Privilege separation user sshd does not exist



'm getting this error when I try to start my cross-compiled OpenSSH sshd
daemon for the first time with privilege separation enabled.

I am using OpenSSH_4.6p1.

I believe I have added a 'sshd' user and group correctly. I can login
just fine as that user:

# login
(none) login: sshd
$
$ whoami
$ sshd

I'm trying to start the daemon as follows so that I can see the debug:

# /sbin/sshd -D -d

The error I am getting is:
Privilege separation user sshd does not exist

The contents of my /etc/group file are as follows:

root::0:root
sshd:x:33:

The contents of my /etc/passwd file are as follows:

root::0:0:Root User:/root:/bin/ash
sshd::501:33:sshd user:/var/empty:/bin/false

Can anyone please help me out?

Thanks!



Relevant Pages

  • RE: X11 Forwarding
    ... Upon receipt of a connection request, ... the daemon forks, creating a new process. ... I guess all those forums out there saying that sshd reads the config ... First do a "ps -f" to get the PPID ...
    (SSH)
  • Re: How to verify Privilege Separation is working?
    ... Just a few servers out of several dozen had neither the sshd user nor ... I fixed that (sshd with login and remote login ... >>presumably without privilege separation. ...
    (SSH)
  • Re: How to verify Privilege Separation is working?
    ... Just a few servers out of several dozen had neither the sshd user nor ... I fixed that (sshd with login and remote login ... >>presumably without privilege separation. ...
    (SSH)
  • Re: Rebuilding OpenSSH on RedHat 7.3
    ... I compiled using a prefix of /usr instead of /usr/local, ... seem to put the daemon in /usr/sbin where the default location is for RH ... the init script points at the correct sshd. ... other binaries are not in the right place because sshd that got ...
    (comp.security.ssh)
  • Re: [opensuse] What is with the script kiddies tonight??
    ... That file is used by more than just sshd. ... meaning you have already logged in to some daemon or other by the time ... mplayer was just a bit more embellishment, the icing on the cake, if you will. ... If it is just an automated dictionary attack, ...
    (SuSE)