- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- UsePrivilegeSeparation Problem with openssh-3.7.1p...
Operating System - HP-UX
1820478
Members
2918
Online
109624
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-06-2004 04:25 AM
тАО05-06-2004 04:25 AM
UsePrivilegeSeparation Problem with openssh-3.7.1p2
*Hello , I installed openssh-3.7.1p2 in my Server hpux11.0 , when execute , my server running in mode trusted
------------------------------------------
# /usr/local/sbin/sshd
Privilege separation user sshd does not exist
---------------------------------------------
* this solution with the following patch PHNE_28312
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=319787
-------------------------------------
/usr/local/sbin/sshd
try login
login : test
acces denied
-----------------------------------------
*I modified in sshd_config
UsePrivilegeSeparation no
execute:
---------------------------------------------
# /usr/local/sbin/sshd
-------------------------------------------
try login
login:test
acces denied
tail -f /var/adm/syslog/syslog.log
May 6 13:20:09 whdux1 sshd[6650]: User test not allowed because account is locked
May 6 13:20:14 whdux1 sshd[6650]: Failed password for illegal user test from 172.31.195.241 port 4504
The password is correct and the users no this locked.
where this the problem
------------------------------------------
# /usr/local/sbin/sshd
Privilege separation user sshd does not exist
---------------------------------------------
* this solution with the following patch PHNE_28312
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=319787
-------------------------------------
/usr/local/sbin/sshd
try login
login : test
acces denied
-----------------------------------------
*I modified in sshd_config
UsePrivilegeSeparation no
execute:
---------------------------------------------
# /usr/local/sbin/sshd
-------------------------------------------
try login
login:test
acces denied
tail -f /var/adm/syslog/syslog.log
May 6 13:20:09 whdux1 sshd[6650]: User test not allowed because account is locked
May 6 13:20:14 whdux1 sshd[6650]: Failed password for illegal user test from 172.31.195.241 port 4504
The password is correct and the users no this locked.
where this the problem
legionx
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-06-2004 04:36 AM
тАО05-06-2004 04:36 AM
Re: UsePrivilegeSeparation Problem with openssh-3.7.1p2
I am not sure if you already checked this out but :
ID=test
STATUS=$(/usr/lbin/getprpw -l -r -m lockout $ID)
case "$STATUS" in
"0000001" ) echo "New User Account: never been logged in yet."
;;
"0000010" ) echo "User Account DISABLED: LOCKED OUT by admin."
;;
"0000011" ) echo "New User Account: never logged in, DISABLED by admin."
;;
"0001000" ) echo "User Account DISABLED: too many password retries."
;;
"0001001" ) echo "New User Account: never logged in, too many pw retries."
;;
"0000000" ) echo "User Account is active."
* ) echo "Unknown status, $STATUS. Please check."
esac
if the userid is locked then these commands should bring it back alive:
#unlock user
/usr/lbin/modprpw -l -m alock=NO $ID
# Resets incorrect login count
/usr/lbin/modprpw -k $ID
hope it helps
ID=test
STATUS=$(/usr/lbin/getprpw -l -r -m lockout $ID)
case "$STATUS" in
"0000001" ) echo "New User Account: never been logged in yet."
;;
"0000010" ) echo "User Account DISABLED: LOCKED OUT by admin."
;;
"0000011" ) echo "New User Account: never logged in, DISABLED by admin."
;;
"0001000" ) echo "User Account DISABLED: too many password retries."
;;
"0001001" ) echo "New User Account: never logged in, too many pw retries."
;;
"0000000" ) echo "User Account is active."
* ) echo "Unknown status, $STATUS. Please check."
esac
if the userid is locked then these commands should bring it back alive:
#unlock user
/usr/lbin/modprpw -l -m alock=NO $ID
# Resets incorrect login count
/usr/lbin/modprpw -k $ID
hope it helps
________________________________
UNIX because I majored in cryptology...
UNIX because I majored in cryptology...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-06-2004 05:35 AM
тАО05-06-2004 05:35 AM
Re: UsePrivilegeSeparation Problem with openssh-3.7.1p2
correct: add ;;
;;
* ) echo "Unknown status, $STATUS. Please check."
esac
Result:
#./test
User Account is active.
#
the count this active.
try login: acces denied
the problem this with UsePrivilegeSeparation optinon of openssh-3.7.1p2
but I cannot solve this
;;
* ) echo "Unknown status, $STATUS. Please check."
esac
Result:
#./test
User Account is active.
#
the count this active.
try login: acces denied
the problem this with UsePrivilegeSeparation optinon of openssh-3.7.1p2
but I cannot solve this
legionx
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-07-2004 12:29 AM
тАО05-07-2004 12:29 AM
Re: UsePrivilegeSeparation Problem with openssh-3.7.1p2
solved my problem , installe ssh secure HPUX
Privilege separation, or privsep, is method in OpenSSH by which
operations that require root privilege are performed by a separate
privileged monitor process. Its purpose is to prevent privilege
escalation by containing corruption to an unprivileged process.
More information is available at:
6: http://www.citi.umich.edu/u/provos/ssh/privsep.html
the problem is with Privilege separation of openssh :
http://www.chiark.greenend.org.uk/ucgi/~cjwatson/cvsweb/openssh/README.privsep?annotate=1.1.1.4
Privsep requires operating system support for file descriptor passing.
Compression will be disabled on systems without a working mmap MAP_ANON.PAMM-enabled OpenSSH is known to function with privsep on Linux.
It does not function on HP-UX with a trusted system
Privilege separation, or privsep, is method in OpenSSH by which
operations that require root privilege are performed by a separate
privileged monitor process. Its purpose is to prevent privilege
escalation by containing corruption to an unprivileged process.
More information is available at:
6: http://www.citi.umich.edu/u/provos/ssh/privsep.html
the problem is with Privilege separation of openssh :
http://www.chiark.greenend.org.uk/ucgi/~cjwatson/cvsweb/openssh/README.privsep?annotate=1.1.1.4
Privsep requires operating system support for file descriptor passing.
Compression will be disabled on systems without a working mmap MAP_ANON.PAMM-enabled OpenSSH is known to function with privsep on Linux.
It does not function on HP-UX with a trusted system
legionx
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Learn About
News and Events
Support
© Copyright 2025 Hewlett Packard Enterprise Development LP