Re: Running sshd as normal user

> I have installed the OpenSSH-daemon (3.6.1p1) with the chroot-patch from

If you don't need to support passwd authentication against /etc/shadow and friends, and instead are comfortable living with identity/pubkey authentication, then you can easily run it as a normal user. However you can't run it on port 22, because only root can bind low ports. Instead you'd need to run it like this

        user$ cp /etc/sshd/sshd_config /home/user/.ssh/sshd_config

        user$ vi /home/user/.ssh/sshd_config

        user$ /usr/sbin/sshd -f /home/user/.ssh/sshd_config -p 2222

or something similar. You'll need to disable privilige separation for this to work as a normal user (since you can't chroot, etc).

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

I haven't tried this recently, but I think privsep and native passwd auth is the only thing that requires you run as root. Give that a try.

--
Brian Hatch                  Language, it's a virus.
   Systems and
   Security Engineer
http://www.ifokr.org/bri/

Every message PGP signed