Securing Ssh and problems
in [Solaris]
|
Prev: format /c0t0d0s0?
Next: NFSv4 + Linux server
From: Orkan on 19 Jul 2010 05:18 Hi Everybody, I'm trying to configure Ssh Privileged User for SunSSH on Solaris 10u8. I created sshd user: /etc/passwd: sshd:x:74:74:Privilege-separated SSH:/var/empty:/sbin/ nologin /etc/group: sshd::74: Added lines to /etc/ssh/sshd_config UseLogin yes UsePrivilegeSeparation yes and restarted ssh: svcadm disable svc:/network/ssh:default svcadm enable svc:/network/ssh:default And I cannot login :) my /var/adm/messages has these lines: fatal: Userauth method unknown while starting PAM Any ideas what I should change/add/fix ?
From: chuckers on 19 Jul 2010 20:29 On Jul 19, 6:18 pm, Orkan <orkand...(a)gmail.com> wrote: > Hi Everybody, > > I'm trying to configure Ssh Privileged User for SunSSH on Solaris > 10u8. I created sshd user: > > /etc/passwd: sshd:x:74:74:Privilege-separated SSH:/var/empty:/sbin/ > nologin > /etc/group: sshd::74: > > Added lines to /etc/ssh/sshd_config > > UseLogin yes > UsePrivilegeSeparation yes > > and restarted ssh: > > svcadm disable svc:/network/ssh:default > svcadm enable svc:/network/ssh:default > > And I cannot login :) > > my /var/adm/messages has these lines: > > fatal: Userauth method unknown while starting PAM > > Any ideas what I should change/add/fix ? I believe you just need to remove the "UsePrivilegeSeperation yes" line from your config if you are going to use the ssh included with Solaris 10. This is sort of a "bug" with Solaris 10 version of ssh. Solaris ssh always uses privilege separation and you can't turn it off. Having the line in the config file glorps it up a bit. It would be nicer if it silently ignored it or at least printed a more helpful message stating that it was on and going to ignore the line in the config. Refer here: http://docs.sun.com/app/docs/doc/816-4557/sshuser-6?a=view
From: Orkan on 20 Jul 2010 02:51 On Jul 20, 3:29 am, chuckers <chucker...(a)gmail.com> wrote: > On Jul 19, 6:18 pm, Orkan <orkand...(a)gmail.com> wrote: > > > > > > > Hi Everybody, > > > I'm trying to configure Ssh Privileged User for SunSSH on Solaris > > 10u8. I created sshd user: > > > /etc/passwd: sshd:x:74:74:Privilege-separated SSH:/var/empty:/sbin/ > > nologin > > /etc/group: sshd::74: > > > Added lines to /etc/ssh/sshd_config > > > UseLogin yes > > UsePrivilegeSeparation yes > > > and restarted ssh: > > > svcadm disable svc:/network/ssh:default > > svcadm enable svc:/network/ssh:default > > > And I cannot login :) > > > my /var/adm/messages has these lines: > > > fatal: Userauth method unknown while starting PAM > > > Any ideas what I should change/add/fix ? > > I believe you just need to remove the "UsePrivilegeSeperation yes" > line from > your config if you are going to use the ssh included with Solaris 10. > > This is sort of a "bug" with Solaris 10 version of ssh. Solaris ssh > always > uses privilege separation and you can't turn it off. Having the line > in the > config file glorps it up a bit. It would be nicer if it silently > ignored it or > at least printed a more helpful message stating that it was on and > going to ignore > the line in the config. > > Refer here: > > http://docs.sun.com/app/docs/doc/816-4557/sshuser-6?a=view Hi Again, Thank you for your answer, that was really helpfull. I'm removing "UsePrivilegeSeparation yes" line; but leaving "UseLogin yes" line still prevents me from logging in. Any ideas about this one? Cheers, Orkan
From: chuckers on 20 Jul 2010 03:16 On Jul 20, 3:51 pm, Orkan <orkand...(a)gmail.com> wrote: > On Jul 20, 3:29 am, chuckers <chucker...(a)gmail.com> wrote: > > > > > On Jul 19, 6:18 pm, Orkan <orkand...(a)gmail.com> wrote: > > > > Hi Everybody, > > > > I'm trying to configure Ssh Privileged User for SunSSH on Solaris > > > 10u8. I created sshd user: > > > > /etc/passwd: sshd:x:74:74:Privilege-separated SSH:/var/empty:/sbin/ > > > nologin > > > /etc/group: sshd::74: > > > > Added lines to /etc/ssh/sshd_config > > > > UseLogin yes > > > UsePrivilegeSeparation yes > > > > and restarted ssh: > > > > svcadm disable svc:/network/ssh:default > > > svcadm enable svc:/network/ssh:default > > > > And I cannot login :) > > > > my /var/adm/messages has these lines: > > > > fatal: Userauth method unknown while starting PAM > > > > Any ideas what I should change/add/fix ? > > > I believe you just need to remove the "UsePrivilegeSeperation yes" > > line from > > your config if you are going to use the ssh included with Solaris 10. > > > This is sort of a "bug" with Solaris 10 version of ssh. Solaris ssh > > always > > uses privilege separation and you can't turn it off. Having the line > > in the > > config file glorps it up a bit. It would be nicer if it silently > > ignored it or > > at least printed a more helpful message stating that it was on and > > going to ignore > > the line in the config. > > > Refer here: > > >http://docs.sun.com/app/docs/doc/816-4557/sshuser-6?a=view > > Hi Again, > > Thank you for your answer, that was really helpfull. I'm removing > "UsePrivilegeSeparation yes" line; but leaving "UseLogin yes" line > still prevents me from logging in. Any ideas about this one? > > Cheers, > Orkan I suppose you remembered to restart sshd after changing the config, right? Does ssh -vvv hostname provide anything useful?
|
Pages: 1 Prev: format /c0t0d0s0? Next: NFSv4 + Linux server |