Date: Tue, 25 Jun 2002 20:00:57 +1200 (NZST) From: Andrew McNaughton <andrew@scoop.co.nz> To: patpro <patpro@patpro.net> Cc: Jan Lentfer <Jan.Lentfer@web.de>, <freebsd-security@FreeBSD.ORG> Subject: Re: How to check if "UsePrivilegeSeparation" works in OpenSSH? Message-ID: <20020625195333.U69343-100000@a2> In-Reply-To: <E59ABC95-880A-11D6-919D-0030654D97EC@patpro.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Jun 2002, patpro wrote: > On mardi, juin 25, 2002, at 08:46 , Jan Lentfer wrote: > > > Finally I added "UsePrivilegeSeparation yes" to /etc/ssh/sshd_config and > > SIGHUPed sshd. sshd -V no reports version 3.3. > > > > Am I set and done? Is there a way to check if Privilege Seperation > > really works ? > > > just log in (via ssh of course) and type : > > $ ps -aux | grep sshd | grep -v grep > > and make sure it gives something like this : > > root 178 0.0 1.3 2088 1180 ?? Is 4:40PM 0:00.20 /usr/local/sbin/ > sshd > root 61294 0.0 1.8 4868 1656 ?? I 8:21AM 0:00.05 sshd: patpro > [priv] (sshd) > patpro 61296 0.0 1.9 5000 1744 ?? S 8:21AM 0:00.14 sshd: patpro@ > ttyp0 (sshd) > > > first process : regular sshd daemon, > second : spawned root limited process, > third : active process with limited privileges. (spawned from the 2nd > process if I understand correctly) I don't see the [priv] bit on the second one. Can you confirm with lsof that the chroot has taken effect? Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020625195333.U69343-100000>