Displaying 20 results from an estimated 9000 matches similar to: "[Bug 325] New: PermitRootLogin forced-commands-only & privsep - not working together"
2002 Jul 12
0
[Bug 325] PermitRootLogin forced-commands-only & privsep - not working together
http://bugzilla.mindrot.org/show_bug.cgi?id=325
------- Additional Comments From hlein at progressive-comp.com 2002-07-13 06:14 -------
Seeing this here too; it appears that when auth2.c:userauth_finish is called,
forced_command has been cleared (or perhaps, never set in that forked sshd) so
the call to auth_root_allowed(method) returns 0. The following patch makes
forced-command logins as
2002 Aug 12
1
PermitRootLogin=forced-commands-only does not work with UsePrivilegeSeparation=yes
Using openssh-3.4p1 on Linux I noticed that PermitRootLogin=forced-commands-only
does not work if UsePrivilegeSeparation is enabled; but it does work if privsep
is disabled.
Here are excerpts of debug from the server.
-----------UsePrivilegeSeparation DISABLED-------
...
Found matching DSA key: 56:9d:72:b0:4f:67:2e:ed:06:e7:41:03:e2:86:52:0d^M
debug1: restore_uid^M
debug1: ssh_dss_verify:
2002 Aug 21
0
[Bug 325] PermitRootLogin forced-commands-only & privsep - not working together
http://bugzilla.mindrot.org/show_bug.cgi?id=325
markus at openbsd.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |DUPLICATE
------- Additional Comments From markus at openbsd.org 2002-08-22
2002 Jul 03
1
[PATCH]: Change Cygwin contrib files to better support PrivSep
Hi,
the following patch patches the files in contrib/cygwin. The changes
are necessary to allow a better support of privilege separation.
On NT machines the script asks now if it should create a user called
"sshd" and all that. Additionally it creates the /etc/ssh_config
and /etc/sshd_config files follows the latest versions.
Would you mind to apply this to the official OpenSSH
2002 Jun 25
0
[Bug 289] New: mmap error when trying to use 3.3p1 with privsep
http://bugzilla.mindrot.org/show_bug.cgi?id=289
Summary: mmap error when trying to use 3.3p1 with privsep
Product: Portable OpenSSH
Version: 3.1p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2002 Jul 15
0
[Bug 354] New: sshd with privsep doesn't do pam session setup properly
http://bugzilla.mindrot.org/show_bug.cgi?id=354
Summary: sshd with privsep doesn't do pam session setup properly
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2002 Oct 08
2
tru64 unix openssh-3.4p1 problems
Hi,
I'm attempting to get openssh-3.4p1 up and running on our DEC/Compaq
Alpa workstations.
They are running Tru64 Unix 5.1A. I compile the package myself.
Openssh-3.1 worked perfectly, with the default sshd_config file.
Openssh-3.4p1 works, if I set UsePrivilegeSeparation to "no" in the
sshd_config file.
NOTE: I have a secondary issue with the ListenAddress default setting
2003 Feb 20
0
OpenSSH_3.5p1 server, PC clients cannot connect
I have setup an OpenSSH_3.5p1 ssh/sftp server on my
SunOS 4.1.4 box. I can ssh to it just fine. The problem
is SFTP from certain clients.
I can SFTP to it using my OpenSSH_3.5p1 sftp client. I
can SFTP to it from MacSFTP from MacSSH.org, version 1.0.5.
However, I have several clients that cannot connect. I have
had them try CuteFTP Pro v2, v3, WS_FTP Pro v7.62, PuTTy
pSFTP. None are able to
2004 Jun 29
0
Debian bug #236814: sshd+PAM: MOTD isn't printed when privsep=no
Hi.
If sshd is configured to use PAM and UsePrivilegeSeparation=no or you
are logging is as root, any messages returned by PAM session modules are
not displayed to the user. (Even when the config file has privsep=yes,
logging in as root disables privsep anyway since there's no point, so it
behaves the same way as privsep=no).
I think I've figured out why: when privsep=no,
2002 Jul 15
10
Patch: Solaris packages don't create privsep user or group
Hi.
Solaris packages created by buildpkg.sh don't create privsep user or
group and sshd won't start until they are created (or privsep is
disabled):
## Executing postinstall script.
starting /usr/local/sbin/sshd... Privilege separation user sshd does not
exist
/etc/init.d/opensshd: Error 255 starting /usr/local/sbin/sshd...
bailing.
The attached patch (against -cvs) ports the relevant
2002 Jun 09
0
[Bug 270] New: PrivSep breaks sshd on AIX for non-root users
http://bugzilla.mindrot.org/show_bug.cgi?id=270
Summary: PrivSep breaks sshd on AIX for non-root users
Product: Portable OpenSSH
Version: -current
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy:
2002 Jun 24
4
README.privsep
Hi,
This is included in the release now; any feedback?
Privilege separation, or privsep, is method in OpenSSH by which
operations that require root privilege are performed by a separate
privileged monitor process. Its purpose is to prevent privilege
escalation by containing corruption to an unprivileged process.
More information is available at:
2006 Aug 09
4
[Bug 1216] Warn via Logwatch when sshd PermitRootLogin is in effect
http://bugzilla.mindrot.org/show_bug.cgi?id=1216
Summary: Warn via Logwatch when sshd PermitRootLogin is in effect
Product: Portable OpenSSH
Version: 4.3p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
2002 Jul 18
1
openssh 3.4 solaris pkg & privsep error
Hello,
this is MAx Gregis from Italy.
I send you this e.mail about privsep error with OSSH 3.4 on Solaris 2.6
an Solaris 7.
Usually i find the error of compression disabled if i use SSHD qith
inetd daemon.
But if i put this entry:
sshd:23:respawn:/usr/local/sbin/sshd -D > /dev/null 2>&1
in /etc/inittab ( and after a good "init q" for reading new inittab)
In this mode
2002 Aug 21
3
[Bug 387] command="" in authorized_keys fails when sshd_config has "PermitRootLogon forced-commands-only"
http://bugzilla.mindrot.org/show_bug.cgi?id=387
------- Additional Comments From markus at openbsd.org 2002-08-22 06:27 -------
hm, the logoutput from the server would be more helpfull.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2003 Apr 19
4
[Bug 544] sshd w/privsep fails on Linux 2.0, mm_receive_fd: expected type 1 got 1074276337
http://bugzilla.mindrot.org/show_bug.cgi?id=544
Summary: sshd w/privsep fails on Linux 2.0, mm_receive_fd:
expected type 1 got 1074276337
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sshd
2002 Jul 25
0
openssh-unix-dev digest, Vol 1 #505 - 15 msgs
subscribe openssh-unix-dev at mindrot.org
> Send openssh-unix-dev mailing list submissions to
> openssh-unix-dev at mindrot.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> or, via email, send a message with subject or body 'help' to
> openssh-unix-dev-request at mindrot.org
>
2011 Jun 02
2
preauth privsep logging via monitor
Hi,
This diff (for portable) makes the chrooted preauth privsep process
log via the monitor using a shared socketpair. It removes the need
for /dev/log inside /var/empty and makes mandatory sandboxing of the
privsep child easier down the road (no more socket() syscall required).
Please test.
-d
Index: log.c
===================================================================
RCS file:
2002 Jun 24
2
Upcoming OpenSSH vulnerability
On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote:
> Date: Mon, 24 Jun 2002 15:00:10 -0600
> From: Theo de Raadt <deraadt at cvs.openbsd.org>
> Subject: Upcoming OpenSSH vulnerability
> To: bugtraq at securityfocus.com
> Cc: announce at openbsd.org
> Cc: dsi at iss.net
> Cc: misc at openbsd.org
>
> There is an upcoming OpenSSH vulnerability that
2002 Jun 24
2
Upcoming OpenSSH vulnerability
On Mon, Jun 24, 2002 at 03:00:10PM -0600, Theo de Raadt wrote:
> Date: Mon, 24 Jun 2002 15:00:10 -0600
> From: Theo de Raadt <deraadt at cvs.openbsd.org>
> Subject: Upcoming OpenSSH vulnerability
> To: bugtraq at securityfocus.com
> Cc: announce at openbsd.org
> Cc: dsi at iss.net
> Cc: misc at openbsd.org
>
> There is an upcoming OpenSSH vulnerability that