher. +#NoneEnabled no + # Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no g1-252(11.0-S)[5]=20 On the off-chance that the VersionAddendum might be confusing at least one of us, I copied the stable/11 version of the file to the appropiate place on the freebsd-update target machine, then rebooted. Still no joy: other things work, but not ssh. Thanks for the suggestion. I'm a bit... perplexed. [The machine in question would be the last machine I have still running FreeBSD-10 -- I've migrated each of the others to stable/11.] Peace, david --=20 David H. Wolfskill david@catwhisker.org Those who would murder in the name of God or prophet are blasphemous coward= s. See http://www.catwhisker.org/~david/publickey.gpg for my public key. --l76fUT7nc3MelDdI Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQF8BAEBCgBmBQJYBCL/XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRDQ0I3Q0VGOTE3QTgwMUY0MzA2NEQ3N0Ix NTM5Q0M0MEEwNDlFRTE3AAoJEBU5zECgSe4XMegH+wZaaeXpH8JF/Z/l2P22igfG 9N9VE047qoHPoa16y0hQ7nN8+6sUeVBOm4Kl8F9pdrs5PKdfhbwh4YvmoPnyFc82 ed9pNyCP4jIcXz8SEmO1WGG342UDLk1YZ7rTMlyZrzLIqvsjVXMLpukOlvsQMBR7 Pwv5QUpEtKiiDYpQavVRDWzdqpZhv1Nnj4v/6HM64MvZKl14Q+ZLpVDj+D1jdWMp Ffg1EJAFSa2w7KDw4TRafV/4D6BjvOi34ULbYK3yvXeTjR+Lorw6/oDEXEh6huqP bL2E9itKRdZxsecfwb02ibmnLVnVsu/ZlRWp3vaywlMMBjVUiH5YvAflxlcgbmQ= =gZD4 -----END PGP SIGNATURE----- --l76fUT7nc3MelDdI--