f



Intsalling OpenSSH 7.2p2 server on SunOS 5.11 (Solaris 11.3)

My apologies in advance if this has been asked and answered.

I'm trying to update OpenSSH on Solaris 11.3. Oracle sells the updates. We are a free/open source project with no budget, so purchasing support contracts is something that usually does not happen (I usually spend my money on hardware for testing).

When running 'make install', the process ends with:

  /usr/local/sbin/sshd -t -f /usr/local/etc/sshd_config
  Privilege separation user sshd does not exist
  *** Error code 255 (ignored)

README.privsep does not appear to discuss the error. Googling reveals http://www.citi.umich.edu/u/provos/ssh/privsep-faq.html, which says to:

    The child needs to change its user id to become unprivileged.
    You need to create a new user sshd and a new group sshd. In
    OpenBSD, these entries look as follows:


      /etc/group:sshd:*:27:
      /etc/passwd:sshd:*:27:27:sshd privsep:/var/empty:/sbin/nologin

Searching the project's website and mailing list archives for things like "solaris roles" returns 0 hits. I contacted the author of the privilege separation FAQ, and he advised me to ask on the mailing list.

My broad question is:

* what is the procedure to install OpenSSH on Solaris?

Other, detailed questions include:

* what is the problem with the root role (not root user)?
* what roles and entitlements should the sshd userand/or group hold?
* what is the significance of the low userid and groupid for Solaris (27 in the example)?
* there does not seem to be /sbin/nologin on Solaris; what does the team recommend we use?

Thank you in advance for insights.

Jeffrey Walton
0
noloader
6/10/2016 2:27:32 AM
comp.security.ssh 4228 articles. 0 followers. terra1024 (490) is leader. Post Follow

0 Replies
437 Views

Similar Articles

[PageSpeed] 55

Reply: