Dear OpenSSH Developers, Thanks for all the great work on this important tool. We've built version 3.1p1 on SAPTC platforms under Solaris 2.8 using gcc 2.95.2. Several quick notes and a question: 1) There are several discrepancies between the INSTALL file on the openssh web site ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/INSTALL and the output from "./configure --help", the latter fortunately being the more accurate. 2) There is essentially no information available for the installer about how to use ssh in conjunction with tcp wrappers. A few brief examples of entries for the wrapper control files hosts.allow and hosts.deny would be very helpful, as well as a few remarks about how logging gets done (a few references to this issue in the archives for thie mailing list left me confused). Not having supplied a path with our "--with-tcp-wrappers" configuration option, and the output from configure being unenlightening on this point, I'm not even certain this is really working for us, 3) For maximum portabiliity, you might want to add support for the System V conventions for man page section numbering. Currently, you employ BSD conventions: system "8" under BSD is section "1m" under SysV conventions, with the section numbers of course also being changed in the body of the manual pages themselves. As I'm not a registered member of the list, please respond directly to me as well as to the list -- thanks in advance for any enlightenment! Thanks and Cheerio, Rick Rodgers (rodgers at nlm.nih.gov) -- -------------------------------------------------------------------------------- R. P. C. Rodgers, M.D. * rodgers at nlm.nih.gov * (301)496-9305 (voice, fax) CSB, LHNCBC, U.S. National Library of Medicine, NIH Bldg 38A, Rm. 9S-916, 8600 Rockville Pike, Bethesda MD 20894 USA http://lhc.nlm.nih.gov/staff/rodgers/rodgers.html
Portable CVS Thu Apr 11 20:14:16 PDT 2002 Has anyone been sucessfull at getting host based authentication to work with privsep yes? I get messages like ... debug1: next auth method to try is hostbased 767e 8fd8 3c94 7172 899a a32e ca12 b73a Disconnecting: Bad packet length 1988005848. debug1: Calling cleanup 0x3f074(0x0) ... Is it just not working yet with privse enabled? -- Tim Rice Multitalents (707) 887-1469 tim at multitalents.net
Markus Friedl
2002-Apr-13 09:14 UTC
UsePrivilegeSeparation yes & HostbasedAuthentication yes
hostbased and privsep is broken, because the [priv] process sends debug packets during authentication. if you remove the debug messages from auth-rh* or change them similar to auth-options then this should work. On Fri, Apr 12, 2002 at 10:01:21AM -0700, Tim Rice wrote:> > Portable CVS Thu Apr 11 20:14:16 PDT 2002 > > Has anyone been sucessfull at getting host based authentication to > work with privsep yes? > I get messages like > ... > debug1: next auth method to try is hostbased > 767e 8fd8 3c94 7172 899a a32e ca12 b73a > > Disconnecting: Bad packet length 1988005848. > debug1: Calling cleanup 0x3f074(0x0) > ... > > Is it just not working yet with privse enabled? > > -- > Tim Rice Multitalents (707) 887-1469 > tim at multitalents.net > > > _______________________________________________ > openssh-unix-dev at mindrot.org mailing list > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev