RE: setuid for "ssh"

From: "Gavin McDonald" <gavitron@xxxxxxxxx>
Date: Thu, 29 Dec 2005 12:44:10 -0800

Why can't you simply su to root, then start ssh. I'm sure the list will
correct me if I'm wrong, but I think running ssh _as_ root is a huge
security hole. (If it is even possible...)

Regards,

Gavin McDonald
========================
EVI Logistic Enterprises
email: me@xxxxxxxxxxxx
phone: (604) 313-3845

> -----Original Message-----
> From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-
> bounces@xxxxxxxxxx] On Behalf Of Sachin Bhugra
> Sent: Thursday, December 29, 2005 12:37 PM
> To: redhat-list@xxxxxxxxxx
> Subject: setuid for "ssh"
>
> Hello,
>
> Can anybody pls tell me how to "setuid root" for ssh. I set the suid
> bit for ssh and it looks like:
>
> -rws--x--x 1 root root 217208 Sep 17 2003 /usr/bin/ssh
>
> But the problem is, when i try to use ssh as normal user, then it runs
> with normal user permissions and not with root. Say if i start ssh
> under user account "abc", then ps -Af shows:
>
> abc 1671 1636 0 00:46 pts/2 00:00:00 ssh 192.168.0.10
>
> That means it is starting with the authority of the user and not root.
>
> any ideas??
>
> PS: I am doing this to set RhostsAuthentication with /etc/hosts.equiv,
> on my private network, but cannot get it to work.
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Follow-Ups:
- RE: setuid for "ssh"
  - From: alan

References:
- setuid for "ssh"
  - From: Sachin Bhugra

Prev by Date: setuid for "ssh"
Next by Date: RE: setuid for "ssh"
Previous by thread: setuid for "ssh"
Next by thread: RE: setuid for "ssh"
Index(es):
- Date
- Thread

Relevant Pages

RE: Linux hacked
... Also, what exactly did the history file show, can you paste it into a mail ... > First let me say I'm a security novice. ... > been unsuccessful in getting root back. ... > via ssh but you could su in once logged in as one of three users. ...
(Security-Basics)
Re: Linux hacked
... To find out what kernel version you are running, type "uname -a" without ... > been unsuccessful in getting root back. ... > via ssh but you could su in once logged in as one of three users. ...
(Security-Basics)
RE: Linux hacked
... Was any of the sites running a php nuke or another portal or system that is vuln ... been able to use that with a locla root exploit to gain root on the machine. ... > hack the box, pull the drive and save it. ... > Use the newest versions of Gentoo, Apache, SSH, PHP and Squirl Mail. ...
(Security-Basics)
Re: About ssh login
... I want to ssh to my client,there is sonic-firewall. ... It is usually a bad idea to root logins from the Internet because it exposes the root account to automated cracking attempts. ... If you can, also limit it to connections for a specific IP address, or range of addresses. ... As others have said, it is better to log in as a normal user, and then become root. ...
(Fedora)
Re: X11Forwarding, ssh -X, and /bin/su
... ]>but I'm not really tunneled using ssh then, ... ]connecting to the X server and have the home directory NFS-mounted ... ](unless you leave root unmapped over NFS, ... ]root-readable place and set the environment $XAUTHORITY variable ...
(comp.security.ssh)