Discussion:
SSH Client to syslog: How to send
(too old to reply)
Walt Madden
2010-09-06 19:27:32 UTC
Permalink
I did hear that they were planning to add exit points to SSH
I will second Scott's statements regarding syslog being intended for server
logging -- I've also never heard of a client program (OpenSSH or otherwise)
that would log information to syslog.

As for exit points in the IBM i port of OpenSSH -- there are no plans to add
Exit Points to the OpenSSH on IBM i software. However, some of the function
you might expect to use exit points for are available in configuration
options supported by OpenSSH:

"chroot jail" -- SSH-connected users are placed into a subdirectory of the
file system (masking off any access to the rest of the file system)

sshd_config configuration options: DenyUsers, AllowUsers, DenyGroups,
AllowGroups -- these options are lists of userids or groupids that are
denied or allowed access via SSH
--
-----
Walt Madden
IBM i software development
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Zvi Kave
2010-09-07 10:42:16 UTC
Permalink
Hi Walt,
 
I realized that my current V5R4/V5R3 SSHD installations do not recognize ChrootDirectory option.
I understand that there is a PTF to upgrade SSH to the supported version.
Can you direct me to the correct link for this PTF for V5R3/V5R4/V6R1 ?
 
Best regards,
 
Zvi

--- On Mon, 9/6/10, Walt Madden <walterross-***@public.gmane.org> wrote:


From: Walt Madden <walterross-***@public.gmane.org>
Subject: Re: SSH Client to syslog: How to send
To: midrange-l-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org
Date: Monday, September 6, 2010, 12:27 PM
I did hear that they were planning to add exit points to SSH
I will second Scott's statements regarding syslog being intended for server
logging -- I've also never heard of a client program (OpenSSH or otherwise)
that would log information to syslog.

As for exit points in the IBM i port of OpenSSH -- there are no plans to add
Exit Points to the OpenSSH on IBM i software.  However, some of the function
you might expect to use exit points for are available in configuration
options supported by OpenSSH:

"chroot jail" -- SSH-connected users are placed into a subdirectory of the
file system (masking off any access to the rest of the file system)

sshd_config configuration options: DenyUsers, AllowUsers, DenyGroups,
AllowGroups -- these options are lists of userids or groupids that are
denied or allowed access via SSH
--
-----
Walt Madden
IBM i software development
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Walt Madden
2010-09-07 17:36:15 UTC
Permalink
Post by Zvi Kave
I understand that there is a PTF to upgrade SSH to the supported
version.
Can you direct me to the correct link for this PTF for V5R3/V5R4/V6R1
?
V5R3 is out of service and chroot is not supported on 5.3. The last V5R3
5733SC1 PTFs are SI18056, SI24208, SI34376

The current/latest 5733SC1 PTFs in the supported releases:
5.4 -- SI39652, SI36891
6.1 -- SI40092, SI36892
7.1 -- SI39965, SI38685, SI36895
These PTFs update OpenSSH to version 4.7p1. The chroot feature is explained
in the cover letter of superseded PTFs SI33600 (6.1) SI33703 (5.4)
--
-----
Walt Madden
IBM i software development
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request-Zwy7GipZuJhWk0Htik3J/***@public.gmane.org
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
Loading...