On Tue, 11 Apr 2017, Cryptomonkeys.org wrote:
> Any thoughts on the consequences of arbitrary users being able to
> run their own sshd on port numbers >1024? Would that mean that if
> somebody got access to your machine, they could replace the
> listening sshd with their own?
I've never run sshd without root privileges, so I'm speculating here,
but that sshd would
* need its own keys; the system keys should be locked down
* be unable to authenticate user passwords, since PAM requires
root-level privileges
* would be unable to switch user IDs.
But it's an interesting idea; I just don't have time to experiment
right now.
--
Paul Heinlein <> [email protected] <> http://www.madboa.com/
_______________________________________________
PLUG mailing list
[email protected]
http://lists.pdxlinux.org/mailman/listinfo/plug
