Re: OpenSSH 3.6.1p1 and AIX 4.3

From: Darren Tucker (dtucker@dodgy.net.au)
Date: 04/25/03

• Next message: Graham Wharton: "Re: Annoying, Remote command does not quit when ssh does"
• Previous message: Pierre Asselin: "Re: Annoying, Remote command does not quit when ssh does"
• In reply to: Mick Ohrberg: "OpenSSH 3.6.1p1 and AIX 4.3"
• Next in thread: Mick Ohrberg: "Re: OpenSSH 3.6.1p1 and AIX 4.3"
• Reply: Mick Ohrberg: "Re: OpenSSH 3.6.1p1 and AIX 4.3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: dtucker@dodgy.net.au (Darren Tucker)
Date: Fri, 25 Apr 2003 02:53:14 GMT

In article <f7b540fa.0304230906.1dc79762@posting.google.com>,
Mick Ohrberg <mick_ohrberg@output.net> wrote:
>I have downloaded a precompiled bff-file of openssh 3.6.1, and
>everything works well, except one thing. A regular user cannot SSH out
>from the box. Root can ssh out, and key-based authentication to the
>server works fine, but a 'regular' user cannot ssh to another box.
>
>Another peculiarity is that for the users, the known_hosts file is
>never created. Permissions on ~/.ssh are good, so it's not a problem
>with that.

That's very odd. There's only one thing I can think of that might
cause that and it's a long shot: is ssh setuid root and /home an NFS
mount that maps root -> nobody?

If that's not it, please either mail or post the output of "ssh -vvv
sshserver" to enable debugging output. This may shed some light.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

---

• Next message: Graham Wharton: "Re: Annoying, Remote command does not quit when ssh does"
• Previous message: Pierre Asselin: "Re: Annoying, Remote command does not quit when ssh does"
• In reply to: Mick Ohrberg: "OpenSSH 3.6.1p1 and AIX 4.3"
• Next in thread: Mick Ohrberg: "Re: OpenSSH 3.6.1p1 and AIX 4.3"
• Reply: Mick Ohrberg: "Re: OpenSSH 3.6.1p1 and AIX 4.3"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: PermitRootLogin=yes versus su ... > a regular user and using su to become root. ... > Back in the days before strong encryption, when remote access was done ... > However, we now have SSH. ... (comp.security.ssh) RE: Linux hacked ... Also, what exactly did the history file show, can you paste it into a mail ... > First let me say I'm a security novice. ... > been unsuccessful in getting root back. ... > via ssh but you could su in once logged in as one of three users. ... (Security-Basics) Re: Linux hacked ... To find out what kernel version you are running, type "uname -a" without ... > been unsuccessful in getting root back. ... > via ssh but you could su in once logged in as one of three users. ... (Security-Basics) PermitRootLogin=yes versus su ... a regular user and using su to become root. ... Back in the days before strong encryption, when remote access was done ... However, we now have SSH. ... Logging in as a regular user via SSH, then using su to become root, ... (comp.security.ssh) RE: Linux hacked ... hack the box, pull the drive and save it. ... Use the newest versions of Gentoo, Apache, SSH, PHP and Squirl Mail. ... been unsuccessful in getting root back. ... I found a hidden directory /var/tmp/.tmp that has a bunch of directories ... (Security-Basics)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.ssh  > 2003-04