sshd as non root
From: Ben Ford (ben_at_kalifornia.com)
Date: 09/24/05
- Previous message: Nosorozec: "Re: SSH Tunnel - How does it works?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 23 Sep 2005 23:45:00 -0700 To: secureshell@securityfocus.com
I'm trying to figure out some way to run sshd as non-root while still
retaining full functionality. Now before you shout RTFM at me, I have
read the docs and understand why they say you can't do it (binding to
low port, switching users, etc).
What I am trying to do is set up a kernel level "default deny" system
using grsecurity. I'd like to deny ALL network access in or out of the
system except for sshd, exim, apache and trusted users. In order to do
this, ssh has to run as a different user than other system processes.
Is there any way to accomplish this? Or is there another way to set up
a default deny system? (is there a way to use iptables to filter by
process rather than user?)
I've already tried chmod +s /usr/bin/sshd and running as non-root and it
didn't work.
I'm running OpenSSH 4.2p1 on Linux 2.6.11.12 with the grsecurity patch.
Thanks!
-b
-- Dear Outlook users: Please remove me from your address books http://www.newsforge.com/article.pl?sid=03/08/21/143258
- Previous message: Nosorozec: "Re: SSH Tunnel - How does it works?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
