[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] OpenSSH 3.4p1 for MIPS released on PkgMaster.com

Subject: RE: [cobalt-security] OpenSSH 3.4p1 for MIPS released on PkgMaster.com
From: "Graeme Fowler" <graeme.fowler@xxxxxxxxxxxxxx>
Date: Fri, 26 Jul 2002 09:20:55 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Audric wrote:
> I have done so and.... WHY ON EARTH DO I HAVE A NEW USER sshd !!???

That would be because of some fundamental changes to the operation of OpenSSH in version 3.4, namely Privilege Separation (see below). IIRC that the 'sshd' user was put in place sometime around OpenSSH 2.5, to enable the ssh daemon to run as a user other than root and thus reduce the chances of privilege escalation to root.

Privilege Separation is a new method of running the SSH daemon to allow much less of the code to run as root. Effectively the bulk of the daemon runs in userland as user 'sshd', chrooted into /var/empty/sshd.

I suggest you read the CHANGELOG found at http://www.openssh.org for more info (if it isn't actually in the package!).

Graeme
-- 
Graeme Fowler
System Administrator
Host Europe Group PLC

Follow-Ups:
- [cobalt-security] adaptive firewall custom port problem?
  - From: Wim Dieke

Prev by Date: Re: [cobalt-security] OpenSSH 3.4p1 for MIPS released on PkgMaster.com
Next by Date: [cobalt-security] adaptive firewall custom port problem?
Previous by thread: Re: [cobalt-security] OpenSSH 3.4p1 for MIPS released on PkgMaster.com
Next by thread: [cobalt-security] adaptive firewall custom port problem?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index