[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] OpenSSH questions
- Subject: Re: [cobalt-security] OpenSSH questions
- From: "Stephen Rice" <support@xxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 1 Jul 2002 11:07:24 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> On Monday 01 July 2002 02:24 am, David Seaton wrote:
>> [root@ns /root]# /etc/rc.d/init.d/sshd start
>> Starting sshd: This platform does not support both privilege
>> separation and compression
>> Compression disabled
>> Bad owner or mode for /var/empty/sshd
This here is your problem, the permissions(modes) or owner for the directory
/var/empty/sshd were wrong.
>> ERROR!
>> [root@ns /root]# cd /var/empty
>> [root@ns empty]# ls sshd
If you'd done an ls -l here we'd be able to see the problem!
>> [root@ns empty]# rmdir sshd
The problem is not that the directory should not be there, the problem is
that its got the wrong permissions. The directory *is* needed, which is
why...
>> [root@ns empty]# /etc/rc.d/init.d/sshd start
>> Starting sshd: This platform does not support both privilege
>> separation and compression
>> Compression disabled
>> Missing privilege separation directory: /var/empty/sshd
...deleting it doesn't help either! You now have an error message
complaining that the directory is missing.
>> ERROR!
>> [root@ns empty]#
>> What does this mean? How do I get SSH back?
Geralod wrote:
> mkdir /var/empty
> chown root:root /var/empty
> chmod 755 /var/empty
This is pretty much it, creating the directory, and setting the
owner/modes/permissions correctly. However, some packages of sshd (including
the one that you're using it seems) expect the privilege separation
directory to be /var/empty/sshd, rather than just /var/empty, so you'll need
to do:
[as root]
mkdir /var/empty/sshd
chown root:root /var/empty/sshd
chmod 755 /var/empty/sshd
> edit sshd_config
> Compression no
On platforms where privilege seperation and compression are not supported,
it *is* correct to switch compression off to allow sshd to run. However,
from looking at the messages above, it looks like the package-installed sshd
start script is handling this.
>> Starting sshd: This platform does not support both privilege
>> separation and compression
>> Compression disabled
Given that it knows what its doing, you may as well leave sshd_config alone,
and should this ever get fixed, no doubt the package will be updated to no
longer disable compression on startup. So you may as well try leaving
sshd_config alone and seeing if it works.
Hope this helps!
Cheers
Stephen