search for: useprivilegeseparation

http://bugzilla.mindrot.org/show_bug.cgi?id=230 Summary: UsePrivilegeSeparation turns off Banner. Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: OpenBSD Status: NEW Severity: normal Priority: P3 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org Rep...

http://bugzilla.mindrot.org/show_bug.cgi?id=259 Summary: UsePrivilegeSeparation crashed sshd under Linux 2.2 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org...

Using openssh-3.4p1 on Linux I noticed that PermitRootLogin=forced-commands-only does not work if UsePrivilegeSeparation is enabled; but it does work if privsep is disabled. Here are excerpts of debug from the server. -----------UsePrivilegeSeparation DISABLED------- ... Found matching DSA key: 56:9d:72:b0:4f:67:2e:ed:06:e7:41:03:e2:86:52:0d^M debug1: restore_uid^M debug1: ssh_dss_verify: signature correct^M (*) deb...

http://bugzilla.mindrot.org/show_bug.cgi?id=283 Summary: UsePrivilegeSeparation fails on AIX, Couldn't set usrinfo: Product: Portable OpenSSH Version: -current Platform: PPC OS/Version: AIX Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh...

http://bugzilla.mindrot.org/show_bug.cgi?id=288 Summary: UsePrivilegeSeparation fails on Redhat Linux 6.2, kernel 2.2.19 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P1 Component: sshd AssignedTo: ope...

https://bugzilla.mindrot.org/show_bug.cgi?id=2204 Bug ID: 2204 Summary: gssapi-with-mic and UsePrivilegeSeparation sandbox Product: Portable OpenSSH Version: 6.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: Kerberos support Assignee: unassigned-bugs at mindrot.org Repor...

http://bugzilla.mindrot.org/show_bug.cgi?id=1080 Summary: 4.1p1 to 4.2p1 broke UsePrivilegeSeparation on HPUX Product: Portable OpenSSH Version: 4.2p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: jaearick at...

...ssh2 Jun 26 20:15:12 sclp3 jason[110]: sshd[6444]: fatal: xrealloc: out of memory (new_size 5566464 bytes) The server is running BSD/OS 4.0, whose mmap(2) seems to indicate that it supports anonymous (MAP_ANON) memory mapping. I've created /var/empty and a sshd user and group. Setting "UsePrivilegeSeparation no" in sshd_config clears up this problem, but I'd rather not have to disable this. Any ideas? Thanks. -- (http://tmda.sourceforge.net/)

https://bugzilla.mindrot.org/show_bug.cgi?id=1945 Bug #: 1945 Summary: Only 1 of the 2 krb cache files is removed on closing the ssh connection with UsePrivilegeSeparation=yes Classification: Unclassified Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: PAM support AssignedTo: unassigned-bugs at mind...

I just upgraded to OpenSSH3.2.3p1 as it seemed that UsePrivilegeSeparation yes might help with my problem (connections forwarded are owned by root instead of the user I logged in as on the server), but instead, sshd barfs on receiving a connection. Without UsePrivilegeSeparation the server works fine. # strace -o /tmp/sshd.str sshd -d debug1: sshd version OpenSSH_3.2.3p...

Hello, there are emerging container services that restrict regular users to launch containers under some random uid for security reasons. If such user needs sshd in their container, they need to turn off `UsePrivilegeSeparation` so that sshd is executed as the current uid and not `root`. I understand that privilege separation [1] is more than changing the process uid. On the other hand, it is unreasonable to expect administrators to let regular users execute privileged code of any sort. If they do so, this would compromi...

http://bugzilla.mindrot.org/show_bug.cgi?id=1020 Summary: PrintLastLog doesn't work for UsePrivilegeseparation yes Product: Portable OpenSSH Version: 4.0p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: senthilkumar_s...

http://bugzilla.mindrot.org/show_bug.cgi?id=1021 Summary: PrintLastLog doesn't work for UsePrivilegeseparation yes Product: Portable OpenSSH Version: 4.0p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: senthilkumar_s...

http://bugzilla.mindrot.org/show_bug.cgi?id=339 Summary: 3.4p1: UsePrivilegeSeparation breaks key fingerprint logging Product: Portable OpenSSH Version: -current Platform: All URL: http://www.catnook.com/misc/sshd-key-fp-logging.txt OS/Version: Solaris Status: NEW Severity: normal...

...rallab.uib.no 2002-06-22 09:00 ------- hmm, I lost part of a sentence there.. I meant to say that commenting out: if (usrinfo(SETUINFO, cp, i) == -1) fatal("Couldn't set usrinfo: %s", strerror(errno)); from openbsd-compat/port-aix.c makes sshd function with UsePrivilegeSeparation enabled. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

...-practically- sure this ML is not the good place to, but I don't find better for now. I jumped from an OS to an other since few days. On the new one, openssh comes in a much newer version (good thing): 7.6p1 sshd lets me know that there are two depreciated options: - KeyRegenerationInterval - UsePrivilegeSeparation I search for a place where I can find information about deprecated options and how to manage it. The goal is to know if I need to replace or just erase these options. I want to stay close to the art's state and have a good understanding of changes. I have setted sshd with a guideline now outd...

...entrally and is good. First I suspected reverse lookup and added the IP-Adress of the client to ssh_known_hosts. And password-less started to work again. But all other tests I did showed that reverse lookup was working for all other purposes. So I played a bit more and found that setting "UsePrivilegeSeparation no" in sshd_config "solved" my problem. Unfortunatelly that option is not documented very well. Any ideas why it should make RhostsRSAA fail? While I am kind of happy now, I like to understand what goes on :-) The problem also happens when I am running a plain 2.4.30 kernel and ope...

...> becomes, > > fd_zero = open ("/dev/zero", O_RDRW); /* Check missing */ > address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_SHARED, fd_zero, 0); > close (fd_zero) > > With this in mind the following diffs will permit openssh-3.3p1 with > compression and UsePrivilegeSeparation to work on all Irix 6.5 sub versions > and likely anything since Irix 5.3 (ie 10 years ago!). David -- David KAELBLING <drk at sgi.com> Silicon Graphics Computer Systems 1 Cabot Rd, suite 250; Hudson, MA 01749 781.839.2157, fax ...2357 -------------- next part -------------- --...

Am I the only person to be seeing this log message from sshd: fatal: cipher_init: EVP_CipherInit: set key failed for aes128-cbc [preauth] ? (security/openssh-portable, with HPN patches and MIT Kerberos, although Kerberos is not actually configured on this server.) A work-around is to disable aes128-cbc in sshd_config, but it would be nice not to have my logs spammed with this. Currently

Why can't non-uid 0 users have more than 1024 file descriptors when logging in via ssh? I'm trying to allow a user to have a hard limit of 8192 file descriptors(system defaults to 1024) via the following setting in /etc/security/limits.conf: jdoe hard nofile 8192 But when jdoe logs in via ssh and does 'ulimit -Hn' he gets '1024' as a response. If he tries to