diff options
Diffstat (limited to 'README.privsep')
| -rw-r--r-- | README.privsep | 24 |
1 files changed, 6 insertions, 18 deletions
diff --git a/README.privsep b/README.privsep index f565e72d..d658c46d 100644 --- a/README.privsep +++ b/README.privsep @@ -5,17 +5,10 @@ escalation by containing corruption to an unprivileged process. More information is available at: http://www.citi.umich.edu/u/provos/ssh/privsep.html -Privilege separation is now enabled by default; see the -UsePrivilegeSeparation option in sshd_config(5). - -On systems which lack mmap or anonymous (MAP_ANON) memory mapping, -compression must be disabled in order for privilege separation to -function. - -When privsep is enabled, during the pre-authentication phase sshd will -chroot(2) to "/var/empty" and change its privileges to the "sshd" user -and its primary group. sshd is a pseudo-account that should not be -used by other daemons, and must be locked and should contain a +Privilege separation is now mandatory. During the pre-authentication +phase sshd will chroot(2) to "/var/empty" and change its privileges to the +"sshd" user and its primary group. sshd is a pseudo-account that should +not be used by other daemons, and must be locked and should contain a "nologin" or invalid shell. You should do something like the following to prepare the privsep @@ -35,14 +28,11 @@ privsep user and chroot directory: --with-privsep-path=xxx Path for privilege separation chroot --with-privsep-user=user Specify non-privileged user for privilege separation -Privsep requires operating system support for file descriptor passing. -Compression will be disabled on systems without a working mmap MAP_ANON. - PAM-enabled OpenSSH is known to function with privsep on AIX, FreeBSD, HP-UX (including Trusted Mode), Linux, NetBSD and Solaris. -On Cygwin, Tru64 Unix, OpenServer, and Unicos only the pre-authentication -part of privsep is supported. Post-authentication privsep is disabled +On Cygwin, Tru64 Unix and OpenServer only the pre-authentication part +of privsep is supported. Post-authentication privsep is disabled automatically (so you won't see the additional process mentioned below). Note that for a normal interactive login with a shell, enabling privsep @@ -59,5 +49,3 @@ Given the following process listing (from HP-UX): process 1005 is the sshd process listening for new connections. process 6917 is the privileged monitor process, 6919 is the user owned sshd process and 6921 is the shell process. - -$Id: README.privsep,v 1.16 2005/06/04 23:21:41 djm Exp $ |