On Mon, Oct 07, 2002 at 12:00:31PM -0700, Bob Miller wrote: > Jacob Meuser wrote: > > > [....] OpenSSH uses privilege separation [....] > > When privilege separation first came out, there was some mention of it > not being compatible with compression. (I don't know the details; > that's why I'm asking.) > > Does current openssh support priv sep and compression at the same > time?
I think that was a Linux issue. Has work on OpenBSD for some time ... builder:~% ssh -v -C george OpenSSH_3.4, SSH protocols 1.5/2.0, OpenSSL 0x00907003 debug1: Reading configuration data /home/jakemsr/.ssh/config debug1: Applying options for george debug1: Reading configuration data /etc/ssh/ssh_config debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: needpriv 0 debug1: Connecting to george [192.168.xxx.xxx] port 22. debug1: Connection established. debug1: identity file /home/jakemsr/.ssh/id_rsa type 1 debug1: identity file /home/jakemsr/.ssh/id_dsa type 2 debug1: Remote protocol version 2.0, remote software version OpenSSH_3.4 debug1: match: OpenSSH_3.4 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.4 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-md5 zlib debug1: kex: client->server aes128-cbc hmac-md5 zlib debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: dh_gen_key: priv key bits set: 124/256 debug1: bits set: 1575/3191 debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host 'george' is known and matches the RSA host key. debug1: Found key in /home/jakemsr/.ssh/known_hosts:10 debug1: bits set: 1559/3191 debug1: ssh_rsa_verify: signature correct debug1: kex_derive_keys debug1: newkeys: mode 1 debug1: Enabling compression at level 6. debug1: SSH2_MSG_NEWKEYS sent debug1: waiting for SSH2_MSG_NEWKEYS debug1: newkeys: mode 0 debug1: SSH2_MSG_NEWKEYS received debug1: done: ssh_kex2. debug1: send SSH2_MSG_SERVICE_REQUEST debug1: service_accept: ssh-userauth debug1: got SSH2_MSG_SERVICE_ACCEPT debug1: authentications that can continue: publickey,keyboard-interactive debug1: next auth method to try is publickey debug1: userauth_pubkey_agent: testing agent key /home/jakemsr/.ssh/id_dsa debug1: input_userauth_pk_ok: pkalg ssh-dss blen 433 lastkey 0x441a0 hint -1 debug1: ssh-userauth2 successful: method publickey debug1: channel 0: new [client-session] debug1: send channel open 0 debug1: Entering interactive session. debug1: ssh_session2_setup: id 0 debug1: channel request 0: pty-req debug1: channel request 0: shell debug1: fd 5 setting TCP_NODELAY debug1: channel 0: open confirm rwindow 0 rmax 32768 Last login: Mon Oct 7 12:36:40 2002 from builder OpenBSD 3.1-stable (GENERIC) #1: Mon Aug 12 04:42:06 PDT 2002 Welcome to OpenBSD: The proactively secure Unix-like operating system. Please use the sendbug(1) utility to report bugs in the system. Before reporting a bug, please try to reproduce it with the latest version of the code. With bug reports, please try to ensure that enough information to reproduce the problem is enclosed, and if a known fix for it exists, include that as well. george$ -- <[EMAIL PROTECTED]> _______________________________________________ Eug-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
