OpenSSH 3.2.2 released
Jan-Frode Myklebust
janfrode at parallab.uib.no
Tue May 21 00:15:20 EST 2002
On Fri, May 17, 2002 at 12:36:22AM +0200, Markus Friedl wrote:
> - experimental support for privilege separation,
> see UsePrivilegeSeparation in sshd(8) and
> http://www.citi.umich.edu/u/provos/ssh/privsep.html
> for more information.
I can't get this working on AIX 5.1:
./configure --prefix=/usr/openssh --sysconfdir=/etc/openssh --disable-suid-ssh
OpenSSH has been configured with the following options:
User binaries: /usr/openssh/bin
System binaries: /usr/openssh/sbin
Configuration files: /etc/openssh
Askpass program: /usr/openssh/libexec/ssh-askpass
Manual pages: /usr/openssh/man/manX
PID file: /var/run
Privilege separation chroot path: /var/empty
sshd default user PATH: /usr/bin:/bin:/usr/sbin:/sbin:/usr/openssh/bin
Manpage format: man
PAM support: no
KerberosIV support: no
KerberosV support: no
Smartcard support: no
AFS support: no
S/KEY support: no
TCP Wrappers support: no
MD5 password support: no
IP address in $DISPLAY hack: no
Use IPv4 by default hack: no
Translate v4 in v6 hack: no
BSD Auth support: no
Random number source: ssh-rand-helper
ssh-rand-helper collects from: Command hashing (timeout 200)
Host: powerpc-ibm-aix5.1.0.0
Compiler: cc
Compiler flags: -g
Preprocessor flags: -I/usr/local/ssl/include -I/usr/local/include
Linker flags: -L/usr/local/ssl/lib -L/usr/local/lib -blibpath:/usr/lib:/lib:/usr/local/lib
Libraries: -lz -lcrypto
# /usr/openssh/sbin/sshd -p 2022 -d -D -o 'UsePrivilegeSeparation
yes'
debug1: sshd version OpenSSH_3.2.2p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 2022 on 0.0.0.0.
Server listening on 0.0.0.0 port 2022.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
setsid: Not owner
Connection from 217.13.1.91 port 38497
debug1: Client protocol version 2.0; client software version
OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.2.2p1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 zlib
debug1: kex: server->client aes128-cbc hmac-md5 zlib
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 129/256
debug1: bits set: 1534/3191
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1617/3191
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: Enabling compression at level 6.
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user janfrode service ssh-connection
method none
debug1: attempt 0 failures 0
Failed none for janfrode from 217.13.1.91 port 38497 ssh2Failed none
for janfrode from 217.13.1.91 port 38497 ssh2
debug1: userauth-request for user janfrode service ssh-connection
method publickey
debug1: attempt 1 failures 1
debug1: test whether pkalg/pkblob are acceptable
debug1: temporarily_use_uid: 50012/50012 (e=0)
debug1: trying public key file
/home/parallab/plab/janfrode/.ssh/authorized_keys
debug1: matching key found: file
/home/parallab/plab/janfrode/.ssh/authorized_keys, line 2
Found matching DSA key:
d6:73:c1:54:51:df:56:18:43:8c:ca:fd:ec:a1:c4:4b
debug1: restore_uid
Postponed publickey for janfrode from 217.13.1.91 port 38497 ssh2
debug1: userauth-request for user janfrode service ssh-connection
method publickey
debug1: attempt 2 failures 1
debug1: temporarily_use_uid: 50012/50012 (e=0)
debug1: trying public key file
/home/parallab/plab/janfrode/.ssh/authorized_keys
debug1: matching key found: file
/home/parallab/plab/janfrode/.ssh/authorized_keys, line 2
Found matching DSA key:
d6:73:c1:54:51:df:56:18:43:8c:ca:fd:ec:a1:c4:4b
debug1: restore_uid
debug1: ssh_dss_verify: signature correct
Accepted publickey for janfrode from 217.13.1.91 port 38497 ssh2
Accepted publickey for janfrode from 217.13.1.91 port 38497
ssh2debug1: monitor_child_preauth: janfrode has been authenticated by
privileged process
debug1: newkeys: mode 0
debug1: newkeys: mode 1
debug1: Entering interactive session for SSH2.
debug1: fd 8 setting O_NONBLOCK
debug1: fd 9 setting O_NONBLOCK
debug1: server_init_dispatch_20
debug1: server_input_channel_open: ctype session rchan 0 win 65536 max
16384
debug1: input_session_request
debug1: channel 0: new [server-session]
debug1: session_new: init
debug1: session_new: session 0
debug1: session_open: channel 0
debug1: session_open: session 0: link with channel 0
debug1: server_input_channel_open: confirm session
debug1: server_input_channel_req: channel 0 request pty-req reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req pty-req
debug1: Allocating pty.
debug1: session_new: init
debug1: session_new: session 0
debug1: session_pty_req: session 0 alloc /dev/pts/10
debug1: Ignoring unsupported tty mode opcode 13 (0xd)
debug1: Ignoring unsupported tty mode opcode 18 (0x12)
debug1: server_input_channel_req: channel 0 request shell reply 0
debug1: session_by_channel: session 0 channel 0
debug1: session_input_channel_req: session 0 req shell
debug1: fd 4 setting TCP_NODELAY
debug1: channel 0: rfd 11 isatty
debug1: fd 11 setting O_NONBLOCK
setsid: Operation not permitted.
debug1: session_by_tty: session 0 tty /dev/pts/10
debug1: session_pty_cleanup: session 0 release /dev/pts/10
Connection closed by remote host.
debug1: channel_free: channel 0: server-session, nchannels 1
debug1: session_close: session 0 pid 49666
Closing connection to 217.13.1.91
debug1: session_by_tty: unknown tty /dev/pts/10
debug1: dump: used 0 session 0 200326c0 channel -1 pid 29204
debug1: dump: used 0 session 0 2003285c channel 0 pid 0
debug1: dump: used 0 session 0 200329f8 channel 0 pid 0
debug1: dump: used 0 session 0 20032b94 channel 0 pid 0
debug1: dump: used 0 session 0 20032d30 channel 0 pid 0
debug1: dump: used 0 session 0 20032ecc channel 0 pid 0
debug1: dump: used 0 session 0 20033068 channel 0 pid 0
debug1: dump: used 0 session 0 20033204 channel 0 pid 0
debug1: dump: used 0 session 0 200333a0 channel 0 pid 0
debug1: dump: used 0 session 0 2003353c channel 0 pid 0
On the client side i get the /etc/motd printed, and then the
connection is closed. Any hints to what I might be doing wrong?
-jf
More information about the openssh-unix-dev
mailing list