UsePrivilegeSeparation Problem with openssh-3.7.1p2

Jairo Campana · ‎05-06-2004

*Hello , I installed openssh-3.7.1p2 in my Server hpux11.0 , when execute , my server running in mode trusted
------------------------------------------
# /usr/local/sbin/sshd
Privilege separation user sshd does not exist
---------------------------------------------
* this solution with the following patch PHNE_28312
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=319787
-------------------------------------
/usr/local/sbin/sshd
try login
login : test
acces denied
-----------------------------------------
*I modified in sshd_config
UsePrivilegeSeparation no
execute:
---------------------------------------------
# /usr/local/sbin/sshd
-------------------------------------------
try login
login:test
acces denied

tail -f /var/adm/syslog/syslog.log
May 6 13:20:09 whdux1 sshd[6650]: User test not allowed because account is locked
May 6 13:20:14 whdux1 sshd[6650]: Failed password for illegal user test from 172.31.195.241 port 4504

The password is correct and the users no this locked.

where this the problem

legionx

Mel Burslan · ‎05-06-2004

I am not sure if you already checked this out but :

ID=test
STATUS=$(/usr/lbin/getprpw -l -r -m lockout $ID)

case "$STATUS" in
"0000001" ) echo "New User Account: never been logged in yet."
;;
"0000010" ) echo "User Account DISABLED: LOCKED OUT by admin."
;;
"0000011" ) echo "New User Account: never logged in, DISABLED by admin."
;;
"0001000" ) echo "User Account DISABLED: too many password retries."
;;
"0001001" ) echo "New User Account: never logged in, too many pw retries."
;;
"0000000" ) echo "User Account is active."

* ) echo "Unknown status, $STATUS. Please check."

esac

if the userid is locked then these commands should bring it back alive:

#unlock user
/usr/lbin/modprpw -l -m alock=NO $ID
# Resets incorrect login count
/usr/lbin/modprpw -k $ID

hope it helps

________________________________
UNIX because I majored in cryptology...

Jairo Campana · ‎05-06-2004

correct: add ;;
;;
* ) echo "Unknown status, $STATUS. Please check."
esac

Result:
#./test
User Account is active.
#

the count this active.
try login: acces denied
the problem this with UsePrivilegeSeparation optinon of openssh-3.7.1p2
but I cannot solve this

legionx

Jairo Campana · ‎05-07-2004

solved my problem , installe ssh secure HPUX

Privilege separation, or privsep, is method in OpenSSH by which
operations that require root privilege are performed by a separate
privileged monitor process. Its purpose is to prevent privilege
escalation by containing corruption to an unprivileged process.
More information is available at:
6: http://www.citi.umich.edu/u/provos/ssh/privsep.html

the problem is with Privilege separation of openssh :
http://www.chiark.greenend.org.uk/ucgi/~cjwatson/cvsweb/openssh/README.privsep?annotate=1.1.1.4

Privsep requires operating system support for file descriptor passing.
Compression will be disabled on systems without a working mmap MAP_ANON.PAMM-enabled OpenSSH is known to function with privsep on Linux.
It does not function on HP-UX with a trusted system

legionx

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

UsePrivilegeSeparation Problem with openssh-3.7.1p2

UsePrivilegeSeparation Problem with openssh-3.7.1p2

Re: UsePrivilegeSeparation Problem with openssh-3.7.1p2

Re: UsePrivilegeSeparation Problem with openssh-3.7.1p2

Re: UsePrivilegeSeparation Problem with openssh-3.7.1p2