[prev in list] [next in list] [prev in thread] [next in thread]
List: secure-shell
Subject: Re: SUMMARY: OpenSsh 3.4 and privelege separation question
From: kk downing <kk_downings () yahoo ! com>
Date: 2002-06-27 22:09:39
[Download RAW message or body]
I dont believe you need to upgrade to 3.4 as long as
ChallengeResponseAuthentication no is set in
sshd_config. I read this at the openssh site.
--- "Christopher L. Barnard" <cbar44@tsg.cbot.com>
wrote:
> I asked:
>
> > As a result of yesterday's CERT announcement, I
> have downloaded,
> > compiled, and installed OpenSsh version 3.4p1 on
> my Ultra 10 (running
> > Solaris 8) testbed. However, to get it running I
> had to add two things
> > which make a lot of sense, but I have not seen any
> documentation on what
> > permissions are needed.
> >
> > Initally, the new sshd did not start up because I
> hadn't created the
> > sshd Privelege Separation user. So I did.
> However, I have not been
> > able to find any indication of how that account is
> to be configured. I
> > created it with * for a password and /bin/false
> for a shell, but is
> > there anything else that needs to be done?
> >
> > Next, the new sshd did not start up because I had
> not created the
> > /var/empty chroot jail directory. So I did.
> However, I was again
> > unable to find any documentation on the ownership,
> permissions, etc on
> > this directory. I just created it owned by root,
> mode 0755. OpenSsh
> > 3.4p1 now appears to work.
> >
> > So my question is: what permissions are needed
> for the sshd account,
> > and what ownership, permissions, etc are needed
> for the /var/empty
> > directory?
>
> The answer:
>
> Although there is no reference to it in the README
> file, there is a new
> README file with version 3.4. README.privsep has
> the info I needed. Now
> if only that file was referenced in the INSTALL or
> main README file. oh
> well.
>
> Thanks To:
>
>
> Davorin Bengez <dbengez@interactive1.hr>
>
> <john65@pobox.com>
> Vincent <vb@tiguidoo.com>
> Peter Evans <peter@ixp.jp>
> Michael Hocke <mh103@nyu.edu>
> Tim Evans <tkevans@tkevans.com>
> Ramji Venkateswaran <rv@uiop.org>
> David Foster <foster@dim.ucsd.edu>
> "Pardy, Brian" <BPardy@CuraGen.com>
> "Thomas W. Holt Jr." <twh@cohesive.net>
> Ben Lindstrom <mouring@etoh.eviladmin.org>
> "Olson, John C" <John.Olson@nationalcity.com>
>
>
+-----------------------------------------------------------------------+
> | Christopher L. Barnard O When I was a
> boy I was told that |
> | cbarnard@tsg.cbot.com / \ anybody could
> become president. |
> | (312) 347-4901 O---O Now I'm
> beginning to believe it. |
> | http://www.cs.uchicago.edu/~cbarnard
> --Clarence Darrow |
> +----------PGP public key available via finger or
> PGP keyserver---------+
> _______________________________________________
> sunmanagers mailing list
> sunmanagers@sunmanagers.org
>
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic