deprecation of UsePrivilegeSeparation breaks container use cases
Aleksandar Kostadinov
akostadinov at gmail.com
Tue Aug 8 02:39:31 AEST 2017
On Mon, Aug 7, 2017 at 3:17 AM, Darren Tucker <dtucker at zip.com.au> wrote:
> On Mon, Aug 7, 2017 at 5:44 AM, Aleksandar Kostadinov
> ...
> As I said last time this came up:
> https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-March/035906.html
> Disabling privsep will not be supported. Running as an unprivileged user is
> supported in the two-process configuration.
Thanks a lot for pointing me at the right direction. I tested with
SSHd 7.5p1 and also with 7.4p1. It works running as unprivileged user
(username `git`) using priv separation! Output reformatted for
readability:
-bash-4.3$ cd /proc
-bash-4.3$ cat 1/cmdline
/usr/sbin/sshd-D
-bash-4.3$ cat 57/cmdline
sshd: git [priv]
-bash-4.3$ cat 60/cmdline
sshd: git at pts/0
-bash-4.3$ cat 61/cmdline
-bash
<...>
More information about the openssh-unix-dev
mailing list