Re: Privilege separation user sshd does not exist



On Tue, 2007-06-05 at 07:54 +1000, Darren Tucker wrote:
Dallas Clement wrote:
'm getting this error when I try to start my cross-compiled OpenSSH sshd
daemon for the first time with privilege separation enabled.
[...]

sshd uses getpwnam() to look up the privsep user, so if that doesn't
work (eg if your nsswitch.conf or equivalent is broken) then you can get
that error regardless of what's in /etc/passwd.


You were sure right! I didn't have any /etc/nsswitch.conf defined at
all, neither did I have any /lib/lib_nss* files either...

Once I added those and also added the following line in my /etc/fstab,
the sshd daemon started to recognize the priv sep user.

However, my ssh login attempts from a remote machine are still failing
for some reason. I know that the user is valid and the password is
valid since I can login locally.

Here is my sshd output:

debug1: userauth-request for user dallas service ssh-connection method
none
debug1: attempt 0 failures 0
Failed none for dallas from 172.16.1.33 port 58494 ssh2
debug1: userath-request for user dallas service ssh-conection method
password
debug1: attempt 1 failure 1
Failed password for dallas from 172.16.1.33

Can you think of anything else I might be doing wrong for the password
authentication to fail?

This is how I configured the OpenSSH build:

./configure --sysconfdir=/etc/ssh --with-zlib=/home/dallas/zlib_install
--with-ssl-dir=/home/dallas/openssl_install
--host=i686-unknown-linux-gnu --with-privsep-user=sshd --with-shadow
--with-md5-passwords CC=i686-unknown-linux-gnu-gcc

Should I not be specifying md5 password?

Thanks a ton for the help!



Relevant Pages

  • RE: X11 Forwarding
    ... Upon receipt of a connection request, ... the daemon forks, creating a new process. ... I guess all those forums out there saying that sshd reads the config ... First do a "ps -f" to get the PPID ...
    (SSH)
  • Re: McAfee and CygWin SSH
    ... Try it with sshd -d and see what it says -- perhaps something is ... debug1: sshd version OpenSSH_4.3p2 ... debug1: read PEM private key done: type RSA ...
    (comp.security.ssh)
  • Re: Rebuilding OpenSSH on RedHat 7.3
    ... I compiled using a prefix of /usr instead of /usr/local, ... seem to put the daemon in /usr/sbin where the default location is for RH ... the init script points at the correct sshd. ... other binaries are not in the right place because sshd that got ...
    (comp.security.ssh)
  • Re: Cant login to an OS X box using ssh
    ... using sshd -d which seems to be more helpful than ssh -d5 or any level ... verbose mode on the client side. ... debug1: read PEM private key done: type RSA ... SSH Secure Shell ...
    (comp.security.ssh)
  • Re: Help setting up sshd, please
    ... I'm trying to get sshd working on an embryonic Gentoo installation. ... I've run sshd as sshd -d, which puts debugging info onto the screen. ... debug1: userauth-request for user root service ssh-connection method ... then you're on the installation media's kernel still. ...
    (comp.os.linux.setup)