openssh unix dev - Oct 2002 - tru64 unix openssh-3.4p1 problems

Hi,

I'm attempting to get openssh-3.4p1 up and running on our DEC/Compaq 
Alpa workstations.

They are running Tru64 Unix 5.1A.  I compile the package myself.

Openssh-3.1 worked perfectly, with the default sshd_config file.

Openssh-3.4p1 works, if I set UsePrivilegeSeparation to "no" in the 
sshd_config file.

NOTE: I have a secondary issue with the ListenAddress default setting 
(0.0.0.0); I must either explicitly set it the server machine IP 
address, or must set the address 0.0.0.0 as allowed for sshd in my 
tcp-wrappers hosts.allow file.  I only mention this in case it is 
relevant - I don't believe it is related to privsep problems.

When I have UsePrivilegeSeparation at the default setting ("yes"), I 
am able to initiate an ssh connection (subject to the NOTE info 
above), but the the connection ultimately fails with the following 
log entries:

  Accepted password for uther from 140.172.241.43 port 2762 ssh2
  cannot set login uid 8970: error Not owner.
  audgen(LOGIN): Permission denied
  fatal: Couldn't establish session for uther from gawain

I have the following in my /etc/passwd file:
  sshd:Nologin:22:22:sshd privsep:/var/empty:/bin/false

and the following in my /etc/group file:
  sshd:*:22:

and the following directory exists:
  drwx------  2  root  system  8192  Oct 2  09:30  empty

I've also tried the following in my /etc/passwd file:
  sshd:*:22:22:sshd privsep:/var/empty:/bin/false


Is this one of the few issues with some operating systems that is 
still being worked on?

Any suggestions?

Many thanks,
Henry Miller

-- 
Dr. Henry LeRoy Miller, Jr.
NOAA Aeronomy Laboratory
DSRC 3A115
325 Broadway - RAL8
Boulder, CO  80305-3328
USA

phone: 303-497-7209
fax:   303-497-5686
email: miller at al.noaa.gov

Henry LeRoy Miller, Jr. writes:
 > Openssh-3.4p1 works, if I set UsePrivilegeSeparation to "no" in
the
 > sshd_config file.

Yes, this is true.  Privilege separation and OSF SIA have not yet been
made to play well together.

 > Is this one of the few issues with some operating systems that is 
 > still being worked on?

Yes.  Some progress has been made since the release of 3.4p1, although I
gather there are still some issues left.

 > Any suggestions?

You might try a current development snapshot.

The current development snapshots set DISABLE_FD_PASSING.  No tru64 work
has gone into the tree since I left it into the hands of the tru64 users
to figure out what is wrong.

What does this mean?  Tru64 with privsep to yes will not  use privilege
seperation after all the authenticiation has occured.

- Ben

On Tue, 8 Oct 2002, Steve VanDevender wrote:
> Henry LeRoy Miller, Jr. writes:
>  > Openssh-3.4p1 works, if I set UsePrivilegeSeparation to
"no" in the
>  > sshd_config file.
>
> Yes, this is true.  Privilege separation and OSF SIA have not yet been
> made to play well together.
>
>  > Is this one of the few issues with some operating systems that is
>  > still being worked on?
>
> Yes.  Some progress has been made since the release of 3.4p1, although I
> gather there are still some issues left.
>
>  > Any suggestions?
>
> You might try a current development snapshot.
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>