OpenBSD Journal

[c2k8]: Hackathon Summary Part 3

Contributed by mtu on from the why-is-everyone-so-loud dept.

c2k8 General Hackathon (Part 3) - June 7-15, 2008, Edmonton, Alberta, Canada

At the end of the c2k8 hackathon, I sent out an email to all the developers asking for a summary report in their own words. I leave it up to them to be as verbose as they want to be. In general, I can usually fit two developers into one article to get the optimal number of words, as it is a fine balance between information overload and not enough information. The most important thing to me is never to belittle what the developers do for us. That is, I feel that each developer should have their own spotlight. In fact, if I could, each developer would have a summary article on undeadly solely dedicated to their work, rather than bunch a half dozen or so developers into one article.


Read on to understand what "Shut up and hack!" really means:

darren tucker

OpenBSD is a labour of love. Developers are all busy with their work and family life, so we owe them a lot of gratitude for taking the time, energy and commitment to keep on developing OpenBSD and related projects and making sure the man pages are current (big thanks to Jason McIntyre, jmc@). If I don't get a summary or even if it is a short little blurb from memory, who am I to complain? Some people may not want to be in the limelight and may prefer a little privacy. For all I know, they may just be too busy (which is usually the case). This is exactly what happened with Reyk Floeter (reyk@) after the n2k8 hackathon but nicely recapped by Paul de Weerd. As such, I usually have little choice but to put a couple of developers in the same article. There are exceptions. Interestingly enough, I've noticed that those who do send me a sizeable write-up have a few things in common: They are generally very quiet at hackathons, they work on OpenSSH, they're brilliant and they come from down-under!

I believe that this was Darren's first big hackathon. I remembered vividly when he arrived; dead tired from being on a plane, for what must have been around 24 hours, and jet lagged. Well, what does he do? He jumps onto a table and starts hacking for a few hours! I thought that I saw a moment where he dozed off whilst his fingers kept moving. ;-)

On a more serious note (actually, I was serious), there are two companies that seemed to have employed a whole lot of OpenBSD developers. Both of these companies start with "G" and have been super supportive of the Project. I do want to say a special thanks to Google for supporting and allowing their employees, Darren Tucker (dtucker@), Damien Miller (djm@), Chris Kuethe (ckuethe@) and Peter Valchev (pvalchev@) to attend the hackathon. I would argue that it is the biggest contribution that any company could make to support the OpenBSD Project. Hackathons are like the oil that runs the OpenBSD development engine; without them, progress would... well, let's just say that it is the reason very few other Projects makes a release every six months.

After catching up with Darren, I found out something funny or should I say amusing. You would think that Google would be utilizing Darren's skills as a hard-core developer, but no. He's a Site Reliability Engineer for Google in Australia! Go figure. I don't know what to think of this. Well, I know quite a lot of developers that are awesome System Administrators as well but you have to wonder if they missed something in his interview. :-)

Here is what Darren had to say about his time and work at the c2k8 hackathon:


A brief recap on the OpenSSH development process: platform-independent features are first applied to OpenBSD (even if they were developed on another platform), then the changes are synced periodically to the portable version.

This sync is partially automated, but it still requires a human to drive it and fix any conflicts or problems during the process. Because of the possibility of conflicts, we prefer to keep the platform-specific changes in separate files (Damien's presentation is an excellent overview on the various methods and their merits).

During the hackathon we made 69 different commits to OpenBSD' s ssh/, which were synced to -portable in 6 batches. In addition, we made 19 separate -portable only changes. Each commit varied in size from a one-line trivial change to an entire new feature including documentation.

In addition to testing on OpenBSD, we were doing automated testing on 9 other platforms in approximately 20 different configurations using Mozilla's Tinderbox and some scripts (the number of configurations listed varies depending on what we have running at the time).

Even with the tinderbox and the machines behind it, we only have access to a fraction of the platforms and configurations that OpenSSH runs on. OpenSSH has a voluntary survey program, accessed at build time by "make survey" and "make send-survey". We use this data to help make decisions about things like whether or not we should deprecate certain things.

Based on the survey data, OpenSSH portable runs on at least AIX, Cygwin, Darwin, DragonFly, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OSF1, OpenBSD, QNX, SCO_SV, Solaris, SunOS, UNIX_SV, Ultrix, UnixWare, sco42 and syllable. The OpenSSH developers have access to a bit over half of these platforms that we have data on, and we rely on the user community to help us test and fix bugs, especially on the platforms that we don't have access to (and in some cases have never seen).

[author's note: For reference, the changelog from -portable is below this message, which shows both sets of changes. The changelog is reverse chronological order, however my description will be chronological order. Most OpenSSH bugs and enhancement requests are tracked in Damien's bugzilla. Where bug numbers ("bz#") can be linked to with[bugno]. ]

Enough with the preamble, now to what went on with regard to OpenSSH at the hackathon:

New features

The OpenSSH table

  • CIDR notation: Damien added support in sshd_config Match blocks and authorized_keys file key options for CIDR notation, so you can specify network blocks using notation such as rather than 10.*.*.*. This is both clearer (it can't be confused with a hostname such as, although sshd already took steps to prevent that) and more precise (e.g. you can specify networks where the mask is not on the byte boundary, e.g. This also works with IPv6 addresses on IPv6 capable platforms.
  • sshd(8) extended test mode: sshd now takes two additional options: -T (extended test mode) and -C (connection parameters to be applied). When -T is supplied, sshd does all of its regular startup including command line and config file parsing, then outputs the effective configuration. For example:
    /usr/sbin/sshd -T -C user=deraadt -C -C addr= 
    would show the options that would be in effect if Theo connected to the machine from cvs. This is primarily useful for testing (in fact, both of the new regression tests use it) but it's also useful for validating non-trivial config files that have multiple Match blocks.
  • "Random Art" host key fingerprints: Alexander von Gernler (grunk@) added a new fingerprint display method that is in a form hopefully more recognisable than hexidecimal numbers to us humans. See SSH Fingerprint Visualization Support for details.
  • Multiplexing fallback: Damien added a fallback mode to ssh(1)'s ControlMaster multiplexing mode, so that if the new client can't connect to the ControlMaster, it will fall back to making its own TCP connection after logging a warning. This should make connection multiplexing more robust in case of failures.
  • no-more-sessions: Damien added a protocol extension that disables multiple session support on the server if the client does not intend to ever open more sessions. This will cause the server to terminate the session if more sessions are requested after that point (for example if the client has been compromised by something like SSH'jack. Because of the nice extension mechanism in the SSH2 protocol this is backward compatible (ie connections to servers that don't support this still work, but do not benefit from the additional protection).
  • sshd's MaxAuthTries can now be used inside a Match block.
  • Client-side request queues: Damien added a queuing method for the client's protocol messages and their expected replies. This makes handling failures of port forwarding requests more reliable, and provides a framework that enable better handling of unexpected request failures in the future.


Will Cook for ...

All of the new features added should work on any supported platform, but porting to many platforms is a series of challenges and trade offs.

The "" sftp extension that was added shortly before the hackathon provided a good example of this. This extension provides a way to get filesystem utilization data from the server which is not possible using just the version of the sftp-protocol that OpenSSH implements (it's the mechanism behind sftp(1)'s new "df" command).

At the start of the hackathon it wouldn't compile on some platforms, either due to differences in the statvfs(3) structure, or because the platforms don't have statvfs at all.

First, we disabled statvfs on platforms that didn't have the function at all. This is not ideal because it meant extra #ifdefs in the source, but it at least allowed sftp and sftp-server to build again. Because the client used the statvfs structure to store the response from the server, it also had the side effect of disabling the function in the client.

Next, we added a null implementation of statvfs to -portable's compatibility layer, which simply returned ENOSYS ("function not implemented"). This allowed us to remove the #ifdefs while still allowing it to build on the older platforms that didn't have a native statvfs. This function can later be extended to provide the statvfs information on platforms that don't provide it natively (e.g. via the older statfs call).

Returning ENOSYS also made us realise that the function in sftp-server that converts the system's errno into sftp protocol messages didn't understand ENOSYS, and replied with a generic failure message. We taught it to reply the more appropriate SSH2_FX_OP_UNSUPPORTED (which is an example of how porting can also improve the main OpenBSD codebase).

The next problem was the differing statvfs structures. As defined in POSIX, this structure has a member f_fsid which is of type fsid_t. On most platforms, fsid_t is an integer, long, or long long type, however on AIX it's a 2-element array of longs. This means that we can't directly assign to or from it, so we added a compatibility macro FSID_TO_ULONG to convert it for us and a configure test that knows when to turn it on.

Theo also pointed out that using a native fsid_t to store this on the client could potentially lead to truncation in the case where the server's fsid_t was bigger than the client's. Because of this, we made the fields all 64 bit on the wire and added a local structure in protocol format in the client to hold the replies from the server.

None of these issues were particularly unique, but provide a good example of the issues faced when supporting OpenSSH on many varied platforms.


Many of the man(1) pages were updated (including, of course, documentation for the new features), plus the PROTOCOL file documents the SSHv2 protocol extensions employed by OpenSSH.

Regression tests

Two new test sets were added, to test the new CIDR matching and extended test mode. Some of the existing tests were tuned to make them faster or more portable.

Various bugs fixed (from

#1461: Spurious error messages when using ChrootDirectory and a user's home directory does not exist within the chroot(2).

#1463: hang-on-exit on Solaris. This actually turned out to be due to an invalid assumption that isatty(ptymaster) returns true. This is another example of portability benefiting the main codebase.

#1240: Improvements to the sigaction functions in -portable's compatibility code. It's unlikely to be used on any extant platform though.

#1471: Ensure sshd does not hang if authorized_keys or .shosts are named pipes.

#1464: Due to the way SO_REUSEADDR is handled on some systems, it was possible to intercept X11 connections under some conditions if you had access to those server systems and X11UseLocalhost had been set to "no" in sshd_config.

#1472: authorized_keys key restrictions were incorrectly applied to non- key authentications.

#1276: Some libgssapi's weren't usable by OpenSSH, avoid them.

#859: Passing the string "0" to getaddrinfo could slow it down needlessly in some configurations.

#1331: Add ~Z and ~& escape character support to multiplex slaves.

#1363: Protocol keepalives are not sent during key renegotiation and network problems could cause stalls. Now the keepalive time is applied during renegotiation too.

#1241: Support for Tru64's SIA password expiry method, contrinuted by Scott Bailey.

(and possibly some that I missed.)

OpenSSH changelog from during the hackathon:

- (dtucker) OpenBSD CVS Sync
   - 2008/06/16 13:22:53
     [session.c channels.c]
     Rename the isatty argument to is_tty so we don't shadow
     isatty(3). ok markus@
- (dtucker) [channels.c] isatty -> is_tty here too.

- (dtucker) [] Enable -fno-builtin-memset when using gcc.
- OpenBSD CVS Sync
   - 2008/06/14 15:49:48
     wrap long line at 80 chars
   - 2008/06/14 17:07:11
     ensure default umask disallows at least group and world write; ok djm@
   - 2008/06/14 18:33:43
     suppress the warning message from chdir(homedir) failures
     when chrooted (bz#1461); ok dtucker
   - 2008/06/14 19:42:10
     Mention that scp follows symlinks during -r. bz #1466,
     from nectar at apple
   - 2008/06/15 16:55:38
     MaxSessions is allowed in a Match block too
   - 2008/06/15 16:58:40
     [servconf.c sshd_config.5]
     Allow MaxAuthTries within a Match block. ok djm@
   - 2008/06/15 20:06:26
     [channels.c channels.h session.c]
     don't call isatty() on a pty master, instead pass a flag down to
     channel_set_fds() indicating that te fds refer to a tty. Fixes a
     hang on exit on Solaris (bz#1463) in portable but is actually
     a generic bug; ok dtucker deraadt markus

- (djm) [openbsd-compat/sigact.c] Avoid NULL derefs in ancient sigaction
   replacement code; patch from ighighi AT in bz#1240;
   ok dtucker

- (dtucker) OpenBSD CVS Sync
   - 2008/06/13 09:44:36
     compile on older gcc; no decl after code
   - 2008/06/13 13:56:59
     Clear key options in the monitor on failed authentication, prevents
     applying additional restrictions to non-pubkey authentications in
     the case where pubkey fails but another method subsequently succeeds.
     bz #1472, found by Colin Watson, ok markus@ djm@
   - 2008/06/13 14:18:51
     [auth2-pubkey.c auth-rhosts.c]
     Include unistd.h for close(), prevents warnings in -portable
   - 2008/06/13 17:21:20
     Friendlier error messages for mux fallback. ok djm@
   - 2008/06/13 18:55:22
     Prevent -Wsign-compare warnings on LP64 systems.
     bz #1192, ok deraadt@
   - 2008/06/13 20:13:26
     Explain the use of SSH fpr visualization using random art, and cite
     the original scientific paper inspiring that technique.
     Much help with English and nroff by jmc@, thanks.
- (dtucker) [] Bug #1276: avoid linking against libgssapi,
   which despite its name doesn't seem to implement all of GSSAPI.
   Patch from Jan Engelhardt, sanity checked by Simon Wilkinson.

- (dtucker) OpenBSD CVS Sync
   - 2008/06/11 07:30:37
     kill trailing whitespace;
   - 2008/06/11 21:01:35
     [ssh_config.5 key.h readconf.c readconf.h ssh-keygen.1 ssh-keygen.c
     key.c sshconnect.c]
     Introduce SSH Fingerprint ASCII Visualization,
     a technique inspired by the graphical hash
     visualization schemes known as "random art",
     and by Dan Kaminsky's musings on the subject
     during a BlackOp talk at the 23C3 in Berlin.
     Scientific publication (original paper):
     "Hash Visualization:
     a New Technique to improve Real-World Security",
     Perrig A. and Song D., 1999, International Workshop on Cryptographic
     Techniques and E-Commerce (CrypTEC '99)
     The algorithm used here is a worm crawling over a discrete plane,
     leaving a trace (augmenting the field) everywhere it goes.
     Movement is taken from dgst_raw 2bit-wise. Bumping into walls
     makes the respective movement vector be ignored for this turn,
     thus switching to the other color of the chessboard.
     Graphs are not unambiguous for now, because circles in
     graphs can be walked in either direction.
     discussions with several people,
     help, corrections and ok markus@ djm@
   - 2008/06/11 21:38:25
     ssh-keygen -lv -f /etc/ssh/ would
     not display you the random art as intended, spotted by canacar@
   - 2008/06/11 22:20:46
     [ssh-keygen.c ssh-keygen.1]
     ssh-keygen would write fingerprints to STDOUT, and random art to
     STDERR, that is not how it was envisioned.
     Also correct manpage saying that -v is needed along with
     -l for it to work. spotted by naddy@
   - 2008/06/11 23:02:22
     simpler way of computing the augmentations; ok grunk@
   - 2008/06/11 23:03:56
     CheckHostIP set to ``fingerprint'' will display both
     hex and random art spotted by naddy@
   - 2008/06/11 23:51:57
     #define statements that are not atoms need braces around
     them, else they will cause trouble in some cases.
     Also do a computation of -1 once, and not in a loop several times.
     spotted by otto@
   - 2008/06/12 00:03:49
     [dns.c canohost.c sshconnect.c]
     Do not pass "0" strings as ports to getaddrinfo because the lookups
     can slow things down and we never use the service info anyway. bz
     #859, patch from YOSHIFUJI Hideaki and John Devitofranceschi. ok
     deraadt@ djm@
     djm belives that the reason for the "0" strings is to ensure that
     it's not possible to call getaddrinfo with both host and port being
     NULL. In the case of canohost.c host is a local array. In the
     case of sshconnect.c, it's checked for null immediately before use.
     In dns.c it ultimately comes from ssh.c:main() and is guaranteed to
     be non-null but it's not obvious, so I added a warning message in
     case it is ever passed a null.
   - 2008/06/12 00:13:55
     Make ssh print the random art also when ssh'ing to a host using
     IP only. spotted by naddy@, ok and help djm@ dtucker@
   - 2008/06/12 00:13:13
     use an odd number of rows and columns and a separate
     start marker, looks better; ok grunk@
   - 2008/06/12 03:40:52
     [clientloop.h mux.c channels.c clientloop.c channels.h]
     Enable ~ escapes for multiplex slave sessions; give each channel
     its own escape state and hook the escape filters up to muxed
     channels. bz #1331
     Mux slaves do not currently support the ~^Z and ~& escapes.
     NB. this change cranks the mux protocol version, so a new ssh
     mux client will not be able to connect to a running old ssh
     mux master.
     ok dtucker@
   - 2008/06/12 04:06:00
     [clientloop.h ssh.c clientloop.c]
     maintain an ordered queue of outstanding global requests that we
     expect replies to, similar to the per-channel confirmation queue.
     Use this queue to verify success or failure for remote forward
     establishment in a race free way.
     ok dtucker@
   - 2008/06/12 04:17:47
     thall shalt not code past the eightieth column
   - 2008/06/12 04:24:06
     thal shalt not code past the eightieth column
   - 2008/06/12 05:15:41
     document forwarding method
   - 2008/06/12 05:32:30
     some more TODO for me
   - 2008/06/12 05:42:46
     supply the key type (rsa1, rsa, dsa) as a caption in the frame of the
     random art. while there, stress the fact that the field base should at
     least be 8 characters for the pictures to make sense.
     comment and ok djm@
   - 2008/06/12 06:32:59
     We already mark the start of the worm, now also mark the
     end of the worm in our random art drawings.
     ok djm@
   - 2008/06/12 15:19:17
     [clientloop.h channels.h clientloop.c channels.c mux.c]
     The multiplexing escape char handler commit last night introduced a
     small memory leak per session; plug it.
   - 2008/06/12 16:35:31
     [ssh_config.5 ssh.c]
     keyword expansion for localcommand. ok djm@
   - 2008/06/12 19:10:09
     [ssh_config.5 ssh-keygen.1]
     tweak the ascii art text; ok grunk
   - 2008/06/12 20:38:28
     [sshd.c sshconnect.c packet.h misc.c misc.h packet.c]
     Make keepalive timeouts apply while waiting for
     a packet, particularly during key renegotiation (bz #1363).
     With djm and Matt Day, ok djm@
   - 2008/06/12 20:47:04
     print extension revisions for extensions that we understand
   - 2008/06/12 21:06:25
     I was coalescing expected global request confirmation replies at
     the wrong end of the queue - fix; prompted by markus@
   - 2008/06/12 21:14:46
     make ssh-keygen -lf show the key type just as ssh-add -l would do it
     ok djm@ markus@
   - 2008/06/12 22:03:36
     add my copyright, ok djm@
   - 2008/06/12 23:24:58
     tweak wording in message, ok deraadt@ jmc@
   - 2008/06/13 00:12:02
     [sftp.h log.h]
     replace __dead with __attribute__((noreturn)), makes things
     a little easier to port. Also, add it to sigdie(). ok djm@
   - 2008/06/13 00:16:49
     fall back to creating a new TCP connection on most multiplexing
     errors (socket connect fail, invalid version, refused
     permittion, corrupted messages, etc.); bz #1329 ok dtucker@
   - 2008/06/13 00:47:53
     upcast size_t to u_long to match format arg; ok djm@
   - 2008/06/13 00:51:47
     upcast another size_t to u_long to match format
   - 2008/06/13 01:38:23
     upcast uid to long with matching %ld, prevents warnings in portable
   - 2008/06/13 04:40:22
     [auth2-pubkey.c auth-rhosts.c]
     refuse to read ~/.shosts or ~/.ssh/authorized_keys that are not
     regular files; report from Solar Designer via Colin Watson in bz#1471
     ok dtucker@ deraadt
- (dtucker) [clientloop.c serverloop.c] channel_register_filter now
   takes 2 more args. with djm@
- (dtucker) [defines.h] Bug #1112: __dead is, well dead. Based on a patch
   from Todd Vierling.
- (dtucker) [auth-sia.c] Bug #1241: support password expiry on Tru64
   SIA systems. Patch from R. Scott Bailey.
- (dtucker) [umac.c] STORE_UINT32_REVERSED and endian_convert are
   never used on big endian machines, so ifdef them for little-endian
   only to prevent unused function warnings on big-endians.
- (dtucker) [openbsd-compat/setenv.c] Make offsets size_t to prevent
   compiler warnings on some platforms.
   Based on a discussion with otto@

- (djm) [channels.c]
   Do not set SO_REUSEADDR on wildcard X11 listener
   (X11UseLocalhost=no) bz#1464; ok dtucker

- (dtucker) OpenBSD CVS Sync
   - 2008/06/10 03:57:27
     [servconf.c match.h sshd_config.5]
     support CIDR address matching in sshd_config "Match address"
     blocks, with full support for negation and fall-back to
     classic wildcard matching. For example:
     Match address,3ffe:ffff::/32,!10.*
     PasswordAuthentication yes
     addrmatch.c code mostly lifted from flowd's addr.c
     feedback and ok dtucker@
   - 2008/06/10 04:17:46
     better reference for pattern-list
   - 2008/06/10 04:50:25
     [sshd.c channels.h channels.c log.c servconf.c log.h servconf.h sshd.8]
     Add extended test mode (-T) and connection
     parameters for test mode (-C).
     -T causes sshd to write its effective configuration to stdout and exit.
     -C causes any relevant Match rules to be applied before output. The
     combination allows tesing of the parser and config files.
     ok deraadt djm
   - 2008/06/10 07:12:00
     tweak previous;
   - 2008/06/10 08:17:40
     [sshd.8 sshd.c]
     - update usage()
     - fix SYNOPSIS, and sort options
     - some minor additional fixes
   - 2008/06/09 18:06:32
     Don't generate putty keys if we're not going to use them. ok djm
   - 2008/06/10 05:23:32
     [regress/ regress/Makefile]
     Regress test for Match CIDR rules. ok djm@
   - 2008/06/10 15:21:41
     Use a more portable construct for checking
     if we're running a putty test
   - 2008/06/10 15:28:49
     Add quotes
   - 2008/06/10 18:21:24
     clarify that Host patterns are space-separated. ok deraadt
   - 2008/06/10 22:15:23
     [PROTOCOL ssh.c serverloop.c]
     Add a global request extension that
     the client sends when it knows that it will never request another
     session (i.e. when session multiplexing is disabled). This allows
     a server to disallow further session requests and terminate the
     session. Why would a non-multiplexing client ever issue
     additional session requests? It could have been attacked
     with something like SSH'jack:
     feedback & ok markus
   - 2008/06/10 23:06:19
     [auth-options.c match.c servconf.c addrmatch.c sshd.8]
     support CIDR address matching in .ssh/authorized_keys from="..."
     stanzas ok and extensive testing dtucker@
   - 2008/06/10 23:21:34
     Use '\0' for a nul byte rather than unadorned 0. ok djm@
   - 2008/06/10 23:13:43
     [Makefile regress/]
     Add regress test for key options. ok djm@
- (dtucker) [openbsd-compat/fake-rfc2553.h] Add sin6_scope_id
   to sockaddr_in6
   since the new CIDR code in addmatch.c references it.
- (dtucker) [ regress/] Skip IPv6
   specific tests on platforms that don't do IPv6.
- (dtucker) [] Define TEST_SSH_IPV6 in make's arguments
   as well as environment.
- (dtucker) [] Move addrmatch.o to libssh.a where it's
   needed now.

- (dtucker) OpenBSD CVS Sync
   - 2008/06/08 17:04:41
     Add case for ENOSYS in errno_to_portable; ok deraadt
   - 2008/06/08 20:15:29
     [sftp.c sftp-client.c sftp-client.h]
     Have the sftp client store the statvfs replies in wire format,
     which prevents problems when the server's native sizes exceed the
     Also extends the sizes of the remaining 32bit wire format to 64bit,
     they're specified as unsigned long in the standard.
   - 2008/06/09 13:02:39
     Extend 32bit -> 64bit values for statvfs extension missed in previous
   - 2008/06/09 13:38:46
     Use a $OpenBSD tag so our scripts will sync changes.

- (dtucker) [ defines.h sftp-client.c sftp-server.c sftp.c
   openbsd-compat/ openbsd-compat/openbsd-compat.h
   openbsd-compat/bsd-statvfs.{c,h}] Add a null implementation of
   statvfs and fstatvfs and remove #defines around statvfs code.
   ok djm@
- (dtucker) [ defines.h sftp-client.c M sftp-server.c] Add a
   macro to convert fsid to unsigned long for platforms where fsid is a
   2-member array.

- (dtucker) [mux.c] Include paths.h inside ifdef HAVE_PATHS_H.
- (dtucker) [ defines.h sftp-client.c sftp-server.c sftp.c]
   Do not enable statvfs extensions on platforms that do not have statvfs.
- (dtucker) OpenBSD CVS Sync
   - 2008/05/19 06:14:02
     [packet.c] unbreak protocol keepalive timeouts bz#1465;
     ok dtucker@
   - 2008/05/19 15:45:07
     [sshtty.c ttymodes.c sshpty.h]
     Fix sending tty modes when stdin is not a tty (bz#1199). Previously
     we would send the modes corresponding to a zeroed struct termios,
     whereas we should have been sending an empty list of modes.
     Based on patch from daniel.ritz AT; ok dtucker@ markus@
   - 2008/05/19 15:46:31
     support -l (print fingerprint) in combination with -F (find host) to
     search for a host in ~/.ssh/known_hosts and display its fingerprint;
     ok markus@
   - 2008/05/19 20:53:52
     unbreak tree by committing this bit that I missed from:
     Fix sending tty modes when stdin is not a tty (bz#1199). Previously
     we would send the modes corresponding to a zeroed struct termios,
     whereas we should have been sending an empty list of modes.
     Based on patch from daniel.ritz AT; ok dtucker@ markus@

Darren Tucker

I would like to thank Darren for adding so many new features (with help from others) to OpenSSH besides killing so many bugs! The developers' summary reports provide insights and perspectives that you just can't get from reading the cvs source changes. We appreciate all that you do for OpenSSH and OpenBSD! You are officially my "Shut-up-and-hack!" hero. :-)

(c2k8 hackathon summary to be continued)

(Comments are closed)

  1. By Shane J Pearson ( on

    I have Darren to thank for teaching me the innards of protocols and introducing me to sed and awk and more creative and interesting ways to attack problems. For me this followed on to a love for UNIX-like systems.

    I'm glad I asked for the long-answer's!

    So thank you Darren for that and putting you're impressive skills towards my favourite OS!

    Mate you are a bloody legend. ; -)

  2. By Anonymous Coward ( on

    Is it just me, or are others here curious about what WM the developers generally use? Not that it matters much, though, but still ... ;-)

    1. By Anonymous Coward ( on

      > Is it just me, or are others here curious about what WM the developers generally use? Not that it matters much, though, but still ... ;-)

      I'll defend Darren. His OpenBSD laptop died so he ended up using his work laptop. Trust me I ragged enough on him that whole week :-)

  3. By Ed Ahlsen-Girard ( girarde chez on

    And the other company whose name begins with G is?

    1. By diw ( on

      > And the other company whose name begins with G is?

      1. By tedu ( on

        > > And the other company whose name begins with G is?

        Godaddy doesn't employ any openbsd developers that I'm aware of.

    2. By Anonymous Coward ( on

      > And the other company whose name begins with G is?

      G-Unit, of course.

    3. By Miod Vallat (miod) on

      > And the other company whose name begins with G is?

      Grumpy Software, Inc.

  4. By Darren Tucker (dtucker) on

    I don't consider myself a hardcore anything, and most of the work mentioned in the article was done by other people and not me. The amount of information in the article is due to them.

    Some answers to the various questions:

    * yes this was the first hackathon I attended although I've been with the project about 5 years.

    * as "Anonymous Coward" mentioned the macbook isn't mine personally, and it's running OS X with OpenBSD i386 and amd64 VMs. It also had a handful of other VMs that are OpenSSH Portable target platforms (as is OS X itself) but didn't really use them.

    * as AC also mentioned, he did in fact give me grief about it. (glad to see you made it back to Texas safely, AC :-)

    * before its display died, my Thinkpad R40 ran twm in the default configuration except for a brief experiment with wm2. My usual window load (a bunch of xterms and a browser) doesn't tend to tax WMs much.

    * Site Reliability encompasses more than system administration although that's certainly part of it (for some interesting values of "system"). I can spend some of my time on OpenSSH although to date this has been hit and miss, and I should make it a more regular thing.

    * the other "G" company is represented at the table. Hi, guys :-)

    * WRT being Australian and working on OpenSSH: there seems to be some unwritten rule that Australian developers have to work mainly on ssh or device drivers, and I suck at kernel development.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]