Results 1 to 5 of 5

Thread: Problems installing OpenSSH 3.4p1

  1. #1
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356

    Question Problems installing OpenSSH 3.4p1

    Have a sparc 2.8 system compiling with gcc. I have compiled versions for the last couple of years with absolutely no problems, but it looks like since the last time I compiled SSH and the current release it now has something that looks like it is a required feature (privelage seperation),.

    I first tried to turn it off in the configure script by adding a --disable-privsep but that didn't work...

    So then I tried to go along with it, and realized that it wanted to use a false shelled account of 'sshd', which I really didn't want to do, so I added the configure options of --with-privsep-user=nobody (which is a valid, no privelage user on Solaris).

    So I compile it, make it and everything is fine, I go through the 'make install' and at the very end
    it gives a wierd message of 'there is no such user as nobody, but then proceeds to print out its uid and gid' ?

    Has anyone run into this problem ? I should be able to use user 'nobody' right , things like this are what its for ? I would really rather avoid creating another account...

    Ideas ?

    Neb
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  2. #2
    Junior Member
    Join Date
    Oct 2001
    Posts
    3
    The problem with "nobody" is that it's a catchall. Anonymous NFS mounts map to nobody. Apache also runs by default as nobody. If someone breaks sshd and becomes the user sshd runs as, it's best to have only one thing running as that user.

    As to the reason why you are getting this error, did you try putting in the uid instead of the name? I have only worked with the 3.3p1 (aka The Broken Version), so I am only speaking theoretically.

    Think how long it takes you to create an ssh user/group and then think about how much time you have spent on avoiding the need to create the user/group...

    Hope this helps.

  3. #3
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Thanks, I will try the uid instead...I think it is just a makefile issue. Gonna look at that shortly...
    If I figure it out I will post it...

    There are other issues involved with the system, don't really want to get too specific about it, but it would be much more of a headache to have a new user than it would to use nobody or nobody4 or nouser, etc...And there are 'nobody' equiv accounts that are not currently used by daemons, so that shouldn't be too much of an issue...

    Neb
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  4. #4
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Just an FYI, I took a closer look at the makefile and it turns out it is just an ambigious message from the 'make install' routine. I went around and looked at all the binaries and they all appear to load correctly and work without problems (although it does complain about not being able to use compression because of user seperation,but that is already in the privsep readme)...
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  5. #5
    Junior Member
    Join Date
    Oct 2001
    Posts
    3
    If that's the only error you get, you are all set. Thanks for the info.

    I hear the OpenSSH folks are getting out of the porting business. This should be interesting to see what happens.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •