Web Hosting Talk






PDA

View Full Version : openssh 3.4

clocker1996
06-26-2002, 04:42 PM
Has anyone ran into this problem? Should i just ignore it?

i configured openssh 3.4 like this:

adduser sshd -d /var/tmp -s /bin/false
./configure --with-md5-passwords --with-privsep-path=/var/tmp --with-privsep-user=sshd --with-tcp-wrappers
make
rm -f /usr/local/etc/ssh*
make install

but when i do make install i get this

Generating public/private rsa1 key pair.
Your identification has been saved in /usr/local/etc/ssh_host_key.
Your public key has been saved in /usr/local/etc/ssh_host_key.pub.
The key fingerprint is:
31:ab:e9:68:f5:20:6d:5b:04:57:83:91:96:d2:e7:9b root@mydomain.org
Generating public/private dsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_dsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub.
The key fingerprint is:
d3:a8:e6:4a:c8:9f:59:33:d0:96:ee:ed:54:0a:18:ae root@mydomain.org
Generating public/private rsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_rsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub.
The key fingerprint is:
5c:37:f5:f7:b9:fb:2b:f7:e1:89:ac:9a:97:1b:9b:d4 root@mydomain.org
id sshd || \
echo "WARNING: Privilege separation user \"sshd\" does not exist"
uid=521(sshd) gid=521(sshd) groups=521(sshd)

Shoudl i just ignore it? or..? am i doin gsomething wrong
DavidU
06-26-2002, 04:43 PM
read the instructions.

gotta make an sshd user and group with a shell of /bin/false or whatever and a home of /var/emtpy

NEEDS TO BE /var/emtpy unless you make other changes.

-davidu
DavidU
06-26-2002, 04:45 PM
also, if you're in linux, don't forget --with-pam. you probably want it...

-davidu
clocker1996
06-26-2002, 04:57 PM
okay well
this is what i just did

rm -rf /var/empty
userdel sshd
groupdel sshd

mkdir /var/empty
chown root:sys /var/empty
chmod 755 /var/empty
groupadd sshd
useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd

./configure --with-md5-passwords --with-tcp-wrappers



first few commands i did to undo anything i shouldnt of been doing
and now i still get

The key fingerprint is:
5c:bf:e5:e4:ef:89:62:59:32:a9:10:b3:5b:63:15:98 root@mydomain.com
id sshd || \
echo "WARNING: Privilege separation user \"sshd\" does not exist"
uid=521(sshd) gid=521(sshd) groups=521(sshd)

the instructions in bold, i got straight from README.privsep
clocker1996
06-26-2002, 05:13 PM
i mean should i just run it anyway?
i've "read the instructions"
and i still get the same crap

anyone else get this?
DavidU
06-26-2002, 05:34 PM
maybe yes....


I'd turn on telnet while you restart ssh just in case.

or just test it on a different port (-p 8022) before you make install.

-davidu
clocker1996
06-26-2002, 05:34 PM
yeah...
i always turn on telnet
then do it
safer
clocker1996
06-26-2002, 05:39 PM
so shoudl i still have UsePrivilegeSeparation yes uncommented in my sshd_config
clocker1996
06-26-2002, 05:42 PM
yep
i used it
and it works i guess