Mailing List Archive

non-root SSHD
Does OpenSSH allow unprivileged SSH daemon? I experimented with privilege separation but it requires one process running with elevated privileges and another process that could then run with user privileges. However, I could not find a way for a single daemon running unprivileged, so I am reaching out to the community hoping for some guidance.
openssh-unix-dev mailing list
Re: non-root SSHD [ In reply to ]
On Wed, 11 Sep 2019 at 21:51, Parag Chinchole <> wrote:
> Does OpenSSH allow unprivileged SSH daemon?

Yes, with some caveats. When we run the regression tests (ie "make
tests) without sudo, these run entirely without privilege.

The caveats I can think of are:
- on most platforms password authentication requires privileges to
read the password file or invoke PAM to do so. The tests use only key
- binding to low port numbers requires privileges on many platforms.
- on some platforms allocationg a psudeoterminal requires privileges.

As I said last time this came up
( the
two-process (privsep) use case with an unprivileged user should be a
supported configuration.

Darren Tucker (dtucker at
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
openssh-unix-dev mailing list