[solved] sshd group usable?

[Sujao]

Hi,

I would like to let only people login via ssh that are in a "ssh" group. I found out that I already have the "sshd" group with gid 22 in /etc/group. I wonder whether this group is reserved for the ssh daemon or I can use it freely. My concern is that if I add somebody to sshd and the daemon uses this group in some way, this user could then manipulate the daemon because he has group permissions.

How can I check whether there is a security issue?

I didn't find any files belonging to group sshd, am I on the safe side then?

[vuakko]

I'm quite sure that the user/group sshd is the account sshd is run under. Idea is that, just as with any server, if it is run
under an account without any privileges, then a cracker gains little by cracking the ssh server. So just create a new group.

[Sujao]

Well, I couldn't find any files belonging to sshd and the sshd process runs as root.

[manaka]

user and group sshd is used by the openssh daemon when compiled with privilege separation. It runs as such user during the transitory preauthentication phase. See http://article.gmane.org/gmane.network.openssh.devel/1677/match=openssh+privilege+separation+user+sshd for the full details.

You should create another group for the users allowed to login via ssh.
_________________
Javier Miqueleiz

"Listen to your heart. It knows all things, because it came from the Soul of the World, and it will one day return there."

[Sujao]

great, thx for the info