Privilege separation user

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I just upgraded to openssh-3.6.1, on FreeBSD 4.7R (because of the realpath
issue). I was happy to read about the "privilege separation user". So, I
added this to my config file:

UsePrivilegeSeparation yes

And the sshd user + group were created. Time to log in (as "mark"):

root         32768  ... Is  0:00.32 /usr/local/sbin/sshd
root         32769  ... Is  0:00.05 sshd: mark [priv] (sshd)
mark       32771  ... S   0:00.35 sshd: mark@ttyp0 (sshd)

Hmm, that does not look all that unprivileged to me. :( Was the second
process not supposed to be unprivileged? Syslog is awfully quiet too.

So, what am I doing wrong here?


- Mark

Re: Privilege separation user

Quoted text here. Click to load it

Quoted text here. Click to load it

No, that's right.  32768 is the listening daemon, 32769 is the
privileged process for your login (the "monitor"), 32771 is the
unpriv'ed process for your login (the "slave").

Root privileges are required for some operations at login time (eg
reading the password file) or at some time later (eg allocating a pty),
so the the monitor hangs around as long as you're logged in.

Try turning off PrivilegeSeparation, you'll see one less process (pid
32771 in this example).

Dunno about the syslog thing though.

Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Site Timeline