Web lists-archives.com

Re: openssh: privilege separation no longer supported on Cygwin? SURPRISE!




On Mon, 29 May 2017 19:14:30, Houder wrote:

[snip]
> As if the "sshd" account is NEVER, NEVER used during the _whole_ process
> (that is, there is NO privilege separation, as far as I can tell).

.. wanted to share this experience with you.

 - deleted user/account 'sshd' # net user sshd /delete
 - modified the last part (rid?) of the sid belonging to user/account 'sshd'
   in xxxx (in /etc/passwd)
 - rebooted

Before reboot, I changed 'sshd' in an automatic service (was: manual)

After the system had rebooted:

 - 'cygrunsrv -Q sshd' shows 'sshd' running ...
 - 'tail -f /var/log/sshd.log' shows 'sshd' listening ...
 - 'net user' shows user/account 'sshd' gone ...

I can still use ssh ... (both password authentication and key authentication)

Yes, if I remove user/account 'sshd' completely from /etc/passwd, only
then 'sshd' won't start ...

Regards,

Henri

=====


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple