priviledge seperation not working like before

Hello--

I just realized that my previously installed sshd is NOT using privilege separation..So..I went to reconfigure it, and make sure it was working correctly.

Configure:

./configure --with-tcp-wrappers --with-md5-passwords --with-pam --with-privsep-path=/var/empty --with-privsep-user=sshd

Yes, sshd exists, yes /var/empty exists, yes yes yes..

my current sshd_conf does reads:

PAMAuthenticationViaKbdInt no <-- per the README.privsep and
UsePrivilegeSeparation yes <-- obvious

and here is the current ps aux | grep sshd:

root     24673  0.0  0.1  2644 1156 ?        S    Feb12   0:00 /usr/sbin/sshd
root       254  0.0  0.2  3412 1644 ?        S    Feb12   0:00 /usr/sbin/sshd
where     5321  0.0  0.2  3468 1876 ?        S    Feb12   0:00 /usr/sbin/sshd

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

(pids are randomized, btw)

I am at a loss, configure shows no errors, make works, etc.. One thing I noticed that was most odd was that substituting a NON-existent user in place of sshd in the above configuration did NOT produce an error

ssh version is OpenSSH_3.5p1
linux box running 2.4.19-grsecurity kernel that _has_ had this working before

any help appreciated, thanks in advance,

Cherie Received on Thu Feb 13 15:17:17 2003