Using AuthorizedKeysCommand in unprivileged sshd mode

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

I have a setup in which I run sshd as unprivileged user at dedicated port
to serve specific application.

It is working perfectly!

One tweak I had to do, since the AuthorizedKeysCommand feature requires
file to be owned by root, I had to use root owned command at root owned
directory, although it does not add a security value.

At auth2-pubkey.c::user_key_command_allowed2(), we have the following:

        if (auth_secure_path(options.authorized_keys_command, &st, NULL, 0,
            errmsg, sizeof(errmsg)) != 0) {
                error("Unsafe AuthorizedKeysCommand: %s", errmsg);
                goto out;
        }

This enforce root uid explicitly (arg#4).

Will it be acceptable to use geteuid() instead of 0, to allow unprivileged
process to apply its own? Or add sshd_config option to enable alternate
user ownership?

Regards,
Alon Bar-Lev
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux