From owner-freebsd-security  Mon Jun 24 23:51:49 2002
Delivered-To: freebsd-security@freebsd.org
Received: from smtp.web.de (smtp01.web.de [194.45.170.210])
	by hub.freebsd.org (Postfix) with ESMTP id 3C7E837B779
	for <freebsd-security@freebsd.org>; Mon, 24 Jun 2002 23:47:42 -0700 (PDT)
Received: from [80.129.115.197] (helo=floundjan.homeip.net)
	by smtp.web.de with esmtp (WEB.DE(Exim) 4.70 #5)
	id 17Mk72-00064h-00
	for freebsd-security@FreeBSD.ORG; Tue, 25 Jun 2002 08:47:40 +0200
Received: from localhost (localhost.lan [127.0.0.1])
	by floundjan.homeip.net (Postfix on FreeBSD 4.5) with ESMTP id B9B1C40A
	for <freebsd-security@FreeBSD.ORG>; Tue, 25 Jun 2002 08:47:38 +0200 (CEST)
Received: from jan-linnb.lan (jan-linnb.lan [192.168.0.25])
	by floundjan.homeip.net (Postfix on FreeBSD 4.5) with ESMTP id 4CD2A3B2
	for <freebsd-security@FreeBSD.ORG>; Tue, 25 Jun 2002 08:47:35 +0200 (CEST)
Subject: How to check if "UsePrivilegeSeparation" works in OpenSSH?
From: Jan Lentfer <Jan.Lentfer@web.de>
To: freebsd-security@FreeBSD.ORG
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Mailer: Ximian Evolution 1.0.7 
Date: 25 Jun 2002 08:46:40 +0200
Message-Id: <1024987600.2078.10.camel@jan-linnb.lan>
Mime-Version: 1.0
X-Virus-Scanned: by AMaViS perl-10
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi all,

i replaced the base OpenSSH with 3.3p from the ports typing:

 bash-2.05# make -DOPENSSH_OVERWRITE_BASE
 bash-2.05# make -DOPENSSH_OVERWRITE_BASE install

I then added "sshd_program=/usr/local/sbin/sshd" to /etc/rc.conf and
uncommented NO_OPENSSH=true and NO_OPENSSL=true in etc make.conf.

Finally I added "UsePrivilegeSeparation yes" to /etc/ssh/sshd_config and
SIGHUPed sshd. sshd -V no reports version 3.3.

Am I set and done? Is there a way to check if Privilege Seperation
really works?

Many thanks in advance,

Jan


PS: Sorry if this is a newbie question or has already been discussed
elsewhere


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message