Re: Workarounds for OpenSSH problems
From: Andrew McNaughton (andrew@scoop.co.nz)
Date: 06/25/02
- Next message: Jarkko Santala: "Re: Hogwash"
- Previous message: Tony Landells: "Re: Hogwash"
- In reply to: Brett Glass: "Workarounds for OpenSSH problems"
- Next in thread: Brett Glass: "Re: Workarounds for OpenSSH problems"
- Reply: Brett Glass: "Re: Workarounds for OpenSSH problems"
- Reply: patpro: "Re: Workarounds for OpenSSH problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Jun 2002 18:02:45 +1200 (NZST) From: Andrew McNaughton <andrew@scoop.co.nz> To: Brett Glass <brett@lariat.org>
On Mon, 24 Jun 2002, Brett Glass wrote:
> A few quick questions.
>
> Has anyone on the list successfully used privilege separation on the
> OpenSSH 3.3p that's now in the ports tree? Does it work? Does privilege
> separation have any negative side effects, such as disabling compression
I've installed it. It griped and wouldn't start without `mkdir
/var/empty`. Having added that it's running, but it hasn't griped about
the lack of an 'sshd' user/group. I added them anyway. I don't see any
sign of an sshd process running as anything other than root though.
Compression is enabled when I connect, but I'm not sure that the privilege
separation is actually working.
> or some forms of authentication? Since I have a lot of systems to cover,
> is it possible to copy just the SSHD binary of the later version over the
> one that's installed by default when one installs FreeBSD? (I'd rather do
> this than mess with installing a port -- especially since many of my
> production machines don't have the ports collection. It's a disk hog.)
`make package` on one machine, and then install from the package on the
others. It's somewhat dependent on keeping your machines versions in
sync, but then its also a strategy which makes it easier tokeep everythin
in sync.
Andrew McNaughton
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Jarkko Santala: "Re: Hogwash"
- Previous message: Tony Landells: "Re: Hogwash"
- In reply to: Brett Glass: "Workarounds for OpenSSH problems"
- Next in thread: Brett Glass: "Re: Workarounds for OpenSSH problems"
- Reply: Brett Glass: "Re: Workarounds for OpenSSH problems"
- Reply: patpro: "Re: Workarounds for OpenSSH problems"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
