similar to: openssh-3.6.1p1/README.privsep: typo

Hi, This is included in the release now; any feedback? Privilege separation, or privsep, is method in OpenSSH by which operations that require root privilege are performed by a separate privileged monitor process. Its purpose is to prevent privilege escalation by containing corruption to an unprivileged process. More information is available at:

Hi, the following patch patches the files in contrib/cygwin. The changes are necessary to allow a better support of privilege separation. On NT machines the script asks now if it should create a user called "sshd" and all that. Additionally it creates the /etc/ssh_config and /etc/sshd_config files follows the latest versions. Would you mind to apply this to the official OpenSSH

Hello! Now that PrivSep stuff works for PAM too, I took the time to update contrib/redhat/openssh.spec to create the sshd user and set up the /var/empty dir when installing the packages. These have been done the Red Hat style, the uid/gif 74 is currently free in RHL. The only minor issues I could think of were: - I'm not sure if /var/empty should be owned by openssh-server package, but

I've been trying to cut down the size of openssh so I can run it on my Nokia 770. One thing which helps a fair amount (and will help even more when I get '-ffunction-sections -fdata-sections --gc-sections' working) is to have the option of compiling out privilege separation... Is it worth me tidying this up and trying to make it apply properly to the OpenBSD version? Does the openbsd

Hi, I'm unable to get Kerberos4 authentication working with openssh-3.4p1. I'm getting a message that privsep is not available on my platform (Irix 6.5.15) and another message stating that compression and privsep are mutually exclusive. But, ssh decided to turn off compression, I think because of servconf.c. I think it would be more usefull to have compression enabled and disable privsep

As I understand it, the idea behind privsep is to prevent malicious data from the client-side of a connection corrupting a server-side process running as root. To achieve that, it is important that post-auth privilege separation happen, ie, that the sshd process change uid to the (authenticated) user. But it is also true that this very same process can perform root-level work without risk of being

Hi, the below patch to contrib/cygwin is a major rework to allow various changes in the installation process on Cygwin machines. The important changes are: - New Makefile, providing a `cygwin-postinstall' target which allows to create a base installation as in the Cygwin distribution, which should be run right after a `make install'. - Additional information given in the README

Hi, could somebody with checkin rights please apply the below patch? It modernizes and improves readability of the Cygwin README file (which hasn't been updated for ages), drops unsupported OSes from the ssh-host-config help text, and drops an unneeded option from ssh-user-config. Thanks in advance, Corinna Index: contrib/cygwin/README

Hello! Please consider including the attached patch in the next release. It allows one to drop privilege separation code while building openssh by using '--disable-privsep' switch of configure script. If one doesn't use privilege separation at all, why don't simply allow him to drop privilege separation support completely? -- Sincerely Your, Dan. -------------- next part

Has anybody got privsep and compression working together on Solaris 2.6 and 2.5.1? I have no problem getting it working under Solaris 8, but on 2.5.1/2.6 it says: # ./sshd -p 6666 This platform does not support both privilege separation and compression Compression disabled -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Kevin Currie | |

Hello, I updated the latest snapshot as RPM's to two of my systems. Basic stuff seems to be working ok. Privilege separation failed though, possibly because I didn't populate /var/empty with PAM entries. Privsep might be a bit raw in any case, at least for the portable. FWIW, I came across error message 'sshd: no user' and had to scratch my head a bit to figure out what it

Subject: HPUX and privsep Anyone solved or see the same connection I do with these two issues on HPUX if Privilege Separation is turned off ? Logname not found (3.7.1p2, 3.8.1p1) Login prematurely quits during session setup (mm_send_fd: sendmsg(3): Bad file number | mm_receive_fd: recvmsg: expected received 1 got 0) (3.8.1p1) Seems the mm_xxxx_() functions arent called when PrivSep is off.

Hi, the following patch fixes just a typo in the Cygwin's README file. Thanks, Corinna Index: contrib/cygwin/README =================================================================== RCS file: /cvs/openssh_cvs/contrib/cygwin/README,v retrieving revision 1.7 diff -u -p -r1.7 README --- contrib/cygwin/README 27 Nov 2001 01:19:44 -0000 1.7 +++ contrib/cygwin/README 18 Dec 2001 19:07:14 -0000

Darren, I went to install zlib/openssl and openssh on one of my Sun Servers(Solaris 2.7) and they would not install. Is there a website where I can get Sun versions of these products? Thanks, Lou -----Original Message----- From: Darren Tucker [mailto:dtucker at zip.com.au] Sent: Saturday, November 22, 2003 9:35 PM To: Pacelli, Louis M, ALABS Cc: OpenSSH Devel List Subject: Re: zlib missing when

Hi, could somebody with checkin rights please apply the below patch? It would be helpful to have this in 5.9p1. I revamped the Cygwin-specific service installer script ssh-host-config. The actual functionality is the same, the revisited version is just more exact when it comes to check for problems which disallow to run certain aspects of the script. So, part of this script and the also

http://bugzilla.mindrot.org/show_bug.cgi?id=355 Summary: No last login message with PrivSep under AIX Product: Portable OpenSSH Version: -current Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

http://bugzilla.mindrot.org/show_bug.cgi?id=1053 Summary: The nonquery messages from PAM account aren't forwarded to user (privsep) Product: Portable OpenSSH Version: 4.1p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: PAM support

http://bugzilla.mindrot.org/show_bug.cgi?id=939 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #2 from dtucker at zip.com.au 2006-10-07 11:37 ------- Change all RESOLVED bug to CLOSED with the exception

Hi. Solaris packages created by buildpkg.sh don't create privsep user or group and sshd won't start until they are created (or privsep is disabled): ## Executing postinstall script. starting /usr/local/sbin/sshd... Privilege separation user sshd does not exist /etc/init.d/opensshd: Error 255 starting /usr/local/sbin/sshd... bailing. The attached patch (against -cvs) ports the relevant

Hi- I applied the privsep patch to Tru64 5.1A openssh 3.4p1 and it *almost* works. I get in from the client side and xauth is run, but in the meantime the server side disconnects. Running sshd in debug mode level 3 gives the following output: . . . debug1: session_input_channel_req: session 0 req shell debug1: fd 5 setting TCP_NODELAY debug1: channel 0: rfd 13