OpenSSH 5.4 bug fixed in 5.5
Matthieu Michaud
michaud.matthieu at gmail.com
Wed May 12 21:08:24 UTC 2010
I would like to share a solution of a problem I faced with the current
version of OpenSSH in 8-STABLE (5.4p1).
Last upgrade of my system updated OpenSSH from 5.2p1 to 5.4p1 which has
a regression for those using a non-default AuthorizedKeysFile option set
to a relative path (".ssh/keys" in my case). If you are using the
default you are not affected.
As I had authentication mechanism restricted to public keys and this
parameter expands to //.ssh/keys with the regression I wasn't able to
access my server after restart.
It's fixed in 5.5p1 which is not yet imported in the 8-STABLE branch.
To get back this option working you either have to wait for 5.5p1 merge
to 8-STABLE, install it yourself or import the following patch from the
vendor and rebuild sshd. I opted for the last solution. Here's how I did
it :
cd /usr/src/crypto/openssh
fetch -o -
'http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/servconf.c.diff?r1=1.207;r2=1.204'
| patch
cd /usr/src/secure/usr.sbin/sshd
make obj depend
make all
make install
Hope it helps,
Matthieu
More information about the freebsd-stable
mailing list