Mark Janssen <[EMAIL PROTECTED]> writes: > On Tue, 2002-06-25 at 15:57, Kruskal wrote: > > Has anyone applied this update yet? I did so on a potato box, enabled > > priv separation in the sshd config file and restarted sshd. I saw > > that a user called sshd was created. However, when I ssh'ed in, I > > didn't see any processes owned by sshd. In fact, the ssh daemon > > process was still owned by root. > > I noticed this as well.. and decided to roll my own version, and include > a patch for setproctitle support, this to aide debugging. > > It in fact does work, but the 'sshd' process from the 'sshd' user only > exists before login.
Looks like this is the way it happens under potato as well. Looking into it, I see the initial sshd sitting idle created by root. Then when I initially connect, but before I am authenticated, a child process owned by sshd is created. ps fauwx looks like: root 8159 1.0 0.6 2544 1228 ? S 09:20 0:00 /usr/sbin/sshd root 8162 1.1 0.8 4380 1596 ? S 09:21 0:00 \_ /usr/sbin/sshd sshd 8163 5.5 0.7 3964 1472 ? S 09:21 0:00 \_ /usr/sbin/sshd Then when I give the password, that sshd owned process goes away, leaving: root 8159 0.5 0.6 2544 1228 ? S 09:20 0:00 /usr/sbin/sshd root 8162 0.2 0.8 5620 1680 ? S 09:21 0:00 \_ /usr/sbin/sshd user 8166 0.3 0.9 5632 1752 ? S 09:21 0:00 \_ /usr/sbin/sshd user 8167 1.0 0.6 2016 1240 pts/0 S 09:21 0:00 \_ -bash So it looks to me like priv sep is working on potato. At this point, is it safe to open up a public server? -- --Kruskal -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]