Date: Sat, 13 Jan 2024 14:35:55 -0800 From: Craig Leres <leres@freebsd.org> To: Bryan Drewery <bdrewery@FreeBSD.org>, ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: Re: git: b3f86656fc67 - main - security/openssh-portable: Update HPN patch. Message-ID: <e7c6862b-a0a4-4943-8f13-2555fbd505e7@freebsd.org> In-Reply-To: <202401111805.40BI5rvS084418@gitrepo.freebsd.org> References: <202401111805.40BI5rvS084418@gitrepo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/11/24 10:05, Bryan Drewery wrote: > The branch main has been updated by bdrewery: > > URL:https://cgit.FreeBSD.org/ports/commit/?id=b3f86656fc67aa397f60747c85f7f7b967c3279d > > commit b3f86656fc67aa397f60747c85f7f7b967c3279d > Author: Bryan Drewery<bdrewery@FreeBSD.org> > AuthorDate: 2024-01-11 18:05:02 +0000 > Commit: Bryan Drewery<bdrewery@FreeBSD.org> > CommitDate: 2024-01-11 18:05:39 +0000 > > security/openssh-portable: Update HPN patch. Nice to see the HPN patch return. Unfortunately it causes some issues for me. After enabling, rebuilding, and installing on eight systems I found I could no longer ssh from my desktop to any of the upgraded systems. And attemping to login to non-HPN 9.6.p1_1,1 systems would not find the SSHFP records that exist and asked to add the host fingerprint to known_hosts (which I try and avoid for hosts I use SSHFP with). Digging in a bit I see that everything works when I use fully qualified domain names. And of course reverting the HPN build option works as it did a week ago. The reason I can't login to some hosts without using a FQDN is because my .ssh/config has StrictHostKeyChecking enabled for them. I skimmed files/extra-patch-hpn but did not see anything obvious that would impact canonicalization of the destination host or SSHFP processing. Craig
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e7c6862b-a0a4-4943-8f13-2555fbd505e7>