On Tue, 26 May 2015, Igor Bukanov wrote: > Hi, > > If I need to provide an ssh access just for a single user and I want > to minimize a chance of malicious code running as root even if it > increases a possibility for malicious code running as that user. Given > that should I try running sshd as that user? Or should I continue to > use UsePrivilegeSeparation=sandbox with sshd running as root? It depends which operating system you are on - if you're running on something with a good platform sandbox (systrace, seatbelt or seccomp-bpf) then you'll have good protection from that even if you are running sshd as the target user. If your platform doesn't have one of the above sandboxed available, then you should run as root to get the benefit of chroot and dropping to an unprivileged user. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
