SSH_PRIVSEP_USER configurable at runtime?

Peter Stuge peter at stuge.se
Wed Apr 2 22:37:43 EST 2014


Corinna Vinschen wrote:
> On non-domain machines the account
> name will be "sshd", not "${machine}+sshd".  Except if the admin
> specifies that the domain is always prepended, which makes it
> "${machine}+sshd" again.  And if the admin specifies the separator char
> to be not '+' but, for instance '#', the account name will be
> "${machine}#sshd".
> 
> All that knowledge would have to go into sshd.c.

FWIW I think this is the right solution.


> Isn't it much easier and less convoluted to allow specifying the
> account name in sshd_config?

But less right, if only because if the admin changes those settings
then they need to go touch config files for no real reason.


//Peter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20140402/e93c5d10/attachment.bin>


More information about the openssh-unix-dev mailing list