Securing Ssh and problems
Orkan
I'm trying to configure Ssh Privileged User for SunSSH on Solaris
10u8. I created sshd user:
/etc/passwd: sshd:x:74:74:Privilege-separated SSH:/var/empty:/sbin/
nologin
/etc/group: sshd::74:
Added lines to /etc/ssh/sshd_config
UseLogin yes
UsePrivilegeSeparation yes
and restarted ssh:
svcadm disable svc:/network/ssh:default
svcadm enable svc:/network/ssh:default
And I cannot login :)
my /var/adm/messages has these lines:
fatal: Userauth method unknown while starting PAM
Any ideas what I should change/add/fix ?
chuckers
I believe you just need to remove the "UsePrivilegeSeperation yes"
line from
your config if you are going to use the ssh included with Solaris 10.
This is sort of a "bug" with Solaris 10 version of ssh. Solaris ssh
always
uses privilege separation and you can't turn it off. Having the line
in the
config file glorps it up a bit. It would be nicer if it silently
ignored it or
at least printed a more helpful message stating that it was on and
going to ignore
the line in the config.
Refer here:
Orkan
Hi Again,
Thank you for your answer, that was really helpfull. I'm removing
"UsePrivilegeSeparation yes" line; but leaving "UseLogin yes" line
still prevents me from logging in. Any ideas about this one?
Cheers,
Orkan
chuckers
I suppose you remembered to restart sshd after changing the config,
right?
Does ssh -vvv hostname provide anything useful?