No subject


Mon Feb 7 10:29:41 EST 2005 

[Klug] issue.net
mark klug at k-lug.com
Fri, 04 Aug 2000 01:54:25 -0500

Previous message: [Klug] ReplyTo changed back (was: Lilo problems)
Next message: [Klug] issue.net
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--------------------------------------------------------------------------------

Well,  I finally got  openssh  running on all of my boxes (ehem,
distros)  and thought I would pass along some info that might be of use
to somebody.

My first attempt at installing openssl and openssh binaries failed
because some of my production servers are behind the times....  so I
built from sources using the tar.gz files.   The install instructions
were followed and the build was flawless.   The only problem was that
permission was denied to every ssh client even though authentication was
working and the passwords were correct.

The problem was that PAM   (pluggable authentication module)    support
is a big default for redhat systems.   The  ssh   stuff builds for
PAM,   but the    make install     does not provide a default
/etc/pam.d/sshd    file.     The symptom is  permission denied.

If you build from the rpm source file with    rpm --rebuild    and then
install from the new i386 file found in /usr/src/redhat/RPMS/i386   the
default   /etc/pam.d/sshd   file gets created correctly,   and no
problem.

I found I can still use hosts.deny  and hosts.allow  as with telnet and
ftp.     /etc/hosts.deny   should deny everyone   ALL:  ALL      and
/etc/hosts.allow should have a line like

sshd:  <ipaddr> ,  <name>,  <whatever>    (or)
sshd:  LOCAL,  .localdomain                   whatever

I am experimenting with   blowfish,  compression,  and routing X11  over
the channel.    Is anyone else using ssh to route X11-   thoughts,
suggestions,  troubles?

Also,   how are you folks providing a banner  like    issue.net    for
ssh clients to see at login ?

Thanks.

L8R

ps.    Thanks much to Steve Fox  for helping out today ;   he wins the
prize for being the only guy I talked to today that didn't tell me to
RTFM.    :-))))





_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp

More information about the OCLUG mailing list