I updated my Solaris 8 machines from openssh-2.3.0p1 to 2.5.1p1 yesterday and it fixed the cron/audit issue but now root logins are no longer permitted. I updated it to 2.5.1p2 this morning and that is still the case: golfer:/[207]# ssh -v tsunami OpenSSH_2.5.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f debug: Reading configuration data /var/ssh/ssh_config debug: Applying options for * debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to tsunami [128.46.154.96] port 22. debug: Allocated local port 662. debug: Connection established. debug: identity file //.ssh/known_hosts type 3 debug: Remote protocol version 1.5, remote software version OpenSSH_2.5.1p2 debug: match: OpenSSH_2.5.1p2 pat ^OpenSSH debug: Local version string SSH-1.5-OpenSSH_2.5.1p2 debug: Waiting for server public key. debug: Received server public key (640 bits) and host key (768 bits). debug: Host 'tsunami' is known and matches the RSA1 host key. debug: Found key in /var/ssh/ssh_known_hosts:651 debug: Seeding random number generator debug: Encryption type: blowfish debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Trying rhosts authentication. debug: Trying rhosts or /etc/hosts.equiv with RSA host authentication. debug: Server refused our rhosts authentication or host key. debug: Doing password authentication. root at tsunami's password: Connection closed by 128.46.154.96 debug: Calling cleanup 0x100042e18(0x0) golfer:/[208]# ...and... tsunami:/[441]# grep PermitRoot /var/ssh/sshd_config PermitRootLogin yes --mike
James--
Did you set your configure script correctly to use /var/ssh/sshd_config
when you recompiled?
Does anything different occur if you use sshd -f /var/ssh/sshd_config ?
--Dan
P.S. Hmmm, no sshd -o ServerOption support...
----- Original Message -----
From: "James M Moya" <moyman at ecn.purdue.edu>
To: <openssh-unix-dev at mindrot.org>
Sent: Thursday, March 01, 2001 7:37 AM
Subject: 2.5.1p1/p2 PermitRootLogin broke (Solaris)
>
> I updated my Solaris 8 machines from openssh-2.3.0p1 to 2.5.1p1 yesterday
and> it fixed the cron/audit issue but now root logins are no longer permitted.
I> updated it to 2.5.1p2 this morning and that is still the case:
>
> golfer:/[207]# ssh -v tsunami
> OpenSSH_2.5.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
> debug: Reading configuration data /var/ssh/ssh_config
> debug: Applying options for *
> debug: ssh_connect: getuid 0 geteuid 0 anon 0
> debug: Connecting to tsunami [128.46.154.96] port 22.
> debug: Allocated local port 662.
> debug: Connection established.
> debug: identity file //.ssh/known_hosts type 3
> debug: Remote protocol version 1.5, remote software version
OpenSSH_2.5.1p2> debug: match: OpenSSH_2.5.1p2 pat ^OpenSSH
> debug: Local version string SSH-1.5-OpenSSH_2.5.1p2
> debug: Waiting for server public key.
> debug: Received server public key (640 bits) and host key (768 bits).
> debug: Host 'tsunami' is known and matches the RSA1 host key.
> debug: Found key in /var/ssh/ssh_known_hosts:651
> debug: Seeding random number generator
> debug: Encryption type: blowfish
> debug: Sent encrypted session key.
> debug: Installing crc compensation attack detector.
> debug: Received encrypted confirmation.
> debug: Trying rhosts authentication.
> debug: Trying rhosts or /etc/hosts.equiv with RSA host authentication.
> debug: Server refused our rhosts authentication or host key.
> debug: Doing password authentication.
> root at tsunami's password:
> Connection closed by 128.46.154.96
> debug: Calling cleanup 0x100042e18(0x0)
> golfer:/[208]#
>
> ...and...
>
> tsunami:/[441]# grep PermitRoot /var/ssh/sshd_config
> PermitRootLogin yes
>
> --mike
>
Hisashi T Fujinaka
2001-Mar-01 17:02 UTC
Solaris port configure not recognizing --sysconfidir?
I tried to move the configuration directory to /etc/ssh. Unfortunately, there appears to be something compiled into sshd and into the solaris build script. Rather than thrash around and try to hack random files on my end, I thought I'd ask to see if I'm just doing something stupid or if someone could tell me which files I really need to edit. Thanks. -- Hisashi T Fujinaka - htodd at twofifty.com BSEE (6/86) + BSChem (3/95) + BAEnglish (8/95) + $2.50 = mocha latte