Displaying 20 results from an estimated 10000 matches similar to: "[Bug 270] New: PrivSep breaks sshd on AIX for non-root users"
2002 Jun 25
1
PrivSep and AIX 4.3.2
With 3.3p1 built on AIX 4.3.2:
$ ssh [blah]
Couldn't set usrinfo: Not owner
debug1: Calling cleanup 0x20019080(0x200219a0)
debug3: mm_request_send entering: type 27
debug1: Calling cleanup 0x20018dd4(0x0)
Connection to songohan closed by remote host.
Connection to songohan closed.
Output from sshd -d -d -d:
...
debug3: tty_parse_modes: 92 0
debug3: tty_parse_modes: 93 0
2002 Jun 09
3
[Bug 270] PrivSep breaks sshd on AIX for non-root users
http://bugzilla.mindrot.org/show_bug.cgi?id=270
------- Additional Comments From dtucker at zip.com.au 2002-06-09 19:59 -------
Created an attachment (id=111)
sshd output on AIX w/PrivSep
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2004 Jan 22
1
AIX and openssh 3.7.1p2 with privsep
I am attempting to run openssh 3.7.1p2 with privsep on AIX 5.2 ML2 (with
the december 2003 critical patches also).
This was compiled on the host machine with the IBM Visual Age C compiler (C
for AIX Compiler, Version 5).
I did not have any trouble compiling.
My configure was ./configure --with-tcp-wrappers, and I have the freeware
tcp wrappers (freeware.tcp_wrappers.rte 7.6.1.5),
and a compiled
2004 Jun 29
0
Debian bug #236814: sshd+PAM: MOTD isn't printed when privsep=no
Hi.
If sshd is configured to use PAM and UsePrivilegeSeparation=no or you
are logging is as root, any messages returned by PAM session modules are
not displayed to the user. (Even when the config file has privsep=yes,
logging in as root disables privsep anyway since there's no point, so it
behaves the same way as privsep=no).
I think I've figured out why: when privsep=no,
2002 Mar 21
0
[Bug 178] New: Content of /etc/nologin isn't shown to users, fix triggers probably AIX bug
http://bugzilla.mindrot.org/show_bug.cgi?id=178
Summary: Content of /etc/nologin isn't shown to users, fix
triggers probably AIX bug
Product: Portable OpenSSH
Version: 3.1p1
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo:
2002 Aug 12
1
PermitRootLogin=forced-commands-only does not work with UsePrivilegeSeparation=yes
Using openssh-3.4p1 on Linux I noticed that PermitRootLogin=forced-commands-only
does not work if UsePrivilegeSeparation is enabled; but it does work if privsep
is disabled.
Here are excerpts of debug from the server.
-----------UsePrivilegeSeparation DISABLED-------
...
Found matching DSA key: 56:9d:72:b0:4f:67:2e:ed:06:e7:41:03:e2:86:52:0d^M
debug1: restore_uid^M
debug1: ssh_dss_verify:
2002 Jul 03
1
[PATCH]: Change Cygwin contrib files to better support PrivSep
Hi,
the following patch patches the files in contrib/cygwin. The changes
are necessary to allow a better support of privilege separation.
On NT machines the script asks now if it should create a user called
"sshd" and all that. Additionally it creates the /etc/ssh_config
and /etc/sshd_config files follows the latest versions.
Would you mind to apply this to the official OpenSSH
2002 Jul 15
10
Patch: Solaris packages don't create privsep user or group
Hi.
Solaris packages created by buildpkg.sh don't create privsep user or
group and sshd won't start until they are created (or privsep is
disabled):
## Executing postinstall script.
starting /usr/local/sbin/sshd... Privilege separation user sshd does not
exist
/etc/init.d/opensshd: Error 255 starting /usr/local/sbin/sshd...
bailing.
The attached patch (against -cvs) ports the relevant
2002 Aug 28
0
patch almost works on 5.1A openssh 3.4p1 - get in, but get kicked out (fwd)
Hi-
I applied the privsep patch to Tru64 5.1A openssh 3.4p1 and it
*almost* works.
I get in from the client side and xauth is run, but in the meantime
the server side disconnects. Running sshd in debug mode level 3 gives
the following output:
.
.
.
debug1: session_input_channel_req: session 0 req shell
debug1: fd 5 setting TCP_NODELAY
debug1: channel 0: rfd 13
2002 Jun 29
0
[Bug 325] New: PermitRootLogin forced-commands-only & privsep - not working together
http://bugzilla.mindrot.org/show_bug.cgi?id=325
Summary: PermitRootLogin forced-commands-only & privsep - not
working together
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo:
2002 Jun 22
2
AIX Package build update.
Hello All,
I've updated the AIX package builder (contrib/aix/buildbff.sh). The
changes are below. Please review and commit if OK.
First, a question: Does anyone want SRC (System Resource Controller)
support in the packages? I don't use it but I've been sent an example of
how do do it without modifying sshd itself.
Onto the changes:
* Supports PrivSep. Postinstall will create
2002 Jun 24
4
README.privsep
Hi,
This is included in the release now; any feedback?
Privilege separation, or privsep, is method in OpenSSH by which
operations that require root privilege are performed by a separate
privileged monitor process. Its purpose is to prevent privilege
escalation by containing corruption to an unprivileged process.
More information is available at:
2002 Aug 28
5
Tru64 privsep patch testing
OK, I got a chance to try out the Tru64 patch for privsep. I applied the patch
to 3.4p1. Partial success, in that it now works for me for logins to "root".
Logins to ordinary accounts fail after authentication, when trying to set tty
characteristics. See the excerpt from the debug messages below. This is for
Tru64 V4.0F (with enhanced_security turned on, obviously.) I guess it's time
2002 Jul 18
1
openssh 3.4 solaris pkg & privsep error
Hello,
this is MAx Gregis from Italy.
I send you this e.mail about privsep error with OSSH 3.4 on Solaris 2.6
an Solaris 7.
Usually i find the error of compression disabled if i use SSHD qith
inetd daemon.
But if i put this entry:
sshd:23:respawn:/usr/local/sbin/sshd -D > /dev/null 2>&1
in /etc/inittab ( and after a good "init q" for reading new inittab)
In this mode
2002 May 16
5
OpenSSH 3.2.2 released
OpenSSH 3.2.2 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
We would like to thank the OpenSSH community for their continued
support and encouragement.
Security Changes:
=================
- fixed buffer overflow
2017 Aug 06
3
deprecation of UsePrivilegeSeparation breaks container use cases
Hello,
there are emerging container services that restrict regular users to
launch containers under some random uid for security reasons. If such
user needs sshd in their container, they need to turn off
`UsePrivilegeSeparation` so that sshd is executed as the current uid
and not `root`.
I understand that privilege separation [1] is more than changing the
process uid. On the other hand, it is
2002 Jul 15
0
[Bug 354] New: sshd with privsep doesn't do pam session setup properly
http://bugzilla.mindrot.org/show_bug.cgi?id=354
Summary: sshd with privsep doesn't do pam session setup properly
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2011 Jun 02
2
preauth privsep logging via monitor
Hi,
This diff (for portable) makes the chrooted preauth privsep process
log via the monitor using a shared socketpair. It removes the need
for /dev/log inside /var/empty and makes mandatory sandboxing of the
privsep child easier down the road (no more socket() syscall required).
Please test.
-d
Index: log.c
===================================================================
RCS file:
2002 Jun 25
0
[Bug 289] New: mmap error when trying to use 3.3p1 with privsep
http://bugzilla.mindrot.org/show_bug.cgi?id=289
Summary: mmap error when trying to use 3.3p1 with privsep
Product: Portable OpenSSH
Version: 3.1p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2003 Oct 07
1
[Bug 731] sshd terminates a session after a successful login
http://bugzilla.mindrot.org/show_bug.cgi?id=731
Summary: sshd terminates a session after a successful login
Product: Portable OpenSSH
Version: -current
Platform: Other
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org