[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: privsep checking



Theo de Raadt [mailto:deraadt_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org] writes:
> Ted U wrote:
> > Is there some method to verify that sshd is running in privsep mode?
> 
> Do a non-root ssh to the machine in question.
> 
> On the machine in question, see if ps shows two entries for 
> that connection:
> 
> Like this:
> 
> deraadt   4676  0.0  0.0   400  1040 ??  I     Thu10PM    
> 0:00.01 sshd: deraadt_(_at_)_ttyp0 (sshd)
> root      9269  0.0  0.0   396  1228 ??  Is    Thu10PM    
> 0:00.03 sshd: deraadt [priv] (sshd)
> 
> 
> See the [priv]?
> 
> That's your sign.

I've upgraded my openbsd 3.1 boxen and 'ps' looks like that above. However,
on Solaris 2.6 (openssh 3.3p1), ps -ef shows this with
UsePrivilegeSeparation enabled in sshd_config (also tried /usr/ucb/ps):

% ps -ef | grep sshd
    root 18706 18705  0 11:23:53 ?        0:00 /usr/local/sbin/sshd
 stephen 18708 18706  0 11:23:54 ?        0:00 /usr/local/sbin/sshd
    root 18705     1  0 11:23:40 ?        0:00 /usr/local/sbin/sshd

and this with UsePrivilegeSeparation disabled (logged on as stephen):

% ps -ef | grep sshd
    root 18783     1  1 11:34:46 ?        0:01 /usr/local/sbin/sshd
    root 18787 18783  0 11:35:01 ?        0:00 /usr/local/sbin/sshd

Is seeing 3 sshd processes when only 1 user is logged on sufficient to
assume that privilege separation is working in this case? The only other
indicator that it might be working is that on sshd startup I get this
message, "This platform does not support both privilege separation and
compression Compression disabled", when UsePrivilegeSeparation is set to
"yes".

[I'll post this question to the openssh mailing list too, however, since the
question was originally asked here, I thought it appropriate enough to
follow-up here too].

-- 
stephen