|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [suse-security] openssh-3.5p1-107 tunneling problems
From: Armin Schoech (armin.schoech
web.de)
Date: Wed Sep 24 2003 - 07:00:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Michael,
> i upgraded to the openssh-3.5p1-107 rpms over the weekend and now i've a
> problem with tunneling. i use an ssh tunnel to make irc connections, now when
> i make an irc connection over the tunnel i connect as user root instead of as
> the user i make the tunnel with:
>
> ssh 6669:irc.freenode.net:6667 michaelhost.domain.org
>
> the sshd_config is the stock that came with the rpm. am i missing
> something?
>
--> I think you have just discovered that sshd is no longer running
with priviledge separation. Have you compared the new sshd_config file
form the rpm to the old one ?
If priviledge separation is enabled, the main sshd daemon will fork a
process running under the UID of the user logging in and this process
will take care of the tunneling.
But the default with the new rpm is that priviledge separation is
disabled, i.d. the process handling the socket and taking care of the
tunneling is running as root.
This would explain your observation. Have you tried to switch on
priviledge separation in sshd_config, then restart the server and do
the same test ? What does it say now ?
HTH,
Armin
--
Am Hasenberg 26 office: Institut für Atmosphärenphysik
D-18209 Bad Doberan Schloss-Straße 6
Tel. ++49-(0)38203/42137 D-18225 Kühlungsborn / GERMANY
Email: schoechiap-kborn.de Tel. +49-(0)38293-68-102
WWW: http://armins.cjb.net/ Fax. +49-(0)38293-68-50
--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]