Debian GNU/Linux 8.0 (jessie) OpenSSL 1.0.1k gcc (Debian 4.9.2-10) 4.9.2 "make tests" fails here: /usr/src/INET/openssh/ssh-keygen -lf /usr/src/INET/openssh/regress//t12.out.pub | grep test-comment-1234>/dev/nullrun test connect.sh ... ssh connect with protocol 1 failed ssh connect with protocol 2 failed failed simple connect Makefile:192: recipe for target 't-exec' failed make[1]: *** [t-exec] Error 1 make[1]: Leaving directory '/usr/src/INET/openssh/regress' Makefile:544: recipe for target 'tests' failed make: *** [tests] Error 2 ?failed-ssh.log ends with: debug1: Authentications that can continue: publickey,password,keyboard-interactive debug3: start over, passed a different list publickey,password,keyboard-interactive debug3: preferred publickey debug3: authmethod_lookup publickey debug3: remaining preferred: debug3: authmethod_is_enabled publickey debug1: Next authentication method: publickey debug1: Offering RSA public key: /usr/src/INET/openssh/regress/rsa debug3: send_pubkey_test debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: pkalg ssh-rsa blen 279 debug2: input_userauth_pk_ok: fp SHA256:9nhdTr/rVwghJZfRSbSVGw1Rb7TuhygvZoYal45dJ98 debug3: sign_and_send_pubkey: RSA SHA256:9nhdTr/rVwghJZfRSbSVGw1Rb7TuhygvZoYal45dJ98 debug1: Authentications that can continue: publickey,password,keyboard-interactive debug2: we did not send a packet, disable method debug1: No more authentication methods to try. Permission denied (publickey,password,keyboard-interactive). FAIL: ssh connect with protocol 2 failed ? ?failed-sshd.log ends with: debug2: input_userauth_request: try method publickey [preauth] debug3: mm_key_allowed entering [preauth] debug3: mm_request_send entering: type 22 [preauth] debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth] debug3: mm_request_receive_expect entering: type 23 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 22 debug3: mm_answer_keyallowed entering debug3: mm_answer_keyallowed: key_from_blob: 0x7f0b6f1499d0 debug1: temporarily_use_uid: 0/0 (e=0/0) debug1: trying public key file /usr/src/INET/openssh/regress/authorized_keys_root debug1: fd 4 clearing O_NONBLOCK debug1: matching key found: file /usr/src/INET/openssh/regress/authorized_keys_root, line 1 RSA SHA256:9nhdTr/rVwghJZfRSbSVGw1Rb7TuhygvZoYal45dJ98 debug1: restore_uid: 0/0 debug3: mm_answer_keyallowed: key 0x7f0b6f1499d0 is allowed debug3: mm_request_send entering: type 23 debug3: mm_key_verify entering [preauth] debug3: mm_request_send entering: type 24 [preauth] debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth] debug3: mm_request_receive_expect entering: type 25 [preauth] debug3: mm_request_receive entering [preauth] debug3: mm_request_receive entering debug3: monitor_read: checking request 24 debug3: mm_answer_keyverify: key 0x7f0b6f149c30 signature verified debug3: mm_request_send entering: type 25 ROOT LOGIN REFUSED FROM 127.0.0.1 Failed publickey for root from 127.0.0.1 port 36951 ssh2: RSA SHA256:9nhdTr/rVwghJZfRSbSVGw1Rb7TuhygvZoYal45dJ98 debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa [preauth] ROOT LOGIN REFUSED FROM 127.0.0.1 [preauth] debug3: userauth_finish: failure partial=0 next methods="publickey,password,keyboard-interactive" [preauth] FAIL: ssh connect with protocol 2 failed Connection closed by 127.0.0.1 [preauth] debug1: do_cleanup [preauth] debug1: monitor_read_log: child log fd closed debug3: mm_request_receive entering debug1: do_cleanup debug1: Killing privsep child 25262 On Sat, May 30, 2015 at 9:30 AM, Kevin Brott <kevin.brott at gmail.com> wrote:> > Starting building/testing for the lab systems I have Monday. > > Any chance a fix for Bug 2404 < > https://bugzilla.mindrot.org/show_bug.cgi?id=2404> could get wedged in > before release? > > -- > # include <stddisclaimer.h> > /* Kevin Brott <Kevin.Brott at gmail.com> */ > >-- # include <stddisclaimer.h> /* Kevin Brott <Kevin.Brott at gmail.com> */
So far BSD/OS and opensh 6.9 pre works with ZOC and Tera Term. Putty and WINSCP are broken. Will test on FreeBSD 10.1 amd64 -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism UK! Vote LDem on 7 May 2015!!
Would anyone like to make a 6.9 server available for testing our client (Anzio) against? On Sat, 30 May 2015, The Doctor wrote:> So far BSD/OS and opensh 6.9 pre works with ZOC and Tera Term. > > Putty and WINSCP are broken. > > Will test on FreeBSD 10.1 amd64 > > -- > Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca > God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! > http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism > UK! Vote LDem on 7 May 2015!! > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >Regards, ....Bob Rasmussen, President, Rasmussen Software, Inc. personal e-mail: ras at anzio.com company e-mail: rsi at anzio.com voice: (US) 503-624-0360 (9:00-6:00 Pacific Time) fax: (US) 503-624-0760 web: http://www.anzio.com street address: Rasmussen Software, Inc. 10240 SW Nimbus, Suite L9 Portland, OR 97223 USA
On Sun, May 31, 2015 at 7:12 AM, The Doctor <doctor at doctor.nl2k.ab.ca> wrote:> So far BSD/OS and opensh 6.9 pre works with ZOC and Tera Term. > > Putty and WINSCP are broken. >Could you please elaborate on "broken"? Which version of PuTTY? (I'm not familiar with WinSCP versions but I believe the code is based on PuTTY, so I think if we figure out PuTTY then the same will probably apply to WinSCP). Could you please run sshd and plink in debug mode ("/eg path/to/sshd -ddde -p 2022" and "plink -v -P 2022 yourhost") -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On Sun, May 31, 2015 at 4:56 AM, Kevin Brott <kevin.brott at gmail.com> wrote: [...]> > ROOT LOGIN REFUSED FROM 127.0.0.1You were running the tests as root? I think we need to add PermitRootLogin=yes to the regression tests to cover this case.> On Sat, May 30, 2015 at 9:30 AM, Kevin Brott <kevin.brott at gmail.com> > wrote: > > > > > Starting building/testing for the lab systems I have Monday. > > > > Any chance a fix for Bug 2404 < > > https://bugzilla.mindrot.org/show_bug.cgi?id=2404> could get wedged in > > before release? >I'm looking at it but I don't understand what needs to change yet, so I'm not sure if it'll make it in time. scp is not my favourite piece of code. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
are you running the tests as root? It's possible the tests are broken for root given the recent change of PermitRootLogin's default On Sat, 30 May 2015, Kevin Brott wrote:> Debian GNU/Linux 8.0 (jessie) > OpenSSL 1.0.1k > gcc (Debian 4.9.2-10) 4.9.2 > > "make tests" fails here: > /usr/src/INET/openssh/ssh-keygen -lf > /usr/src/INET/openssh/regress//t12.out.pub | grep test-comment-1234 > >/dev/null > run test connect.sh ... > ssh connect with protocol 1 failed > ssh connect with protocol 2 failed > failed simple connect > Makefile:192: recipe for target 't-exec' failed > make[1]: *** [t-exec] Error 1 > make[1]: Leaving directory '/usr/src/INET/openssh/regress' > Makefile:544: recipe for target 'tests' failed > make: *** [tests] Error 2 > > ?failed-ssh.log ends with: > debug1: Authentications that can continue: > publickey,password,keyboard-interactive > debug3: start over, passed a different list > publickey,password,keyboard-interactive > debug3: preferred publickey > debug3: authmethod_lookup publickey > debug3: remaining preferred: > debug3: authmethod_is_enabled publickey > debug1: Next authentication method: publickey > debug1: Offering RSA public key: /usr/src/INET/openssh/regress/rsa > debug3: send_pubkey_test > debug2: we sent a publickey packet, wait for reply > debug1: Server accepts key: pkalg ssh-rsa blen 279 > debug2: input_userauth_pk_ok: fp > SHA256:9nhdTr/rVwghJZfRSbSVGw1Rb7TuhygvZoYal45dJ98 > debug3: sign_and_send_pubkey: RSA > SHA256:9nhdTr/rVwghJZfRSbSVGw1Rb7TuhygvZoYal45dJ98 > debug1: Authentications that can continue: > publickey,password,keyboard-interactive > debug2: we did not send a packet, disable method > debug1: No more authentication methods to try. > Permission denied (publickey,password,keyboard-interactive). > FAIL: ssh connect with protocol 2 failed > ? > ?failed-sshd.log ends with: > debug2: input_userauth_request: try method publickey [preauth] > debug3: mm_key_allowed entering [preauth] > debug3: mm_request_send entering: type 22 [preauth] > debug3: mm_key_allowed: waiting for MONITOR_ANS_KEYALLOWED [preauth] > debug3: mm_request_receive_expect entering: type 23 [preauth] > debug3: mm_request_receive entering [preauth] > debug3: mm_request_receive entering > debug3: monitor_read: checking request 22 > debug3: mm_answer_keyallowed entering > debug3: mm_answer_keyallowed: key_from_blob: 0x7f0b6f1499d0 > debug1: temporarily_use_uid: 0/0 (e=0/0) > debug1: trying public key file > /usr/src/INET/openssh/regress/authorized_keys_root > debug1: fd 4 clearing O_NONBLOCK > debug1: matching key found: file > /usr/src/INET/openssh/regress/authorized_keys_root, line 1 RSA > SHA256:9nhdTr/rVwghJZfRSbSVGw1Rb7TuhygvZoYal45dJ98 > debug1: restore_uid: 0/0 > debug3: mm_answer_keyallowed: key 0x7f0b6f1499d0 is allowed > debug3: mm_request_send entering: type 23 > debug3: mm_key_verify entering [preauth] > debug3: mm_request_send entering: type 24 [preauth] > debug3: mm_key_verify: waiting for MONITOR_ANS_KEYVERIFY [preauth] > debug3: mm_request_receive_expect entering: type 25 [preauth] > debug3: mm_request_receive entering [preauth] > debug3: mm_request_receive entering > debug3: monitor_read: checking request 24 > debug3: mm_answer_keyverify: key 0x7f0b6f149c30 signature verified > debug3: mm_request_send entering: type 25 > ROOT LOGIN REFUSED FROM 127.0.0.1 > Failed publickey for root from 127.0.0.1 port 36951 ssh2: RSA > SHA256:9nhdTr/rVwghJZfRSbSVGw1Rb7TuhygvZoYal45dJ98 > debug2: userauth_pubkey: authenticated 1 pkalg ssh-rsa [preauth] > ROOT LOGIN REFUSED FROM 127.0.0.1 [preauth] > debug3: userauth_finish: failure partial=0 next > methods="publickey,password,keyboard-interactive" [preauth] > FAIL: ssh connect with protocol 2 failed > Connection closed by 127.0.0.1 [preauth] > debug1: do_cleanup [preauth] > debug1: monitor_read_log: child log fd closed > debug3: mm_request_receive entering > debug1: do_cleanup > debug1: Killing privsep child 25262 > > > On Sat, May 30, 2015 at 9:30 AM, Kevin Brott <kevin.brott at gmail.com> wrote: > > > > > Starting building/testing for the lab systems I have Monday. > > > > Any chance a fix for Bug 2404 < > > https://bugzilla.mindrot.org/show_bug.cgi?id=2404> could get wedged in > > before release? > > > > -- > > # include <stddisclaimer.h> > > /* Kevin Brott <Kevin.Brott at gmail.com> */ > > > > > > > -- > # include <stddisclaimer.h> > /* Kevin Brott <Kevin.Brott at gmail.com> */ > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev >
On Sat, 30 May 2015, The Doctor wrote:> So far BSD/OS and opensh 6.9 pre works with ZOC and Tera Term. > > Putty and WINSCP are broken.broken how?
On 2015-06-01 1:06 AM, Darren Tucker wrote:> You were running the tests as root? I think we need to add > PermitRootLogin=yes to the regression tests to cover this case.I filed a bug report (https://bugzilla.mindrot.org/show_bug.cgi?id=2412), prematurely perhaps (i.e., I hope not a duplicate) - and doing a su to michael helped the tests along - a lot. In the end some of the tests fail because AIX diff does not support the -u option. I shall rerun tomorrow with gnu diff installed. As I never use sudo - how is "make tests" expected to work on pristine system? Or will sudo just default to letting everyone become root so "rootlike" things can be tested? (This is why for builds I test as root - so applications can verify they drop "super" powers. Please note: that this build that is passing tests is the same build process (less one argument --without-openssl). So, I am hoping you will be able to get "make tests" working (on AIX) in time for 6.9p1. (and I requested the https://bugzilla.mindrot.org/show_bug.cgi?id=2370 be reopened - or do you prefer a new one as the "symptom" has changed. * I have not forgotten it is 'experimental' - but I would love to be able to try it in production! Details are at https://bugzilla.mindrot.org/show_bug.cgi?id=2412
On 2015-06-01 1:06 AM, Darren Tucker wrote: You were running the tests as root? I think we need to add PermitRootLogin=yes to the regression tests to cover this case. I filed a bug report (https://bugzilla.mindrot.org/show_bug.cgi?id=2412), prematurely perhaps I hope (i.e., I hope not a duplicate) - and doing a su to michael helped the tests along - a lot. In the end some of the tests fail because AIX diff does not support the -u option. I shall rerun tomorrow with gnu diff installed. As I never use sudo - how is "make tests" expected to work on pristine system? Or will sudo just default to letting everyone become root so "rootlike" things can be tested? (This is why for builds I test as root - so applications can verify they drop "super" powers. Please note: that this build that is passing tests is the same build process (less one argument --without-openssl). So, I am hoping you will be able to get "make tests" working (on AIX) in time for 6.9p1. (and I requested the https://bugzilla.mindrot.org/show_bug.cgi?id=2370 be reopened - or do you prefer a new one as the "symptom" has changed. * I have not forgotten it is 'experimental' - but I would love to be able to try it in production! *** 3 days later *** hope this is not a repeat, but found this in gmail drafts rather than as sent ***