Re: OpenSSH uploaded replacing ssh, please test
On Wed, Nov 03, 1999 at 03:19:00AM +0000, Philip Hands wrote:
> Hi,
>
> I've just uploaded OpenSSH, the binary package for which I've called
> ``ssh'' so it will replace the non-free version in due course.
>
> I've also uploaded the old ssh, which is now called ssh-nonfree.
>
> I'd appreciate it if people would test it, since it would be nice to
> have a free version of SSH ready for 2.2
I compiled this for sparc with no problems. The new client worked with no
problems going to a standard server (master) and an old client connected
with no problems to the new server. Great work :)
A few notes you might want to check, here is a slightly better pam.d file:
#%PAM-1.0
auth required pam_nologin.so
auth required pam_unix.so
auth required pam_env.so # [1]
account required pam_unix.so
session required pam_unix.so
session optional pam_lastlog.so # [1]
session optional pam_motd.so # [1]
session optional pam_mail.so standard # [1]
account required pam_unix.so
password required pam_unix.so
# Alternate strength checking for password. Note that this
# requires the libpam-cracklib package to be installed.
# You will need to comment out the password line above and
# uncomment the next two in order to use this.
#
# password required pam_cracklib.so retry=3 minlen=6 difok=3
# password required pam_unix.so use_authtok nullok md5
# end pam.d/ssh file
[1] If you use these modules, then just disable the equivilant standard
options available in openssh (/etc/environment parsing, motd, mail status
and lastlog printing). The reason for this is because they use the PAM
conversation functions, and better completes the usage of this library.
Also note, that the old pam_unix_*.so modules are now just symlinks to the
single pam_unix.so module, might as well just reference that.
By default, we want to stick with simple pam_unix.so for passwords in
Debian. The cracklib module should only be used when the admin
intentionally sets it up this way (most of this I took right from the
login pam.d file that I created for shadow).
Hope this help,
Ben
Reply to: