Web lists-archives.com

Re: openssh: privilege separation no longer supported on Cygwin? SURPRISE!




On 2017-05-29 21:57, Andrey Repin wrote:
Greetings, Houder!

- however, the userid of the grandchild of the sshd listener, is STILL
    cyg_server ... NOT sshd!

Exactly. cyg_server is the user which does impersonation.
You've been told that when you've been setting up your host.

    http://www.citi.umich.edu/u/provos/ssh/privsep.html

https://security.stackexchange.com/questions/115896/can-someone-explain-how-sshd-does-privilege-separation

    https://cygwin.com/ml/cygwin/2017-05/msg00468.html

As if the "sshd" account is NEVER, NEVER used during the _whole_ process
(that is, there is NO privilege separation, as far as I can tell).

As far as it is documented.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple