Re: When does Privilege Seperation work.

• Next message: toylet: "Re: Upcoming OpenSSH vulnerability"
• Previous message: Peter Senft: "Re: FTP over SSH"
• In reply to: Arjan Oosting: "When does Privilege Seperation work."
• Next in thread: Evert: "Re: When does Privilege Seperation work."
• Reply: Evert: "Re: When does Privilege Seperation work."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Filbert <LookIn@MyDamnSig.edu>
Date: Wed, 26 Jun 2002 13:18:27 GMT

In article <Pine.GSO.4.44.0206260855260.27100-100000
@bellatrix.students.cs.uu.nl>, ajoostin@students.cs.uu.nl says...
> Hi,
>
> Yesterday i've updated my server to openssh 3.3 after configuring my server
> using the instructions from README.privsep, but some questions remain:
> 1. How do i know privilege sepration is really working on my system, for
> instance which lines in the debug output from sshd indicate
> running privilege seperation.
> 2. Why do i need a sshd user and group? In the output of top or ps i see
> no processes running with username sshd.
>
> I hope someone can answers this questions. I will supply some additional
> information about my system, maybe that helps when anwsering my questions.
>
> Greeting Arjan
>
> My system:
> Linux dist : Linux From Scratch
> Linux kernel : 2.4.17
> Glibc version : 2.2.3
> Openssh version : 3.3p1
>
>

Hi,

I have similar concerns:
After an upgrade of openssh to 3.3 on my FreeBSD 4.6 server I can see
that PrivilegeSeparation is tuned on:

# ps -ax | grep sshd
   83 ?? IWs 0:00.00 /usr/sbin/sshd
  119 ?? IW 0:00.00 sshd: user [priv] (sshd)
  121 ?? S 0:00.18 sshd: user@ttyp0 (sshd)

On my Linux server (kerner 2.4.7) I don't see that [priv]

# ps -ax | grep sshd
15090 ? S 0:00 /usr/sbin/sshd
15096 ? S 0:00 /usr/sbin/sshd
15098 ? S 0:00 /usr/sbin/sshd
15294 pts/6 S 0:00 grep sshd

-- 
FilbertAtPandoraDotBe
 http://divisionbyzero.cjb.net
 Updated proxy lists

• Next message: toylet: "Re: Upcoming OpenSSH vulnerability"
• Previous message: Peter Senft: "Re: FTP over SSH"
• In reply to: Arjan Oosting: "When does Privilege Seperation work."
• Next in thread: Evert: "Re: When does Privilege Seperation work."
• Reply: Evert: "Re: When does Privilege Seperation work."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: When does Privilege Seperation work. ... > Yesterday i've updated my server to openssh 3.3 after configuring my server ... > running privilege seperation. ... After an upgrade of openssh to 3.3 on my FreeBSD 4.6 server I can see ... (comp.security.ssh) Re: When does Privilege Seperation work. ... >> Yesterday i've updated my server to openssh 3.3 after configuring my ... >> running privilege seperation. ... Why do i need a sshd user and group? ... (comp.security.ssh) Re: When does Privilege Seperation work. ... >> Yesterday i've updated my server to openssh 3.3 after configuring my ... >> running privilege seperation. ... Why do i need a sshd user and group? ... (comp.security.ssh)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint