sshd, ldap, BSM auditing - comp.unix.solaris

Hi all, I want a setup where users are authenticated with LDAP and audited with BSM auditing. I have confiured LDAP and BSM, with UseLogin set to yes in the sshd_config file. Logging on via su works fine, LDAP authentication and auditing work. When I try to logon from another machine with ssh I can't login anymore: Login incorrect Connection closed When I put the UseLogin to no I can login but I don't have any auditing. Is there a solution or do I have to choose? BTW: sun's sshd and open sshd behave the same way. thanks for all answers.

adirtymindisajoyforever <getridofthespam@yahoo.com> writes: >Is there a solution or do I have to choose? >BTW: sun's sshd and open sshd behave the same way. Unlikely because Sun's SSH works with auditing enabled and I don't support "UseLogin". Casper -- Expressed in this posting are my opinions. They are in no way related to opinions held by my employer, Sun Microsystems. Statements on Sun products included here are not gospel and may be fiction rather than truth.

On 17 mrt, 11:50, Casper H.S. Dik <Casper....@Sun.COM> wrote: > adirtymindisajoyforever <getridofthes...@yahoo.com> writes: > >Is there a solution or do I have to choose? > >BTW: sun's sshd and open sshd behave the same way. > > Unlikely because Sun's SSH works with auditing enabled and I don't > support "UseLogin". > > Casper > -- > Expressed in this posting are my opinions. =A0They are in no way related > to opinions held by my employer, Sun Microsystems. > Statements on Sun products included here are not gospel and may > be fiction rather than truth. tests tell a different story: loginserver: # grep -i uselogin /etc/ssh/sshd_config UseLogin yes # /usr/lib/ssh/sshd -p 33 # grep -v UseLogin /etc/ssh/sshd_config > /etc/ssh/ sshd_config.nouselogin # /usr/lib/ssh/sshd -p 44 -f /etc/ssh/sshd_config.nouselogin client: # ssh -p 44 op1@10.255.254.163 Password: Last login: Tue Mar 17 11:40:19 2009 from 10.255.254.81 Last login: op1 sshd 10.255.254.81 Tue Mar 17 13:49 still logged in op1@ls09943 # id uid=3D60004(op1) gid=3D1(other) op1@ls09943 # ^D Connection to 10.255.254.163 closed. # ssh -p 33 op1@10.255.254.163 Password: Login incorrect Connection to 10.255.254.163 closed.

adirtymindisajoyforever <getridofthespam@yahoo.com> writes: >On 17 mrt, 11:50, Casper H.S. Dik <Casper....@Sun.COM> wrote: >> adirtymindisajoyforever <getridofthes...@yahoo.com> writes: >> >Is there a solution or do I have to choose? >> >BTW: sun's sshd and open sshd behave the same way. >> >> Unlikely because Sun's SSH works with auditing enabled and I don't >> support "UseLogin". >> >> Casper >> -- >> Expressed in this posting are my opinions. =A0They are in no way related >> to opinions held by my employer, Sun Microsystems. >> Statements on Sun products included here are not gospel and may >> be fiction rather than truth. >tests tell a different story: >loginserver: ># grep -i uselogin /etc/ssh/sshd_config >UseLogin yes ># /usr/lib/ssh/sshd -p 33 ># grep -v UseLogin /etc/ssh/sshd_config > /etc/ssh/ >sshd_config.nouselogin ># /usr/lib/ssh/sshd -p 44 -f /etc/ssh/sshd_config.nouselogin >client: ># ssh -p 44 op1@10.255.254.163 >Password: Is that really Sun's SSH? Casper -- Expressed in this posting are my opinions. They are in no way related to opinions held by my employer, Sun Microsystems. Statements on Sun products included here are not gospel and may be fiction rather than truth.

On 17 mrt, 16:03, Casper H.S. Dik <Casper....@Sun.COM> wrote: > adirtymindisajoyforever <getridofthes...@yahoo.com> writes: > >On 17 mrt, 11:50, Casper H.S. Dik <Casper....@Sun.COM> wrote: > >> adirtymindisajoyforever <getridofthes...@yahoo.com> writes: > >> >Is there a solution or do I have to choose? > >> >BTW: sun's sshd and open sshd behave the same way. > > >> Unlikely because Sun's SSH works with auditing enabled and I don't > >> support "UseLogin". > > >> Casper > >> -- > >> Expressed in this posting are my opinions. =3DA0They are in no way rel= ated > >> to opinions held by my employer, Sun Microsystems. > >> Statements on Sun products included here are not gospel and may > >> be fiction rather than truth. > >tests tell a different story: > >loginserver: > ># grep -i uselogin =A0/etc/ssh/sshd_config > >UseLogin yes > ># /usr/lib/ssh/sshd -p 33 > ># grep -v UseLogin /etc/ssh/sshd_config > /etc/ssh/ > >sshd_config.nouselogin > ># /usr/lib/ssh/sshd -p 44 -f /etc/ssh/sshd_config.nouselogin > >client: > ># ssh -p 44 o...@10.255.254.163 > >Password: > > Is that really Sun's SSH? # /usr/lib/ssh/sshd -V sshd: option requires an argument -- V sshd version Sun_SSH_1.1 # uname -a SunOS ls09943 5.10 Generic_127112-10 i86pc i386 i86pc Some more tests; audit logs only created with openssh, not with sun ssh... > > Casper > -- > Expressed in this posting are my opinions. =A0They are in no way related > to opinions held by my employer, Sun Microsystems. > Statements on Sun products included here are not gospel and may > be fiction rather than truth.

Similiar Articles:

Detect if console redirected to serial port a on SPARC

asndport1

How to get password for Solaris Express docs

119

asndport1

HP Autoloader DLT-backuprobot

Michael

Mirroring/Backup from Smaller disk to larger disk

samuel

RBAC queries - newbie

113

Dolphin

Solaris 9 SunPCI Win2k CDROM Access

rafege

Latest computers,laptops and softwares

Irfan

I am not getting beep in bash shell

260

madhu.smartguy90 (1)

file partition on Raid5 disk

swun2010

locating luns in a san

155

kartikvashishta108

mincache=direct in Solaris 10 for VxFS

493

underh20

problem with PHP and mcrypt

147

Beyonder

Installing Solaris 10 x86 with grub4dos as standalone.

119

zosrothko

Specifying a higher MTU for some peers

Mikhail

Weird qfe link errors

mark

7/26/2012 9:40:40 PM