> On Monday 01 July 2002 02:24 am, David Seaton wrote: >> [root@ns /root]# /etc/rc.d/init.d/sshd start >> Starting sshd: This platform does not support both privilege >> separation and compression >> Compression disabled >> Bad owner or mode for /var/empty/sshd
This here is your problem, the permissions(modes) or owner for the directory /var/empty/sshd were wrong. >> ERROR! >> [root@ns /root]# cd /var/empty >> [root@ns empty]# ls sshd If you'd done an ls -l here we'd be able to see the problem! >> [root@ns empty]# rmdir sshd The problem is not that the directory should not be there, the problem is that its got the wrong permissions. The directory *is* needed, which is why... >> [root@ns empty]# /etc/rc.d/init.d/sshd start >> Starting sshd: This platform does not support both privilege >> separation and compression >> Compression disabled >> Missing privilege separation directory: /var/empty/sshd ...deleting it doesn't help either! You now have an error message complaining that the directory is missing. >> ERROR! >> [root@ns empty]# >> What does this mean? How do I get SSH back? Geralod wrote: > mkdir /var/empty > chown root:root /var/empty > chmod 755 /var/empty This is pretty much it, creating the directory, and setting the owner/modes/permissions correctly. However, some packages of sshd (including the one that you're using it seems) expect the privilege separation directory to be /var/empty/sshd, rather than just /var/empty, so you'll need to do: [as root] mkdir /var/empty/sshd chown root:root /var/empty/sshd chmod 755 /var/empty/sshd > edit sshd_config > Compression no On platforms where privilege seperation and compression are not supported, it *is* correct to switch compression off to allow sshd to run. However, from looking at the messages above, it looks like the package-installed sshd start script is handling this. >> Starting sshd: This platform does not support both privilege >> separation and compression >> Compression disabled Given that it knows what its doing, you may as well leave sshd_config alone, and should this ever get fixed, no doubt the package will be updated to no longer disable compression on startup. So you may as well try leaving sshd_config alone and seeing if it works. Hope this helps! Cheers Stephen _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
