similar to: OpenSSH and BSM

To get BSM working on Solaris 8 with OpenSSH, I did this: Download John R. Jackson's OpenSSH 3.5p1 BSM patch here, and save as "patch.tar.gz": http://bugzilla.mindrot.org/show_bug.cgi?id=125 (NOTE TO OpenSSH DEVELOPERS, can you incorporate this patch into the next version of OpenSSH?) Installing the OpenSSH 3.5p1 BSM patch: ?-------------------------------------- Turning on Sun BSM

#include <errno.h> was removed from includes.h in July: ---------------------------- revision 1.113 date: 2006/07/12 12:22:46; author: dtucker; state: Exp; lines: +1 -2 - stevesk at cvs.openbsd.org 2006/07/11 20:07:25 [scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c includes.h

We have started using BSM and have hit the BSM issue where cron is messed up if you SSH into a Solaris 8 box and try to issue a cron job. I noticed the bug here: http://bugzilla.mindrot.org/show_bug.cgi?id=125 Is this patch applied to the OpenSSH 3.5p1 release? I tried installing OpenSSH 3.5p1 and turned off Privileged Separation in the sshd_config file, but I am still getting the cron issues

Hello, I downloaded and compiled the Mar 2, 2005 snapshot and compiled it with bsm auditing for solaris turned on. I've been noticing about a dozen or so of the following messages per day now. Not sure exactly what it is, or if it is a big issue. Mar 3 13:46:10 machine_name sshd[15298]: [ID 800047 auth.crit] fatal: mm_request_send: write If it matters it is running on solaris 8

Hi Damien, I'm working with the Solaris team that is integrating openssh into upcoming Solaris releases. I'm looking for advice from the upstream community. You were suggested for that advice. If there are other mailing lists you'd like me to ask, I'm happy to do so, or if you'd like to forward, please feel free to do so. The --with-audit=bsm (audit-bsm.c) configuration

Can someone help me get BSM working with Solaris 8 and OpenSSH 3.5p1? I saw the patch here for OpenSSH 3.4p1, but do not know how to apply it to OpenSSH 3.4p1 nor do I feel comfortable modifying to work with OpenSSH 3.5p1: openssh-unix-dev at mindrot.org Is this patch needed to fix the BSM crontab issue only, or is it required for BSM auditing in general? Jeff

Does anyone know if openssh has removed the experimental designation for BSM audit support for Solaris systems? If so, which release, please. Thanks.

http://bugzilla.mindrot.org/show_bug.cgi?id=125 alex.bell at bt.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |alex.bell at bt.com ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the

Hey folks, About a year ago it was pointed out to me there was BSM support in CVS that would hopefully make it into a release soon. I had a look over it and it looks like it covers everything (it certainly covers more than the 3 or 4 things we do here at USC). So I'm wondering what the status of that is? Is it planned for a release soon? Are there issues with it? This is a really big feature

http://bugzilla.mindrot.org/show_bug.cgi?id=125 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #647 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2004-12-20 16:24 -------

http://bugzilla.mindrot.org/show_bug.cgi?id=125 ------- Additional Comments From jrj at purdue.edu 2002-07-14 13:31 ------- Created an attachment (id=131) Update of bug #2 patch to 3.4p1 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

I am running Solaris 8 with the Basic Security Module (BSM) loaded and Sun's Enterprise Authentication Mechanism (SEAM) installed. Our servers are using Sun One Directory Services (LDAP) for authorization and Sun's Kerberos 5 implementation for authentication. We have been using OpenSSH 3.4p1 with OpenSSL 0.9.6f and everything has been working fine. We are updating our OpenSSH and OpenSSL

I have tried this patch (against 3.5p1) and would very much like it to be in the OpenSSH 3.6p1 release, if possible: http://bugzilla.mindrot.org/show_bug.cgi?id=14 On that note, I'd like the Sun BSM patch to be included also, if possible. I have it working applied to 3.5p1: http://bugzilla.mindrot.org/show_bug.cgi?id=125 In fact, both patches work together, apparently. If I have any

hello, little problem compiling openssh 4.6p1 on irix using mipspro 7.4.x. c99 -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o

http://bugzilla.mindrot.org/show_bug.cgi?id=125 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #619 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2004-05-31 23:25 -------

http://bugzilla.mindrot.org/show_bug.cgi?id=125 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|major |enhancement ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

https://bugzilla.mindrot.org/show_bug.cgi?id=1420 Summary: BSM support on Mac OS X Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Mac OS X Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: bitbucket at mindrot.org

PrivilegeSeparation seems to be a valuable option, however at its current maturity level it is the cause of several problems. Just to name a few: - Incompatible with BSM auditing on Solaris - Incompatible with PAM password aging (for this reason??? the code to handle password expiration has been disabled without ANY notice) - Causes core dumps on HP-UX I think PrivilegeSeparation should be

Greetings, In order to use solaris's BSM (Basic security module) also called c2 audit, which logs specific kernel calls depending on your audit_control, I would need to use login(1) to log users exec calls and whatnot because Portable OpenSSH does not have <bsm/audit.h> support, now that would mean I would have to enable Uselogin in sshd_config in order for that to work. I am running

First, my config: Solaris 8 PADL pam_ldap v165 and pam_nss v211 OpenSSH 3.7.1.p2 All compiled with gcc 2.95.3 that ships with the Sun companion CD LDAP PAM authentication is working well with OpenSSH, privsep is disabled, challenge-response authentication is enabled. I would like to turn on password aging, which seems to be well supported by pam_ldap. Logins going through /bin/login correctly