Bug#864190: openssh-server: Missing privilege separation directory: /run/sshd
Please consider to ensure that the SSH privilege-seperation directory is in place as long as SSH is installed (in contract to "as long as SSH is running').
Rationale:
>> RuntimeDirectory=sshd
>> Perhaps that would be a reliable way to fix the problem...
> That does indeed seem like a plausible approach. Committed to git
> master, thanks.
Although this seems to be very robust way to ensure the privilege-separation directory exists and is empty, it disallows to run 'sshd' as a non-root user because of missing '/run/sshd' if 'sshd' has not been started by 'systemd'.
My use case is to establish a tunnel between two clients without the need of root privileges. The (potentially) missing '/run/sshd' prevents this.
I am not a security expert and do not know if this use case implies security issues (e.g. breaks privilege separation), but security is at least not decreased if '/run/sshd' exists even if 'sshd' is not running: A user is able to create a patched copy of 'sshd' replacing '/run/sshd' with '/tmp/sshd' and create a symlink from '/tmp/sshd' to any directory owned by root which is not accessible to group or world-side (like e.g. '/run/log').
In fact, users will compromise system security if they are tempted to workaround missing '/run/sshd' this.
With best regards,
doak
On Sun, 23 Jul 2017 13:15:45 +0100 Colin Watson <cjwatson@debian.org> wrote:
> Control: tag -1 pending
>
> On Mon, Jul 17, 2017 at 09:26:26AM +1000, Dmitry Smirnov wrote:
> > So I had a chance to try another fix to the problem: I was able to start
> > "ssh.service" again after adding the following line:
> >
> > RuntimeDirectory=sshd
> >
> > Perhaps that would be a reliable way to fix the problem...
>
> That does indeed seem like a plausible approach. Committed to git
> master, thanks.
>
> --
> Colin Watson [cjwatson@debian.org]
>
>
Reply to: