Changeset View
Changeset View
Standalone View
Standalone View
README.privsep
Privilege separation, or privsep, is method in OpenSSH by which | Privilege separation, or privsep, is method in OpenSSH by which | ||||
operations that require root privilege are performed by a separate | operations that require root privilege are performed by a separate | ||||
privileged monitor process. Its purpose is to prevent privilege | privileged monitor process. Its purpose is to prevent privilege | ||||
escalation by containing corruption to an unprivileged process. | escalation by containing corruption to an unprivileged process. | ||||
More information is available at: | More information is available at: | ||||
http://www.citi.umich.edu/u/provos/ssh/privsep.html | http://www.citi.umich.edu/u/provos/ssh/privsep.html | ||||
Privilege separation is now enabled by default; see the | Privilege separation is now mandatory. During the pre-authentication | ||||
UsePrivilegeSeparation option in sshd_config(5). | phase sshd will chroot(2) to "/var/empty" and change its privileges to the | ||||
"sshd" user and its primary group. sshd is a pseudo-account that should | |||||
When privsep is enabled, during the pre-authentication phase sshd will | not be used by other daemons, and must be locked and should contain a | ||||
chroot(2) to "/var/empty" and change its privileges to the "sshd" user | |||||
and its primary group. sshd is a pseudo-account that should not be | |||||
used by other daemons, and must be locked and should contain a | |||||
"nologin" or invalid shell. | "nologin" or invalid shell. | ||||
You should do something like the following to prepare the privsep | You should do something like the following to prepare the privsep | ||||
preauth environment: | preauth environment: | ||||
# mkdir /var/empty | # mkdir /var/empty | ||||
# chown root:sys /var/empty | # chown root:sys /var/empty | ||||
# chmod 755 /var/empty | # chmod 755 /var/empty | ||||
Show All 32 Lines |