Upgrade to FreeBSD 12.0 breaks SSHD
matthew at FreeBSD.org
Sun Dec 23 18:25:39 UTC 2018
On 21/12/2018 17:10, Andrea Brancatelli wrote:
> Just a quick head up.... Today we update a FreeBSD 11.2 to 12.0 machine
> and our SSHD got broken.
> The problem is with HMAC line in the config file, specifically the
> hmac-ripemd160 value. It was legit in 11.2 (and I suspect
> default-enabled for a previous FreeBSD version because never in the
> world we would change that line - I don't even knot what's for) but it
> doesn't work anymore in 12.0.
> So as a check, before upgrading check your /etc/ssh/sshd_config.
This should have been high-lighted for you when you ran etcupdate(8) or
mergemaster(8) as a routine part of your upgrade procedure. If you
never modified anything to do with the MACs setting in
/etc/ssh/sshd_config then either of those two programs would
automatically remove hmac-ripemd160 for you, or else they should show a
merge conflict for you to resolve.
I recommend using etcupdate(8) as it minimizes the effort needed to
merge in updates to your /etc files. It takes two steps:
1) jJust run etcupdate(8) without arguments. It will do a three-way
merge between the previous default and current default contents of /etc
and your actual /etc and automatically upgrade everything it can. It
will then print out a list of the files it modified, each with a single
character indicator shown how the file was dealt with.
2) If anything was listed with flag 'C' (meaning "conflict") then you
need to run a second step to resolve the conflicts:
# etcupdate resolve
Edit each of the files presented to remove the conflicts and provide the
correct settings for your system.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 963 bytes
Desc: OpenPGP digital signature
More information about the freebsd-stable