Date: Tue, 25 Jun 2002 00:58:13 -0700 From: Brian Nelson <notgod@notgod.com> To: Jan Lentfer <Jan.Lentfer@web.de> Cc: freebsd-security@FreeBSD.ORG Subject: Re: How to check if "UsePrivilegeSeparation" works in OpenSSH? Message-ID: <3D182295.2070409@notgod.com> References: <1024987600.2078.10.camel@jan-linnb.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
Jan Lentfer wrote: > Hi all, > > i replaced the base OpenSSH with 3.3p from the ports typing: > > bash-2.05# make -DOPENSSH_OVERWRITE_BASE > bash-2.05# make -DOPENSSH_OVERWRITE_BASE install > > I then added "sshd_program=/usr/local/sbin/sshd" to /etc/rc.conf and > uncommented NO_OPENSSH=true and NO_OPENSSL=true in etc make.conf. Since you're overwriting the base, this might break things for you. > Finally I added "UsePrivilegeSeparation yes" to /etc/ssh/sshd_config and > SIGHUPed sshd. sshd -V no reports version 3.3. "hupping" the running daemon tells it to re-read the configuration (for most applications)... you need to kill the listening process and re-start it... the child processes shoudl remain, so you won't lose your connection (at least, this has been my experience in the past)... to 'test' telnet to port 22 on the box and see what the header tells you the version is :) sshd -V doesn't tell you the version of the running processes... :) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D182295.2070409>