Getting sshd Up and Running

Started by bkmoore, July 31, 2010, 06:56:33 pm

Previous topic - Next topic

bkmoore

All,

I have been playing with sshd for a while, but still haven't gotten it to work on my system. I set up my rc.local file per kb7sqi's instructions and prngd is installed and running. But it appears that sshd is not running on my system. When I try to confirm with the ps-aux command, it is not there. As root, I tried to manually load it and get the following error:


root@olympic/usr/local/sbin$sshd
This platform does not support both privilege separation and compression
Compression disabled
Privilege separation user sshd does not exist


After running this command, verifying with ps-aux, there is no sshd loaded.


root@olympic/usr/local/sbin$ps -aux
USER       PID  %CPU %MEM VSIZE RSIZE TT STAT  TIME COMMAND
root       204   0.2  7.7 20.0M 2.48M ?  SW    0:06 - console (WindowServer)
root       205   0.2  6.1 5.73M 1.96M ?  SW    0:06 - console (loginwindow)
root         1   0.0  0.3  736K   96K ?  SW    0:00 /usr/etc/init -xx
root        -1   0.0  9.1 17.3M 2.90M ?  S <   0:00 <mach-task>
root        -1   0.0  0.0    0K    0K ?  S     0:00 <mach-task>
root         2   0.0  0.4  768K  136K co SW    0:00  (mach_init)
root         3   0.0  3.1 2.99M 1000K ?  SW    0:01 /usr/etc/kern_loader -n
root        -1   0.0  0.0    0K    0K ?  ?W<   0:00 <mach-task>
root        90   0.0  1.0 1.58M  320K ?  SW    0:00 /usr/etc/syslogd
root        23   0.0  1.7 6.73M  560K ?  S     0:00  (nmserver)
root       100   0.0  1.0 1.59M  312K ?  SW    0:00 /usr/etc/nibindd
root       101   0.0  1.3 1.63M  440K ?  SW    0:01 /usr/etc/netinfod local
root       105   0.0  1.3 1.67M  432K ?  SW    0:00  (lookupd)
root       110   0.0  0.5 1.65M  152K ?  S     0:00  (biod)
root       111   0.0  0.5 1.65M  152K ?  S     0:00  (biod)
root       113   0.0  0.5 1.65M  152K ?  S     0:00  (biod)
root        95   0.0  0.8 1.57M  272K ?  SW    0:00 /usr/etc/portmap
root       122   0.0  0.7 1.69M  240K ?  SW    0:00  (autonfsmount)
root       128   0.0  0.5 1.68M  168K ?  S     0:00  (bootpd)
root       112   0.0  0.5 1.65M  152K ?  S     0:00  (biod)
root       137   0.0  1.0 1.58M  336K ?  SW    0:00  (inetd)
root       143   0.0  1.1 1.70M  352K ?  S     0:00 -accepting connections (sen
root       148   0.0  1.2 2.13M  384K ?  SW    0:00  (lpd)
root       157   0.0  0.6 2.12M  192K ?  SW    0:00 /usr/lib/lpd
root       159   0.0  1.2 1.74M  384K ?  SW    0:00  (pbs)
root       170   0.0  1.7 3.71M  544K ?  SWN   0:00  (npd)
root       171   0.0  1.1 1.69M  360K co SW    0:06 /usr/local/sbin/prngd /etc/
root       188   0.0  1.1 2.48M  360K co SW    0:00  (stunnel)
root       190   0.0  1.4 2.18M  448K co SW    0:00  (ISLicenseServer)
root       196   0.0  0.5 1.65M  160K ?  SW    0:00 update
root       199   0.0  0.9 1.65M  288K ?  SW    0:00  (cron)
root         0   0.0  9.1 17.3M 2.90M ?  R N  16:39  (kernel idle)
root       131   0.0  1.0 1.58M  312K ?  SW    0:00  (rpc.bootparamd)
root        -1   0.0  0.0    0K    0K ?  S     0:00 <mach-task>
root        -1   0.0  0.0    0K    0K ?  S     0:00 <mach-task>
root       211   0.0  1.2 1.61M  400K p0 SW    0:02 telnetd
brian      212   0.0  2.9 2.10M  944K p0 SW    0:01 -bash (bash)
root       224   0.0  2.8 2.10M  920K p0 SW    0:01 su
root       254   0.0  1.7 1.96M  568K p0 R     0:00 ps -aux
root@olympic/usr/local/sbin$


I tried both the default sshd_config file and uncommenting the line port 22. But it has made no difference.

Any help would be appreciated.

Brian

itomato

"Privilege separation user sshd does not exist" - This may be a clue..
-itomato

bkmoore

Thanks,

I added the sshd group and sshd user to netinfo and also in the /etc/group and /etc/passwd files.  I used 27 for both the gid and uid. The daemon is loading now on port 22. I still can't login remotely, but at least I am making some progress.

When I attempt to login, I get:



brian@Brians-MacBook-Pro:~$ ssh 10.0.1.200
brian@10.0.1.200's password:
Connection to 10.0.1.200 closed by remote host.
Connection to 10.0.1.200 closed.
brian@Brians-MacBook-Pro:~$


I think I'm going to quit for the day and then play with the sshd_config file tomorrow.

Brian

jaallen

I had this all setup. I am being forced to reload it all.

In your sshd.config file, look for #UsePrivilegeSeperation yes

Take away the comment # sign and change yes to no

Reboot

nextstep and openstep did not have POSIX authentication seperation available in PRNGD

-Jeff

bkmoore

Thanks for that last bit of advice. sshd is up and running on my system now.

jaallen

Great. And you are very welcome.