sshd whines & dies after releng/10 "freebsd-update" run

David Wolfskill david at catwhisker.org
Mon Oct 17 01:01:54 UTC 2016 

On Sun, Oct 16, 2016 at 05:32:57PM -0700, Kevin Oberman wrote:
> ...
> I believe sshd no longer supports ssh1 compatibility and it looks like you
> might still have an entry in /etc/sshd/sshd.config trying to touch v1.
> Check the file for any non-default entries. Compare your sshd_config with
> the default version in /usr/src/crypto/openssh.
> ....

I used to explicitly disable v1 compatibility.....

The machine that's a target of the "freebsd-update" attention has
no sources, so I copied sshd_config from it to /tmp on my laptop
(which does):

g1-252(11.0-S)[4] diff -u /S2/usr/src/crypto/openssh/sshd_config /tmp/sshd_config
--- /S2/usr/src/crypto/openssh/sshd_config      2016-03-13 04:13:31.323690000 -0700
+++ /tmp/sshd_config    2016-06-05 06:37:55.000000000 -0700
@@ -1,5 +1,5 @@
-#      $OpenBSD: sshd_config,v 1.98 2016/02/17 05:29:04 djm Exp $
-#      $FreeBSD: stable/10/crypto/openssh/sshd_config 296781 2016-03-12 23:53:20Z des $
+#      $OpenBSD: sshd_config,v 1.93 2014/01/10 05:59:19 djm Exp $
+#      $FreeBSD: stable/10/crypto/openssh/sshd_config 264692 2014-04-20 12:46:18Z des $
 
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
@@ -120,7 +120,7 @@
 #MaxStartups 10:30:100
 #PermitTunnel no
 #ChrootDirectory none
-#VersionAddendum FreeBSD-20160310
+#VersionAddendum FreeBSD-20140420
 
 # no default banner path
 #Banner none
@@ -128,6 +128,18 @@
 # override default of no subsystems
 Subsystem      sftp    /usr/libexec/sftp-server
 
+# Disable HPN tuning improvements.
+#HPNDisabled no
+
+# Buffer size for HPN to non-HPN connections.
+#HPNBufferSize 2048
+
+# TCP receive socket buffer polling for HPN.  Disable on non autotuning kernels.
+#TcpRcvBufPoll yes
+
+# Allow the use of the NONE cipher.
+#NoneEnabled no
+
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
 #      X11Forwarding no
g1-252(11.0-S)[5] 


On the off-chance that the VersionAddendum might be confusing at
least one of us, I copied the stable/11 version of the file to the
appropiate place on the freebsd-update target machine, then rebooted.
Still no joy: other things work, but not ssh.

Thanks for the suggestion.  I'm a bit... perplexed.

[The machine in question would be the last machine I have still
running FreeBSD-10 -- I've migrated each of the others to stable/11.]

Peace,
david
-- 
David H. Wolfskill				david at catwhisker.org
Those who would murder in the name of God or prophet are blasphemous cowards.

See http://www.catwhisker.org/~david/publickey.gpg for my public key.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 603 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20161016/92615f7b/attachment.sig>

More information about the freebsd-stable mailing list