(Redirected from openssh)
Jump to: navigation, search

Report Issues (via Forums) and/or TWEET:@rootvgnet

MD5 Checksum

5701462EE39F58908CFCC7AA0D999C28 aixtools.openbsd.openssh.
4976DC03A9AA718AFAAC7F3C0FECD06D aixtools.openbsd.openssh.


Package Details

Version: 7.6p1
Release date: 03 October 2017 and 04 October 2017
Depends on: openssl.base.rte.1.0.2 and later


--Michael Felt (talk) 07:51, 25 October 2017 (CEST) Finally got around to applying the patch suggested right after OpenSSH-7.6p1 was released on 03 October: It concerns a new config feature - so you are unlikely to be affected by it - BUT should you want to use the new feature - here is the patched version. The patch is a excerpt from the OpenSSH mailing list.

Shortly after completing the OpenSSH 7.6 release, I spotted a bug in
sshd_config's PermitOpen directive: it ignores arguments beyond the
second one. I'm pretty annoyed with myself for introducing it and
for not catching it before release, but fortunately it only affects
7.6 and fails-closed so doesn't introduce a vulnerability.

Below is a fix for distributors who package OpenSSH; I've also committed
this to the V_7_6 branch (7c9613fac337).

diff --git a/servconf.c b/servconf.c
index 2c321a4a..95686295 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1,5 +1,5 @@
-/* $OpenBSD: servconf.c,v 1.312 2017/10/02 19:33:20 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.313 2017/10/04 18:49:30 djm Exp $ */
  * Copyright (c) 1995 Tatu Ylonen <>, Espoo, Finland
  *                    All rights reserved
@@ -1663,9 +1663,9 @@ process_server_config_line(ServerOptions *options, char *line,
 		if (!arg || *arg == '\0')
 			fatal("%s line %d: missing PermitOpen specification",
 			    filename, linenum);
-		i = options->num_permitted_opens;	/* modified later */
+		value = options->num_permitted_opens;	/* modified later */
 		if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) {
-			if (*activep && i == 0) {
+			if (*activep && value == 0) {
 				options->num_permitted_opens = 1;
 				options->permitted_opens = xcalloc(1,
@@ -1683,7 +1683,7 @@ process_server_config_line(ServerOptions *options, char *line,
 			if (arg == NULL || ((port = permitopen_port(arg)) < 0))
 				fatal("%s line %d: bad port number in "
 				    "PermitOpen", filename, linenum);
-			if (*activep && i == 0) {
+			if (*activep && value == 0) {
 				options->permitted_opens = xrecallocarray(

--Michael Felt (talk) 12:33, 20 October 2017 (CEST) new packaging - cosmetic - the 'contents' are unchanged, but the installp scripts have less noise - now "verbose" messages are printed when the environment variable VERBOSE is defined to any string.

--Michael Felt (talk) 18:16, 13 October 2017 (CEST) have a new packaging (VRMF == - and now includes PAM support AND, more importantly (to me) - fixes a problem that prevented X11 forwarding secure tunnels (off by default) automated connections. The problem was because sshd was looking for xauth at /usr/X11R6/bin/xauth - wheil on AIX it is at /usr/bin/X11/xauth.

--Michael Felt (talk) 21:05, 5 October 2017 (CEST) Spent some time on buildaix and additional support scripts so that the ssh_config and sshd_config files are saved/restored.

--Michael Felt (talk) 11:27, 6 October 2017 (CEST) The helper scripts can be better - so I'll still be repackaging the support scripts - which will mean a new MD5 number later. So, if you have anything special in either /var/openssh/etc/ssh_config of /var/openssh/etc/ssh_config - set those aside first and then update.


--Michael Felt (talk) 17:35, 15 May 2017 (UTC) See for the release notes. Note: requires openssl.base-1.0.2!

  • If you are updating I recommend you make a backup of /var/openssh/etc before making an updates - in particular of any changes made to either ssh_config or sshd_config. There can be major differences between the different versions (i.e., of only the defaults) and your changes may be overwritten (something for me to work on in the future - TODO!)
  • Fixed - AFTER you install openssh-7.3p1 (aka openssh- After because the earlier versions uninstall parts are still removing sshd_config and ssh_config.


--Michael Felt (talk) 20:16, 2 February 2017 (UTC) Changed the packaging so that the unintended hard dependency on aixtools.zlib.1.2.10 is no more. aixtools.zlib. is highly recommended!

--Michael Felt (talk) 22:10, 19 January 2017 (UTC) packaged as aixtools.openbsd.openssh.


--Michael Felt (talk) 13:08, 15 August 2016 (UTC) packaged as aixtools.openbsd.openssh.


--Michael Felt (talk) 22:51, 6 June 2016 (UTC) packaged as aixtools.openbsd.openssh.


--Michael Felt (talk) 11:09, 6 June 2016 (UTC) Now that I understand the differences - this is the preferred OpenSSH as it has done away with TLS1.1 and earlier (by default).

What problems can you expect? That your OpenSSH clients are not yet ready to work with the strict ciphers, hmac, etc.


--Michael Felt (talk) 08:45, 16 October 2015 (UTC)

  • Patched to fix a pre_install script syntax that occurred when /bin/false was not already one of your defined shells.

I am not yet - happy - with my understanding of the changes to the default behavior regarding root login in OpenSSH-7.1. Like myself, you may prefer the behavior of the 6.9p1 release.

OLD Versions

5005862FAACB5509281DC0ED9A46D4CA aixtools.openbsd.openssh.
76C5A3908E8BBF1699D751A17BAD11A4 aixtools.openbsd.openssh.
E6186C719903EFF4FCBBC854E0B8473A aixtools.openbsd.openssh.
B3B0A2682D248C40B4A48272FFF0D39B aixtools.openbsd.openssh.
6754D25376169A1B21537D866582069F aixtools.openbsd.openssh.
9656589C8487B74C330802D5F4FE7E32 aixtools.openbsd.openssh.
Personal tools