Re: How to verify Privilege Separation is working?

From: David Walker (ssh_at_grax.com)
Date: 09/26/04

  • Next message: Frank Hamersley: "RE: Illegal user ssh probes"
    To: secureshell@securityfocus.com
    Date: Sun, 26 Sep 2004 11:52:09 -0500
    
    

    ssh into your server to an account that requires a password or a non-existing
    account that prompts for a password. Don't enter a password at this time but
    run your ps command (from another shell of course). If privilege separation
    is operational then you will see an sshd process running under the separation
    account such as "sshd"

    On Friday 24 September 2004 02:59 am, Philip Le Riche wrote:
    > Hi -
    >
    > Is there a simple way to positively demonstrate that privilege
    > separation is working? Running ps -fe shows all sshd processes running
    > as root. If /var/empty doesn't exist, sshd still seems to work, but
    > presumably without privilege separation. There may be other
    > configuration errors which could have the same effect.
    >
    > (The reason I ask is that a vulnerability assessment has shown that I
    > need to upgrade to OpenSSH 3.7.1 to avoid known vulnerabilities.
    > However, rebuilding from source has run into problems with
    > incompatible libraries since we're on an old version of AIX. No doubt
    > these are fixable, given time my management may not allow me, but if I
    > could positively demonstrate that privilege separation is working, I
    > could argue that the risk is low and limited to DoS. Agreed?)
    >
    > - Philip


  • Next message: Frank Hamersley: "RE: Illegal user ssh probes"