[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: privsep checking
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: privsep checking
- From: Jim Simmons <simmonsjw-openbsd_(_at_)_sws6_(_dot_)_ornl_(_dot_)_gov>
- Date: Tue, 25 Jun 2002 08:25:07 -0400
On Mon, Jun 24, 2002 at 08:04:26PM -0600, Theo de Raadt wrote:
> > Is there some method to verify that sshd is running in privsep mode?
> Do a non-root ssh to the machine in question.
> On the machine in question, see if ps shows two entries for that connection:
> Like this:
> deraadt 4676 0.0 0.0 400 1040 ?? I Thu10PM 0:00.01 sshd: deraadt_(_at_)_ttyp0 (sshd)
> root 9269 0.0 0.0 396 1228 ?? Is Thu10PM 0:00.03 sshd: deraadt [priv] (sshd)
> See the [priv]?
Pardon me if this is a dumb question and I won't guarantee I didn't do
something wrong, but I installed OpenSSH 3.3 on both an OpenBSD 3.1 and 3.0
system. On the 3.1 system I see the [priv] but I don't on the 3.0.
I may have misinterpreted the instructions for installing on 3.0, but I
untarred the source, patched it with the openbsd31_3.3.patch, built it,
installed it, created the sshd user and /var/empty, then restarted sshd.
"sshd -t" gives me no errors and a "ssh -v" from another machine confirms
I'm getting 3.3 on the server.
I noticed that the patch changes the sshd user to nobody in the ssh.h header
file and nobody has /nonexistent as it's home directory. I tried changing
it to /var/empty and restarting sshd -- it didn't change anything I could
see. I changed it back to /nonexistent and then created that directory --
it didn't help either. I checked to see if /etc/sshd_config was copied:
grep -i priv /etc/sshd_config
These are both Sparc machines, if that matters. They are slow machines, and
if I do repeated ps commands while connecting I can see a "sshd: [net]
(sshd)" process running as nobody when the connection is setup on the 3.0
Is there something special about ps under 3.0 that wouldn't show the [priv]
or did I do something wrong somewhere?