multiuser sshd as non-root

Corinna Vinschen vinschen at
Mon Aug 5 22:32:59 AEST 2019

On Aug  5 22:15, Darren Tucker wrote:
> On Mon, 5 Aug 2019 at 20:26, Adam Endrodi <endrodi at> wrote:
> [...]
> > My question is, do you think such a use case (running multiuser sshd as
> > non-root) is possible theoretically, or can it be implemented with a
> > small patch?
> I suspect it will not work out of the box, because there are a number
> of checks of the form (this one is from uidswap.c):
>         if (geteuid() != 0) {
>                 privileged = 0;
>                 return;
>         }
> I also suspect it could be made to work with a relatively small set of
> changes.  For a proof of concept I'd suggest you try changing all of
> the instances of "privileged = 0" to "privileged = 1" in uidswap.c
> (this would not be suitable for real use, though).

Some of the Cygwin-specific code in OpenSSH allow to run sshd as a
privileged user with non-0 UID.  Maybe those can help as well in that


Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <>

More information about the openssh-unix-dev mailing list