[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh difference v3.3 vs. 3.4 ???

Lo, on Wednesday, June 26, Colin Watson did write:

> On Wed, Jun 26, 2002 at 05:25:16PM -0500, Richard Cobbe wrote:
> > Lo, on Wednesday, June 26, Colin Watson did write:
> > > If you're running 3.3 with privilege separation enabled (as it is by
> > > default), most remote root exploits become remote exploits of the sshd
> > > user, which is considerably less serious. 
> > 
> > So, I'm running ssh 3.3 as packaged for woody.  I don't have
> > UserPrivilegeSeparation turned off in any config files, but I still see
> > the following:
> > 
> > [nanny-ogg:~]$ ps aux | grep [s]shd 
> > root       268  0.0  0.2  2788  716 ?        S    06:19   0:00 /usr/sbin/sshd
> > 
> > sshd is still running as root.  Is this what I should be seeing?
> 
> Yes, the parent process continues to run as root. If you ssh to a box
> running 3.3 and leave the connection at the password prompt, you'll see
> a process running as the sshd user until the authentication is
> completed.

Ah.  Since I use public-key authentication almost exclusively, that
would explain why I never saw the sshd user.

Thanks,

Richard


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: