Date: Thu, 25 Jan 2001 11:42:29 +0200 From: Peter Pentchev <roam@orbitel.bg> To: Scott Raymond <scott@link-net.com> Cc: Me <xride@www-student.eit.ihk.dk>, freebsd-security@freebsd.org Subject: Re: OpenSSH b0rked (was RE: Problems with IPFW patch) Message-ID: <20010125114228.B578@ringworld.oblivion.bg> In-Reply-To: <FDEEKLDJMPFBCBKOEEINAEJCCKAA.scott@link-net.com>; from scott@link-net.com on Thu, Jan 25, 2001 at 01:25:08AM -0800 References: <20010125100729.A26350@www-student.eit.ihk.dk> <FDEEKLDJMPFBCBKOEEINAEJCCKAA.scott@link-net.com>
next in thread | previous in thread | raw e-mail | index | archive | help
You'd be better off running mergemaster anyway, after (or before) EVERY world build/install cycle. Now God only knows how far your /etc has strayed from the updated one, and how many programs may break or malfunction in subtle ways :) G'luck, Peter -- What would this sentence be like if pi were 3? On Thu, Jan 25, 2001 at 01:25:08AM -0800, Scott Raymond wrote: > I had kept that in mind before I did so. In fact, the research I did > suggested that I compare the file from the source tree and the existing > one in /etc and make changes to the one in /etc. I discovered that > instead of editing the old one, it was simply easier to just copy the > file over from the source path since the only difference was the > addition of sshd entries. > > -- > Scott > ======================= > Scott Raymond > http://soundamerica.com > ======================= > > > > -----Original Message----- > > From: owner-freebsd-security@FreeBSD.ORG > > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Me > > Sent: Thursday, January 25, 2001 1:07 AM > > To: freebsd-security@freebsd.org > > Subject: Re: OpenSSH b0rked (was RE: Problems with IPFW patch) > > > > > > > > Use mergemaster .. > > > > I find's it to risky to just do a blind copy.. > > > > Soren. > > > > On Wed, Jan 24, 2001 at 10:50:54PM -0800, Scott Raymond wrote: > > > Yes, once I was finished I ran into the same problem. I > > did a bit of > > > research - copy /usr/src/etc/pam.conf to /etc/pam.conf - overwriting > > > your old one. That fixed it for me - and all that was > > needed for the > > > fix was the config file. No reboots or restarting sshd necessary. > > > > > > -- > > > Scott > > > ======================= > > > Scott Raymond > > > http://soundamerica.com > > > ======================= > > > > > > > > > > -----Original Message----- > > > > From: Scott Hilton [mailto:kupek@earthlink.net] > > > > Sent: Wednesday, January 24, 2001 7:32 PM > > > > To: scott@link-net.com > > > > Subject: RE: OpenSSH b0rked (was RE: Problems with IPFW patch) > > > > > > > > > > > > hey, I just got another error when trying to log into sshd... > > > > getting "no > > > > modules loaded for 'sshd' service" and "fatal: PAM session > > > > setup failed(6): > > > > Permission denied" > > > > > > > > Let me know if you get the same thing... > > > > > > > > > > > > -----Original Message----- > > > > From: Scott Raymond [mailto:scott@link-net.com] > > > > Sent: Wednesday, January 24, 2001 7:10 PM > > > > To: Scott Hilton; freebsd-security@freebsd.org > > > > Subject: RE: OpenSSH b0rked (was RE: Problems with IPFW patch) > > > > > > > > > > > > Oh, crap. That's EXACTLY what was happening. > > > > > > > > Looks like it's time for another compile. Duh. > > > > > > > > -- > > > > Scott > > > > ======================= > > > > Scott Raymond > > > > http://soundamerica.com > > > > ======================= > > > > > > > > > > > > > -----Original Message----- > > > > > From: Scott Hilton [mailto:kupek@earthlink.net] > > > > > Sent: Wednesday, January 24, 2001 6:36 PM > > > > > To: scott@link-net.com; freebsd-security@freebsd.org > > > > > Subject: RE: OpenSSH b0rked (was RE: Problems with IPFW patch) > > > > > > > > > > > > > > > What's wrong with OpenSSH? The only problem I encountered > > > > > with it was the > > > > > following message when trying to start it: > > > > > > > > > > fatal: ConnectionsPerPeriod has been deprecated > > > > > > > > > > > > > > > I was looking around for a few minutes, and found the following: > > > > > > > > > > > > ================================================================= > > > > > = Changes from previous versions > > = > > > > > > > ================================================================= > > > > > > > > > > 2.3.0: > > > > > We link with OpenSSL 0.9.6 now. > > > > > > > > > > Diffs from the FreeBSD version are not distributed right > > > > > now (but will be). > > > > > > > > > > ConnectionsPerPeriod is currently not integrated. > > > > > Consider using MaxStartups instead. If you still need > > > > > ConnectionsPerPeriod, bug me and I may do it. > > > > > > > > > > > > > > > I commented out ConnectionsPerPeriod in /etc/ssh/sshd_config > > > > > and sshd loaded > > > > > without any problems. > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > Yeah, now if I could just figure out what was wrong > > with the openssh > > > > > implementation in the core system. Openssh (ports tree > > > > > version) has an > > > > > annoying install sequence - you can't define where it gets > > > > > installed, so > > > > > the files get installed to the hard-coded directory > > tree /usr/local. > > > > > The non-working core system one normally installs sshd to > > > > > /usr/sbin and > > > > > the config files to /etc/ssh. > > > > > > > > > > What bugs me is that when this gets fixed it's going to > > > > take another 4 > > > > > hours of compiling and installing. > > > > > > > > > > Bah. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010125114228.B578>