sshd fails to start with "UsePam no"
Mathias Samuelson
advisory. However, sshd fails to start:
bash-2.03# /usr/local/sbin/sshd -f /usr/local/etc/sshd_config -t
/usr/local/etc/sshd_config: line 26: Bad configuration option: UsePam
/usr/local/etc/sshd_config: terminating, 1 bad configuration options
This is on Solaris 8, with the September 16 patch, configure options:
./configure --with-ipv4-default --without-rsh --disable-suid-ssh
I'd appreciate any help on this. :)
b.rgds
Mathias
Alessandro Selli
ftp://ftp.ca.openbsd.org/pub/OpenBSD/OpenSSH/portable/ChangeLog
20030514
[...]
- (djm) Add new UsePAM configuration directive to allow runtime control
over usage of PAM. This allows non-root use of sshd when built with
--with-pam
- (djm) Die screaming if start_pam() is called when UsePAM=no
Now, SSH 3.6.1p1 was released on 20030401, while it seems 3.6.1p2 was
released on Apr 29th, that is, fifteen days before the "UsePam" option was made
available.
Sandro
--
Bellum se ipsum alet
La guerra nutre se stessa
Livio, Ab urbe condita, XXXIV,9
Mathias Samuelson
"UsePam no" to apply...
Can someone confirm my assumption that Ossh isn't vulnerable if not
configured with that option?
Mathias
Paul Kimoto
> Using OpenSSH_3.6.1p2, I want to disable PAM to counter the latest
> advisory. However, sshd fails to start:
>
> bash-2.03# /usr/local/sbin/sshd -f /usr/local/etc/sshd_config -t
> /usr/local/etc/sshd_config: line 26: Bad configuration option: UsePam
> /usr/local/etc/sshd_config: terminating, 1 bad configuration options
http://www.openssh.com/txt/sshpam.adv says that 3.7p1 and 3.7.1p1 are
vulnerable. Does that mean 3.6.*p* (appropriately patched) are not
known to have this PAM problem?
--
Paul Kimoto
This message was originally posted on Usenet in plain text. Any images,
hyperlinks, or the like shown here have been added without my consent,
and may be a violation of international copyright law.