#48044 closed defect (fixed)
openssh-6.8p1_1: none cipher disabled
| Reported by: | bock@… | Owned by: | Ionic (Mihai Moldovan) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | 2.3.3 |
| Keywords: | Cc: | neverpanic (Clemens Lang), Ionic (Mihai Moldovan) | |
| Port: | openssh |
Description
Hello. I tried to have working openssh with HPN, but it doesn't work.
sudo port install openssh +hpn+kerberos5+xauth
---> Computing dependencies for python27
---> Fetching archive for python27
---> Attempting to fetch python27-2.7.10_2.darwin_14.x86_64.tbz2 from http://mse.uk.packages.macports.org/sites/packages.macports.org/python27
---> Attempting to fetch python27-2.7.10_2.darwin_14.x86_64.tbz2.rmd160 from http://mse.uk.packages.macports.org/sites/packages.macports.org/python27
---> Installing python27 @2.7.10_2
---> Cleaning python27
---> Computing dependencies for python27
---> Deactivating python27 @2.7.9_0
---> Cleaning python27
---> Activating python27 @2.7.10_2
To make this the default Python or Python 2 (i.e., the version run by the 'python' or 'python2' commands), run one or both of:
sudo port select --set python python27
sudo port select --set python2 python27
---> Cleaning python27
---> Computing dependencies for openssh
---> Fetching archive for openssh
---> Attempting to fetch openssh-6.8p1_1+hpn+kerberos5+xauth.darwin_14.x86_64.tbz2 from http://mse.uk.packages.macports.org/sites/packages.macports.org/openssh
---> Attempting to fetch openssh-6.8p1_1+hpn+kerberos5+xauth.darwin_14.x86_64.tbz2 from http://lil.fr.packages.macports.org/openssh
---> Attempting to fetch openssh-6.8p1_1+hpn+kerberos5+xauth.darwin_14.x86_64.tbz2 from http://nue.de.packages.macports.org/macports/packages/openssh
---> Fetching distfiles for openssh
---> Verifying checksums for openssh
---> Extracting openssh
---> Applying patches to openssh
---> Configuring openssh
---> Building openssh
---> Staging openssh into destroot
---> Creating launchd control script
###########################################################
# A startup item has been generated that will aid in
# starting openssh with launchd. It is disabled
# by default. Execute the following command to start it,
# and to cause it to launch at startup:
#
# sudo port load openssh
###########################################################
---> Installing openssh @6.8p1_1+hpn+kerberos5+xauth
---> Activating openssh @6.8p1_1+hpn+kerberos5+xauth
---> Cleaning openssh
---> Updating database of binaries
---> Scanning binaries for linking errors
---> No broken files found.
bock@wax-air(/Users/bock)> sudo port info openssh
Password:
openssh @6.8p1_1 (net)
Variants: gsskex, hpn, [+]kerberos5, ldns, universal, [+]xauth
Description: OpenSSH is a FREE version of the SSH protocol suite of network connectivity tools that increasing numbers of people on the Internet are coming to
rely on. Many users of telnet, rlogin, ftp, and other such programs might not realize that their password is transmitted across the Internet
unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other
network-level attacks. Additionally, OpenSSH provides a myriad of secure tunneling capabilities, as well as a variety of authentication methods.
Homepage: http://www.openbsd.org/openssh/
Library Dependencies: openssl, zlib, tcp_wrappers, kerberos5
Runtime Dependencies: xauth
Platforms: darwin
License: BSD
Maintainers: nomaintainer@macports.org
/opt/local/bin/ssh -V
OpenSSH_6.8p1, OpenSSL 1.0.2b 11 Jun 2015
Tried to clean, uninstall, but still doesn't work. Tried to check with scp:
/opt/local/bin/scp -4 -oNoneSwitch=yes -oNoneEnabled=yes ... command-line: line 0: Bad configuration option: noneswitch lost connection
So port install shows that hpn is enabled, but port info openssh gives it disabled. Thank you.
Change History (8)
comment:1 Changed 9 years ago by neverpanic (Clemens Lang)
| Cc: | cal@… added |
|---|---|
| Keywords: | openssh hpn removed |
| Owner: | changed from macports-tickets@… to ionic@… |
comment:2 Changed 9 years ago by Ionic (Mihai Moldovan)
I had to rebase all patches against 6.8p1. Maybe I did something wrong?
Looks like I also need to add -DNONE_CIPHER_ENABLED to configure.cppflags to enable the none cipher. AFAIK this was disabled in the FreeBSD port, because... it doesn't make sense to use no encryption for ssh.
comment:3 Changed 9 years ago by bock@…
Anyway, if you are planning to use NONE_CIPFER, you should enable it on server side in sshd_config, so this thing is used only for scp/rsync files. It detect automatically, if this is interactive session, none-cipher will be disabled. I have no sense to disable it here :)
comment:4 Changed 9 years ago by bock@…
So ticket can be renamed to openssh-6.8p1_1+hpn+kerberos5+xauth HPN feature NoneCipher doesn't enabled
comment:5 Changed 9 years ago by Ionic (Mihai Moldovan)
| Cc: | ionic@… added |
|---|---|
| Summary: | openssh-6.8p1_1+hpn+kerberos5+xauth HPN doesn't work → openssh-6.8p1_1: none cipher disabled |
comment:6 Changed 9 years ago by Ionic (Mihai Moldovan)
I've added a new variant none_cipher in r138082.
Don't like to enable it by default because it disables encryption which could be potential security problem, especially for companies that have a policy of encrypting everything.
comment:7 Changed 9 years ago by Ionic (Mihai Moldovan)
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
comment:8 Changed 9 years ago by bock@…
/opt/local/bin/scp -4 -o NoneSwitch=yes -o NoneEnabled=yes /
WARNING: ENABLED NONE CIPHER
Nice, thank you!
ionic modified that in r134753. Can you comment on that?