Call for testing: OpenSSH 6.6

mikep at noc.utoronto.ca mikep at noc.utoronto.ca
Sun Mar 2 09:24:44 EST 2014 

Built 'openssh-SNAP-20140301' on Solaris 10 with 'gcc'; no errors;
'ssh' as 'root' now works (failed with 6.5p1).

2 issues:

In 'ssh_config', setting:

 	KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

used to allow connections to Cisco routers to work, but now the connection
attempt hangs. With the current version, any one of:

 	KexAlgorithms diffie-hellman-group-exchange-sha1
 	KexAlgorithms diffie-hellman-group14-sha1
 	KexAlgorithms diffie-hellman-group1-sha1
 	KexAlgorithms diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

works, but this hangs:

 	KexAlgorithms diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

On Sat, 1 Mar 2014, mancha wrote:

> $ ./configure && make tests sysconfdir=$(pwd)
>
> This could be forced in the makefile's test target so it works
> automagically.

'make tests', 'make tests sysconfdir=$PWD' and 'make tests
sysconfdir=/etc/ssh' all fail with:

  ...
sftp permissions: read-only upload
sftp permissions: read-only setstat
postcondition check failed: setstat readonly
sftp permissions: read-only rm
sftp permissions: read-only mkdir
sftp permissions: read-only rmdir
sftp permissions: read-only posix-rename
sftp permissions: read-only oldrename
sftp permissions: read-only symlink
sftp permissions: read-only hardlink
sftp permissions: explicit open
sftp permissions: explicit read
sftp permissions: explicit write
sftp permissions: explicit lstat
sftp permissions: explicit opendir
sftp permissions: explicit readdir
sftp permissions: explicit setstat
postcondition check failed: setstat blacklisted
postcondition check failed: setstat not in whitelist
sftp permissions: explicit remove
sftp permissions: explicit mkdir
sftp permissions: explicit rmdir
sftp permissions: explicit posix-rename
sftp permissions: explicit rename
sftp permissions: explicit symlink
sftp permissions: explicit hardlink
sftp permissions: explicit statvfs
failed sftp permissions
make[1]: *** [t-exec] Error 1

with lots of 'Unsupported query "cipher-auth"' messages before that point.

Mike
--
Mike Peterson                            Information Security Analyst - Audit
E-mail: mikep at noc.utoronto.ca                WWW: http://www.noc.utoronto.ca/
Tel: 416-978-5230                                           Fax: 416-978-6620

More information about the openssh-unix-dev mailing list