RE: setuid for "ssh"



Why can't you simply su to root, then start ssh. I'm sure the list will
correct me if I'm wrong, but I think running ssh _as_ root is a huge
security hole. (If it is even possible...)

Regards,

Gavin McDonald
========================
EVI Logistic Enterprises
email: me@xxxxxxxxxxxx
phone: (604) 313-3845



> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-
> bounces@xxxxxxxxxx] On Behalf Of Sachin Bhugra
> Sent: Thursday, December 29, 2005 12:37 PM
> To: redhat-list@xxxxxxxxxx
> Subject: setuid for "ssh"
>
> Hello,
>
> Can anybody pls tell me how to "setuid root" for ssh. I set the suid
> bit for ssh and it looks like:
>
> -rws--x--x 1 root root 217208 Sep 17 2003 /usr/bin/ssh
>
> But the problem is, when i try to use ssh as normal user, then it runs
> with normal user permissions and not with root. Say if i start ssh
> under user account "abc", then ps -Af shows:
>
> abc 1671 1636 0 00:46 pts/2 00:00:00 ssh 192.168.0.10
>
> That means it is starting with the authority of the user and not root.
>
> any ideas??
>
> PS: I am doing this to set RhostsAuthentication with /etc/hosts.equiv,
> on my private network, but cannot get it to work.
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list



Relevant Pages

  • RE: Linux hacked
    ... Also, what exactly did the history file show, can you paste it into a mail ... > First let me say I'm a security novice. ... > been unsuccessful in getting root back. ... > via ssh but you could su in once logged in as one of three users. ...
    (Security-Basics)
  • Re: Linux hacked
    ... To find out what kernel version you are running, type "uname -a" without ... > been unsuccessful in getting root back. ... > via ssh but you could su in once logged in as one of three users. ...
    (Security-Basics)
  • Re: About ssh login
    ... I want to ssh to my client,there is sonic-firewall. ... It is usually a bad idea to root logins from the Internet because it exposes the root account to automated cracking attempts. ... If you can, also limit it to connections for a specific IP address, or range of addresses. ... As others have said, it is better to log in as a normal user, and then become root. ...
    (Fedora)
  • Re: X11Forwarding, ssh -X, and /bin/su
    ... ]>but I'm not really tunneled using ssh then, ... ]connecting to the X server and have the home directory NFS-mounted ... ](unless you leave root unmapped over NFS, ... ]root-readable place and set the environment $XAUTHORITY variable ...
    (comp.security.ssh)
  • RE: Linux hacked
    ... hack the box, pull the drive and save it. ... Use the newest versions of Gentoo, Apache, SSH, PHP and Squirl Mail. ... been unsuccessful in getting root back. ... I found a hidden directory /var/tmp/.tmp that has a bunch of directories ...
    (Security-Basics)