From owner-freebsd-stable Tue Jul 9 18:44:10 2002 Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 349A737B401; Tue, 9 Jul 2002 18:44:05 -0700 (PDT) Received: from mail.allcaps.org (h-66-166-142-198.SNDACAGL.covad.net [66.166.142.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id 752EE43E4A; Tue, 9 Jul 2002 18:44:04 -0700 (PDT) (envelope-from bsder@mail.allcaps.org) Received: by mail.allcaps.org (Postfix, from userid 501) id 4858D153BA; Tue, 9 Jul 2002 18:44:03 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.allcaps.org (Postfix) with ESMTP id 3E061153B7; Tue, 9 Jul 2002 18:44:03 -0700 (PDT) Date: Tue, 9 Jul 2002 18:44:03 -0700 (PDT) From: "Andrew P. Lentvorski" To: Doug Barton Cc: Helge Oldach , Jay Sachs , , , Subject: Re: ssh to remote machines problem after cvsup In-Reply-To: <20020709134511.I24728-100000@zoot.corp.yahoo.com> Message-ID: <20020709173249.M68847-100000@mail.allcaps.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 9 Jul 2002, Doug Barton wrote: > I am totally disinterested in what happens to the very small percentage of > our users who follow -stable and RELENG_4 religiously. I'm very interested > in what will happen when 4.6.1 is released, and throngs of people upgrade > to it thinking it will "fix" their ssh problems, when in reality it's > creating a whole bunch of new ones. There are actually 2 *separate* problems here. One concerns 4.6.1 and the other concerns stuff after that.. If, as you appear to be suggesting, this change has been propagated to 4.6.1, I would agree with you that it should be backed out. I apologize if I missed that reference in earlier emails. However, that issue should probably be taken up with release engineering, not stable. I certainly do *not* agree that it should never make it into 4.7 (or 4.6-stable or 4.X of any flavor). If this logic is followed to its conclusion, the 4.X series should cease being developed. Until the 5.0 series is ready for release, the 4.x series needs to continue to be developed. FreeBSD needs to make progress and that sometimes causes hiccups. On Tue, 9 Jul 2002, Doug Barton also wrote: > The fact that it falls back does not mean that users can get into the box > without intervention. Besides, you're missing the whole point here. Users > should not have to deal with this AT ALL in -stable. If OpenSSH did a proper "attempt version 2(fail) -> attempt version 1(succeed)" fallback, your original users *would* be able to get in *without* change. This fact that this does not occur really is a bug/misfeature of OpenSSH. It really should get reported to them. By fixing this bug/misfeature, *everybody* wins and is happy. On Tue, 9 Jul 2002, Doug Barton also wrote: > YOU can have exactly what you want with a simple run-time config option. Yeah ... simple ... once you know that its the problem. And where does it say in the handbook that the default configuration doesn't accept DSA keys? Say what you will, but generating a DSA key on FreeBSD, moving it another FreeBSD box, and still not being able to log in is not POLA. It's a *bug*. -a To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message