Call for testing: OpenSSH 7.8

Predrag Zecevic predrag.zecevic at unitybox.de
Tue Aug 14 19:47:29 AEST 2018 

On 08/14/18 10:22, Predrag Zecevic wrote:
> On Thu, Aug 09, 2018 at 08:16:34PM CDT, Damien Miller wrote:
>>> Hi,
>>>
>>> OpenSSH 7.8p1 is almost ready for release, so we would appreciate 
>>> testing
>>> on as many platforms and systems as possible. This is a bugfix release.
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
> Hi all,
>
> tried OpenIndiana /hipster compile of openssh-SNAP-20180813.tar.gz, 
> within bare zone... Details:
> $ gcc --version
> gcc (OpenIndiana 6.4.0-OI-3) 6.4.0
>
> $ ./configure --prefix=/pz/SFW/snapssh --with-pam 
> --with-solaris-projects --with-solaris-privs 
> --with-xauth=/usr/bin/xauth --with-md5-passwords --with-mantype=man # 
> note absence of kerberos setup - it fails in any case
> ...
> OpenSSH has been configured with the following options:
>                      User binaries: /pz/SFW/snapssh/bin
>                    System binaries: /pz/SFW/snapssh/sbin
>                Configuration files: /pz/SFW/snapssh/etc
>                    Askpass program: /pz/SFW/snapssh/libexec/ssh-askpass
>                       Manual pages: /pz/SFW/snapssh/share/man/manX
>                           PID file: /var/run
>   Privilege separation chroot path: /var/empty
>             sshd default user PATH: 
> /usr/ccs/bin:/usr/bin:/bin:/usr/sbin:/sbin:/pz/SFW/snapssh/bin
>    (If PATH is set in /etc/default/login it will be used instead. If
>    used, ensure the path to scp is present, otherwise scp will not work.)
>                     Manpage format: man
>                        PAM support: yes
>                    OSF SIA support: no
>                  KerberosV support: no
>                    SELinux support: no
>               MD5 password support: yes
>                    libedit support: no
>                    libldns support: no
>   Solaris process contract support: no
>            Solaris project support: yes
>          Solaris privilege support: yes
>        IP address in $DISPLAY hack: no
>            Translate v4 in v6 hack: no
>                   BSD Auth support: no
>               Random number source: OpenSSL internal ONLY
>              Privsep sandbox style: solaris
>
>               Host: i386-pc-solaris2.11
>           Compiler: gcc
>     Compiler flags: -g -O2 -pipe -Wall -Wpointer-arith -Wuninitialized 
> -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess 
> -Wno-pointer-sign -Wno-unused-result -fno-strict-aliasing 
> -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong
> Preprocessor flags:
>       Linker flags:  -Wl,-z,now -fstack-protector-strong
>          Libraries: -lresolv -lcrypto -lnsl -lz -lsocket -lproject
>          +for sshd:  -lpam -ldl
>
> SVR4 style packages are supported with "make package"
>
> PAM is enabled. You may need to install a PAM control file
> for sshd, otherwise password authentication may fail.
> Example PAM control files can be found in the contrib/
> subdirectory
>
> ...
> $ gmake -j 1 # has produced code, only few warnings (I can provide 
> full log, on demand).
>
> $ file /pz/SFW/snapssh/sbin/sshd
> /pz/SFW/snapssh/sbin/sshd:      ELF 32-bit LSB executable 80386 
> Version 1, dynamically linked, stripped
>
> $ file /pz/SFW/snapssh/bin/ssh
> /pz/SFW/snapssh/bin/ssh:        ELF 32-bit LSB executable 80386 
> Version 1, dynamically linked, stripped
>
> $ /pz/SFW/snapssh/bin/ssh -V
> OpenSSH_7.8p1-snap20180813, OpenSSL 1.0.2o  27 Mar 2018
>
> It generally works, but no Kerberos support:
> $ /pz/SFW/snapssh/bin/ssh -A USER at HOST
> /export/home/predrag_zecevic/.ssh/config line 22: Unsupported option 
> "gssapidelegatecredentials"
> /export/home/predrag_zecevic/.ssh/config line 23: Unsupported option 
> "gssapiauthentication"
> ...
>
> I will try to make 64 bit executable, and I am also keen to get in 
> Kerberos support...
>
> This is doable on OI, but needs more work.
>
> Regards.
>
When I have included Kerberos, compilations fails with:

gcc -o sshd sshd.o auth-rhosts.o auth-passwd.o audit.o audit-bsm.o 
audit-linux.o platform.o sshpty.o sshlogin.o servconf.o serverloop.o 
auth.o auth2.o auth-options.o session.o auth2-chall.o groupaccess.o 
auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o 
auth2-passwd.o auth2-pubkey.o monitor.o monitor_wrap.o auth-krb5.o 
auth2-gss.o gss-serv.o gss-serv-krb5.o loginrec.o auth-pam.o 
auth-shadow.o auth-sia.o md5crypt.o sftp-server.o sftp-common.o 
sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o 
sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o 
sandbox-solaris.o uidswap.o -L. -Lopenbsd-compat/ -m64 
-R/usr/gnu/lib/amd64 -R/usr/lib/amd64 -L/usr/gnu/lib/amd64 
-L/usr/lib/amd64 -Wl,-z,now -fstack-protector-strong -R/usr/bin/lib 
-lssh -lopenbsd-compat -lpam -ldl -lcrypto -lz -lresolv -lsocket -lnsl 
-lm -lintl -lproject -L/usr/lib -lgss -lkrb5 -L/usr/lib -lkrb5
Undefined                       first referenced
  symbol                             in file
gss_krb5_copy_ccache                gss-serv-krb5.o
ld: fatal: symbol referencing errors. No output written to sshd
collect2: error: ld returned 1 exit status
gmake: *** [Makefile:175: sshd] Error 1

Regards.

More information about the openssh-unix-dev mailing list