[ptxdist] problems with openssh 10.0p1 in ptxdist 2025.05.0

[ptxdist] problems with openssh 10.0p1 in ptxdist 2025.05.0

[ruggero rossi via ptxdist]

[-- Attachment #1: Type: text/plain, Size: 770 bytes --]

Migrating to ptxdist 2025.05.0 I got a problem with openssh 10.0p1 (or p2,
whatever is the official name).

The openssh server does not start.

Starting it manually, I get the message:
/usr/sbin/sshd-auth does not exist or is not executable

Installing /usr/sbin/sshd-auth solves the problem.

Maybe this is due to some unfortunate combination of old libc and legacy
certificates, however in the release note of openssh 10.0.p2 I read:

"this release removes the code responsible for the user authentication
phase of the protocol from the per connection sshd-session binary to a new
sshd-auth binary..... Downstream distributors of OpenSSH will need to
package the sshd-auth binary."

In case the problem is confirmed, attached there is a patch.

Best regards,

Ruggero

[-- Attachment #2: openssh10.0p2-requires-sshd-auth-binary.patch --]
[-- Type: text/x-patch, Size: 431 bytes --]

--- rules/openssh.make.org	2025-06-05 10:56:26.949816645 +0200
+++ rules/openssh.make	2025-06-05 10:57:19.878901998 +0200
@@ -108,6 +108,8 @@
 		/usr/sbin/sshd)
 	@$(call install_copy, openssh, 0, 0, 0755, -, \
 		/usr/sbin/sshd-session)
+	@$(call install_copy, openssh, 0, 0, 0755, -, \
+		/usr/sbin/sshd-auth)
 ifdef PTXCONF_OPENSSH_SSHD_GENKEYS
 	@$(call install_alternative, openssh, 0, 0, 0755, /etc/rc.once.d/openssh)
 endif

Re: [ptxdist] problems with openssh 10.0p1 in ptxdist 2025.05.0

[Alexander Dahl via ptxdist]

Hello Ruggero,

Am Thu, Jun 05, 2025 at 11:32:41AM +0200 schrieb ruggero rossi via ptxdist:
> Migrating to ptxdist 2025.05.0 I got a problem with openssh 10.0p1 (or p2,
> whatever is the official name).
> 
> The openssh server does not start.
> 
> Starting it manually, I get the message:
> /usr/sbin/sshd-auth does not exist or is not executable
> 
> Installing /usr/sbin/sshd-auth solves the problem.
> 
> Maybe this is due to some unfortunate combination of old libc and legacy
> certificates, however in the release note of openssh 10.0.p2 I read:
> 
> "this release removes the code responsible for the user authentication
> phase of the protocol from the per connection sshd-session binary to a new
> sshd-auth binary..... Downstream distributors of OpenSSH will need to
> package the sshd-auth binary."
> 
> In case the problem is confirmed, attached there is a patch.

The same problem was addressed with commit
c240fdd0de4f9b15263a6b8dae2e17a510dafd66 ("openssh: install missing
sshd-auth binary") in ptxdist master earlier this week.

Greets
Alex

> 
> Best regards,
> 
> Ruggero

> --- rules/openssh.make.org	2025-06-05 10:56:26.949816645 +0200
> +++ rules/openssh.make	2025-06-05 10:57:19.878901998 +0200
> @@ -108,6 +108,8 @@
>  		/usr/sbin/sshd)
>  	@$(call install_copy, openssh, 0, 0, 0755, -, \
>  		/usr/sbin/sshd-session)
> +	@$(call install_copy, openssh, 0, 0, 0755, -, \
> +		/usr/sbin/sshd-auth)
>  ifdef PTXCONF_OPENSSH_SSHD_GENKEYS
>  	@$(call install_alternative, openssh, 0, 0, 0755, /etc/rc.once.d/openssh)
>  endif