Openssh-2.1.0p1 test release

Michael H. Warfield mhw at wittsend.com
Fri May 19 01:53:35 EST 2000 

On Wed, May 17, 2000 at 11:47:48PM +1000, Damien Miller wrote:
> This to announce a test release of 2.1.0p1 before making it widely
> available.

> This release includes many fixes to problems reported over the last 
> week. In particular:

>  - spurious error and coredumps caused by the inbuilt entropy gathering
>  - RSAref detection
>  - Compilation fixes for Solaris and others

> It also contains (completely untested) support for compiling without
> RSA support. This may be useful to those of you in the USA. I am
> interested to hear whether and how well this works. RSAless support
> is enabled if a) OpenSSL is available, b) OpenSSL is built without
> RSAref and c) RSAref cannot be found. In future it will be a config
> option. 

> Please report bugs to this mailing list directly. It is open again to
> non-subscribers.

	Still having problems with X11 forwarding:

[mhw at alcove mhw]$ ssh canyon
Last login: Thu May 18 08:11:53 2000 from alcove.wittsend.com
[mhw at canyon mhw]$ set | grep XAU
XAUTHORITY=/tmp/ssh-sfsQ2629/cookies
[mhw at canyon mhw]$ xterm
channel 0: istate 4 != open
channel 0: ostate 64 != open
X connection to canyon:10.0 broken (explicit kill or server shutdown).

	From sshd_config on Canyon (the server system):

X11Forwarding yes
X11DisplayOffset 10

	From ssh_config on Alcove (the client side):

Host *
        ForwardAgent yes
        ForwardX11 yes
        FallBackToRsh no

Here is what I get if I do this with with an ssh -v:

[mhw at canyon mhw]$ xterm
debug: Received X11 open request.
debug: fd 6 setting O_NONBLOCK
debug: channel 0: new [X11 connection from canyon port 1055]
debug: X11 connection uses different authentication protocol.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
	What's this all about?
debug: X11 rejected 0 i1/o16
debug: channel 0: read failed
debug: channel 0: input open -> drain
debug: channel 0: close_read
debug: channel 0: input: no drain shortcut
debug: channel 0: ibuf empty
debug: channel 0: input drain -> wait_oclose
debug: channel 0: send ieof
debug: channel 0: write failed
debug: channel 0: output open -> wait_ieof
debug: channel 0: send oclose
debug: channel 0: close_write
debug: X11 closed 0 i4/o64
debug: channel 0: rcvd ieof
debug: channel 0: non-open
channel 0: istate 4 != open
channel 0: ostate 64 != open
debug: channel 0: rcvd oclose
debug: channel 0: input wait_oclose -> closed
X connection to canyon:10.0 broken (explicit kill or server shutdown).
[mhw at canyon mhw]$

	So there is something foo'ed in the authentication protocol.
Seems like this use to work (1.2.3, I think).  What broke?

> Regards,
> Damien
> 
> Full Changelog:
> 
> 20000517
>  - Fix from Andre Lucas <andre.lucas at dial.pipex.com>
>   - Fixes command line printing segfaults (spotter: Bladt Norbert)
>   - Fixes erroneous printing of debug messages to syslog
>   - Fixes utmp for MacOS X (spotter: Aristedes Maniatis)
>   - Gives useful error message if PRNG initialisation fails
>   - Reduced ssh startup delay
>   - Measures cumulative command time rather than the time between reads
> 	 after select()
>   - 'fixprogs' perl script to eliminate non-working entropy commands, and
> 	 optionally run 'ent' to measure command entropy
>  - Applied Tom Bertelson's <tbert at abac.com> AIX authentication fix
>  - Avoid WCOREDUMP complation errors for systems that lack it
>  - Avoid SIGCHLD warnings from entropy commands 
>  - Fix HAVE_PAM_GETENVLIST setting from Simon Wilkinson <sxw at dcs.ed.ac.uk>
>  - OpenBSD CVS update:
>   - markus at cvs.openbsd.org 
>     [ssh.c]
>     fix usage()
>     [ssh2.h]
>     draft-ietf-secsh-architecture-05.txt
>     [ssh.1]
>     document ssh -T -N (ssh2 only)
>     [channels.c serverloop.c ssh.h sshconnect.c sshd.c aux.c]
>     enable nonblocking IO for sshd w/ proto 1, too; split out common code
>     [aux.c]
>     missing include
>  - Several patches from SAKAI Kiyotaka <ksakai at kso.netwk.ntt-at.co.jp>
>   - INSTALL typo and URL fix
>   - Makefile fix
>   - Solaris fixes
>  - Checking for ssize_t and memmove. Based on patch from SAKAI Kiyotaka 
>    <ksakai at kso.netwk.ntt-at.co.jp>
>  - RSAless operation patch from kevin_oconnor at standardandpoors.com
>  - Detect OpenSSL seperatly from RSA
>  - Better test for RSA (more compatible with RSAref). Based on work by 
>    Ed Eden <ede370 at stl.rural.usda.gov>
> 
> 20000513
>  - Fix for non-recognised DSA keys from Arkadiusz Miskiewicz 
>    <misiek at pld.org.pl>
> 
> 20000511
>  - Fix for prng_seed permissions checking from Lutz Jaenicke 
>    <Lutz.Jaenicke at aet.TU-Cottbus.DE>
>  - "make host-key" fix for Irix
> 
> 
> 
> -- 
> | "Bombay is 250ms from New York in the new world order" - Alan Cox
> | Damien Miller - http://www.mindrot.org/
> | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)

	Mike
-- 
 Michael H. Warfield    |  (770) 985-6132   |  mhw at WittsEnd.com
  (The Mad Wizard)      |  (770) 331-2437   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

More information about the openssh-unix-dev mailing list