From owner-freebsd-security Thu Jan 25 1:45: 6 2001 Delivered-To: freebsd-security@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.189]) by hub.freebsd.org (Postfix) with SMTP id 12F5837B402 for ; Thu, 25 Jan 2001 01:44:22 -0800 (PST) Received: (qmail 2132 invoked by uid 1000); 25 Jan 2001 09:42:29 -0000 Date: Thu, 25 Jan 2001 11:42:29 +0200 From: Peter Pentchev To: Scott Raymond Cc: Me , freebsd-security@freebsd.org Subject: Re: OpenSSH b0rked (was RE: Problems with IPFW patch) Message-ID: <20010125114228.B578@ringworld.oblivion.bg> Mail-Followup-To: Scott Raymond , Me , freebsd-security@freebsd.org References: <20010125100729.A26350@www-student.eit.ihk.dk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from scott@link-net.com on Thu, Jan 25, 2001 at 01:25:08AM -0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org You'd be better off running mergemaster anyway, after (or before) EVERY world build/install cycle. Now God only knows how far your /etc has strayed from the updated one, and how many programs may break or malfunction in subtle ways :) G'luck, Peter -- What would this sentence be like if pi were 3? On Thu, Jan 25, 2001 at 01:25:08AM -0800, Scott Raymond wrote: > I had kept that in mind before I did so. In fact, the research I did > suggested that I compare the file from the source tree and the existing > one in /etc and make changes to the one in /etc. I discovered that > instead of editing the old one, it was simply easier to just copy the > file over from the source path since the only difference was the > addition of sshd entries. > > -- > Scott > ======================= > Scott Raymond > http://soundamerica.com > ======================= > > > > -----Original Message----- > > From: owner-freebsd-security@FreeBSD.ORG > > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Me > > Sent: Thursday, January 25, 2001 1:07 AM > > To: freebsd-security@freebsd.org > > Subject: Re: OpenSSH b0rked (was RE: Problems with IPFW patch) > > > > > > > > Use mergemaster .. > > > > I find's it to risky to just do a blind copy.. > > > > Soren. > > > > On Wed, Jan 24, 2001 at 10:50:54PM -0800, Scott Raymond wrote: > > > Yes, once I was finished I ran into the same problem. I > > did a bit of > > > research - copy /usr/src/etc/pam.conf to /etc/pam.conf - overwriting > > > your old one. That fixed it for me - and all that was > > needed for the > > > fix was the config file. No reboots or restarting sshd necessary. > > > > > > -- > > > Scott > > > ======================= > > > Scott Raymond > > > http://soundamerica.com > > > ======================= > > > > > > > > > > -----Original Message----- > > > > From: Scott Hilton [mailto:kupek@earthlink.net] > > > > Sent: Wednesday, January 24, 2001 7:32 PM > > > > To: scott@link-net.com > > > > Subject: RE: OpenSSH b0rked (was RE: Problems with IPFW patch) > > > > > > > > > > > > hey, I just got another error when trying to log into sshd... > > > > getting "no > > > > modules loaded for 'sshd' service" and "fatal: PAM session > > > > setup failed(6): > > > > Permission denied" > > > > > > > > Let me know if you get the same thing... > > > > > > > > > > > > -----Original Message----- > > > > From: Scott Raymond [mailto:scott@link-net.com] > > > > Sent: Wednesday, January 24, 2001 7:10 PM > > > > To: Scott Hilton; freebsd-security@freebsd.org > > > > Subject: RE: OpenSSH b0rked (was RE: Problems with IPFW patch) > > > > > > > > > > > > Oh, crap. That's EXACTLY what was happening. > > > > > > > > Looks like it's time for another compile. Duh. > > > > > > > > -- > > > > Scott > > > > ======================= > > > > Scott Raymond > > > > http://soundamerica.com > > > > ======================= > > > > > > > > > > > > > -----Original Message----- > > > > > From: Scott Hilton [mailto:kupek@earthlink.net] > > > > > Sent: Wednesday, January 24, 2001 6:36 PM > > > > > To: scott@link-net.com; freebsd-security@freebsd.org > > > > > Subject: RE: OpenSSH b0rked (was RE: Problems with IPFW patch) > > > > > > > > > > > > > > > What's wrong with OpenSSH? The only problem I encountered > > > > > with it was the > > > > > following message when trying to start it: > > > > > > > > > > fatal: ConnectionsPerPeriod has been deprecated > > > > > > > > > > > > > > > I was looking around for a few minutes, and found the following: > > > > > > > > > > > > ================================================================= > > > > > = Changes from previous versions > > = > > > > > > > ================================================================= > > > > > > > > > > 2.3.0: > > > > > We link with OpenSSL 0.9.6 now. > > > > > > > > > > Diffs from the FreeBSD version are not distributed right > > > > > now (but will be). > > > > > > > > > > ConnectionsPerPeriod is currently not integrated. > > > > > Consider using MaxStartups instead. If you still need > > > > > ConnectionsPerPeriod, bug me and I may do it. > > > > > > > > > > > > > > > I commented out ConnectionsPerPeriod in /etc/ssh/sshd_config > > > > > and sshd loaded > > > > > without any problems. > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > Yeah, now if I could just figure out what was wrong > > with the openssh > > > > > implementation in the core system. Openssh (ports tree > > > > > version) has an > > > > > annoying install sequence - you can't define where it gets > > > > > installed, so > > > > > the files get installed to the hard-coded directory > > tree /usr/local. > > > > > The non-working core system one normally installs sshd to > > > > > /usr/sbin and > > > > > the config files to /etc/ssh. > > > > > > > > > > What bugs me is that when this gets fixed it's going to > > > > take another 4 > > > > > hours of compiling and installing. > > > > > > > > > > Bah. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message