search for: useprivilegesepar

Displaying 20 results from an estimated 245 matches for "useprivilegesepar".

2002 Apr 29
0
[Bug 230] New: UsePrivilegeSeparation turns off Banner.
http://bugzilla.mindrot.org/show_bug.cgi?id=230 Summary: UsePrivilegeSeparation turns off Banner. Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: OpenBSD Status: NEW Severity: normal Priority: P3 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org...
2002 May 28
0
[Bug 259] New: UsePrivilegeSeparation crashed sshd under Linux 2.2
http://bugzilla.mindrot.org/show_bug.cgi?id=259 Summary: UsePrivilegeSeparation crashed sshd under Linux 2.2 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.or...
2002 Aug 12
1
PermitRootLogin=forced-commands-only does not work with UsePrivilegeSeparation=yes
Using openssh-3.4p1 on Linux I noticed that PermitRootLogin=forced-commands-only does not work if UsePrivilegeSeparation is enabled; but it does work if privsep is disabled. Here are excerpts of debug from the server. -----------UsePrivilegeSeparation DISABLED------- ... Found matching DSA key: 56:9d:72:b0:4f:67:2e:ed:06:e7:41:03:e2:86:52:0d^M debug1: restore_uid^M debug1: ssh_dss_verify: signature correct^M (*...
2002 Jun 21
0
[Bug 283] New: UsePrivilegeSeparation fails on AIX, Couldn't set usrinfo:
http://bugzilla.mindrot.org/show_bug.cgi?id=283 Summary: UsePrivilegeSeparation fails on AIX, Couldn't set usrinfo: Product: Portable OpenSSH Version: -current Platform: PPC OS/Version: AIX Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: op...
2002 Jun 24
0
[Bug 288] New: UsePrivilegeSeparation fails on Redhat Linux 6.2, kernel 2.2.19
http://bugzilla.mindrot.org/show_bug.cgi?id=288 Summary: UsePrivilegeSeparation fails on Redhat Linux 6.2, kernel 2.2.19 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P1 Component: sshd AssignedTo...
2014 Feb 22
2
[Bug 2204] New: gssapi-with-mic and UsePrivilegeSeparation sandbox
https://bugzilla.mindrot.org/show_bug.cgi?id=2204 Bug ID: 2204 Summary: gssapi-with-mic and UsePrivilegeSeparation sandbox Product: Portable OpenSSH Version: 6.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: Kerberos support Assignee: unassigned-bugs at mindrot.org...
2005 Sep 07
4
[Bug 1080] 4.1p1 to 4.2p1 broke UsePrivilegeSeparation on HPUX
http://bugzilla.mindrot.org/show_bug.cgi?id=1080 Summary: 4.1p1 to 4.2p1 broke UsePrivilegeSeparation on HPUX Product: Portable OpenSSH Version: 4.2p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: jaeari...
2002 Jun 27
3
UsePrivilegeSeparation: "fatal: xrealloc: out of memory"
...ssh2 Jun 26 20:15:12 sclp3 jason[110]: sshd[6444]: fatal: xrealloc: out of memory (new_size 5566464 bytes) The server is running BSD/OS 4.0, whose mmap(2) seems to indicate that it supports anonymous (MAP_ANON) memory mapping. I've created /var/empty and a sshd user and group. Setting "UsePrivilegeSeparation no" in sshd_config clears up this problem, but I'd rather not have to disable this. Any ideas? Thanks. -- (http://tmda.sourceforge.net/)
2011 Oct 20
2
[Bug 1945] New: Only 1 of the 2 krb cache files is removed on closing the ssh connection with UsePrivilegeSeparation=yes
https://bugzilla.mindrot.org/show_bug.cgi?id=1945 Bug #: 1945 Summary: Only 1 of the 2 krb cache files is removed on closing the ssh connection with UsePrivilegeSeparation=yes Classification: Unclassified Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: unassigned-bugs at...
2002 May 28
5
Problems with UsePrivilegeSeparation (was: port fwd as user != root?
I just upgraded to OpenSSH3.2.3p1 as it seemed that UsePrivilegeSeparation yes might help with my problem (connections forwarded are owned by root instead of the user I logged in as on the server), but instead, sshd barfs on receiving a connection. Without UsePrivilegeSeparation the server works fine. # strace -o /tmp/sshd.str sshd -d debug1: sshd version OpenSSH_3...
2017 Aug 06
3
deprecation of UsePrivilegeSeparation breaks container use cases
Hello, there are emerging container services that restrict regular users to launch containers under some random uid for security reasons. If such user needs sshd in their container, they need to turn off `UsePrivilegeSeparation` so that sshd is executed as the current uid and not `root`. I understand that privilege separation [1] is more than changing the process uid. On the other hand, it is unreasonable to expect administrators to let regular users execute privileged code of any sort. If they do so, this would com...
2005 Apr 20
3
[Bug 1020] PrintLastLog doesn't work for UsePrivilegeseparation yes
http://bugzilla.mindrot.org/show_bug.cgi?id=1020 Summary: PrintLastLog doesn't work for UsePrivilegeseparation yes Product: Portable OpenSSH Version: 4.0p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: senthilku...
2005 Apr 20
1
[Bug 1021] PrintLastLog doesn't work for UsePrivilegeseparation yes
http://bugzilla.mindrot.org/show_bug.cgi?id=1021 Summary: PrintLastLog doesn't work for UsePrivilegeseparation yes Product: Portable OpenSSH Version: 4.0p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: senthilku...
2002 Jul 08
0
[Bug 339] New: 3.4p1: UsePrivilegeSeparation breaks key fingerprint logging
http://bugzilla.mindrot.org/show_bug.cgi?id=339 Summary: 3.4p1: UsePrivilegeSeparation breaks key fingerprint logging Product: Portable OpenSSH Version: -current Platform: All URL: http://www.catnook.com/misc/sshd-key-fp-logging.txt OS/Version: Solaris Status: NEW Severity: normal...
2002 Jun 21
5
[Bug 283] UsePrivilegeSeparation fails on AIX, Couldn't set usrinfo:
...rallab.uib.no 2002-06-22 09:00 ------- hmm, I lost part of a sentence there.. I meant to say that commenting out: if (usrinfo(SETUINFO, cp, i) == -1) fatal("Couldn't set usrinfo: %s", strerror(errno)); from openbsd-compat/port-aix.c makes sshd function with UsePrivilegeSeparation enabled. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
2018 Feb 23
2
deprecated options in sshd_config
...-practically- sure this ML is not the good place to, but I don't find better for now. I jumped from an OS to an other since few days. On the new one, openssh comes in a much newer version (good thing): 7.6p1 sshd lets me know that there are two depreciated options: - KeyRegenerationInterval - UsePrivilegeSeparation I search for a place where I can find information about deprecated options and how to manage it. The goal is to know if I need to replace or just erase these options. I want to stay close to the art's state and have a good understanding of changes. I have setted sshd with a guideline now...
2005 May 18
0
Problems with RhostRSAAuthecntication and UsePrivilegeSeparation (RH9, 2.4.20-42.9.legacybigmem)
...entrally and is good. First I suspected reverse lookup and added the IP-Adress of the client to ssh_known_hosts. And password-less started to work again. But all other tests I did showed that reverse lookup was working for all other purposes. So I played a bit more and found that setting "UsePrivilegeSeparation no" in sshd_config "solved" my problem. Unfortunatelly that option is not documented very well. Any ideas why it should make RhostsRSAA fail? While I am kind of happy now, I like to understand what goes on :-) The problem also happens when I am running a plain 2.4.30 kernel an...
2002 Jun 26
0
IRIX 6.5 patch for Compression with UsePrivilegeSeparation
...> becomes, > > fd_zero = open ("/dev/zero", O_RDRW); /* Check missing */ > address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED, fd_zero, 0); > close (fd_zero) > > With this in mind the following diffs will permit openssh-3.3p1 with > compression and UsePrivilegeSeparation to work on all Irix 6.5 sub versions > and likely anything since Irix 5.3 (ie 10 years ago!). David -- David KAELBLING <drk at sgi.com> Silicon Graphics Computer Systems 1 Cabot Rd, suite 250; Hudson, MA 01749 781.839.2157, fax ...2357 -------------- next part ------------...
2013 Jul 30
1
fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth]
Am I the only person to be seeing this log message from sshd: fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth] ? (security/openssh-portable, with HPN patches and MIT Kerberos, although Kerberos is not actually configured on this server.) A work-around is to disable aes128-cbc in sshd_config, but it would be nice not to have my logs spammed with this. Currently
2004 Sep 13
2
CentOS 3.1: sshd and pam /etc/security/limits.conf file descriptor settings problem
Why can't non-uid 0 users have more than 1024 file descriptors when logging in via ssh? I'm trying to allow a user to have a hard limit of 8192 file descriptors(system defaults to 1024) via the following setting in /etc/security/limits.conf: jdoe hard nofile 8192 But when jdoe logs in via ssh and does 'ulimit -Hn' he gets '1024' as a response. If he tries to