Please consider to ensure that the SSH privilege-seperation directory is in place as long as SSH is installed (in contract to "as long as SSH is running').
Rationale: >> RuntimeDirectory=sshd >> Perhaps that would be a reliable way to fix the problem... > That does indeed seem like a plausible approach. Committed to git > master, thanks. Although this seems to be very robust way to ensure the privilege-separation directory exists and is empty, it disallows to run 'sshd' as a non-root user because of missing '/run/sshd' if 'sshd' has not been started by 'systemd'. My use case is to establish a tunnel between two clients without the need of root privileges. The (potentially) missing '/run/sshd' prevents this. I am not a security expert and do not know if this use case implies security issues (e.g. breaks privilege separation), but security is at least not decreased if '/run/sshd' exists even if 'sshd' is not running: A user is able to create a patched copy of 'sshd' replacing '/run/sshd' with '/tmp/sshd' and create a symlink from '/tmp/sshd' to any directory owned by root which is not accessible to group or world-side (like e.g. '/run/log'). In fact, users will compromise system security if they are tempted to workaround missing '/run/sshd' this. With best regards, doak On Sun, 23 Jul 2017 13:15:45 +0100 Colin Watson <cjwat...@debian.org> wrote: > Control: tag -1 pending > > On Mon, Jul 17, 2017 at 09:26:26AM +1000, Dmitry Smirnov wrote: > > So I had a chance to try another fix to the problem: I was able to start > > "ssh.service" again after adding the following line: > > > > RuntimeDirectory=sshd > > > > Perhaps that would be a reliable way to fix the problem... > > That does indeed seem like a plausible approach. Committed to git > master, thanks. > > -- > Colin Watson [cjwat...@debian.org] > >
