From owner-freebsd-security Tue Jun 25 0:13:17 2002 Delivered-To: freebsd-security@freebsd.org Received: from boleskine.patpro.net (boleskine.patpro.net [62.4.20.155]) by hub.freebsd.org (Postfix) with ESMTP id CAA6F37BC5F for ; Tue, 25 Jun 2002 00:12:25 -0700 (PDT) Received: from localhost (cassandre [192.168.0.1]) by boleskine.patpro.net (8.11.3/8.11.3) with ESMTP id g5P7CSY46109; Tue, 25 Jun 2002 09:12:29 +0200 (CEST) (envelope-from patpro@patpro.net) Date: Tue, 25 Jun 2002 09:12:23 +0200 Subject: Re: How to check if "UsePrivilegeSeparation" works in OpenSSH? Content-Type: text/plain; charset=US-ASCII; format=flowed Mime-Version: 1.0 (Apple Message framework v482) Cc: freebsd-security@FreeBSD.ORG To: Jan Lentfer From: patpro In-Reply-To: <1024987600.2078.10.camel@jan-linnb.lan> Message-Id: Content-Transfer-Encoding: 7bit X-Mailer: Apple Mail (2.482) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On mardi, juin 25, 2002, at 08:46 , Jan Lentfer wrote: > Finally I added "UsePrivilegeSeparation yes" to /etc/ssh/sshd_config and > SIGHUPed sshd. sshd -V no reports version 3.3. > > Am I set and done? Is there a way to check if Privilege Seperation > really works ? just log in (via ssh of course) and type : $ ps -aux | grep sshd | grep -v grep and make sure it gives something like this : root 178 0.0 1.3 2088 1180 ?? Is 4:40PM 0:00.20 /usr/local/sbin/ sshd root 61294 0.0 1.8 4868 1656 ?? I 8:21AM 0:00.05 sshd: patpro [priv] (sshd) patpro 61296 0.0 1.9 5000 1744 ?? S 8:21AM 0:00.14 sshd: patpro@ ttyp0 (sshd) first process : regular sshd daemon, second : spawned root limited process, third : active process with limited privileges. (spawned from the 2nd process if I understand correctly) patpro To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message