Do you have a question? Post it now! No Registration Necessary. Now with pictures!
August 12, 2003, 7:18 am
rate this thread
issue). I was happy to read about the "privilege separation user". So, I
added this to my config file:
And the sshd user + group were created. Time to log in (as "mark"):
root 32768 ... Is 0:00.32 /usr/local/sbin/sshd
root 32769 ... Is 0:00.05 sshd: mark [priv] (sshd)
mark 32771 ... S 0:00.35 sshd: mark@ttyp0 (sshd)
Hmm, that does not look all that unprivileged to me. :( Was the second
process not supposed to be unprivileged? Syslog is awfully quiet too.
So, what am I doing wrong here?
Re: Privilege separation user
No, that's right. 32768 is the listening daemon, 32769 is the
privileged process for your login (the "monitor"), 32771 is the
unpriv'ed process for your login (the "slave").
Root privileges are required for some operations at login time (eg
reading the password file) or at some time later (eg allocating a pty),
so the the monitor hangs around as long as you're logged in.
Try turning off PrivilegeSeparation, you'll see one less process (pid
32771 in this example).
Dunno about the syslog thing though.
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum