Displaying 20 results from an estimated 245 matches for "useprivilegeseparation".
2002 Apr 29
0
[Bug 230] New: UsePrivilegeSeparation turns off Banner.
http://bugzilla.mindrot.org/show_bug.cgi?id=230
Summary: UsePrivilegeSeparation turns off Banner.
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: OpenBSD
Status: NEW
Severity: normal
Priority: P3
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
Rep...
2002 May 28
0
[Bug 259] New: UsePrivilegeSeparation crashed sshd under Linux 2.2
http://bugzilla.mindrot.org/show_bug.cgi?id=259
Summary: UsePrivilegeSeparation crashed sshd under Linux 2.2
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org...
2002 Aug 12
1
PermitRootLogin=forced-commands-only does not work with UsePrivilegeSeparation=yes
Using openssh-3.4p1 on Linux I noticed that PermitRootLogin=forced-commands-only
does not work if UsePrivilegeSeparation is enabled; but it does work if privsep
is disabled.
Here are excerpts of debug from the server.
-----------UsePrivilegeSeparation DISABLED-------
...
Found matching DSA key: 56:9d:72:b0:4f:67:2e:ed:06:e7:41:03:e2:86:52:0d^M
debug1: restore_uid^M
debug1: ssh_dss_verify: signature correct^M
(*) deb...
2002 Jun 21
0
[Bug 283] New: UsePrivilegeSeparation fails on AIX, Couldn't set usrinfo:
http://bugzilla.mindrot.org/show_bug.cgi?id=283
Summary: UsePrivilegeSeparation fails on AIX, Couldn't set
usrinfo:
Product: Portable OpenSSH
Version: -current
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh...
2002 Jun 24
0
[Bug 288] New: UsePrivilegeSeparation fails on Redhat Linux 6.2, kernel 2.2.19
http://bugzilla.mindrot.org/show_bug.cgi?id=288
Summary: UsePrivilegeSeparation fails on Redhat Linux 6.2, kernel
2.2.19
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P1
Component: sshd
AssignedTo: ope...
2014 Feb 22
2
[Bug 2204] New: gssapi-with-mic and UsePrivilegeSeparation sandbox
https://bugzilla.mindrot.org/show_bug.cgi?id=2204
Bug ID: 2204
Summary: gssapi-with-mic and UsePrivilegeSeparation sandbox
Product: Portable OpenSSH
Version: 6.4p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: Kerberos support
Assignee: unassigned-bugs at mindrot.org
Repor...
2005 Sep 07
4
[Bug 1080] 4.1p1 to 4.2p1 broke UsePrivilegeSeparation on HPUX
http://bugzilla.mindrot.org/show_bug.cgi?id=1080
Summary: 4.1p1 to 4.2p1 broke UsePrivilegeSeparation on HPUX
Product: Portable OpenSSH
Version: 4.2p1
Platform: HPPA
OS/Version: HP-UX
Status: NEW
Severity: security
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: jaearick at...
2002 Jun 27
3
UsePrivilegeSeparation: "fatal: xrealloc: out of memory"
...ssh2
Jun 26 20:15:12 sclp3 jason[110]: sshd[6444]: fatal: xrealloc: out of memory (new_size 5566464 bytes)
The server is running BSD/OS 4.0, whose mmap(2) seems to indicate that
it supports anonymous (MAP_ANON) memory mapping. I've created
/var/empty and a sshd user and group.
Setting "UsePrivilegeSeparation no" in sshd_config clears up this
problem, but I'd rather not have to disable this. Any ideas?
Thanks.
--
(http://tmda.sourceforge.net/)
2011 Oct 20
2
[Bug 1945] New: Only 1 of the 2 krb cache files is removed on closing the ssh connection with UsePrivilegeSeparation=yes
https://bugzilla.mindrot.org/show_bug.cgi?id=1945
Bug #: 1945
Summary: Only 1 of the 2 krb cache files is removed on closing
the ssh connection with UsePrivilegeSeparation=yes
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.8p1
Platform: All
OS/Version: HP-UX
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: unassigned-bugs at mind...
2002 May 28
5
Problems with UsePrivilegeSeparation (was: port fwd as user != root?
I just upgraded to OpenSSH3.2.3p1 as it seemed that
UsePrivilegeSeparation yes
might help with my problem (connections forwarded
are owned by root instead of the user I logged in as
on the server), but instead, sshd barfs on receiving
a connection. Without UsePrivilegeSeparation
the server works fine.
# strace -o /tmp/sshd.str sshd -d
debug1: sshd version OpenSSH_3.2.3p...
2017 Aug 06
3
deprecation of UsePrivilegeSeparation breaks container use cases
Hello,
there are emerging container services that restrict regular users to
launch containers under some random uid for security reasons. If such
user needs sshd in their container, they need to turn off
`UsePrivilegeSeparation` so that sshd is executed as the current uid
and not `root`.
I understand that privilege separation [1] is more than changing the
process uid. On the other hand, it is unreasonable to expect
administrators to let regular users execute privileged code of any
sort. If they do so, this would compromi...
2005 Apr 20
3
[Bug 1020] PrintLastLog doesn't work for UsePrivilegeseparation yes
http://bugzilla.mindrot.org/show_bug.cgi?id=1020
Summary: PrintLastLog doesn't work for UsePrivilegeseparation yes
Product: Portable OpenSSH
Version: 4.0p1
Platform: HPPA
OS/Version: HP-UX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: senthilkumar_s...
2005 Apr 20
1
[Bug 1021] PrintLastLog doesn't work for UsePrivilegeseparation yes
http://bugzilla.mindrot.org/show_bug.cgi?id=1021
Summary: PrintLastLog doesn't work for UsePrivilegeseparation yes
Product: Portable OpenSSH
Version: 4.0p1
Platform: HPPA
OS/Version: HP-UX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: senthilkumar_s...
2002 Jul 08
0
[Bug 339] New: 3.4p1: UsePrivilegeSeparation breaks key fingerprint logging
http://bugzilla.mindrot.org/show_bug.cgi?id=339
Summary: 3.4p1: UsePrivilegeSeparation breaks key fingerprint
logging
Product: Portable OpenSSH
Version: -current
Platform: All
URL: http://www.catnook.com/misc/sshd-key-fp-logging.txt
OS/Version: Solaris
Status: NEW
Severity: normal...
2002 Jun 21
5
[Bug 283] UsePrivilegeSeparation fails on AIX, Couldn't set usrinfo:
...rallab.uib.no 2002-06-22 09:00 -------
hmm, I lost part of a sentence there.. I meant to say that commenting out:
if (usrinfo(SETUINFO, cp, i) == -1)
fatal("Couldn't set usrinfo: %s", strerror(errno));
from openbsd-compat/port-aix.c makes sshd function with UsePrivilegeSeparation
enabled.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2018 Feb 23
2
deprecated options in sshd_config
...-practically- sure this ML is not the good place to, but I don't
find better for now.
I jumped from an OS to an other since few days. On the new one,
openssh comes in a much newer version (good thing): 7.6p1
sshd lets me know that there are two depreciated options:
- KeyRegenerationInterval
- UsePrivilegeSeparation
I search for a place where I can find information about deprecated
options and how to manage it.
The goal is to know if I need to replace or just erase these options.
I want to stay close to the art's state and have a good understanding
of changes.
I have setted sshd with a guideline now outd...
2005 May 18
0
Problems with RhostRSAAuthecntication and UsePrivilegeSeparation (RH9, 2.4.20-42.9.legacybigmem)
...entrally and is good.
First I suspected reverse lookup and added the IP-Adress of the client
to ssh_known_hosts. And password-less started to work again. But all
other tests I did showed that reverse lookup was working for all other
purposes.
So I played a bit more and found that setting "UsePrivilegeSeparation
no" in sshd_config "solved" my problem. Unfortunatelly that option is
not documented very well. Any ideas why it should make RhostsRSAA fail?
While I am kind of happy now, I like to understand what goes on :-)
The problem also happens when I am running a plain 2.4.30 kernel and
ope...
2002 Jun 26
0
IRIX 6.5 patch for Compression with UsePrivilegeSeparation
...> becomes,
>
> fd_zero = open ("/dev/zero", O_RDRW); /* Check missing */
> address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED, fd_zero, 0);
> close (fd_zero)
>
> With this in mind the following diffs will permit openssh-3.3p1 with
> compression and UsePrivilegeSeparation to work on all Irix 6.5 sub versions
> and likely anything since Irix 5.3 (ie 10 years ago!).
David
--
David KAELBLING <drk at sgi.com> Silicon Graphics Computer Systems
1 Cabot Rd, suite 250; Hudson, MA 01749 781.839.2157, fax ...2357
-------------- next part --------------
--...
2013 Jul 30
1
fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth]
Am I the only person to be seeing this log message from sshd:
fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth]
?
(security/openssh-portable, with HPN patches and MIT Kerberos,
although Kerberos is not actually configured on this server.) A
work-around is to disable aes128-cbc in sshd_config, but it would be
nice not to have my logs spammed with this. Currently
2004 Sep 13
2
CentOS 3.1: sshd and pam /etc/security/limits.conf file descriptor settings problem
Why can't non-uid 0 users have more than 1024 file descriptors when
logging in via ssh?
I'm trying to allow a user to have a hard limit of 8192 file
descriptors(system defaults to 1024) via the following setting in
/etc/security/limits.conf:
jdoe hard nofile 8192
But when jdoe logs in via ssh and does 'ulimit -Hn' he gets '1024' as a
response. If he tries to