From owner-freebsd-questions  Wed Jun 26 13:25: 9 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from otter.mills-atl.com (dsl-64-192-140-77.telocity.com [64.192.140.77])
	by hub.freebsd.org (Postfix) with ESMTP id AB24737C653
	for <questions@FreeBSD.ORG>; Wed, 26 Jun 2002 13:03:51 -0700 (PDT)
Received: from localhost (jmills@localhost)
	by otter.mills-atl.com (8.9.3/8.9.3) with ESMTP id QAA04266;
	Wed, 26 Jun 2002 16:08:22 -0400
X-Authentication-Warning: otter.mills-atl.com: jmills owned process doing -bs
Date: Wed, 26 Jun 2002 16:08:22 -0400 (EDT)
From: John Mills <jmmills@telocity.com>
X-Sender: jmills@otter.mills-atl.com
Reply-To: John Mills <john.m.mills@alum.mit.edu>
To: Amit Chakradeo <freebsd@spam.chakradeo.net>
Cc: questions@FreeBSD.ORG
Subject: Re: Openssh sshd with Privilege Seperation to be installed suid ?
In-Reply-To: <20020626114412.B19072@ac.wox.org>
Message-ID: <Pine.LNX.4.21.0206261553530.4165-100000@otter.mills-atl.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Amit -

On Wed, 26 Jun 2002, Amit Chakradeo wrote:

> 	Is the sshd supposed to be installed setuid root for the privilege
> seperation part to work correctly ? The openssh port does not install it
> that way, and I see all the sshd processes owned by root. This changes to
> desired behaviour as below after I turn suid root on:

I just went through this with Linux and openssh-3.3, but possibly the
experience is useful. In addition to enabling :
 'UsePrivilegeSeparation yes' in my 'sshd_config' file.

I then had to create a no-shell-login user called (in my setup) 'sshd'.
(The user name is defined when the package is built, AFAIK. 'sshd' seems
to be commonly used.)

Without the user existing (and separation enabled), the daemon would not
start for me. Since I built from sources, I tried a couple of names -
'nobody' also worked fine. I think what we need here is a 'dummy' user.

Re: your question:
Since 'sshd' (the daemon, not the user) is normally started at boot by
'init', it does not need to be (nor should it be) 'setuid root'. You must
be 'su' to start it manually, however.

One reason for my answer is in case I have misunderstood, so someone can
correct me.

I expect to install the new port on my 4.5 box this evening.

 - John Mills



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message