r228152: anyone got the None cipher working with base OpenSSH?
Jeremy Chadwick
freebsd at jdc.parodius.com
Fri Dec 2 23:32:22 UTC 2011
On Fri, Dec 02, 2011 at 02:57:48PM -0800, Freddie Cash wrote:
> Looking through the commit messages for stable/8 and stable/9 I noticed
> that the HPN patches were applied to OpenSSH in the base install. And
> reading through the commit messages I see that one has to manually enable
> the None cipher. However, I cannot, for the life of me, figure out how to
> do that.
>
> The commit message for r228152 says to put "NONE_CIPHER_ENABLED=yes" into
> /etc/make.conf. But doing so still gives the following error when world is
> rebuilt/reinstalled:
> command-line: line 0: Bad configuration option: NoneEnabled
>
> Putting NONE_CIPHER_ENABLED=yes into /etc/src.conf and rebuilding world
> gives the same error.
>
> And, running "make -DNONE_CIPHER_ENABLED all install" under
> /usr/src/secure/usr.bin/ssh/ also gives the same error.
>
> What am I missing? What's the magic incantation to add the None cipher to
> base ssh?
I have been discussing this with bz@ and brooks@ privately. I would
rather not go into the details of what was discussed for reasons that I
ALSO would rather not go into. Just know that the ambiguity is
intentional.
Here is what will work for you when added to /etc/make.conf:
.if ${.CURDIR:M/usr/src/secure/*}
CFLAGS+=-DNONE_CIPHER_ENABLED
.endif
There are multiple places where this needs to get defined for it to
work.
I will be working on making this a src.conf variable (of a completely
different name) probably on Saturday, but I do not have time today or on
Sunday to do it.
--
| Jeremy Chadwick jdc at parodius.com |
| Parodius Networking http://www.parodius.com/ |
| UNIX Systems Administrator Mountain View, CA, US |
| Making life hard for others since 1977. PGP 4BD6C0CB |
More information about the freebsd-stable
mailing list