HPE Community
Operating System - HP-UX
1847798 Members
2888 Online
104021 Solutions
New Discussion

getsockopt/getpeereid for openssh

 
Alex Lavrov.
Honored Contributor

‎10-17-2005 10:21 AM

‎10-17-2005 10:21 AM

getsockopt/getpeereid for openssh

Hello,
trying to compile openssh here on 11i (goldpack september 2005). At the end of the configure I got this warning:

WARNING: the operating system that you are using does not
appear to support either the getpeereid() API nor the
SO_PEERCRED getsockopt() option. These facilities are used to
enforce security checks to prevent unauthorised connections to
ssh-agent. Their absence increases the risk that a malicious
user can connect to your agent.


Tried to figure out what I have to install/enable to get on of these 2 funcs work, but can't find anything. I see that I have "getsockopt" man pages :)

Thanx, Alex.
I don't give a damn for a man that can only spell a word one way. (M. Twain)
0 Kudos
Reply
5 REPLIES 5
Arunvijai_4
Honored Contributor

‎10-17-2005 04:54 PM

‎10-17-2005 04:54 PM

Re: getsockopt/getpeereid for openssh

Hi Alex,

Which version of OpenSSH you are trying to compile ? You can get 4.1p1 from software.hp.com http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Alex Lavrov.
Honored Contributor

‎10-17-2005 08:56 PM

‎10-17-2005 08:56 PM

Re: getsockopt/getpeereid for openssh

I compiled the newest version I found there. 4.2p1

I wonder if the HP supplied depot contains that functionality I mentioned.

Alex.
I don't give a damn for a man that can only spell a word one way. (M. Twain)
0 Kudos
Reply
Arunvijai_4
Honored Contributor

‎10-17-2005 09:01 PM

‎10-17-2005 09:01 PM

Re: getsockopt/getpeereid for openssh

Alex, Checked with SSH developer, he says its not yet available on HP-UX and no work arounds either, you have to live with that...

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
Alex Lavrov.
Honored Contributor

‎10-17-2005 09:11 PM

‎10-17-2005 09:11 PM

Re: getsockopt/getpeereid for openssh

I know that getpeereid() is available only on BSD systems.

But I wonder what about getsockopt(). This patch for example PHNE_33159, contains fixes for this function.


Alex.
I don't give a damn for a man that can only spell a word one way. (M. Twain)
0 Kudos
Reply
Arunvijai_4
Honored Contributor

‎10-17-2005 09:23 PM

‎10-17-2005 09:23 PM

Re: getsockopt/getpeereid for openssh

PHNE_33159 contains fixes for getsockopt SO_ERROR on a listen() socket causes a conflict with accept() processing.and some man page related stuffs. I feel, it doesnt have SO_PEERCRED ..

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.