Hello there :)
I run debian unstable.
I've just upgraded to the latest ssh package and I cannot connect to my box
anymor using ssh.
I've set up telnet to test it and it works fine with telnet.
First, here is the output when user try to connect to the box :
You need to turn off UsePrivilegeSeparation
in your /etc/ssh/sshd_config file.
UsePrivilegeSeparation no
Cheers.
On Wed, 2002-10-02 at 16:00, Alexis Sukrieh wrote:
Hello there :)
I run debian unstable.
I've just upgraded to the latest ssh package and I cannot connect to my box
anymor
You're right, it was set to yes but after putting it to 'no', the same
problem is still there...
At 16:11 02/10/2002 +0200, you wrote:
You need to turn off UsePrivilegeSeparation
in your /etc/ssh/sshd_config file.
UsePrivilegeSeparation no
Alexis Sukrieh (sukria), [EMAIL PROTECTED]
.
Kill your sshd. Run it in debugging mode (it will not
fork a process):
# sshd -ddd
Open another window, now run the client in verbose mode:
$ ssh -vvv user@host
Then email us the output. :) Otherwise, this is really difficult
to troubleshoot.
-Anne
This one time, Alexis Sukrieh wrote:
Hi there,
This might provide a clue:
debug1: PAM setting tty to /dev/pts/3
PAM session setup failed[28]: Module is unknown
-Anne
This one time, Alexis Sukrieh wrote:
here is the full output
( I've turned UsePrivilegeSeparation to no )
did you check all module invoked in /etc/pam.d/ssh can be found
in /lib/security/ ?
c++, Tonio
En réponse à Anne Carasik [EMAIL PROTECTED]:
Hi there,
This might provide a clue:
debug1: PAM setting tty to \/dev/pts/3\
PAM session setup failed[28]: Module is unknown
-Anne
This
Hi Alexis,
Did you setup /etc/pam.d/ssh?
-Anne
This one time, Alexis Sukrieh wrote:
Hehe :)
yes, but before mailing here, I've supposed that there was a missing
packagedependance in unstable and I look for pam* stuff.
I found those ones
libpam-modules - Pluggable Authentication
At 16:56 02/10/2002 +0200, [EMAIL PROTECTED] wrote:
did you check all module invoked in /etc/pam.d/ssh can be found
in /lib/security/ ?
Yes it can be found.
here, take a look :
__
poseidon:/etc/pam.d# cat /etc/pam.d/ssh
#%PAM-1.0
auth required
since openssh v3.3 was released, I never got it to work well with
PAM. I think it has something to do with privilege separation, whereby
the listening daemon is unable to use PAM due to insufficient privileges,
since it is running as an unprivileged user. Is PAMAuthenticationViaKbdInt
At 17:25 02/10/2002 +0200, Giacomo Mulas wrote:
since openssh v3.3 was released, I never got it to work well with
PAM. I think it has something to do with privilege separation, whereby
the listening daemon is unable to use PAM due to insufficient privileges,
since it is running as an
This one time, Alexis Sukrieh wrote:
Well, again it is not the solution for me !
It is yet turned off
Hmmm.. not sure.
is this a common problem ??? I'm surprised in the way that every
intelligent solutions you all provide to me are ineffectvie...
Hmmm.. try apt-get remove --purge
Am Mittwoch, 2. Oktober 2002 17:01 schrieb Alexis Sukrieh:
At 16:56 02/10/2002 +0200, [EMAIL PROTECTED] wrote:
did you check all module invoked in /etc/pam.d/ssh can be found
in /lib/security/ ?
Yes it can be found.
here, take a look :
Hi,
just a guess:
What about disabling all
hello,
when i posted this question to debian-user-french
i had no (good) answers.
perhaps somebody here could explain me why:
there is a .deb for postfix and not for qmail?
(qmail is more secure than postfix)
there is a .deb for proftpd and not for pureftpd?
(pureftpd is more secure than
Ivan,
There are .debs for qmail. The debs are not official because
qmail apparently doesn't adhere to Debain Policy.
The .debs can be found at http://smarden.org/pape/Debian
I don't know about pureftpd so can't comment. =)
Regards.
Kourosh
On Wed, Oct 02, 2002 at 07:19:50PM +0200,
WebMaster wrote:
hello,
when i posted this question to debian-user-french
i had no (good) answers.
perhaps somebody here could explain me why:
there is a .deb for postfix and not for qmail?
The license, or lack thereof does not allow binary redistribution which
alters the way qmail is
hello Kourosh,
There are .debs for qmail. The debs are not official because
qmail apparently doesn't adhere to Debain Policy.
what do you mean by debian policy? (under gnu/gpl?)
Ivan Rambeau
FranceOnLine
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
On Wed, Oct 02, 2002 at 07:39:30PM +0200, WebMaster wrote:
hello Kourosh,
There are .debs for qmail. The debs are not official because
qmail apparently doesn't adhere to Debain Policy.
what do you mean by debian policy? (under gnu/gpl?)
google - debian dfsg
Jesse
--
Jesus Climent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wednesday 02 October 2002 19:19, WebMaster wrote:
there is a .deb for postfix and not for qmail?
djb knows it better then the rest of the globe so you may not redistribute
binaries of his free/open sw.
you have this package that migh help
On Wed, Oct 02, 2002 at 07:39:30PM +0200, WebMaster wrote:
hello Kourosh,
There are .debs for qmail. The debs are not official because
qmail apparently doesn't adhere to Debain Policy.
what do you mean by debian policy? (under gnu/gpl?)
Ivan Rambeau
FranceOnLine
thanks a lot for all your answers
;-)
Ivan Rambeau
FranceOnLine
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
And the winner is .
just a guess:
What about disabling all session-entries except the first in the
/etc/pam.d/shh like this:
Marcus !!
Wünderbar ! :)
It works when I disable other session entries.
Thanks a lot to all of you, I'm really happy to come back to ssh (telnet
sucks !)
so to you a reward is proof of security ? :-]
lol, of course not :-P
(i searched vulnerabilies and exploits and fine none)
Ivan Rambeau
FranceOnLine
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Hello withoutrealname,
WebMaster wrote:
well, the software is just about one year old, right?
so there probably aren't a lot of people who use it, so there aren't
lot of attacks.
just wait one and two years and there probably will be some bugs.
no
qmail...
i was talking about
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
In message [EMAIL PROTECTED], Ralf Dreibrodt writes:
Hello withoutrealname,
WebMaster wrote:
well, the software is just about one year old, right?
so there probably aren't a lot of people who use it,
On Wednesday, 02 October 2002, at 19:19:50 +0200,
WebMaster wrote:
there is a .deb for postfix and not for qmail?
(qmail is more secure than postfix)
Redistribution terms for qmail prevent it from being packaged in binary
form whenever the binary is not the exact result of a compilation from
On Wednesday, 02 October 2002, at 20:21:26 +0200,
jernej horvat wrote:
so to you a reward is proof of security ? :-]
At least not for me. But a reward offered 5 years ago that not only
hasn't been awarded, but even has not even been asked for, maybe is a
proof of a piece of software without
Correct me if I'm wrong, but don't we expect people who run unstable to
diagnoseproblems themselves? If they can't they should be running stable
or at least testing?
Unstable is not just a name...
Lupe Christoph
On Wednesday, 2002-10-02 at 09:44:38 -0700, Anne Carasik wrote:
This one time,
This one time, Lupe Christoph wrote:
Correct me if I'm wrong, but don't we expect people who run unstable to
diagnoseproblems themselves? If they can't they should be running stable
or at least testing?
I think there's nothing wrong with helping someone out, no matter
which group they're
On Wed, 2002-10-02 at 21:13, Lupe Christoph wrote:
Correct me if I'm wrong, but don't we expect people who run unstable to
diagnoseproblems themselves? If they can't they should be running stable
or at least testing?
Excuse me sir !
But well, if I run unstable and I find a strange problem
Debian testing and unstable use it too..
-- Missatge transmès --
Subject: Re: Squirrel Mail 1.2.7 XSS Exploit
Date: Thu, 19 Sep 2002 16:51:09 -0500 (CDT)
From: Jason Munro [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
DarC KonQuesT said:
Sorry if you receive two of these.
On Wed, Oct 02, 2002 at 10:57:55PM +0200, Jose Luis Domingo Lopez wrote:
On Wednesday, 02 October 2002, at 20:21:26 +0200,
jernej horvat wrote:
so to you a reward is proof of security ? :-]
At least not for me. But a reward offered 5 years ago that not only
hasn't been awarded, but even
hello Joey,
You definitly need to check out vsftpd then. It's got very secure it
it's _name_, so it must be secure!
good joke :-)
i do not just read what is written on web sites...
is openbsd a secure distrib?
there is one alternative to proftpd in this distrib: pureftpd!
;-)
hello Bastian,
http://www-dt.e-technik.uni-dortmund.de/~ma/qmail-bugs.html
waaa... thanks a lot for those informations :-)
perhaps you know a qmailadmin for postfix?
(i searched a lot and find none, like for your qmail-bugs file :-P)
thanks in advance
Ivan Rambeau
FranceOnLine
Hello there :)
I run debian unstable.
I've just upgraded to the latest ssh package and I cannot connect to my box
anymor using ssh.
I've set up telnet to test it and it works fine with telnet.
First, here is the output when user try to connect to the box :
You need to turn off UsePrivilegeSeparation
in your /etc/ssh/sshd_config file.
UsePrivilegeSeparation no
Cheers.
On Wed, 2002-10-02 at 16:00, Alexis Sukrieh wrote:
Hello there :)
I run debian unstable.
I've just upgraded to the latest ssh package and I cannot connect to my box
anymor
You're right, it was set to yes but after putting it to 'no', the same
problem is still there...
At 16:11 02/10/2002 +0200, you wrote:
You need to turn off UsePrivilegeSeparation
in your /etc/ssh/sshd_config file.
UsePrivilegeSeparation no
Alexis Sukrieh (sukria), [EMAIL PROTECTED]
.
Kill your sshd. Run it in debugging mode (it will not
fork a process):
# sshd -ddd
Open another window, now run the client in verbose mode:
$ ssh -vvv [EMAIL PROTECTED]
Then email us the output. :) Otherwise, this is really difficult
to troubleshoot.
-Anne
This one time, Alexis Sukrieh
here is the full output
( I've turned UsePrivilegeSeparation to no )
___
poseidon:~# sshd -ddd
debug1: sshd version OpenSSH_3.4p1 Debian 1:3.4p1-2
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type
Hi there,
This might provide a clue:
debug1: PAM setting tty to /dev/pts/3
PAM session setup failed[28]: Module is unknown
-Anne
This one time, Alexis Sukrieh wrote:
here is the full output
( I've turned UsePrivilegeSeparation to no )
Hehe :)
yes, but before mailing here, I've supposed that there was a missing
packagedependance in unstable and I look for pam* stuff.
I found those ones
libpam-modules - Pluggable Authentication Modules for PAM
libpam0g - Pluggable Authentication Modules library
and I installed it.
I also
did you check all module invoked in /etc/pam.d/ssh can be found
in /lib/security/ ?
c++, Tonio
En réponse à Anne Carasik [EMAIL PROTECTED]:
Hi there,
This might provide a clue:
debug1: PAM setting tty to \/dev/pts/3\
PAM session setup failed[28]: Module is unknown
-Anne
This one
Hi Alexis,
Did you setup /etc/pam.d/ssh?
-Anne
This one time, Alexis Sukrieh wrote:
Hehe :)
yes, but before mailing here, I've supposed that there was a missing
packagedependance in unstable and I look for pam* stuff.
I found those ones
libpam-modules - Pluggable Authentication
At 16:56 02/10/2002 +0200, [EMAIL PROTECTED] wrote:
did you check all module invoked in /etc/pam.d/ssh can be found
in /lib/security/ ?
Yes it can be found.
here, take a look :
__
poseidon:/etc/pam.d# cat /etc/pam.d/ssh
#%PAM-1.0
auth
since openssh v3.3 was released, I never got it to work well with
PAM. I think it has something to do with privilege separation, whereby
the listening daemon is unable to use PAM due to insufficient privileges,
since it is running as an unprivileged user. Is PAMAuthenticationViaKbdInt
At 17:25 02/10/2002 +0200, Giacomo Mulas wrote:
since openssh v3.3 was released, I never got it to work well with
PAM. I think it has something to do with privilege separation, whereby
the listening daemon is unable to use PAM due to insufficient privileges,
since it is running as an
This one time, Alexis Sukrieh wrote:
Well, again it is not the solution for me !
It is yet turned off
Hmmm.. not sure.
is this a common problem ??? I'm surprised in the way that every
intelligent solutions you all provide to me are ineffectvie...
Hmmm.. try apt-get remove --purge
Am Mittwoch, 2. Oktober 2002 17:01 schrieb Alexis Sukrieh:
At 16:56 02/10/2002 +0200, [EMAIL PROTECTED] wrote:
did you check all module invoked in /etc/pam.d/ssh can be found
in /lib/security/ ?
Yes it can be found.
here, take a look :
Hi,
just a guess:
What about disabling all
hello,
when i posted this question to debian-user-french
i had no (good) answers.
perhaps somebody here could explain me why:
there is a .deb for postfix and not for qmail?
(qmail is more secure than postfix)
there is a .deb for proftpd and not for pureftpd?
(pureftpd is more secure than
WebMaster wrote:
hello,
when i posted this question to debian-user-french
i had no (good) answers.
perhaps somebody here could explain me why:
there is a .deb for postfix and not for qmail?
The license, or lack thereof does not allow binary redistribution which
alters the way qmail is
hello Kourosh,
There are .debs for qmail. The debs are not official because
qmail apparently doesn't adhere to Debain Policy.
what do you mean by debian policy? (under gnu/gpl?)
Ivan Rambeau
FranceOnLine
On Wed, Oct 02, 2002 at 07:39:30PM +0200, WebMaster wrote:
hello Kourosh,
There are .debs for qmail. The debs are not official because
qmail apparently doesn't adhere to Debain Policy.
what do you mean by debian policy? (under gnu/gpl?)
google - debian dfsg
Jesse
--
Jesus Climent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wednesday 02 October 2002 19:19, WebMaster wrote:
there is a .deb for postfix and not for qmail?
djb knows it better then the rest of the globe so you may not redistribute
binaries of his free/open sw.
you have this package that migh help you:
On Wed, Oct 02, 2002 at 07:39:30PM +0200, WebMaster wrote:
hello Kourosh,
There are .debs for qmail. The debs are not official because
qmail apparently doesn't adhere to Debain Policy.
what do you mean by debian policy? (under gnu/gpl?)
Ivan Rambeau
FranceOnLine
hello David,
if i wrote this:
(qmail is more secure than postfix)
it s because we can read on qmail.org:
In March 1997, I offered $500 to the first person to publish a
verifiable security hole in the latest version of qmail...
My offer still stands. Nobody has found any security holes in
On Wed, Oct 02, 2002 at 08:09:33PM +0200, WebMaster wrote:
In March 1997, I offered $500 to the first person to publish a
verifiable security hole in the latest version of qmail...
My offer still stands. Nobody has found any security holes in qmail.
snip
it s because we can read on
thanks a lot for all your answers
;-)
Ivan Rambeau
FranceOnLine
And the winner is .
just a guess:
What about disabling all session-entries except the first in the
/etc/pam.d/shh like this:
Marcus !!
Wünderbar ! :)
It works when I disable other session entries.
Thanks a lot to all of you, I'm really happy to come back to ssh (telnet
sucks !)
so to you a reward is proof of security ? :-]
lol, of course not :-P
(i searched vulnerabilies and exploits and fine none)
Ivan Rambeau
FranceOnLine
hello Ralf,
well, the software is just about one year old, right?
so there probably aren't a lot of people who use it, so there aren't
lot of attacks.
just wait one and two years and there probably will be some bugs.
no
As of October 2001, more than 70 reachable IP addresses are
Hello withoutrealname,
WebMaster wrote:
well, the software is just about one year old, right?
so there probably aren't a lot of people who use it, so there aren't
lot of attacks.
just wait one and two years and there probably will be some bugs.
no
qmail...
i was talking about
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Content-Type: text/plain; charset=us-ascii
In message [EMAIL PROTECTED], Ralf Dreibrodt writes:
Hello withoutrealname,
WebMaster wrote:
well, the software is just about one year old, right?
so there probably aren't a lot of people who use it, so
On Wednesday, 02 October 2002, at 19:19:50 +0200,
WebMaster wrote:
there is a .deb for postfix and not for qmail?
(qmail is more secure than postfix)
Redistribution terms for qmail prevent it from being packaged in binary
form whenever the binary is not the exact result of a compilation from
On Wednesday, 02 October 2002, at 20:21:26 +0200,
jernej horvat wrote:
so to you a reward is proof of security ? :-]
At least not for me. But a reward offered 5 years ago that not only
hasn't been awarded, but even has not even been asked for, maybe is a
proof of a piece of software without
Correct me if I'm wrong, but don't we expect people who run unstable to
diagnoseproblems themselves? If they can't they should be running stable
or at least testing?
Unstable is not just a name...
Lupe Christoph
On Wednesday, 2002-10-02 at 09:44:38 -0700, Anne Carasik wrote:
This one time,
This one time, Lupe Christoph wrote:
Correct me if I'm wrong, but don't we expect people who run unstable to
diagnoseproblems themselves? If they can't they should be running stable
or at least testing?
I think there's nothing wrong with helping someone out, no matter
which group they're
On Wed, 2002-10-02 at 21:13, Lupe Christoph wrote:
Correct me if I'm wrong, but don't we expect people who run unstable to
diagnoseproblems themselves? If they can't they should be running stable
or at least testing?
Excuse me sir !
But well, if I run unstable and I find a strange problem
Debian testing and unstable use it too..
-- Missatge transmès --
Subject: Re: Squirrel Mail 1.2.7 XSS Exploit
Date: Thu, 19 Sep 2002 16:51:09 -0500 (CDT)
From: Jason Munro [EMAIL PROTECTED]
To: bugtraq@securityfocus.com
DarC KonQuesT said:
Sorry if you receive two of
On Wed, Oct 02, 2002 at 10:57:55PM +0200, Jose Luis Domingo Lopez wrote:
On Wednesday, 02 October 2002, at 20:21:26 +0200,
jernej horvat wrote:
so to you a reward is proof of security ? :-]
At least not for me. But a reward offered 5 years ago that not only
hasn't been awarded, but even
68 matches
Mail list logo