im having trouble setting up my ssh daemon. the documentation i read assumes you basically know how ssh works. i dont. the daemon isnt starting when i boot and i get an error.

"Privilege separation user sshd does not exist"

what does this mean?

ive searched this forum and found nothing helpful in slackware to setup an ssh daemon. most say that sshd runs on a fresh install. yes..this was the case. but somewhere between the fresh install (6 hrs ago) and now, ssh is no longer seen on netstat -l and everytime i try to start/restart it i get the "Privilege separation user sshd does not exist" error. once this is done im still lost? any have the time to walk me through the basics?

Did you choose to make ssh run as a service (which makes it executable). You can check it with pkgtool.

Did you install your own kernel, was ssh working until that point. In which case perhaps a compile option maybe. I see the 2.6.5 in your sig.

It'll be a lot easier for readers to help you if you can tell us what changes you've made in those six hours, since one or more of those changes apparently borked sshd.

In the meantime, look through the file /etc/passwd to see if there's a user named 'sshd'

Enjoy!
--- Cerbere

Yeah, I think ringwraith is on to something, there. So sshd was working just fine after your frsh install. Six hours later, it doesn't work any more. What did you do in the last six hours?

Post up some specifics, and someone can probably help you out. Of everything I run on my computer, sshd has given me the least amount of trouble. I'm guessing the same as ringwraith, probably a kernel compilation error. Of course it's a total shot in the dark, since all we really know is that you are trying to run sshd( though we have a pretty good idea that you are running Slackware, probably 9.1, and probably with the 2.6.5 kernel).

Does the user sshd exist on your computer (look in /etc/passwd)?

Check out his site, maybe there is some help there: http://www.citi.umich.edu/u/provos/ssh/privsep-faq.html

Kinda confusing? This one seemed more to the point: http://www.unixguide.net/comments/su...shtml/37.shtml

Hope this helps,

Shilo

Cerbere, you are apparently a much faster typist than me!!!

thanks for the replies guys. i restored my old passwd file and now i dont have that error. now for the setup part?
why does this only work for root? i did some searching but couldnt find how to set it up. where do i add users? how can i test it locally?

I've never seen this before:And it seems like a security hole. Why would you want to tell an unauthorized user that the username he tried does not exist? It makes it that much easier to run a script that tries different usernames until that message is not returned, then he knows that he has found a valid username.

Currently, my sshd (Slackware 9.0) will accept any username and then issue the password challenge, then it gives a generic message of 'Permission denied, please try again.' until the third attempted password, whereupon it gives the nearly as generic message 'Permission denied (publickey,password,keyboard-interactive).' and disconnects. This way the person doesn't know which is incorrect, the username or password or both.

I'd advise you to change this behavior if you can. Unfortunately, I'm afraid I can't tell you how to accomplish this, since it was the default behavior for my install. I can suggest that you read through /etc/ssh/sshd_config, as well as through the various files in /usr/doc/openssh-*/ and, while you're at it, 'man ssh' and 'man sshd'.

As for adding users, root can add a user with the command 'adduser'.

Enjoy!
--- Cerbere

I guess he did a lot of tweaking in that system... My 9.1 works just fine...

Yeah, he still hasn't answered the question... did you install a custom kernel, did you install a firewall script, did you mess with iptables ....... what happened after the install.

HMM... I never go to that much trouble to use ssh. I just check it out on my local computer with something simple, like:

I add users with the cryptic command:

Try those out. I think I answered your questions, just in reverse order.

I just tried your command on my computer. Here's what I got. Of course, I don't have a user named 'user' on my system, so I don't have a password.

just a custom kernel 2.6.5. no firewall script no iptables. all i did was compile the 2.6.5 kernel, change a few styles in flux set up netscape to my liking. thats about it.

Think you have probably done more than that. You say you had to restore your old /etc/passwd file , which indicates that you also edited your /etc/passwd file . We are all left wondering what else you've done. I think the reason everyone is wondering is because most of us, and I could be wrong, here did one of the following in order to get sshd going.

1) Nothing

or

(This will start up sshd at boot time & get it started for you right now, without a reboot)
2)Which one depends on if you chose to run sshd at start up when you were installing Slackware.

As for users, like I said before, just add the user to your box, they automatically are a ssh user with the same password.

As for testing locally, like I said, justThen, try it remotely. The only heads up is if you are using a router/ firewall. You'll need to make sure you open up the ssh port.

Hope this helps,

the rc.sshd script is already executable and it already boots up when i turn on computer. the only reason i edit the file was just to delete the other entries that were not users..but i fully restored that.
and if everyone must know the details these are the files i edited after kernel compile:
/etc/lilo.conf
~/.vimrc
/etc/DIR_COLORS
/etc/profile
/etc/X11/XF86Config-4
/etc/inetd.conf

as far as installing things i installed the artwiz fonts and aterm. nothing else was changed.

WHat happens when you type