Update - for AIX 6.1 TL9 - configure: creating ./config.status config.status: creating Makefile config.status: creating buildpkg.sh config.status: creating opensshd.init config.status: creating openssh.xml config.status: creating openbsd-compat/Makefile config.status: creating openbsd-compat/regress/Makefile config.status: creating survey.sh config.status: creating config.h OpenSSH has been configured with the following options: User binaries: /opt/bin System binaries: /opt/sbin Configuration files: /opt/etc Askpass program: /opt/libexec/ssh-askpass Manual pages: /opt/share/man/manX PID file: /var/run Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/opt/bin Manpage format: man PAM support: no OSF SIA support: no KerberosV support: no SELinux support: no Smartcard support: S/KEY support: no MD5 password support: no libedit support: no Solaris process contract support: no Solaris project support: no IP address in $DISPLAY hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: OpenSSL internal ONLY Privsep sandbox style: rlimit Host: powerpc-ibm-aix6.1.0.0 Compiler: xlc Compiler flags: -g Preprocessor flags: Linker flags: -blibpath:/usr/lib:/lib Libraries: -lcrypto -lz michael at x071:[/home/michael]lslpp -L | grep ssl openssl.base 1.0.1.510 C F Open Secure Socket Layer openssl.man.en_US 1.0.1.510 C F Open Secure Socket Layer ... tests && echo all tests passed make[1]: Entering directory `/data/prj/openbsd/openssh/openssh/regress' set -e ; if test -z "" ; then \ /data/prj/openbsd/openssh/openssh/regress/unittests/sshbuf/test_sshbuf ; \ /data/prj/openbsd/openssh/openssh/regress/unittests/sshkey/test_sshkey \ -d /data/prj/openbsd/openssh/openssh/regress/unittests/sshkey/testdata ; \ /data/prj/openbsd/openssh/openssh/regress/unittests/bitmap/test_bitmap ; \ /data/prj/openbsd/openssh/openssh/regress/unittests/kex/test_kex ; \ /data/prj/openbsd/openssh/openssh/regress/unittests/hostkeys/test_hostkeys \ -d /data/prj/openbsd/openssh/openssh/regress/unittests/hostkeys/testdata ; \ fi test_sshbuf: ................................................................................................... 100 tests ok test_sshkey: ............................................................................................. ... many minutes later ... ... learn new primary hostkey rotate primary hostkey check rotate primary hostkey ok hostkey rotate make[1]: Leaving directory `/data/prj/openbsd/openssh/openssh/regress' all tests passed On Thu, Feb 19, 2015 at 11:45 PM, Damien Miller <djm at mindrot.org> wrote:> On Fri, 20 Feb 2015, Damien Miller wrote: > > > Hi, > > > > OpenSSH 6.8 is almost ready for release, so we would appreciate testing > > on as many platforms and systems as possible. This release contains > > some substantial new features and a number of bugfixes. > > ... > > > * ssh(1), sshd(8): Host key rotation support. Add a protocol > > extension for a server to inform a client of all its available > > host keys after authentication has completed. The client may > > record the keys in known_hosts, allowing it to upgrade to better > > host key algorithms and a server to gracefully rotate its keys. > > > > The client side of this is controlled by a UpdateHostkeys config > > option (default on). > > Actually, the default is off. You can enable it using UpdateHostKeys=yes > or UpdateHostKeys=ask > > -d > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >
New test - using AIX 5.3 TL7 - but against libressl-2.1.4 configure: creating ./config.status config.status: creating Makefile config.status: creating buildpkg.sh config.status: creating opensshd.init config.status: creating openssh.xml config.status: creating openbsd-compat/Makefile config.status: creating openbsd-compat/regress/Makefile config.status: creating survey.sh config.status: creating config.h config.status: config.h is unchanged OpenSSH has been configured with the following options: User binaries: /opt/bin System binaries: /opt/sbin Configuration files: /opt/etc Askpass program: /opt/libexec/ssh-askpass Manual pages: /opt/share/man/manX PID file: /opt/etc Privilege separation chroot path: /var/empty sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/opt/bin Manpage format: man PAM support: no OSF SIA support: no KerberosV support: no SELinux support: no Smartcard support: S/KEY support: no MD5 password support: no libedit support: no Solaris process contract support: no Solaris project support: no IP address in $DISPLAY hack: no Translate v4 in v6 hack: no BSD Auth support: no Random number source: OpenSSL internal ONLY Privsep sandbox style: rlimit Host: powerpc-ibm-aix5.3.0.0 Compiler: xlc Compiler flags: -g Preprocessor flags: -I/opt/libressl/include Linker flags: -L/opt/libressl/lib -blibpath:/usr/lib:/lib Libraries: -lcrypto -lz One problem coming directly is that the -L flag (-L/opt/libressl/lib is not being included in the -blibpath so the programs link, but do not run. I am sure there is a way for me to modify the blibpath - BUT - I ask you do consider inserting an openssl-dir path when it is not already in the blibpath variable. rm ssh make xlc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o mux.o roaming_common.o roaming_client.o -L. -Lopenbsd-compat/ -L/opt/libressl/lib -blibpath:/usr/lib:/lib -lssh -lopenbsd-compat -lcrypto -lz root at x064:[/data/prj/openbsd/openssh/openssh]dump -H ssh ssh: ***Loader Section*** Loader Header Information VERSION# #SYMtableENT #RELOCent LENidSTR 0x00000001 0x0000014a 0x0000075a 0x0000003b #IMPfilID OFFidSTR LENstrTBL OFFstrTBL 0x00000003 0x00007748 0x00000c6d 0x00007783 ***Import File Strings*** INDEX PATH BASE MEMBER 0 /usr/lib:/lib 1 libc.a shr.o 2 libcrypto.a libcrypto.so.32 root at x064:[/data/prj/openbsd/openssh/openssh]ldd ssh ssh needs: /usr/lib/libc.a(shr.o) /usr/lib/libcrypto.a(libcrypto.so.32) ar: 0707-109 Member name libcrypto.so.32 does not exist. dump: /tmp/tmpdir733264/extract/libcrypto.so.32: 0654-106 Cannot open the specified file. /unix /usr/lib/libcrypt.a(shr.o) Modified blibpath: xlc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect1.o sshconnect2.o mux.o roaming_common.o roaming_client.o -L. -Lopenbsd-compat/ -L/opt/libressl/lib -blibpath:/opt/libressl/ lib:/usr/lib:/lib -lssh -lopenbsd-compat -lcrypto -lz root at x064:[/data/prj/openbsd/openssh/openssh]ldd ssh ssh needs: /usr/lib/libc.a(shr.o) /opt/libressl/lib/libcrypto.a(libcrypto.so.32) /unix /usr/lib/libcrypt.a(shr.o) /usr/lib/libperfstat.a(shr.o) /usr/lib/libpthread.a(shr_xpg5.o) /usr/lib/libpthreads.a(shr_xpg5.o) /usr/lib/libcfg.a(shr.o) /usr/lib/libodm.a(shr.o) /usr/lib/liblvm.a(shr.o) /usr/lib/libpthreads.a(shr_comm.o) This can be corrected with LIBPATH root at x064:[/data/prj/openbsd/openssh/openssh]ldd ssh ssh needs: /usr/lib/libc.a(shr.o) /usr/lib/libcrypto.a(libcrypto.so.32) ar: 0707-109 Member name libcrypto.so.32 does not exist. dump: /tmp/tmpdir733294/extract/libcrypto.so.32: 0654-106 Cannot open the specified file. /unix /usr/lib/libcrypt.a(shr.o) root at x064:[/data/prj/openbsd/openssh/openssh]LIBPATH=/opt/libressl/lib ldd ssh ssh needs: /usr/lib/libc.a(shr.o) /opt/libressl/lib/libcrypto.a(libcrypto.so.32) /unix /usr/lib/libcrypt.a(shr.o) /usr/lib/libperfstat.a(shr.o) /usr/lib/libpthread.a(shr_xpg5.o) /usr/lib/libpthreads.a(shr_xpg5.o) /usr/lib/libcfg.a(shr.o) /usr/lib/libodm.a(shr.o) /usr/lib/liblvm.a(shr.o) /usr/lib/libpthreads.a(shr_comm.o) I shall use LIBPATH - and post - I expect all test successful - later. On Fri, Feb 27, 2015 at 2:07 PM, Michael Felt <aixtools at gmail.com> wrote:> Update - for AIX 6.1 TL9 - > configure: creating ./config.status > config.status: creating Makefile > config.status: creating buildpkg.sh > config.status: creating opensshd.init > config.status: creating openssh.xml > config.status: creating openbsd-compat/Makefile > config.status: creating openbsd-compat/regress/Makefile > config.status: creating survey.sh > config.status: creating config.h > > OpenSSH has been configured with the following options: > User binaries: /opt/bin > System binaries: /opt/sbin > Configuration files: /opt/etc > Askpass program: /opt/libexec/ssh-askpass > Manual pages: /opt/share/man/manX > PID file: /var/run > Privilege separation chroot path: /var/empty > sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/opt/bin > Manpage format: man > PAM support: no > OSF SIA support: no > KerberosV support: no > SELinux support: no > Smartcard support: > S/KEY support: no > MD5 password support: no > libedit support: no > Solaris process contract support: no > Solaris project support: no > IP address in $DISPLAY hack: no > Translate v4 in v6 hack: no > BSD Auth support: no > Random number source: OpenSSL internal ONLY > Privsep sandbox style: rlimit > > Host: powerpc-ibm-aix6.1.0.0 > Compiler: xlc > Compiler flags: -g > Preprocessor flags: > Linker flags: -blibpath:/usr/lib:/lib > Libraries: -lcrypto -lz > > michael at x071:[/home/michael]lslpp -L | grep ssl > openssl.base 1.0.1.510 C F Open Secure Socket Layer > openssl.man.en_US 1.0.1.510 C F Open Secure Socket Layer > > ... > tests && echo all tests passed > make[1]: Entering directory `/data/prj/openbsd/openssh/openssh/regress' > set -e ; if test -z "" ; then \ > > /data/prj/openbsd/openssh/openssh/regress/unittests/sshbuf/test_sshbuf ; \ > > /data/prj/openbsd/openssh/openssh/regress/unittests/sshkey/test_sshkey \ > -d > /data/prj/openbsd/openssh/openssh/regress/unittests/sshkey/testdata ; \ > > /data/prj/openbsd/openssh/openssh/regress/unittests/bitmap/test_bitmap ; \ > /data/prj/openbsd/openssh/openssh/regress/unittests/kex/test_kex ; > \ > > /data/prj/openbsd/openssh/openssh/regress/unittests/hostkeys/test_hostkeys \ > -d > /data/prj/openbsd/openssh/openssh/regress/unittests/hostkeys/testdata ; \ > fi > test_sshbuf: > ................................................................................................... > 100 tests ok > test_sshkey: > ............................................................................................. > > ... > many minutes later ... > ... > learn new primary hostkey > rotate primary hostkey > check rotate primary hostkey > ok hostkey rotate > make[1]: Leaving directory `/data/prj/openbsd/openssh/openssh/regress' > all tests passed > > > > On Thu, Feb 19, 2015 at 11:45 PM, Damien Miller <djm at mindrot.org> wrote: > >> On Fri, 20 Feb 2015, Damien Miller wrote: >> >> > Hi, >> > >> > OpenSSH 6.8 is almost ready for release, so we would appreciate testing >> > on as many platforms and systems as possible. This release contains >> > some substantial new features and a number of bugfixes. >> >> ... >> >> > * ssh(1), sshd(8): Host key rotation support. Add a protocol >> > extension for a server to inform a client of all its available >> > host keys after authentication has completed. The client may >> > record the keys in known_hosts, allowing it to upgrade to better >> > host key algorithms and a server to gracefully rotate its keys. >> > >> > The client side of this is controlled by a UpdateHostkeys config >> > option (default on). >> >> Actually, the default is off. You can enable it using UpdateHostKeys=yes >> or UpdateHostKeys=ask >> >> -d >> _______________________________________________ >> openssh-unix-dev mailing list >> openssh-unix-dev at mindrot.org >> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >> > >
On Fri, Feb 27, 2015 at 9:19 AM, Michael Felt <aixtools at gmail.com> wrote:> > One problem coming directly is that the -L flag (-L/opt/libressl/lib is not > being included in the -blibpath so the programs link, but do not run. > I am sure there is a way for me to modify the blibpath - BUT - I ask you do > consider inserting an openssl-dir path when it is not > already in the blibpath variable. >There's a reason why it isn't: where that directory is writeable by a non-root user it becomes a vector for local privilege escalation via OpenSSH's setuid binaries. http://lists.mindrot.org/pipermail/openssh-unix-dev/2003-April/017768.html Now that decision was made back in the day when OpenSSL's shared library support was still considered experimental. Maybe we could check that the path is a) absolute and b) system-owned all the way down and add it to blibpath if both are true. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Came this far - then ended - even with LIBPATH exported... APOLOGIES --- This mail was in DRAFT --- It's purpose is to show that setting LIBPATH alone is not enough to pass all the tests. Apparently, somewhere LIBPATH gets unset - as it was 'exported' before 'make tests' FYI only! test try ciphers: proto 1 cipher 3des test try ciphers: proto 1 cipher blowfish ok try ciphers run test yes-head.sh ... sh: There is no process to read data written to a pipe. ok yes pipe head run test login-timeout.sh ... ok connect after login grace timeout run test agent.sh ... ssh-add -l via agent fwd proto 1 failed (exit code 255) exec(): 0509-036 Cannot load program /data/prj/openbsd/openssh/openssh/ssh because of the following errors: 0509-150 Dependent module /usr/lib/libcrypto.a(libcrypto.so.32) could not be loaded. 0509-152 Member libcrypto.so.32 is not found in archive agent fwd proto 1 failed (exit code 255) ssh-add -l via agent fwd proto 2 failed (exit code 255) exec(): 0509-036 Cannot load program /data/prj/openbsd/openssh/openssh/ssh because of the following errors: 0509-150 Dependent module /usr/lib/libcrypto.a(libcrypto.so.32) could not be loaded. 0509-152 Member libcrypto.so.32 is not found in archive agent fwd proto 2 failed (exit code 255) failed simple agent test make[1]: *** [t-exec] Error 1 make[1]: Leaving directory `/data/prj/openbsd/openssh/openssh/regress' make: *** [tests] Error 2 On Fri, Feb 27, 2015 at 3:19 PM, Michael Felt <aixtools at gmail.com> wrote:> New test - using AIX 5.3 TL7 - but against libressl-2.1.4 > > configure: creating ./config.status > config.status: creating Makefile > config.status: creating buildpkg.sh > config.status: creating opensshd.init > config.status: creating openssh.xml > config.status: creating openbsd-compat/Makefile > config.status: creating openbsd-compat/regress/Makefile > config.status: creating survey.sh > config.status: creating config.h > config.status: config.h is unchanged > > OpenSSH has been configured with the following options: > User binaries: /opt/bin > System binaries: /opt/sbin > Configuration files: /opt/etc > Askpass program: /opt/libexec/ssh-askpass > Manual pages: /opt/share/man/manX > PID file: /opt/etc > Privilege separation chroot path: /var/empty > sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/opt/bin > Manpage format: man > PAM support: no > OSF SIA support: no > KerberosV support: no > SELinux support: no > Smartcard support: > S/KEY support: no > MD5 password support: no > libedit support: no > Solaris process contract support: no > Solaris project support: no > IP address in $DISPLAY hack: no > Translate v4 in v6 hack: no > BSD Auth support: no > Random number source: OpenSSL internal ONLY > Privsep sandbox style: rlimit > > Host: powerpc-ibm-aix5.3.0.0 > Compiler: xlc > Compiler flags: -g > Preprocessor flags: -I/opt/libressl/include > Linker flags: -L/opt/libressl/lib -blibpath:/usr/lib:/lib > Libraries: -lcrypto -lz > > One problem coming directly is that the -L flag (-L/opt/libressl/lib is > not being included in the -blibpath so the programs link, but do not run. > I am sure there is a way for me to modify the blibpath - BUT - I ask you > do consider inserting an openssl-dir path when it is not > already in the blibpath variable. > > rm ssh > make > xlc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o > sshconnect1.o sshconnect2.o mux.o roaming_common.o roaming_client.o -L. > -Lopenbsd-compat/ -L/opt/libressl/lib -blibpath:/usr/lib:/lib -lssh > -lopenbsd-compat -lcrypto -lz > > root at x064:[/data/prj/openbsd/openssh/openssh]dump -H ssh > > ssh: > > ***Loader Section*** > Loader Header Information > VERSION# #SYMtableENT #RELOCent LENidSTR > 0x00000001 0x0000014a 0x0000075a 0x0000003b > > #IMPfilID OFFidSTR LENstrTBL OFFstrTBL > 0x00000003 0x00007748 0x00000c6d 0x00007783 > > > ***Import File Strings*** > INDEX PATH BASE > MEMBER > 0 > /usr/lib:/lib > 1 libc.a > shr.o > 2 libcrypto.a > libcrypto.so.32 > root at x064:[/data/prj/openbsd/openssh/openssh]ldd ssh > ssh needs: > /usr/lib/libc.a(shr.o) > /usr/lib/libcrypto.a(libcrypto.so.32) > ar: 0707-109 Member name libcrypto.so.32 does not exist. > dump: /tmp/tmpdir733264/extract/libcrypto.so.32: 0654-106 Cannot open the > specified file. > /unix > /usr/lib/libcrypt.a(shr.o) > > Modified blibpath: > > xlc -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o > sshconnect1.o sshconnect2.o mux.o roaming_common.o roaming_client.o -L. > -Lopenbsd-compat/ -L/opt/libressl/lib -blibpath:/opt/libressl/ > lib:/usr/lib:/lib -lssh -lopenbsd-compat -lcrypto -lz > > root at x064:[/data/prj/openbsd/openssh/openssh]ldd ssh > ssh needs: > /usr/lib/libc.a(shr.o) > /opt/libressl/lib/libcrypto.a(libcrypto.so.32) > /unix > /usr/lib/libcrypt.a(shr.o) > /usr/lib/libperfstat.a(shr.o) > /usr/lib/libpthread.a(shr_xpg5.o) > /usr/lib/libpthreads.a(shr_xpg5.o) > /usr/lib/libcfg.a(shr.o) > /usr/lib/libodm.a(shr.o) > /usr/lib/liblvm.a(shr.o) > /usr/lib/libpthreads.a(shr_comm.o) > > This can be corrected with LIBPATH > > root at x064:[/data/prj/openbsd/openssh/openssh]ldd > ssh > ssh needs: > /usr/lib/libc.a(shr.o) > /usr/lib/libcrypto.a(libcrypto.so.32) > ar: 0707-109 Member name libcrypto.so.32 does not exist. > dump: /tmp/tmpdir733294/extract/libcrypto.so.32: 0654-106 Cannot open the > specified file. > /unix > /usr/lib/libcrypt.a(shr.o) > > root at x064:[/data/prj/openbsd/openssh/openssh]LIBPATH=/opt/libressl/lib > ldd ssh > ssh needs: > /usr/lib/libc.a(shr.o) > /opt/libressl/lib/libcrypto.a(libcrypto.so.32) > /unix > /usr/lib/libcrypt.a(shr.o) > /usr/lib/libperfstat.a(shr.o) > /usr/lib/libpthread.a(shr_xpg5.o) > /usr/lib/libpthreads.a(shr_xpg5.o) > /usr/lib/libcfg.a(shr.o) > /usr/lib/libodm.a(shr.o) > /usr/lib/liblvm.a(shr.o) > /usr/lib/libpthreads.a(shr_comm.o) > > > I shall use LIBPATH - and post - I expect all test successful - later. > > On Fri, Feb 27, 2015 at 2:07 PM, Michael Felt <aixtools at gmail.com> wrote: > >> Update - for AIX 6.1 TL9 - >> configure: creating ./config.status >> config.status: creating Makefile >> config.status: creating buildpkg.sh >> config.status: creating opensshd.init >> config.status: creating openssh.xml >> config.status: creating openbsd-compat/Makefile >> config.status: creating openbsd-compat/regress/Makefile >> config.status: creating survey.sh >> config.status: creating config.h >> >> OpenSSH has been configured with the following options: >> User binaries: /opt/bin >> System binaries: /opt/sbin >> Configuration files: /opt/etc >> Askpass program: /opt/libexec/ssh-askpass >> Manual pages: /opt/share/man/manX >> PID file: /var/run >> Privilege separation chroot path: /var/empty >> sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/opt/bin >> Manpage format: man >> PAM support: no >> OSF SIA support: no >> KerberosV support: no >> SELinux support: no >> Smartcard support: >> S/KEY support: no >> MD5 password support: no >> libedit support: no >> Solaris process contract support: no >> Solaris project support: no >> IP address in $DISPLAY hack: no >> Translate v4 in v6 hack: no >> BSD Auth support: no >> Random number source: OpenSSL internal ONLY >> Privsep sandbox style: rlimit >> >> Host: powerpc-ibm-aix6.1.0.0 >> Compiler: xlc >> Compiler flags: -g >> Preprocessor flags: >> Linker flags: -blibpath:/usr/lib:/lib >> Libraries: -lcrypto -lz >> >> michael at x071:[/home/michael]lslpp -L | grep ssl >> openssl.base 1.0.1.510 C F Open Secure Socket >> Layer >> openssl.man.en_US 1.0.1.510 C F Open Secure Socket >> Layer >> >> ... >> tests && echo all tests passed >> make[1]: Entering directory `/data/prj/openbsd/openssh/openssh/regress' >> set -e ; if test -z "" ; then \ >> >> /data/prj/openbsd/openssh/openssh/regress/unittests/sshbuf/test_sshbuf ; \ >> >> /data/prj/openbsd/openssh/openssh/regress/unittests/sshkey/test_sshkey \ >> -d >> /data/prj/openbsd/openssh/openssh/regress/unittests/sshkey/testdata ; \ >> >> /data/prj/openbsd/openssh/openssh/regress/unittests/bitmap/test_bitmap ; \ >> /data/prj/openbsd/openssh/openssh/regress/unittests/kex/test_kex >> ; \ >> >> /data/prj/openbsd/openssh/openssh/regress/unittests/hostkeys/test_hostkeys \ >> -d >> /data/prj/openbsd/openssh/openssh/regress/unittests/hostkeys/testdata ; \ >> fi >> test_sshbuf: >> ................................................................................................... >> 100 tests ok >> test_sshkey: >> ............................................................................................. >> >> ... >> many minutes later ... >> ... >> learn new primary hostkey >> rotate primary hostkey >> check rotate primary hostkey >> ok hostkey rotate >> make[1]: Leaving directory `/data/prj/openbsd/openssh/openssh/regress' >> all tests passed >> >> >> >> On Thu, Feb 19, 2015 at 11:45 PM, Damien Miller <djm at mindrot.org> wrote: >> >>> On Fri, 20 Feb 2015, Damien Miller wrote: >>> >>> > Hi, >>> > >>> > OpenSSH 6.8 is almost ready for release, so we would appreciate testing >>> > on as many platforms and systems as possible. This release contains >>> > some substantial new features and a number of bugfixes. >>> >>> ... >>> >>> > * ssh(1), sshd(8): Host key rotation support. Add a protocol >>> > extension for a server to inform a client of all its available >>> > host keys after authentication has completed. The client may >>> > record the keys in known_hosts, allowing it to upgrade to better >>> > host key algorithms and a server to gracefully rotate its keys. >>> > >>> > The client side of this is controlled by a UpdateHostkeys config >>> > option (default on). >>> >>> Actually, the default is off. You can enable it using UpdateHostKeys=yes >>> or UpdateHostKeys=ask >>> >>> -d >>> _______________________________________________ >>> openssh-unix-dev mailing list >>> openssh-unix-dev at mindrot.org >>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >>> >> >> >