"UsePrivilegeSeparation no" is useful for running sshd without privileges
Spencer Baugh
sbaugh at catern.com
Tue Feb 8 11:30:58 AEDT 2022
Darren Tucker <dtucker at dtucker.net> writes:
> On Tue, 8 Feb 2022 at 06:16, Spencer Baugh <sbaugh at catern.com> wrote:
>> "UsePrivilegeSeparation no" causes sshd to not use setuid when starting
>> up. This is useful for running sshd without any privileges in the first
>> place. That is, running sshd as an unprivileged user, rather than as
>> root.
>
> "UsePrivilegeSeparation yes" (or just omitting it) works as an
> unprivileged user. All of our regression tests can (and do) run that
> way. At one point it required that the privsep user and directory
> exist, although it didn't use them, but that was fixed nearly five
> years ago[0].
Oh, great! Indeed, I just tested it myself, and it works just fine now!
My apologies for the noise, I indeed only tested this before on an old
OpenSSH version.
Nevermind then!
More information about the openssh-unix-dev
mailing list