[Bug 216226] security/openssh-portable no longer providing HPN or none
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jan 18 11:38:32 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216226
Bug ID: 216226
Summary: security/openssh-portable no longer providing HPN or
none
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: bdrewery at FreeBSD.org
Reporter: dewayne at heuristicsystems.com.au
Assignee: bdrewery at FreeBSD.org
Flags: maintainer-feedback?(bdrewery at FreeBSD.org)
I appreciate that there has some discussion in the mailing list regarding the
HPN and none (cipher) options. However I just upgraded from 7.3.p1_1,1 to
OpenSSH_7.4p1, LibreSSL 2.4.4 on
11.0-STABLE FreeBSD 11.0-STABLE #0 r311660M: Sun Jan 8 21:30:51 AEDT 2017 and
upon restarting sshd received these little surprises:
/usr/local/etc/ssh/sshd_config: line 11: Bad configuration option: HPNDisabled
/usr/local/etc/ssh/sshd_config: line 12: Bad configuration option:
HPNBufferSize
/usr/local/etc/ssh/sshd_config: line 13: Bad configuration option: NoneEnabled
/usr/local/etc/ssh/sshd_config line 14: Bad SSH2 cipher spec
'aes256-gcm at openssh.com,chacha20-poly1305 at openssh.com,aes256-cbc,aes192-cbc,aes128-cbc,none'.
Unfortunately this did catch me out, as there were no remarks in the svn logs
nor UPDATING that would've alerted me to this change. There is no harm done as
internet facing systems don't use these options, but it might be worth drawing
to the attention of others that might be adversely surprised/impacted .
I provide this in case its relevant:
make -C /usr/ports/security/openssh-portable showconfig | grep =on
BSM=on: OpenBSM Auditing
HPN=on: HPN-SSH patch
LIBEDIT=on: Command line editing via libedit
NONECIPHER=on: NONE Cipher support
Kind regards.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list