SSH服务器以不接受连接的系统帐户启动
[英]SSH server started with a system account not accepting connections
问题描述
I started a new SSH daemon with a config file with a non-standard port number. 
我使用带有非标准端口号的配置文件启动了一个新的SSH守护程序。 Now if I start the SSHD as sudo I can SSH onto the host but if i start as a different system account, the daemon starts but the connections fail. 现在,如果我以sudo的身份启动SSHD,则可以SSH到主机上,但是如果以其他系统帐户身份启动,则守护程序将启动,但连接失败。 Does the SSHD always need to be started as root ? SSHD是否始终需要以root用户身份启动?
I made sure the SSHD is running, it just doesnt accept connections. 我确保SSHD正在运行,只是不接受连接。
2 个解决方案
解决方案1
1 已采纳 2014-05-06 22:27:31
It is not practical to run sshd as non-root. 以非sshd身份运行sshd是不切实际的。 sshd needs root privileges for sshd需要具有root特权
- password authentication (only
rootcan access/etc/shadow)密码认证(只有root可以访问/etc/shadow) - binding to a port that is below 1024 绑定到低于1024的端口
- calling
setuid()in order to obtain the privileges of the user that has connected调用setuid()以获得已连接用户的特权
If you use an unprivileged port and key-based only auth, you may be able to make it work, but you'll be restricted to connections with the user that is running sshd . 如果您使用非特权端口和仅基于密钥的身份验证,则可以使其正常运行,但是您将只能与运行sshd的用户建立连接。
There is a relevant discussion here: http://seclists.org/basics/2003/Aug/564 这里有一个相关的讨论: http : //seclists.org/basics/2003/Aug/564
解决方案2
0 2014-05-06 22:22:40
Which port did you use? 您使用哪个端口? Ports below 1024 are privileged to Root only. 低于1024的端口仅享有“根”权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.