Ben Lindstrom
2003-Jan-03 18:44 UTC
OpenSSH, Solaris 8, and BSM works with BSM patch, but must disable privilege separation
Is there any reason why Cygwin code is being changed? I don't agree with random changes without having someone from that camp agree that those are correct changes. Also, Privsep should never be turned off unless the user sets it off. Hard error. - Ben On Fri, 3 Jan 2003, Jeff Koenig wrote:> To get BSM working on Solaris 8 with OpenSSH, I did this: > > Download John R. Jackson's OpenSSH 3.5p1 BSM patch here, and save as "patch.tar.gz": > http://bugzilla.mindrot.org/show_bug.cgi?id=125 > (NOTE TO OpenSSH DEVELOPERS, can you incorporate this patch into the next version of OpenSSH?) > > Installing the OpenSSH 3.5p1 BSM patch: > ?-------------------------------------- > Turning on Sun BSM auditing requires you to: > Apply the OpenSSH 3.5p1 BSM patch > Disable privilege separation in OpenSSH /usr/local/etc/sshd_config file > > You need these applications installed prior to the patch install (you can get the packages from sunfreeware.com): > autoconf 2.53 (SMCautoc) > m4 1.4 (SMCm4) > patch 2.5.4 (SMCpatch) > Perl 5.00503 or higher (SMCperl) > > cp openssh-3.5p1.tar.gz /tmp > cp patch.tar.gz /tmp > cd /tmp > gunzip patch.tar.gz > tar xvf patch.tar > gunzip openssh-3.5p1.tar.gz > tar xvf openssh-3.5p1.tar > cd openssh-3.5p1 > /usr/local/bin/patch -p0 < ../openssh-vs-bsm/patch-bs-3.5p1 > rm -f configure > autoheader > autoconf > ./configure --with-pam > make > make install > > # Set privilege separation to "no" in /usr/local/etc/sshd_config > # Example: > UsePrivilegeSeparation no > > # restart sshd > > NOTE: > The following output is "normal" during the patching process: > patching file INSTALL > patching file Makefile.in > patching file auth1.c > patching file auth2-kbdint.c > patching file auth2-passwd.c > patching file auth2-pubkey.c > patching file auth2.c > patching file bsmaudit.c > patching file bsmaudit.h > patching file configure.ac > patching file contrib/solaris/buildpkg.sh > patching file contrib/solaris/postinstall > patching file includes.h > patching file servconf.c > patching file session.c > patching file sshd.c > patching file sshlogin.c > WARNING: Using auxiliary files such as `acconfig.h', `config.h.bot' > WARNING: and `config.h.top', to define templates for `config.h.in' > WARNING: is deprecated and discouraged. > > WARNING: Using the third argument of `AC_DEFINE' and > WARNING: `AC_DEFINE_UNQUOTED' allows to define a template without > WARNING: `acconfig.h': > > WARNING: AC_DEFINE([NEED_MAIN], 1, > WARNING: [Define if a function `main' is needed.]) > > WARNING: More sophisticated templates can also be produced, see the > WARNING: documentation. > autoheader: `config.h.in' is updated > > NOTE: > This is "normal" during compile: > bsmaudit.h:30: warning: ignoring pragma: "@(#)bsmaudit.h 1.1 01/09/17 SMI > > > > _______________________________________________ > openssh-unix-dev at mindrot.org mailing list > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev >
Jeff Koenig
2003-Jan-03 23:30 UTC
OpenSSH, Solaris 8, and BSM works with BSM patch, but must disable privilege separation
To get BSM working on Solaris 8 with OpenSSH, I did this: Download John R. Jackson's OpenSSH 3.5p1 BSM patch here, and save as "patch.tar.gz": http://bugzilla.mindrot.org/show_bug.cgi?id=125 (NOTE TO OpenSSH DEVELOPERS, can you incorporate this patch into the next version of OpenSSH?) Installing the OpenSSH 3.5p1 BSM patch: ?-------------------------------------- Turning on Sun BSM auditing requires you to: Apply the OpenSSH 3.5p1 BSM patch Disable privilege separation in OpenSSH /usr/local/etc/sshd_config file You need these applications installed prior to the patch install (you can get the packages from sunfreeware.com): autoconf 2.53 (SMCautoc) m4 1.4 (SMCm4) patch 2.5.4 (SMCpatch) Perl 5.00503 or higher (SMCperl) cp openssh-3.5p1.tar.gz /tmp cp patch.tar.gz /tmp cd /tmp gunzip patch.tar.gz tar xvf patch.tar gunzip openssh-3.5p1.tar.gz tar xvf openssh-3.5p1.tar cd openssh-3.5p1 /usr/local/bin/patch -p0 < ../openssh-vs-bsm/patch-bs-3.5p1 rm -f configure autoheader autoconf ./configure --with-pam make make install # Set privilege separation to "no" in /usr/local/etc/sshd_config # Example: UsePrivilegeSeparation no # restart sshd NOTE: The following output is "normal" during the patching process: patching file INSTALL patching file Makefile.in patching file auth1.c patching file auth2-kbdint.c patching file auth2-passwd.c patching file auth2-pubkey.c patching file auth2.c patching file bsmaudit.c patching file bsmaudit.h patching file configure.ac patching file contrib/solaris/buildpkg.sh patching file contrib/solaris/postinstall patching file includes.h patching file servconf.c patching file session.c patching file sshd.c patching file sshlogin.c WARNING: Using auxiliary files such as `acconfig.h', `config.h.bot' WARNING: and `config.h.top', to define templates for `config.h.in' WARNING: is deprecated and discouraged. WARNING: Using the third argument of `AC_DEFINE' and WARNING: `AC_DEFINE_UNQUOTED' allows to define a template without WARNING: `acconfig.h': WARNING: AC_DEFINE([NEED_MAIN], 1, WARNING: [Define if a function `main' is needed.]) WARNING: More sophisticated templates can also be produced, see the WARNING: documentation. autoheader: `config.h.in' is updated NOTE: This is "normal" during compile: bsmaudit.h:30: warning: ignoring pragma: "@(#)bsmaudit.h 1.1 01/09/17 SMI