From owner-freebsd-stable@FreeBSD.ORG Wed Jun 19 23:29:33 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 49DC216A for ; Wed, 19 Jun 2013 23:29:33 +0000 (UTC) (envelope-from 000.fbsd@quip.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) by mx1.freebsd.org (Postfix) with ESMTP id 0A5061711 for ; Wed, 19 Jun 2013 23:29:32 +0000 (UTC) Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 55A242842F; Thu, 20 Jun 2013 01:29:31 +0200 (CEST) Received: from [192.168.1.2] (ip-89-177-49-222.net.upcbroadband.cz [89.177.49.222]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id EAB172842B; Thu, 20 Jun 2013 01:29:29 +0200 (CEST) Message-ID: <51C23ED9.7070107@quip.cz> Date: Thu, 20 Jun 2013 01:29:29 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9.1.19) Gecko/20110420 Lightning/1.0b1 SeaMonkey/2.0.14 MIME-Version: 1.0 To: Kimmo Paasiala Subject: Re: sshd didn't run after upgrade to FreeBSD 8.4 References: <51C22E11.3020008@quip.cz> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-stable Stable X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Jun 2013 23:29:33 -0000 Kimmo Paasiala wrote: > On Thu, Jun 20, 2013 at 1:17 AM, Miroslav Lachman<000.fbsd@quip.cz> wrote: >> The version of sshd in FreeBSD 8.4 is not backward compatible with older >> version from 8.3. >> >> OpenSSH_5.4p1 (on FreeBSD 8.3) >> OpenSSH_6.1p1 (on FreeBSD 8.4) >> >> # sshd -t >> /etc/ssh/sshd_config line 19: Missing argument. >> >> On line 19, there is: >> VersionAddendum >> >> It was OK in older versions. It will remove any default text appended to SSH >> protocol banner (for example 'FreeBSD-20120901'). >> >> On FreeBSD 8.4, there must be some string (any single character) >> >> I was really badly surprised that the machine was re-booted without ssh >> access! >> >> I think this change is worth to mention in Release Notes >> >> Miroslav Lachman > > How did you update to 8.4? This sounds more like messing up the > mergemaster(8)/freebsd-update merge procedure than a real problem with > the config file. > > This is the source configuration file straight from SVN releng/8.4 > branch and as you can see the VersionAddendum on line 115 is commented > out there: > > http://svnweb.freebsd.org/base/releng/8.4/crypto/openssh/sshd_config?view=markup It was upgraded by freebsd-update. It was intentionally left here as it was valid configuration for many years. That's why I think it should be mentioned in the Release Notes, that it is no longer valid configuration (empty VersionAddendum). The fact, that it is no longer in default sshd_config file doesn't mean it can't be used at all. It is still valid in the form which was in old default config: "VersionAddendum FreeBSD-20100308", but is no longer valid if empty. That's the point. (and empty VersionAddendum was widely used, it is not my invention) Miroslav Lachman