[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: privsep checking

On Mon, Jun 24, 2002 at 08:04:26PM -0600, Theo de Raadt wrote:
> > Is there some method to verify that sshd is running in privsep mode?
> Do a non-root ssh to the machine in question.
> On the machine in question, see if ps shows two entries for that connection:
> Like this:
> deraadt   4676  0.0  0.0   400  1040 ??  I     Thu10PM    0:00.01 sshd: deraadt_(_at_)_ttyp0 (sshd)
> root      9269  0.0  0.0   396  1228 ??  Is    Thu10PM    0:00.03 sshd: deraadt [priv] (sshd)
> See the [priv]?

Pardon me if this is a dumb question and I won't guarantee I didn't do
something wrong, but I installed OpenSSH 3.3 on both an OpenBSD 3.1 and 3.0
system.  On the 3.1 system I see the [priv] but I don't on the 3.0.

I may have misinterpreted the instructions for installing on 3.0, but I
untarred the source, patched it with the openbsd31_3.3.patch, built it,
installed it, created the sshd user and /var/empty, then restarted sshd.
"sshd -t" gives me no errors and a "ssh -v" from another machine confirms
I'm getting 3.3 on the server.

I noticed that the patch changes the sshd user to nobody in the ssh.h header
file and nobody has /nonexistent as it's home directory.  I tried changing
it to /var/empty and restarting sshd -- it didn't change anything I could
see.  I changed it back to /nonexistent and then created that directory --
it didn't help either.  I checked to see if /etc/sshd_config was copied:

	grep -i priv /etc/sshd_config
	#UsePrivilegeSeparation yes

These are both Sparc machines, if that matters.  They are slow machines, and
if I do repeated ps commands while connecting I can see a "sshd: [net]
(sshd)" process running as nobody when the connection is setup on the 3.0

Is there something special about ps under 3.0 that wouldn't show the [priv]
or did I do something wrong somewhere?



Visit your host, monkey.org