[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] OpenSSH questions

Subject: Re: [cobalt-security] OpenSSH questions
From: "Stephen Rice" <support@xxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 1 Jul 2002 11:07:24 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> On Monday 01 July 2002 02:24 am, David Seaton wrote:
>> [root@ns /root]# /etc/rc.d/init.d/sshd start
>> Starting sshd: This platform does not support both privilege
>> separation and compression
>> Compression disabled
>> Bad owner or mode for /var/empty/sshd

This here is your problem, the permissions(modes) or owner for the directory
/var/empty/sshd were wrong.

>> ERROR!
>> [root@ns /root]# cd /var/empty
>> [root@ns empty]# ls sshd

If you'd done an ls -l here we'd be able to see the problem!

>> [root@ns empty]# rmdir sshd

The problem is not that the directory should not be there, the problem is
that its got the wrong permissions. The directory *is* needed, which is
why...

>> [root@ns empty]# /etc/rc.d/init.d/sshd start
>> Starting sshd: This platform does not support both privilege
>> separation and compression
>> Compression disabled
>> Missing privilege separation directory: /var/empty/sshd

...deleting it doesn't help either! You now have an error message
complaining that the directory is missing.

>> ERROR!
>> [root@ns empty]#

>> What does this mean? How do I get SSH back?

Geralod wrote:

> mkdir /var/empty
> chown root:root /var/empty
> chmod 755 /var/empty

This is pretty much it, creating the directory, and setting the
owner/modes/permissions correctly. However, some packages of sshd (including
the one that you're using it seems) expect the privilege separation
directory to be /var/empty/sshd, rather than just /var/empty, so you'll need
to do:

[as root]
mkdir /var/empty/sshd
chown root:root /var/empty/sshd
chmod 755 /var/empty/sshd

> edit sshd_config
> Compression  no

On platforms where privilege seperation and compression are not supported,
it *is* correct to switch compression off to allow sshd to run. However,
from looking at the messages above, it looks like the package-installed sshd
start script is handling this.

>> Starting sshd: This platform does not support both privilege
>> separation and compression
>> Compression disabled

Given that it knows what its doing, you may as well leave sshd_config alone,
and should this ever get fixed, no doubt the package will be updated to no
longer disable compression on startup. So you may as well try leaving
sshd_config alone and seeing if it works.

Hope this helps!

Cheers
Stephen

Prev by Date: Re: [cobalt-security] OpenSSH questions
Next by Date: [cobalt-security] RaQ3 OpenSSH_3.4p1 password
Previous by thread: Re: [cobalt-security] OpenSSH questions
Next by thread: [cobalt-security] SSH Protocol 2

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index