From owner-freebsd-security  Mon Jun 24 23:27:49 2002
Delivered-To: freebsd-security@freebsd.org
Received: from boleskine.patpro.net (boleskine.patpro.net [62.4.20.155])
	by hub.freebsd.org (Postfix) with ESMTP id 19E9B37B492
	for <security@FreeBSD.ORG>; Mon, 24 Jun 2002 23:27:14 -0700 (PDT)
Received: from localhost (cassandre [192.168.0.1])
	by boleskine.patpro.net (8.11.3/8.11.3) with ESMTP id g5P6RHY46068
	for <security@FreeBSD.ORG>; Tue, 25 Jun 2002 08:27:17 +0200 (CEST)
	(envelope-from patpro@patpro.net)
Date: Tue, 25 Jun 2002 08:27:12 +0200
Subject: Re: Workarounds for OpenSSH problems
Content-Type: text/plain; charset=US-ASCII; format=flowed
Mime-Version: 1.0 (Apple Message framework v482)
From: patpro <patpro@patpro.net>
To: security@FreeBSD.ORG
Content-Transfer-Encoding: 7bit
In-Reply-To: <20020625175531.F58819-100000@a2>
Message-Id: <957C6FD8-8804-11D6-919D-0030654D97EC@patpro.net>
X-Mailer: Apple Mail (2.482)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On mardi, juin 25, 2002, at 08:02 , Andrew McNaughton wrote:

> I've installed it.  It griped and wouldn't start without `mkdir
> /var/empty`.  Having added that it's running, but it hasn't griped about
> the lack of an 'sshd' user/group.  I added them anyway.  I don't see any
> sign of an sshd process running as anything other than root though.
> Compression is enabled when I connect, but I'm not sure that the privilege
> separation is actually working.

If you read the README.privsep in the source directory (found in /usr/ports/
distfiles/openssh-3.3p1.tar.gz if you upgraded using ports) and follow the 
instruction.
You should have then a functional privsep :

bash-2.05a$ ps -aux | grep sshd | grep -v grep
root     178  0.0  1.3  2088 1180  ??  Is    4:40PM   0:00.20 
/usr/local/sbin/sshd
root   61294  0.0  1.8  4868 1656  ??  I     8:21AM   0:00.05 sshd: patpro 
[priv] (sshd)
patpro 61296  0.0  1.9  5000 1744  ??  S     8:21AM   0:00.14 sshd: patpro@
ttyp0 (sshd)

(FreeBSD 4.4)

patpro


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message