upgrading open ssh

Hi all,

I downloaded and installed the latest version of open ssh. I was running openssh-3.6.1p2-19 on a Fedora box. However,
how do I know that the new install took and that the old open ssh has been done away with? I did the ./configure, make,
and make install, but I think I'm missing some steps.

Thank you as always.

Anna Zapata
UTS - Network Security
303.871.2009


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: upgrading open ssh

Anna..

Since you were using an rpm version of SSH before, and now you've converted to a
source package, it might be a little more difficult to stay consistant.

On my system, I removed the rpm version and replace it with the source version,
by compiling and installing it the way you did.

I suggest removing the rpm package of SSH that you have, and then simply just
run make install on the SSH source directory you have, and that way, you're
guaranteed to run the version you're expecting.

Good Luck!

--Armen


On Mon, Feb 23, 2004 at 02:12:15PM -0700, Anna G. Zapata wrote:
: Hi all,
:
: I downloaded and installed the latest version of open ssh. I was running openssh-3.6.1p2-19 on a Fedora box. However,
: how do I know that the new install took and that the old open ssh has been done away with? I did the ./configure, make,
: and make install, but I think I'm missing some steps.
:
: Thank you as always.
:
: Anna Zapata
: UTS - Network Security
: 303.871.2009
:
:
: -
: To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
: the body of a message to majordomo@vger.kernel.org
: More majordomo info at http://vger.kernel.org/majordomo-info.html
: Please read the FAQ at http://www.linux-learn.org/faqs
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: upgrading open ssh

At 02:12 PM 2/23/2004 -0700, Anna G. Zapata wrote:
>Hi all,
>
>I downloaded and installed the latest version of open ssh. I was running
>openssh-3.6.1p2-19 on a Fedora box. However,
>how do I know that the new install took and that the old open ssh has been
>done away with? I did the ./configure, make,
>and make install, but I think I'm missing some steps.

You may be missing something, but those are the usual steps for installing
apps from source (assuming they all completed with no errors reported ...
and not all source uses the autoconfigure approach).

I don't know if there is something specific to Fedora that helps with this,
but if not, the usual suspects to round up are:

1. Timestamps on the app files. After you do a "which ssh" to find the one
that will actually run , do "ls -l " on it and see if the timestamp matches
the compile (or install) time. With some apps, you'll need to chase down a
line of symlinks to get the actual executable, but I don't think that's so
with ssh.

2. Version number. The command for this can vary from app to app, but ssh
uses the most common choice, "ssh -V".




-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: upgrading open ssh

On Mon, 23 Feb 2004, Anna G. Zapata wrote:

> Hi all,
>
> I downloaded and installed the latest version of open ssh. I was running openssh-3.6.1p2-19 on a Fedora box. However,
> how do I know that the new install took and that the old open ssh has been done away with? I did the ./configure, make,
> and make install, but I think I'm missing some steps.
>

ls -l `which sshd` `which ssh`
and look at time field
they should have the date you installed them

> Thank you as always.
>
> Anna Zapata
> UTS - Network Security
> 303.871.2009
>
>



--
"A mouse is a device used to point at
the xterm you want to type in".
Kim Alm on a.s.r.
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: upgrading open ssh

Armen,

How do I go about removing the rpm version?

Thanks for all your help.

Anna

-----Original Message-----
From: Armen Kaleshian [mailto:akaleshian@kriation.com]
Sent: Monday, February 23, 2004 2:31 PM
To: Anna G. Zapata
Cc: linux-newbie@vger.kernel.org
Subject: Re: upgrading open ssh


Anna..

Since you were using an rpm version of SSH before, and now you've converted to a
source package, it might be a little more difficult to stay consistant.

On my system, I removed the rpm version and replace it with the source version,
by compiling and installing it the way you did.

I suggest removing the rpm package of SSH that you have, and then simply just
run make install on the SSH source directory you have, and that way, you're
guaranteed to run the version you're expecting.

Good Luck!

--Armen


On Mon, Feb 23, 2004 at 02:12:15PM -0700, Anna G. Zapata wrote:
: Hi all,
:
: I downloaded and installed the latest version of open ssh. I was running openssh-3.6.1p2-19 on a Fedora box.
However,
: how do I know that the new install took and that the old open ssh has been done away with? I did the ./configure,
make,
: and make install, but I think I'm missing some steps.
:
: Thank you as always.
:
: Anna Zapata
: UTS - Network Security
: 303.871.2009
:
:
: -
: To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
: the body of a message to majordomo@vger.kernel.org
: More majordomo info at http://vger.kernel.org/majordomo-info.html
: Please read the FAQ at http://www.linux-learn.org/faqs

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: upgrading open ssh

Piece of cake. ;-)

rpm -e

You might run into some dependency issues, and if you get stuck into a loop,
just use the --nodeps switch to remove a package that's causing the loop.

As long as you're just removing the openssh-* packages, you'll be all set to use
the one compiled from source.

Let me know if you need anything else.

--Armen

On Mon, Feb 23, 2004 at 03:03:36PM -0700, Anna G. Zapata wrote:
: Armen,
:
: How do I go about removing the rpm version?
:
: Thanks for all your help.
:
: Anna
:
: -----Original Message-----
: From: Armen Kaleshian [mailto:akaleshian@kriation.com]
: Sent: Monday, February 23, 2004 2:31 PM
: To: Anna G. Zapata
: Cc: linux-newbie@vger.kernel.org
: Subject: Re: upgrading open ssh
:
:
: Anna..
:
: Since you were using an rpm version of SSH before, and now you've converted to a
: source package, it might be a little more difficult to stay consistant.
:
: On my system, I removed the rpm version and replace it with the source version,
: by compiling and installing it the way you did.
:
: I suggest removing the rpm package of SSH that you have, and then simply just
: run make install on the SSH source directory you have, and that way, you're
: guaranteed to run the version you're expecting.
:
: Good Luck!
:
: --Armen
:
:
: On Mon, Feb 23, 2004 at 02:12:15PM -0700, Anna G. Zapata wrote:
: : Hi all,
: :
: : I downloaded and installed the latest version of open ssh. I was running openssh-3.6.1p2-19 on a Fedora box.
: However,
: : how do I know that the new install took and that the old open ssh has been done away with? I did the ./configure,
: make,
: : and make install, but I think I'm missing some steps.
: :
: : Thank you as always.
: :
: : Anna Zapata
: : UTS - Network Security
: : 303.871.2009
: :
: :
: : -
: : To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
: : the body of a message to majordomo@vger.kernel.org
: : More majordomo info at http://vger.kernel.org/majordomo-info.html
: : Please read the FAQ at http://www.linux-learn.org/faqs
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

ssh setup: user "locked out" daily

We have SSH running on our Linux Redhat 9 server. I set up new users to dump
them upon initial login to a common directory using the following command:
useradd -M -d /home/shared username -p password
passwd username (for some reason, -p password doesn't work?)

On a daily basis, they are locked out. /var/log/secure indicates the
following:
fatal: monitor_read: unsupported request: 24
PAM rejected by account configuration[13]: User account has expired

/var/log indicates the following:
Aug 19 10:38:15 wow-rtr sshd(pam_unix)[19144]: account emon has expired
(failed to change password)

They log in with winscp3 (graphical client) using sftp.

- Eve


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: ssh setup: user "locked out" daily

Hi,
On Thu, 19 Aug 2004 11:13:22 -0400
"Eve Atley" wrote:

>
> We have SSH running on our Linux Redhat 9 server. I set up new users
> to dump them upon initial login to a common directory using the
> following command: useradd -M -d /home/shared username -p password
> passwd username (for some reason, -p password doesn't work?)
>
> On a daily basis, they are locked out. /var/log/secure indicates the
> following:
> fatal: monitor_read: unsupported request: 24
> PAM rejected by account configuration[13]: User account has
> expired
>
> /var/log indicates the following:
> Aug 19 10:38:15 wow-rtr sshd(pam_unix)[19144]: account emon has
> expired(failed to change password)
>
> They log in with winscp3 (graphical client) using sftp.
>

I haven't looked at RedHat since 7.3 but ...

The problem here seems simple enough - the user account has expired.
Have a look at the man page for passwd and in particular the -x -n -w
-i options. There is also a program called chage which changes the
account ageing details. Account expiry information is held in
/etc/shadow - the manpage for shadow explains how it works.

I believe that there is a file in /etc/system/ or /etc/sysconfig/ (I
am not sure of the name) on RedHat which sets the default
password/account ageing policy. You may have to edit this file so
that newly created accounts don't expire. There may even be a kewl
graphical tool to do this - I haven't looked at RedHat recently and I
don't use kewl graphically tools anyway :-).

Hope this helps.

regards,

John Kelly

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

RE: ssh setup: user "locked out" daily

Thanks for the reply!

Ok, I did some looking, and chage pulls up the following info (with user
'emon' being one of the problematic ones, and user 'eve' being an old
account):
[root@wow-rtr etc]# chage -l emon
Minimum: -1
Maximum: 99999
Warning: -1
Inactive: -1
Last Change: Aug 19, 2004
Password Expires: Never
Password Inactive: Never
Account Expires: Never
[root@wow-rtr etc]# chage -l eve
Minimum: 0
Maximum: 0
Warning: 7
Inactive: 0
Last Change: Feb 03, 2004
Password Expires: Never
Password Inactive: Never
Account Expires: Never
[root@wow-rtr etc]#

The odd thing is that previous to my change (using a kewl graphical tool) of
removing the password expiration, user 'emon' looked just the same as user
'eve' which was set up quite some time ago.

I set up user 'emon' the same was as 2 previous users, and they have not
expired!

- Eve



-----Original Message-----
From: linux-newbie-owner@vger.kernel.org
[mailto:linux-newbie-owner@vger.kernel.org]On Behalf Of John Kelly
Sent: Thursday, August 19, 2004 12:12 PM
To: linux-newbie@vger.kernel.org
Subject: Re: ssh setup: user 'locked out' daily


Hi,
On Thu, 19 Aug 2004 11:13:22 -0400
"Eve Atley" wrote:

>
> We have SSH running on our Linux Redhat 9 server. I set up new users
> to dump them upon initial login to a common directory using the
> following command: useradd -M -d /home/shared username -p password
> passwd username (for some reason, -p password doesn't work?)
>
> On a daily basis, they are locked out. /var/log/secure indicates the
> following:
> fatal: monitor_read: unsupported request: 24
> PAM rejected by account configuration[13]: User account has
> expired
>
> /var/log indicates the following:
> Aug 19 10:38:15 wow-rtr sshd(pam_unix)[19144]: account emon has
> expired(failed to change password)
>
> They log in with winscp3 (graphical client) using sftp.
>

I haven't looked at RedHat since 7.3 but ...

The problem here seems simple enough - the user account has expired.
Have a look at the man page for passwd and in particular the -x -n -w
-i options. There is also a program called chage which changes the
account ageing details. Account expiry information is held in
/etc/shadow - the manpage for shadow explains how it works.

I believe that there is a file in /etc/system/ or /etc/sysconfig/ (I
am not sure of the name) on RedHat which sets the default
password/account ageing policy. You may have to edit this file so
that newly created accounts don't expire. There may even be a kewl
graphical tool to do this - I haven't looked at RedHat recently and I
don't use kewl graphically tools anyway :-).

Hope this helps.

regards,

John Kelly

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

-p option for useradd ( was Re: ssh setup: user "locked out" daily)

Eve Atley wrote:
> We have SSH running on our Linux Redhat 9 server. I set up new users to dump
> them upon initial login to a common directory using the following command:
> useradd -M -d /home/shared username -p password
> passwd username (for some reason, -p password doesn't work?)

-p password is expecting the ENCRYPTED password (as you see it
in /etc/shadow), not the cleartext password...

Inother words:
useradd -p hello_there brickie
is going to create a user brickie with an unknown password.

you need a program to produce an encrypted password (either in
crypt form (8 character limit) or the md5-sum format (roughly unlimited).


If you have grub on your system, grub-md5-crypt will
read a password (twice) and then produce an encrypted version
of it.. Unfortunately, it also generates a good bit of other output.
the following, howeveer seems to work, OK:

( echo hello_there ; usleep 50000 ; echo hello_there) |
grub-md5-crypt 2> /dev/null | tail -1

(the above is all on one line)

It essentially throws out all the errors on stderr, and only saves
the last line of output on stdout.

The result is now usable as a -p parameter for .useradd.

useradd -p ` ( echo hello_there ; usleep 50000 ; echo hello_there) |
grub-md5-crypt 2> /dev/null | tail -1 ` brickie

if you want to put that script into a file:

% cat bin/pwcrypt
@!/bin/bash
read line
[ -n "$line" ] || { echo " $0: Password missing ; exit 1 "; }
( echo "$line" ; usleep 50000 ; echo "$line" ) |
grub-md5-crypt 2> /dev/null | tail -1


@! useradd -p 'echo my new password | pwcrypt` brickie2

Would then create the user brickie2 with the password "my new password"

I also have a perl script that produces the old 'crypt' form
output -- but if you can use the md5sum format, I strongly
recommend it. Somebody has already done up a dictionary attack on
the 2 billion most likely 8 character passwords.

The reason why passwd will NOT accept cleartext passwords
on the command line is that (however sort the command runs),
command parameters are visible in the output of 'ps'.
If a not-nice user sees the useradd command when he is
doing a random 'ps' (or it shows up in the output of 'top'.
a cleartext password on the command line would then give
random users the password for the new user (bad!).

This is why I'm still not accepting a commandline password
for pwcrypt. somebody might see it and realize what it's
likely to be used for. This way it only shows up as a
parameter on an echo command (which is usually a shell
builtin). This is basically security by obscurity, but
it's the best you can hope for if you INSIST on being
able to sepecify the password on the commandline.


--
Stephen Samuel +1(604)876-0426 samuel@bcgreen.com
http://www.bcgreen.com/~samuel/
Powerful committed communication. Transformation touching
the jewel within each person and bringing it to light.
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Interpreting disk space and changing backup path

I ran the df command on Redhat Linux 9, and came up with this...what exactly
does it mean? Do I have space to backup part of this machine to another
drive? Which is my main drive?

Filesystem 1K-blocks Used Available Use% Mounted on
/dev/hda2 37334192 5058672 30379048 15% /
/dev/hda1 101089 29129 66741 31% /boot
/dev/hdb1 57669728 38728096 16012184 71% /home
none 257160 0 257160 0% /dev/shm

The backup script we have set up is as follows...I'd like to change the path
to instead backup to where I may have space...not the backup machine which
does NOT have enough space.

#!/bin/sh
#backup_main: simple backup routine to be used with samba and bash cp.
#this one simply copies an entire directory recursively to an smb mount.
#
#written by RKL - 7/17/2003
mount -t smbfs -o username=username,password=password,workgroup=somewkgrp
//BACKUP/backup /mnt/backup &>/root/backup_scripts/logs/`date
+"MOUNT-%y-%m-%d.log"`
if [ -f /mnt/backup/connected ]; then
rm -rf /mnt/backup/`date +"%A/"`
mkdir /mnt/backup/`date +"%A/"`
cp -r /home/shared/* /mnt/backup/`date +"%A/"`
1>/mnt/backup/logs/`date +"DAILY-%y-%m-%d.log"` 2>/mnt/backup/logs/`date
+"DAILY-%y-%m-%d.err"`
umount /mnt/backup &>/root/backup_scripts/logs/`date
+"MOUNT-%y-%m-%d.log"`
fi




-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Interpreting disk space and changing backup path

At 10:38 AM 12/22/2004 -0500, Eve Atley wrote:

>I ran the df command on Redhat Linux 9, and came up with this...what exactly
>does it mean? Do I have space to backup part of this machine to another
>drive? Which is my main drive?
>
>Filesystem 1K-blocks Used Available Use% Mounted on
>/dev/hda2 37334192 5058672 30379048 15% /
>/dev/hda1 101089 29129 66741 31% /boot
>/dev/hdb1 57669728 38728096 16012184 71% /home
>none 257160 0 257160 0% /dev/shm

First, you figure out which drive is which by checking the rightmost
column, mount point. If by "main drive" you mean the root filesystem, it is
the filesystem (or partition; not "drive") mounted at "/" ... in your case,
/dev/hda2. This is a partition on drive /dev/hda, which by convention is
the IDE Primary Master drive. (If you meant something different by "main
drive" ... for example, the biggest drive ... please try asking again, more
clearly.)

The secret decoder ring for IDE drive identifiers, BTW, is

/dev/hda = Primary Master
/dev/hdb = Primary Slave
/dev/hdc = Secondary Master
/dev/hdd = Secondary Slave

The second column "1K-blocks") tells you how big each drive is in KB, and
the fourth column ("Available") tells you how much space is available to
ordinary users (the portion reserved for root, usually 5%, is not included
in this number).

So, what we see above is ...

the root (/) filesystem is on /dev/hda2, is 37 GB in size, and has
30 GB available

the /boot partition (holds your kernel and a few related files) is
on /dev/hda1, is tiny by today's standards (100 MB), and has 67 MB free.

the /home partition is on /dev/hdb1 (a partition on the IDE
Primary Slave drive), is 57 GB in size, and has 16 GB available.

Can you do any backups on this machine? Well ...

the root (/) filesystem is about 5 GB in size, and /home has 16
GB available, so you *could* back / up to /home (though you will need to
use the "one drive" cp switch, so the modified script doesn't try to backup
/home to itself).

the /boot filesystem is tiny enough to backup anywhere you like,
but it is statis so not usually worth backing up.

the /home filesystem is 38 GB, larger than the 30 GB available on
/, so you cannot back it up on this system (unless you do it using tar with
compression, in which case you might be able to).

The script you have below is written to do backups over a netwotk to
another machine, via SMB (samba) mounts. Adapting it to same-machine
backups is, I'd suspect, more trouble than it is worth.


>The backup script we have set up is as follows...I'd like to change the path
>to instead backup to where I may have space...not the backup machine which
>does NOT have enough space.
>
>#!/bin/sh
>#backup_main: simple backup routine to be used with samba and bash cp.
>#this one simply copies an entire directory recursively to an smb mount.
>#
>#written by RKL - 7/17/2003
>mount -t smbfs -o username=username,password=password,workgroup=somewkgrp
>//BACKUP/backup /mnt/backup &>/root/backup_scripts/logs/`date
>+"MOUNT-%y-%m-%d.log"`
>if [ -f /mnt/backup/connected ]; then
> rm -rf /mnt/backup/`date +"%A/"`
> mkdir /mnt/backup/`date +"%A/"`
> cp -r /home/shared/* /mnt/backup/`date +"%A/"`
>1>/mnt/backup/logs/`date +"DAILY-%y-%m-%d.log"` 2>/mnt/backup/logs/`date
>+"DAILY-%y-%m-%d.err"`
> umount /mnt/backup &>/root/backup_scripts/logs/`date
>+"MOUNT-%y-%m-%d.log"`
>fi


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Interpreting disk space and changing backup path

Eve Atley wrote:
>
> I ran the df command on Redhat Linux 9, and came up with
> this...what exactly does it mean? Which is my main drive?

You appear to have two drives: a master HD on your
primary IDE cable:

> /dev/hda1 101089 29129 66741 31% /boot
> /dev/hda2 37334192 5058672 30379048 15% /

And a slave HD on your primary IDE cable:

> /dev/hdb1 57669728 38728096 16012184 71% /home

The master HD has two partitions mounted: a 101mb boot
partition and a 37gb root partition. The slave HD has
one partition mounted: a 57gb partition containing the
/home subdirectory.

> I'd like to change the path to instead backup to where
> I may have space...

You have space (30gb) on your root partition (on master HD),
so it would possible to use it for a compressed backup of
/home (from slave HD). That would put your backup on a
different HD. This is good. However, it is not so good
to have your only backup on the same machine. A fire, power
surge or other catastrophe could destroy both the original
and the backup. It is better for the backup to be on a
different machine (or, better yet, at a different location).

Cheers,
Steven

____________________________
http://www.basiclinux.com.ru
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs