From owner-freebsd-questions@freebsd.org Fri Jul 13 16:45:00 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 20E411043977 for ; Fri, 13 Jul 2018 16:45:00 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from cyrus.watson.org (cyrus.watson.org [204.107.128.30]) by mx1.freebsd.org (Postfix) with ESMTP id C72308E68D for ; Fri, 13 Jul 2018 16:44:59 +0000 (UTC) (envelope-from doug@fledge.watson.org) Received: from fledge.watson.org (fledge.watson.org [198.74.231.63]) by cyrus.watson.org (Postfix) with ESMTPS id 2278DBF353; Fri, 13 Jul 2018 16:44:53 +0000 (UTC) Received: from fledge.watson.org (doug@localhost.watson.org [127.0.0.1]) by fledge.watson.org (8.15.2/8.15.2) with ESMTP id w6DGiq4j023968; Fri, 13 Jul 2018 12:44:52 -0400 (EDT) (envelope-from doug@fledge.watson.org) Received: from localhost (doug@localhost) by fledge.watson.org (8.15.2/8.15.2/Submit) with ESMTP id w6DGiqdK023965; Fri, 13 Jul 2018 12:44:52 -0400 (EDT) (envelope-from doug@fledge.watson.org) Date: Fri, 13 Jul 2018 12:44:52 -0400 (EDT) From: doug Reply-To: doug@safeport.com To: Doug McIntyre cc: freebsd-questions@FreeBSD.org Subject: Re: ssh on 11.2 In-Reply-To: <20180713135754.GA74801@geeks.org> Message-ID: References: <20180713135754.GA74801@geeks.org> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (fledge.watson.org [127.0.0.1]); Fri, 13 Jul 2018 12:44:52 -0400 (EDT) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Jul 2018 16:45:00 -0000 On Fri, 13 Jul 2018, Doug McIntyre wrote: > On Thu, Jul 12, 2018 at 05:17:25PM -0400, doug wrote: >> After going to 11.2 from 11.1 authorized_keys2 MUST be renamed to >> authorized_keys. I spent a bit of time checking permissions and keys before >> comparing /etc/ssh/sshd_config. This might be implied in some of the Open-ssh >> errata but not so I got it. A note in UPDATING might be nice, or did I just miss >> this? > > Wow, you had an authorized_keys2 file? That was deprecated in OpenSSH 3.0 > https://marc.info/?l=openssh-unix-dev&m=100508718416162&w=2 > > Your setup must have been copied along for quite some time. > > My guess is that OpenSSH finally removed support of it (although I'd > have guessed the support would have been removed long ago), as part > of the general cleanup. The changeover happened eons ago, so they > probably figured nobody had that version any longer. > Thanks for the info. Yea one of my keys is from the previous millennium. But my point remains. So you peaked my curiosity. FreeBSD takes no note of this as far as I can find. https://www.openssh.com/releasenotes.html covers OpenSSH 7.7/7.7p1 (2018-04-02) to openSSH 1.2.3p1 (2000-03-24). And indeed OpenSSH 5.9/5.9p1 (2011-09-06) notes authorized_keys2 is deprecated. That's not noted in UPDATING either. Without the comment in sshd_config it I would still be looking. One of the guys I work with has never used authorized_keys2 so I would have gotten it eventually from that. Back in the very eary ssh days I wanted to do a simple change that was eventually implemented. But from that I know I am not up to reading the ssh code.