Call for testing: OpenSSH 8.9

[Damien Miller]

Hi,

OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.

Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/

The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html

Portable OpenSSH is also available via git using the
instructions at http://www.openssh.com/portable.html#cvs
At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
https://github.com/openssh/openssh-portable

Running the regression tests supplied with Portable OpenSSH does not
require installation and is a simply:

$ ./configure && make tests

Live testing on suitable non-production systems is also appreciated.
Please send reports of success or failure to
openssh-...@mindrot.org. Security bugs should be reported
directly to ope...@openssh.com.

Below is a summary of changes. More detail may be found in the ChangeLog
in the portable OpenSSH tarballs.

Thanks to the many people who contributed to this release.

Future deprecation notice
=========================

A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.

Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.

This creates one area of potential incompatibility: scp(1) when using
the SFTP protocol no longer requires this finicky and brittle quoting,
and attempts to use it may cause transfers to fail. We consider the
removal of the need for double-quoting shell characters in file names
to be a benefit and do not intend to introduce bug-compatibility for
legacy scp/rcp in scp(1) when using the SFTP protocol.

Another area of potential incompatibility relates to the use of remote
paths relative to other user's home directories, for example -
"scp host:~user/file /tmp". The SFTP protocol has no native way to
expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later
support a protocol extension "expan...@openssh.com" to support
this.

Potentially-incompatible changes
================================

* sshd(8), portable OpenSSH only: this release removes in-built
support for MD5-hashed passwords. If you require these on your
system then we recommend linking against libxcrypt or similar.

* This release modifies the FIDO security key middleware interface
and increments SSH_SK_VERSION_MAJOR.

Changes since OpenSSH 8.8
=========================

This release includes a number of new features.

New features
------------

* ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
restricting forwarding and use of keys added to ssh-agent(1)
A detailed description of the feature is available at
https://www.openssh.com/agent-restrict.html and the protocol
extensions are documented in the PROTOCOL and PROTOCOL.agent
files in the source release.

* ssh(1), sshd(8): add the sntrup761x2...@openssh.com hybrid
ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
default KEXAlgorithms list (after the ECDH methods but before the
prime-group DH ones).

* ssh-keygen(1): when downloading resident keys from a FIDO token,
pass back the user ID that was used when the key was created and
append it to the filename the key is written to (if it is not the
default). Avoids keys being clobbered if the user created multiple
resident keys with the same application string but different user
IDs.

* ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys
on tokens that provide user verification (UV) on the device itself,
including biometric keys, avoiding unnecessary PIN prompts.

* ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to
perform matching of principals names against an allowed signers
file. To be used towards a TOFU model for SSH signatures in git.

* ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added
to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at
authentication time.

* ssh-keygen(1): allow selection of hash at sshsig signing time
(either sha512 (default) or sha256).

* ssh(1), sshd(8): read network data directly to the packet input
buffer instead indirectly via a small stack buffer. Provides a
modest performance improvement.

* ssh(1), sshd(8): read data directly to the channel input buffer,
providing a similar modest performance improvement.

* ssh(1): extend the PubkeyAuthentication configuration directive to
accept yes|no|unbound|host-bound to allow control over one of the
protocol extensions used to implement agent-restricted keys.

Bugfixes
--------

* sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and
PubkeyAuthOptions can be used in a Match block. PR#277.

* ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
exchange hashes

* ssh(1): don't put the TTY into raw mode when SessionType=none,
avoids ^C being unable to kill such a session. bz3360

* scp(1): fix some corner-case bugs in SFTP-mode handling of
~-prefixed paths.

* ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to
select RSA keys when only RSA/SHA2 signature algorithms are
configured (this is the default case). Previously RSA keys were
not being considered in the default case.

* ssh-keysign(1): make ssh-keysign use the requested signature
algorithm and not the default for the key type. Part of unbreaking
hostbased auth for RSA/SHA2 keys.

* ssh(1): stricter UpdateHostkey signature verification logic on
the client- side. Require RSA/SHA2 signatures for RSA hostkeys
except when RSA/SHA1 was explicitly negotiated during initial
KEX; bz3375

* ssh(1), sshd(8): fix signature algorithm selection logic for
UpdateHostkeys on the server side. The previous code tried to
prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some
cases. This will use RSA/SHA2 signatures for RSA keys if the
client proposed these algorithms in initial KEX. bz3375

* All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2).
This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1)
and sftp-server(8), as well as the sshd(8) listen loop and all
other FD read/writability checks. On platforms with missing or
broken poll(2)/ppoll(2) syscalls as select(2)-based compat shim is
available.

* ssh-keygen(1): the "-Y find-principals" command was verifying key
validity when using ca certs but not with simple key lifetimes
within the allowed signers file.

* ssh-keygen(1): make sshsig verify-time argument parsing optional

* ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA
keys (we already did this for RSA keys). Avoids fatal errors for
PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
"cryptoauthlib"; bz#3364

* ssh(1), ssh-agent(1): improve the testing of credentials against
inserted FIDO: ask the token whether a particular key belongs to
it in cases where the token supports on-token user-verification
(e.g. biometrics) rather than just assuming that it will accept it.

Will reduce spurious "Confirm user presence" notifications for key
handles that relate to FIDO keys that are not currently inserted in at
least some cases. bz3366

* ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to
allow for the preceding two ECN bits. bz#3373

* ssh-keygen(1): add missing -O option to usage() for the "-Y sign"
option.

* ssh-keygen(1): fix a NULL deref when using the find-principals
function, when matching an allowed_signers line that contains a
namespace restriction, but no restriction specified on the
command-line

* ssh-agent(1): fix memleak in process_extension(); oss-fuzz
issue #42719

* ssh(1): suppress "Connection to xxx closed" messages when LogLevel
is set to "error" or above. bz3378

* ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing
compressed packet data. bz3372

* scp(1): when recursively transferring files in SFTP mode, create the
destination directory if it doesn't already exist to match scp(1) in
legacy RCP mode behaviour.

* scp(1): many improvements in error message consistency between scp(1)
in SFTP mode vs legacy RCP mode.

* sshd(8): fix potential race in SIGTERM handling PR#289

* ssh(1), ssh(8): since DSA keys are deprecated, move them to the
end of the default list of public keys so that they will be tried
last. PR#295

* ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match
wildcard principals in allowed_signers files

Portability
-----------

* ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's
implementation does not work in a chroot when the kernel does not
have close_range(2). It tries to read from /proc/self/fd and when
that fails dies with an assertion of sorts. Instead, call
close_range(2) directly from our compat code and fall back if
that fails. bz#3349,

* OS X poll(2) is broken; use compat replacement. For character-
special devices like /dev/null, Darwin's poll(2) returns POLLNVAL
when polled with POLLIN. Apparently this is Apple bug 3710161 -
not public but a websearch will find other OSS projects
rediscovering it periodically since it was first identified in
2005.

* Correct handling of exceptfds/POLLPRI in our select(2)-based
poll(2)/ppoll(2) compat implementation.

* Cygwin: correct checking of mbstowcs() return value.

* Add a basic SECURITY.md that refers people to the openssh.com
website.

* Enable additional compiler warnings and toolchain hardening flags,
including -Wbitwise-instead-of-logical, -Wmisleading-indentation,
-fzero-call-used-regs and -ftrivial-auto-var-init.

* HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version
is not reliable.
_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Kevin Brott]

On 2/9/22 20:18, Damien Miller wrote:
> Hi,
>
> OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
>
>

openssh-SNAP-20220211.tar.gz
gcc (Debian 10.2.1-6) 10.2.1 20210110
OpenSSL 1.1.1k  25 Mar 2021
Debian GNU/Linux 11 (bullseye)

./configure && make tests
....
cc -g -O2 -pipe -Wno-error=format-truncation -Wall -Wextra -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-parameter -Wno-unused-result -Wimplicit-fallthrough -Wmisleading-indentation -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE   -I. -I.  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/local/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c regress/unittests/misc/test_strdelim.c -o regress/unittests/misc/test_strdelim.o
cc -g -O2 -pipe -Wno-error=format-truncation -Wall -Wextra -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-parameter -Wno-unused-result -Wimplicit-fallthrough -Wmisleading-indentation -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIE   -I. -I.  -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE -DSSHDIR=\"/usr/local/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/local/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -c regress/unittests/misc/test_hpdelim.c -o regress/unittests/misc/test_hpdelim.o
regress/unittests/misc/test_hpdelim.c:18:10: fatal error: test_helper.h: No such file or directory
   18 | #include "test_helper.h"
      |          ^~~~~~~~~~~~~~~
compilation terminated.
make: *** [Makefile:200: regress/unittests/misc/test_hpdelim.o] Error 1

--
# include <stddisclaimer.h>
/* Kevin Brott <Kevin...@GMail.com> */

[chris]

Further issues with test_hpdelim.c;

---

regress/unittests/misc/test_hpdelim.c:105:1: error: redefinition of ‘test_hpdelim’
105 | test_hpdelim(void)
| ^~~~~~~~~~~~
regress/unittests/misc/test_hpdelim.c:27:1: note: previous definition of ‘test_hpdelim’ with type ‘void(void)’
27 | test_hpdelim(void)
| ^~~~~~~~~~~~

---

[Val Baranov]

On 2/9/22 20:18, Damien Miller wrote:

> Hi,

>

> OpenSSH 8.9p1 is almost ready for release, so we would appreciate

> testing on as many platforms and systems as possible. This is a bugfix release.

>

>


openssh-SNAP-20220211.tar.gz

IBM XL C/C++ for AIX, V11.1 (5724-X13)
Version: 11.01.0000.0023
OpenSSL 1.1.1m 14 Dec 2021
AIX 7.1 TL5 SP8

./configure --prefix=/usr/local/openssh --with-ssl-dir=/usr/local/openssl --with-zlib=/usr/local/zlib --without-openssl-header-check --with-cflags=-q64 --with-ldflags=-q64
...
...
checking for getpgrp... yes
checking if getpgrp accepts zero args... yes
configure: error: *** working libcrypto not found, check config.log

--
This error is remediated by replacing LIBS="-lcrypto $LIBS" with LIBS="-lcrypto -lpthread $LIBS" in configure script.
This can be also fixed by appending "--with-libs=-lpthread" to 'configure' command above.
The error itself is misleading as it refers to "libcrypto" while it actually related to "libpthread".

Would be feasible to fix this in "configure" script in order to do not hit this each time configuring a new version (which does not happen often).


/* Val Baranov <val.b...@duke.edu > */


_______________________________________________

openssh-unix-dev mailing list

openssh-...@mindrot.org<mailto:openssh-...@mindrot.org>
https://urldefense.com/v3/__https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev__;!!OToaGQ!74S2nUQ7pf6v8akRRVi32utjGZvyL229tzz9ATVENbFTQoDLa1EVA4yFwcw2RMKyFv4$<https://urldefense.com/v3/__https:/lists.mindrot.org/mailman/listinfo/openssh-unix-dev__;!!OToaGQ!74S2nUQ7pf6v8akRRVi32utjGZvyL229tzz9ATVENbFTQoDLa1EVA4yFwcw2RMKyFv4$>

[Darren Tucker]

On Fri, 11 Feb 2022 at 07:07, Val Baranov <val.b...@duke.edu> wrote:
[...]

> This error is remediated by replacing LIBS="-lcrypto $LIBS" with LIBS="-lcrypto -lpthread $LIBS" in configure script.
> This can be also fixed by appending "--with-libs=-lpthread" to 'configure' command above.
> The error itself is misleading as it refers to "libcrypto" while it actually related to "libpthread".
>
> Would be feasible to fix this in "configure" script in order to do not hit this each time configuring a new version (which does not happen often).

OK so the reason sounds like your libcrypto is built with pthreads.
As it stands, configure does not know that, all it knows is that its
test program would not link against libcrypto. We definitely don't
want to link in pthreads if it's not needed (we don't really want it
even if it is needed, but that's another story).

It looks like all of the versions of OpenSSL and LibreSSL we support
these days have pkg-config .pc files so we could potentially look it
up there. Does your system ship with pkg-config? The ancient AIX
system I have here does not.

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[Darren Tucker]

On Fri, 11 Feb 2022 at 02:23, chris <ch...@cataclysmal.org> wrote:
> Further issues with test_hpdelim.c;

> regress/unittests/misc/test_hpdelim.c:105:1: error: redefinition of ‘test_hpdelim’
> 105 | test_hpdelim(void)

Thanks, this should now be fixed.

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[Darren Tucker]

On Fri, 11 Feb 2022 at 02:13, Kevin Brott <kevin...@gmail.com> wrote:
[...]

> regress/unittests/misc/test_hpdelim.c:18:10: fatal error: test_helper.h: No such file or directory
> 18 | #include "test_helper.h"

Thanks, this has now been fixed.

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[Hisashi T Fujinaka]

On NetBSD amd64-current and amd64-9.2_STABLE:

(cd openbsd-compat && make)
cc -g -O2 -pipe -Wno-error=format-truncation -Wall -Wextra -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-parameter -Wno-unused-result -Wimplicit-fallthrough -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -fPIC -I. -I.. -I. -I./.. -D_OPENBSD_SOURCE -DHAVE_CONFIG_H -c arc4random.c
In file included from ../openbsd-compat/openbsd-compat.h:203,
from ../includes.h:173,
from arc4random.c:27:
../openbsd-compat/bsd-poll.h:42:16: error: redefinition of 'struct pollfd'
42 | typedef struct pollfd {
| ^~~~~~
In file included from ../openbsd-compat/bsd-poll.h:35,
from ../openbsd-compat/openbsd-compat.h:203,
from ../includes.h:173,
from arc4random.c:27:
/usr/include/poll.h:39:8: note: originally defined here
39 | struct pollfd {
| ^~~~~~
In file included from ../openbsd-compat/openbsd-compat.h:203,
from ../includes.h:173,
from arc4random.c:27:
../openbsd-compat/bsd-poll.h:63: warning: "INFTIM" redefined
63 | #define INFTIM (-1) /* not standard */
|
In file included from ../openbsd-compat/bsd-poll.h:35,
from ../openbsd-compat/openbsd-compat.h:203,
from ../includes.h:173,
from arc4random.c:27:
/usr/include/poll.h:67: note: this is the location of the previous definition
67 | #define INFTIM -1
|
In file included from ../openbsd-compat/openbsd-compat.h:203,
from ../includes.h:173,
from arc4random.c:27:
../openbsd-compat/bsd-poll.h:75:7: error: conflicting types for 'ppoll'
75 | int ppoll(struct pollfd *, nfds_t, const struct timespec *, const sigset_t *);
| ^~~~~
In file included from ../openbsd-compat/bsd-poll.h:35,
from ../openbsd-compat/openbsd-compat.h:203,
from ../includes.h:173,
from arc4random.c:27:
/usr/include/poll.h:95:5: note: previous declaration of 'ppoll' was here
95 | int ppoll(struct pollfd * __restrict, nfds_t,
| ^~~~~
*** Error code 1

Stop.
make[1]: stopped in /home/htodd/openssh-portable/openbsd-compat
*** Error code 1

Stop.
make: stopped in /home/htodd/openssh-portable
--
Hisashi T Fujinaka - ht...@twofifty.com
BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee

[Hisashi T Fujinaka]

configure can't find a compiler on MacOS. Probably a misconfiguration on
my part (just updated the OS today).

--
Hisashi T Fujinaka - ht...@twofifty.com
BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee

[Darren Tucker]

On Fri, 11 Feb 2022 at 10:28, Hisashi T Fujinaka <ht...@twofifty.com> wrote:
> On NetBSD amd64-current and amd64-9.2_STABLE:

[...]

> ../openbsd-compat/bsd-poll.h:42:16: error: redefinition of 'struct pollfd'
> 42 | typedef struct pollfd {

We have a NetBSD 9.0 VM in our buld farm, and it does not experience
this problem. I'll look at getting an updated one to see if I can
reproduce the problem, but one thing that can cause this class of
failure is if you have a generated config.h and/or Makefile elsewhere
in the path (eg if you ran "./configure" on one system, then ran
"../configure in a subdirectory on a different system, the compiler
will pick up the wrong config.h from the top-level directory on the
second system).

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[Hisashi T Fujinaka]

On Fri, 11 Feb 2022, Darren Tucker wrote:

> On Fri, 11 Feb 2022 at 10:28, Hisashi T Fujinaka <ht...@twofifty.com> wrote:
>> On NetBSD amd64-current and amd64-9.2_STABLE:
> [...]
>> ../openbsd-compat/bsd-poll.h:42:16: error: redefinition of 'struct pollfd'
>> 42 | typedef struct pollfd {
>
> We have a NetBSD 9.0 VM in our buld farm, and it does not experience
> this problem. I'll look at getting an updated one to see if I can
> reproduce the problem, but one thing that can cause this class of
> failure is if you have a generated config.h and/or Makefile elsewhere
> in the path (eg if you ran "./configure" on one system, then ran
> "../configure in a subdirectory on a different system, the compiler
> will pick up the wrong config.h from the top-level directory on the
> second system).

Ah. I might have stuff from the last round of tests.

--
Hisashi T Fujinaka - ht...@twofifty.com
BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee

[Zev Weiss]

On Wed, Feb 09, 2022 at 08:18:23PM PST, Damien Miller wrote:
>Hi,
>
>OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing
>on as many platforms and systems as possible. This is a bugfix release.
>

At commit 6ee53064f476cf, all tests pass on current Void Linux (kernel
5.15.22, gcc 10.2.1, glibc 2.32, openssl 1.1.1l).


Thanks,
Zev

[Darren Tucker]

On Fri, 11 Feb 2022 at 11:29, Darren Tucker <dtu...@dtucker.net> wrote:
>
> On Fri, 11 Feb 2022 at 10:28, Hisashi T Fujinaka <ht...@twofifty.com> wrote:
> > On NetBSD amd64-current and amd64-9.2_STABLE:
> [...]
> > ../openbsd-compat/bsd-poll.h:42:16: error: redefinition of 'struct pollfd'
> > 42 | typedef struct pollfd {
>
> We have a NetBSD 9.0 VM in our buld farm, and it does not experience
> this problem. I'll look at getting an updated one to see if I can
> reproduce the problem

I updated the VM to NetBSD 9.2 stable and it built OK. I don't have a
current instance I can conveniently test but I suspect it'll be ok
too.

[Hisashi T Fujinaka]

On Fri, 11 Feb 2022, Darren Tucker wrote:

> On Fri, 11 Feb 2022 at 11:29, Darren Tucker <dtu...@dtucker.net> wrote:
>>
>> On Fri, 11 Feb 2022 at 10:28, Hisashi T Fujinaka <ht...@twofifty.com> wrote:
>>> On NetBSD amd64-current and amd64-9.2_STABLE:
>> [...]
>>> ../openbsd-compat/bsd-poll.h:42:16: error: redefinition of 'struct pollfd'
>>> 42 | typedef struct pollfd {
>>
>> We have a NetBSD 9.0 VM in our buld farm, and it does not experience
>> this problem. I'll look at getting an updated one to see if I can
>> reproduce the problem
>
> I updated the VM to NetBSD 9.2 stable and it built OK. I don't have a
> current instance I can conveniently test but I suspect it'll be ok
> too.

I did a fresh clone and started with autoconf and now configure quits
with:

checking if cc supports -Werror... yes
./configure: 5859: Syntax error: Word "-pipe" unexpected (expecting ")")

--
Hisashi T Fujinaka - ht...@twofifty.com
BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee

[Darren Tucker]

On Fri, 11 Feb 2022 at 14:15, Hisashi T Fujinaka <ht...@twofifty.com> wrote:
> I did a fresh clone and started with autoconf and now configure quits
> with:
>
> checking if cc supports -Werror... yes
> ./configure: 5859: Syntax error: Word "-pipe" unexpected (expecting ")")

That's odd. What version of autoconf are you using? We use 2.69 or
2.70 and run "autoreconf".

(What's at line 5859 will vary depending on the autoconf that
generated it, and none of the ones I've tried have -pipe anywhere near
that line.)

You could also try a snapshot that has configure pre-built:
http://www.mindrot.org/openssh_snap/

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[Corinna Vinschen]

On Feb 10 15:18, Damien Miller wrote:
> Hi,
>
> OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.

Builds OOTB on Cygwin x86_64, almost all tests pass, except a single
test in hostkey-agent:

-------------
debug1: kex: host key algorithm: (no match)
Unable to negotiate with UNKNOWN port 65535: no matching host key type found.
Their offer:
ssh-ed2551...@openssh.com,rsa-sha2-5...@openssh.com,rsa-sha2-256-
cert...@openssh.com,ssh-rsa-...@openssh.com,ssh-dss-...@openssh.com,e
cdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com
,ecdsa-sha2-nis...@openssh.com^M
FAIL: cert type sk-ecdsa-sha2-n...@openssh.com failed
FAIL: bad SSH_CONNECTION key type sk-ecdsa-sha2-n...@openssh.com
-------------

I wonder why sk-ecdsa-sha2-n...@openssh.com is not in the
above list of cert type offers. What explanation could that have?

I'm building OPenSSH exactly as if I create a distro build, using the
following configuration options:

--with-libedit
--with-xauth=/usr/bin/xauth
--disable-strip
--without-hardening
--with-security-key-builtin


Thanks,
Corinna

[Darren Tucker]

On Fri, 11 Feb 2022 at 21:53, Corinna Vinschen <vins...@redhat.com> wrote:

> [...]

> I wonder why sk-ecdsa-sha2-n...@openssh.com is not in the
> above list of cert type offers. What explanation could that have?
>

I've just updated our win10 cygwin test VM to current and will attempt to
reproduce with your config flags.

--without-hardening
>

Out of curiosity why do you need to disable the compiler hardening? I
don't think it's going to make a difference in the failure case you noted,
but our build farm runs a VM with cygwin on win10 with the default
configure flags which enables hardening and it passes.

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[Hisashi T Fujinaka]

On Fri, 11 Feb 2022, Darren Tucker wrote:

> On Fri, 11 Feb 2022 at 14:15, Hisashi T Fujinaka <ht...@twofifty.com> wrote:
>> I did a fresh clone and started with autoconf and now configure quits
>> with:
>>
>> checking if cc supports -Werror... yes
>> ./configure: 5859: Syntax error: Word "-pipe" unexpected (expecting ")")
>
> That's odd. What version of autoconf are you using? We use 2.69 or
> 2.70 and run "autoreconf".
>
> (What's at line 5859 will vary depending on the autoconf that
> generated it, and none of the ones I've tried have -pipe anywhere near
> that line.)
>
> You could also try a snapshot that has configure pre-built:
> http://www.mindrot.org/openssh_snap/

My autoconf is 2.71 and I ran autoreconf.

Here's more of my configure file than you asked for:

5858 if test "$GCC" = "yes" || test "$GCC" = "egcs"; then
5859 OSSH_CHECK_CFLAG_COMPILE(-pipe)
5860 OSSH_CHECK_CFLAG_COMPILE(-Wunknown-warning-option)
5861 OSSH_CHECK_CFLAG_COMPILE(-Wno-error=format-truncation)
5862 OSSH_CHECK_CFLAG_COMPILE(-Qunused-arguments)
5863 OSSH_CHECK_CFLAG_COMPILE(-Wall)
5864 OSSH_CHECK_CFLAG_COMPILE(-Wextra)
5865 OSSH_CHECK_CFLAG_COMPILE(-Wpointer-arith)
5866 OSSH_CHECK_CFLAG_COMPILE(-Wuninitialized)
5867 OSSH_CHECK_CFLAG_COMPILE(-Wsign-compare)
5868 OSSH_CHECK_CFLAG_COMPILE(-Wformat-security)
5869 OSSH_CHECK_CFLAG_COMPILE(-Wsizeof-pointer-memaccess)
5870 OSSH_CHECK_CFLAG_COMPILE(-Wpointer-sign, -Wno-pointer-sign)
5871 OSSH_CHECK_CFLAG_COMPILE(-Wunused-parameter, -Wno-unused-parameter)
5872 OSSH_CHECK_CFLAG_COMPILE(-Wunused-result, -Wno-unused-result)
5873 OSSH_CHECK_CFLAG_COMPILE(-Wimplicit-fallthrough)
5874 OSSH_CHECK_CFLAG_COMPILE(-Wmisleading-indentation)
5875 OSSH_CHECK_CFLAG_COMPILE(-Wbitwise-instead-of-logical)
5876 OSSH_CHECK_CFLAG_COMPILE(-fno-strict-aliasing)
5877 if test "x$use_toolchain_hardening" = "x1"; then
5878 OSSH_CHECK_CFLAG_COMPILE(-mretpoline) # clang
5879 OSSH_CHECK_LDFLAG_LINK(-Wl,-z,retpolineplt)
5880 OSSH_CHECK_CFLAG_COMPILE(-D_FORTIFY_SOURCE=2)
5881 OSSH_CHECK_LDFLAG_LINK(-Wl,-z,relro)
5882 OSSH_CHECK_LDFLAG_LINK(-Wl,-z,now)
5883 OSSH_CHECK_LDFLAG_LINK(-Wl,-z,noexecstack)

--
Hisashi T Fujinaka - ht...@twofifty.com
BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee

[Corinna Vinschen]

On Feb 11 22:25, Darren Tucker wrote:
> On Fri, 11 Feb 2022 at 21:53, Corinna Vinschen <vins...@redhat.com> wrote:
>
> > [...]
> > I wonder why sk-ecdsa-sha2-n...@openssh.com is not in the
> > above list of cert type offers. What explanation could that have?
> >
>
> I've just updated our win10 cygwin test VM to current and will attempt to
> reproduce with your config flags.
>
> --without-hardening
> >
>
> Out of curiosity why do you need to disable the compiler hardening?

Actually... I *think* there was a problem with an older gcc or libc
version when trying to use FORTIFY_SOURCE and/or retpoline. I have to
admit I don't remember exactly.

> I
> don't think it's going to make a difference in the failure case you noted,
> but our build farm runs a VM with cygwin on win10 with the default
> configure flags which enables hardening and it passes.

I've just built OpenSSH without the above flag and it builds and
packages fine. Thanks for pointing this out! I will certainly build
with hardening in future.

I also ran the hostkey-agent test again, but yeah, hardening doesn't
change the result. Still

bad SSH_CONNECTION key type sk-ssh-ed25...@openssh.com

I'm going to run the entire testsuite now, but I don't expect any
other problem.


Thanks,
Corinna

[Val Baranov]

On Thu 2/10/2022 5:21 PM Darren Tucker <dtu...@dtucker.net> wrote:
>On Fri, 11 Feb 2022 at 07:07, Val Baranov <val.b...@duke.edu> wrote:
>[...]
>> This error is remediated by replacing LIBS="-lcrypto $LIBS" with LIBS="-lcrypto -lpthread $LIBS" in configure script.
>> This can be also fixed by appending "--with-libs=-lpthread" to 'configure' command above.
>> The error itself is misleading as it refers to "libcrypto" while it actually related to "libpthread".
>>
>> Would be feasible to fix this in "configure" script in order to do not hit this each time configuring a new version (which does not happen often).
>
>OK so the reason sounds like your libcrypto is built with pthreads.
>As it stands, configure does not know that, all it knows is that its test program would not link against libcrypto. We definitely don't want to link in pthreads if it's not needed (we don't really want it even if it is needed, but that's another story).
>
>It looks like all of the versions of OpenSSL and LibreSSL we support these days have pkg-config .pc files so we could potentially look it up there. Does your system ship with pkg-config? The ancient AIX system I have here does not.

Don't see pkg-config on AIX 7.1.
libcrypto is not built with pthreads - that's what it contains:
shr.o
shr_comm.o
shr_xpg5.o
init.o

OpenSSH here is being compiled with no shared libraries, therefore OpenSSH build (binary) does not look for 3rd party libraries (zlib and openssl) but only refers to OS libs libc.a and libpthread.a (this was done in order to do not depend on a specific system' installed OpenSSL package).
Looks like the error message is misleading to claim "libcrypto" while in fact "configure" either can't find "libpthread" or - which sounds more realistic - can't find "libcrypto" w/o mentioning "--with-libs=-lpthread" option. Again, this case is for OpenSSH compiling with no shared libs, the "libcrypto.a" contains the object files which are statically linked to the binary.

--
Val Baranov <val.b...@duke.edu>

[Kevin Brott]

On 2/10/22 15:08, Darren Tucker wrote:
> On Fri, 11 Feb 2022 at 02:13, Kevin Brott<kevin...@gmail.com> wrote:
> [...]
>> regress/unittests/misc/test_hpdelim.c:18:10: fatal error: test_helper.h: No such file or directory
>> 18 | #include "test_helper.h"
> Thanks, this has now been fixed.
>

Confirmed:

openssh-SNAP-20220214.tar.gz

gcc (Debian 10.2.1-6) 10.2.1 20210110
OpenSSL 1.1.1k  25 Mar 2021
Debian GNU/Linux 11 (bullseye)

./configure && make tests
....

all tests passed

--
# include <stddisclaimer.h>
/* Kevin Brott<Kevin...@GMail.com> */

[HARUYAMA Seigo]

> * ssh(1): extend the PubkeyAuthentication configuration directive to
> accept yes|no|unbound|host-bound to allow control over one of the
> protocol extensions used to implement agent-restricted keys.

The description of PubkeyAuthentication value "unbound|host-bound" does not exist in ssh_config(5).

https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh_config.5?rev=1.368&content-type=text/x-cvsweb-markup
https://github.com/openssh/openssh-portable/blob/ad16a84e64a8cf1c69c63de3fb9008320a37009c/ssh_config.5#L1520

[Damien Miller]

On Fri, 11 Feb 2022, Corinna Vinschen wrote:

> On Feb 10 15:18, Damien Miller wrote:
> > Hi,
> >
> > OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing
> > on as many platforms and systems as possible. This is a bugfix release.
>
> Builds OOTB on Cygwin x86_64, almost all tests pass, except a single
> test in hostkey-agent:
>
> -------------

> FAIL: cert type sk-ecdsa-sha2-n...@openssh.com failed
> FAIL: bad SSH_CONNECTION key type sk-ecdsa-sha2-n...@openssh.com
> -------------
>

> I'm building OPenSSH exactly as if I create a distro build, using the
> following configuration options:
>
> --with-libedit
> --with-xauth=/usr/bin/xauth
> --disable-strip
> --without-hardening
> --with-security-key-builtin

It's passing for me with similar options (missing --with-libedit and
--with-security-key-builtin). I'm using:

> CYGWIN_NT-10.0 win10pro 3.2.0(0.340/5/3) 2021-03-29 08:42 x86_64 Cygwin

> debug1: kex: host key algorithm: (no match)
> Unable to negotiate with UNKNOWN port 65535: no matching host key type found.
> Their offer:
> ssh-ed2551...@openssh.com,rsa-sha2-5...@openssh.com,rsa-sha2-256-
> cert...@openssh.com,ssh-rsa-...@openssh.com,ssh-dss-...@openssh.com,e
> cdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com
> ,ecdsa-sha2-nis...@openssh.com^M
>

> I wonder why sk-ecdsa-sha2-n...@openssh.com is not in the
> above list of cert type offers. What explanation could that have?

It looks like the server offer is missing all SK keytypes. What does
'grep ENABLE_SK config.h' show? If it is disabled there, then config.log
might have clues as to why.

I'll try it again on an image with libfido2 just to rule that out, though
AFAIK it's not in the path for any of this (we use sk-dummy.so in the
tests).

-d

[Darren Tucker]

On Sat, 12 Feb 2022 at 06:26, Val Baranov <val.b...@duke.edu> wrote:
> Don't see pkg-config on AIX 7.1.
> libcrypto is not built with pthreads - that's what it contains:

Well, something seems to want pthreads. What's in libcrypto.pc in the
OpenSSL you're using?

> OpenSSH here is being compiled with no shared libraries, therefore OpenSSH build (binary) does not look for 3rd party libraries (zlib and openssl) but only refers to OS libs libc.a and libpthread.a (this was done in order to do not depend on a specific system' installed OpenSSL package).

> Looks like the error message is misleading to claim "libcrypto" while in fact "configure" either can't find "libpthread" or - which sounds more realistic - can't find "libcrypto" w/o mentioning "--with-libs=-lpthread" option. Again, this case is for OpenSSH compiling with no shared libs, the "libcrypto.a" contains the object files which are statically linked to the binary.

Something odd is going on. Could you please send me config.log from
the case where it fails to find libcrypto? (it's big so off list
either direct to me or by making it available somewhere)?

[Damien Miller]

On Mon, 14 Feb 2022, HARUYAMA Seigo wrote:

> > * ssh(1): extend the PubkeyAuthentication configuration directive
> > to accept yes|no|unbound|host-bound to allow control over one of
> > the protocol extensions used to implement agent-restricted keys.
>
> The description of PubkeyAuthentication value "unbound|host-bound"
> does not exist in ssh_config(5).

thanks - fixed :)

-d

[Predrag Zecevic]

It compiles on OpenIndiana (https://www.openindiana.org) as well.
Since it delivers own OpenSSH copy, I use to install it on separate
location.

#### http://www.mindrot.org/openssh_snap/openssh-SNAP-20220211.tar.gz

:; autoreconf
# autoreconf (GNU Autoconf) 2.71

:; echo $CC $CXX
/usr/gcc/10/bin/gcc /usr/gcc/10/bin/g++

:; echo $PREFIX
/pz/SFW

:; echo $CFLAGS
-lstdc++ -m64 -march=native -std=c89 -std=c99 -D_POSIX_PTHREAD_SEMANTICS
-D_XOPEN_SOURCE=600 -D_FILE_OFFSET_BITS=64 -D__EXTENSIONS__
-I${PREFIX}/include -I${PREFIX}/include/openssl -I${PREFIX}/apr/include
-I${PREFIX}/include/nghttp3 -I/usr/include -I/usr/gnu/include
-I/usr/include/readline -I/usr/include/ncurses -I/usr/include/idn2

:; ./configure --prefix=${PREFIX}
       --sysconfdir=${PREFIX}/etc/openssh
       --with-cflags="${CFLAGS} -DHAVE_MBLEN"
       --with-kerberos5=${PREFIX}
       --with-ssl-dir=${PREFIX}
       --with-zlib=${PREFIX}
       --with-pam
       --with-xauth=/usr/bin/xauth
       --with-libedit
       --with-mantype=man
       --with-solaris-projects
       --with-solaris-privs

...
:; gmake
...
:; ./ssh -V
OpenSSH_8.8p1-snap20220211, OpenSSL 1.1.1m  14 Dec 2021

Many thanks, and best regards.

--
--
Predrag Zečević
predrag.ze...@googlemail.com

[chris]

On Thu, Feb 10, 2022 at 03:18:23PM +1100, Damien Miller wrote:
> Hi,
>
> OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.

---

openssh-SNAP-20220215.tar.gz
Haiku R1/beta3 hrev55181+63 (x86)
gcc 11.2.0

---

...

run test login-timeout.sh ...
which: no rev in (/boot/home/build/openssh:.:/boot/home/config/non-packaged/bin:/boot/home/config/bin:/boot/system/non-packaged/bin:/bin:/boot/system/apps:/boot/system/preferences)
ssh connect after login grace timeout failed
failed connect after login grace timeout
Makefile:221: recipe for target 't-exec' failed
make[1]: *** [t-exec] Error 1
make[1]: Leaving directory '/boot/home/build/openssh/regress'
Makefile:727: recipe for target 't-exec' failed
make: *** [t-exec] Error 2
make: *** Waiting for unfinished jobs....

ssh-keygen for ssh-rsa failed
SKIPPED: putty interop tests not enabled
Makefile:236: recipe for target 't-exec-interop' failed
make[1]: *** [t-exec-interop] Error 1
make[1]: Leaving directory '/boot/home/build/openssh/regress'
Makefile:727: recipe for target 'interop-tests' failed
make: *** [interop-tests] Error 2

---
regress.log:

trace: using cached key type sk-ecdsa-sh...@openssh.com
---

failed-ssh.log:

trace: wait for sshd
Executing: /boot/home/build/openssh/ssh -F /boot/home/build/openssh/regress/ssh_config somehost true
debug3: ssh_connect_direct: entering
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 4242.
debug3: set_sock_tos: set socket 5 IP_TOS 0x48
debug1: Connection established.
debug1: identity file /boot/home/build/openssh/regress/ssh-ed25519 type 3
debug1: identity file /boot/home/build/openssh/regress/ssh-ed25519-cert type -1
debug1: identity file /boot/home/build/openssh/regress/sk-ssh-...@openssh.com type 12
debug1: identity file /boot/home/build/openssh/regress/sk-ssh-...@openssh.com-cert type -1
debug1: identity file /boot/home/build/openssh/regress/ssh-rsa type 0
debug1: identity file /boot/home/build/openssh/regress/ssh-rsa-cert type -1
debug1: identity file /boot/home/build/openssh/regress/ssh-dss type 1
debug1: identity file /boot/home/build/openssh/regress/ssh-dss-cert type -1
debug1: identity file /boot/home/build/openssh/regress/ecdsa-sha2-nistp256 type 2
debug1: identity file /boot/home/build/openssh/regress/ecdsa-sha2-nistp256-cert type -1
debug1: identity file /boot/home/build/openssh/regress/ecdsa-sha2-nistp384 type 2
debug1: identity file /boot/home/build/openssh/regress/ecdsa-sha2-nistp384-cert type -1
debug1: identity file /boot/home/build/openssh/regress/ecdsa-sha2-nistp521 type 2
debug1: identity file /boot/home/build/openssh/regress/ecdsa-sha2-nistp521-cert type -1
debug1: identity file /boot/home/build/openssh/regress/sk-ecdsa-sh...@openssh.com type 10
debug1: identity file /boot/home/build/openssh/regress/sk-ecdsa-sh...@openssh.com-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: kex_exchange_identification: banner line 0: Exceeded MaxStartups
kex_exchange_identification: Connection closed by remote host
Connection closed by 127.0.0.1 port 4242
FAIL: ssh connect after login grace timeout failed

trace: wait for sshd to exit
FAIL: ssh-keygen for ssh-rsa failed

---

failed-sshd.log:

trace: wait for sshd
debug1: fd 5 clearing O_NONBLOCK
debug1: Forked child 30396.
debug3: send_rexec_state: entering fd = 8 config len 1004
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
debug1: inetd sockets after dupping: 4, 4
Connection from 127.0.0.1 port 40275 on 127.0.0.1 port 4242
debug1: Local version string SSH-2.0-OpenSSH_8.8
debug1: Remote protocol version 2.0, remote software version fake
debug1: compat_banner: no match: fake
debug2: fd 4 setting O_NONBLOCK
debug2: Network child is on pid 30397
debug3: preauth child monitor started
debug3: privsep user:group 1000:102 [preauth]
debug1: permanently_set_uid: 1000/102 [preauth]
debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
debug3: append_hostkey_type: ssh-dss key not permitted by HostkeyAlgorithms [preauth]
debug1: list_hostkey_types: ssh-ed25519,sk-ssh-...@openssh.com,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sh...@openssh.com [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
Timeout before authentication for 127.0.0.1 port 40275
debug1: fd 7 clearing O_NONBLOCK
beginning MaxStartups throttling
drop connection #1 from [127.0.0.1]:40281 on [127.0.0.1]:4242 past MaxStartups
FAIL: ssh connect after login grace timeout failed

trace: wait for sshd to exit
Received signal 15; terminating.
mm_log_handler: write: Broken pipe
debug1: do_cleanup
FAIL: ssh-keygen for ssh-rsa failed

---

[Predrag Zecevic]

Tests are failing:
:; gmake tests
...
In file included from /pz/SFW/include/openssl/x509.h:30,
                 from /pz/SFW/include/openssl/pem.h:17,
                 from regress/misc/sk-dummy/sk-dummy.c:48:
/pz/SFW/include/openssl/sha.h:56:3: error: conflicting types for
'SHA256_CTX'
   56 | } SHA256_CTX;
      |   ^~~~~~~~~~
In file included from /usr/include/sha2.h:32,
                 from regress/misc/sk-dummy/sk-dummy.c:28:
/usr/include/sys/sha2.h:89:18: note: previous declaration of
'SHA256_CTX' was here
   89 | typedef SHA2_CTX SHA256_CTX;
      |                  ^~~~~~~~~~
/pz/SFW/include/openssl/sha.h:65:16: error: expected identifier or '('
before numeric constant
   65 | unsigned char *SHA256(const unsigned char *d, size_t n,
unsigned char *md);
      |                ^~~~~~
In file included from /pz/SFW/include/openssl/x509.h:30,
                 from /pz/SFW/include/openssl/pem.h:17,
                 from regress/misc/sk-dummy/sk-dummy.c:48:
/pz/SFW/include/openssl/sha.h:103:3: error: conflicting types for
'SHA512_CTX'
  103 | } SHA512_CTX;
      |   ^~~~~~~~~~
In file included from /usr/include/sha2.h:32,
                 from regress/misc/sk-dummy/sk-dummy.c:28:
/usr/include/sys/sha2.h:91:18: note: previous declaration of
'SHA512_CTX' was here
   91 | typedef SHA2_CTX SHA512_CTX;
      |                  ^~~~~~~~~~
/pz/SFW/include/openssl/sha.h:108:16: error: expected identifier or '('
before numeric constant
  108 | unsigned char *SHA384(const unsigned char *d, size_t n,
unsigned char *md);
      |                ^~~~~~
/pz/SFW/include/openssl/sha.h:112:16: error: expected identifier or '('
before numeric constant
  112 | unsigned char *SHA512(const unsigned char *d, size_t n,
unsigned char *md);
      |                ^~~~~~
gmake: *** [Makefile:688: regress/misc/sk-dummy/sk-dummy.lo] Error 1

------------------
:; which openssl
/pz/SFW/bin/openssl
:; openssl version

OpenSSL 1.1.1m  14 Dec 2021

Regards.

--

[Darren Tucker]

On Wed, 16 Feb 2022 at 01:09, Predrag Zecevic
<predrag.ze...@googlemail.com> wrote:
>
> Tests are failing:
> :; gmake tests
> ...
> In file included from /pz/SFW/include/openssl/x509.h:30,
> from /pz/SFW/include/openssl/pem.h:17,
> from regress/misc/sk-dummy/sk-dummy.c:48:
> /pz/SFW/include/openssl/sha.h:56:3: error: conflicting types for
> 'SHA256_CTX'
> 56 | } SHA256_CTX;
> | ^~~~~~~~~~

What platform is that? From the paths I'm guessing a Solaris or derivative?

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[Darren Tucker]

On Wed, 16 Feb 2022 at 00:48, chris <ch...@cataclysmal.org> wrote:
[...]

> openssh-SNAP-20220215.tar.gz
> Haiku R1/beta3 hrev55181+63 (x86)
> gcc 11.2.0

[...]

> drop connection #1 from [127.0.0.1]:40281 on [127.0.0.1]:4242 past MaxStartups

This was the symptom we saw on Solaris and derivatives, which was
caused by the privileged sshd not being a process group leader and
thus the grace_alarm_handler fails to clean up the unprivileged
privsep child here:

grace_alarm_handler(int sig)
[...]
if (getpgid(0) == getpid()) {
ssh_signal(SIGTERM, SIG_IGN);
kill(0, SIGTERM);
}

On Solaris this was caused by skipping the setsid() call, but that was
removed in commit b306986, so probably there's another thing causing a
similar symptom. Does Haiku implement the kill(0, ...) behaviour
specified by posix? Does have a killpg? Does it even have process
groups?

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[chris]

On Wed, Feb 16, 2022 at 12:36:56PM +1100, Darren Tucker wrote:
> On Wed, 16 Feb 2022 at 00:48, chris <ch...@cataclysmal.org> wrote:
> [...]
> > openssh-SNAP-20220215.tar.gz
> > Haiku R1/beta3 hrev55181+63 (x86)
> > gcc 11.2.0
> [...]
> > drop connection #1 from [127.0.0.1]:40281 on [127.0.0.1]:4242 past MaxStartups
>
> This was the symptom we saw on Solaris and derivatives, which was
> caused by the privileged sshd not being a process group leader and
> thus the grace_alarm_handler fails to clean up the unprivileged
> privsep child here:
>
> grace_alarm_handler(int sig)
> [...]
> if (getpgid(0) == getpid()) {
> ssh_signal(SIGTERM, SIG_IGN);
> kill(0, SIGTERM);
> }
>
> On Solaris this was caused by skipping the setsid() call, but that was
> removed in commit b306986, so probably there's another thing causing a
> similar symptom. Does Haiku implement the kill(0, ...) behaviour
> specified by posix? Does have a killpg? Does it even have process
> groups?

headers/posix/signal.h:242:

int kill(pid_t pid, int _signal);
int killpg(pid_t processGroupID, int _signal);

[The Doctor]

On Thu, Feb 10, 2022 at 03:18:23PM +1100, Damien Miller wrote:
> Hi,
>
> OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
>

> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
>
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
>
> Portable OpenSSH is also available via git using the
> instructions at http://www.openssh.com/portable.html#cvs
> At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
> https://github.com/openssh/openssh-portable
>
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
>
> $ ./configure && make tests
>
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-...@mindrot.org. Security bugs should be reported
> directly to ope...@openssh.com.
>
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
>
> Thanks to the many people who contributed to this release.
>
> Future deprecation notice
> =========================
>
> A near-future release of OpenSSH will switch scp(1) from using the
> legacy scp/rcp protocol to using SFTP by default.
>
> Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
> "scp host:* .") through the remote shell. This has the side effect of
> requiring double quoting of shell meta-characters in file names
> included on scp(1) command-lines, otherwise they could be interpreted
> as shell commands on the remote side.
>
> This creates one area of potential incompatibility: scp(1) when using
> the SFTP protocol no longer requires this finicky and brittle quoting,
> and attempts to use it may cause transfers to fail. We consider the
> removal of the need for double-quoting shell characters in file names
> to be a benefit and do not intend to introduce bug-compatibility for
> legacy scp/rcp in scp(1) when using the SFTP protocol.
>
> Another area of potential incompatibility relates to the use of remote
> paths relative to other user's home directories, for example -
> "scp host:~user/file /tmp". The SFTP protocol has no native way to
> expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later
> support a protocol extension "expan...@openssh.com" to support
> this.
>
> Potentially-incompatible changes
> ================================
>
> * sshd(8), portable OpenSSH only: this release removes in-built
> support for MD5-hashed passwords. If you require these on your
> system then we recommend linking against libxcrypt or similar.
>
> * This release modifies the FIDO security key middleware interface
> and increments SSH_SK_VERSION_MAJOR.
>
> Changes since OpenSSH 8.8
> =========================
>
> This release includes a number of new features.
>
> New features
> ------------
>
> * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
> restricting forwarding and use of keys added to ssh-agent(1)
> A detailed description of the feature is available at
> https://www.openssh.com/agent-restrict.html and the protocol
> extensions are documented in the PROTOCOL and PROTOCOL.agent
> files in the source release.
>
> * ssh(1), sshd(8): add the sntrup761x2...@openssh.com hybrid
> ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
> default KEXAlgorithms list (after the ECDH methods but before the
> prime-group DH ones).
>
> * ssh-keygen(1): when downloading resident keys from a FIDO token,
> pass back the user ID that was used when the key was created and
> append it to the filename the key is written to (if it is not the
> default). Avoids keys being clobbered if the user created multiple
> resident keys with the same application string but different user
> IDs.
>
> * ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys
> on tokens that provide user verification (UV) on the device itself,
> including biometric keys, avoiding unnecessary PIN prompts.
>
> * ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to
> perform matching of principals names against an allowed signers
> file. To be used towards a TOFU model for SSH signatures in git.
>
> * ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added
> to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at
> authentication time.
>
> * ssh-keygen(1): allow selection of hash at sshsig signing time
> (either sha512 (default) or sha256).
>
> * ssh(1), sshd(8): read network data directly to the packet input
> buffer instead indirectly via a small stack buffer. Provides a
> modest performance improvement.
>
> * ssh(1), sshd(8): read data directly to the channel input buffer,
> providing a similar modest performance improvement.

>
> * ssh(1): extend the PubkeyAuthentication configuration directive to
> accept yes|no|unbound|host-bound to allow control over one of the
> protocol extensions used to implement agent-restricted keys.
>

> Bugfixes
> --------
>
> * sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and
> PubkeyAuthOptions can be used in a Match block. PR#277.
>
> * ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
> exchange hashes
>
> * ssh(1): don't put the TTY into raw mode when SessionType=none,
> avoids ^C being unable to kill such a session. bz3360
>
> * scp(1): fix some corner-case bugs in SFTP-mode handling of
> ~-prefixed paths.
>
> * ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to
> select RSA keys when only RSA/SHA2 signature algorithms are
> configured (this is the default case). Previously RSA keys were
> not being considered in the default case.
>
> * ssh-keysign(1): make ssh-keysign use the requested signature
> algorithm and not the default for the key type. Part of unbreaking
> hostbased auth for RSA/SHA2 keys.
>
> * ssh(1): stricter UpdateHostkey signature verification logic on
> the client- side. Require RSA/SHA2 signatures for RSA hostkeys
> except when RSA/SHA1 was explicitly negotiated during initial
> KEX; bz3375
>
> * ssh(1), sshd(8): fix signature algorithm selection logic for
> UpdateHostkeys on the server side. The previous code tried to
> prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some
> cases. This will use RSA/SHA2 signatures for RSA keys if the
> client proposed these algorithms in initial KEX. bz3375
>
> * All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2).
> This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1)
> and sftp-server(8), as well as the sshd(8) listen loop and all
> other FD read/writability checks. On platforms with missing or
> broken poll(2)/ppoll(2) syscalls as select(2)-based compat shim is
> available.
>
> * ssh-keygen(1): the "-Y find-principals" command was verifying key
> validity when using ca certs but not with simple key lifetimes
> within the allowed signers file.
>
> * ssh-keygen(1): make sshsig verify-time argument parsing optional
>
> * ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA
> keys (we already did this for RSA keys). Avoids fatal errors for
> PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
> "cryptoauthlib"; bz#3364
>
> * ssh(1), ssh-agent(1): improve the testing of credentials against
> inserted FIDO: ask the token whether a particular key belongs to
> it in cases where the token supports on-token user-verification
> (e.g. biometrics) rather than just assuming that it will accept it.
>
> Will reduce spurious "Confirm user presence" notifications for key
> handles that relate to FIDO keys that are not currently inserted in at
> least some cases. bz3366
>
> * ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to
> allow for the preceding two ECN bits. bz#3373
>
> * ssh-keygen(1): add missing -O option to usage() for the "-Y sign"
> option.
>
> * ssh-keygen(1): fix a NULL deref when using the find-principals
> function, when matching an allowed_signers line that contains a
> namespace restriction, but no restriction specified on the
> command-line
>
> * ssh-agent(1): fix memleak in process_extension(); oss-fuzz
> issue #42719
>
> * ssh(1): suppress "Connection to xxx closed" messages when LogLevel
> is set to "error" or above. bz3378
>
> * ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing
> compressed packet data. bz3372
>
> * scp(1): when recursively transferring files in SFTP mode, create the
> destination directory if it doesn't already exist to match scp(1) in
> legacy RCP mode behaviour.
>
> * scp(1): many improvements in error message consistency between scp(1)
> in SFTP mode vs legacy RCP mode.
>
> * sshd(8): fix potential race in SIGTERM handling PR#289
>
> * ssh(1), ssh(8): since DSA keys are deprecated, move them to the
> end of the default list of public keys so that they will be tried
> last. PR#295
>
> * ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match
> wildcard principals in allowed_signers files
>
> Portability
> -----------
>
> * ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's
> implementation does not work in a chroot when the kernel does not
> have close_range(2). It tries to read from /proc/self/fd and when
> that fails dies with an assertion of sorts. Instead, call
> close_range(2) directly from our compat code and fall back if
> that fails. bz#3349,
>
> * OS X poll(2) is broken; use compat replacement. For character-
> special devices like /dev/null, Darwin's poll(2) returns POLLNVAL
> when polled with POLLIN. Apparently this is Apple bug 3710161 -
> not public but a websearch will find other OSS projects
> rediscovering it periodically since it was first identified in
> 2005.
>
> * Correct handling of exceptfds/POLLPRI in our select(2)-based
> poll(2)/ppoll(2) compat implementation.
>
> * Cygwin: correct checking of mbstowcs() return value.
>
> * Add a basic SECURITY.md that refers people to the openssh.com
> website.
>
> * Enable additional compiler warnings and toolchain hardening flags,
> including -Wbitwise-instead-of-logical, -Wmisleading-indentation,
> -fzero-call-used-regs and -ftrivial-auto-var-init.
>
> * HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version
> is not reliable.

> _______________________________________________
> openssh-unix-dev mailing list
> openssh-...@mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

OpenSSH_8.8p1-snap20220216, OpenSSL 1.1.1m+quic 14 Dec 2021

Working in FreeBSD 13.0-p7

--
Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca
Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism https://www.empire.kred/ROOTNK?t=94a1f39b
Do they do as the Word said, or as the world said? -unknown Beware https://mindspring.com

[Predrag Zecevic]

Hi Darren,

It is OpenIndiana (Illumos kernel), with self compiled OpenSSL, MIT
Kerberos 5 and zlib.
The rest of packages are from OS.

:; uname -rosv
SunOS 5.11 illumos-da38379730 illumos

So, yes, like Solaris.
OpenSSH behaves good (already using it - although not everything is tested).

I have compiled it myself, since OS version is still using OpenSSL 1.0:
:; /usr/bin/ssh -V
OpenSSH_8.1p1, OpenSSL 1.0.2u  20 Dec 2019

Best regards.

On 15.02.2022 23:01, Darren Tucker wrote:
> On Wed, 16 Feb 2022 at 01:09, Predrag Zecevic
> <predrag.ze...@googlemail.com> wrote:
>> Tests are failing:
>> :; gmake tests
>> ...
>> In file included from /pz/SFW/include/openssl/x509.h:30,
>> from /pz/SFW/include/openssl/pem.h:17,
>> from regress/misc/sk-dummy/sk-dummy.c:48:
>> /pz/SFW/include/openssl/sha.h:56:3: error: conflicting types for
>> 'SHA256_CTX'
>> 56 | } SHA256_CTX;
>> | ^~~~~~~~~~
> What platform is that? From the paths I'm guessing a Solaris or derivative?
>

--
Predrag Zečević
predrag.ze...@googlemail.com

[Corinna Vinschen]

On Feb 11 19:54, Corinna Vinschen wrote:
> On Feb 11 22:25, Darren Tucker wrote:
> > On Fri, 11 Feb 2022 at 21:53, Corinna Vinschen <vins...@redhat.com> wrote:
> >
> > > [...]
> > > I wonder why sk-ecdsa-sha2-n...@openssh.com is not in the
> > > above list of cert type offers. What explanation could that have?
> > >

> > [...]

> I've just built OpenSSH without the above flag and it builds and
> packages fine. Thanks for pointing this out! I will certainly build
> with hardening in future.
>
> I also ran the hostkey-agent test again, but yeah, hardening doesn't
> change the result. Still
>
> bad SSH_CONNECTION key type sk-ssh-ed25...@openssh.com
>
> I'm going to run the entire testsuite now, but I don't expect any
> other problem.

I just reproduced this problem on Fedora 35. It's actually a result
of building in a dedicated build dir:

$ uname -a
Linux calimero 5.16.8-200.fc35.x86_64 #1 SMP PREEMPT Tue Feb 8 20:58:59 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
$ pwd
/src/openssh/src
$ mkdir ../build
$ cd ../build
$ ../src/configure --with-kerberos5 --with-libedit --with-xauth=/usr/bin/xauth --with-security-key-builtin
[...]
$ make t-exec LTESTS=hostkey-agent
[...]
run test hostkey-agent.sh ...
key type ssh-ed25519
key type ssh-rsa
key type ssh-dss
key type ecdsa-sha2-nistp256
key type ecdsa-sha2-nistp384
key type ecdsa-sha2-nistp521
cert type ssh-ed2551...@openssh.com
cert type sk-ssh-ed25...@openssh.com
cert type sk-ssh-ed25...@openssh.com failed

bad SSH_CONNECTION key type sk-ssh-ed25...@openssh.com

cert type ssh-rsa-...@openssh.com
cert type rsa-sha2-2...@openssh.com
cert type rsa-sha2-5...@openssh.com
cert type ssh-dss-...@openssh.com
cert type ecdsa-sha2-nis...@openssh.com
cert type ecdsa-sha2-nis...@openssh.com
cert type ecdsa-sha2-nis...@openssh.com
cert type sk-ecdsa-sha2-n...@openssh.com
cert type sk-ecdsa-sha2-n...@openssh.com failed

bad SSH_CONNECTION key type sk-ecdsa-sha2-n...@openssh.com

failed hostkey agent
make[1]: *** [Makefile:221: t-exec] Error 1
make[1]: Leaving directory '/src/openssh/src/regress'
make: *** [Makefile:727: t-exec] Error 2

Now building in the source dir:

$ uname -a
Linux calimero 5.16.8-200.fc35.x86_64 #1 SMP PREEMPT Tue Feb 8 20:58:59 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
$ pwd
/src/openssh/src
$ ./configure --with-kerberos5 --with-libedit --with-xauth=/usr/bin/xauth --with-security-key-builtin
[...]
$ make t-exec LTESTS=hostkey-agent
[...]
run test hostkey-agent.sh ...
key type ssh-ed25519
key type sk-ssh-...@openssh.com
key type ssh-rsa
key type ssh-dss
key type ecdsa-sha2-nistp256
key type ecdsa-sha2-nistp384
key type ecdsa-sha2-nistp521
key type sk-ecdsa-sh...@openssh.com
cert type ssh-ed2551...@openssh.com
cert type sk-ssh-ed25...@openssh.com
cert type ssh-rsa-...@openssh.com
cert type rsa-sha2-2...@openssh.com
cert type rsa-sha2-5...@openssh.com
cert type ssh-dss-...@openssh.com
cert type ecdsa-sha2-nis...@openssh.com
cert type ecdsa-sha2-nis...@openssh.com
cert type ecdsa-sha2-nis...@openssh.com
cert type sk-ecdsa-sha2-n...@openssh.com
ok hostkey agent
make[1]: Leaving directory '/src/openssh/src/regress'
all t-exec passed

So the sk certs fail if builddir != srcdir, independent of the target.

[Damien Miller]

On Wed, 16 Feb 2022, Corinna Vinschen wrote:

> So the sk certs fail if builddir != srcdir, independent of the target.

Ah, good catch. It's probably not finding regress/misc/sk-dummy.so.
I can't recreate this on Debian, but I think (thanks to Darren) that
I have a RHish VM around somewhere and I'll try to reproduce it on
that.

-d

[Darren Tucker]

On Thu, 17 Feb 2022 at 12:36, Damien Miller <d...@mindrot.org> wrote:
>
> On Wed, 16 Feb 2022, Corinna Vinschen wrote:
>
> > So the sk certs fail if builddir != srcdir, independent of the target.
>
> Ah, good catch.

I second that, nice find!

> It's probably not finding regress/misc/sk-dummy.so.
> I can't recreate this on Debian, but I think (thanks to Darren) that
> I have a RHish VM around somewhere and I'll try to reproduce it on
> that.

Try starting from a clean checkout. My guess is that a previous test
run left something (maybe sk-dummy.so) in the top-level directory.
I'm using Fedora 34, but I rarely start from a clean dir.

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[Damien Miller]

On Thu, 17 Feb 2022, Damien Miller wrote:

> On Wed, 16 Feb 2022, Corinna Vinschen wrote:
>
> > So the sk certs fail if builddir != srcdir, independent of the target.
>
> Ah, good catch. It's probably not finding regress/misc/sk-dummy.so.
> I can't recreate this on Debian, but I think (thanks to Darren) that
> I have a RHish VM around somewhere and I'll try to reproduce it on
> that.

I was able to recreate this on Rocky Linux, this seems to fix it:

diff --git a/regress/test-exec.sh b/regress/test-exec.sh
index 15bdd0847..358d8082e 100644
--- a/regress/test-exec.sh
+++ b/regress/test-exec.sh
@@ -576,6 +576,8 @@ elif [ -f "${SRC}/misc/sk-dummy/obj/sk-dummy.so" ] ; then
SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/obj/sk-dummy.so"
elif [ -f "${SRC}/misc/sk-dummy/sk-dummy.so" ] ; then
SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/sk-dummy.so"
+elif [ -f "${OBJ}/misc/sk-dummy/sk-dummy.so" ] ; then
+ SSH_SK_PROVIDER="${OBJ}/misc/sk-dummy/sk-dummy.so"
fi
export SSH_SK_PROVIDER


(I tried just s/SRC/OBJ/ in the second else case, but that breaks Debian)

[Darren Tucker]

On Thu, 17 Feb 2022 at 13:57, Damien Miller <d...@mindrot.org> wrote:
> I was able to recreate this on Rocky Linux, this seems to fix it:
>
> diff --git a/regress/test-exec.sh b/regress/test-exec.sh
> index 15bdd0847..358d8082e 100644
> --- a/regress/test-exec.sh
> +++ b/regress/test-exec.sh
> @@ -576,6 +576,8 @@ elif [ -f "${SRC}/misc/sk-dummy/obj/sk-dummy.so" ] ; then
> SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/obj/sk-dummy.so"
> elif [ -f "${SRC}/misc/sk-dummy/sk-dummy.so" ] ; then
> SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/sk-dummy.so"
> +elif [ -f "${OBJ}/misc/sk-dummy/sk-dummy.so" ] ; then
> + SSH_SK_PROVIDER="${OBJ}/misc/sk-dummy/sk-dummy.so"
> fi

To me it seems like it should look in ${SRC} last, but ok either way.

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[Nicolai]

On Thu, Feb 10, 2022 at 03:18:23PM +1100, Damien Miller wrote:

> * ssh(1), sshd(8): add the sntrup761x2...@openssh.com hybrid
> ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
> default KEXAlgorithms list (after the ECDH methods but before the
> prime-group DH ones).

Very happy to see this, thank you! Been using the sntrup* KEMs since
2019.

I tried four machines. First 3 look good, last might need attention.

1. Debian 10 x86_64
gcc 8.3.0
./configure --without-openssl
make
(builds successfully)
make clean && ./configure && make && make tests
[...]
all tests passed


2. Amazon Linux AMI x86_64
gcc version 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
./configure && make tests
[...]
all tests passed


3. Ubuntu 18.04.6 LTS x86_64
gcc version 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)
./configure && make tests
[...]
all tests passed


4. Alpine Linux 3.15.0 x86_64
gcc version 10.3.1 20211027 (Alpine 10.3.1_git20211027)
./configure --without-openssl
make
(builds successfully)
make clean && ./configure
make
(builds successfully)
make tests
[...]
all file-tests passed
[...]
make[1]: Entering directory '/home/codetest/openssh/regress'
run test connect.sh ...
ssh direct connect failed
ssh proxycommand connect failed
failed simple connect

make[1]: *** [Makefile:221: t-exec] Error 1

make[1]: Leaving directory '/home/codetest/openssh/regress'

make: *** [Makefile:727: t-exec] Error 2

Nicolai

[Darren Tucker]

On Thu, 17 Feb 2022 at 16:21, Nicolai <nicolai...@chocolatine.org> wrote:
[...]
> make[1]: Entering directory '/home/codetest/openssh/regress'
> run test connect.sh ...
> ssh direct connect failed
> ssh proxycommand connect failed
> failed simple connect

The logs in regress/failed-ssh.log and regress/failed-sshd.log should
provide some insight about what failed.

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[Corinna Vinschen]

On Feb 17 14:09, Darren Tucker wrote:
> On Thu, 17 Feb 2022 at 13:57, Damien Miller <d...@mindrot.org> wrote:
> > I was able to recreate this on Rocky Linux, this seems to fix it:
> >
> > diff --git a/regress/test-exec.sh b/regress/test-exec.sh
> > index 15bdd0847..358d8082e 100644
> > --- a/regress/test-exec.sh
> > +++ b/regress/test-exec.sh
> > @@ -576,6 +576,8 @@ elif [ -f "${SRC}/misc/sk-dummy/obj/sk-dummy.so" ] ; then
> > SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/obj/sk-dummy.so"
> > elif [ -f "${SRC}/misc/sk-dummy/sk-dummy.so" ] ; then
> > SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/sk-dummy.so"
> > +elif [ -f "${OBJ}/misc/sk-dummy/sk-dummy.so" ] ; then
> > + SSH_SK_PROVIDER="${OBJ}/misc/sk-dummy/sk-dummy.so"
> > fi

This works fine for Cygwin as well, thanks!

> To me it seems like it should look in ${SRC} last, ...

I agree with that. First builddir, then srcdir.


Thanks,
Corinna

[Corinna Vinschen]

[This mail was hold back, awaiting moderator approval, because it
had the "failed-*.log" files attached, so it was too big. I send
it now again, just FTR, this time without the log files attached.]

On Feb 14 17:41, Damien Miller wrote:
> On Fri, 11 Feb 2022, Corinna Vinschen wrote:
>
> > On Feb 10 15:18, Damien Miller wrote:
> > > Hi,
> > >
> > > OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing
> > > on as many platforms and systems as possible. This is a bugfix release.
> >
> > Builds OOTB on Cygwin x86_64, almost all tests pass, except a single
> > test in hostkey-agent:
> >
> > -------------
> > FAIL: cert type sk-ecdsa-sha2-n...@openssh.com failed
> > FAIL: bad SSH_CONNECTION key type sk-ecdsa-sha2-n...@openssh.com
> > -------------
> >
> > I'm building OPenSSH exactly as if I create a distro build, using the
> > following configuration options:
> >
> > --with-libedit
> > --with-xauth=/usr/bin/xauth
> > --disable-strip
> > --without-hardening
> > --with-security-key-builtin
>
> It's passing for me with similar options (missing --with-libedit and
> --with-security-key-builtin). I'm using:

Hmm, this is puzzeling...

Please note that kerberos support is built in, too. But this happens
automatically, so there's no explicit configure option.

> > CYGWIN_NT-10.0 win10pro 3.2.0(0.340/5/3) 2021-03-29 08:42 x86_64 Cygwin
>
> > debug1: kex: host key algorithm: (no match)
> > Unable to negotiate with UNKNOWN port 65535: no matching host key type found.
> > Their offer:
> > ssh-ed2551...@openssh.com,rsa-sha2-5...@openssh.com,rsa-sha2-256-
> > cert...@openssh.com,ssh-rsa-...@openssh.com,ssh-dss-...@openssh.com,e
> > cdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com
> > ,ecdsa-sha2-nis...@openssh.com^M
> >
> > I wonder why sk-ecdsa-sha2-n...@openssh.com is not in the
> > above list of cert type offers. What explanation could that have?
>
> It looks like the server offer is missing all SK keytypes. What does
> 'grep ENABLE_SK config.h' show? If it is disabled there, then config.log
> might have clues as to why.

Looks good to me:

$ grep ENABLE_SK config.h
#define ENABLE_SK /**/
#define ENABLE_SK_INTERNAL /**/

> I'll try it again on an image with libfido2 just to rule that out, though
> AFAIK it's not in the path for any of this (we use sk-dummy.so in the
> tests).

I attached my failed-*.log files again. Curious: Despite defining
TEST_SSH_UNSAFE_PERMISSIONS=1 in the environment. the failed-sshd.log
file contains WARNING: UNPROTECTED PRIVATE KEY FILE! messages, plus
lines like these:

Unable to load host key "/home/corinna/tmp/openssh/openssh-8.9p0-1.x86_64/build/regress/agent-key.ecdsa-sha2-nistp521.pub": bad permissions

However, these are pub files, not priv files. Is it possible that
the test fails because srcdir != builddir?


Thanks,
Corinna

[Corinna Vinschen]

On Feb 17 10:20, Corinna Vinschen wrote:
> On Feb 17 14:09, Darren Tucker wrote:
> > On Thu, 17 Feb 2022 at 13:57, Damien Miller <d...@mindrot.org> wrote:
> > > I was able to recreate this on Rocky Linux, this seems to fix it:
> > >
> > > diff --git a/regress/test-exec.sh b/regress/test-exec.sh
> > > index 15bdd0847..358d8082e 100644
> > > --- a/regress/test-exec.sh
> > > +++ b/regress/test-exec.sh
> > > @@ -576,6 +576,8 @@ elif [ -f "${SRC}/misc/sk-dummy/obj/sk-dummy.so" ] ; then
> > > SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/obj/sk-dummy.so"
> > > elif [ -f "${SRC}/misc/sk-dummy/sk-dummy.so" ] ; then
> > > SSH_SK_PROVIDER="${SRC}/misc/sk-dummy/sk-dummy.so"
> > > +elif [ -f "${OBJ}/misc/sk-dummy/sk-dummy.so" ] ; then
> > > + SSH_SK_PROVIDER="${OBJ}/misc/sk-dummy/sk-dummy.so"
> > > fi
>
> This works fine for Cygwin as well, thanks!
>
> > To me it seems like it should look in ${SRC} last, ...
>
> I agree with that. First builddir, then srcdir.

Latest master (667fec5d4fe4) plus the patchset from
https://github.com/openssh/openssh-portable/pull/302

Builds on Cygwin and Fedora 35 in a dedicated build dir,
all tests pass. Thanks!

[Nicolai]

On Thu, Feb 17, 2022 at 04:24:45PM +1100, Darren Tucker wrote:

> The logs in regress/failed-ssh.log and regress/failed-sshd.log should
> provide some insight about what failed.

Hope this helps, and quick reminder, this is Alpine Linux 3.15.0 x86_64,
gcc version 10.3.1 20211027 (Alpine 10.3.1_git20211027). I'm not
normally a Linux user and only installed Alpine for the first time a
week ago, so I feel kind of lost on this machine. Sorry I can't be more
informative or helpful.


$ cat failed-ssh.log
trace: direct connect
Executing: /home/codetest/openssh/ssh -F /home/codetest/openssh/regress/ssh_config somehost true

debug3: ssh_connect_direct: entering
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 4242.

debug3: set_sock_tos: set socket 4 IP_TOS 0x48
debug1: Connection established.
debug1: identity file /home/codetest/openssh/regress/ssh-ed25519 type 3
debug1: identity file /home/codetest/openssh/regress/ssh-ed25519-cert type -1
debug1: identity file /home/codetest/openssh/regress/sk-ssh-...@openssh.com type 12
debug1: identity file /home/codetest/openssh/regress/sk-ssh-...@openssh.com-cert type -1
debug1: identity file /home/codetest/openssh/regress/ssh-rsa type 0
debug1: identity file /home/codetest/openssh/regress/ssh-rsa-cert type -1
debug1: identity file /home/codetest/openssh/regress/ssh-dss type 1
debug1: identity file /home/codetest/openssh/regress/ssh-dss-cert type -1
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp256 type 2
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp256-cert type -1
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp384 type 2
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp384-cert type -1
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp521 type 2
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp521-cert type -1
debug1: identity file /home/codetest/openssh/regress/sk-ecdsa-sh...@openssh.com type 10
debug1: identity file /home/codetest/openssh/regress/sk-ecdsa-sh...@openssh.com-cert type -1

debug1: Local version string SSH-2.0-OpenSSH_8.8

debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8
debug1: compat_banner: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000

debug2: fd 4 setting O_NONBLOCK

debug1: Authenticating to 127.0.0.1:4242 as 'codetest'
debug1: using hostkeyalias: localhost-with-alias
debug3: record_hostkey: found key type ED25519 in file /home/codetest/openssh/regress/known_hosts:1
debug3: record_hostkey: found key type ED25519-SK in file /home/codetest/openssh/regress/known_hosts:2
debug3: record_hostkey: found key type RSA in file /home/codetest/openssh/regress/known_hosts:3
debug3: record_hostkey: found key type DSA in file /home/codetest/openssh/regress/known_hosts:4
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:5
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:6
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:7
debug3: record_hostkey: found key type ECDSA-SK in file /home/codetest/openssh/regress/known_hosts:8
debug3: load_hostkeys_file: loaded 8 keys from localhost-with-alias
debug3: record_hostkey: found key type ED25519 in file /home/codetest/openssh/regress/known_hosts:1
debug3: record_hostkey: found key type ED25519-SK in file /home/codetest/openssh/regress/known_hosts:2
debug3: record_hostkey: found key type RSA in file /home/codetest/openssh/regress/known_hosts:3
debug3: record_hostkey: found key type DSA in file /home/codetest/openssh/regress/known_hosts:4
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:5
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:6
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:7
debug3: record_hostkey: found key type ECDSA-SK in file /home/codetest/openssh/regress/known_hosts:8
debug3: load_hostkeys_file: loaded 8 keys from localhost-with-alias
debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed2551...@openssh.com, using HostkeyAlgorithms verbatim

debug3: send packet: type 20

debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve255...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x2...@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ssh-ed2551...@openssh.com,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,sk-ssh-ed25...@openssh.com,sk-ecdsa-sha2-n...@openssh.com,rsa-sha2-5...@openssh.com,rsa-sha2-2...@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-...@openssh.com,sk-ecdsa-sh...@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes12...@openssh.com,aes25...@openssh.com
debug2: ciphers stoc: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes12...@openssh.com,aes25...@openssh.com
debug2: MACs ctos: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zl...@openssh.com,zlib
debug2: compression stoc: none,zl...@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve255...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x2...@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: ssh-ed25519,sk-ssh-...@openssh.com,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sh...@openssh.com
debug2: ciphers ctos: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes12...@openssh.com,aes25...@openssh.com
debug2: ciphers stoc: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes12...@openssh.com,aes25...@openssh.com
debug2: MACs ctos: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zl...@openssh.com
debug2: compression stoc: none,zl...@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20...@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20...@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 4242: Broken pipe
FAIL: ssh direct connect failed

trace: proxy connect
Executing: /home/codetest/openssh/ssh -F /home/codetest/openssh/regress/ssh_config -o proxycommand /home/codetest/openssh/regress/netcat %h %p somehost true
debug1: Executing proxy command: exec /home/codetest/openssh/regress/netcat 127.0.0.1 4242
debug1: identity file /home/codetest/openssh/regress/ssh-ed25519 type 3
debug1: identity file /home/codetest/openssh/regress/ssh-ed25519-cert type -1
debug1: identity file /home/codetest/openssh/regress/sk-ssh-...@openssh.com type 12
debug1: identity file /home/codetest/openssh/regress/sk-ssh-...@openssh.com-cert type -1
debug1: identity file /home/codetest/openssh/regress/ssh-rsa type 0
debug1: identity file /home/codetest/openssh/regress/ssh-rsa-cert type -1
debug1: identity file /home/codetest/openssh/regress/ssh-dss type 1
debug1: identity file /home/codetest/openssh/regress/ssh-dss-cert type -1
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp256 type 2
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp256-cert type -1
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp384 type 2
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp384-cert type -1
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp521 type 2
debug1: identity file /home/codetest/openssh/regress/ecdsa-sha2-nistp521-cert type -1
debug1: identity file /home/codetest/openssh/regress/sk-ecdsa-sh...@openssh.com type 10
debug1: identity file /home/codetest/openssh/regress/sk-ecdsa-sh...@openssh.com-cert type -1

debug1: Local version string SSH-2.0-OpenSSH_8.8

debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8
debug1: compat_banner: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000
debug2: fd 6 setting O_NONBLOCK
debug2: fd 5 setting O_NONBLOCK
debug1: Authenticating to 127.0.0.1:4242 as 'codetest'
debug1: using hostkeyalias: localhost-with-alias
debug3: record_hostkey: found key type ED25519 in file /home/codetest/openssh/regress/known_hosts:1
debug3: record_hostkey: found key type ED25519-SK in file /home/codetest/openssh/regress/known_hosts:2
debug3: record_hostkey: found key type RSA in file /home/codetest/openssh/regress/known_hosts:3
debug3: record_hostkey: found key type DSA in file /home/codetest/openssh/regress/known_hosts:4
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:5
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:6
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:7
debug3: record_hostkey: found key type ECDSA-SK in file /home/codetest/openssh/regress/known_hosts:8
debug3: load_hostkeys_file: loaded 8 keys from localhost-with-alias
debug3: record_hostkey: found key type ED25519 in file /home/codetest/openssh/regress/known_hosts:1
debug3: record_hostkey: found key type ED25519-SK in file /home/codetest/openssh/regress/known_hosts:2
debug3: record_hostkey: found key type RSA in file /home/codetest/openssh/regress/known_hosts:3
debug3: record_hostkey: found key type DSA in file /home/codetest/openssh/regress/known_hosts:4
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:5
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:6
debug3: record_hostkey: found key type ECDSA in file /home/codetest/openssh/regress/known_hosts:7
debug3: record_hostkey: found key type ECDSA-SK in file /home/codetest/openssh/regress/known_hosts:8
debug3: load_hostkeys_file: loaded 8 keys from localhost-with-alias
debug3: order_hostkeyalgs: have matching best-preference key type ssh-ed2551...@openssh.com, using HostkeyAlgorithms verbatim

debug3: send packet: type 20

debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve255...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x2...@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ssh-ed2551...@openssh.com,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,ecdsa-sha2-nis...@openssh.com,sk-ssh-ed25...@openssh.com,sk-ecdsa-sha2-n...@openssh.com,rsa-sha2-5...@openssh.com,rsa-sha2-2...@openssh.com,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ssh-...@openssh.com,sk-ecdsa-sh...@openssh.com,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes12...@openssh.com,aes25...@openssh.com
debug2: ciphers stoc: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes12...@openssh.com,aes25...@openssh.com
debug2: MACs ctos: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zl...@openssh.com,zlib
debug2: compression stoc: none,zl...@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve255...@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,sntrup761x2...@openssh.com,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: ssh-ed25519,sk-ssh-...@openssh.com,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sh...@openssh.com
debug2: ciphers ctos: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes12...@openssh.com,aes25...@openssh.com
debug2: ciphers stoc: chacha20...@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes12...@openssh.com,aes25...@openssh.com
debug2: MACs ctos: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-...@openssh.com,umac-1...@openssh.com,hmac-sha...@openssh.com,hmac-sha...@openssh.com,hmac-s...@openssh.com,uma...@openssh.com,umac...@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zl...@openssh.com
debug2: compression stoc: none,zl...@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20...@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20...@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
ssh_dispatch_run_fatal: Connection to UNKNOWN port 65535: Broken pipe
FAIL: ssh proxycommand connect failed



$ cat failed-sshd.log
trace: direct connect
debug3: fd 5 is not O_NONBLOCK
debug1: Forked child 13356.
debug3: send_rexec_state: entering fd = 8 config len 945

debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done

debug3: oom_adjust_restore
debug1: Set /proc/self/oom_score_adj to 0

debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
debug1: inetd sockets after dupping: 4, 4

Connection from 127.0.0.1 port 46506 on 127.0.0.1 port 4242

debug1: Local version string SSH-2.0-OpenSSH_8.8

debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8
debug1: compat_banner: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000

debug2: fd 4 setting O_NONBLOCK

debug3: ssh_sandbox_init: preparing rlimit sandbox
debug2: Network child is on pid 13357

debug3: preauth child monitor started

debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
debug3: append_hostkey_type: ssh-dss key not permitted by HostkeyAlgorithms [preauth]
debug1: list_hostkey_types: ssh-ed25519,sk-ssh-...@openssh.com,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sh...@openssh.com [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]

ssh_dispatch_run_fatal: Connection from 127.0.0.1 port 46506: Invalid argument [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive: entering
debug1: do_cleanup
debug1: Killing privsep child 13357
FAIL: ssh direct connect failed

trace: proxy connect
debug3: fd 5 is not O_NONBLOCK
debug1: Forked child 13366.
debug3: send_rexec_state: entering fd = 8 config len 945

debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done

debug3: oom_adjust_restore
debug1: Set /proc/self/oom_score_adj to 0

debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
debug1: inetd sockets after dupping: 4, 4

Connection from 127.0.0.1 port 46508 on 127.0.0.1 port 4242

debug1: Local version string SSH-2.0-OpenSSH_8.8

debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8
debug1: compat_banner: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000

debug2: fd 4 setting O_NONBLOCK

debug3: ssh_sandbox_init: preparing rlimit sandbox
debug2: Network child is on pid 13367

debug3: preauth child monitor started

debug3: append_hostkey_type: ssh-rsa key not permitted by HostkeyAlgorithms [preauth]
debug3: append_hostkey_type: ssh-dss key not permitted by HostkeyAlgorithms [preauth]
debug1: list_hostkey_types: ssh-ed25519,sk-ssh-...@openssh.com,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sh...@openssh.com [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]

ssh_dispatch_run_fatal: Connection from 127.0.0.1 port 46508: Invalid argument [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive: entering
debug1: do_cleanup
debug1: Killing privsep child 13367
FAIL: ssh proxycommand connect failed

[Damien Miller]

On Thu, 17 Feb 2022, Nicolai wrote:

> On Thu, Feb 17, 2022 at 04:24:45PM +1100, Darren Tucker wrote:
>
> > The logs in regress/failed-ssh.log and regress/failed-sshd.log should
> > provide some insight about what failed.
>
> Hope this helps, and quick reminder, this is Alpine Linux 3.15.0 x86_64,
> gcc version 10.3.1 20211027 (Alpine 10.3.1_git20211027). I'm not
> normally a Linux user and only installed Alpine for the first time a
> week ago, so I feel kind of lost on this machine. Sorry I can't be more
> informative or helpful.

[...]

> debug3: send packet: type 30
> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
> ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 4242: Broken pipe

I'm guessing this is a seccomp sandbox violation. Unfortunately debugging
these can be a bit tricky. There are some instructions at the top of
sandbox-seccomp.c if you want to give it a try but unfortunately the
need some handholding because some change between glibc and the Linux
kernel headers causes them to fail on some systems.

Darren, is there any chance of making an Alpine VM to test against?

-d

[Thorsten Glaser]

On Fri, 18 Feb 2022, Damien Miller wrote:

> need some handholding because some change between glibc and the Linux

Perhaps somewhat importantly, Alpine Linux uses musl-libc by dalias
instead of the GNU moloch.

bye,
//mirabilos
--
Sometimes they [people] care too much: pretty printers [and syntax highligh-
ting, d.A.] mechanically produce pretty output that accentuates irrelevant
detail in the program, which is as sensible as putting all the prepositions
in English text in bold font. -- Rob Pike in "Notes on Programming in C"

[Thorsten Glaser]

On Fri, 18 Feb 2022, Damien Miller wrote:

> Darren, is there any chance of making an Alpine VM to test against?

If it helps, I can reproduce this on Debian, with musl-tools installed.

$ CC=musl-gcc mksh configure --without-openssl --without-zlib
$ make tests
[…]
make[1]: Entering directory '/tmp/openssh/regress'
/tmp/openssh/ssh-keygen -if /tmp/openssh/regress/rsa_ssh2.prv | diff - /tmp/openssh/regress/rsa_openssh.prv
key conversion disabled at compile time
0a1,15
> -----BEGIN RSA PRIVATE KEY-----
> MIICWgIBAAKBgQDsilwKcaKN6wSMNd1WgQ9+HRqQEkD0kCTVttrazGu0OhBU3Uko
> +dFD1Ip0CxdXmN25JQWxOYF7h/Ocu8P3jzv3RTX87xKR0YzlXTLX+SLtF/ySebS3
> xWPrlfRUDhh03hR5V+8xxvvy9widPYKw/oItwGSueOsEq1LTczCDv2dAjQIDAQAB
> An8nH5VzvHkMbSqJ6eOYDsVwomRvYbH5IEaYl1x6VATITNvAu9kUdQ4NsSpuMc+7
> Jj9gKZvmO1y2YCKc0P/iO+i/eV0L+yQh1Rw18jQZll+12T+LZrKRav03YNvMx0gN
> wqWY48Kt6hv2/N/ebQzKRe79+D0t2cTh92hT7xENFLIBAkEBGnoGKFjAUkJCwO1V
> mzpUqMHpRZVOrqP9hUmPjzNJ5oBPFGe4+h1hoSRFOAzaNuZt8ssbqaLCkzB8bfzj
> qhZqAQJBANZekuUpp8iBLeLSagw5FkcPwPzq6zfExbhvsZXb8Bo/4SflNs4JHXwI
> 7SD9Z8aJLvM4uQ/5M70lblDMQ40i3o0CQQDIJvBYBFL5tlOgakq/O7yi+wt0L5BZ
> 9H79w5rCSAA0IHRoK/qI1urHiHC3f3vbbLk5UStfrqEaND/mm0shyNIBAkBLsYdC
> /ctt5Bc0wUGK4Vl5bBmj9LtrrMJ4FpBpLwj/69BwCuKoK9XKZ0h73p6XHveCEGRg
> PIlFX4MtaoLrwgU9AkBV2k4dgIws+X8YX65EsyyFjnlDqX4x0nSOjQB1msIKfHBr
> dh5XLDBTTCxnKhMJ0Yx/opgOvf09XHBFwaQntR5i
> -----END RSA PRIVATE KEY-----
make[1]: *** [Makefile:149: t1] Error 1
make[1]: Leaving directory '/tmp/openssh/regress'
make: *** [Makefile:727: file-tests] Error 2

At this point, it’s built, and it appears that…

$ make t-exec

… runs the precise test that failed for the OP.

(Why the configure script doesn’t configure the tests so
they run only those that can actually be run without OpenSSL
is beyond me…)

The reason for disabling OpenSSL and libz is that you’d need
versions of them built against musl-libc which isn’t normally
available on glibc-using Debian.

musl is… very opinionated. Its <sys/poll.h> contains a very
annoing #warning (because POSIX has <poll.h> instead) which
I suggest to sudoedit away first.

bye,
//mirabilos
--
15:41⎜<Lo-lan-do:#fusionforge> Somebody write a testsuite for helloworld :-)

[Thorsten Glaser]

On Fri, 18 Feb 2022, Damien Miller wrote:

> these can be a bit tricky. There are some instructions at the top of
> sandbox-seccomp.c if you want to give it a try but unfortunately the

In musl libc, you also have to comment out the…

# include <asm/siginfo.h>

… because such a header is not shipped with it. The compilation works
without, though.

Unfortunately, dalias is very strictly against making it possible to
detect musl at compile time, so wrapping it in #ifdef __GLIBC__ or so.

There are none of the expected messages though :/

But perhaps this strace snippet helps:

write(2, "debug1: inetd sockets after dupp"..., 43debug1: inetd sockets after dupping: 3, 3
) = 43
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
fcntl(3, F_SETFD, FD_CLOEXEC) = 0
rt_sigaction(SIGALRM, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGHUP, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGTERM, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGQUIT, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGCHLD, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
rt_sigaction(SIGINT, {sa_handler=SIG_DFL, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER|SA_RESTART, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7476566000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f7476565000
getpeername(3, {sa_family=AF_INET, sin_port=htons(45850), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getpeername(3, {sa_family=AF_INET, sin_port=htons(45850), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(4242), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(4242), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getpeername(3, {sa_family=AF_INET, sin_port=htons(45850), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getsockopt(3, SOL_IP, IP_OPTIONS, 0x7ffddb068c90, [200->0]) = 0
setsockopt(3, SOL_SOCKET, SO_KEEPALIVE, [1], 4) = 0
getsockname(3, {sa_family=AF_INET, sin_port=htons(4242), sin_addr=inet_addr("127.0.0.1")}, [128->16]) = 0
getpid() = 6833
write(2, "Connection from 127.0.0.1 port 4"..., 61Connection from 127.0.0.1 port 45850 on 127.0.0.1 port 4242
) = 61
rt_sigprocmask(SIG_UNBLOCK, [RT_1 RT_2], NULL, 8) = 0
rt_sigaction(SIGALRM, {sa_handler=0x55f8c5084f80, sa_mask=~[RTMIN RT_1 RT_2], sa_flags=SA_RESTORER, sa_restorer=0x7f74765eea48}, {sa_handler=SIG_DFL, sa_mask=~[KILL STOP RTMIN RT_1 RT_2], sa_flags=SA_RESTORER, sa_restorer=0x7f74765eea48}, 8) = 0
write(3, "SSH-2.0-OpenSSH_8.8\r\n", 21) = 21
getpid() = 6833
write(2, "debug1: Local version string SSH"..., 50debug1: Local version string SSH-2.0-OpenSSH_8.8
) = 50
read(3, "S", 1) = 1
read(3, "S", 1) = 1
read(3, "H", 1) = 1
read(3, "-", 1) = 1
read(3, "2", 1) = 1
read(3, ".", 1) = 1
read(3, "0", 1) = 1
read(3, "-", 1) = 1
read(3, "O", 1) = 1
read(3, "p", 1) = 1
read(3, "e", 1) = 1
read(3, "n", 1) = 1
read(3, "S", 1) = 1
read(3, "S", 1) = 1
read(3, "H", 1) = 1
read(3, "_", 1) = 1
read(3, "8", 1) = 1
read(3, ".", 1) = 1
read(3, "8", 1) = 1
read(3, "\r", 1) = 1
read(3, "\n", 1) = 1
getpid() = 6833
write(2, "debug1: Remote protocol version "..., 74debug1: Remote protocol version 2.0, remote software version OpenSSH_8.8
) = 74
getpid() = 6833
write(2, "debug1: compat_banner: match: Op"..., 74debug1: compat_banner: match: OpenSSH_8.8 pat OpenSSH* compat 0x04000000
) = 74
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
getpid() = 6833
write(2, "debug2: fd 3 setting O_NONBLOCK\r"..., 33debug2: fd 3 setting O_NONBLOCK
) = 33
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK|O_LARGEFILE) = 0
socketpair(AF_UNIX, SOCK_STREAM, 0, [4, 5]) = 0
fcntl(4, F_SETFD, FD_CLOEXEC) = 0
fcntl(5, F_SETFD, FD_CLOEXEC) = 0
pipe([6, 7]) = 0
fcntl(6, F_SETFD, FD_CLOEXEC) = 0
fcntl(7, F_SETFD, FD_CLOEXEC) = 0
getpid() = 6833
write(2, "debug3: ssh_sandbox_init: prepar"..., 52debug3: ssh_sandbox_init: preparing rlimit sandbox
) = 52
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], ~[KILL STOP RTMIN RT_1 RT_2], 8) = 0
fork() = 6837
rt_sigprocmask(SIG_SETMASK, ~[KILL STOP RTMIN RT_1 RT_2], NULL, 8) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
getpid() = 6833
write(2, "debug2: Network child is on pid "..., 38debug2: Network child is on pid 6837
) = 38
getpid() = 6833
write(2, "debug3: preauth child monitor st"..., 39debug3: preauth child monitor started
) = 39
close(4) = 0
close(7) = 0
poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1strace: Process 6837 attached
<unfinished ...>
[pid 6837] gettid() = 6837
[pid 6837] rt_sigprocmask(SIG_SETMASK, ~[KILL STOP RTMIN RT_1 RT_2], NULL, 8) = 0
[pid 6837] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
[pid 6837] close(5) = 0
[pid 6837] close(6) = 0
[pid 6837] getrandom("\x85\x8b\x44\xc8\x9b\xc6\x2e\x9f\xcd\x23\x8d\xb5\xb2\xd1\x34\x6a\x49\x21\x1b\x01\x68\xb0\xff\x27\xc2\x99\x9b\xfd\x10\xb1\x88\xcc"..., 40, 0) = 40
[pid 6837] getpid() = 6837
[pid 6837] getrandom("\x79\xb0\x34\x61\x78\x74\xdb\x57\x6f\xda\x0e\x03\xf2\xc1\x20\xf6\x25\x43\xaa\x37\x01\x3e\xd4\x7b\xbe\x9b\xd9\xee\x18\x30\x2e\x9e"..., 40, 0) = 40
[pid 6837] munmap(0x7f747656e000, 20480) = 0
[pid 6837] munmap(0x7f7476569000, 20480) = 0
[pid 6837] prlimit64(0, RLIMIT_FSIZE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid 6837] prlimit64(0, RLIMIT_NOFILE, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid 6837] prlimit64(0, RLIMIT_NPROC, {rlim_cur=0, rlim_max=0}, NULL) = 0
[pid 6837] getpid() = 6837
[pid 6837] write(7, "\0\0\0F\0\0\0\5\0\0\0\0\0\0\0:list_hostkey_typ"..., 74 <unfinished ...>
[pid 6833] <... poll resumed>) = 1 ([{fd=6, revents=POLLIN}])
[pid 6837] <... write resumed>) = 74
[pid 6833] read(6, <unfinished ...>
[pid 6837] mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 <unfinished ...>
[pid 6833] <... read resumed>"\0\0\0F", 4) = 4
[pid 6837] <... mmap resumed>) = 0x7f7476572000
[pid 6833] read(6, "\0\0\0\5\0\0\0\0\0\0\0:list_hostkey_types: "..., 70) = 70
[pid 6837] getpid( <unfinished ...>
[pid 6833] write(2, "debug1: list_hostkey_types: ssh-"..., 78 <unfinished ...>
[pid 6837] <... getpid resumed>) = 6837
debug1: list_hostkey_types: ssh-ed25519,sk-ssh-...@openssh.com [preauth]
[pid 6833] <... write resumed>) = 78
[pid 6837] getpid( <unfinished ...>
[pid 6833] poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1 <unfinished ...>
[pid 6837] <... getpid resumed>) = 6837
[pid 6837] write(7, "\0\0\0 \0\0\0\7\0\0\0\0\0\0\0\24send packet: typ"..., 36 <unfinished ...>
[pid 6833] <... poll resumed>) = 1 ([{fd=6, revents=POLLIN}])
[pid 6837] <... write resumed>) = 36
[pid 6833] read(6, <unfinished ...>
[pid 6837] getpid( <unfinished ...>
[pid 6833] <... read resumed>"\0\0\0 ", 4) = 4
[pid 6837] <... getpid resumed>) = 6837
[pid 6833] read(6, <unfinished ...>
[pid 6837] write(7, "\0\0\0!\0\0\0\5\0\0\0\0\0\0\0\25SSH2_MSG_KEXINIT"..., 37 <unfinished ...>
[pid 6833] <... read resumed>"\0\0\0\7\0\0\0\0\0\0\0\24send packet: type 20", 32) = 32
[pid 6837] <... write resumed>) = 37
[pid 6833] write(2, "debug3: send packet: type 20 [pr"..., 40 <unfinished ...>
debug3: send packet: type 20 [preauth]
[pid 6837] write(3, "\0\0\2\354\10\24\352\345t\306\f\335\217l1\f\227\252\353\vf\337\0\0\0Qcurve2"..., 752 <unfinished ...>
[pid 6833] <... write resumed>) = 40
[pid 6833] poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1 <unfinished ...>
[pid 6837] <... write resumed>) = 752
[pid 6833] <... poll resumed>) = 1 ([{fd=6, revents=POLLIN}])
[pid 6833] read(6, "\0\0\0!", 4) = 4
[pid 6833] read(6, "\0\0\0\5\0\0\0\0\0\0\0\25SSH2_MSG_KEXINIT sen"..., 33) = 33
[pid 6833] write(2, "debug1: SSH2_MSG_KEXINIT sent [p"..., 41debug1: SSH2_MSG_KEXINIT sent [preauth]
) = 41
[pid 6833] poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1 <unfinished ...>
[pid 6837] ppoll([{fd=3, events=POLLIN}], 1, NULL, NULL, 8) = -1 EINVAL (Invalid argument)
[pid 6837] getpid() = 6837
[pid 6837] write(7, "\0\0\0Z\0\0\0\3\0\0\0\0\0\0\0Nssh_dispatch_run"..., 94 <unfinished ...>
[pid 6833] <... poll resumed>) = 1 ([{fd=6, revents=POLLIN}])
[pid 6837] <... write resumed>) = 94
[pid 6833] read(6, "\0\0\0Z", 4) = 4
[pid 6833] read(6, "\0\0\0\3\0\0\0\0\0\0\0Nssh_dispatch_run_fat"..., 90) = 90
[pid 6833] write(2, "ssh_dispatch_run_fatal: Connecti"..., 90ssh_dispatch_run_fatal: Connection from 127.0.0.1 port 45850: Invalid argument [preauth]
) = 90
[pid 6833] poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1 <unfinished ...>
[pid 6837] getpid() = 6837
[pid 6837] write(7, "\0\0\0\26\0\0\0\5\0\0\0\0\0\0\0\ndo_cleanup", 26 <unfinished ...>
[pid 6833] <... poll resumed>) = 1 ([{fd=6, revents=POLLIN}])
[pid 6837] <... write resumed>) = 26
[pid 6833] read(6, "\0\0\0\26", 4) = 4
[pid 6833] read(6, "\0\0\0\5\0\0\0\0\0\0\0\ndo_cleanup", 22) = 22
[pid 6833] write(2, "debug1: do_cleanup [preauth]\r\n", 30debug1: do_cleanup [preauth]
) = 30
[pid 6833] poll([{fd=5, events=POLLIN}, {fd=6, events=POLLIN}], 2, -1 <unfinished ...>
[pid 6837] exit_group(255) = ?
[pid 6833] <... poll resumed>) = 1 ([{fd=6, revents=POLLHUP}])
[pid 6837] +++ exited with 255 +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6837, si_uid=1000, si_status=255, si_utime=0, si_stime=0} ---
read(6, "", 4) = 0
getpid() = 6833
write(2, "debug1: monitor_read_log: child "..., 47debug1: monitor_read_log: child log fd closed
) = 47
close(6) = 0
poll([{fd=5, events=POLLIN}], 1, -1) = 1 ([{fd=5, revents=POLLIN|POLLHUP}])
getpid() = 6833
write(2, "debug3: mm_request_receive: ente"..., 38debug3: mm_request_receive: entering
) = 38
read(5, "", 4) = 0
getpid() = 6833
write(2, "debug1: do_cleanup\r\n", 20debug1: do_cleanup
) = 20
getpid() = 6833
write(2, "debug1: Killing privsep child 68"..., 36debug1: Killing privsep child 6837
) = 36
kill(6837, SIGKILL) = 0
exit_group(255) = ?
+++ exited with 255 +++

bye,
//mirabilos
--
«MyISAM tables -will- get corrupted eventually. This is a fact of life. »
“mysql is about as much database as ms access” – “MSSQL at least descends
from a database” “it's a rebranded SyBase” “MySQL however was born from a
flatfile and went downhill from there” – “at least jetDB doesn’t claim to
be a database” (#nosec) ‣‣‣ Please let MySQL and MariaDB finally die!

[Steffen Nurpmeso]

Thorsten Glaser wrote in
<b4e3532-3fef-472...@tarent.de>:

|On Fri, 18 Feb 2022, Damien Miller wrote:
|> these can be a bit tricky. There are some instructions at the top of
|> sandbox-seccomp.c if you want to give it a try but unfortunately the
|
|In musl libc, you also have to comment out the…
|
| # include <asm/siginfo.h>
|
|… because such a header is not shipped with it. The compilation works
|without, though.
|
|Unfortunately, dalias is very strictly against making it possible to
|detect musl at compile time, so wrapping it in #ifdef __GLIBC__ or so.

The TinyC compiler tcc does

#?0|kent:tcc.git$ git grep -i musl master
...
master:configure: --config-uClibc,-musl,-mingw32... enable system specific configurations
master:configure: if test -f "/lib/ld-musl-$cpu.so.1"; then
master:configure: echo "Perhaps you want ./configure --config-musl"
...

--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)

[Thorsten Glaser]

On Fri, 18 Feb 2022, Steffen Nurpmeso wrote:

> The TinyC compiler tcc does
>
> #?0|kent:tcc.git$ git grep -i musl master
> ...
> master:configure: --config-uClibc,-musl,-mingw32... enable system specific configurations
> master:configure: if test -f "/lib/ld-musl-$cpu.so.1"; then
> master:configure: echo "Perhaps you want ./configure --config-musl"

Ouch, completely bogus.

I’ve found one reliable way to detect musl at configure time,
at least for the last couple of years of their releases.

Compile and link a hello-world program, then check whether the
binary contains MUSL_LOCPATH as string.

I’ve managed to not need to rely on that. I believe it’s obvious
why I’m trying to. I *did* find something recently that would
have benefit from musl detection, but it’s just avoiding a bug
in old musl versions, so I’m leaving that to the packager and
document it. (The testsuite also catches it so I’m now urging
people even more to run it.)

bye,
//mirabilos
--
Sometimes they [people] care too much: pretty printers [and syntax highligh-
ting, d.A.] mechanically produce pretty output that accentuates irrelevant
detail in the program, which is as sensible as putting all the prepositions
in English text in bold font. -- Rob Pike in "Notes on Programming in C"

[Darren Tucker]

On Fri, Feb 18, 2022 at 12:23:35AM +0100, Thorsten Glaser wrote:
> On Fri, 18 Feb 2022, Damien Miller wrote:
>
> > Darren, is there any chance of making an Alpine VM to test against?
>
> If it helps, I can reproduce this on Debian, with musl-tools installed.

Thanks, that does help. I'll add that to the github CI test configs.

Looks like it's actually poll vs select.

$ autoreconf
$ CC=musl-gcc ./configure --without-openssl --without-zlib --with-cflags=-DBROKEN_POLL

with this patch passes. Might be the pfd.fd=-1 for marking FDs as
unused that's causing it to fail?

[...]

> (Why the configure script doesn't configure the tests so
> they run only those that can actually be run without OpenSSL

> is beyond me???)

Both those tests and the Makefile predate --without-openssl by a
considerable time. Right now regress/Makefile is not processed by
configure and changing that never made it to the top of a to-do list.

diff --git a/configure.ac b/configure.ac
index a22eb444..eb2872c6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -456,6 +456,7 @@ AC_CHECK_HEADERS([ \
sys/mman.h \
sys/label.h \
sys/ndir.h \
+ sys/param.h \
sys/poll.h \
sys/prctl.h \
sys/procctl.h \
diff --git a/openbsd-compat/bsd-poll.c b/openbsd-compat/bsd-poll.c
index f8b427fc..781ee978 100644
--- a/openbsd-compat/bsd-poll.c
+++ b/openbsd-compat/bsd-poll.c
@@ -19,6 +19,9 @@

#include <sys/types.h>
#include <sys/time.h>
+#ifdef HAVE_SYS_PARAM_H
+# include <sys/param.h>
+#endif
#ifdef HAVE_SYS_SELECT_H
# include <sys/select.h>
#endif
diff --git a/openbsd-compat/bsd-poll.h b/openbsd-compat/bsd-poll.h
index fb99b66f..586647ee 100644
--- a/openbsd-compat/bsd-poll.h
+++ b/openbsd-compat/bsd-poll.h
@@ -33,8 +33,7 @@
#include <sys/types.h>
#ifdef HAVE_POLL_H
# include <poll.h>
-#endif
-#ifdef HAVE_SYS_POLL_H
+#elif HAVE_SYS_POLL_H
# include <sys/poll.h>
#endif

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[Darren Tucker]

On Fri, 18 Feb 2022 at 09:53, Damien Miller <d...@mindrot.org> wrote:
> Darren, is there any chance of making an Alpine VM to test against?

That would be easy enough, but based on the repro case from Thorsten I
think we'd get sufficient test coverage by adding a MUSL test to the
github CI (which I'll do).

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[Thorsten Glaser]

On Fri, 18 Feb 2022, Darren Tucker wrote:

> Thanks, that does help. I'll add that to the github CI test configs.

You’re welcome.

> with this patch passes. Might be the pfd.fd=-1 for marking FDs as
> unused that's causing it to fail?

Hmm. POSIX says:

If the value of fd is less than 0, events shall be ignored, and
revents shall be set to 0 in that entry on return from poll().

musl says they strictly follow POSIX. Might be a bug?
Probably best to ask there. http://musl.libc.org/ links to IRC and
a mailing list. I checked their known issues list, but poll doesn’t
show up there.

> > (Why the configure script doesn't configure the tests so
> > they run only those that can actually be run without OpenSSL
> > is beyond me???)
>
> Both those tests and the Makefile predate --without-openssl by a
> considerable time. Right now regress/Makefile is not processed by
> configure and changing that never made it to the top of a to-do list.

Ah, okay.

bye,
//mirabilos
--
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

****************************************************
/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against Mit dem tarent-Newsletter nichts mehr verpassen:
 ╳  HTML eMail! Also, https://www.tarent.de/newsletter
╱ ╲ header encryption!
****************************************************

[Steffen Nurpmeso]

Thorsten Glaser wrote in
<d0d930df-597a-933c...@tarent.de>:

|On Fri, 18 Feb 2022, Steffen Nurpmeso wrote:
|
|> The TinyC compiler tcc does
|>
|> #?0|kent:tcc.git$ git grep -i musl master
|> ...
|> master:configure: --config-uClibc,-musl,-mingw32... enable system \
|> specific configurations
|> master:configure: if test -f "/lib/ld-musl-$cpu.so.1"; then

|> master:configure: echo "Perhaps you want ./configure --config-\
|> musl"
|
|Ouch, completely bogus.

It is a nice hint imho.

|I’ve found one reliable way to detect musl at configure time,
|at least for the last couple of years of their releases.
|
|Compile and link a hello-world program, then check whether the
|binary contains MUSL_LOCPATH as string.

That .. does not seem to be true for native musl systems?
You could grep for ld-musl or libc.musl though, *i think*.

|I’ve managed to not need to rely on that. I believe it’s obvious
|why I’m trying to. I *did* find something recently that would
|have benefit from musl detection, but it’s just avoiding a bug
|in old musl versions, so I’m leaving that to the packager and
|document it. (The testsuite also catches it so I’m now urging
|people even more to run it.)

--steffen

|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)

[Thorsten Glaser]

On Fri, 18 Feb 2022, Steffen Nurpmeso wrote:

> |Ouch, completely bogus.
>
> It is a nice hint imho.

Nope. It hardcodes a path into the *host* system. Absolutely wrong,
on multiple counts. (It would also trigger, say, on a glibc system
with musl installed.)

> That .. does not seem to be true for native musl systems?

Link statically.

bye,
//mirabilos
--
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

****************************************************
/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against Mit dem tarent-Newsletter nichts mehr verpassen:
 ╳  HTML eMail! Also, https://www.tarent.de/newsletter
╱ ╲ header encryption!
****************************************************

[Steffen Nurpmeso]

Thorsten Glaser wrote in
<dcc7333-54da-3e2...@tarent.de>:

|On Fri, 18 Feb 2022, Steffen Nurpmeso wrote:
|
|>|Ouch, completely bogus.
|>
|> It is a nice hint imho.
|
|Nope. It hardcodes a path into the *host* system. Absolutely wrong,
|on multiple counts. (It would also trigger, say, on a glibc system
|with musl installed.)

Well it may look secondarily. This is musl libc in the end.
And note it does not, as per the snippet you removed, perform any
action on its own, it just gives a hint for a specific configure
option which does. I am using the same mechanism (i have not
invented it) in my ~/.profile, for setting LC_ALL.

|> That .. does not seem to be true for native musl systems?
|
|Link statically.

Nah. For hello world you mean? Well despite Theo de Raadt
ranting (as its -static) .. requires special or at least
non-standardized flags itself.
On AlpineLinux there is no static musl, and never has been in the
past seven years i use it. But wait, i track musl for almost as
long, too:

#?0|kent:musl.git$ git grep -i LOCPA master
master:WHATSNEW:- MUSL_LOCPATH search was broken with multiple components
master:src/locale/locale_map.c: if (!libc.secure) path = getenv("MUSL_LOCPATH");

Never heard of it.

--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)

[Thorsten Glaser]

(retopiccing and trimming Cc)

On Fri, 18 Feb 2022, Steffen Nurpmeso wrote:

> Well it may look secondarily. This is musl libc in the end.
> And note it does not, as per the snippet you removed, perform any
> action on its own, it just gives a hint for a specific configure
> option which does.

I don’t understand what you are trying to say here.

> |>|Ouch, completely bogus.
> |>
> |> It is a nice hint imho.
> |
> |Nope. It hardcodes a path into the *host* system. Absolutely wrong,
> |on multiple counts. (It would also trigger, say, on a glibc system
> |with musl installed.)

> I am using the same mechanism (i have not

> invented it) in my ~/.profile, for setting LC_ALL.

It’s plain wrong, that’s what it is.

lrwxrwxrwx 1 root root 25 2. Okt 14:47 /lib/ld-linux.so.2 -> i386-linux-gnu/ld-2.31.so*
lrwxrwxrwx 1 root root 25 15. Jan 2021 /lib/ld-musl-x86_64.so.1 -> x86_64-linux-musl/libc.so*

This Debian system just has both, so you cannot use this to detect musl.

(Similarily, you cannot use this to detect a pure-static musl system;
I’m told the suckless people have interest in these.)

> |Link statically.
>
> Nah. For hello world you mean?

Yes, link the hello world statically so strings will show MUSL_LOCPATH
occurring. You can use -static for this, or the distro is broken.

> #?0|kent:musl.git$ git grep -i LOCPA master
> master:WHATSNEW:- MUSL_LOCPATH search was broken with multiple components
> master:src/locale/locale_map.c: if (!libc.secure) path = getenv("MUSL_LOCPATH");

Yes, this is where it comes from.

> Never heard of it.

It’s probably their equivalent of glibc LOCPATH: a path where a user
can install custom locales into.
See: https://serverfault.com/a/1093896/189656

gl hf,

//mirabilos
--
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

****************************************************
/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against Mit dem tarent-Newsletter nichts mehr verpassen:
 ╳  HTML eMail! Also, https://www.tarent.de/newsletter
╱ ╲ header encryption!
****************************************************

[Steffen Nurpmeso]

Thorsten Glaser wrote in
<96cab59-5c-d87c-...@tarent.de>:

|(retopiccing and trimming Cc)
|On Fri, 18 Feb 2022, Steffen Nurpmeso wrote:
|
|> Well it may look secondarily. This is musl libc in the end.
|> And note it does not, as per the snippet you removed, perform any
|> action on its own, it just gives a hint for a specific configure
|> option which does.
|
|I don’t understand what you are trying to say here.
|
|>|>|Ouch, completely bogus.
|>|>
|>|> It is a nice hint imho.
|>|
|>|Nope. It hardcodes a path into the *host* system. Absolutely wrong,
|>|on multiple counts. (It would also trigger, say, on a glibc system
|>|with musl installed.)
|
|> I am using the same mechanism (i have not
|> invented it) in my ~/.profile, for setting LC_ALL.
|
|It’s plain wrong, that’s what it is.
|

|lrwxrwxrwx 1 root root 25 2. Okt 14:47 /lib/ld-linux.so.2 -> i386-linux\

|-gnu/ld-2.31.so*
|lrwxrwxrwx 1 root root 25 15. Jan 2021 /lib/ld-musl-x86_64.so.1 -> \
|x86_64-linux-musl/libc.so*
|
|This Debian system just has both, so you cannot use this to detect musl.

We were talking about AlpineLinux aka a native musl system, it was
you who came over with some sort of special development or
otherwise special-purpose thing, Mr.

|(Similarily, you cannot use this to detect a pure-static musl system;
|I’m told the suckless people have interest in these.)
|
|>|Link statically.
|>
|> Nah. For hello world you mean?
|
|Yes, link the hello world statically so strings will show MUSL_LOCPATH
|occurring. You can use -static for this, or the distro is broken.

You do have a static musl on your box Mr.?

|> #?0|kent:musl.git$ git grep -i LOCPA master
|> master:WHATSNEW:- MUSL_LOCPATH search was broken with multiple \
|> components

|> master:src/locale/locale_map.c: if (!libc.secure) path = getenv("MUSL_L\

|> OCPATH");
|
|Yes, this is where it comes from.
|
|> Never heard of it.
|
|It’s probably their equivalent of glibc LOCPATH: a path where a user
|can install custom locales into.
|See: https://serverfault.com/a/1093896/189656

I fail to see how this can be used to reliable detect this
environment.

A nice weekend everybody, if you can.

--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)

[Val Baranov]

On 2/9/22 20:18, Damien Miller wrote:

> Hi,

>

> OpenSSH 8.9p1 is almost ready for release, so we would appreciate

> testing on as many platforms and systems as possible. This is a bugfix release.

>

>

openssh-SNAP-20220211.tar.gz
IBM XL C/C++ for AIX, V11.1 (5724-X13)
Version: 11.01.0000.0023
OpenSSL 1.1.1m 14 Dec 2021
AIX 7.1 TL5 SP8

# make tests
./install-sh -c -d `pwd`/regress/unittests/test_helper
Target "all" is up to date....
<skip>
xlc -g -q64 -I. -I. -I/usr/local/openssl/include -I/usr/local/zlib/include -DSSHDIR=\"/usr/local/openssh/etc\" -D_PATH_SSH_PROGRAM=\"/usr/local/openssh/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT=\"/usr/local/openssh/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER=\"/usr/local/openssh/libexec/sftp-server\" -D_PATH_SSH_KEY_SIGN=\"/usr/local/openssh/libexec/ssh-keysign\" -D_PATH_SSH_PKCS11_HELPER=\"/usr/local/openssh/libexec/ssh-pkcs11-helper\" -D_PATH_SSH_SK_HELPER=\"/usr/local/openssh/libexec/ssh-sk-helper\" -D_PATH_SSH_PIDDIR=\"/var/run\" -D_PATH_PRIVSEP_CHROOT_DIR=\"/var/empty\" -DHAVE_CONFIG_H -fPIC -shared -o regress/misc/sk-dummy/sk-dummy.so regress/misc/sk-dummy/sk-dummy.lo regress/misc/sk-dummy/fatal.lo ed25519.lo hash.lo ge25519.lo fe25519.lo sc25519.lo verify.lo -L. -Lopenbsd-compat -lopenbsd-compat -L. -Lopenbsd-compat/ -L/usr/local/openssl/lib -L/usr/local/zlib/lib -q64 -blibpath:/usr/lib:/lib -lcrypto -lz -lpthread
xlc: 1501-218 (W) file regress/misc/sk-dummy/sk-dummy.lo contains an incorrect file suffix
xlc: 1501-218 (W) file regress/misc/sk-dummy/fatal.lo contains an incorrect file suffix
xlc: 1501-218 (W) file ed25519.lo contains an incorrect file suffix
xlc: 1501-218 (W) file hash.lo contains an incorrect file suffix
xlc: 1501-218 (W) file ge25519.lo contains an incorrect file suffix
xlc: 1501-218 (W) file fe25519.lo contains an incorrect file suffix
xlc: 1501-218 (W) file sc25519.lo contains an incorrect file suffix
xlc: 1501-218 (W) file verify.lo contains an incorrect file suffix
ld: 0706-005 Cannot find or open file: PIC
ld:fopen(): A file or directory in the path name does not exist.
ld: 0706-012 The -h flag is not recognized.
ld: 0706-012 The -a flag is not recognized.
make: 1254-004 The error code from the last command is 255.

Stop.

--
Using gmake does not make difference.
As a remedy in order to proceed further, commented out 2 lines below in Makefile:

regress/misc/sk-dummy/sk-dummy.so: $(SK_DUMMY_OBJS)
# $(CC) $(CFLAGS) $(CPPFLAGS) -fPIC -shared -o $@ $(SK_DUMMY_OBJS) \
# -L. -Lopenbsd-compat -lopenbsd-compat $(LDFLAGS_NOPIE) $(LIBS)


Then ran "make tests" again:
# make tests
<skip>
ok sshd_config matchlisten
run test percent.sh ...
percent expansions matchexec percent
percent expansions localcommand percent
percent expansions remotecommand percent
percent expansions controlpath percent
percent expansions identityagent percent
percent expansions forwardagent percent
percent expansions localforward percent
percent expansions remoteforward percent
percent expansions userknownhostsfile percent
percent expansions controlpath dollar
percent expansions identityagent dollar
percent expansions forwardagent dollar
percent expansions localforward dollar
percent expansions remoteforward dollar
percent expansions userknownhostsfile dollar
percent expansions controlpath tilde
controlpath=~ expect // got /
controlpath=~/.ssh expect //.ssh got /.ssh
percent expansions identityagent tilde
identityagent=~ expect // got /
identityagent=~/.ssh expect //.ssh got /.ssh
percent expansions forwardagent tilde
forwardagent=~ expect // got /
forwardagent=~/.ssh expect //.ssh got /.ssh
failed percent expansions
make: 1254-004 The error code from the last command is 1.

This one need help to resolve. Thanks!
--

/* Val Baranov <val.b...@duke.edu <mailto:val.b...@duke.edu%20> > */

[Darren Tucker]

On Sat, 19 Feb 2022 at 11:50, Val Baranov <val.b...@duke.edu> wrote:
[...]

> openssh-SNAP-20220211.tar.gz
> IBM XL C/C++ for AIX, V11.1 (5724-X13)
> Version: 11.01.0000.0023
> OpenSSL 1.1.1m 14 Dec 2021
> AIX 7.1 TL5 SP8

[...]

> xlc: 1501-218 (W) file regress/misc/sk-dummy/sk-dummy.lo contains an incorrect file suffix
> xlc: 1501-218 (W) file regress/misc/sk-dummy/fatal.lo contains an incorrect file suffix

This is the shared library used for testing security key integration,
and it fails because our Makefile doesn't understand how to build
shared libraries on AIX.

> As a remedy in order to proceed further, commented out 2 lines below in Makefile:

You could also configure with either of --disable-security-key or
--with-security-key-builtin which (I think) will skip trying to build
that shared library.

> percent expansions forwardagent tilde
> forwardagent=~ expect // got /

I think this is because you are running the tests as root. I can
reproduce on my obsolete AIX system here. I think the test does the
wrong thing in this case (it needs to do the equivalent of realpath on
the expected string).

You can run the tests with "SUDO=sudo make tests" to run most of the
tests as a regular user and invoke sudo when necessary to exercise the
privileged bits.

--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

[Darren Tucker]

On Sat, 19 Feb 2022 at 16:10, Darren Tucker <dtu...@dtucker.net> wrote:
[...]

> I think this is because you are running the tests as root. I can
> reproduce on my obsolete AIX system here. I think the test does the
> wrong thing in this case (it needs to do the equivalent of realpath on
> the expected string).

This should be fixed by commit fbd7725 in the next snapshot. Thanks
for letting us know.

[Darren Tucker]

On Fri, 18 Feb 2022 at 11:45, Darren Tucker <dtu...@gate.dtucker.net> wrote:
> Looks like it's actually poll vs select.
>
> $ autoreconf
> $ CC=musl-gcc ./configure --without-openssl --without-zlib --with-cflags=-DBROKEN_POLL

TL;DR: it's the combination of the rlimit sandbox and some poll
implementations which fail with EINVAL if "nfds was greater than the
number of available file descriptors".

Additional data point: it seems to be an interaction with the rlimit
sandbox since:
$ ./configure --without-sandbox && make t-exec
passes. By default, it picks the rlimit sandbox
$ ./configure && egrep '#define.*SANDBOX' config.h
#define SANDBOX_RLIMIT 1

On some platforms select(2) fails if it can't open a new FD (these
seem to be ones where select is implemented in userspace on top of
poll).

Here's an strace of where it fails:
30131 write(4, "\0\0\0044\7\24\357\342@\2060\350\0073hV\3\225d\202PH\0\0\1\tcurve2"...,
1080) = 1080
30131 ppoll([{fd=4, events=POLLIN}], 1, NULL, NULL, 8) = -1 EINVAL
(Invalid argument)
30131 munmap(0x7f784ac57000, 4096) = 0

and the call stack where it fails (frame 0 elided since it was my
debugging hack):

#1 0x00005555555b926e in ssh_packet_read_seqnr
(ssh=ssh@entry=0x7ffff7ca7070, typep=typep@entry=0x7fffffffe5c3 "",
seqnr_p=seqnr_p@entry=0x7fffffffe5c4) at packet.c:1368
#2 0x00005555555be322 in ssh_dispatch_run
(ssh=ssh@entry=0x7ffff7ca7070, mode=mode@entry=0, done=0x7ffff7ca7b98)
at dispatch.c:96
#3 0x00005555555be429 in ssh_dispatch_run_fatal
(ssh=ssh@entry=0x7ffff7ca7070, mode=mode@entry=0, done=<optimized
out>)
at dispatch.c:133
#4 0x000055555556106f in do_ssh2_kex (ssh=0x7ffff7ca7070) at sshd.c:2404
#5 main (ac=<optimized out>, av=<optimized out>) at sshd.c:2231

packet.c line 1368 is
if ((r = ppoll(&pfd, 1, timespecp, NULL)) >= 0)
break;

If we stick this in a test program with the rlmits:

$ cat test.c
#define _GNU_SOURCE
#include <sys/resource.h>
#include <errno.h>
#include <string.h>
#include <fcntl.h>
#include <stdlib.h>
#include <stdio.h>
#include <signal.h>
#include <poll.h>

int main(void)
{
struct rlimit rl_zero;
int r;
struct pollfd pfd;

pfd.fd = open("/dev/null", O_RDWR);
pfd.events = POLLIN|POLLOUT;
r = ppoll(&pfd, 1, NULL, NULL);
printf("before rlimit, poll returned %d (%s)\n", r, strerror(errno));
rl_zero.rlim_cur = rl_zero.rlim_max = 0;
setrlimit(RLIMIT_FSIZE, &rl_zero);
setrlimit(RLIMIT_NOFILE, &rl_zero);
r = ppoll(&pfd, 1, NULL, NULL);
printf("after rlimit poll returned %d (%s)\n", r, strerror(errno));
}

$ gcc test.c && ./a.out
before rlimit, poll returned 1 (Success)
after rlimit poll returned -1 (Invalid argument)

This happens on at least Linux+glibc and OpenBSD too. Why? It's
documented! Both Linux and OpenBSD have something like:

ERRORS
poll() and ppoll() will fail if:
[...]
[EINVAL] nfds was greater than the number of available file
descriptors.

and is in fact specified by POSIX[1]:

ERRORS
The poll() function shall fail if:
[EINVAL] The nfds argument is greater than {OPEN_MAX}

This is arguably not useful behaviour (it's not creating a new
descriptor, and in this case we know the FD is perfectly valid since
we successfully wrote to it immediately before the ppoll).

Why does it not happen on other Linux configurations? Those have
different sandbox implementations.

We have a check for similar behaviour in select(), we probably need to
add an equivalent one for poll().

[1] https://pubs.opengroup.org/onlinepubs/9699919799/functions/poll.html

[Dmitry Belyavskiy]

Current master (bc16667b4a1c3cad7029304853c143a32ae04bd4) fails on Fedora
35 when building building tests with
========
cc -o regress/unittests/misc/test_misc -L. -Lopenbsd-compat/ -Wl,-z,relro
-Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie
regress/unittests/misc/tests.o regress/unittests/misc/test_parse.o
regress/unittests/misc/test_expand.o regress/unittests/misc/test_convtime.o
regress/unittests/misc/test_argv.o regress/unittests/misc/test_strdelim.o
regress/unittests/misc/test_hpdelim.o \
regress/unittests/test_helper/libtest_helper.a \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lz -lcrypt
/usr/bin/ld: regress/unittests/misc/test_hpdelim.o: relocation R_X86_64_32
against `.rodata.str1.1' can not be used when making a PIE object;
recompile with -fPIE
collect2: error: ld returned 1 exit status
make: *** [Makefile:665: regress/unittests/misc/test_misc] Error 1
========
Configuration results (after autoreconf && configure):
========

OpenSSH has been configured with the following options:
User binaries: /usr/local/bin
System binaries: /usr/local/sbin
Configuration files: /usr/local/etc
Askpass program: /usr/local/libexec/ssh-askpass
Manual pages: /usr/local/share/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH:
/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
Manpage format: doc
PAM support: no
OSF SIA support: no
KerberosV support: no
SELinux support: no
libedit support: no
libldns support: no
Solaris process contract support: no
Solaris project support: no
Solaris privilege support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: yes
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Privsep sandbox style: seccomp_filter
PKCS#11 support: yes
U2F/FIDO support: yes

Host: x86_64-pc-linux-gnu
Compiler: cc
Compiler flags: -g -O2 -pipe -Wno-error=format-truncation -Wall -Wextra
-Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security
-Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-parameter
-Wno-unused-result -Wimplicit-fallthrough -Wmisleading-indentation
-fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fzero-call-used-regs=all
-fno-builtin-memset -fstack-protector-strong -fPIE
Preprocessor flags: -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE
Linker flags: -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack
-fstack-protector-strong -pie
Libraries: -lcrypto -lz -lcrypt
========

On Thu, Feb 10, 2022 at 5:21 AM Damien Miller <d...@mindrot.org> wrote:

> Hi,
>
> OpenSSH 8.9p1 is almost ready for release, so we would appreciate testing
> on as many platforms and systems as possible. This is a bugfix release.
>

> Snapshot releases for portable OpenSSH are available from
> http://www.mindrot.org/openssh_snap/
>
> The OpenBSD version is available in CVS HEAD:
> http://www.openbsd.org/anoncvs.html
>
> Portable OpenSSH is also available via git using the
> instructions at http://www.openssh.com/portable.html#cvs
> At https://anongit.mindrot.org/openssh.git/ or via a mirror at Github:
> https://github.com/openssh/openssh-portable
>
> Running the regression tests supplied with Portable OpenSSH does not
> require installation and is a simply:
>
> $ ./configure && make tests
>
> Live testing on suitable non-production systems is also appreciated.
> Please send reports of success or failure to
> openssh-...@mindrot.org. Security bugs should be reported
> directly to ope...@openssh.com.
>
> Below is a summary of changes. More detail may be found in the ChangeLog
> in the portable OpenSSH tarballs.
>
> Thanks to the many people who contributed to this release.
>
> Future deprecation notice
> =========================
>
> A near-future release of OpenSSH will switch scp(1) from using the
> legacy scp/rcp protocol to using SFTP by default.
>
> Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
> "scp host:* .") through the remote shell. This has the side effect of
> requiring double quoting of shell meta-characters in file names
> included on scp(1) command-lines, otherwise they could be interpreted
> as shell commands on the remote side.
>
> This creates one area of potential incompatibility: scp(1) when using
> the SFTP protocol no longer requires this finicky and brittle quoting,
> and attempts to use it may cause transfers to fail. We consider the
> removal of the need for double-quoting shell characters in file names
> to be a benefit and do not intend to introduce bug-compatibility for
> legacy scp/rcp in scp(1) when using the SFTP protocol.
>
> Another area of potential incompatibility relates to the use of remote
> paths relative to other user's home directories, for example -
> "scp host:~user/file /tmp". The SFTP protocol has no native way to
> expand a ~user path. However, sftp-server(8) in OpenSSH 8.7 and later
> support a protocol extension "expan...@openssh.com" to support
> this.
>
> Potentially-incompatible changes
> ================================
>
> * sshd(8), portable OpenSSH only: this release removes in-built
> support for MD5-hashed passwords. If you require these on your
> system then we recommend linking against libxcrypt or similar.
>
> * This release modifies the FIDO security key middleware interface
> and increments SSH_SK_VERSION_MAJOR.
>
> Changes since OpenSSH 8.8
> =========================
>
> This release includes a number of new features.
>
> New features
> ------------
>
> * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
> restricting forwarding and use of keys added to ssh-agent(1)
> A detailed description of the feature is available at
> https://www.openssh.com/agent-restrict.html and the protocol
> extensions are documented in the PROTOCOL and PROTOCOL.agent
> files in the source release.

>
> * ssh(1), sshd(8): add the sntrup761x2...@openssh.com hybrid
> ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
> default KEXAlgorithms list (after the ECDH methods but before the
> prime-group DH ones).
>

> * ssh-keygen(1): when downloading resident keys from a FIDO token,
> pass back the user ID that was used when the key was created and
> append it to the filename the key is written to (if it is not the
> default). Avoids keys being clobbered if the user created multiple
> resident keys with the same application string but different user
> IDs.
>
> * ssh-keygen(1), ssh(1), ssh-agent(1): better handling for FIDO keys
> on tokens that provide user verification (UV) on the device itself,
> including biometric keys, avoiding unnecessary PIN prompts.
>
> * ssh-keygen(1): add "ssh-keygen -Y match-principals" operation to
> perform matching of principals names against an allowed signers
> file. To be used towards a TOFU model for SSH signatures in git.
>
> * ssh-add(1), ssh-agent(1): allow pin-required FIDO keys to be added
> to ssh-agent(1). $SSH_ASKPASS will be used to request the PIN at
> authentication time.
>
> * ssh-keygen(1): allow selection of hash at sshsig signing time
> (either sha512 (default) or sha256).
>
> * ssh(1), sshd(8): read network data directly to the packet input
> buffer instead indirectly via a small stack buffer. Provides a
> modest performance improvement.
>
> * ssh(1), sshd(8): read data directly to the channel input buffer,
> providing a similar modest performance improvement.
>
> * ssh(1): extend the PubkeyAuthentication configuration directive to
> accept yes|no|unbound|host-bound to allow control over one of the
> protocol extensions used to implement agent-restricted keys.
>
> Bugfixes
> --------
>
> * sshd(8): document that CASignatureAlgorithms, ExposeAuthInfo and
> PubkeyAuthOptions can be used in a Match block. PR#277.
>
> * ssh-keysign(1): unbreak for KEX algorithms that use SHA384/512
> exchange hashes
>
> * ssh(1): don't put the TTY into raw mode when SessionType=none,
> avoids ^C being unable to kill such a session. bz3360
>
> * scp(1): fix some corner-case bugs in SFTP-mode handling of
> ~-prefixed paths.
>
> * ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to
> select RSA keys when only RSA/SHA2 signature algorithms are
> configured (this is the default case). Previously RSA keys were
> not being considered in the default case.
>
> * ssh-keysign(1): make ssh-keysign use the requested signature
> algorithm and not the default for the key type. Part of unbreaking
> hostbased auth for RSA/SHA2 keys.
>
> * ssh(1): stricter UpdateHostkey signature verification logic on
> the client- side. Require RSA/SHA2 signatures for RSA hostkeys
> except when RSA/SHA1 was explicitly negotiated during initial
> KEX; bz3375
>
> * ssh(1), sshd(8): fix signature algorithm selection logic for
> UpdateHostkeys on the server side. The previous code tried to
> prefer RSA/SHA2 for hostkey proofs of RSA keys, but missed some
> cases. This will use RSA/SHA2 signatures for RSA keys if the
> client proposed these algorithms in initial KEX. bz3375
>
> * All: convert all uses of select(2)/pselect(2) to poll(2)/ppoll(2).
> This includes the mainloops in ssh(1), ssh-agent(1), ssh-agent(1)
> and sftp-server(8), as well as the sshd(8) listen loop and all
> other FD read/writability checks. On platforms with missing or
> broken poll(2)/ppoll(2) syscalls as select(2)-based compat shim is
> available.
>
> * ssh-keygen(1): the "-Y find-principals" command was verifying key
> validity when using ca certs but not with simple key lifetimes
> within the allowed signers file.
>
> * ssh-keygen(1): make sshsig verify-time argument parsing optional
>
> * ssh(1), ssh-agent(1): avoid xmalloc(0) for PKCS#11 keyid for ECDSA
> keys (we already did this for RSA keys). Avoids fatal errors for
> PKCS#11 libraries that return empty keyid, e.g. Microchip ATECC608B
> "cryptoauthlib"; bz#3364
>
> * ssh(1), ssh-agent(1): improve the testing of credentials against
> inserted FIDO: ask the token whether a particular key belongs to
> it in cases where the token supports on-token user-verification
> (e.g. biometrics) rather than just assuming that it will accept it.
>
> Will reduce spurious "Confirm user presence" notifications for key
> handles that relate to FIDO keys that are not currently inserted in at
> least some cases. bz3366
>
> * ssh(1), sshd(8): correct value for IPTOS_DSCP_LE. It needs to
> allow for the preceding two ECN bits. bz#3373
>
> * ssh-keygen(1): add missing -O option to usage() for the "-Y sign"
> option.
>
> * ssh-keygen(1): fix a NULL deref when using the find-principals
> function, when matching an allowed_signers line that contains a
> namespace restriction, but no restriction specified on the
> command-line
>
> * ssh-agent(1): fix memleak in process_extension(); oss-fuzz
> issue #42719
>
> * ssh(1): suppress "Connection to xxx closed" messages when LogLevel
> is set to "error" or above. bz3378
>
> * ssh(1), sshd(8): use correct zlib flags when inflate(3)-ing
> compressed packet data. bz3372
>
> * scp(1): when recursively transferring files in SFTP mode, create the
> destination directory if it doesn't already exist to match scp(1) in
> legacy RCP mode behaviour.
>
> * scp(1): many improvements in error message consistency between scp(1)
> in SFTP mode vs legacy RCP mode.
>
> * sshd(8): fix potential race in SIGTERM handling PR#289
>
> * ssh(1), ssh(8): since DSA keys are deprecated, move them to the
> end of the default list of public keys so that they will be tried
> last. PR#295
>
> * ssh-keygen(1): allow 'ssh-keygen -Y find-principals' to match
> wildcard principals in allowed_signers files
>
> Portability
> -----------
>
> * ssh(1), sshd(8): don't trust closefrom(2) on Linux. glibc's
> implementation does not work in a chroot when the kernel does not
> have close_range(2). It tries to read from /proc/self/fd and when
> that fails dies with an assertion of sorts. Instead, call
> close_range(2) directly from our compat code and fall back if
> that fails. bz#3349,
>
> * OS X poll(2) is broken; use compat replacement. For character-
> special devices like /dev/null, Darwin's poll(2) returns POLLNVAL
> when polled with POLLIN. Apparently this is Apple bug 3710161 -
> not public but a websearch will find other OSS projects
> rediscovering it periodically since it was first identified in
> 2005.
>
> * Correct handling of exceptfds/POLLPRI in our select(2)-based
> poll(2)/ppoll(2) compat implementation.
>
> * Cygwin: correct checking of mbstowcs() return value.
>
> * Add a basic SECURITY.md that refers people to the openssh.com
> website.
>
> * Enable additional compiler warnings and toolchain hardening flags,
> including -Wbitwise-instead-of-logical, -Wmisleading-indentation,
> -fzero-call-used-regs and -ftrivial-auto-var-init.
>
> * HP/UX. Use compat getline(3) on HP-UX 10.x, where the libc version
> is not reliable.

> _______________________________________________
> openssh-unix-dev mailing list
> openssh-...@mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>

--
Dmitry Belyavskiy

[Damien Miller]

On Tue, 22 Feb 2022, Dmitry Belyavskiy wrote:

> Current master (bc16667b4a1c3cad7029304853c143a32ae04bd4) fails on Fedora 35
> when building building tests with========
> cc -o regress/unittests/misc/test_misc -L. -Lopenbsd-compat/  -Wl,-z,relro
> -Wl,-z,now -Wl,-z,noexecstack -fstack-protector-strong -pie
>  regress/unittests/misc/tests.o regress/unittests/misc/test_parse.o
> regress/unittests/misc/test_expand.o regress/unittests/misc/test_convtime.o
> regress/unittests/misc/test_argv.o regress/unittests/misc/test_strdelim.o
> regress/unittests/misc/test_hpdelim.o \
>     regress/unittests/test_helper/libtest_helper.a \
>     -lssh -lopenbsd-compat -lssh -lopenbsd-compat -lcrypto -lz  -lcrypt
> /usr/bin/ld: regress/unittests/misc/test_hpdelim.o: relocation R_X86_64_32
> against `.rodata.str1.1' can not be used when making a PIE object; recompile
> with -fPIE

That's weird, because according to the configure output, -fPIE is already
in CFLAGS.

>     Compiler flags: -g -O2 -pipe -Wno-error=format-truncation -Wall -Wextra
> -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security
> -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-parameter
> -Wno-unused-result -Wimplicit-fallthrough -Wmisleading-indentation
> -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fzero-call-used-regs=all
> -fno-builtin-memset -fstack-protector-strong -fPIE

Is it possible you had an old .o file laying around from a previous
compilation?

If not, then please dig out the make output for the compilation of
test_hpdelim.c and see whather -fPIE is applied there correctly.

-d

[Damien Miller]

FWIW, I couldn't replicate this in a fedora35 VM

[Dmitry Belyavskiy]

Thanks!

make clean && make resolved the issue. Sorry for disturbing you.

--
Dmitry Belyavskiy

[Damien Miller]

On Wed, 23 Feb 2022, Dmitry Belyavskiy wrote:

> Thanks!
> make clean && make resolved the issue. Sorry for disturbing you.

no problem - better than missing a problem :)