«
»

Privilidge Separation in sshd

March 27th, 2008 by webstersprodigy

This was accepted into openssh sometime in 2002.  It helps make openssh exploits more difficult in terms of gaining root.

Do a ps -ef on your system where an underprivilidged user is logged in via ssh.  eg

# ps -ef |grep sshd |grep myuser
root       28694  7865  0 Mar25 ?        00:00:00 sshd: myuser [priv]
myuser     28703 28694  0 Mar25 ?        00:00:00 sshd: myuser@pts/2

While that [priv] may seem disconcerting, it (by itself) shouldn’t be.  There is privilege seperation in sshd  so that if an exploit is found in the child does not result in a system compromise.

http://www.citi.umich.edu/u/provos/ssh/privsep.html

This entry was posted on Thursday, March 27th, 2008 at 01:59 and is filed under Linux, Security Tools. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

No computers were harmed in the 0.182 seconds it took to produce this page.