From owner-freebsd-questions@FreeBSD.ORG Wed Mar 16 17:04:36 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF6B316A4CE for ; Wed, 16 Mar 2005 17:04:36 +0000 (GMT) Received: from ns.mccme.ru (ns.mccme.ru [62.117.108.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id D8C7843D46 for ; Wed, 16 Mar 2005 17:04:35 +0000 (GMT) (envelope-from emin@mccme.ru) Received: from mccme.ru (IDENT:root@mccme.ru [62.117.108.7]) by ns.mccme.ru (8.12.10/8.12.10) with ESMTP id j2GH9wEe003801 for ; Wed, 16 Mar 2005 20:09:58 +0300 (MSK) (envelope-from emin@mccme.ru) Received: from mccme.ru (IDENT:emin@localhost.mccme.ru [127.0.0.1]) by mccme.ru (8.9.3/8.9.3) with SMTP id UAA29494 for ; Wed, 16 Mar 2005 20:04:48 +0300 Date: Wed, 16 Mar 2005 20:04:48 +0300 From: "Eugene M. Minkovskii" To: freebsd-questions@freebsd.org Message-ID: <20050316170448.GA29054@mccme.ru> References: <20050316074108.GA18643@mccme.ru> <20050316160044.GS8226@gentoo-npk.bmp.ub> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20050316160044.GS8226@gentoo-npk.bmp.ub> User-Agent: Mutt/1.4.2.1i Organization: MCCME Moscow X-MCCME-Spam: No, score=-0.095 required=5 tests=AWL,FORGED_RCVD_HELO,SPF_HELO_PASS Subject: Re: sshd behaviour X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Mar 2005 17:04:37 -0000 On Wed, Mar 16, 2005 at 10:00:44AM -0600, Nathan Kinkade wrote: " " As another poster mentioned, the problem is likely related to DNS, and I " have experienced it as well. If you are using Privilege Separation, " then an sshd process will chroot itself into /var/empty before " performing authentication. /var/empty is itself usually empty. One " thing you can do is to make the dir /var/empty/etc and then drop a copy " of your /etc/hosts file into the newly created /var/empty/etc/ " directory. You might want to make sure that the hosts file contains a " mapping to the LAN machines which you want to ssh from. " " Keep in mind that /var/empty has the schg flag set, so you won't be able " to copy anything to it without disabling this first. See more at `man " chflags`. Try something like this: " " # chflags -R noschg /var/empty " # mkdir /var/empty/etc " # cp /etc/hosts /var/empty/etc " # chflags -R schg /var/empty " " This will likely clear up your problem. " " Nathan Thank you, Nathan. Can I put soft link into /var/empty/etc (this is crossdevice link, and I can't put hard link in it)? And does I realy need -R key in last command which you recomended? This mean that directory /var/empty/etc has schg flag too. Is it nessesery? -- Sensory yours, Eugene Minkovskii Сенсорно ваш, Евгений Миньковский