Openssh 3.0p1/Solaris 8 problems still...
James M Moya
moyman at ecn.purdue.edu
Tue Nov 13 07:50:18 EST 2001
Currently under solaris 8 with a fairly generic build:
CC="cc" ./configure \
--prefix=/opt/openssh \
--sysconfdir=/var/ssh \
--with-rsh=/usr/local/etc/rsh \
--with-ipv4-default \
--with-ssl-dir=/usr/local/ssl \
--with-ipaddr-display \
--with-pam \
--with-pid-dir=/var/ssh
cron will quit working since ssh hasn't doesn't have auditing support
just right (You will get "! cron audit problem. job failed...etc..." all
through /var/cron/log **the next time a change is made** to the crontab).
This fails with or without PAM support. I and others reported this at
least a year ago.
You can get around it by just setting sshd_config to "UseLogin yes" since
/usr/bin/login *does* have the proper audit hooks so crontabs will once
again be created properly and work. Unfortunately, when you do that
you no loger get X11 forwarding (from ssh verbose output):
>debug1: Requesting X11 forwarding with authentication spoofing.
>debug1: Remote: X11 forwarding disabled; not compatible with UseLogin=yes.
>Warning: Remote host denied X11 forwarding.
My question is this. Since there doesn't appear to be a fix forthcoming for
the cron/audit bug, is there a Solaris 8 setup that creates good crontabs
*and* allows X11 forwarding? It seems that would be basic "out of the box"
functionality but I can't seem to get it?
--mike
More information about the openssh-unix-dev
mailing list