Upgrade to FreeBSD 12.0 breaks SSHD
abrancatelli at schema31.it
Fri Dec 21 17:55:17 UTC 2018
To David Wolfskil, your mail server keeps refusing my mail, so I'm
sending you my reply here:
sorry I didn't mean to sound critic towards the work of anyone but I can
assure you 100% that we never touched that file for any particular
What I can assure you tho, is that the machine used to be a FreeBSD 8/9
in the beginning.
What I just checked is that the man page for sshd_config lists the
allowed values for MAC and hmac-ripemd160 disappeared since 12.0 - you
can check it in the online man page:
Furthermore I just checked some other of our machines that were upgraded
from previous versions of FreeBSD (always 8/9 era):
root at cianuro:/etc/ssh # freebsd-version
root at cianuro:/etc/ssh # cat /etc/ssh/sshd_config | grep MACs
root at cianuro:/etc/ssh #
While a fresh new 11.x doesn't have that line:
root at phpengine-ams301:~ # freebsd-version
root at phpengine-ams301:~ # cat /etc/ssh/sshd_config | grep MACs
root at phpengine-ams301:~ #
Chief Technology Officier
ROMA - FI - PA
Società del Gruppo OVIDIO TECH S.R.L.
On 2018-12-21 18:10, Andrea Brancatelli wrote:
> Just a quick head up.... Today we update a FreeBSD 11.2 to 12.0 machine
> and our SSHD got broken.
> The problem is with HMAC line in the config file, specifically the
> hmac-ripemd160 value. It was legit in 11.2 (and I suspect
> default-enabled for a previous FreeBSD version because never in the
> world we would change that line - I don't even knot what's for) but it
> doesn't work anymore in 12.0.
> So as a check, before upgrading check your /etc/ssh/sshd_config.
> Andrea Brancatelli
> Schema31 S.p.a.
> Chief Technology Officier
> ROMA - FI - PA
> Tel: +39.06.98.358.472
> Cell: +39.331.2488468
> Fax: +39.055.71.880.466
> Società del Gruppo OVIDIO TECH S.R.L.
> freebsd-stable at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
More information about the freebsd-stable