Re: OpenSSH, privilage separation

From: Kasper Dupont (kasperd@daimi.au.dk)
Date: 06/23/02


From: Kasper Dupont <kasperd@daimi.au.dk>
Date: Sun, 23 Jun 2002 00:31:08 +0200

Jem Berkes wrote:
>
> Apparently the new OpenSSH 3.3 (released yesterday) has privilage
> separation enabled by default, as described here:
> http://www.citi.umich.edu/u/provos/ssh/privsep.html

Looks nice. (At least the figure looks nice, I did not look on
the implementation.) BTW does this mean that the second sshd
child process will now be runing with ID of the user that log
in? (So the user could actually do something like:
"strace -p $(ps -o ppid= -p $$)"?)

>
> To work, there needs to be a (1) user sshd,

Sounds reasonable.

> and (2) /var/empty, where sshd will be chrooted.

Paranoia! But of course when we are talking about sshd being
paranoid is good. But why not use /var/empty/sshd in case
there will be more similar chrooted daemons in the future.

>
> I never really learned the format of /etc/passwd properly, so I just added
> this line.

Why not use useradd?

> Is this the correct way to create a dummy user?
>
> sshd:*:54333:54333:sshd:/no/where:/no/shell

The format is correct. But if you are just going to put the
username in the comment field, you could as well keep it
empty. Writing "OpenSSH privilege separation" would say a
lot more.

Your choice of home and shell is unusual. I just verified
what nobody used on different systems, the home was set to
either / or /dev/null, and the shell was set to either
/sbin/nologin or /dev/null.

-- 
Kasper Dupont -- der bruger for meget tid på usenet.
For sending spam use mailto:razor-report@daimi.au.dk