Date: Tue, 25 Jun 2002 18:02:45 +1200 (NZST) From: Andrew McNaughton <andrew@scoop.co.nz> To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: Workarounds for OpenSSH problems Message-ID: <20020625175531.F58819-100000@a2> In-Reply-To: <4.3.2.7.2.20020624231924.00db8360@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Jun 2002, Brett Glass wrote: > A few quick questions. > > Has anyone on the list successfully used privilege separation on the > OpenSSH 3.3p that's now in the ports tree? Does it work? Does privilege > separation have any negative side effects, such as disabling compression I've installed it. It griped and wouldn't start without `mkdir /var/empty`. Having added that it's running, but it hasn't griped about the lack of an 'sshd' user/group. I added them anyway. I don't see any sign of an sshd process running as anything other than root though. Compression is enabled when I connect, but I'm not sure that the privilege separation is actually working. > or some forms of authentication? Since I have a lot of systems to cover, > is it possible to copy just the SSHD binary of the later version over the > one that's installed by default when one installs FreeBSD? (I'd rather do > this than mess with installing a port -- especially since many of my > production machines don't have the ports collection. It's a disk hog.) `make package` on one machine, and then install from the package on the others. It's somewhat dependent on keeping your machines versions in sync, but then its also a strategy which makes it easier tokeep everythin in sync. Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020625175531.F58819-100000>