From 509e7c7f3c55082eead9c5f83093b2f082e9896b Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 1 Sep 2003 01:04:24 +0000 Subject: Debian release 3.4p1-2. --- debian/README.Debian | 24 ++++++++++++++++++++++-- debian/changelog | 7 +++++++ 2 files changed, 29 insertions(+), 2 deletions(-) (limited to 'debian') diff --git a/debian/README.Debian b/debian/README.Debian index c2858d2f9..fd969d7c9 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -11,11 +11,31 @@ ssh that is going to make it into Debian proper, being the only one that complies with the Debian Free Software Guidelines. If you were expecting to get the non-free version of ssh (1.2.27 or -whatever) when you installed this package, please install ssh-nonfree -instead, which is what we're now calling the non-free version. +whatever) when you installed this package, then you're out of luck, as +Debian don't ship it. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= +Privilege Separation +-------------------- + +As of 3.3, openssh has employed privilege separation to reduce the +quantity of code that runs as root, thereby reducing the impact of +some security holes in sshd. + +Unfortunately, privilege separation interacts badly with PAM. Any PAM +session modules that need to run as root (pam_mkhomedir, for example) +will fail, and PAM keyboard-interactive authentication won't work. + +Privilege separation is turned on by default, so if you decide you +want it turned off, you need to add "UsePrivilegeSeparation no" to +/etc/ssh/sshd_config + +NB! If you are running a 2.0 series Linux kernel, then privilege +separation will not work at all, and your sshd will fail to start +unless you explicity turn privilege separation off. + + PermitRootLogin set to yes -------------------------- diff --git a/debian/changelog b/debian/changelog index 32f541a0f..f2e32f13e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +openssh (1:3.4p1-2) unstable; urgency=high + + * Get a security-fixed version into unstable + * Also tidy README.Debian up a little + + -- Matthew Vernon Fri, 28 Jun 2002 17:20:59 +0100 + openssh (1:3.4p1-1) testing; urgency=high * Extend my tendrils back into this package (Closes: #150915, #151098) -- cgit v1.2.3