RE: OpenSSH b0rked (was RE: Problems with IPFW patch)

From: Scott Raymond (scott@link-net.com)
Date: 01/25/01


From: "Scott Raymond" <scott@link-net.com>
To: "Peter Pentchev" <roam@orbitel.bg>
Date: Thu, 25 Jan 2001 02:36:05 -0800

Just did that as per your suggestion. I did a "mergemaster -a -i", and
followed the instructions in the FreeBSD handbook for updating /dev and
/stand. Seems to have worked out pretty well, and everything is up to
date.

--
Scott
=======================
Scott Raymond
http://soundamerica.com
=======================
> -----Original Message-----
> From: owner-freebsd-security@FreeBSD.ORG
> [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Peter Pentchev
> Sent: Thursday, January 25, 2001 1:42 AM
> To: Scott Raymond
> Cc: Me; freebsd-security@freebsd.org
> Subject: Re: OpenSSH b0rked (was RE: Problems with IPFW patch)
>
>
> You'd be better off running mergemaster anyway, after (or before)
> EVERY world build/install cycle.  Now God only knows how far your /etc
> has strayed from the updated one, and how many programs may break or
> malfunction in subtle ways :)
>
> G'luck,
> Peter
>
> --
> What would this sentence be like if pi were 3?
>
> On Thu, Jan 25, 2001 at 01:25:08AM -0800, Scott Raymond wrote:
> > I had kept that in mind before I did so.  In fact, the
> research I did
> > suggested that I compare the file from the source tree and
> the existing
> > one in /etc and make changes to the one in /etc.  I discovered that
> > instead of editing the old one, it was simply easier to
> just copy the
> > file over from the source path since the only difference was the
> > addition of sshd entries.
> >
> > --
> > Scott
> > =======================
> > Scott Raymond
> > http://soundamerica.com
> > =======================
> >
> >
> > > -----Original Message-----
> > > From: owner-freebsd-security@FreeBSD.ORG
> > > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Me
> > > Sent: Thursday, January 25, 2001 1:07 AM
> > > To: freebsd-security@freebsd.org
> > > Subject: Re: OpenSSH b0rked (was RE: Problems with IPFW patch)
> > >
> > >
> > >
> > > Use mergemaster ..
> > >
> > > I find's it to risky to just do a blind copy..
> > >
> > > Soren.
> > >
> > > On Wed, Jan 24, 2001 at 10:50:54PM -0800, Scott Raymond wrote:
> > > > Yes, once I was finished I ran into the same problem.  I
> > > did a bit of
> > > > research - copy /usr/src/etc/pam.conf to /etc/pam.conf
> - overwriting
> > > > your old one.  That fixed it for me - and all that was
> > > needed for the
> > > > fix was the config file.  No reboots or restarting sshd
> necessary.
> > > >
> > > > --
> > > > Scott
> > > > =======================
> > > > Scott Raymond
> > > > http://soundamerica.com
> > > > =======================
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Scott Hilton [mailto:kupek@earthlink.net]
> > > > > Sent: Wednesday, January 24, 2001 7:32 PM
> > > > > To: scott@link-net.com
> > > > > Subject: RE: OpenSSH b0rked (was RE: Problems with IPFW patch)
> > > > >
> > > > >
> > > > > hey, I just got another error when trying to log into sshd...
> > > > > getting "no
> > > > > modules loaded for 'sshd' service" and "fatal: PAM session
> > > > > setup failed(6):
> > > > > Permission denied"
> > > > >
> > > > > Let me know if you get the same thing...
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Scott Raymond [mailto:scott@link-net.com]
> > > > > Sent: Wednesday, January 24, 2001 7:10 PM
> > > > > To: Scott Hilton; freebsd-security@freebsd.org
> > > > > Subject: RE: OpenSSH b0rked (was RE: Problems with IPFW patch)
> > > > >
> > > > >
> > > > > Oh, crap.  That's EXACTLY what was happening.
> > > > >
> > > > > Looks like it's time for another compile.  Duh.
> > > > >
> > > > > --
> > > > > Scott
> > > > > =======================
> > > > > Scott Raymond
> > > > > http://soundamerica.com
> > > > > =======================
> > > > >
> > > > >
> > > > > > -----Original Message-----
> > > > > > From: Scott Hilton [mailto:kupek@earthlink.net]
> > > > > > Sent: Wednesday, January 24, 2001 6:36 PM
> > > > > > To: scott@link-net.com; freebsd-security@freebsd.org
> > > > > > Subject: RE: OpenSSH b0rked (was RE: Problems with
> IPFW patch)
> > > > > >
> > > > > >
> > > > > > What's wrong with OpenSSH? The only problem I encountered
> > > > > > with it was the
> > > > > > following message when trying to start it:
> > > > > >
> > > > > > fatal: ConnectionsPerPeriod has been deprecated
> > > > > >
> > > > > >
> > > > > > I was looking around for a few minutes, and found
> the following:
> > > > > >
> > > > > >
> > > =================================================================
> > > > > > = Changes from previous versions
> > > 	=
> > > > > >
> > > =================================================================
> > > > > >
> > > > > > 2.3.0:
> > > > > > 	We link with OpenSSL 0.9.6 now.
> > > > > >
> > > > > > 	Diffs from the FreeBSD version are not distributed right
> > > > > > 	now (but will be).
> > > > > >
> > > > > > 	ConnectionsPerPeriod is currently not integrated.
> > > > > > 	Consider using MaxStartups instead.  If you still need
> > > > > > 	ConnectionsPerPeriod, bug me and I may do it.
> > > > > >
> > > > > >
> > > > > > I commented out ConnectionsPerPeriod in /etc/ssh/sshd_config
> > > > > > and sshd loaded
> > > > > > without any problems.
> > > > > >
> > > > > >
> > > > > >
> > > > > > -----Original Message-----
> > > > > > Yeah, now if I could just figure out what was wrong
> > > with the openssh
> > > > > > implementation in the core system.  Openssh (ports tree
> > > > > > version) has an
> > > > > > annoying install sequence - you can't define where it gets
> > > > > > installed, so
> > > > > > the files get installed to the hard-coded directory
> > > tree /usr/local.
> > > > > > The non-working core system one normally installs sshd to
> > > > > > /usr/sbin and
> > > > > > the config files to /etc/ssh.
> > > > > >
> > > > > > What bugs me is that when this gets fixed it's going to
> > > > > take another 4
> > > > > > hours of compiling and installing.
> > > > > >
> > > > > > Bah.
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message