rapier1 / hpn-ssh Goto Github PK
View Code? Open in Web Editor NEWThis project forked from openssh/openssh-portable
HPN-SSH based on OpenSSH
Home Page: https://psc.edu/hpn-ssh-home
License: Other
hpn-ssh's People
Contributors
Stargazers
Watchers
Forkers
chutz set-element robbat2 gvsurenderreddy allanjude yenforyang bdraco ti-koe qxo 1div0 tacc hradec dulao5 dkmar muphus tfsthiagobr98 changzheng1209 lateralblast nh2 fscheiner sitedata johnsonjh kuba00739 ccma1 ashishd komori foolean hexis-ys zer0def he32 ishmaelbelghazi brendoncdrew lckroom mpounsett cristiancmoises uichleba dongcai008 dallemon barylukhpn-ssh's Issues
None cipher blocked from use except on command line
In my homelab I've been doing a lot of testing Proxmox 8.x (based on Debian 12) recently.
However, when Proxmox's automatic replication jobs are transferring VM images from one machine to another it's maxing sshd on the cpu without even getting close to a fraction of the (40GbE) network bandwidth.
Thus, trying out HPN-SSH, as Proxmox doesn't allow for using straight netcat or similar.
After getting HPN-SSH installed and replacing the standard ssh with it (both client and server) the transfer speeds are looking a bit better. ~700MB/s+ rather than ~490MB/s.
That's with the aes256-ctr cipher.
Next step is trying to get the NONE cipher working, as the source machine is literally cabled directly to the target machine. No switch. It's secure enough for the NONE cipher to be a reasonable option. ๐
It seems like HPN-SSH has other ideas though:
NoneSwitch is found in /root/.ssh/config.
You may only use this configuration option from the command line
After spending a bunch of effort to get everything else working, this is... pretty disappointing. ๐ฆ
Is there an override for this, so people don't need to go and edit the source to make it work?
Patch against OpenSSH 9.6 or greater
Hi, asking for an enhancement, or better, to fix an important vulnerability.
As you may know, some time ago a new vulnerability named Terrapin has been discovered on SSH implementations (https://terrapin-attack.com/), but the newest hpn-ssh is still based upon OpenSSH 9.5p1 which, as far as I know, is still affected by the problem.
Please, whenever possible, update the patches so that hpn-ssh is safe from that vulnerability.
Thanks for the hard work anyway.
Plaese provide a package for Debian Bullseye
I'm using hpnssh on my private Manjaro-Linux systems (arch linux based) for some month without any problems.
Much faster then openssh und less CPU load. Great work !
But I'm unable to get it work on my Proxmox 7.3 (Debian Bullseye based) system.
When looking at https://www.psc.edu/hpn-ssh-17v11-released-2/ I found that debian packages should be available.
Issuing a add-apt-repository ppa:rapier1/hpnssh seems to work. But when trying a "apt-get update" I get an error:
Err:5 http://ppa.launchpad.net/rapier1/hpnssh/ubuntu lunar Release 404 Not Found [IP: 185.125.190.52 80] E: The repository 'http://ppa.launchpad.net/rapier1/hpnssh/ubuntu lunar Release' does not have a Release file. N: Updating from such a repository can't be done securely, and is therefore disabled by default.
Please provide a package running on Bullseye.
Purpose of additional logs at normal log level?
When using the patch set as a drop-in for openssh, all SSH connections (e.g. invoked directly via SSH or via rsync) print additional stuff into the terminal:
SSH: Server;Ltype: Version;Remote: 1.2.3.4-22;Protocol: 2.0;Client: OpenSSH_8.2
This is from e.g.
f2341a1#diff-cc9e833353f4432391cb4c8463c0a2beR1357
Is that intended?
Would it make sense to turn it off, so that you use the patched ssh for scripting without getting additional output printed?
Possible to get binaries for Mac OS Ventura for apple silicon or home brew package?
I wanna try this out on my Mac mini and MacBook Pro (both apple silicon), is it possible to run a server and client for this on it?
Is there a home brew package or binary I could install or some instructions I could follow?
Release information (version numbering scheme)
Hi!
I'm trying to update some older servers running HPN-SSH, but I'm having a hard time figuring out your tagging/versioning scheme. I'd rather not build from master since that appears to be development, but it's not clear what the "current" release version is from the way your tags are set up.
Would it be possible to point me to the tags I should be looking at, and possibly include some words in the documentation about how your versioning works, to make it easier to select a release?
Integrate init.d script on installation instructions
The install instructions page provides an example init.d script:
https://www.psc.edu/hpn-ssh-home/hpn-ssh-installation/
It turns out, there's an existing templated init.d script in the repository, which is used during build:
https://github.com/rapier1/openssh-portable/blob/master/opensshd.init.in
It gets the proper paths from the configuration substituted in.
This script could be patched, or using the same facilities the hpnssh.init script could be converted to a template and added to the build.
Quality of life idea?
As a general thought, would it make sense to have the "first time setup" script copy the existing .key/.pub files from /etc/ssh if they're already present?
Asking because when switching an existing system to hpn-ssh, the newly generated host keys will cause unwanted connection issues from other hosts. The ssh -> hpn-ssh change is a purposeful, admin directed task, so doesn't need security issues caused by its roll out.
When switching systems to hpn-ssh here, pretty much the first task afterwards is to shut it down, nuke the hpn-ssh generated keys, then copy the existing ones from the /etc/ssh directory, then start it up again.
I'd be surprised if that wasn't a common thing people are doing. ๐
Accessibility, Packaging, and Distribution
Hi!
I recently came across HPN-SSH when trying to understand why my sftp data transfer was so darn slow. I really want to try it out, but the steps that make install takes are unclear to me. I don't want to run make install, try out HPN-SSH and find some issue that makes it unusable for me, then find that my default installation of ssh in /usr/bin has been overwritten and I have no way to revert back.
This brings up two points:
- Providing accessible and explicit information and instruction to new and novice users like myself
- Provide package repositories for popular package managers for ease of experimentation
I will elaborate on each point:
1. Providing accessible and explicit information and instruction to new and novice users like myself
I found HPN-SSH via the HPN-SSH homepage. It took me two or three look overs to understand that everything "precompiled" is on the HPN-SSH SourceForge page, and the most recent up-to-date code changes is on this GitHub repo. It was difficult to tell by glancing that it was useful as it was under the News and Notes, even though these two page links were prefaced well with text explaining their reasoning.
Once I understood that the HPN-SSH was applied via "patching," I wanted to apply it myself. I went to the patch folder in SourceForge, and was greeted with 8 options for patches, with no explanation in the README about what each mean, and do. I assumed that the file openssh-8_3_P1-hpn-14.22.diff was the patch containing all the relevant modifications. Regardless of what I chose, I didn't even know how to apply those patches. I never knew watch patch files were before I found HPN-SSH!
I just realized a couple days ago that there is instructions at the very bottom of the HPN-SSH homepage how to apply patches to the source! That was great information to find, but certainly took many iterations looking over all the pages to come across that.
Now that I understand that everything new relating to HPN-SSH is happening in this GitHub, I search "hpn ssh GitHub" in google. The first repository I find is rapier1/hpn-ssh which hasn't been pushed to in 6 years! This repository (rapier1/openssh-portable) does not show up in the first page of search results in Google.
In conclusion for 1., condensing all information on how to use and install HPN-SSH into one location. Having a glossary section providing explanation of terminologies, separated by the processes of using/installing HPN-SSH. For example, having a section explaining what all the different versions/terms like "KitchenSink" and "ServerLog" mean and do. Have one of the top sections be the steps to apply the patch files, instead on the bottom of the page.
In terms of this Github Page, the README seems to be a carbon copy of OpenSSH's README. It be great to have the following information for HPN-SSH on there too. More importantly, provide information about how the HPN-SSH project modifies OpenSSH, and where make install installs stuff. Also, would renaming this repository to be hpn-ssh be viable way to increase foot traffic?
Does HPN-SSH require itself to be installed on the client and the server? I couldn't find any explicit information about this.
2. Provide package repositories for popular package managers for ease of experimentation
In my quest to try out HPN-SSH, I was looking for a Homebrew package for a quick way to install (and uninstall) HPN-SSH on my macOS system. I couldn't find an official brew repository that you all provide, so I turned to community-made ones. I came across this one, but I noticed the URL to the patch file is hard coded! They use the KitchenSink version (which I have no idea what that means)! There is also patch files specific to macOS that are applied! They also run make install too, without clarification where its actually installed!
Homebrew is fantastic as it usually manages the source and binaries inside their own little "kegs", and then symlink any necessary binaries into /usr/local/bin instead of overwriting /usr/bin. Being that this is a home-brew repository not sponsored by you all, I was critical of its functionality and did not use it. I still have yet to try HPN-SSH.
Same applies to linux. There are some third-party PPA's for installing HPN that are years old, each with the link to the path file in SourceForge hardcoded. One of my recommendations with using Github would be hosting the host files as releases here. Github has an API for downloading assets of any non-pre-release. Only one link would be needed for grabbing the most recent patch.
Here you all state you have Packaging and Distribution in mind. I would propose that providing package repositories for Homebrew (macOS), Chocolatey (Windows), apt (Debian), and pacman (Arch) would be important for the accessibility of this project.
I sincerely thank you for reading through all of this! I have no idea if I represent the majority user-base with my points. Regardless, I hope this perspective helps form the information surrounding HPN-SSH be as user accessible as possible. Providing easy ways to install HPN-SSH via package managers would be great for all types of users. I hope for the day to be able to install HPN-SSH without the concern of compromising the current state of my systems!
Thank you!
- zardini123
pthreads segfault on RHEL 8.5
I'm building on a RHEL 8.5 image, and keep running into segfaults in the child process after a connection is made and authenticated. I'm not sure if the problem is yours, or something having changed with pthreads, etc. I thought I'd post about it here, and see what happens. If I'm doing something wrong, I'm happy to take feedback.
I've encountered this problem with the master branch (as of commit ebf1fee). Basically, when I launch the sshd daemon (/usr/local/openssh-hpn/master/sbin/sshd -ddd -p 2200 -f /etc/ssh/sshd_config, in this case), it runs and waits for the connection. When I connect from another host, it gets all the way through the authentication, and then the child process that it fork()ed off, segfaults (backtrace below), and the connection closes.
For reference, this is on RHEL 8.5, with GCC 8.5.0, glibc-2.28-164.el8. I manually ran the configure/make/make install, with the following syntax on the configure line:
./configure --prefix=/usr/local/openssh-hpn/master --sysconfdir=/etc/ssh/ --with-default-path=/usr/local/bin:/bin:/usr/bin --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin --with-md5-passwords --with-pam --with-privsep-path=/var/empty/sshd --with-libedit --with-xauth=/usr/bin/xauth --disable-strip
When I use gdb and the core file generated to get a backtrace, here's what I find:
(gdb) bt
#0 __pthread_cancel (th=0) at pthread_cancel.c:33
#1 0x0000561e20178d77 in stop_and_join_pregen_threads (c=c@entry=0x7f77a8ae3010) at cipher-ctr-mt.c:221
#2 0x0000561e20178e8e in ssh_aes_ctr_cleanup (ctx=0x561e21baf280) at cipher-ctr-mt.c:638
#3 0x00007f77b0cee534 in EVP_CIPHER_CTX_reset () from /lib64/libcrypto.so.1.1
#4 0x00007f77b0cee64d in EVP_CIPHER_CTX_free () from /lib64/libcrypto.so.1.1
#5 0x0000561e20178767 in cipher_init (ccp=ccp@entry=0x561e21b91858, cipher=0x561e2040b400 <ciphers+160>,
key=0x561e21b86b70 "\301\367\">e\255\273\235\353Q\363b@{,\314\020\314\303\020\365\231\357\324\364\351\036P\274\215\n}", keylen=16,
iv=0x561e21bc3e30 "\302\002F\330.>", ivlen=<optimized out>, do_encrypt=1) at cipher.c:357
#6 0x0000561e2017ffb8 in ssh_set_newkeys (ssh=ssh@entry=0x561e21b96540, mode=mode@entry=1) at packet.c:914
#7 0x0000561e201808ef in ssh_packet_send2_wrapped (ssh=ssh@entry=0x561e21b96540) at packet.c:1252
#8 0x0000561e20180988 in ssh_packet_send2 (ssh=0x561e21b96540) at packet.c:1319
#9 0x0000561e2018213b in sshpkt_send (ssh=ssh@entry=0x561e21b96540) at packet.c:2741
#10 0x0000561e20197970 in kex_send_newkeys (ssh=ssh@entry=0x561e21b96540) at kex.c:460
#11 0x0000561e2019ad0c in input_kex_gen_init (type=<optimized out>, seq=<optimized out>, ssh=0x561e21b96540) at kexgen.c:337
#12 0x0000561e2018928a in ssh_dispatch_run (ssh=ssh@entry=0x561e21b96540, mode=mode@entry=1, done=done@entry=0x0) at dispatch.c:113
#13 0x0000561e20189359 in ssh_dispatch_run_fatal (ssh=ssh@entry=0x561e21b96540, mode=mode@entry=1, done=done@entry=0x0) at dispatch.c:133
#14 0x0000561e20136d1f in process_buffered_input_packets (ssh=0x561e21b96540) at serverloop.c:365
#15 server_loop2 (ssh=ssh@entry=0x561e21b96540, authctxt=authctxt@entry=0x561e21b98090) at serverloop.c:365
#16 0x0000561e2014106f in do_authenticated2 (authctxt=0x561e21b98090, ssh=0x561e21b96540) at session.c:2642
#17 do_authenticated (ssh=0x561e21b96540, authctxt=0x561e21b98090) at session.c:365
#18 0x0000561e20127ac1 in main (ac=<optimized out>, av=<optimized out>) at sshd.c:2343
(gdb)
If there are further debugging steps I can take to help isolate this problem, please let me know. I may be more of a sysadmin than a developer, but I'll do my best to follow instructions.
Lloyd
14v22 and gcc 10 produces a linker error
When trying to create GSI-OpenSSH 8.3p1 packages for Fedora 32 with the HPN patch(es) included - for gridcf/gct#108 - on the openSUSE Build Service (OBS) I get a linker error during build, see https://build.opensuse.org/package/live_build_log/home:frank_scheiner:gct-fedora-32/gsi-openssh/Fedora_32/x86_64 for details. The build process uses gcc 10:
[...]
[ 212s] cc -o sshd sshd.o auth-rhosts.o auth-passwd.o audit.o audit-bsm.o audit-linux.o platform.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth2.o auth-options.o session.o auth2-chall.o groupaccess.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor.o monitor_wrap.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o gss-serv-gsi.o loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o sftp-server.o sftp-common.o sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o sandbox-solaris.o uidswap.o ssh-sk-client.o -L. -Lopenbsd-compat/ -pie -z relro -z now -fstack-protector-strong -lssh -lopenbsd-compat -laudit -lpam -lsystemd -lcrypto -ldl -lutil -lz -lcrypt -lresolv -lselinux -lglobus_gss_assist -lglobus_gssapi_gsi -lglobus_common -lpthread
[ 212s] /usr/bin/ld: session.o:/home/abuild/rpmbuild/BUILD/openssh-8.3p1/serverloop.h:25: multiple definition of `start_time'; serverloop.o:/home/abuild/rpmbuild/BUILD/openssh-8.3p1/serverloop.h:25: first defined here
[ 212s] /usr/bin/ld: session.o:/home/abuild/rpmbuild/BUILD/openssh-8.3p1/serverloop.h:24: multiple definition of `fdout_bytes'; serverloop.o:/home/abuild/rpmbuild/BUILD/openssh-8.3p1/serverloop.h:24: first defined here
[ 212s] /usr/bin/ld: session.o:/home/abuild/rpmbuild/BUILD/openssh-8.3p1/serverloop.h:23: multiple definition of `stdin_bytes'; serverloop.o:/home/abuild/rpmbuild/BUILD/openssh-8.3p1/serverloop.h:23: first defined here
[ 213s] collect2: error: ld returned 1 exit status
[...]
It complains about multiple definitions of start_time, fdout_bytes and stdin_bytes. Both session.c and serverloop.c include serverloop.h where these seem to come from and this seems to make a problem with gcc 10 which defaults to -fno-common according to https://gcc.gnu.org/gcc-10/porting_to.html.
Actually the ssh struct (from packet.h) also defines vars with the same name. And the identically named vars in serverloop.h were not there in older versions of the HPN patches (e.g. 14v19), so are these really needed now?
Controlling port 2222 to 22 failover
I'd like to default to using hpnssh as my ssh command all the time, however, in some network I work in, port 2222 is a black-hole out to the internet due to the firewall.
This means the hpnssh 2222->22 failover hangs.
I would like to request the introduction of some "-o" options to specify a timeout for triggering the transition from port 2222 to port 22
Forgive me if this is already available, I was unable to find an option in the man pages.
Build on MacOS fails due to "error: use of undeclared identifier 'c'"
Hello! I was able to successfully build and run this package on Ubuntu, but building on Mac OS results in the following error:
cipher-ctr-mt-functions.c:270:26: error: use of undeclared identifier 'c'
thread_loop_check_exit(c);
^
cipher-ctr-mt-functions.c:277:27: error: use of undeclared identifier 'c'
thread_loop_check_exit(c);
^
I used the following ./configure command:
./configure --prefix="$(printf "%q\n" "$(pwd)")/dist" LDFLAGS="-L/usr/local/opt/openssl/lib" CPPFLAGS="I/usr/local/opt/openssl/include"
Also tried using gcc 11 installed through:
brew install gcc@11
CC="gcc-11"
Document FallbackPort option
Additionally, discuss how to use ConnectTimeout in the event that the default outbound port is blackholed.
[pid 17996] write(2, "Pre-authentication none cipher r"..., 68Pre-authentication none cipher requests are not allowed. [preauth]
Hi,
I want to use the none cipher from a remote client. The none cipher on the client works and has been tested to other sshd's. What can be wrong with this compiled sshd not to work with none cipher?
I downloaded and un-tar file found here https://github.com/rapier1/openssh-portable/archive/hpn-NoneSwitch-7_2_P2.tar.gz
I then do building.
Build cmds:
autoconf
autoheader
./configure --with-ipv4-default --with-none --sysconfdir=/etc/sshx/custom --with-md5-passwords --with-privsep-path=/var/lib/sshdx --with-pam --with-ssl-dir=/opt/openssl-1.0.1t --prefix=/opt/openssh
make
sudo make install
All is fine.
sshd_config:
NoneEnabled yes
Starting up new sshd object in debug and trying to connect to it from remote client with cipher none I get this:
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.2
debug2: fd 3 setting O_NONBLOCK
debug2: Network child is on pid 19107
debug3: preauth child monitor started
debug3: privsep user:group 110:65534 [preauth]
debug1: permanently_set_uid: 110/65534 [preauth]
debug1: WARNING: None cipher enabled [preauth]
debug3: list_hostkey_types: ssh-dss key not permitted by HostkeyAlgorithms [preauth]
debug1: list_hostkey_types: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256 [preauth]
debug3: send packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT sent [preauth]
debug3: receive packet: type 20 [preauth]
debug1: SSH2_MSG_KEXINIT received [preauth]
debug1: AUTH STATE IS 0 [preauth]
debug2: local server KEXINIT proposal [preauth]
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1 [preauth]
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256 [preauth]
debug2: ciphers ctos: none,none [preauth]
debug2: ciphers stoc: none,none [preauth]
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1 [preauth]
debug2: compression ctos: none,[email protected] [preauth]
debug2: compression stoc: none,[email protected] [preauth]
debug2: languages ctos: [preauth]
debug2: languages stoc: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug2: peer client KEXINIT proposal [preauth]
debug2: KEX algorithms: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth]
debug2: host key algorithms: ssh-rsa,ssh-dss,null [preauth]
debug2: ciphers ctos: none [preauth]
debug2: ciphers stoc: none [preauth]
debug2: MACs ctos: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: MACs stoc: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-md5,hmac-sha1-96,hmac-md5-96 [preauth]
debug2: compression ctos: none,zlib [preauth]
debug2: compression stoc: none,zlib [preauth]
debug2: languages ctos: [preauth]
debug2: languages stoc: [preauth]
debug2: first_kex_follows 0 [preauth]
debug2: reserved 0 [preauth]
debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 [preauth]
debug1: kex: host key algorithm: ssh-rsa [preauth]
debug1: REQUESTED ENC.NAME is 'none' [preauth]
debug1: Requesting NONE. Authflag is 0 [preauth]
Pre-authentication none cipher requests are not allowed. [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: Killing privsep child 19107
infrastructure request: signed releases
It'd be nice if the release tarballs were pgp/gpg signed so that their authenticity and integrity could be verified independently of the host
bonus points if you could sign the release commits too, so the same could be applied to the git repository
/etc/hpnssh/sshd_config and `Include /etc/ssh/sshd_config.d/*.conf`
The default config is Including the configuration from the system sshd.
Should this instead by Include /etc/hpnssh/sshd_config.d/*.conf?
Results of paper "SSH Performance"
I read http://allanjude.com/bsd/AsiaBSDCon2017_-_SSH_Performance.pdf and it lists some issues and suggested improvements to HPN.
Is it documented anywhere which of those were already merged / what their status is?
CC @allanjude
OpenSSL 1.1 support
In trying to compile GSI-OpenSSH with the HPN patch included, compilation fails as follows:
gcc -g -O2 -I/usr/local/ulyaoth/ssl/openssl1.1.0/include -Wall -Wpointer-arith -Wsign-compare -Wformat-security -Wno-pointer-sign -fno-strict-aliasing -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-all -fPIE -g -O2 -I/usr/local/ulyaoth/ssl/openssl1.1.0/include -I/usr/local/ulyaoth/ssl/openssl1.1.0/include -I/usr/include/globus -I. -I. -I/usr/local/ulyaoth/ssl/openssl1.1.0//include -D_PATH_SSH_ASKPASS_DEFAULT="/home/ysvenkat/gsi-openssh.install/libexec/ssh-askpass" -DGSISSHDIR=""/home/ysvenkat/gsi-openssh.install/etc"" -D_PATH_SSH_PIDDIR="/var/run" -D_PATH_PRIVSEP_CHROOT_DIR="/var/empty" -DHAVE_CONFIG_H -c cipher-ctr-mt.c -o cipher-ctr-mt.o
cipher-ctr-mt.c: In function โssh_aes_ctrโ:
cipher-ctr-mt.c:425: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c: In function โssh_aes_ctr_initโ:
cipher-ctr-mt.c:503: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c:509: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c:512: error: dereferencing pointer to incomplete type
cipher-ctr-mt.c: In function โevp_aes_ctr_mtโ:
cipher-ctr-mt.c:585: error: storage size of โaes_ctrโ isnโt known
cipher-ctr-mt.c:587: error: invalid application of โsizeofโ to incomplete type โEVP_CIPHERโ
cipher-ctr-mt.c:585: warning: unused variable โaes_ctrโ
make: *** [cipher-ctr-mt.o] Error 1
$
HPN banner exchanged
I am trying to run some tests and notice that my two instances weren't recognizing they both had the HPN patches. During the handshake they exchange banners, but the banners don't have the additional 'hpn' string needed. It appears in the kex_exchange_identfication() fucntion, in kex.c, only SSH_VERSION constant is placed into the banner and not SSH_PORTABLE, or SSH_HPN constants.
Pasting in the diff output didn't work.
if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s\r\n" PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION,
This appears to fix it.
if ((r = sshbuf_putf(our_version, "SSH-%d.%d-%.100s%s%s%s%s\r\n", PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, SSH_PORTABLE, SSH_HPN,
Another banner is built in ssh_api.c, in the ssh_packet_next() function. This doesn't appear to be called in setting up a connection.
I haven't tested the rpm's in SourceForge to see if the banner exchange is happening with that code.
Install order of operations problem
The HPNSSHInstallation.txt file puts the make install step before the creation of the privilege separation user, which causes an error during install in the check-config target.
/usr/local/sbin/hpnsshd -t -f /usr/local/etc/hpnssh/sshd_config
Privilege separation user hpnsshd does not exist
make: [Makefile:386: check-config] Error 255 (ignored)
This could be trivially fixed by swapping steps 7 and 8 in the document.
I'm happy to do a PR if you agree that this change should be made.
sshd segfaults on non-SMT machine after successful authentication - impossible to connect
The sshd daemon running on a machine without SMT is accepting a connection but then falls into segmentation fault after successful authentication, which makes it useless as it is impossible to connect.
The problem is caused by /* determine is hyperthreading is enabled */ part of ssh_aes_ctr_init() in cipher-ctr-mt.c - it tries to open "/sys/devices/system/cpu/smt/active" for reading, but then incorrectly behaves if fopen() returned NULL, attempting to fscanf() from NULL pointer, which leads to segfault.
Fixed in #34
[Question] Future work? Newer ciphers?
I've been looking over the project after a long hiatusโI have an upcoming need to provide files securely, over the public Internet, with good performanceโand it seems to me that there's something of an elephant in the room.
I don't specialize in cryptography personally (I just support lots of software that uses it), but it seems to me that most projects trying to advance the state of publicly deployed cryptography are rowing hard in the direction of AES-GCM for transit cryptography rather than CTR. Virtually all the defaults I'm looking at, from OpenSSH to Apache (any project) to Postfix to Chrome and Firefox, are weighted completely in favor of AES256-GCM-SHA256/384 at the high end, closely followed by ChaCha20-Poly1305. For example, I'm evaluating the Caddy project to replace Apache and nginx in some areas, and I'm seeing some agreement--and self-promotion--indicating that Caddy has selected the best cutting-edge defaults for HTTPS in general and HTTP/2 in particular. These are their cipher defaults in usage order from first to last.
Getting back to OpenSSH itself, these are the current cipher defaults, also in usage order:
[email protected]
aes128-ctr
aes192-ctr
aes256-ctr
[email protected]
[email protected]
Clearly, they're targeting higher performance first; probably for the exact reasons that SSH-HPN exists. Still, the discussions I've found place OpenSSH AES256-GCM suites first for security rather than performance.
ECDHE/ECDH is also seeing much higher priority these days, as reflected by Caddy (and Apache, Chrome, Mozilla, and others); I don't know if the kex code concerns SSH-HPN in any way, or performance in general. In terms of actual keys, my testing shows vastly lower session setup lag and better performance overall from switching to ECDSA keys, simply comparing stock OpenSSH to stock OpenSSH, ECDSA vs. RSA keys.
I'm still not clear on the relative merits of the ChaCha20-Poly1305 suites, other than that they're supposed to be very well-suited either to ARM architecture in particular or simply low-power processing in general--or both--and still provide a very acceptable degree of security.
What I'm getting at is: my understanding is that the crown jewel of the HPN patchset--ignoring the 'none' cipher--is the AES-CTR multithreaded code. Actual best-practice deployment appears to be targeting AES-GCM for security instead of CTR in literally every application I can find that uses TLS to communicate or relies on OpenSSL--or GnuTLS or NSS, for that matter.
Would it be relatively simple to adopt the current AES-CTR threading approach to the upstream AES-GCM code? If not, is it otherwise feasible to target AES-GCM? Do you plan to? Same questions for the ChaCha20-Poly1305 suites.
Thanks in advance.
documentation for ppa:rapier1/hpnssh?
The package available in ppa:rapier1/hpnssh is named hpnssh and hence doesn't automatically suggest upgrading openssh, and doesn't appear to want to replace it if I dry-run an install.
I can find no documentation on how to install this package alongside/instead of openssh-server. Does it exist?
Thanks!
Java clients
This is a bit of a shot in the dark, but I've read your papers/presentations and justification for HPN-SSH and I'd love to use it, but we're bound at the moment to using a Java library. At the moment I'm using JScape but it's not performing very well compared to openssh and so I'm going to evaluate alternatives. Are you aware of any Java libraries that endeavour to do what you've done with HPN-SSH? Or which Java SSH libraries are best for high throughput? Many thanks for your time if you get a chance to respond. Otherwise good luck with the new funding, I'll be watching this space with interest.
Conor
None cipher not being used for socket based tunnels?
I'm my experimentation of using hpn-ssh with Proxmox, I have it successfully using the None cipher for standard ssh traffic between hosts. The hpn-ssh process uses about 40-50% of a cpu core (as judged by looking at htop) while that's occurring.
Something interesting is showing up though. When Proxmox migrates a virtual machine from one cluster node to another, it does so through ssh tunnels created using sockets. (first transferring disk snapshot data through one tunnel, then coping the vm memory through another)
The command it uses (before my script changes it to hpn-ssh with the none cipher):
# /usr/bin/ssh -e none -o BatchMode=yes root@SERVER2 \
-o ExitOnForwardFailure=yes \
-L /run/qemu-server/100_nbd.migrate:/run/qemu-server/100_nbd.migrate \
-L /run/qemu-server/100.migrate:/run/qemu-server/100.migrate \
/usr/sbin/qm mtunnel
The two lines there starting with -L show the creation of two ssh tunnels using unix domain sockets as the end points.
The interesting thing is that while the virtual machine migration is happening, the hpn-ssh process shoots up to take 100% of a cpu on both ends.
That's the behaviour I was seeing prior to enabling the none cipher. So I'm thinking that maybe hpn-ssh is forgetting to use the none cipher for tunnels, or something along those lines?
To be clear, in the above instance the actual command being run is:
# hpnssh -oNoneEnabled=yes -oNoneSwitch=yes -e none -o BatchMode=yes root@SERVER2 \
-o ExitOnForwardFailure=yes \
-L /run/qemu-server/100_nbd.migrate:/run/qemu-server/100_nbd.migrate \
-L /run/qemu-server/100.migrate:/run/qemu-server/100.migrate \
/usr/sbin/qm mtunnel
Any ideas? ๐
Clarify supported versions of OpenSSL
The README should specify which versions of OpenSSL (another LibreSSL?) the code base supports.
In particular, some older codebases require 1.1.1 so its not clear to me here.
Adding HPN-SSH to openssh 8.4p1-5+deb11u1 (Debian Bullseye)
I'm having a hard time getting the patches to apply cleanly for Debian. I have tried starting with the hpn-8_4_P1 tag from this repo and adding the standard suite of Debian patches to it, and have also tried taking the Debian source package and adding the Kitchen Sink patch to that. Both result in patch conflicts and fail to compile.
It looks like the Debian packages distributed from SourceForge are out of date (the latest is Buster).
Is there a set of instructions somewhere I can follow in order to get this to build, or do I need to wait for a Bullseye package (or Bookworm, which is due out any minute now)?
config.h.in is missing causing ./configure to fail
staff.frontera(1034)$ pwd
/work/00108/dcarver/openssh2/isshd-8.1p1-hpn14.20-nersc3.19
staff.frontera(1035)$ autoconf
staff.frontera(1036)$ ./configure
checking for cc... cc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
...
config.status: creating openbsd-compat/Makefile
config.status: creating openbsd-compat/regress/Makefile
config.status: creating survey.sh
config.status: error: cannot find input file: `config.h.in'
staff.frontera(1037)$
I got ./configure to work by copying config.h.in from the base openssh-8.1p1, but I am not sure if was the correct solution for creating config.h for isshd.
How to use hpn-ssh with SSHFS ?
Hello,
So after quite time being spent on this, i think i've finally came to the point where i have :
- an ARM debian with HPN-SSH 0.79p1 acting as a server (with locally patched & recompiled binaries + proper configuration in /etc/ssh/sshd_config)
- a x86 archlinux acting as a client, with HPN-SSH 0.85p1 (installed from AUR, and with proper configuration in /etc/ssh/ssh_config)
I think that a regular SSH or SCP connection is working without encryption, as when i'm using ssh <username>@<debian_server> i get in the console :
NoneSwitch is found in /etc/ssh/ssh_config.
You may only use this configuration option from the command line
Continuing...
And, sadly, now i'm stuck : i've spent many hours configuring the server side (and to be honest, this is far away from being easy / self-explanatory, by the way, but this is another topic) in order to be able to activate the "no encryption" mode while using it through SSHFS ... just to discover that it's only available when using ssh or scp command on the command line.
Is there any workaround ?
Also (but i suppose this is 100% expected) i'm never able to use the -c none configuration (on CLI) or Ciphers: none (in configuration), whereas i can get the following result by activating on client side a not-activated-on-server-side encryption cipher :
ssh root@<debian_server> -c aes128-cbc // valid cipher but NOT activated on server side
NoneSwitch is found in /etc/ssh/ssh_config.
You may only use this configuration option from the command line
Continuing...
Unable to negotiate with <debian_server> port 22: no matching cipher found. Their offer: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],none
- Note the "none" at the end of the list !
- However this is not shown anywhere else (neither on server side, nor on client side), for example when doing a
ssh -Q cipheri get :
ssh -Q cipher
3des-cbc
aes128-cbc
aes192-cbc
aes256-cbc
aes128-ctr
aes192-ctr
aes256-ctr
[email protected]
[email protected]
[email protected]
My SSHFS configuration looks like, for example, with systemd :
[Unit]
Description=Mount remote fs with sshfs for helios 64
[Install]
WantedBy=multi-user.target
[Mount]
What=root@<debian_server>:/mnt/internal/raid/media/
Where=/mnt/network/helios64/test
Type=fuse.sshfs
Options=_netdev,allow_other,IdentityFile=/root/.ssh/id_rsa,reconnect,default_permissions,ServerAliveInterval=30,ServerAliveCountMax=5,x-systemd.automount,uid=0,gid=0,Compression=no,cache=yes,kernel_cache
TimeoutSec=60
Of course here i'm not allowed to enter in any way Cipher=none (this is not accepting) or NoneSwitch ... (this is probably forbidden by SSHFS).
I also tried something around ssh_command="ssh NoneEnabled=yes NoneSwitch=yes" but this is not working in any way ... (neither in systemd automount files, nor on command line).
Any ideas ?
Is it possible in some way in the end to use the -c none flag ? (i still get the Unknown cipher type 'none' when using this cipher on command line).
Thanks in advance.
Ubuntu 22.04 Openssl 3.0 and 1.1.1t
Hi All
Installed successfully on 22.04 server but for some reason my second build errors out at make -j16
I get undefined errors as below
/usr/bin/ld: ./libssh.a(cipher-chachapoly-libcrypto.o): in function chachapoly_new':
/home/myhost/openssh-portable/cipher-chachapoly-libcrypto.c:68: undefined reference to EVP_CIPHER_CTX_iv_length' /usr/bin/ld: ./libssh.a(sshkey.o): in function sshkey_parse_private_pem_fileblob':
/home/myhost/openssh-portable/sshkey.c:3447: undefined reference to EVP_PKEY_base_id' /usr/bin/ld: /home/myhost/openssh-portable/sshkey.c:./libssh.a(digest-openssl.o)3464: in function : undefined reference to ssh_digest_blocksizeEVP_PKEY_base_id': ' /home/myhost/openssh-portable/digest-openssl.c:111/usr/bin/ld: undefined reference to : EVP_MD_block_size'
/home/myhost/openssh-portable/sshkey.c:3476: undefined reference to EVP_PKEY_base_id' /usr/bin/ld: ./libssh.a(cipher-chachapoly-libcrypto.o): in function chachapoly_new':
/home/myhost/openssh-portable/cipher-chachapoly-libcrypto.c:68: undefined reference to EVP_CIPHER_CTX_iv_length' /usr/bin/ld: /usr/bin/ld: ./libssh.a(cipher.o): in function cipher_init':
/home/myhost/openssh-portable/cipher.c:418: undefined reference to EVP_CIPHER_CTX_key_length' /usr/bin/ld: ./libssh.a(cipher.o): in function cipher_get_keyiv':
/home/myhost/openssh-portable/cipher.c:603: undefined reference to EVP_CIPHER_CTX_iv_length' /usr/bin/ld: ./libssh.a(cipher.o): in function cipher_set_keyiv./libssh.a(digest-openssl.o)':
: in function /home/myhost/openssh-portable/cipher.c:634ssh_digest_blocksize: undefined reference to ':
EVP_CIPHER_CTX_iv_length'
/home/myhost/openssh-portable/digest-openssl.c:/usr/bin/ld111: : undefined reference to EVP_MD_block_size./libssh.a(cipher.o)' : in function cipher_get_keyiv_len':
/home/myhost/openssh-portable/cipher.c:574: undefined reference to EVP_CIPHER_CTX_iv_length' /usr/bin/ld: openbsd-compat//libopenbsd-compat.a(libressl-api-compat.o): in function EVP_CIPHER_CTX_get_iv':
/home/myhost/openssh-portable/openbsd-compat/libressl-api-compat.c:343: undefined reference to EVP_CIPHER_CTX_iv_length' /usr/bin/ld: /home/myhost/openssh-portable/openbsd-compat/libressl-api-compat.c:345: undefined reference to EVP_CIPHER_CTX_iv_length'
/usr/bin/ld: openbsd-compat//libopenbsd-compat.a(libressl-api-compat.o): in function EVP_CIPHER_CTX_set_iv': /home/myhost/openssh-portable/openbsd-compat/libressl-api-compat.c:372: undefined reference to EVP_CIPHER_CTX_iv_length'
/usr/bin/ld: /home/myhost/openssh-portable/openbsd-compat/libressl-api-compat.c:374: undefined reference to EVP_CIPHER_CTX_iv_length' /usr/bin/ld: /usr/bin/ld: openbsd-compat//libopenbsd-compat.a(libressl-api-compat.o): in function EVP_CIPHER_CTX_get_iv':
/home/myhost/openssh-portable/openbsd-compat/libressl-api-compat.c:collect2: error: ld returned 1 exit status
343: undefined reference to EVP_CIPHER_CTX_iv_length' /usr/bin/ld: /home/myhost/openssh-portable/openbsd-compat/libressl-api-compat.c:345: undefined reference to EVP_CIPHER_CTX_iv_length'
/usr/bin/ld: openbsd-compat//libopenbsd-compat.a(libressl-api-compat.o): in function EVP_CIPHER_CTX_set_iv': /home/myhost/openssh-portable/openbsd-compat/libressl-api-compat.c:372: undefined reference to EVP_CIPHER_CTX_iv_length'
/usr/bin/ld: /home/myhost/openssh-portable/openbsd-compat/libressl-api-compat.c:374: undefined reference to EVP_CIPHER_CTX_iv_length' ./libssh.a(cipher-chachapoly-libcrypto.o): in function chachapoly_new':
/home/myhost/openssh-portable/cipher-chachapoly-libcrypto.c:68: undefined reference to EVP_CIPHER_CTX_iv_length' collect2: error: ld returned 1 exit status /usr/bin/ld: make: *** [Makefile:220: hpnssh-agent] Error 1 make: *** Waiting for unfinished jobs.... ./libssh.a(digest-openssl.o): in function ssh_digest_blocksize':
/home/myhost/openssh-portable/digest-openssl.c:111: undefined reference to EVP_MD_block_size' /usr/bin/ld: make: *** [Makefile:229: hpnssh-pkcs11-helper] Error 1 ./libssh.a(cipher-ctr-mt.o): in function ssh_aes_ctr_init':
/home/myhost/openssh-portable/cipher-ctr-mt.c:581: undefined reference to EVP_CIPHER_CTX_key_length' /usr/bin/ld: /home/myhost/openssh-portable/cipher-ctr-mt.c:584: undefined reference to EVP_CIPHER_CTX_key_length'
/usr/bin/ld: /usr/bin/ld: ./libssh.a(cipher-ctr-mt.o): in function ssh_aes_ctr_init': /home/myhost/openssh-portable/cipher-ctr-mt.c:581: undefined reference to EVP_CIPHER_CTX_key_length'
/usr/bin/ld: /home/myhost/openssh-portable/cipher-ctr-mt.c:584: undefined reference to EVP_CIPHER_CTX_key_length' /usr/bin/ld: ./libssh.a(cipher-chachapoly-libcrypto.o): in function chachapoly_new':
/home/myhost/openssh-portable/cipher-chachapoly-libcrypto.c:68: undefined reference to EVP_CIPHER_CTX_iv_length' /usr/bin/ld: ./libssh.a(digest-openssl.o): in function ssh_digest_blocksize':
/home/myhost/openssh-portable/digest-openssl.c:111: undefined reference to EVP_MD_block_size' /usr/bin/ld: openbsd-compat//libopenbsd-compat.a(libressl-api-compat.o): in function EVP_CIPHER_CTX_get_iv':
/home/myhost/openssh-portable/openbsd-compat/libressl-api-compat.c:343: undefined reference to EVP_CIPHER_CTX_iv_length' /usr/bin/ld: /home/myhost/openssh-portable/openbsd-compat/libressl-api-compat.c:345: undefined reference to EVP_CIPHER_CTX_iv_length'
/usr/bin/ld: openbsd-compat//libopenbsd-compat.a(libressl-api-compat.o): in function EVP_CIPHER_CTX_set_iv': /home/myhost/openssh-portable/openbsd-compat/libressl-api-compat.c:372: undefined reference to EVP_CIPHER_CTX_iv_length'
/usr/bin/ld: /home/myhost/openssh-portable/openbsd-compat/libressl-api-compat.c:374: undefined reference to EVP_CIPHER_CTX_iv_length' /usr/bin/ld: openbsd-compat//libopenbsd-compat.a(libressl-api-compat.o): in function EVP_CIPHER_CTX_get_iv':
/home/myhost/openssh-portable/openbsd-compat/libressl-api-compat.c:343: undefined reference to EVP_CIPHER_CTX_iv_length' /usr/bin/ld: /home/myhost/openssh-portable/openbsd-compat/libressl-api-compat.c:345: undefined reference to EVP_CIPHER_CTX_iv_length'
/usr/bin/ld: openbsd-compat//libopenbsd-compat.a(libressl-api-compat.o): in function EVP_CIPHER_CTX_set_iv': /home/myhost/openssh-portable/openbsd-compat/libressl-api-compat.c:372: undefined reference to EVP_CIPHER_CTX_iv_length'
/usr/bin/ld: /home/myhost/openssh-portable/openbsd-compat/libressl-api-compat.c:374: undefined reference to EVP_CIPHER_CTX_iv_length' ssh-keygen.o: in function do_convert_from_pkcs8':
/home/myhost/openssh-portable/ssh-keygen.c:702: undefined reference to EVP_PKEY_base_id' /usr/bin/ld: /home/myhost/openssh-portable/ssh-keygen.c:725: undefined reference to EVP_PKEY_base_id'
/usr/bin/ld: /usr/bin/ld: collect2: error: ld returned 1 exit status
collect2: error: ld returned 1 exit status
make: *** [Makefile:217: hpnssh-add] Error 1
make: *** [Makefile:232: hpnssh-sk-helper] Error 1
./libssh.a(sshkey.o): in function sshkey_parse_private_pem_fileblob': /home/myhost/openssh-portable/sshkey.c:3447: undefined reference to EVP_PKEY_base_id'
/usr/bin/ld: /home/myhost/openssh-portable/sshkey.c:3464: undefined reference to EVP_PKEY_base_id' /usr/bin/ld: /home/myhost/openssh-portable/sshkey.c:3476: undefined reference to EVP_PKEY_base_id'
/usr/bin/ld: ./libssh.a(cipher-ctr-mt.o): in function ssh_aes_ctr_init': /home/myhost/openssh-portable/cipher-ctr-mt.c:581: undefined reference to EVP_CIPHER_CTX_key_length'
/usr/bin/ld: /home/myhost/openssh-portable/cipher-ctr-mt.c:584: undefined reference to EVP_CIPHER_CTX_key_length' ./libssh.a(sshkey.o): in function sshkey_parse_private_pem_fileblob':
/home/myhost/openssh-portable/sshkey.c:3447: undefined reference to EVP_PKEY_base_id'
Any ideas, In have checked dependencies as best as I can, no errors on the ./configure stage.
Thanks for any guidance.
connection problem with patch hpn-14.16 applied to openssh 7.9p1
I know OpenSSH 7.9p1 is beyond the head of the commits in this repository and newer than what is offered on sourceforge. Nevertheless I have tried to apply the patches to that version of openssh-portable. Patching went smooth and connections work mostly, except for a strange issue with some specific clients.
OpenSSH_6.6.1 with OpenSSL 1.0.1e-fips on CentOS Linux release 7.2.1511 for instance hangs upon login with RSA key.
The strange thing is that authentication works well, and even the motd is displayed but the prompt doesn't appear, and even killing the client with Ctrl+C doesn't work.
The same patches applied to OpenSSH 7.8p1 work fine, with the same client, and even the client side debug log when connecting with -v -v only differs in version numbers, one time stamp and the pointer to the key, everything else looks exactly the same.
Any ideas what it could be or how to debug this problem?
scp-hpn execs vanilla ssh
Build with default prefix and use EXEEXT=-hpn.
When you execute scp-hpn, you will find that under the hood it execs the vanilla ssh:
strace -f /usr/bin/scp-hpn -vvvv -P 8000 /etc/motd dm5:/tmp/ 2>&1 |grep exec
execve("/usr/bin/scp-hpn", ["/usr/bin/scp-hpn", "-vvvv", "-P", "8000", "/etc/motd", "dm5:/tmp"...], [/* 58 vars */]) = 0
[pid 14724] execve("/usr/bin/ssh", ["/usr/bin/ssh", "-x", "-oForwardAgent=no", "-oPermitLocalCommand=no", "-oClearAllForwardings=yes", "-oRemoteCommand=none", "-oRequestTTY=no", "-v", "-v", "-v", "-v", "-p", "8000", "--", "dm5", "scp -v -t /tmp/", ...], [/* 58 vars */]) = 0
Next I built with prefix=/home/walter/sw and EXEEXT=-hpn.
Now scp-hpn tries executing /home/walter/sw/bin/ssh, which is not installed:
$ strace -f ./scp-hpn -vvv /etc/issue localhost:/tmp/ 2>&1 |grep exec
execve("./scp-hpn", ["./scp-hpn", "-vvv", "/etc/issue", "localhost:/tmp/"], [/* 65 vars */]) = 0
[pid 29588] execve("/home/walter/sw/bin/ssh", ["/home/walter/sw/bin/ssh", "-x", "-oForwardAgent=no", "-oPermitLocalCommand=no", "-oClearAllForwardings=yes", "-oRemoteCommand=none", "-oRequestTTY=no", "-v", "-v", "-v", "--", "localhost", "scp -v -t /tmp/"], [/* 65 vars */]) = -1 ENOENT (No such file or directory)
Solution/workaround: build with a prefix dir dedicated to ssh-hpn, and use a blank EXEEXT.
I really do like having the extension -hpn on the command names, so hopefully you can make a fix.
SFTP Outstanding Requests
Does anyone see a problem with dramatically increasing the number of outstanding requests in sftp.c?
Currently, there is a message size of 32k and DEFAULT_NUM_REQUESTS = 256. This give 8MB of outstanding data. However, I've recently increased the maximum buffer size to 256MB for 40 and 100G connections (and it also seems to resolve the append_buffer_space problem). Since SFTP is limited to 8MB outstanding that necessarily limits the throughput on some classes of LFNs. However, I'm concerned about possibly over buffering and/or memory bloat in some situations as I don't really understand the sftp code as well as I should.
Anyway, I was thinking about increasing DEFAULT_NUM_REQUESTS to 2048 or 4096.
Thoughts?
AcceptENV options in sshd_config do not work
The AcceptENV LANG LC_* options in the sshd_config do not work in my setups (Debian 11.9 and 12.5 - amd64) using OpenSSH_9.7p1-hpn18.4.0 Debian-1ubuntu1, OpenSSL 3.0.11 19 Sep 2023 - hpnssh-server_9.7p1-hpn18.4.0-1ubuntu1_amd64.deb from the openSUSE repo.
The default OpenSSH-Server does not have this issue. I tried it with both OpenSSH-Client and PuTTY.
Output of the locales command:
LANG=
LANGUAGE=
LC_CTYPE="POSIX"
LC_NUMERIC="POSIX"
LC_TIME="POSIX"
LC_COLLATE="POSIX"
LC_MONETARY="POSIX"
LC_MESSAGES="POSIX"
LC_PAPER="POSIX"
LC_NAME="POSIX"
LC_ADDRESS="POSIX"
LC_TELEPHONE="POSIX"
LC_MEASUREMENT="POSIX"
LC_IDENTIFICATION="POSIX"
LC_ALL=
The correct output should look like this in my case:
LANG=de_DE.UTF-8
LANGUAGE=
LC_CTYPE="de_DE.UTF-8"
LC_NUMERIC="de_DE.UTF-8"
LC_TIME="de_DE.UTF-8"
LC_COLLATE="de_DE.UTF-8"
LC_MONETARY="de_DE.UTF-8"
LC_MESSAGES="de_DE.UTF-8"
LC_PAPER="de_DE.UTF-8"
LC_NAME="de_DE.UTF-8"
LC_ADDRESS="de_DE.UTF-8"
LC_TELEPHONE="de_DE.UTF-8"
LC_MEASUREMENT="de_DE.UTF-8"
LC_IDENTIFICATION="de_DE.UTF-8"
LC_ALL=
When switching to other accounts using su their variables appear correctly.
Temporary workaround: Add export LANG=de_DE.UTF-8 to ~/.profile
Thank You for providing HPNSSH. Your work is much appreciated.
Cannot adjust hpn_buffer_size for non-HPN connections
Following the docs in HPN-README
If an HPN system connects to a nonHPN system the receive buffer will
be set to the HPNBufferSize value. The default is 2MB but user adjustable.
I tried to set HPNBufferSize to a non-default value.
$ bin/ssh -v $HOSTNAME uname |& grep -i hpn
debug1: Local version string SSH-2.0-OpenSSH_9.3-hpn14v15
debug1: Remote is NON-HPN aware
debug1: HPN to Non-HPN Connection
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
$ bin/ssh -v -o HPNBufferSize=32 $HOSTNAME uname |& grep -i hpn
debug1: hpn_buffer_size set to 32768
debug1: Local version string SSH-2.0-OpenSSH_9.3-hpn14v15
debug1: Remote is NON-HPN aware
debug1: HPN to Non-HPN Connection
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
$ bin/ssh -v -o HPNBufferSize=4096 $HOSTNAME uname |& grep -i hpn
debug1: hpn_buffer_size set to 4194304
debug1: Local version string SSH-2.0-OpenSSH_9.3-hpn14v15
debug1: Remote is NON-HPN aware
debug1: HPN to Non-HPN Connection
debug1: Final hpn_buffer_size = 2097152
debug1: HPN Disabled: 0, HPN Buffer Size: 2097152
The remote endpoint here is SSH-2.0-OpenSSH_8.0, i.e. portable openssh 8.0p1 running on an RHEL 8 clone.
In all cases, the configured value is replaced by the default 2MiB.
Is there any way to override HPNBufferSize, when connecting to non-HPN sshd?
AES-CTR MT slower than vanilla
In my tests, the MT implementation of AES-CTR appears to be significantly slower than the implementation used in the current version of OpenSSH.
This is on a high end server:
Intel(R) Xeon(R) CPU E5-1650 v3, 6 cores @ 3.50GHz + HT (12 threads)
In a job that sends data from the server, to a receiving client:
ssh -c aes128-ctr -m [email protected] user@host dd if=/dev/zero bs=128k | dd of=/dev/null bs=128k
MT-AES-CTR on both sides:
2000846848 bytes transferred in 10.001863 secs (200047414 bytes/sec)
MT-AES-CTR on client side only:
2884976640 bytes transferred in 10.050173 secs (287057417 bytes/sec)
MT-AES-CTR on server side only:
2868396032 bytes transferred in 10.002210 secs (286776221 bytes/sec)
MT-AES-CTR disabled on both sides:
5973835776 bytes transferred in 10.001882 secs (597271167 bytes/sec)
I tried recompiling with CIPHER_THREADS increased from 2 to 4. It makes it use more CPU, but throughput only goes up fractionally to around 300 MB/s.
HPNSSH / OpenSSH bad window interaction
When streaming data over a 167ms RTT 10gps connection, throughput is highly variable.
My network is tuned to allow TCP receive window to autoscale up to 100MB, which is achievable and verified with iperf, stable over 1 minute.
I only have one high-bandwidth WAN to play with, so YMMV. If repro is difficult, please ask and I can run different tests.
Steps to reproduce
Baseline openssh client to openssh server
server-asia$ { ssh -o LogLevel=DEBUG2 -E DEBUG2.log server-europe 'cat /dev/zero' | pv -frtb > /dev/null; } |& tr '\r' '\n'
0.00 B 0:00:01 [0.00 B/s]
0.00 B 0:00:02 [0.00 B/s]
976KiB 0:00:03 [1.01MiB/s]
11.6MiB 0:00:04 [10.6MiB/s]
23.4MiB 0:00:05 [11.8MiB/s]
35.2MiB 0:00:06 [11.8MiB/s]
46.8MiB 0:00:07 [11.8MiB/s]
58.6MiB 0:00:08 [11.8MiB/s]
...
2.50GiB 0:03:40 [11.8MiB/s]
2.51GiB 0:03:41 [11.8MiB/s]
2.52GiB 0:03:42 [11.8MiB/s]
2.53GiB 0:03:43 [11.8MiB/s]
It just sticks at the same 11.8 MiB/s consistently, constrained by openssh's 1982464-byte channel window limit.
hpnssh client to openssh server
server-asia$ hpnssh -V
OpenSSH_9.5p1, OpenSSL 1.1.1k FIPS 25 Mar 2021
server-asia$ { hpnssh -o LogLevel=DEBUG2 -E DEBUG2.log server-europe 'cat /dev/zero' | pv -frtb > /dev/null; } |& tr '\r' '\n'
0.00 B 0:00:01 [0.00 B/s]
0.00 B 0:00:02 [0.00 B/s]
976KiB 0:00:03 [1.01MiB/s]
52.1MiB 0:00:04 [51.8MiB/s]
168MiB 0:00:05 [ 115MiB/s]
219MiB 0:00:06 [50.9MiB/s]
289MiB 0:00:07 [70.1MiB/s]
516MiB 0:00:08 [ 226MiB/s]
742MiB 0:00:09 [ 226MiB/s]
969MiB 0:00:10 [ 226MiB/s]
...
10.0GiB 0:00:51 [ 227MiB/s]
10.3GiB 0:00:52 [ 227MiB/s]
10.4GiB 0:00:53 [ 164MiB/s]
10.4GiB 0:00:54 [3.54MiB/s]
10.4GiB 0:00:55 [2.05MiB/s]
10.4GiB 0:00:56 [1.49MiB/s]
10.4GiB 0:00:57 [1.26MiB/s]
10.4GiB 0:00:58 [1.12MiB/s]
10.4GiB 0:00:59 [1.01MiB/s]
10.4GiB 0:01:00 [ 952KiB/s]
10.4GiB 0:01:01 [ 883KiB/s]
10.4GiB 0:01:02 [ 832KiB/s]
10.4GiB 0:01:03 [ 783KiB/s]
10.4GiB 0:01:04 [ 736KiB/s]
10.4GiB 0:01:05 [ 648KiB/s]
10.4GiB 0:01:06 [ 683KiB/s]
10.4GiB 0:01:07 [ 655KiB/s]
10.4GiB 0:01:08 [ 627KiB/s]
10.4GiB 0:01:09 [ 661KiB/s]
10.4GiB 0:01:10 [ 538KiB/s]
10.4GiB 0:01:11 [ 622KiB/s]
10.4GiB 0:01:12 [ 505KiB/s]
10.4GiB 0:01:13 [ 539KiB/s]
10.4GiB 0:01:14 [ 521KiB/s]
10.4GiB 0:01:15 [ 512KiB/s]
10.4GiB 0:01:16 [ 504KiB/s]
10.4GiB 0:01:17 [ 535KiB/s]
10.4GiB 0:01:18 [ 446KiB/s]
10.4GiB 0:01:19 [ 513KiB/s]
The sluggish performance in the hpnssh case is coincident with a reduction in the channel window, e.g.
debug2: channel 0: window 112178659 sent adjust 131072
debug2: tcpwinsz: tcp connection 4, Receive window: 104857600
debug2: channel 0: window 112178659 sent adjust 131072
debug2: tcpwinsz: tcp connection 4, Receive window: 104857600
debug2: channel 0: window 112178659 sent adjust 65536
debug2: tcpwinsz: tcp connection 4, Receive window: 104857600
debug2: channel 0: window 111719907 sent adjust 65536
debug2: tcpwinsz: tcp connection 4, Receive window: 104857600
debug2: channel 0: window 110671331 sent adjust 65536
debug2: tcpwinsz: tcp connection 4, Receive window: 104857600
debug2: channel 0: window 110474723 sent adjust 65536
debug2: tcpwinsz: tcp connection 4, Receive window: 104857600
debug2: channel 0: window 110278115 sent adjust 65536
debug2: tcpwinsz: tcp connection 4, Receive window: 104857600
debug2: channel 0: window 110081507 sent adjust 65536
debug2: tcpwinsz: tcp connection 4, Receive window: 104857600
debug2: channel 0: window 109884899 sent adjust 65536
debug2: tcpwinsz: tcp connection 4, Receive window: 104857600
debug2: channel 0: window 109688291 sent adjust 65536
debug2: tcpwinsz: tcp connection 4, Receive window: 104857600
debug2: channel 0: window 109491683 sent adjust 65536
debug2: tcpwinsz: tcp connection 4, Receive window: 104857600
debug2: channel 0: window 109295075 sent adjust 65536
debug2: tcpwinsz: tcp connection 4, Receive window: 104857600
debug2: channel 0: window 109098467 sent adjust 65536
debug2: tcpwinsz: tcp connection 4, Receive window: 104857600
debug2: channel 0: window 108901859 sent adjust 65536
debug2: tcpwinsz: tcp connection 4, Receive window: 104857600
debug2: channel 0: window 108705251 sent adjust 65536
debug2: tcpwinsz: tcp connection 4, Receive window: 104857600
There doesn't appear to be a specific trigger, but when in the pathological case, hpnssh will gradually reduce the channel window to near-zero.
Building on MacOS Failed
Hi,
Thanks for providing this patch to the community. When building on my Intel Macbook locally, I have the following failure.
% ./configure --with-sandbox=darwin --with-libedit --with-zlib --with-ldns --with-security-key-builtin --with-ssl-engine --with-pam --with-kerberos5 --with-ssl-dir=/usr/local/opt/libressl/ --with-cflags="-I/usr/local/opt/libressl/include" --with-cppflags="-I/usr/local/opt/libressl/include" --with-ldflags="-L /usr/local/opt/libressl/lib" && make
...
OpenSSH has been configured with the following options:
User binaries: /usr/local/bin
System binaries: /usr/local/sbin
Configuration files: /usr/local/etc
Askpass program: /usr/local/libexec/ssh-askpass
Manual pages: /usr/local/share/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
Manpage format: doc
PAM support: yes
OSF SIA support: no
KerberosV support: yes
SELinux support: no
libedit support: yes
libldns support: yes
Solaris process contract support: no
Solaris project support: no
Solaris privilege support: no
IP address in $DISPLAY hack: no
Translate v4 in v6 hack: no
BSD Auth support: no
Random number source: OpenSSL internal ONLY
Privsep sandbox style: darwin
PKCS#11 support: yes
U2F/FIDO support: built-in
Host: x86_64-apple-darwin21.5.0
Compiler: cc
Compiler flags: -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -I/usr/local/opt/libressl/include -fPIE
Preprocessor flags: -I/usr/local/opt/libressl//include -I/usr/local/opt/libressl/include -I/usr/local/Cellar/ldns/1.8.1/include -I/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/editline
Linker flags: -L/usr/local/opt/libressl//lib -fstack-protector-strong -L /usr/local/opt/libressl/lib -pie
Libraries: -lcrypto -lz -L/usr/local/opt/[email protected]/lib -L/usr/local/Cellar/ldns/1.8.1/lib -lcrypto -lldns -lresolv
+for sshd: -lsandbox -lpam -ldl
PAM is enabled. You may need to install a PAM control file
for sshd, otherwise password authentication may fail.
Example PAM control files can be found in the contrib/
subdirectory
conffile=`echo sshd_config.out | sed 's/.out$//'`; \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ./${conffile} > sshd_config.out
conffile=`echo ssh_config.out | sed 's/.out$//'`; \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ./${conffile} > ssh_config.out
conffile=`echo moduli.out | sed 's/.out$//'`; \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ./${conffile} > moduli.out
if test "doc" = "cat"; then \
manpage=./`echo hpnmoduli.5.out | sed 's/\.[1-9]\.out$/\.0/'`; \
else \
manpage=./`echo hpnmoduli.5.out | sed 's/\.out$//'`; \
fi; \
if test "doc" = "man"; then \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed | \
gawk -f ./mdoc2man.awk > hpnmoduli.5.out; \
else \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed > hpnmoduli.5.out; \
fi
if test "doc" = "cat"; then \
manpage=./`echo hpnscp.1.out | sed 's/\.[1-9]\.out$/\.0/'`; \
else \
manpage=./`echo hpnscp.1.out | sed 's/\.out$//'`; \
fi; \
if test "doc" = "man"; then \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed | \
gawk -f ./mdoc2man.awk > hpnscp.1.out; \
else \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed > hpnscp.1.out; \
fi
if test "doc" = "cat"; then \
manpage=./`echo hpnssh-add.1.out | sed 's/\.[1-9]\.out$/\.0/'`; \
else \
manpage=./`echo hpnssh-add.1.out | sed 's/\.out$//'`; \
fi; \
if test "doc" = "man"; then \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed | \
gawk -f ./mdoc2man.awk > hpnssh-add.1.out; \
else \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed > hpnssh-add.1.out; \
fi
if test "doc" = "cat"; then \
manpage=./`echo hpnssh-agent.1.out | sed 's/\.[1-9]\.out$/\.0/'`; \
else \
manpage=./`echo hpnssh-agent.1.out | sed 's/\.out$//'`; \
fi; \
if test "doc" = "man"; then \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed | \
gawk -f ./mdoc2man.awk > hpnssh-agent.1.out; \
else \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed > hpnssh-agent.1.out; \
fi
if test "doc" = "cat"; then \
manpage=./`echo hpnssh-keygen.1.out | sed 's/\.[1-9]\.out$/\.0/'`; \
else \
manpage=./`echo hpnssh-keygen.1.out | sed 's/\.out$//'`; \
fi; \
if test "doc" = "man"; then \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed | \
gawk -f ./mdoc2man.awk > hpnssh-keygen.1.out; \
else \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed > hpnssh-keygen.1.out; \
fi
if test "doc" = "cat"; then \
manpage=./`echo hpnssh-keyscan.1.out | sed 's/\.[1-9]\.out$/\.0/'`; \
else \
manpage=./`echo hpnssh-keyscan.1.out | sed 's/\.out$//'`; \
fi; \
if test "doc" = "man"; then \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed | \
gawk -f ./mdoc2man.awk > hpnssh-keyscan.1.out; \
else \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed > hpnssh-keyscan.1.out; \
fi
if test "doc" = "cat"; then \
manpage=./`echo hpnssh.1.out | sed 's/\.[1-9]\.out$/\.0/'`; \
else \
manpage=./`echo hpnssh.1.out | sed 's/\.out$//'`; \
fi; \
if test "doc" = "man"; then \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed | \
gawk -f ./mdoc2man.awk > hpnssh.1.out; \
else \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed > hpnssh.1.out; \
fi
if test "doc" = "cat"; then \
manpage=./`echo hpnsshd.8.out | sed 's/\.[1-9]\.out$/\.0/'`; \
else \
manpage=./`echo hpnsshd.8.out | sed 's/\.out$//'`; \
fi; \
if test "doc" = "man"; then \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed | \
gawk -f ./mdoc2man.awk > hpnsshd.8.out; \
else \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed > hpnsshd.8.out; \
fi
if test "doc" = "cat"; then \
manpage=./`echo hpnsftp-server.8.out | sed 's/\.[1-9]\.out$/\.0/'`; \
else \
manpage=./`echo hpnsftp-server.8.out | sed 's/\.out$//'`; \
fi; \
if test "doc" = "man"; then \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed | \
gawk -f ./mdoc2man.awk > hpnsftp-server.8.out; \
else \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed > hpnsftp-server.8.out; \
fi
if test "doc" = "cat"; then \
manpage=./`echo hpnsftp.1.out | sed 's/\.[1-9]\.out$/\.0/'`; \
else \
manpage=./`echo hpnsftp.1.out | sed 's/\.out$//'`; \
fi; \
if test "doc" = "man"; then \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed | \
gawk -f ./mdoc2man.awk > hpnsftp.1.out; \
else \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed > hpnsftp.1.out; \
fi
if test "doc" = "cat"; then \
manpage=./`echo hpnssh-keysign.8.out | sed 's/\.[1-9]\.out$/\.0/'`; \
else \
manpage=./`echo hpnssh-keysign.8.out | sed 's/\.out$//'`; \
fi; \
if test "doc" = "man"; then \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed | \
gawk -f ./mdoc2man.awk > hpnssh-keysign.8.out; \
else \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed > hpnssh-keysign.8.out; \
fi
if test "doc" = "cat"; then \
manpage=./`echo hpnssh-pkcs11-helper.8.out | sed 's/\.[1-9]\.out$/\.0/'`; \
else \
manpage=./`echo hpnssh-pkcs11-helper.8.out | sed 's/\.out$//'`; \
fi; \
if test "doc" = "man"; then \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed | \
gawk -f ./mdoc2man.awk > hpnssh-pkcs11-helper.8.out; \
else \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed > hpnssh-pkcs11-helper.8.out; \
fi
if test "doc" = "cat"; then \
manpage=./`echo hpnssh-sk-helper.8.out | sed 's/\.[1-9]\.out$/\.0/'`; \
else \
manpage=./`echo hpnssh-sk-helper.8.out | sed 's/\.out$//'`; \
fi; \
if test "doc" = "man"; then \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed | \
gawk -f ./mdoc2man.awk > hpnssh-sk-helper.8.out; \
else \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed > hpnssh-sk-helper.8.out; \
fi
if test "doc" = "cat"; then \
manpage=./`echo hpnsshd_config.5.out | sed 's/\.[1-9]\.out$/\.0/'`; \
else \
manpage=./`echo hpnsshd_config.5.out | sed 's/\.out$//'`; \
fi; \
if test "doc" = "man"; then \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed | \
gawk -f ./mdoc2man.awk > hpnsshd_config.5.out; \
else \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed > hpnsshd_config.5.out; \
fi
if test "doc" = "cat"; then \
manpage=./`echo hpnssh_config.5.out | sed 's/\.[1-9]\.out$/\.0/'`; \
else \
manpage=./`echo hpnssh_config.5.out | sed 's/\.out$//'`; \
fi; \
if test "doc" = "man"; then \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed | \
gawk -f ./mdoc2man.awk > hpnssh_config.5.out; \
else \
/usr/bin/sed -e 's|/etc/hpnssh/ssh_config|/usr/local/etc/hpnssh/ssh_config|g' -e 's|/etc/hpnssh/ssh_known_hosts|/usr/local/etc/hpnssh/ssh_known_hosts|g' -e 's|/etc/hpnssh/sshd_config|/usr/local/etc/hpnssh/sshd_config|g' -e 's|/usr/libexec|/usr/local/libexec|g' -e 's|/etc/shosts.equiv|/usr/local/etc/hpnssh/shosts.equiv|g' -e 's|/etc/hpnssh/ssh_host_key|/usr/local/etc/hpnssh/ssh_host_key|g' -e 's|/etc/hpnssh/ssh_host_ecdsa_key|/usr/local/etc/hpnssh/ssh_host_ecdsa_key|g' -e 's|/etc/hpnssh/ssh_host_dsa_key|/usr/local/etc/hpnssh/ssh_host_dsa_key|g' -e 's|/etc/hpnssh/ssh_host_rsa_key|/usr/local/etc/hpnssh/ssh_host_rsa_key|g' -e 's|/etc/hpnssh/ssh_host_ed25519_key|/usr/local/etc/hpnssh/ssh_host_ed25519_key|g' -e 's|/var/run/hpnsshd.pid|/var/run/hpnsshd.pid|g' -e 's|/etc/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/moduli|/usr/local/etc/hpnssh/moduli|g' -e 's|/etc/hpnssh/sshrc|/usr/local/etc/hpnssh/sshrc|g' -e 's|/usr/X11R6/bin/xauth|/opt/X11/bin/xauth|g' -e 's|/var/empty|/var/empty|g' -e 's|/usr/bin:/bin:/usr/sbin:/sbin|/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin|g' ${manpage} | /bin/bash ./fixalgorithms /usr/bin/sed > hpnssh_config.5.out; \
fi
(cd openbsd-compat && /Applications/Xcode.app/Contents/Developer/usr/bin/make)
cc -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -I/usr/local/opt/libressl/include -fPIC -I. -I.. -I. -I./.. -I/usr/local/opt/libressl//include -I/usr/local/opt/libressl/include -I/usr/local/Cellar/ldns/1.8.1/include -I/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/editline -DHAVE_CONFIG_H -c base64.c
cc -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -I/usr/local/opt/libressl/include -fPIC -I. -I.. -I. -I./.. -I/usr/local/opt/libressl//include -I/usr/local/opt/libressl/include -I/usr/local/Cellar/ldns/1.8.1/include -I/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/editline -DHAVE_CONFIG_H -c basename.c
cc -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -I/usr/local/opt/libressl/include -fPIC -I. -I.. -I. -I./.. -I/usr/local/opt/libressl//include -I/usr/local/opt/libressl/include -I/usr/local/Cellar/ldns/1.8.1/include -I/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/editline -DHAVE_CONFIG_H -c explicit_bzero.c
cc -g -O2 -pipe -Wunknown-warning-option -Qunused-arguments -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -Wformat-security -Wsizeof-pointer-memaccess -Wno-pointer-sign -Wno-unused-result -Wmisleading-indentation -fno-strict-aliasing -mretpoline -D_FORTIFY_SOURCE=2 -ftrapv -fno-builtin-memset -fstack-protector-strong -I/usr/local/opt/libressl/include -fPIC -I. -I.. -I. -I./.. -I/usr/local/opt/libressl//include -I/usr/local/opt/libressl/include -I/usr/local/Cellar/ldns/1.8.1/include -I/Library/Developer/CommandLineTools/SDKs/MacOSX10.15.sdk/usr/include/editline -DHAVE_CONFIG_H -c bcrypt_pbkdf.c
bcrypt_pbkdf.c:108:2: error: implicit declaration of function 'explicit_bzero' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
explicit_bzero(ciphertext, sizeof(ciphertext));
^
bcrypt_pbkdf.c:177:2: error: implicit declaration of function 'freezero' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
freezero(countsalt, saltlen + 4);
^
bcrypt_pbkdf.c:178:2: error: implicit declaration of function 'explicit_bzero' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
explicit_bzero(out, sizeof(out));
^
3 errors generated.
make[1]: *** [bcrypt_pbkdf.o] Error 1
make: *** [openbsd-compat/libopenbsd-compat.a] Error 2
It seems that the file order and includes in openbsd-compat dir is not correct. I tried to make some adjustments to openbsd-compat/Makefile.in but to no avail. Perhaps you could help me with this?
Best regards,
Kaji
14v13 patch shows version as 14v12
The version.h file in the below patch shows HPN version as 14v12 while the patch is 14v13:
https://sourceforge.net/projects/hpnssh/files/HPN-SSH%2014v13%207.5p1/openssh-7_5_P1-hpn-14.13.diff
tuning guide
Is there any chance of a tuning guide, specifically for SCP, such as how to cap a 10gbe line on NVME backed storage.
None cipher does not work in recent versions
The most recent version I could use the NoneSwitch with is tagged with hpn-6_8_P1. In more recent releases the server side hangs up when trying to connect using NoneEnabled and NoneSwitch. Tested on ArchLinux/ARM where ssh -v gives me OpenSSH_6.8p1-hpn14v6. It seems to depend on the hpn patch version since on my Gentoo/Intel box I can go up to 6.9 where they use the hpn patch version hpn14v5 in their openssh ebuild (OpenSSH_6.9p1-hpn14v5). Your hpn-6_9_P1 tag uses hpn14v7 which does not work.
MAC integrity failure
mac [email protected] is failing to pass the regression tests for the KitchenSink version of the code. There seems to be some sort of odd interaction that wasn't happening in 7.1p2. I believe it's some issue between the code for the none cipher switch and the aes_mt_ctr cipher. The aes-mt-ctr cipher works fine on it's own, it's only when that code set is incorporated with the null switch that we seem to have problems. As a work around please do not use ripemd160-etm until this issue is fixed.
Connection breaks on non-encrypted large transfers
Hi,
I've tried the new commit for 7.2p2 (6c21335), but the ssh connection breaks when the connection is rekeyed. Apparently after 1GB of data there is a rekey event and the client structure with available methods is corrupted.
Reproduceable:
`pwd`/sshd -p 2022 -ddddd > sshd.out 2>&1 &
dd if=/dev/zero bs=1M count=2048 | ssh -oNoneEnabled=yes -oNoneSwitch=yes -vvvvv -p 2022 0 "cat >/dev/null" > ssh.out 2>&1
==== output ssh:
debug2: channel 0: rcvd adjust 114688
debug2: tcpwinsz: 1061808 for connection: 3
debug2: tcpwinsz: 1061808 for connection: 3
debug2: tcpwinsz: 1061808 for connection: 3
debug3: ssh_packet_send2: rekex triggered
debug1: enqueue packet: 94
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug1: rekeying in progress
debug2: channel 0: rcvd adjust 114688
debug1: rekeying in progress
debug2: channel 0: rcvd adjust 114688
debug1: rekeying in progress
debug2: channel 0: rcvd adjust 114688
debug1: rekeying in progress
debug2: channel 0: rcvd adjust 114688
debug1: rekeying in progress
debug2: channel 0: rcvd adjust 114688
debug1: rekeying in progress
debug3: send packet: type 1
debug1: channel 0: free: client-session, nchannels 1
debug3: channel 0: status: The following connections are open:
#0 client-session (t4 r0 i0/0 o0/0 fd 4/5 cc -1)
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
debug3: fd 2 is not O_NONBLOCK
Connection to 0 closed by remote host.
Transferred: sent 1073877680, received 192228 bytes, in 20.7 seconds
Bytes per second: sent 51905161.8, received 9291.2
debug1: Exit status -1
==== end
==== output sshd.out
debug2: tcpwinsz: 1135260 for connection: 3
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug1: AUTH STATE IS 1
debug2: local server KEXINIT proposal
debug2: KEX algorithms: [email protected],ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],none,none
debug2: ciphers stoc: [email protected],aes128-ctr,aes192-ctr,aes256-ctr,[email protected],[email protected],none,none
debug2: MACs ctos: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,[email protected]
debug2: compression stoc: none,[email protected]
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer client KEXINIT proposal
debug2: KEX algorithms:
debug2: host key algorithms:
debug2: ciphers ctos: none
debug2: ciphers stoc: none
debug2: MACs ctos:
debug2: MACs stoc:
debug2: compression ctos:
debug2: compression stoc:
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: (no match)
Unable to negotiate with 127.0.0.1 port 45626: no matching key exchange method found. Their offer:
debug1: do_cleanup
==== end
OpenSSH 9.3p2 tags missing
I know changes were merged to support 9.3p2 - but the associated tags appear to be missing? (ie, there's no V_9_3_P2 tag from upstream, etc).
I know this is overloading the issue a bit - but any thoughts on availability of DynamicWindow patch tag for 9.3p2 or 9.4p1?
Debian bookworm package depends on nonexistent libcrypto.so
The Debian 12 packages at https://download.opensuse.org/repositories/home:/rapier1/Debian_12/amd64/ depend on libcrypto.so.1.1 which doesn't exist in Debian 12. The Bookworm libss3 package contains /usr/lib/x86_64-linux-gnu/libcrypto.so.3 intead.
There's no README in the above directory indicating the whereabouts of other required packages.
I attempted install by manually downloading the following files and using dpkg -i to install them.
- hpnssh-client_9.6p1-hpn18.3.1-1ubuntu1_amd64.deb
- hpnssh-server_9.6p1-hpn18.3.1-1ubuntu1_amd64.deb
- hpnssh-sftp-server_9.6p1-hpn18.3.1-1ubuntu1_amd64.deb
Bad configuration option: TCPRcvBufPoll
I compiled latest release openssh-portable-hpn-ServerLog-8_1_P1.
After build completed, I tested file update, all was OK.
Then I add 3 options in sshd_config as below:
NoneEnabled yes
NoneSwitch yes
TCPRcvBufPoll yes
Then start sshd, the error is as below:
[root@gst openssh-hpn]# /download/openssh-hpn/sbin/sshd -f /download/openssh-hpn/etc/sshd_config
/download/openssh-hpn/etc/sshd_config: line 108: Bad configuration option: NoneEnabled
/download/openssh-hpn/etc/sshd_config: line 109: Bad configuration option: NoneSwitch
/download/openssh-hpn/etc/sshd_config: line 110: Bad configuration option: TCPRcvBufPoll
/download/openssh-hpn/etc/sshd_config: terminating, 3 bad configuration options
ssh-hpn v14.16 hangs in multithreaded AES
Built hpn-ssh v14.16 on a SLES12 system like this:
./configure --prefix=$HOME/sw \
--with-privsep-path=/var/lib/empty \
--with-pam
make
make tests
The tests run for while, but hang on aes128-ctr:
...
test try ciphers: cipher [email protected] mac [email protected]
test try ciphers: cipher [email protected] mac [email protected]
test try ciphers: cipher aes128-ctr mac hmac-sha1
Killing the stuck process results the test failing, and then make tests will hang on the next test for aes128-ctr.
gdb backtrace on a stuck process looks like this:
(gdb) bt
#0 0x00007fdce71ceb7c in __lll_lock_wait () from /lib64/libpthread.so.0
#1 0x00007fdce71cc910 in pthread_cond_broadcast@@GLIBC_2.3.2 () from /lib64/libpthread.so.0
#2 0x000055f1662b4644 in stop_and_join_pregen_threads (c=c@entry=0x7fdce41a0010) at cipher-ctr-mt.c:246
#3 0x000055f1662b4768 in ssh_aes_ctr_cleanup (ctx=0x55f167074700) at cipher-ctr-mt.c:632
#4 0x00007fdce7f71c57 in EVP_CIPHER_CTX_cleanup () from /lib64/libcrypto.so.1.0.0
#5 0x00007fdce7f71d5e in EVP_CIPHER_CTX_free () from /lib64/libcrypto.so.1.0.0
#6 0x000055f1662b41e8 in cipher_free (cc=0x55f167077770) at cipher.c:447
#7 0x000055f1662bb38a in ssh_packet_close_internal (ssh=0x55f167074be0, do_close=do_close@entry=0) at packet.c:634
#8 0x000055f1662bb4cf in ssh_packet_clear_keys (ssh=<optimized out>) at packet.c:655
#9 0x000055f16628424e in do_child (ssh=ssh@entry=0x55f167074be0, s=s@entry=0x55f167079ee0,
command=command@entry=0x55f167077bb0 "true") at session.c:1545
#10 0x000055f166285d3c in do_exec_no_pty (ssh=0x55f167074be0, s=0x55f167079ee0, command=0x55f167077bb0 "true")
at session.c:513
#11 0x000055f1662872d5 in do_exec (ssh=ssh@entry=0x55f167074be0, s=s@entry=0x55f167079ee0, command=<optimized out>,
command@entry=0x55f167077bb0 "true") at session.c:756
So the origin of the bug seems to be the AES-MT patch in ssh-hpn.
System is SLES12 SP3:
$ cat /etc/os-release
NAME="SLES"
VERSION="12-SP3"
VERSION_ID="12.3"
PRETTY_NAME="SUSE Linux Enterprise Server 12 SP3"
ID="sles"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:12:sp3"
Software versions that come with SLES12:
libopenssl-devel-1.0.2j-60.46.1.x86_64
gcc-4.8-6.189.x86_64
Workaround: put disableMTaes=yes in sshd_config or build without the AES-MT patch.
But obviously then you don't get any speedup with the cipher.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.