[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: OpenSSH uploaded replacing ssh, please test

On Wed, Nov 03, 1999 at 03:19:00AM +0000, Philip Hands wrote:
> Hi,
> I've just uploaded OpenSSH, the binary package for which I've called
> ``ssh'' so it will replace the non-free version in due course.
> I've also uploaded the old ssh, which is now called ssh-nonfree.
> I'd appreciate it if people would test it, since it would be nice to
> have a free version of SSH ready for 2.2

I compiled this for sparc with no problems. The new client worked with no
problems going to a standard server (master) and an old client connected
with no problems to the new server. Great work :)

A few notes you might want to check, here is a slightly better pam.d file:

auth       required     pam_nologin.so
auth       required     pam_unix.so
auth       required     pam_env.so # [1]
account    required     pam_unix.so

session    required     pam_unix.so
session    optional     pam_lastlog.so # [1]
session    optional     pam_motd.so # [1]
session    optional     pam_mail.so standard # [1]

account    required     pam_unix.so

password   required     pam_unix.so

# Alternate strength checking for password. Note that this
# requires the libpam-cracklib package to be installed.
# You will need to comment out the password line above and
# uncomment the next two in order to use this.
# password required       pam_cracklib.so retry=3 minlen=6 difok=3
# password required       pam_unix.so use_authtok nullok md5

# end pam.d/ssh file

[1] If you use these modules, then just disable the equivilant standard
options available in openssh (/etc/environment parsing, motd, mail status
and lastlog printing). The reason for this is because they use the PAM
conversation functions, and better completes the usage of this library.

Also note, that the old pam_unix_*.so modules are now just symlinks to the
single pam_unix.so module, might as well just reference that.

By default, we want to stick with simple pam_unix.so for passwords in
Debian. The cracklib module should only be used when the admin
intentionally sets it up this way (most of this I took right from the
login pam.d file that I created for shadow).

Hope this help,

Reply to: