From owner-cvs-all Wed Jun 26 6: 0:31 2002 Delivered-To: cvs-all@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id C180437B401; Wed, 26 Jun 2002 06:00:06 -0700 (PDT) Received: by peitho.fxp.org (Postfix, from userid 1501) id 4995C13679; Wed, 26 Jun 2002 07:50:41 -0400 (EDT) Date: Wed, 26 Jun 2002 07:50:41 -0400 From: Chris Faulhaber To: Peter Wemm Cc: Dag-Erling Smorgrav , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/secure Makefile.inc src/secure/lib/libssh Makefile src/secure/libexec/sftp-server Makefile src/secure/usr.bin/scp Makefile src/secure/usr.bin/sftp Makefile src/secure/usr.bin/ssh Makefile src/secure/usr.bin/ssh-add Makefile ... Message-ID: <20020626115040.GA76397@peitho.fxp.org> References: <20020626111719.8D1173811@overcee.wemm.org> <20020626112345.D3C143811@overcee.wemm.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="AqsLC8rIMeq19msA" Content-Disposition: inline In-Reply-To: <20020626112345.D3C143811@overcee.wemm.org> User-Agent: Mutt/1.4i Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --AqsLC8rIMeq19msA Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 26, 2002 at 04:23:45AM -0700, Peter Wemm wrote: > Peter Wemm wrote: > > Dag-Erling Smorgrav wrote: > >=20 > > > secure/usr.sbin/sshd Makefile=20 > > > Log: > > > No guts, no glory. Switch to OpenSSH-portable. > >=20 > > On logging into ref5.freebsd.org, we get a pair of these each time: > >=20 > > Jun 26 04:12:56 ref5 sshd[247]: /var/log/lastlog: Permission denied > > Jun 26 04:12:56 ref5 sshd[247]: in _openpam_check_error_code(): pam_sm_= setcre > d(): unexpected return value 24 >=20 > Another thing for the whiteboard: >=20 > peter@ref5[4:17am]~-103> ps -ax | grep sshd > 184 ?? Ss 0:00.92 /usr/sbin/sshd > 245 ?? I 0:00.19 sshd: peter [priv] (sshd) > 247 ?? S 0:00.18 sshd: peter@ttyp0 (sshd) > 264 ?? S 0:00.19 sshd: peter [priv] (sshd) > 266 ?? S 0:00.14 sshd: peter@ttyp1 (sshd) >=20 > The @ttyp0 etc is missing from the [priv] process from each login. >=20 =46rom looking at README.privsep from the openssh-portable distribution, the privileged process does not have @ttypX: Note that for a normal interactive login with a shell, enabling privsep will require 1 additional process per login session. Given the following process listing (from HP-UX): UID PID PPID C STIME TTY TIME COMMAND root 1005 1 0 10:45:17 ? 0:08 /opt/openssh/sbin/sshd -u0 root 6917 1005 0 15:19:16 ? 0:00 sshd: stevesk [priv] stevesk 6919 6917 0 15:19:17 ? 0:03 sshd: stevesk@2 stevesk 6921 6919 0 15:19:17 pts/2 0:00 -bash process 1005 is the sshd process listening for new connections. process 6917 is the privileged monitor process, 6919 is the user owned sshd process and 6921 is the shell process. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --AqsLC8rIMeq19msA Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) Comment: FreeBSD: The Power To Serve iD8DBQE9GaqQObaG4P6BelARAkNcAJ968/vFgG9GyhjkOApRBeMJDc//MgCePYqr hyq9HFkwDJoqsiEYD/0Pcoc= =vgSW -----END PGP SIGNATURE----- --AqsLC8rIMeq19msA-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message