SSH_PRIVSEP_USER configurable at runtime?

Corinna Vinschen vinschen at
Tue Apr 1 02:32:43 EST 2014


Right now, the unprivileged account for privilege separation is only
configurable at compile time (SSH_PRIVSEP_USER).  I'd like to ask if it
would be acceptable to have the account runtime configurable by adding
something like

  PrivilegeSeparationAccount foo

to sshd_config.

The reason I'm asking is this.  I'm working on a long overdue change to
Cygwin which is supposed to get rid of the /etc/passwd and /etc/group
files.  Rather, the Windows account databases (SAM and AD)are asked
directly for account information, and UID/GID values as well as
usernames are dynamic.

For instance, assuming you have a domain member machine MACH103, which
is member of the domain DOM1.  Assuming the machine as well as DOM1
and another dmain, DOM2, all have a user called "sshd", the automatically
generated Cygwin usernames will be

  MACH103+sshd     for the local account
  sshd             for the account in domain DOM1
  DOM2+sshd        for the account in domain DOM2.

Additionally, the admin can decide if the domain name gets prepended
every time, which results in "DOM1+sshd" as username in DOM1, and the
domain separator character can be chosen freely as well, for instance
a backslash (MACH103\sshd).

With domainnames being part of the username, this allows for so many
variations of the actual username, that a fixed name "sshd" or just
a compile time option will become a problem.

Any chance to get such a sshd_config option?


Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <>

More information about the openssh-unix-dev mailing list