Re: git: b3f86656fc67 - main - security/openssh-portable: Update HPN patch.
- In reply to: Bryan Drewery : "git: b3f86656fc67 - main - security/openssh-portable: Update HPN patch."
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 13 Jan 2024 22:35:55 UTC
On 1/11/24 10:05, Bryan Drewery wrote: > The branch main has been updated by bdrewery: > > URL:https://cgit.FreeBSD.org/ports/commit/?id=b3f86656fc67aa397f60747c85f7f7b967c3279d > > commit b3f86656fc67aa397f60747c85f7f7b967c3279d > Author: Bryan Drewery<bdrewery@FreeBSD.org> > AuthorDate: 2024-01-11 18:05:02 +0000 > Commit: Bryan Drewery<bdrewery@FreeBSD.org> > CommitDate: 2024-01-11 18:05:39 +0000 > > security/openssh-portable: Update HPN patch. Nice to see the HPN patch return. Unfortunately it causes some issues for me. After enabling, rebuilding, and installing on eight systems I found I could no longer ssh from my desktop to any of the upgraded systems. And attemping to login to non-HPN 9.6.p1_1,1 systems would not find the SSHFP records that exist and asked to add the host fingerprint to known_hosts (which I try and avoid for hosts I use SSHFP with). Digging in a bit I see that everything works when I use fully qualified domain names. And of course reverting the HPN build option works as it did a week ago. The reason I can't login to some hosts without using a FQDN is because my .ssh/config has StrictHostKeyChecking enabled for them. I skimmed files/extra-patch-hpn but did not see anything obvious that would impact canonicalization of the destination host or SSHFP processing. Craig