Hi, We are preparing to make the release of OpenSSH 4.8 soon, so we would greatly appreciate testing of snapshot releases in as many environments and on as many operating systems as possible. The highlights of this release are: * Added chroot(2) support for sshd(8), controlled by a new option "ChrootDirectory". Please refer to sshd_config(5) for details, and please use this feature carefully. (bz#177 bz#1352) * Linked sftp-server(8) into sshd(8). The internal sftp server is used when the command "internal-sftp" is specified in a Subsystem or ForceCommand declaration. When used with ChrootDirectory, the internal sftp server requires no special configuration of files inside the chroot environment. Please refer to sshd_config(5) for more information. * Added a protocol extension method "posix-rename at openssh.com" for sftp-server(8) to perform POSIX atomic rename() operations. (bz#1400) * Removed the fixed limit of 100 file handles in sftp-server(8). The server will now dynamically allocate handles up to the number of available file descriptors. (bz#1397) * ssh(8) will now skip generation of SSH protocol 1 ephemeral server keys when in inetd mode and protocol 2 connections are negotiated. This speeds up protocol 2 connections to inetd-mode servers that also allow Protocol 1 (bz#440) * Accept the PermitRootLogin directive in a sshd_config(5) Match block. Allows for, e.g. permitting root only from the local network. * Reworked sftp(1) argument splitting and escaping to be more internally consistent (i.e. between sftp commands) and more consistent with sh(1). Please note that this will change the interpretation of some quoted strings, especially those with embedded backslash escape sequences. (bz#778) * Support "Banner=none" in sshd_config(5) to disable sending of a pre-login banner (e.g. in a Match block). * ssh(1) ProxyCommands are now executed with $SHELL rather than /bin/sh. * ssh(1)'s ConnectTimeout option is now applied to both the TCP connection and the SSH banner exchange (previously it just covered the TCP connection). This allows callers of ssh(1) to better detect and deal with stuck servers that accept a TCP connection but don't progress the protocol, and also makes ConnectTimeout useful for connections via a ProxyCommand. * Many new regression tests, including interop tests against PuTTY's plink. * Support BSM auditing on Mac OS X This release also contains many bugfixes. Please refer to the tracking bug https://bugzilla.mindrot.org/show_bug.cgi?id=1353 for a partial list. The ChangeLog file in the portable OpenSSH tarballs contains a full list. Please fetch and test the release that is appropriate for your platform: If you are running OpenBSD the latest version is available in CVS HEAD, as described at http://www.openbsd.org/anoncvs.html Otherwise, portable snapshots are available from http://www.mindrot.org/openssh_snap/ and also by anonymous CVS. CVS instructions are here: http://www.openssh.com/portable.html#cvs Running the regression tests supplied with Portable does not require installation and is a simply: $ ./configure && make tests This release includes some interoperability tests against PuTTY's plink(1). These tests may be run using "make interop-tests" if you have plink(1) installed. Testing on suitable non-production systems is also appreciated. Please send reports of success or failure to openssh-unix-dev at mindrot.org.
On Thu, 13 Mar 2008, Damien Miller wrote:> This release includes some interoperability tests against PuTTY's > plink(1). These tests may be run using "make interop-tests" if you > have plink(1) installed.FYI these tests were broken unless you happened to have plink and puttygen installed in /usr/local/bin. I'm just about to commit a fix, so if you want to play with these then grab a snapshot dated after 20080314 (this will be available in about 12 hours) or use anoncvs in an hour or so. -d
Hi, On Mar 13 11:50, Damien Miller wrote:> Hi, > > We are preparing to make the release of OpenSSH 4.8 soon, so we would > greatly appreciate testing of snapshot releases in as many environments > and on as many operating systems as possible.Built for current Cygwin relase 1.5.25-11. There's a bug in scp.c when including poll.h. For some reason it only tries to include sys/poll.h, but not the POSIX-compliant poll.h. I had to apply the below patch to be able to build scp: Index: scp.c ==================================================================RCS file: /cvs/openssh/scp.c,v retrieving revision 1.178 diff -p -u -r1.178 scp.c --- scp.c 29 Feb 2008 04:07:02 -0000 1.178 +++ scp.c 13 Mar 2008 09:38:56 -0000 @@ -78,8 +78,12 @@ #ifdef HAVE_SYS_STAT_H # include <sys/stat.h> #endif -#ifdef HAVE_SYS_POLL_H -# include <sys/poll.h> +#ifdef HAVE_POLL_H +#include <poll.h> +#else +# ifdef HAVE_SYS_POLL_H +# include <sys/poll.h> +# endif #endif #ifdef HAVE_SYS_TIME_H # include <sys/time.h> After applying this patch, everything built OOTB and the testsuite ran more or less fine, except for the puttygen stuff, which I don't have installed. There's also a fail in sftp-cmds.sh: sftp commands: lls lls failed It turns out to be two bugs in the test script: verbose "$tid: lls" echo "cd ${OBJ}\nlls" | ${SFTP} -P ${SFTPSERVER} 2>&1 | \ grep -q copy.dd || fail "lls failed" First of all, when testing "lls", the cd should be "lcd". Second, coreutils' echo(1) command does not understand the \n syntax, unless you also specify the -e option. I assume the most portable approach is to embed a real LF in the command, like in the below patch (which also fixes the cd v. lcd bug: Index: regress/sftp-cmds.sh ==================================================================RCS file: /cvs/openssh/regress/sftp-cmds.sh,v retrieving revision 1.16 diff -p -u -r1.16 sftp-cmds.sh --- regress/sftp-cmds.sh 12 Mar 2008 12:59:44 -0000 1.16 +++ regress/sftp-cmds.sh 13 Mar 2008 10:14:33 -0000 @@ -44,7 +44,8 @@ rm -rf ${COPY} ${COPY}.1 ${COPY}.2 ${COP mkdir ${COPY}.dd verbose "$tid: lls" -echo "cd ${OBJ}\nlls" | ${SFTP} -P ${SFTPSERVER} 2>&1 | \ +echo "lcd ${OBJ} +lls" | ${SFTP} -P ${SFTPSERVER} 2>&1 | \ grep -q copy.dd || fail "lls failed" verbose "$tid: lls w/path" Also sftp-glob fails on Cygwin, because it tests for files which can't be created on Windows file systems where certain characters are not allowed in filenames ( '"', '<', '>', '?', '\\', '|', '*' ':' ). I don't have a patch for that right now, especially given that the next major version of Cygwin will probably allow to create files with these characters using a trick which is also used by Interix(*) :) Corinna (*) Filenames are stored in UTF-16 on Windows filesystems. All invalid chars just get or'ed with 0xf000 when storing the filename and and'ed with 0xff when retrieving the filename from the file system. -- Corinna Vinschen Cygwin Project Co-Leader Red Hat
On Thu, Mar 13, 2008 at 11:50:25 +1100, Damien Miller wrote:> Hi, > > We are preparing to make the release of OpenSSH 4.8 soon, so we would > greatly appreciate testing of snapshot releases in as many environments > and on as many operating systems as possible. >I've noticed a few quirks thus far using the 20080314 snapshot. First, doing 'make realclean' removes the configure script. Next, it builds on RHEL 4 using gcc, but it fails when using c99. make[1]: Entering directory `/u/wk/imorgan/src/openssh/openssh/openbsd-compat' c99 -g -O2 -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -I. -I.. -I. -I./.. -I/u/wk/imorgan/build/include -DHAVE_CONFIG_H -c bsd-arc4random.c In file included from ../openbsd-compat/openbsd-compat.h:194, from ../includes.h:167, from bsd-arc4random.c:17: ../openbsd-compat/fake-rfc2553.h:133: error: redefinition of `struct addrinfo' make[1]: *** [bsd-arc4random.o] Error 1 On SLES 10 using icc 9.1, it builds. Strangely, it attempts to use the gcc stack protection option with the Intel compiler. Both builds fail the regression tests: sftp commands: put to directory sftp commands: glob put to directory sftp commands: put to local dir sftp commands: glob put to local dir sftp commands: rename sftp commands: rename directory sftp commands: ln sftp commands: mkdir sftp commands: chdir sftp commands: rmdir sftp commands: lmkdir sftp commands: lchdir failed sftp commands make[1]: *** [t-exec] Error 1 -- Iain Morgan
On Thu, Mar 13, 2008 at 10:37:22 -0700, Iain Morgan wrote:> > Both builds fail the regression tests: > > sftp commands: put to directory > sftp commands: glob put to directory > sftp commands: put to local dir > sftp commands: glob put to local dir > sftp commands: rename > sftp commands: rename directory > sftp commands: ln > sftp commands: mkdir > sftp commands: chdir > sftp commands: rmdir > sftp commands: lmkdir > sftp commands: lchdir > failed sftp commands > make[1]: *** [t-exec] Error 1 >Scrolling back I see that this seems to be the same plink/puttygen issue thta Peter reported. -- Iain Morgan
regress/sftp-cmds.sh will fail on some platforms because it assumes that the echo command supports C-style escape codes. verbose "$tid: lls" echo "cd ${OBJ}\nlls" | ${SFTP} -P ${SFTPSERVER} 2>&1 | \ grep -q copy.dd || fail "lls failed" To fix this, it might be better to do something like this: verbose "$tid: lls" (echo "cd ${OBJ}"; echo "lls") | ${SFTP} -P ${SFTPSERVER} 2>&1 | \ grep -q copy.dd || fail "lls failed" Using 'echo -e' would be nicer, but that's not universal either. -- Iain Morgan
On 2008-03-13, Damien Miller <djm at mindrot.org> wrote:> > The highlights of this release are: > > * Added chroot(2) support for sshd(8), controlled by a new option > "ChrootDirectory". Please refer to sshd_config(5) for details, and > please use this feature carefully. (bz#177 bz#1352)I miss some documentation on this feature... It seems to require: UsePrivilegeSeparation no and maybe it's strongly adviceable to also use: AllowTcpForwarding no X11Forwarding no PermitUserEnvironment no # and more ? Here's my current config. Any comments on other things that should be set for a safe chrooted sftp-server ? Protocol 2 PermitRootLogin no StrictModes yes IgnoreRhosts yes PasswordAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no AllowTcpForwarding no X11Forwarding no PrintMotd yes PrintLastLog yes UsePrivilegeSeparation no PermitUserEnvironment no PidFile /var/run/sshd-external.pid PermitTunnel no Banner no Subsystem sftp internal-sftp ChrootDirectory /var/empty/sshd-external-chroot/ ForceCommand internal-sftp AllowGroup chroot_users Match group chroot_users ChrootDirectory /var/ftp/%u -jf
On Thu, 13 Mar 2008, Tim Rice wrote:> On Thu, 13 Mar 2008, Damien Miller wrote: > > > > > Either way, please try this diff: > > - *) PLINK=`which ${TEST_SSH_PLINK}` ;; > > + *) PLINK=`which ${TEST_SSH_PLINK} 2>/dev/null` ;; > > You can not expect which to be on all platforms.We already use `which` for determining an absolute path to sshd in test-exec.sh. Do you have an alternative? -d
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I made and regression tested openssh-SNAP-20080314 last night on Mac OS X 10.5.2 (Leopard). I installed plink and puttygen before running the tests. Everything checks out. No errors. jd Damien Miller wrote: | Hi, | | We are preparing to make the release of OpenSSH 4.8 soon, so we would | greatly appreciate testing of snapshot releases in as many environments | and on as many operating systems as possible. | | The highlights of this release are: | | * Added chroot(2) support for sshd(8), controlled by a new option | "ChrootDirectory". Please refer to sshd_config(5) for details, and | please use this feature carefully. (bz#177 bz#1352) | * Linked sftp-server(8) into sshd(8). The internal sftp server is | used when the command "internal-sftp" is specified in a Subsystem | or ForceCommand declaration. When used with ChrootDirectory, the | internal sftp server requires no special configuration of files | inside the chroot environment. Please refer to sshd_config(5) for | more information. | * Added a protocol extension method "posix-rename at openssh.com" for | sftp-server(8) to perform POSIX atomic rename() operations. | (bz#1400) | * Removed the fixed limit of 100 file handles in sftp-server(8). The | server will now dynamically allocate handles up to the number of | available file descriptors. (bz#1397) | * ssh(8) will now skip generation of SSH protocol 1 ephemeral server | keys when in inetd mode and protocol 2 connections are negotiated. | This speeds up protocol 2 connections to inetd-mode servers that | also allow Protocol 1 (bz#440) | * Accept the PermitRootLogin directive in a sshd_config(5) Match | block. Allows for, e.g. permitting root only from the local | network. | * Reworked sftp(1) argument splitting and escaping to be more | internally consistent (i.e. between sftp commands) and more | consistent with sh(1). Please note that this will change the | interpretation of some quoted strings, especially those with | embedded backslash escape sequences. (bz#778) | * Support "Banner=none" in sshd_config(5) to disable sending of a | pre-login banner (e.g. in a Match block). | * ssh(1) ProxyCommands are now executed with $SHELL rather than | /bin/sh. | * ssh(1)'s ConnectTimeout option is now applied to both the TCP | connection and the SSH banner exchange (previously it just covered | the TCP connection). This allows callers of ssh(1) to better detect | and deal with stuck servers that accept a TCP connection but don't | progress the protocol, and also makes ConnectTimeout useful for | connections via a ProxyCommand. | * Many new regression tests, including interop tests against PuTTY's | plink. | * Support BSM auditing on Mac OS X | | This release also contains many bugfixes. Please refer to the tracking bug | https://bugzilla.mindrot.org/show_bug.cgi?id=1353 for a partial list. | The ChangeLog file in the portable OpenSSH tarballs contains a full list. | | Please fetch and test the release that is appropriate for your platform: | | If you are running OpenBSD the latest version is available in CVS HEAD, | as described at http://www.openbsd.org/anoncvs.html | | Otherwise, portable snapshots are available from | http://www.mindrot.org/openssh_snap/ and also by anonymous CVS. CVS | instructions are here: http://www.openssh.com/portable.html#cvs | | Running the regression tests supplied with Portable does not require | installation and is a simply: | | $ ./configure && make tests | | This release includes some interoperability tests against PuTTY's | plink(1). These tests may be run using "make interop-tests" if you | have plink(1) installed. | | Testing on suitable non-production systems is also appreciated. | Please send reports of success or failure to | openssh-unix-dev at mindrot.org. | | _______________________________________________ | openssh-unix-dev mailing list | openssh-unix-dev at mindrot.org | https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev | | - -- John Devitofranceschi, E-Mail: jdvf at optonline.net Fax: +1 203 348 8219 PGP Fingerprint: 0D33 5A27 0810 9543 64FB DF4A 54CF 4B40 1335 4673 "What," asked Mr. Croup, "do you want?" "What," asked the marquis de Carabas, a little more rhetorically, "does anyone want?" "Dead things," suggested Mr. Vandemar. "Extra teeth." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) iD8DBQFH28NjVM9LQBM1RnMRAglJAKDoXf6TKkwz+yCOamwQtydoq6/mJACdFcHP 9IvZZ8W0yN3jRqzSgNEHnH8=v9fq -----END PGP SIGNATURE-----
On Thu, Mar 13, 2008 at 11:50:25 +1100, Damien Miller wrote:> Hi, > > We are preparing to make the release of OpenSSH 4.8 soon, so we would > greatly appreciate testing of snapshot releases in as many environments > and on as many operating systems as possible. >The 20080318 snapshot builds and tests OK on the following platforms: RHEL 4/x86_64 w/ gcc SLES 10/IA64 w/icc 9.1 Solaris 9/SPARC w/ Sun Forte compilers It builds on AIX 5.3, but I haven't gotten through the regression tests yet. (This is most likely due to my lack of familiarity with AIX.) As noted previously, -fstack-protector-all is mistakenly used with the Intel (icc) compiler. Here's the snippet from the config.log configure:5418: checking if icc supports -fstack-protector-all configure:5441: icc -o conftest -g -O2 -Wall -Wpointer-arith -Wuninitialized -fstack-protector-al l -Werror -no_cpprt -ldl -fstack-protector-all -Werror conftest.c >&5 icc: Command line warning: ignoring unknown option '-fstack-protector-all' icc: Command line warning: ignoring unknown option '-fstack-protector-all' configure:5447: $? = 0 configure:5453: result: yes configure:5457: checking if -fstack-protector-all works configure:5482: icc -o conftest -g -O2 -Wall -Wpointer-arith -Wuninitialized -fstack-protector-al l -no_cpprt -ldl -fstack-protector-all conftest.c >&5 icc: Command line warning: ignoring unknown option '-fstack-protector-all' icc: Command line warning: ignoring unknown option '-fstack-protector-all' configure:5485: $? = 0 configure:5491: ./conftest configure:5494: $? = 0 configure:5496: result: yes Apparently, Intel is managing to fool configure into detecting icc as gcc, but -Werror is not causing the test to exit with a non-zero status. -- Iain Morgan
On 2008-03-15, Damien Miller <djm at mindrot.org> wrote:>> >> >> >> It seems to require: >> >> >> >> UsePrivilegeSeparation no >> > >> > No, it should not and does not on the platforms I have tested on. What >> > errors do you see when privsep is enabled? >> > >> >> On RHEL3u2 using sftp client version OpenSSH_3.6.1p2: > > This should fix it (already committed): >Thanks for the fix! I just tested openssh-SNAP-20080325, and now it works with "UsePrivilegeSeparation yes". -jf
Damien Miller wrote:> Hi, > > We are preparing to make the release of OpenSSH 4.8 soon, so we would > greatly appreciate testing of snapshot releases in as many environments > and on as many operating systems as possible.but changelog 20080327 and other files show version 4.9 ! Roumen -- Get X.509 certificates support in OpenSSH: http://roumenpetrov.info/openssh/