• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

SSH HPN-Patch gone?

Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
8 Posts 4 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B
    badger
    last edited by Dec 15, 2014, 12:29 PM

    Hi everybody.

    It seems that in 2.2Beta the SSH-HPN-Patch no longer is available as it isn't listed when I call "ssh -V". Is there a reason for that?
    Is there any chance to get a package without having to compile it manually - as we ain't got much bsd-experience.

    Any help is greatly appreciated.

    Thank you very much.

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Dec 15, 2014, 7:17 PM

      We did not do anything special for that as far as I can see. We used what FreeBSD already had in place.

      Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • B
        badger
        last edited by Dec 17, 2014, 10:10 AM

        Oh I see. Is there any chance you will integrate it? That would be awesome.
        Tried it myself but failed miserably  ;D

        1 Reply Last reply Reply Quote 0
        • C
          cmb
          last edited by Dec 17, 2014, 10:13 PM

          There is nothing to integrate, stock FreeBSD 9 and newer have it built-in, it's there.

          1 Reply Last reply Reply Quote 0
          • B
            badger
            last edited by Dec 19, 2014, 9:20 AM

            hi.

            not quite sure if I get this rightโ€ฆ
            that means pfSense 2.2 is supposed to already have an HPN-patched ssh-version? 'SSH -V' does not show anything in this regard. Trying to use typical command line arguments (e.g. '-oHPNBufferSize=xx') does not work either?!

            Maybe I can eventually somehow compile this myself - but I suppose the next update including openssh will just overwrite it?

            thank you =)

            1 Reply Last reply Reply Quote 0
            • C
              charliem
              last edited by Dec 19, 2014, 11:52 AM

              @badger:

              that means pfSense 2.2 is supposed to already have an HPN-patched ssh-version? 'SSH -V' does not show anything in this regard. Trying to use typical command line arguments (e.g. '-oHPNBufferSize=xx') does not work either?!

              Hmm, I had not heard of this patch-set.  I guess this is what you are referring to: http://www.psc.edu/index.php/hpn-ssh ?  Those patches are definitely not in pfSense.  Were they ever included in the past, as a separate package perhaps?

              Maybe I can eventually somehow compile this myself - but I suppose the next update including openssh will just overwrite it?

              Yes, and yes.  Perhaps the easiest way would be to use a stock FreeBSD 10.1 VM, build the modified binaries in the VM, then copy them over to your pfSense machine.  But that's not a long term or scalable solution.

              I am curious why you think they are necessary; do you have test results?  AFAIK it does not matter to clients passing data through the pfSense machine, only if you use pfSense as an endpoint.  Do you really pass that much data to or from your firewall, rather than through it?

              This does worry me a little:

              The patches are pretty much straight forward ports except for some minor changes in the cipher subsystem

              There are no minor changes to cipher subsystems.

              1 Reply Last reply Reply Quote 0
              • J
                jimp Rebel Alliance Developer Netgate
                last edited by Dec 19, 2014, 12:44 PM

                They were never added to pfSense by us.

                FreeBSD had them back in the 8.x days, and in 9.x from what I see. It's unclear if they are still there on 10.x.

                They are definitely options in the security/openssh-portable port, though I'm not sure I'd recommend fussing with that. It should work in theory, but if it installs to /usr/local/ like a good port should, then our scripts probably would not set it up or launch it properly.

                Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • C
                  cmb
                  last edited by Dec 19, 2014, 6:02 PM

                  It should be there already, no need to do anything. The HPN-related options are accepted in sshd_config, and default is enabled.
                  https://github.com/freebsd/freebsd/blob/master/crypto/openssh/README.hpn

                  I think you're just expecting behavior that only exists in the patch set, and not the later merged implementation in FreeBSD.

                  1 Reply Last reply Reply Quote 0
                  8 out of 8
                  • First post
                    8/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received