On Wed, 11 Sep 2019 at 21:51, Parag Chinchole <pchinchole at live.com>
wrote:> Does OpenSSH allow unprivileged SSH daemon?
Yes, with some caveats. When we run the regression tests (ie "make
tests) without sudo, these run entirely without privilege.
The caveats I can think of are:
- on most platforms password authentication requires privileges to
read the password file or invoke PAM to do so. The tests use only key
authentication.
- binding to low port numbers requires privileges on many platforms.
- on some platforms allocationg a psudeoterminal requires privileges.
As I said last time this came up
(https://marc.info/?l=openssh-unix-dev&m=150206569108938&w=2) the
two-process (privsep) use case with an unprivileged user should be a
supported configuration.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.