8.0 openssh update?
hmmm .... i must have missed something. i do a clean install of suse 8.0, then when i install the current versions of openssh and openssl: bil:~ # rpm -q openssh openssh-3.4p1-78 bil:~ # rpm -q openssl openssl-0.9.6c-80 sshd now fails to start at boot time. did i miss something in the annoucements about the openssh rpm? -- michael
At Dienstag, 24. September 2002 22:08 Michael Galloway wrote:
hmmm ....
i must have missed something.
Yes. You missed to read the security lists.
allthough they i do a clean install of suse 8.0, then when i install the current versions of openssh and openssl:
Suse did not miss to patch the packages keeping the original version numbers as they were. That's certainly misleading for my taste, but that's how the guysNgirls at suse are doing it.
sshd now fails to start at boot time.
That must be a problem on your machine; the package is doing fine on my machines. Greetings -- Michael Zimmermann (http://vegaa.de)
Moin Michael! Michael Zimmermann schrieb am Mittwoch, den 25. September 2002:
At Dienstag, 24. September 2002 22:08 Michael Galloway wrote:
hmmm ....
i must have missed something.
Yes. You missed to read the security lists.
thank you for that insight. bah!
sshd now fails to start at boot time.
That must be a problem on your machine; the package is doing fine on my machines.
its really not very complicated. i install 8.0, i install the current openssl and openssh packages off the suse ftp site, now ssh does not start at boot time. period, simple as that. i've been using suse since before 5.1, so i have done an install or two. thanks again for your help with this problem. -- michael
At Mittwoch, 25. September 2002 02:45 Michael Galloway wrote:
Moin Michael!
Good morning!
[I wrote to you] You missed to read the security lists. thank you for that insight. bah!
'bah' is some slang meaning 'yes, you are right' ? I know, it's not easy to take a word of criticism before the first coffee. .o) This topic was on suse-security mailing list for the past two months, Olaf Kirch posted a clarifying advisory to suse-security and bugtraq with the subject line "SuSE Security Announcement: Slapper worm (SuSE-SA:2002:033)" five days ago. You certainly have not read at least one of the lists, but ask the members of suse-security for infomation. Shall I do your homework and give you a direct link to the advisory, so that you need not search the archives? Let me have my second coffee first, sir...
its really not very complicated. i install 8.0, i install the current openssl and openssh packages off the suse ftp site, now ssh does not start at boot time. period, simple as that. i've been using suse since before 5.1, so i have done an install or two.
But I doubt you did much of trouble shooting (on your own that is) in that time. Otherwise you would know that one needs to look at the corresponding log file entries or could even start the daemon manually in debug mode. If the rpm is downloaded, it's signature verified, installed correctly and the start script activated. And if you did all that, I wonder why you wouldn't show us the results of that activities.
thanks again for your help with this problem.
You are welcome, but I think, the source of your problem is not in the sshd software, but rather between the display and the keyboard. In my way (criticizing you) I'm helping with exactly that problem, as I see it. Greetings Michael -- "Ignorance" is not "not knowing" but "not wanting to know" - or believing one knows everything allready. Michael Zimmermann (http://vegaa.de)
Good morning Michael!
its really not very complicated. i install 8.0, i install the current openssl and openssh packages off the suse ftp site, now ssh does not start at boot time. period, simple as that. i've been using suse since before 5.1, so i have done an install or two.
When updating a number of machines to SuSE 8.0, I had the same problem on one of them. It turned out that /etc/init.d/rc3.d/S10sshd (which is a softlink to/etc/init.d/sshd) had not been generated. After running the command insserv sshd everything worked fine. The link should be present in /etc/init.d/rc3.d and in /etc/init.d/rc5.d/ . Apart from the above, it is worth checking if "rcsshd start" successfully starts the SSH daemon. Something like "sshd[1219]: Server listening on :: port 22." should appear in /var/log/messages. Best wishes, Nico van Eikema Hommes -- Dr. N.J.R. van Eikema Hommes Computer-Chemie-Centrum hommes@chemie.uni-erlangen.de Universitaet Erlangen-Nuernberg Phone: +49-(0)9131-8526532 Naegelsbachstrasse 25 FAX: +49-(0)9131-8526565 D-91052 Erlangen, Germany
Moin Nico! thanks for the help! the links are there: bil init.d/rc3.d# ls -l S08sshd lrwxrwxrwx 1 root root 7 Sep 24 12:26 S08sshd -> ../sshd bil init.d/rc3.d# ls -l ../rc5.d/S08sshd lrwxrwxrwx 1 root root 7 Sep 24 12:26 ../rc5.d/S08sshd -> ../sshd bil init.d/rc3.d# and sshd starts if i run rcsshd start. however, there is a line in boot.msg about there not being a sshd user for priv. sep.: Privilege separation user sshd does not exist <notice>'/etc/init.d/rc5.d/S08sshd start' exits with status 0 is the current sshd rpm not making this user correctly? there is no sshd user in /etc/passwd. -- michael Nico van Eikema Hommes schrieb am Mittwoch, den 25. September 2002:
Good morning Michael!
its really not very complicated. i install 8.0, i install the current openssl and openssh packages off the suse ftp site, now ssh does not start at boot time. period, simple as that. i've been using suse since before 5.1, so i have done an install or two.
When updating a number of machines to SuSE 8.0, I had the same problem on one of them. It turned out that /etc/init.d/rc3.d/S10sshd (which is a softlink to/etc/init.d/sshd) had not been generated. After running the command insserv sshd everything worked fine. The link should be present in /etc/init.d/rc3.d and in /etc/init.d/rc5.d/ .
Apart from the above, it is worth checking if "rcsshd start" successfully starts the SSH daemon. Something like "sshd[1219]: Server listening on :: port 22." should appear in /var/log/messages.
Best wishes,
Nico van Eikema Hommes -- Dr. N.J.R. van Eikema Hommes Computer-Chemie-Centrum hommes@chemie.uni-erlangen.de Universitaet Erlangen-Nuernberg Phone: +49-(0)9131-8526532 Naegelsbachstrasse 25 FAX: +49-(0)9131-8526565 D-91052 Erlangen, Germany
On Wed, Sep 25, 2002 at 07:26:32AM -0400, Michael Galloway wrote:
Privilege separation user sshd does not exist <notice>'/etc/init.d/rc5.d/S08sshd start' exits with status 0
is the current sshd rpm not making this user correctly? there is no sshd user in /etc/passwd.
The user should have been created, the rpm postinstall script contains the line grep -qs ^sshd: /etc/passwd || useradd -u 71 -g sshd -s /bin/false -d /var/lib/sshd sshd How did you install the rpm? Peter -- Thought is limitation. Free your mind.
Hi Peter! i've tried installing the rpms both via fou4s (fou4s -ivs) and by hand with rpm -Uvh package.rpm. -- michael On Wed, 25 Sep 2002, Peter Poeml wrote:
On Wed, Sep 25, 2002 at 07:26:32AM -0400, Michael Galloway wrote:
Privilege separation user sshd does not exist <notice>'/etc/init.d/rc5.d/S08sshd start' exits with status 0
is the current sshd rpm not making this user correctly? there is no sshd user in /etc/passwd.
The user should have been created, the rpm postinstall script contains the line grep -qs ^sshd: /etc/passwd || useradd -u 71 -g sshd -s /bin/false -d /var/lib/sshd sshd
How did you install the rpm?
Peter
-- Thought is limitation. Free your mind.
On Wed, Sep 25, 2002 at 07:48:34AM -0400, Michael Galloway wrote:
Hi Peter!
i've tried installing the rpms both via fou4s (fou4s -ivs) and by hand with rpm -Uvh package.rpm.
Hhm, that's strange. Maybe you should run rpm -Uhvv --force openssh.rpm 2>&1 | tee /tmp/rpm.out to trace what's going wrong.
The user should have been created, the rpm postinstall script contains the line grep -qs ^sshd: /etc/passwd || useradd -u 71 -g sshd -s /bin/false -d /var/lib/sshd sshd
How did you install the rpm?
Peter -- Thought is limitation. Free your mind.
Hi Peter! yup, the script thinks the user and group already exist: + '[' 0 -gt 0 ']' + chroot . /bin/bash groupadd: group sshd exists useradd: user sshd exists + cat + exit 0 even though they are not in the passwd and group files: there are sshd user and group in my nis tables, but i have files before nis in the /etc/nsswitch.conf file: passwd: files nis shadow: files nis group: files nis could that still be the problem? -- michael On Wed, 25 Sep 2002, Peter Poeml wrote:
On Wed, Sep 25, 2002 at 07:48:34AM -0400, Michael Galloway wrote:
Hi Peter!
i've tried installing the rpms both via fou4s (fou4s -ivs) and by hand with rpm -Uvh package.rpm.
Hhm, that's strange. Maybe you should run rpm -Uhvv --force openssh.rpm 2>&1 | tee /tmp/rpm.out to trace what's going wrong.
The user should have been created, the rpm postinstall script contains the line grep -qs ^sshd: /etc/passwd || useradd -u 71 -g sshd -s /bin/false -d /var/lib/sshd sshd
How did you install the rpm?
Peter
-- Thought is limitation. Free your mind.
Hi Michael,
even though they are not in the passwd and group files: there are sshd user and group in my nis tables, but i have files before nis in the /etc/nsswitch.conf file:
That may explain why it works when starting sshd interactively (NIS info is being used) but not during bootup, since sshd is started well before ypbind. Thus, the user sshd, necessary in openssh 3.x, is unknown at that time. Adding these users to the local passwd, shadow, and group should solve the problem. Best wishes, Nico van Eikema Hommes -- Dr. N.J.R. van Eikema Hommes Computer-Chemie-Centrum hommes@chemie.uni-erlangen.de Universitaet Erlangen-Nuernberg Phone: +49-(0)9131-8526532 Naegelsbachstr. 25 FAX: +49-(0)9131-8526565 91052 Erlangen, Germany
Nico van Eikema Hommes wrote:
even though they are not in the passwd and group files: there are sshd user and group in my nis tables, but i have files before nis in the /etc/nsswitch.conf file:
That may explain why it works when starting sshd interactively (NIS info is being used) but not during bootup, since sshd is started well before ypbind. Thus, the user sshd, necessary in openssh 3.x, is unknown at that time. Adding these users to the local passwd, shadow, and group should solve the problem.
Re-install the package in run-level 1. That way, NIS will not interfere. -- Rafael
yup, it was the nis tables confusing rpm. thanks to all those who actually helped solve this :) -- michael
Hello Michael,
thanks for the help! the links are there: [...] and sshd starts if i run rcsshd start. however, there is a line in boot.msg about there not being a sshd user for priv. sep.: Privilege separation user sshd does not exist <notice>'/etc/init.d/rc5.d/S08sshd start' exits with status 0 is the current sshd rpm not making this user correctly? there is no sshd user in /etc/passwd.
This pseudo-user should be there, as Peter Poeml just pointed out. Surprises me a bit that you can start sshd by hand with this user not being present. "Es geschehen noch Zeichen und Wunder..." Does a "grep sshd /var/log/boot.msg" offer any enlightenment? It might give a reason why starting sshd doesn't succeed. Best wishes, Nico van Eikema Hommes -- Dr. N.J.R. van Eikema Hommes Computer-Chemie-Centrum hommes@chemie.uni-erlangen.de Universitaet Erlangen-Nuernberg Phone: +49-(0)9131-8526532 Naegelsbachstr. 25 FAX: +49-(0)9131-8526565 91052 Erlangen, Germany
participants (5)
-
Michael Galloway
-
Michael Zimmermann
-
Nico van Eikema Hommes
-
Peter Poeml
-
Rafael E. Herrera