On Wed, 11 Sep 2019 at 21:51, Parag Chinchole <pchinchole@xxxxxxxx> wrote: > Does OpenSSH allow unprivileged SSH daemon? Yes, with some caveats. When we run the regression tests (ie "make tests) without sudo, these run entirely without privilege. The caveats I can think of are: - on most platforms password authentication requires privileges to read the password file or invoke PAM to do so. The tests use only key authentication. - binding to low port numbers requires privileges on many platforms. - on some platforms allocationg a psudeoterminal requires privileges. As I said last time this came up (https://marc.info/?l=openssh-unix-dev&m=150206569108938&w=2) the two-process (privsep) use case with an unprivileged user should be a supported configuration. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
