LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 08-07-2009, 01:00 AM   #1
chakka.lokesh
Member
 
Registered: Mar 2008
Distribution: Ubuntu
Posts: 204

Rep: Reputation: 32
starting sshd by normal user


I want the sshd deamon to run with normal user privliges rather than with root.

can anybody please help me how to do this.

I tried by adding the following line in the /etc/sudoers
username ALL=/etc/service ALL

after that I executed the command "/sbin/service sshd start"

it failed because ssh_conf and key files are readable only by root.

I don't know how to use this sudoers file. I gone through the man page but still, somehow, I was not able to understand it.

Last edited by chakka.lokesh; 08-07-2009 at 01:01 AM.
 
Old 08-07-2009, 01:15 AM   #2
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,226

Rep: Reputation: 2022Reputation: 2022Reputation: 2022Reputation: 2022Reputation: 2022Reputation: 2022Reputation: 2022Reputation: 2022Reputation: 2022Reputation: 2022Reputation: 2022
If you want sshd to run without being root at all, you'd have to move it to a port num >= 1024.

In any case, the default is for it to drop privileges for each cxn http://74.125.155.132/search?q=cache...naltosend.netA
/+ssh+drop+privileges&cd=7&hl=en&ct=clnk&gl=au

This is similar to Apache for instance.

If you just want to avoid the script kiddies, disallow root from from using ssh.
Setup another user and 'su -' to root from there.

Last edited by chrism01; 08-07-2009 at 01:17 AM.
 
Old 08-08-2009, 11:22 PM   #3
chakka.lokesh
Member
 
Registered: Mar 2008
Distribution: Ubuntu
Posts: 204

Original Poster
Rep: Reputation: 32
Quote:
Originally Posted by chrism01 View Post
If you just want to avoid the script kiddies, disallow root from from using ssh.
Setup another user and 'su -' to root from there.
I already setted Permitrootlogin no

I want the process itself to run with unpreviliged user as owner instead of root.
 
Old 08-08-2009, 11:25 PM   #4
chakka.lokesh
Member
 
Registered: Mar 2008
Distribution: Ubuntu
Posts: 204

Original Poster
Rep: Reputation: 32
Quote:
Originally Posted by chrism01 View Post
If you want sshd to run without being root at all, you'd have to move it to a port num >= 1024.
I want it to run. It doesn't matter on which port it is running.
 
Old 08-09-2009, 12:51 AM   #5
lazlow
Senior Member
 
Registered: Jan 2006
Posts: 4,362

Rep: Reputation: 171Reputation: 171
I guess I am a little confused about why you would want to do it this way. You do understand that you can setup the sshd to run at boot and that any user can then access the machine this way?
 
Old 08-10-2009, 09:15 PM   #6
chakka.lokesh
Member
 
Registered: Mar 2008
Distribution: Ubuntu
Posts: 204

Original Poster
Rep: Reputation: 32
I want only one user to access it.

Also I want to restrict the access only a particular location.
 
Old 08-10-2009, 10:09 PM   #7
lazlow
Senior Member
 
Registered: Jan 2006
Posts: 4,362

Rep: Reputation: 171Reputation: 171
An you can accomplish both those things without running sshd as a user.
 
Old 08-10-2009, 11:34 PM   #8
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
In sshd_config
Code:
PermitRootLogin no
AllowUsers wim brian
The first line is a good habit (most attacks are on the root account).
The second line only allows users wim and brian to login using SSH.

Further I would consider 'passwordless login'.

To limit access to certain locations, read up on 'jail users'.
 
Old 08-10-2009, 11:47 PM   #9
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,226

Rep: Reputation: 2022Reputation: 2022Reputation: 2022Reputation: 2022Reputation: 2022Reputation: 2022Reputation: 2022Reputation: 2022Reputation: 2022Reputation: 2022Reputation: 2022
If you mean 'from' a particular location, lookup tcp wrappers : http://itso.iu.edu/TCP_Wrappers
 
Old 08-12-2009, 12:59 AM   #10
chakka.lokesh
Member
 
Registered: Mar 2008
Distribution: Ubuntu
Posts: 204

Original Poster
Rep: Reputation: 32
Quote:
Originally Posted by Wim Sturkenboom View Post
In sshd_config
Code:
PermitRootLogin no
AllowUsers wim brian
The second line only allows users wim and brian to login using SSH.
Are you sure of this??
 
Old 08-12-2009, 02:00 AM   #11
karamarisan
Member
 
Registered: Jul 2009
Location: Illinois, US
Distribution: Fedora 11
Posts: 374

Rep: Reputation: 55
Yes, that's the correct config. But why would you post back and ask when you could just... try it?
 
Old 08-12-2009, 02:21 AM   #12
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
Quote:
Originally Posted by chakka.lokesh View Post
Are you sure of this??
Can you read man pages

From man sshd_config
Code:
     AllowUsers
             This keyword can be followed by a list of user name patterns,
             separated by spaces.  If specified, login is allowed only for
             user names that match one of the patterns.  `*' and `?' can be
             used as wildcards in the patterns.  Only user names are valid; a
             numerical user ID is not recognized.  By default, login is
             allowed for all users.  If the pattern takes the form USER@HOST
             then USER and HOST are separately checked, restricting logins to
             particular users from particular hosts.
 
Old 08-13-2009, 01:21 AM   #13
chakka.lokesh
Member
 
Registered: Mar 2008
Distribution: Ubuntu
Posts: 204

Original Poster
Rep: Reputation: 32
Quote:
Originally Posted by karamarisan View Post
Yes, that's the correct config. But why would you post back and ask when you could just... try it?
oops.... I was a bit confused.

It is working correctly now.

Earlier it happened some thing else.
I think I might have did any mistake.

thanks for the help.
I got what I want.

thanks once again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Starting sshd: /etc/init.d/sshd: line 113: /usr/sbin/sshd: Permission denied sumanc Linux - Server 5 03-28-2008 04:59 AM
Trouble Starting X as Normal User BobTheSlackUser Linux From Scratch 6 11-06-2007 08:55 AM
FC4-Starting sshd: Privilege separation user sshd does not exist FAILED kiranherekar Fedora 5 12-29-2005 02:22 PM
Firefox not starting as a normal user fredgt Linux - Software 9 10-03-2004 10:27 AM


All times are GMT -5. The time now is 09:05 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration