SSH_PRIVSEP_USER configurable at runtime?
Peter Stuge
peter at stuge.se
Wed Apr 2 22:37:43 EST 2014
Corinna Vinschen wrote:
> On non-domain machines the account
> name will be "sshd", not "${machine}+sshd". Except if the admin
> specifies that the domain is always prepended, which makes it
> "${machine}+sshd" again. And if the admin specifies the separator char
> to be not '+' but, for instance '#', the account name will be
> "${machine}#sshd".
>
> All that knowledge would have to go into sshd.c.
FWIW I think this is the right solution.
> Isn't it much easier and less convoluted to allow specifying the
> account name in sshd_config?
But less right, if only because if the admin changes those settings
then they need to go touch config files for no real reason.
//Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140402/e93c5d10/attachment.bin>
More information about the openssh-unix-dev
mailing list