Visit Our UNIX and Linux User Community


SSH, again...


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users SSH, again...
# 1  
Old 07-26-2002
SSH, again...

After recompiling ssh for my sol8 box, i wanted to start sshd.
But I get this very strange message ( it's in english, but doesn't mean anytrhing to me!!):
Privilege separation user sshd does not exist
Does this mean i have to create a user "sshd" seams strange to me...

For those of you who understand what that means, i don't know if it will be of any help, to give the error code ($?=255)...

Any other ideas?
penguin-friend
# 2  
Old 07-26-2002
One of my fellow workers, a UNIX expert (someday to be guru) says yes. He said to take a look at Sunfreeware.com openssh for complete info on set up. Something about setting up a user and empty directory (look at Step Three on the web page).
# 3  
Old 07-28-2002
its because sshd wants to be run as the user named ssh. It didnt make the user when you installed. I dont know what you will have to do to make the user ssh, as its a special user.
# 4  
Old 07-29-2002
Thanx both of you!
I had to create the user sshd, here's what I did:

mkdir /var/empty
chown root:sys /var/empty
chmod 755 /var/empty
groupadd sshd
useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd

Thanx for all help!
Smilie
penguin-friend
# 5  
Old 07-31-2002
Additional Info

Recent versions of OpenSSH include a feature called Privilege Separation. This allows as much of sshd as possible to run as a non-privileged user (sshd), rather than as root.

In previous versions, you may notice that each SSH connection spawns an individual sshd process as the root user. Current versions with privilege separation enabled will spawn one process as the root user, which runs as little code as possible. This process is chrooted in /var/empty, which should be an empty, restricted directory. A second process is spawned as the login user, which contains code that does not need escalated privileges to run. This is a preventitive measure; any bugs/exploits found in the sshd code are now more likely to be found in portions of the code that are running as a non-privileged user, hindering an attacker's ability to gain root privileges on the machine.

Privilege separation may be disabled in sshd_config with:
UsePrivilegeSeparation no
# 6  
Old 08-01-2002
Here's another problem with SSH

Another problem i noticed:

I'm working on a Solaris 9 for test, and ssh is installed natively.
When i try to pass a ssh command, here's what i get:
$ ssh mouton uname -a
root mouton's password: ******
SunOS mouton 5.9 Generic sun4m sparc
SUNW,SPARCstation-20

Here's my sshd_config:
Port 22
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 768
LoginGraceTime 600
KeyRegenerationInterval 3600
PermitRootLogin yes

SyslogFacility LOCAL6
LogLevel INFO

RhostsAuthentication no

What should i modify to get directly the result without entering the root password?

Thanx...
penguin-friend
# 7  
Old 08-01-2002
If you need to log in as a user other than the current username on the local side (e.g. you're logged in as penguin, and want to log in to the remote machine as tux, not penguin), specify the username either with the -l (login) option, or username@host format.

$ ssh tux@mouton uname -a

or

$ ssh -l tux mouton uname -a

If you're wanting to run remote commands without entering your password every time, read up on SSH public-key authentication. When you have your public-key auth set up correctly between the two machines, use ssh-agent(1) to store your password locally, and authenticate you to other servers. The ssh-agent program will prompt you only once for your private key passphrase, then do authentication to other machines for you until you kill the ssh-agent process.

If you create your private key without a passphrase (by pressing Enter when prompted for passphrase), it will be unencrypted and you will never need to input a passphrase to decrypt your private key for authentication. I do not recommend this method when it can be avoided, for the obvious security reasons (if someone obtains access to the file, it is unprotected and they will be able to authenticate as you to other machines).

Previous Thread | Next Thread
Test Your Knowledge in Computers #34
Difficulty: Medium
When a computer is first powered on, the special type of absolute loader is known as the pre-boot loader.
True or False?

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Find active SSH servers w/ ssh keys on LAN

Hi, I am trying to complete my bash script in order to find which SSH servers on LAN are still active with the ssh keys, but i am frozen at this step: #!/bin/bash # LAN SSH KEYS DISCOVERY SCRIPT </etc/passwd \ grep /bin/bash | cut -d: -f6 | sudo xargs -i -- sh -c ' && cat... (11 Replies)
Discussion started by: syrius
11 Replies

2. UNIX for Beginners Questions & Answers

Ssh script to validate ssh connection to multiple serves with status

Hi, I want to validate ssh connection one after one for multiple servers..... password less keys already setup but now i want to validate if ssh is working fine or not... I have .sh script like below and i have servers.txt contains all the list of servers #/bin/bash for host in $(cat... (3 Replies)
Discussion started by: sreeram4
3 Replies

3. Shell Programming and Scripting

Check if file exists via ssh in ssh (nested)

I'm using redhat and have an odd issue with a nested ssh call. ssh -i ~/.ssh/transfer-key -q transfer@fserver1 ] && ssh -i ~/.ssh/transfer-key transfer@fserver1 "ssh -i ~/.ssh/sftp-key sftpin@10.0.0.1 ]" && ssh -i ~/.ssh/transfer-key transfer@fserver1 "scp -i ~/.ssh/sftp-key /home/S/outbox/*... (2 Replies)
Discussion started by: say170
2 Replies

4. UNIX for Dummies Questions & Answers

SSH tunnel working for ssh but not for sshfs

I'm trying to setup a link between my home pc (work-machine) and a server at work (tar-machine) that is behind a gateway (hop-machine) and not directly accessible. my actions: work-machine$ ssh -L 1234:tar-machine:22 hop-machine work-machine$ ssh -p 1234 user@127.0.0.1 - shh access on... (1 Reply)
Discussion started by: Vathau
1 Replies

5. Shell Programming and Scripting

Ssh = ssh expect and keep everything not change include parameter postion

I have write a script which contains ssh -p 12345 dcplatform@10.125.42.50 ssh 127.0.0.1 -p 5555 "$CMD" ssh root@$GUEST_IP "$CMD" before I use public key, it works well, now I want to change to "expect", BUT I don't want to change above code and "parameter position" I can post a... (1 Reply)
Discussion started by: yanglei_fage
1 Replies

6. UNIX for Dummies Questions & Answers

SSH SSH encountered 1 errors during the transfer

This issue was resolved due to using the correct user transferring the file over to the desktop. (1 Reply)
Discussion started by: Computergal2104
1 Replies

7. Shell Programming and Scripting

Using ssh to add register key on ssh server

Hi, I want to use ssh to add a register key on remote ssh server. Since there are space characters in my register key string, it always failed. If there is no space characters in the string, it worked fine. The following is what I have tried. It seems that "ssh" command doesn't care about double... (9 Replies)
Discussion started by: leaftree
9 Replies

8. Shell Programming and Scripting

could not send commands SSH session with Net::SSH::Expect

I am using Net::SSH::Expect to connect to the device(iLO) with SSH. After the $ssh->login() I'm able to view the prompt, but not able to send any coommands. With the putty I can connect to the device and execute the commands without any issues. Here is the sample script my $ssh =... (0 Replies)
Discussion started by: hansini
0 Replies

9. Cybersecurity

What's the difference between an SSH Client and an SSH Server?

Eh... yeah. What the title says. :D (1 Reply)
Discussion started by: PSC
1 Replies

Featured Tech Videos