Lo, on Wednesday, June 26, Colin Watson did write: > On Wed, Jun 26, 2002 at 05:25:16PM -0500, Richard Cobbe wrote: > > Lo, on Wednesday, June 26, Colin Watson did write: > > > If you're running 3.3 with privilege separation enabled (as it is by > > > default), most remote root exploits become remote exploits of the sshd > > > user, which is considerably less serious. > > > > So, I'm running ssh 3.3 as packaged for woody. I don't have > > UserPrivilegeSeparation turned off in any config files, but I still see > > the following: > > > > [nanny-ogg:~]$ ps aux | grep [s]shd > > root 268 0.0 0.2 2788 716 ? S 06:19 0:00 > > /usr/sbin/sshd > > > > sshd is still running as root. Is this what I should be seeing? > > Yes, the parent process continues to run as root. If you ssh to a box > running 3.3 and leave the connection at the password prompt, you'll see > a process running as the sshd user until the authentication is > completed.
Ah. Since I use public-key authentication almost exclusively, that would explain why I never saw the sshd user. Thanks, Richard -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
