Re: SSH 3.0.2 wont install

From: Jerry Wolfe (jerryaw@mtco.com)
Date: 03/10/02 

From: Jerry Wolfe <jerryaw@mtco.com>
Date: Sun, 10 Mar 2002 02:25:45 -0500

Ok my newest update. I have gotten openssh 3.1 to install and working
correctly for logging in. However I still have one of my issues left ro
resolcve.

Able to SSH in as any user from anyhere. Even hosts in the hosts.deny
file.

I am trying to figure out if the sshd_config file needs to be in the
/etc dir becuase it is in the /usr/local/etc at this time. It also shows
everything commented out. Thanks for your help as it has resolved half
of my problem. Here is a copy of my config file.

-----------------------------------------------------------------------------
# $OpenBSD: sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $

# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.

# This sshd was compiled with
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

#Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
#HostKey /usr/local/etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /usr/local/etc/ssh_host_rsa_key
#HostKey /usr/local/etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
#LogLevel INFO

# Authentication:

#LoginGraceTime 600
#PermitRootLogin yes
#StrictModes yes

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
#RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# For this to work you will also need host keys in
/usr/local/etc/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
# KerberosAuthentication automatically enabled if keyfile exists
#KerberosAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# AFSTokenPassing automatically enabled if k_hasafs() is true
#AFSTokenPassing yes

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of
'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#KeepAlive yes
#UseLogin no

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
Subsystem sftp /usr/local/libexec/sftp-server
-----------------------------------------------------------------------------

Jerry Wolfe wrote:
>
> I have donwloaded the rpm from rpmfind.net and also download the tar
> from openssh.com and neither seems to work. I have downlosded the newest
> zlib and am unsuccessful at installing it. I donwloaded the tar from
> openssh.com and seem to have gotten it installed. Openssh 3.1 that is.
> Now the problems actually are worse. I run portsentry on this box and
> have a host.deny file setup. Hosts that are denied are allowed to ssh in
> as root. I can ssh in as root from anywhere successfully however I cant
> as an ordinary user. So my to problems now are as follows:
>
> 1. Able to SSH in as root from anyhere. Even hosts in the host.deny
> file.
> 2. Unable to SSH in as a normal user from anywhere.
>
> I can place my ssh-key in the authorized_keys file and it will allow me
> access that way. Any other help would be much appreciated. Thank you.
>
> Jerry Wolfe
> jerryaw@mtco.com
>
> Robert wrote:
> >
> > you need to install zlib.
> > "Nico Kadel-Garcia" <nkadel@bellatlantic.net> wrote in message news:<xhxh8.2969$J3.1556@nwrddc01.gnilink.net>...
> > > "Jerry Wolfe" <jerryaw@mtco.com> wrote in message
> > > news:3C866486.A59C84E9@mtco.com...
> > > > I am running Mandrake 7.2 as a firewall. I need to install ssh on this
> > > > box. Here are the files I have downloaded.
> > > >
> > > > openssh-3.0.2p1-2.i386.rpm
> > > > openssh-clients-3.0.2p1-2.i386.rpm
> > > > openssh-server-3.0.2p1-2.i386.rpm
> > > >
> > > > I was unsuccessful installing this as I continue to get a
> > > >
> > > > libcrypto.so.3 is needed by openssh-3.0.2p1-2
> > > > libc.so.6(GLIBC_2.2) is needed by openssh-3.0.2p1-2
> > > >
> > > > Can anyone shed any light on as to what I am doing incorrectly. I have
> > > > checked for update
> > > > versions for GLIBC however when installing the update for GLIBC I get
> > > > multiple errors
> > > > stating that it is needed for another package. Any help would be much
> > > > appreciated. thank you.
> > >
> > > Mandrake distribution numbering has little to do with RedHat distribution:
> > > as you are seeing, they apparently use different glibc's. Mandrake is,
> > > historically, a year or so behind RedHat and considerably more conservative
> > > in its package updates and more aimed at security updates. But hte Mandrake
> > > numbering winds up bing one major release number larger than its equivalent
> > > RedHat release, so I assume what you are downloading is suited to RedHat,
> > > not Mandrake 7.2 releases.
> > >
> > > You can either recompile from the source RPM and install that, or use a
> > > distribution more suited to your particular OS.

Relevant Pages

  • Re: trojaned SSHD ?
    ... I'd recommend moving to OpenSSH, which supports both ssh1 and ssh2 ... platforms, including Solaris. ... Information relevant to the installation of SSH on NCMIR systems. ... * Install Zlib 1.1.2 libraries, compiling from source, on Solaris and IRIX ...
    (Focus-SUN)
  • Re: OpenSSH, Telnet, Windows Authentication and double-hops
    ... >> ssh -L) ... JM> in seperate DOS console windows in this order: ... I'm using the 3.8 version of OpenSSH. ... >> Kerberos ticket, or your password in order to acquire one. ...
    (comp.security.ssh)
  • Re: OpenSSH, Telnet, Windows Authentication and double-hops
    ... deployment on a Windows network. ... Does this mean that you are setting SSH port forwarding ... does not provide the other side with either a Kerberos ticket, ... We're focusing on the OpenSSH for Windows distribution. ...
    (comp.security.ssh)
  • Re: hacked
    ... > I HAD a RH6.2 firewall/ internet sharing pc that was hacked recently. ... > unnecessary processes were turned off leaving only ssh (openssh 1.2.2-6), ... install aptitude", and use aptitude for package management. ...
    (comp.security.ssh)
  • Re: OpenSSH, Telnet, Windows Authentication and double-hops
    ... >> ssh -L) ... JM> in seperate DOS console windows in this order: ... >> Kerberos ticket, or your password in order to acquire one. ... JM> We're focusing on the OpenSSH for Windows distribution. ...
    (comp.security.ssh)