NetBSD Problem Report #57190

From www@netbsd.org  Thu Jan 19 20:36:32 2023
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 3754A1A9239
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 19 Jan 2023 20:36:32 +0000 (UTC)
Message-Id: <20230119203631.1295F1A923B@mollari.NetBSD.org>
Date: Thu, 19 Jan 2023 20:36:31 +0000 (UTC)
From: xfalkenx@sdf.org
Reply-To: xfalkenx@sdf.org
To: gnats-bugs@NetBSD.org
Subject: Tahoe-LAFS looks for moduli file in the wrong place.
X-Send-Pr-Version: www-1.0

>Number:         57190
>Category:       pkg
>Synopsis:       Tahoe-LAFS looks for moduli file in the wrong place.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 19 20:40:01 +0000 2023
>Originator:     Xavier F.
>Release:        9.2
>Organization:
>Environment:
NetBSD tahoec01.local 9.2 NetBSD 9.2 (GENERIC) #0: Wed May 12 13:15:55 UTC 2021  mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64

>Description:
The following error comes up when connecting to the SFTP service from a Tahoe-LAFS client compiled from pkgsrc (filesystems/tahoe-lafs) on a NetBSD release 9.2 installed in an amd64 box.

2022-12-27T04:56:06+0100 [allmydata.frontends.sftpd.SSHFactory#info] disabling non-fixed-group key exchange algorithms because we cannot find moduli file

This is because Tahoe-LAFS client looks for this file in the usual placement which is:

/etc/ssh/moduli

Instead, NetBSD keeps this file in:

/etc/moduli

To get rid off this error one must link or copy the file to the former path.

Note that this error does not keep the SFTP service from being used at all with the NetBSD's stock openssh client but unknown issues could come up when combining non-stock ciphers or algorithms between the client and the service.




>How-To-Repeat:
Install filesystems/tahoe-lafs.

Setup a Tahoe-LAFS client configuration for connecting to a standard grid.

Add the standard [sftpd] directives:

----
[sftpd]
enabled = true
port = tcp:8022:interface=127.0.0.1
host_pubkey_file = private/ssh_host_rsa_key.pub
host_privkey_file = private/ssh_host_rsa_key
accounts.file = private/accounts
----

Create proper host key files and populate the private/accounts with a valid ssh public key (use the current user account for simplicity).

Start the client:

tahoec01$ tahoe run&

Log will be written to stdout.

Open a new xterm and connect to the SFTP client's service:

tahoec01$ sftp -P 8022 127.0.0.1

Just before the negotiation and authentication, the log will show the above mentioned error.

>Fix:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.