Results 1 to 9 of 9
Thread: openssh 3.4
-
06-26-2002, 04:42 PM #1Disabled
- Join Date
- Nov 2001
- Location
- Canada
- Posts
- 1,963
openssh 3.4
Has anyone ran into this problem? Should i just ignore it?
i configured openssh 3.4 like this:
adduser sshd -d /var/tmp -s /bin/false
./configure --with-md5-passwords --with-privsep-path=/var/tmp --with-privsep-user=sshd --with-tcp-wrappers
make
rm -f /usr/local/etc/ssh*
make install
but when i do make install i get this
Generating public/private rsa1 key pair.
Your identification has been saved in /usr/local/etc/ssh_host_key.
Your public key has been saved in /usr/local/etc/ssh_host_key.pub.
The key fingerprint is:
31:ab:e9:68:f5:20:6d:5b:04:57:83:91:96:d2:e7:9b root@mydomain.org
Generating public/private dsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_dsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_dsa_key.pub.
The key fingerprint is:
d3:a8:e6:4a:c8:9f:59:33:d0:96:ee:ed:54:0a:18:ae root@mydomain.org
Generating public/private rsa key pair.
Your identification has been saved in /usr/local/etc/ssh_host_rsa_key.
Your public key has been saved in /usr/local/etc/ssh_host_rsa_key.pub.
The key fingerprint is:
5c:37:f5:f7:b9:fb:2b:f7:e1:89:ac:9a:97:1b:9b:d4 root@mydomain.org
id sshd || \
echo "WARNING: Privilege separation user \"sshd\" does not exist"
uid=521(sshd) gid=521(sshd) groups=521(sshd)
Shoudl i just ignore it? or..? am i doin gsomething wrong
-
06-26-2002, 04:43 PM #2Web Hosting Guru
- Join Date
- Jun 2001
- Location
- San Diego, CA
- Posts
- 283
read the instructions.
gotta make an sshd user and group with a shell of /bin/false or whatever and a home of /var/emtpy
NEEDS TO BE /var/emtpy unless you make other changes.
-daviduEveryDNS.NET :: FreeDNS and more.
-
06-26-2002, 04:45 PM #3Web Hosting Guru
- Join Date
- Jun 2001
- Location
- San Diego, CA
- Posts
- 283
also, if you're in linux, don't forget --with-pam. you probably want it...
-daviduEveryDNS.NET :: FreeDNS and more.
-
06-26-2002, 04:57 PM #4Disabled
- Join Date
- Nov 2001
- Location
- Canada
- Posts
- 1,963
okay well
this is what i just did
rm -rf /var/empty
userdel sshd
groupdel sshd
mkdir /var/empty
chown rootys /var/empty
chmod 755 /var/empty
groupadd sshd
useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
./configure --with-md5-passwords --with-tcp-wrappers
first few commands i did to undo anything i shouldnt of been doing
and now i still get
The key fingerprint is:
5c:bf:e5:e4:ef:89:62:59:32:a9:10:b3:5b:63:15:98 root@mydomain.com
id sshd || \
echo "WARNING: Privilege separation user \"sshd\" does not exist"
uid=521(sshd) gid=521(sshd) groups=521(sshd)
the instructions in bold, i got straight from README.privsep
-
06-26-2002, 05:13 PM #5Disabled
- Join Date
- Nov 2001
- Location
- Canada
- Posts
- 1,963
i mean should i just run it anyway?
i've "read the instructions"
and i still get the same crap
anyone else get this?
-
06-26-2002, 05:34 PM #6Web Hosting Guru
- Join Date
- Jun 2001
- Location
- San Diego, CA
- Posts
- 283
in that case..
maybe yes....
I'd turn on telnet while you restart ssh just in case.
or just test it on a different port (-p 8022) before you make install.
-daviduEveryDNS.NET :: FreeDNS and more.
-
06-26-2002, 05:34 PM #7Disabled
- Join Date
- Nov 2001
- Location
- Canada
- Posts
- 1,963
yeah...
i always turn on telnet
then do it
safer
-
06-26-2002, 05:39 PM #8Disabled
- Join Date
- Nov 2001
- Location
- Canada
- Posts
- 1,963
so shoudl i still have UsePrivilegeSeparation yes uncommented in my sshd_config
-
06-26-2002, 05:42 PM #9Disabled
- Join Date
- Nov 2001
- Location
- Canada
- Posts
- 1,963
yep
i used it
and it works i guess