[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

SSH stuff... (from slashdot)



Is this true?

-----Forward----
The privilege separation code in OpenSSH 3.3 does not work with 2.2 Linux
kernels.

It relies on mmap() semantics that aren't supported before kernel 2.4 (maybe
2.3.x). OpenSSH will configure, compile, and install successfully. It will
start up, but it will NOT accept connections.

Your clients will get a "broken pipe" message, your syslog will get an
"mmap: invalid parameter" message.

The solutions are:
Upgrade to kernel 2.4 or higher.
    
Don't compile in Privilege Separation.
    
You might be able to compile privsep in and disable it, but I couldn't get
this to work. Maybe I had a typo in my config file. I dunno.



I didn't see this anywhere until I dug into my syslog and then the OpenSSH
mailing list. You have been warned.

If you do have kernel 2.4, you should read README.privsep in the openssh
source distro, since you need to create a special directory and user/group
for this (which also bit me in the butt...even if sshd had worked on 2.2,
when I restarted it remotely, it didn't come back up because it didn't have
that user...yeah, yeah, rtfm. :) )
----- End forwarded message -----

Attachment: pgpqx65ICjcPn.pgp
Description: PGP signature


Reply to: