Date: Wed, 26 Jun 2002 07:50:41 -0400 From: Chris Faulhaber <jedgar@fxp.org> To: Peter Wemm <peter@wemm.org> Cc: Dag-Erling Smorgrav <des@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/secure Makefile.inc src/secure/lib/libssh Makefile src/secure/libexec/sftp-server Makefile src/secure/usr.bin/scp Makefile src/secure/usr.bin/sftp Makefile src/secure/usr.bin/ssh Makefile src/secure/usr.bin/ssh-add Makefile ... Message-ID: <20020626115040.GA76397@peitho.fxp.org> In-Reply-To: <20020626112345.D3C143811@overcee.wemm.org> References: <20020626111719.8D1173811@overcee.wemm.org> <20020626112345.D3C143811@overcee.wemm.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--AqsLC8rIMeq19msA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 26, 2002 at 04:23:45AM -0700, Peter Wemm wrote: > Peter Wemm wrote: > > Dag-Erling Smorgrav wrote: > >=20 > > > secure/usr.sbin/sshd Makefile=20 > > > Log: > > > No guts, no glory. Switch to OpenSSH-portable. > >=20 > > On logging into ref5.freebsd.org, we get a pair of these each time: > >=20 > > Jun 26 04:12:56 ref5 sshd[247]: /var/log/lastlog: Permission denied > > Jun 26 04:12:56 ref5 sshd[247]: in _openpam_check_error_code(): pam_sm_= setcre > d(): unexpected return value 24 >=20 > Another thing for the whiteboard: >=20 > peter@ref5[4:17am]~-103> ps -ax | grep sshd > 184 ?? Ss 0:00.92 /usr/sbin/sshd > 245 ?? I 0:00.19 sshd: peter [priv] (sshd) > 247 ?? S 0:00.18 sshd: peter@ttyp0 (sshd) > 264 ?? S 0:00.19 sshd: peter [priv] (sshd) > 266 ?? S 0:00.14 sshd: peter@ttyp1 (sshd) >=20 > The @ttyp0 etc is missing from the [priv] process from each login. >=20 =46rom looking at README.privsep from the openssh-portable distribution, the privileged process does not have @ttypX: Note that for a normal interactive login with a shell, enabling privsep will require 1 additional process per login session. Given the following process listing (from HP-UX): UID PID PPID C STIME TTY TIME COMMAND root 1005 1 0 10:45:17 ? 0:08 /opt/openssh/sbin/sshd -u0 root 6917 1005 0 15:19:16 ? 0:00 sshd: stevesk [priv] stevesk 6919 6917 0 15:19:17 ? 0:03 sshd: stevesk@2 stevesk 6921 6919 0 15:19:17 pts/2 0:00 -bash process 1005 is the sshd process listening for new connections. process 6917 is the privileged monitor process, 6919 is the user owned sshd process and 6921 is the shell process. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --AqsLC8rIMeq19msA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) Comment: FreeBSD: The Power To Serve iD8DBQE9GaqQObaG4P6BelARAkNcAJ968/vFgG9GyhjkOApRBeMJDc//MgCePYqr hyq9HFkwDJoqsiEYD/0Pcoc= =vgSW -----END PGP SIGNATURE----- --AqsLC8rIMeq19msA-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020626115040.GA76397>