Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 26 Jun 2002 07:50:41 -0400
From:      Chris Faulhaber <jedgar@fxp.org>
To:        Peter Wemm <peter@wemm.org>
Cc:        Dag-Erling Smorgrav <des@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/secure Makefile.inc src/secure/lib/libssh Makefile src/secure/libexec/sftp-server Makefile src/secure/usr.bin/scp Makefile src/secure/usr.bin/sftp Makefile src/secure/usr.bin/ssh Makefile src/secure/usr.bin/ssh-add Makefile ...
Message-ID:  <20020626115040.GA76397@peitho.fxp.org>
In-Reply-To: <20020626112345.D3C143811@overcee.wemm.org>
References:  <20020626111719.8D1173811@overcee.wemm.org> <20020626112345.D3C143811@overcee.wemm.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--AqsLC8rIMeq19msA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jun 26, 2002 at 04:23:45AM -0700, Peter Wemm wrote:
> Peter Wemm wrote:
> > Dag-Erling Smorgrav wrote:
> >=20
> > >     secure/usr.sbin/sshd Makefile=20
> > >   Log:
> > >   No guts, no glory.  Switch to OpenSSH-portable.
> >=20
> > On logging into ref5.freebsd.org, we get a pair of these each time:
> >=20
> > Jun 26 04:12:56 ref5 sshd[247]: /var/log/lastlog: Permission denied
> > Jun 26 04:12:56 ref5 sshd[247]: in _openpam_check_error_code(): pam_sm_=
setcre
>     d(): unexpected return value 24
>=20
> Another thing for the whiteboard:
>=20
> peter@ref5[4:17am]~-103> ps -ax | grep sshd
>   184  ??  Ss     0:00.92 /usr/sbin/sshd
>   245  ??  I      0:00.19 sshd: peter [priv] (sshd)
>   247  ??  S      0:00.18 sshd: peter@ttyp0 (sshd)
>   264  ??  S      0:00.19 sshd: peter [priv] (sshd)
>   266  ??  S      0:00.14 sshd: peter@ttyp1 (sshd)
>=20
> The @ttyp0 etc is missing from the [priv] process from each login.
>=20

=46rom looking at README.privsep from the openssh-portable distribution,
the privileged process does not have @ttypX:

  Note that for a normal interactive login with a shell, enabling privsep
  will require 1 additional process per login session.

  Given the following process listing (from HP-UX):

       UID   PID  PPID  C    STIME TTY       TIME COMMAND
      root  1005     1  0 10:45:17 ?         0:08 /opt/openssh/sbin/sshd -u0
      root  6917  1005  0 15:19:16 ?         0:00 sshd: stevesk [priv]
   stevesk  6919  6917  0 15:19:17 ?         0:03 sshd: stevesk@2
   stevesk  6921  6919  0 15:19:17 pts/2     0:00 -bash

  process 1005 is the sshd process listening for new connections.
  process 6917 is the privileged monitor process, 6919 is the user owned
  sshd process and 6921 is the shell process.

--=20
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

--AqsLC8rIMeq19msA
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (FreeBSD)
Comment: FreeBSD: The Power To Serve

iD8DBQE9GaqQObaG4P6BelARAkNcAJ968/vFgG9GyhjkOApRBeMJDc//MgCePYqr
hyq9HFkwDJoqsiEYD/0Pcoc=
=vgSW
-----END PGP SIGNATURE-----

--AqsLC8rIMeq19msA--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020626115040.GA76397>