From owner-freebsd-security Mon Jun 24 23:51:49 2002 Delivered-To: freebsd-security@freebsd.org Received: from smtp.web.de (smtp01.web.de [194.45.170.210]) by hub.freebsd.org (Postfix) with ESMTP id 3C7E837B779 for ; Mon, 24 Jun 2002 23:47:42 -0700 (PDT) Received: from [80.129.115.197] (helo=floundjan.homeip.net) by smtp.web.de with esmtp (WEB.DE(Exim) 4.70 #5) id 17Mk72-00064h-00 for freebsd-security@FreeBSD.ORG; Tue, 25 Jun 2002 08:47:40 +0200 Received: from localhost (localhost.lan [127.0.0.1]) by floundjan.homeip.net (Postfix on FreeBSD 4.5) with ESMTP id B9B1C40A for ; Tue, 25 Jun 2002 08:47:38 +0200 (CEST) Received: from jan-linnb.lan (jan-linnb.lan [192.168.0.25]) by floundjan.homeip.net (Postfix on FreeBSD 4.5) with ESMTP id 4CD2A3B2 for ; Tue, 25 Jun 2002 08:47:35 +0200 (CEST) Subject: How to check if "UsePrivilegeSeparation" works in OpenSSH? From: Jan Lentfer To: freebsd-security@FreeBSD.ORG Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Mailer: Ximian Evolution 1.0.7 Date: 25 Jun 2002 08:46:40 +0200 Message-Id: <1024987600.2078.10.camel@jan-linnb.lan> Mime-Version: 1.0 X-Virus-Scanned: by AMaViS perl-10 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, i replaced the base OpenSSH with 3.3p from the ports typing: bash-2.05# make -DOPENSSH_OVERWRITE_BASE bash-2.05# make -DOPENSSH_OVERWRITE_BASE install I then added "sshd_program=/usr/local/sbin/sshd" to /etc/rc.conf and uncommented NO_OPENSSH=true and NO_OPENSSL=true in etc make.conf. Finally I added "UsePrivilegeSeparation yes" to /etc/ssh/sshd_config and SIGHUPed sshd. sshd -V no reports version 3.3. Am I set and done? Is there a way to check if Privilege Seperation really works? Many thanks in advance, Jan PS: Sorry if this is a newbie question or has already been discussed elsewhere To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message