This repository has been archived by the owner. It is now read-only.

openssh: Upgrade to 6.5p1 #274

wants to merge 1 commit into


None yet
9 participants

kruton commented Feb 12, 2014

Fixed the Apple Keychain and GSSKEX patches to apply to 6.5p1 as well.

openssh: Upgrade to 6.5p1
Fixed the Apple Keychain and GSSKEX patches to apply to 6.5p1 as well.

lox commented Feb 15, 2014

Worth noting that the Apple Keychain patch changes the standard -K to -M. See #242

omni-vi referenced this pull request Feb 22, 2014

openssh 6.5
Closes #273.

Signed-off-by: Adam Vandenberg <>


Asmod4n commented Feb 23, 2014


cebor commented Feb 25, 2014


omni-vi commented Feb 25, 2014

For everyone wanting to upgrade while this is not merged:

$> curl -O
$> brew upgrade ./openssh.rb

It worked for me.

@ghost ghost referenced this pull request Feb 26, 2014


openssh failed to build on 10.9.1 #280


adamv commented Feb 26, 2014

Please rebase this on master.

omni-vi commented Feb 26, 2014

The version of sshd build by this recipe doesn't accept connections. It quits with
ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261): image not found [preauth]

Looks like this problem:

omni-vi commented Feb 26, 2014

Debug output from homebrew opensshd OSX 10.9.2

host@user:/$ sudo /usr/local/sbin/sshd -D -d -d -d
debug2: load_server_config: filename /usr/local/etc/ssh/sshd_config
debug2: load_server_config: done config len = 268
debug2: parse_server_config: config /usr/local/etc/ssh/sshd_config len 268
debug3: /usr/local/etc/ssh/sshd_config:53 setting AuthorizedKeysFile .ssh/authorized_keys
debug3: /usr/local/etc/ssh/sshd_config:108 setting UsePrivilegeSeparation sandbox
debug1: sshd version OpenSSH_6.5, OpenSSL 1.0.1f 6 Jan 2014
debug1: private host key: #0 type 1 RSA
debug3: Incorrect RSA1 identifier
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type DSA
debug1: rexec_argv[0]='/usr/local/sbin/sshd'
debug1: rexec_argv[1]='-D'
debug1: rexec_argv[2]='-d'
debug1: rexec_argv[3]='-d'
debug1: rexec_argv[4]='-d'
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on
Server listening on port 22.
debug2: fd 5 setting O_NONBLOCK
debug3: sock_set_v6only: set socket 5 IPV6_V6ONLY
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: fd 6 clearing O_NONBLOCK
debug1: Server will not fork when running in debugging mode.
debug3: send_rexec_state: entering fd = 9 config len 268
debug3: ssh_msg_send: type 0
debug3: send_rexec_state: done
debug1: rexec start in 6 out 6 newsock 6 pipe -1 sock 9
debug1: inetd sockets after dupping: 5, 5
Connection from port 53639 on port 22
debug1: Client protocol version 2.0; client software version OpenSSH-keyscan
debug1: match: OpenSSH-keyscan pat OpenSSH* compat 0x04000000
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.5
debug2: fd 5 setting O_NONBLOCK
debug3: ssh_sandbox_init: preparing Darwin sandbox
debug2: Network child is on pid 4384
debug3: preauth child monitor started
debug3: privsep user:group 75:75 [preauth]
debug1: permanently_set_uid: 75/75 [preauth]
debug3: ssh_sandbox_child: starting Darwin sandbox [preauth]
ssh_sandbox_child: sandbox_init: dlopen(/usr/lib/libsandbox.1.dylib, 261): image not found [preauth]
debug1: do_cleanup [preauth]
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug1: Killing privsep child 4384

denji commented Mar 10, 2014


# the HPN patch needs this, so rewrite all other patches to support it, too
patch.args          -p1
patchfiles          launchd.patch \
                    pam.patch \
                    patch-sandbox-darwin.c-apple-sandbox-named-external.diff \
# We need a couple of patches
# - pam.patch
#   getpwnam(3) on OS X always returns "*********" in the pw_passwd field even
#   when run as root, so it can't be used for authentication. This patch just
#   forces the use of PAM regardless of the configuration.
# - patch-*-apple-sandbox-named-external.diff
#   Use Apple's sandbox_init(3) in addition to standard privilege separation.
#   This requires a sandbox profile (which we provide) and the sandbox_init(3)
#   call before the chroot(2) to privsep-path ($prefix/var/empty), or it will
#   fail to load the sandbox description and libsandbox.1.dylib.
variant hpn conflicts gsskex description {Apply high performance patch} {
    # is usually quick in
    # updating the HPN patch for new versions, take a look there, too.
    set hpn_patchfile       ${name}-${version}-hpnssh14v2.diff.gz
    patchfiles-append       ${hpn_patchfile}
    checksums-append        ${hpn_patchfile} \
                            rmd160  5a7203fffee510b2ae6737af074fec2834bae122 \
                            sha256 be6915130f2b1aad00235e02d55b67114dbb517b13d04d52a8abac9343166efd

jacknagel commented Mar 17, 2014

Updated to 6.6p1 in 4ceb4c3, pull requests with updated patches are welcome.

@jacknagel jacknagel closed this Mar 17, 2014

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.