Privilidge Separation in sshd
March 27, 2008 Leave a comment
This was accepted into openssh sometime in 2002. It helps make openssh exploits more difficult in terms of gaining root.
Do a ps -ef on your system where an underprivilidged user is logged in via ssh. eg
# ps -ef |grep sshd |grep myuser root 28694 7865 0 Mar25 ? 00:00:00 sshd: myuser [priv] myuser 28703 28694 0 Mar25 ? 00:00:00 sshd: myuser@pts/2
While that [priv] may seem disconcerting, it (by itself) shouldn’t be. There is privilege seperation in sshd so that if an exploit is found in the child does not result in a system compromise.