Folks,
I noticed that whenever I scp'ed a file to my test server (running OpenSSH
2.1.0p2, and then tested with p3) it was created owned by root.
/home/me $ ls -al .profile
-rwx------ 1 me group 1056 Jan 18 1999 .profile
/home/me $ scp .profile me at server:test
me at server's password:
.profile 100%
|*********************************************************************************|
508 00:00
/home/me $ ls -al test
-rwx------ 1 root system 1056 Jun 2 15:37 test
This is the same whether I force protocol version 1.5 or 2. The same also
occurs using DSA authentication. Can someone check to see if they can
reproduce this? The following appears in verbose output:
Sending file modes: C0700 508 .profile
The file mode is always correct but the user is always wrong (I don't
allow direct root access to servers).
Any ideas?
--------------------------------------------------------
Doug Manton, AT&T EMEA Firewall and Security Solutions
douglas.manton at uk.ibm.com
--------------------------------------------------------
"If privacy is outlawed, only outlaws will have privacy"
> Sending file modes: C0700 508 .profile > > The file mode is always correct but the user is always wrong (I don't > allow direct root access to servers).Is your UID the same on both -- Pekka Savola "Tell me of difficulties surmounted, Pekka.Savola at netcore.fi not those you stumble over and fall"
> Is your UID the same on bothYes and no. I repeated the test locally: scp .profile me at lcoalhost:test and get the same result. -------------------------------------------------------- Doug Manton, AT&T EMEA Firewall and Security Solutions douglas.manton at uk.ibm.com -------------------------------------------------------- "If privacy is outlawed, only outlaws will have privacy"
Is your scp, ssh, or sshd SUID root? naz
> Is your scp, ssh, or sshd SUID root?Nope. All mode 755. I have noticed that all commands executed via ssh run as root. ssh -l me localhost touch test /home/me $ ls -l test -rw-r--r-- 1 root system 0 Jun 2 17:18 test I have also discovered that the problem goes away when UseLogin is set to "no"! Changing line 834 in session.c to: if (command != NULL || !options.use_login) { solves the problem for me. -------------------------------------------------------- Doug Manton, AT&T EMEA Firewall and Security Solutions douglas.manton at uk.ibm.com -------------------------------------------------------- "If privacy is outlawed, only outlaws will have privacy"
I am attempting to build OpenSSH on AIX in AFS environment. I've succeeded in building Zlib and OpenSSL, but OpenSSH insists that it needs krb.h, kafs.h, and perhaps libkrb. I have not found any of these on this AIX machine (nor on others I've checked). The INSTALL document seems to insist that the --with-kerberos4 option is required for AFS (as is --with-AFS, of course). If someone can explain exactly what is necessary, and where to find it or how to obtain it, I would be most grateful. Thanks! Bob Wakehouse Robert.A.Wakehouse at intel.com 503-696-6325 Beaverton, OR
On Fri, Jun 02, 2000 at 06:00:32PM +0100, douglas.manton at uk.ibm.com wrote:> I have also discovered that the problem goes away when UseLogin is set to > "no"! Changing line 834 in session.c to:thanks! UseLogin is not tested and very broken, please use this patch. otherwise users can login with uid==0 if they use: $ ssh host /bin/sh -markus Index: session.c ==================================================================RCS file: /cvs/src/usr.bin/ssh/session.c,v retrieving revision 1.16 retrieving revision 1.17 diff -u -r1.16 -r1.17 --- session.c 2000/05/31 06:36:40 1.16 +++ session.c 2000/06/05 19:53:40 1.17 @@ -746,6 +746,10 @@ extern char **environ; struct stat st; char *argv[10]; + + /* login(1) is only called if we execute the login shell */ + if (options.use_login && command != NULL) + options.use_login = 0; f = fopen("/etc/nologin", "r"); if (f) {