From owner-freebsd-security Thu Jan 25 2:36:27 2001 Delivered-To: freebsd-security@freebsd.org Received: from server1.link-net.com (link-net.com [209.10.61.231]) by hub.freebsd.org (Postfix) with ESMTP id 39E9837B402 for ; Thu, 25 Jan 2001 02:36:06 -0800 (PST) Received: from scott1 (scott1.link-net.com [209.10.61.241]) by server1.link-net.com (Post.Office MTA v3.5.3 release 223 ID# 0-52894U200L100S0V35) with SMTP id com; Thu, 25 Jan 2001 02:36:05 -0800 Reply-To: From: "Scott Raymond" To: "Peter Pentchev" Cc: "Me" , Subject: RE: OpenSSH b0rked (was RE: Problems with IPFW patch) Date: Thu, 25 Jan 2001 02:36:05 -0800 Keywords: FreeBSD Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) In-Reply-To: <20010125114228.B578@ringworld.oblivion.bg> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Just did that as per your suggestion. I did a "mergemaster -a -i", and followed the instructions in the FreeBSD handbook for updating /dev and /stand. Seems to have worked out pretty well, and everything is up to date. -- Scott ======================= Scott Raymond http://soundamerica.com ======================= > -----Original Message----- > From: owner-freebsd-security@FreeBSD.ORG > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Peter Pentchev > Sent: Thursday, January 25, 2001 1:42 AM > To: Scott Raymond > Cc: Me; freebsd-security@freebsd.org > Subject: Re: OpenSSH b0rked (was RE: Problems with IPFW patch) > > > You'd be better off running mergemaster anyway, after (or before) > EVERY world build/install cycle. Now God only knows how far your /etc > has strayed from the updated one, and how many programs may break or > malfunction in subtle ways :) > > G'luck, > Peter > > -- > What would this sentence be like if pi were 3? > > On Thu, Jan 25, 2001 at 01:25:08AM -0800, Scott Raymond wrote: > > I had kept that in mind before I did so. In fact, the > research I did > > suggested that I compare the file from the source tree and > the existing > > one in /etc and make changes to the one in /etc. I discovered that > > instead of editing the old one, it was simply easier to > just copy the > > file over from the source path since the only difference was the > > addition of sshd entries. > > > > -- > > Scott > > ======================= > > Scott Raymond > > http://soundamerica.com > > ======================= > > > > > > > -----Original Message----- > > > From: owner-freebsd-security@FreeBSD.ORG > > > [mailto:owner-freebsd-security@FreeBSD.ORG]On Behalf Of Me > > > Sent: Thursday, January 25, 2001 1:07 AM > > > To: freebsd-security@freebsd.org > > > Subject: Re: OpenSSH b0rked (was RE: Problems with IPFW patch) > > > > > > > > > > > > Use mergemaster .. > > > > > > I find's it to risky to just do a blind copy.. > > > > > > Soren. > > > > > > On Wed, Jan 24, 2001 at 10:50:54PM -0800, Scott Raymond wrote: > > > > Yes, once I was finished I ran into the same problem. I > > > did a bit of > > > > research - copy /usr/src/etc/pam.conf to /etc/pam.conf > - overwriting > > > > your old one. That fixed it for me - and all that was > > > needed for the > > > > fix was the config file. No reboots or restarting sshd > necessary. > > > > > > > > -- > > > > Scott > > > > ======================= > > > > Scott Raymond > > > > http://soundamerica.com > > > > ======================= > > > > > > > > > > > > > -----Original Message----- > > > > > From: Scott Hilton [mailto:kupek@earthlink.net] > > > > > Sent: Wednesday, January 24, 2001 7:32 PM > > > > > To: scott@link-net.com > > > > > Subject: RE: OpenSSH b0rked (was RE: Problems with IPFW patch) > > > > > > > > > > > > > > > hey, I just got another error when trying to log into sshd... > > > > > getting "no > > > > > modules loaded for 'sshd' service" and "fatal: PAM session > > > > > setup failed(6): > > > > > Permission denied" > > > > > > > > > > Let me know if you get the same thing... > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Scott Raymond [mailto:scott@link-net.com] > > > > > Sent: Wednesday, January 24, 2001 7:10 PM > > > > > To: Scott Hilton; freebsd-security@freebsd.org > > > > > Subject: RE: OpenSSH b0rked (was RE: Problems with IPFW patch) > > > > > > > > > > > > > > > Oh, crap. That's EXACTLY what was happening. > > > > > > > > > > Looks like it's time for another compile. Duh. > > > > > > > > > > -- > > > > > Scott > > > > > ======================= > > > > > Scott Raymond > > > > > http://soundamerica.com > > > > > ======================= > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > From: Scott Hilton [mailto:kupek@earthlink.net] > > > > > > Sent: Wednesday, January 24, 2001 6:36 PM > > > > > > To: scott@link-net.com; freebsd-security@freebsd.org > > > > > > Subject: RE: OpenSSH b0rked (was RE: Problems with > IPFW patch) > > > > > > > > > > > > > > > > > > What's wrong with OpenSSH? The only problem I encountered > > > > > > with it was the > > > > > > following message when trying to start it: > > > > > > > > > > > > fatal: ConnectionsPerPeriod has been deprecated > > > > > > > > > > > > > > > > > > I was looking around for a few minutes, and found > the following: > > > > > > > > > > > > > > > ================================================================= > > > > > > = Changes from previous versions > > > = > > > > > > > > > ================================================================= > > > > > > > > > > > > 2.3.0: > > > > > > We link with OpenSSL 0.9.6 now. > > > > > > > > > > > > Diffs from the FreeBSD version are not distributed right > > > > > > now (but will be). > > > > > > > > > > > > ConnectionsPerPeriod is currently not integrated. > > > > > > Consider using MaxStartups instead. If you still need > > > > > > ConnectionsPerPeriod, bug me and I may do it. > > > > > > > > > > > > > > > > > > I commented out ConnectionsPerPeriod in /etc/ssh/sshd_config > > > > > > and sshd loaded > > > > > > without any problems. > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > > Yeah, now if I could just figure out what was wrong > > > with the openssh > > > > > > implementation in the core system. Openssh (ports tree > > > > > > version) has an > > > > > > annoying install sequence - you can't define where it gets > > > > > > installed, so > > > > > > the files get installed to the hard-coded directory > > > tree /usr/local. > > > > > > The non-working core system one normally installs sshd to > > > > > > /usr/sbin and > > > > > > the config files to /etc/ssh. > > > > > > > > > > > > What bugs me is that when this gets fixed it's going to > > > > > take another 4 > > > > > > hours of compiling and installing. > > > > > > > > > > > > Bah. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message