RE: OpenSSH b0rked (was RE: Problems with IPFW patch)

From: Scott Raymond (scott@link-net.com)
Date: 01/25/01


From: "Scott Raymond" <scott@link-net.com>
To: "Peter Pentchev" <roam@orbitel.bg>
Date: Thu, 25 Jan 2001 02:36:05 -0800

Just did that as per your suggestion. I did a "mergemaster -a -i", and
followed the instructions in the FreeBSD handbook for updating /dev and
/stand. Seems to have worked out pretty well, and everything is up to
date.

--
Scott
=======================
Scott Raymond
http://soundamerica.com
=======================
> -----Original Message-----
> From: owner-freebsd-security@FreeBSD.ORG
> [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Peter Pentchev
> Sent: Thursday, January 25, 2001 1:42 AM
> To: Scott Raymond
> Cc: Me; freebsd-security@freebsd.org
> Subject: Re: OpenSSH b0rked (was RE: Problems with IPFW patch)
>
>
> You'd be better off running mergemaster anyway, after (or before)
> EVERY world build/install cycle.  Now God only knows how far your /etc
> has strayed from the updated one, and how many programs may break or
> malfunction in subtle ways :)
>
> G'luck,
> Peter
>
> --
> What would this sentence be like if pi were 3?
>
> On Thu, Jan 25, 2001 at 01:25:08AM -0800, Scott Raymond wrote:
> > I had kept that in mind before I did so.  In fact, the
> research I did
> > suggested that I compare the file from the source tree and
> the existing
> > one in /etc and make changes to the one in /etc.  I discovered that
> > instead of editing the old one, it was simply easier to
> just copy the
> > file over from the source path since the only difference was the
> > addition of sshd entries.
> >
> > --
> > Scott
> > =======================
> > Scott Raymond
> > http://soundamerica.com
> > =======================
> >
> >
> > > -----Original Message-----
> > > From: owner-freebsd-security@FreeBSD.ORG
> > > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Me
> > > Sent: Thursday, January 25, 2001 1:07 AM
> > > To: freebsd-security@freebsd.org
> > > Subject: Re: OpenSSH b0rked (was RE: Problems with IPFW patch)
> > >
> > >
> > >
> > > Use mergemaster ..
> > >
> > > I find's it to risky to just do a blind copy..
> > >
> > > Soren.
> > >
> > > On Wed, Jan 24, 2001 at 10:50:54PM -0800, Scott Raymond wrote:
> > > > Yes, once I was finished I ran into the same problem.  I
> > > did a bit of
> > > > research - copy /usr/src/etc/pam.conf to /etc/pam.conf
> - overwriting
> > > > your old one.  That fixed it for me - and all that was
> > > needed for the
> > > > fix was the config file.  No reboots or restarting sshd
> necessary.
> > > >
> > > > --
> > > > Scott
> > > > =======================
> > > > Scott Raymond
> > > > http://soundamerica.com
> > > > =======================
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Scott Hilton [mailto:kupek@earthlink.net]
> > > > > Sent: Wednesday, January 24, 2001 7:32 PM
> > > > > To: scott@link-net.com
> > > > > Subject: RE: OpenSSH b0rked (was RE: Problems with IPFW patch)
> > > > >
> > > > >
> > > > > hey, I just got another error when trying to log into sshd...
> > > > > getting "no
> > > > > modules loaded for 'sshd' service" and "fatal: PAM session
> > > > > setup failed(6):
> > > > > Permission denied"
> > > > >
> > > > > Let me know if you get the same thing...
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Scott Raymond [mailto:scott@link-net.com]
> > > > > Sent: Wednesday, January 24, 2001 7:10 PM
> > > > > To: Scott Hilton; freebsd-security@freebsd.org
> > > > > Subject: RE: OpenSSH b0rked (was RE: Problems with IPFW patch)
> > > > >
> > > > >
> > > > > Oh, crap.  That's EXACTLY what was happening.
> > > > >
> > > > > Looks like it's time for another compile.  Duh.
> > > > >
> > > > > --
> > > > > Scott
> > > > > =======================
> > > > > Scott Raymond
> > > > > http://soundamerica.com
> > > > > =======================
> > > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Scott Hilton [mailto:kupek@earthlink.net]
> > > > > > Sent: Wednesday, January 24, 2001 6:36 PM
> > > > > > To: scott@link-net.com; freebsd-security@freebsd.org
> > > > > > Subject: RE: OpenSSH b0rked (was RE: Problems with
> IPFW patch)
> > > > > >
> > > > > >
> > > > > > What's wrong with OpenSSH? The only problem I encountered
> > > > > > with it was the
> > > > > > following message when trying to start it:
> > > > > >
> > > > > > fatal: ConnectionsPerPeriod has been deprecated
> > > > > >
> > > > > >
> > > > > > I was looking around for a few minutes, and found
> the following:
> > > > > >
> > > > > >
> > > =================================================================
> > > > > > = Changes from previous versions
> > > 	=
> > > > > >
> > > =================================================================
> > > > > >
> > > > > > 2.3.0:
> > > > > > 	We link with OpenSSL 0.9.6 now.
> > > > > >
> > > > > > 	Diffs from the FreeBSD version are not distributed right
> > > > > > 	now (but will be).
> > > > > >
> > > > > > 	ConnectionsPerPeriod is currently not integrated.
> > > > > > 	Consider using MaxStartups instead.  If you still need
> > > > > > 	ConnectionsPerPeriod, bug me and I may do it.
> > > > > >
> > > > > >
> > > > > > I commented out ConnectionsPerPeriod in /etc/ssh/sshd_config
> > > > > > and sshd loaded
> > > > > > without any problems.
> > > > > >
> > > > > >
> > > > > >
> > > > > > -----Original Message-----
> > > > > > Yeah, now if I could just figure out what was wrong
> > > with the openssh
> > > > > > implementation in the core system.  Openssh (ports tree
> > > > > > version) has an
> > > > > > annoying install sequence - you can't define where it gets
> > > > > > installed, so
> > > > > > the files get installed to the hard-coded directory
> > > tree /usr/local.
> > > > > > The non-working core system one normally installs sshd to
> > > > > > /usr/sbin and
> > > > > > the config files to /etc/ssh.
> > > > > >
> > > > > > What bugs me is that when this gets fixed it's going to
> > > > > take another 4
> > > > > > hours of compiling and installing.
> > > > > >
> > > > > > Bah.
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


Relevant Pages

  • Re: Racoon/sainfo - no policy found
    ... > I have a FreeBSD machine runing NAT, IPFilter, IPSec, ... > Racoon among other things. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: Is the technique described in this article do-able with
    ... > I believe that when you "halt" FreeBSD the whole OS halts. ... you may not care about log info. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • RE: strange messages
    ... Acording to CERT (the latest statd message seems to be ... :> with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: Lost Password
    ... One of the WinNT boxes can be logged into under two separate domains at the login screen. ... Has anyone out ther had any experience in retrieving passwords. ... with "unsubscribe freebsd-security" in the body of the message ...
    (FreeBSD-Security)
  • Re: Need to revert behavior of OpenSSH to the old key order ...
    ... I may have missed some emails in this thread, ... try this suggestion: ... On 5/21/12 12:18 PM, Jason Usher wrote: ... Is there a better list for this - perhaps freebsd-security? ...
    (freebsd-hackers)