SSH_PRIVSEP_USER configurable at runtime?

Corinna Vinschen vinschen at
Wed Apr 2 23:44:28 EST 2014

On Apr  2 13:37, Peter Stuge wrote:
> Corinna Vinschen wrote:
> > On non-domain machines the account
> > name will be "sshd", not "${machine}+sshd".  Except if the admin
> > specifies that the domain is always prepended, which makes it
> > "${machine}+sshd" again.  And if the admin specifies the separator char
> > to be not '+' but, for instance '#', the account name will be
> > "${machine}#sshd".
> > 
> > All that knowledge would have to go into sshd.c.
> FWIW I think this is the right solution.

Hmm.  Come to think of it, SSH_PRIVSEP_USER could be defined as a macro
calling a function which returns the username.  And could
define SSH_PRIVSEP_USER as, say, cygwin_privsep_user() by default, when
built for Cygwin so the ugly details could be hidden in bsd-cygwin_util.c.

The Cygwin changes are still in an early stage of testing, but I'll
come back to this.


Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <>

More information about the openssh-unix-dev mailing list