I updated my Solaris 8 machines from openssh-2.3.0p1 to 2.5.1p1 yesterday and it fixed the cron/audit issue but now root logins are no longer permitted. I updated it to 2.5.1p2 this morning and that is still the case: golfer:/[207]# ssh -v tsunami OpenSSH_2.5.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f debug: Reading configuration data /var/ssh/ssh_config debug: Applying options for * debug: ssh_connect: getuid 0 geteuid 0 anon 0 debug: Connecting to tsunami [128.46.154.96] port 22. debug: Allocated local port 662. debug: Connection established. debug: identity file //.ssh/known_hosts type 3 debug: Remote protocol version 1.5, remote software version OpenSSH_2.5.1p2 debug: match: OpenSSH_2.5.1p2 pat ^OpenSSH debug: Local version string SSH-1.5-OpenSSH_2.5.1p2 debug: Waiting for server public key. debug: Received server public key (640 bits) and host key (768 bits). debug: Host 'tsunami' is known and matches the RSA1 host key. debug: Found key in /var/ssh/ssh_known_hosts:651 debug: Seeding random number generator debug: Encryption type: blowfish debug: Sent encrypted session key. debug: Installing crc compensation attack detector. debug: Received encrypted confirmation. debug: Trying rhosts authentication. debug: Trying rhosts or /etc/hosts.equiv with RSA host authentication. debug: Server refused our rhosts authentication or host key. debug: Doing password authentication. root at tsunami's password: Connection closed by 128.46.154.96 debug: Calling cleanup 0x100042e18(0x0) golfer:/[208]# ...and... tsunami:/[441]# grep PermitRoot /var/ssh/sshd_config PermitRootLogin yes --mike
James-- Did you set your configure script correctly to use /var/ssh/sshd_config when you recompiled? Does anything different occur if you use sshd -f /var/ssh/sshd_config ? --Dan P.S. Hmmm, no sshd -o ServerOption support... ----- Original Message ----- From: "James M Moya" <moyman at ecn.purdue.edu> To: <openssh-unix-dev at mindrot.org> Sent: Thursday, March 01, 2001 7:37 AM Subject: 2.5.1p1/p2 PermitRootLogin broke (Solaris)> > I updated my Solaris 8 machines from openssh-2.3.0p1 to 2.5.1p1 yesterdayand> it fixed the cron/audit issue but now root logins are no longer permitted.I> updated it to 2.5.1p2 this morning and that is still the case: > > golfer:/[207]# ssh -v tsunami > OpenSSH_2.5.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090600f > debug: Reading configuration data /var/ssh/ssh_config > debug: Applying options for * > debug: ssh_connect: getuid 0 geteuid 0 anon 0 > debug: Connecting to tsunami [128.46.154.96] port 22. > debug: Allocated local port 662. > debug: Connection established. > debug: identity file //.ssh/known_hosts type 3 > debug: Remote protocol version 1.5, remote software versionOpenSSH_2.5.1p2> debug: match: OpenSSH_2.5.1p2 pat ^OpenSSH > debug: Local version string SSH-1.5-OpenSSH_2.5.1p2 > debug: Waiting for server public key. > debug: Received server public key (640 bits) and host key (768 bits). > debug: Host 'tsunami' is known and matches the RSA1 host key. > debug: Found key in /var/ssh/ssh_known_hosts:651 > debug: Seeding random number generator > debug: Encryption type: blowfish > debug: Sent encrypted session key. > debug: Installing crc compensation attack detector. > debug: Received encrypted confirmation. > debug: Trying rhosts authentication. > debug: Trying rhosts or /etc/hosts.equiv with RSA host authentication. > debug: Server refused our rhosts authentication or host key. > debug: Doing password authentication. > root at tsunami's password: > Connection closed by 128.46.154.96 > debug: Calling cleanup 0x100042e18(0x0) > golfer:/[208]# > > ...and... > > tsunami:/[441]# grep PermitRoot /var/ssh/sshd_config > PermitRootLogin yes > > --mike >
Hisashi T Fujinaka
2001-Mar-01 17:02 UTC
Solaris port configure not recognizing --sysconfidir?
I tried to move the configuration directory to /etc/ssh. Unfortunately, there appears to be something compiled into sshd and into the solaris build script. Rather than thrash around and try to hack random files on my end, I thought I'd ask to see if I'm just doing something stupid or if someone could tell me which files I really need to edit. Thanks. -- Hisashi T Fujinaka - htodd at twofifty.com BSEE (6/86) + BSChem (3/95) + BAEnglish (8/95) + $2.50 = mocha latte