Call for testing: OpenSSH 8.0

Jakub Jelen jjelen at redhat.com
Sat Apr 6 00:50:16 AEDT 2019


On Fri, 2019-03-29 at 12:29 +0100, Jakub Jelen wrote:
> On Wed, 2019-03-27 at 22:00 +1100, Damien Miller wrote:
> > Hi,
> > 
> > OpenSSH 8.0p1 is almost ready for release, so we would appreciate
> > testing
> > on as many platforms and systems as possible.
> > 
> > Snapshot releases for portable OpenSSH are available from
> > http://www.mindrot.org/openssh_snap/
> > 
> > The OpenBSD version is available in CVS HEAD:
> > http://www.openbsd.org/anoncvs.html
> > 
> > Portable OpenSSH is also available via git using the
> > instructions at http://www.openssh.com/portable.html#cvs
> > At https://anongit.mindrot.org/openssh.git/ or via a mirror at
> > Github:
> > https://github.com/openssh/openssh-portable
> > 
> > Running the regression tests supplied with Portable OpenSSH does
> > not
> > require installation and is a simply:
> > 
> > $ ./configure && make tests
> 
> For now, I have only one comment, but I plan to run more tests in our
> environment.

There is also changed semantics of the ssh-keygen when listing keys
from PKCS#11 modules. In the past, it was not needed to enter a PIN for
this, but now.

At least, it is not consistent with a comment in the function
pkcs11_open_session(), which says

 727  * if pin == NULL we delay login until key use

Being logged in before listing keys prevents bug #2430, but as a side
effect, even the ssh can not list keys before login and if the
configuration contains a PKCS#11 module, the user is always prompted
for a PIN, which is not very user friendly.

I see this is a regression and the bug #2430 should get solved as
proposed in the patches (will need some tweaks after the big
refactoring).

Regards,
-- 
Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.



More information about the openssh-unix-dev mailing list