Results 1 to 9 of 9

Thread: openssh 3.4

  1. #1
    Join Date
    Nov 2001
    Location
    Canada
    Posts
    1,963

    openssh 3.4

    Has anyone ran into this problem? Should i just ignore it?

    i configured openssh 3.4 like this:

    adduser sshd -d /var/tmp -s /bin/false
    ./configure --with-md5-passwords --with-privsep-path=/var/tmp --with-privsep-user=sshd --with-tcp-wrappers
    make
    rm -f /usr/local/etc/ssh*
    make install

    but when i do make install i get this

    Generating public/private rsa1 key pair.
    Your identification has been saved in /usr/local/etc/ssh_host_key.
    Your public key has been saved in /usr/local/etc/ssh_host_key.pub.
    The key fingerprint is:
    31:ab:e9:68:f5:20:6d:5b:04:57:83:91:96:d2:e7:9b root@mydomain.org
    Generating public/private dsa key pair.
    Your identification has been saved in /usr/local/etc/ssh_host_dsa_key.
    Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub.
    The key fingerprint is:
    d3:a8:e6:4a:c8:9f:59:33:d0:96:ee:ed:54:0a:18:ae root@mydomain.org
    Generating public/private rsa key pair.
    Your identification has been saved in /usr/local/etc/ssh_host_rsa_key.
    Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub.
    The key fingerprint is:
    5c:37:f5:f7:b9:fb:2b:f7:e1:89:ac:9a:97:1b:9b:d4 root@mydomain.org
    id sshd || \
    echo "WARNING: Privilege separation user \"sshd\" does not exist"
    uid=521(sshd) gid=521(sshd) groups=521(sshd)

    Shoudl i just ignore it? or..? am i doin gsomething wrong

  2. #2
    Join Date
    Jun 2001
    Location
    San Diego, CA
    Posts
    283
    read the instructions.

    gotta make an sshd user and group with a shell of /bin/false or whatever and a home of /var/emtpy

    NEEDS TO BE /var/emtpy unless you make other changes.

    -davidu
    EveryDNS.NET :: FreeDNS and more.

  3. #3
    Join Date
    Jun 2001
    Location
    San Diego, CA
    Posts
    283
    also, if you're in linux, don't forget --with-pam. you probably want it...

    -davidu
    EveryDNS.NET :: FreeDNS and more.

  4. #4
    Join Date
    Nov 2001
    Location
    Canada
    Posts
    1,963
    okay well
    this is what i just did

    rm -rf /var/empty
    userdel sshd
    groupdel sshd

    mkdir /var/empty
    chown rootys /var/empty
    chmod 755 /var/empty
    groupadd sshd
    useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd

    ./configure --with-md5-passwords --with-tcp-wrappers



    first few commands i did to undo anything i shouldnt of been doing
    and now i still get

    The key fingerprint is:
    5c:bf:e5:e4:ef:89:62:59:32:a9:10:b3:5b:63:15:98 root@mydomain.com
    id sshd || \
    echo "WARNING: Privilege separation user \"sshd\" does not exist"
    uid=521(sshd) gid=521(sshd) groups=521(sshd)

    the instructions in bold, i got straight from README.privsep

  5. #5
    Join Date
    Nov 2001
    Location
    Canada
    Posts
    1,963
    i mean should i just run it anyway?
    i've "read the instructions"
    and i still get the same crap

    anyone else get this?

  6. #6
    Join Date
    Jun 2001
    Location
    San Diego, CA
    Posts
    283

    in that case..

    maybe yes....


    I'd turn on telnet while you restart ssh just in case.

    or just test it on a different port (-p 8022) before you make install.

    -davidu
    EveryDNS.NET :: FreeDNS and more.

  7. #7
    Join Date
    Nov 2001
    Location
    Canada
    Posts
    1,963
    yeah...
    i always turn on telnet
    then do it
    safer

  8. #8
    Join Date
    Nov 2001
    Location
    Canada
    Posts
    1,963
    so shoudl i still have UsePrivilegeSeparation yes uncommented in my sshd_config

  9. #9
    Join Date
    Nov 2001
    Location
    Canada
    Posts
    1,963
    yep
    i used it
    and it works i guess

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •