RE: Who to run sshd as
- From: "Young, Randy" <RWYoung@xxxxxxxxxxxx>
- Date: Mon, 30 Oct 2006 15:00:04 -0800
Personally I use the privilege separation with SSHD so it can start and
bind to port 22, but when ever someone logs in a child process starts
with no privileges, it has a home directory of /var/empty and the shell
on my Solaris and HPUX boxes is /usr/bin/false and on Linux it's
/sbin/nologin. The user gets a child under their name only, so no more
privileges than you allow that user. This capability has been part of
OpenSSH for quite a while now, I know at least to the early 3.x
versions.
Randy
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of James Stickland
Sent: Friday, October 27, 2006 8:44 PM
To: secureshell@xxxxxxxxxxxxxxxxx
Subject: Who to run sshd as
Hello, im running openssh 4.4p1 for Linux
I setuid the sshd binary to execute as a normal user "joe"
but that user does not have permission to bind the socket.
How can i have my sshd run as non-root, yet still bind the socket?
- Prev by Date: Re: Who to run sshd as
- Next by Date: Re: Who to run sshd as
- Previous by thread: Re: Who to run sshd as
- Next by thread: Openssh + Solaris 9 and authentication
- Index(es):
Relevant Pages
|
