similar to: [Bug 283] New: UsePrivilegeSeparation fails on AIX, Couldn't set usrinfo:

http://bugzilla.mindrot.org/show_bug.cgi?id=283 ------- Additional Comments From janfrode at parallab.uib.no 2002-06-22 09:00 ------- hmm, I lost part of a sentence there.. I meant to say that commenting out: if (usrinfo(SETUINFO, cp, i) == -1) fatal("Couldn't set usrinfo: %s", strerror(errno)); from openbsd-compat/port-aix.c makes sshd function with

Hi, News from the "AIX is different than the rest of the world" department... AIX has something similar to setluid() on SCO, just that it uses text strings (similar to setenv()) and calls it "usrinfo". I've appended the man page below. Under normal conditions, well-behaved applications use ttyname(), logname() and getuid() get the relevant informations, but today

Simon Cooper already mailed in a patch to get the effects of MAP_ANON on IRIX systems, but it was against openssh/3.3p1. I've reapplied his patach to openssh/3.4p1 and include it as an attachment. Here's his explanation: > I noticed that the recent release requires the existence of MAP_ANON to get > an anonymous memory region. In Irix the equivalent functionality can be >

http://bugzilla.mindrot.org/show_bug.cgi?id=230 Summary: UsePrivilegeSeparation turns off Banner. Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: OpenBSD Status: NEW Severity: normal Priority: P3 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

http://bugzilla.mindrot.org/show_bug.cgi?id=259 Summary: UsePrivilegeSeparation crashed sshd under Linux 2.2 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

Using openssh-3.4p1 on Linux I noticed that PermitRootLogin=forced-commands-only does not work if UsePrivilegeSeparation is enabled; but it does work if privsep is disabled. Here are excerpts of debug from the server. -----------UsePrivilegeSeparation DISABLED------- ... Found matching DSA key: 56:9d:72:b0:4f:67:2e:ed:06:e7:41:03:e2:86:52:0d^M debug1: restore_uid^M debug1: ssh_dss_verify:

http://bugzilla.mindrot.org/show_bug.cgi?id=1080 Summary: 4.1p1 to 4.2p1 broke UsePrivilegeSeparation on HPUX Product: Portable OpenSSH Version: 4.2p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=288 Summary: UsePrivilegeSeparation fails on Redhat Linux 6.2, kernel 2.2.19 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P1 Component: sshd AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=2204 Bug ID: 2204 Summary: gssapi-with-mic and UsePrivilegeSeparation sandbox Product: Portable OpenSSH Version: 6.4p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: Kerberos support Assignee:

https://bugzilla.mindrot.org/show_bug.cgi?id=1945 Bug #: 1945 Summary: Only 1 of the 2 krb cache files is removed on closing the ssh connection with UsePrivilegeSeparation=yes Classification: Unclassified Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: HP-UX Status: NEW

http://bugzilla.mindrot.org/show_bug.cgi?id=339 Summary: 3.4p1: UsePrivilegeSeparation breaks key fingerprint logging Product: Portable OpenSSH Version: -current Platform: All URL: http://www.catnook.com/misc/sshd-key-fp-logging.txt OS/Version: Solaris Status: NEW Severity: normal

http://bugzilla.mindrot.org/show_bug.cgi?id=1020 Summary: PrintLastLog doesn't work for UsePrivilegeseparation yes Product: Portable OpenSSH Version: 4.0p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=1021 Summary: PrintLastLog doesn't work for UsePrivilegeseparation yes Product: Portable OpenSSH Version: 4.0p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

I just upgraded to OpenSSH 3.4p1 from 2.5.2p2 to take advantage of privilege separation. After installation, when a user tries to login he gets dropped almost immediately. In the server's /var/log/messages: Jun 26 20:15:04 sclp3 sshd[6433]: Accepted password for jason from 128.165.148.66 port 41871 ssh2 Jun 26 20:15:12 sclp3 jason[110]: sshd[6444]: fatal: xrealloc: out of memory (new_size

Hi, for some days now I am/was fighting with an annoying problem. I have to support an environment where RhostRSAAuthecntication via /etc/ssh/sshd_known_hosts is used for password-less login. This works fine with RH7.3 (and RH8) and openssh versions openssh-3.1p1-3 (and openssh-3.4p1-2). Our customer has now requested an upgrade to RH9. That comes with openssh-3.5p-11 and the password-less

http://bugzilla.mindrot.org/show_bug.cgi?id=259 ------- Additional Comments From Al.Smith at gold.net 2002-06-25 18:09 ------- Linux 2.2 defines MAP_ANON in <bits/mman.h>, however it can seen in /usr/src/linux/mm/mmap.c (lines 200 onwards) that if MAP_ANON is used then the system call will return -EINVAL. The following is a quick hack to get openssh to compile on linux 2.2: diff -ur

With 3.3p1 built on AIX 4.3.2: $ ssh [blah] Couldn't set usrinfo: Not owner debug1: Calling cleanup 0x20019080(0x200219a0) debug3: mm_request_send entering: type 27 debug1: Calling cleanup 0x20018dd4(0x0) Connection to songohan closed by remote host. Connection to songohan closed. Output from sshd -d -d -d: ... debug3: tty_parse_modes: 92 0 debug3: tty_parse_modes: 93 0

Hello All, I've updated the AIX package builder (contrib/aix/buildbff.sh). The changes are below. Please review and commit if OK. First, a question: Does anyone want SRC (System Resource Controller) support in the packages? I don't use it but I've been sent an example of how do do it without modifying sshd itself. Onto the changes: * Supports PrivSep. Postinstall will create

Hello, there are emerging container services that restrict regular users to launch containers under some random uid for security reasons. If such user needs sshd in their container, they need to turn off `UsePrivilegeSeparation` so that sshd is executed as the current uid and not `root`. I understand that privilege separation [1] is more than changing the process uid. On the other hand, it is

I just upgraded to OpenSSH3.2.3p1 as it seemed that UsePrivilegeSeparation yes might help with my problem (connections forwarded are owned by root instead of the user I logged in as on the server), but instead, sshd barfs on receiving a connection. Without UsePrivilegeSeparation the server works fine. # strace -o /tmp/sshd.str sshd -d debug1: sshd version OpenSSH_3.2.3p1 debug1: private host