Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

sshd as non root

from [Ben Ford] Network Security [Permanent Link]
Subject: sshd as non root
Date: Fri, 23 Sep 2005 23:45:00 -0700 
I'm trying to figure out some way to run sshd as non-root while still
retaining full functionality.  Now before you shout RTFM at me, I have
read the docs and understand why they say you can't do it (binding to
low port, switching users, etc).

What I am trying to do is set up a kernel level "default deny" system
using grsecurity.  I'd like to deny ALL network access in or out of the
system except for sshd, exim, apache and trusted users.  In order to do
this, ssh has to run as a different user than other system processes.

Is there any way to accomplish this?  Or is there another way to set up
a default deny system?  (is there a way to use iptables to filter by
process rather than user?)

I've already tried chmod +s /usr/bin/sshd and running as non-root and it
didn't work.

I'm running OpenSSH 4.2p1 on Linux 2.6.11.12 with the grsecurity patch.

Thanks!
-b

-- 
Dear Outlook users: Please remove me from your address books

http://www.newsforge.com/article.pl?sid=03/08/21/143258
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • sshd as non root, Ben Ford <=
Previous by Date:  Re: SSH Tunnel - How does it works?, Nosorozec
Next by Date:  Limiting SSH reverse tunnels?, Patrick Morris
Previous by Thread:  question about x11 forwarding in ssh, Andre Charbonneau
Next by Thread:  Limiting SSH reverse tunnels?, Patrick Morris
Indexes:  [Date] [Thread] [Top] [All Lists]