Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 9 Jul 2002 18:44:03 -0700 (PDT)
From:      "Andrew P. Lentvorski" <bsder@mail.allcaps.org>
To:        Doug Barton <DougB@FreeBSD.org>
Cc:        Helge Oldach <helge.oldach@atosorigin.com>, Jay Sachs <jay@eziba.com>, <stanb@awod.com>, <freebsd-stable@FreeBSD.org>, <des@FreeBSD.org>
Subject:   Re: ssh to remote machines problem after cvsup
Message-ID:  <20020709173249.M68847-100000@mail.allcaps.org>
In-Reply-To: <20020709134511.I24728-100000@zoot.corp.yahoo.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 9 Jul 2002, Doug Barton wrote:

> I am totally disinterested in what happens to the very small percentage of
> our users who follow -stable and RELENG_4 religiously. I'm very interested
> in what will happen when 4.6.1 is released, and throngs of people upgrade
> to it thinking it will "fix" their ssh problems, when in reality it's
> creating a whole bunch of new ones.

There are actually 2 *separate* problems here.  One concerns 4.6.1 and the
other concerns stuff after that..

If, as you appear to be suggesting, this change has been propagated to
4.6.1, I would agree with you that it should be backed out.  I apologize
if I missed that reference in earlier emails.  However, that issue should
probably be taken up with release engineering, not stable.

I certainly do *not* agree that it should never make it into 4.7 (or
4.6-stable or 4.X of any flavor).  If this logic is followed to its
conclusion, the 4.X series should cease being developed.  Until the 5.0
series is ready for release, the 4.x series needs to continue to be
developed.  FreeBSD needs to make progress and that sometimes causes
hiccups.

On Tue, 9 Jul 2002, Doug Barton also wrote:

> The fact that it falls back does not mean that users can get into the box
> without intervention. Besides, you're missing the whole point here. Users
> should not have to deal with this AT ALL in -stable.

If OpenSSH did a proper "attempt version 2(fail) -> attempt version
1(succeed)" fallback, your original users *would* be able to get in
*without* change.  This fact that this does not occur really is a
bug/misfeature of OpenSSH.  It really should get reported to them.  By
fixing this bug/misfeature, *everybody* wins and is happy.

On Tue, 9 Jul 2002, Doug Barton also wrote:
> YOU can have exactly what you want with a simple run-time config option.

Yeah ... simple ... once you know that its the problem.  And where does it
say in the handbook that the default configuration doesn't accept DSA
keys?  Say what you will, but generating a DSA key on FreeBSD, moving it
another FreeBSD box, and still not being able to log in is not POLA.
It's a *bug*.

-a



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020709173249.M68847-100000>