OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Vincent Danen (vdanenmandrakesoft.com)
Date: Fri Mar 23 2001 - 17:52:32 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Fri Mar 23, 2001 at 04:33:23PM -0700, Daniel Woods wrote:

    > > Is anyone experiencing any PAM problems with the OpenSSH update which
    > > was just released?
    > > Mandrake 7.1
    > >
    > > pam-0.72-7.1mdk
    > > openssh-askpass-2.5.2p2-1.2mdk
    > > openssh-2.5.2p2-1.2mdk
    > > openssh-clients-2.5.2p2-1.2mdk
    > > openssh-server-2.5.2p2-1.2mdk
    > >
    > > I get a permission denied when attempting login via UNIX shadow file
    > > auth (password).
    >
    > On my Mandrake 7.1 base server, I installed the 7.2 versions with
    > rpm -Fvh openssh*
    >
    > // I don't think you need these
    > pam-devel-0.72-13.1mdk
    > pam-doc-0.72-13.1mdk

    You don't need them, but if you're going to use the 7.2 rpms or the
    corporate server rpms for openssh, you should use their versions of
    pam as well (corporate and 7.2+ use system-auth, which 7.1 and older
    do not)... that being said, 7.1 openssh packages will still work on
    the newer distribs (should, but untested), but not the other way
    around (ie. 7.2 openssh with 7.1 pam).

    > // these are my packages
    > pam-0.72-13.1mdk
    > openssh-askpass-2.5.2p2-1.1mdk
    > openssh-server-2.5.2p2-1.1mdk
    > openssh-2.5.2p2-1.1mdk
    > openssh-askpass-gnome-2.5.2p2-1.1mdk
    > openssh-clients-2.5.2p2-1.1mdk
    >
    > I also could not log in anymore via ssh. I looked to see what was
    > updated and found in /etc/ssh
    > -rw-r----- 1 root root 1042 Jan 26 21:34 ssh_config
    > -rw-r--r-- 1 root root 1200 Mar 22 15:26 ssh_config.rpmnew
    > -rw------- 1 root root 1364 Jan 26 21:45 sshd_config
    > -rw------- 1 root root 1689 Mar 22 15:26 sshd_config.rpmnew
    >
    > After looking at diff's between my version and the rpmnew versions,
    > I determined that I could safely update the files, like...
    > -rw-r----- 1 root root 1200 Mar 23 00:20 ssh_config
    > -rw-r----- 1 root root 1042 Jan 26 21:34 ssh_config.old
    > -rw-r--r-- 1 root root 1200 Mar 22 15:26 ssh_config.rpmnew
    > -rw------- 1 root root 1689 Mar 23 00:20 sshd_config
    > -rw------- 1 root root 1364 Jan 26 21:45 sshd_config.old
    > -rw------- 1 root root 1689 Mar 22 15:26 sshd_config.rpmnew
    >
    > # service sshd restart
    > And now everything is fine :)

    Ok, then yes, you should use the *.rpmnew config files... much has
    changed in the configs that may affect things.

    You also want to force a restart so that it can generate RSA keys for
    your server also. 

    -- 
vdanenmandrakesoft.com, OpenPGP key available on www.keyserver.net
1024D/FE6F2AFD   88D8 0D23 8D4B 3407 5BD7  66F9 2043 D0E5 FE6F 2AFD
 - Danen Consulting Services    www.danen.net, www.freezer-burn.org
 - MandrakeSoft, Inc. Security  www.linux-mandrake.com

    Current Linux kernel 2.4.2-13mdk uptime: 4 days 0 hours 18 minutes.

    -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org

    iD8DBQE6u+HAIEPQ5f5vKv0RAlXVAKC8XRIsvSzTXy3IVSZd6nl/+kkewQCgspWf 1ruDt6VSMVQew3smN3joJJ4= =c77U -----END PGP SIGNATURE-----