HPE Community
Operating System - HP-UX
1823184 Members
3631 Online
109647 Solutions
New Discussion юеВ

user of sshd

 
SOLVED
Go to solution
yyghp
Super Advisor

тАО11-25-2004 05:40 AM

тАО11-25-2004 05:40 AM

user of sshd

I found that on two of our servers, there are "sshd" daemons owned by "root" and a normal user (actv1_it):

On server1:
# ps -ef | grep ssh
root 732 1 0 Oct 17 ? 0:00 /opt/ssh/sbin/sshd
root 19053 732 0 17:19:43 ? 0:00 sshd: actv1_it [priv]
actv1_it 14466 14464 0 10:08:20 ? 0:00 sshd: actv1_it@notty
actv1_it 19020 19018 0 17:18:00 ? 0:00 sshd: actv1_it@notty
actv1_it 14467 14466 0 10:08:20 ? 0:01 /opt/ssh/libexec/sftp-server
actv1_it 14545 14531 0 10:11:12 ? 0:00 sshd: actv1_it@pts/5
root 16386 16366 1 11:21:12 pts/tc 0:00 grep ssh
root 14531 732 0 10:10:57 ? 0:00 sshd: actv1_it [priv]
root 19018 732 0 17:17:49 ? 0:00 sshd: actv1_it [priv]
actv1_it 19055 19053 0 17:19:54 ? 0:00 sshd: actv1_it@pts/0
actv1_it 19027 19020 0 17:18:00 ? 0:00 /opt/ssh/libexec/sftp-server
root 14464 732 0 10:08:18 ? 0:00 sshd: actv1_it [priv]


On server 2
# ps -ef | grep ssh
root 614 1 0 Nov 1 ? 0:00 /opt/ssh/sbin/sshd
root 5650 614 0 10:28:10 ? 0:00 sshd: actv1_it [priv]
root 6521 6506 1 11:24:30 pts/tf 0:00 grep ssh
actv1_it 5639 5638 0 10:27:05 ? 0:00 /opt/ssh/libexec/sftp-server
root 5629 614 0 10:26:53 ? 0:00 sshd: actv1_it [priv]
actv1_it 5652 5650 0 10:28:27 ? 0:00 sshd: actv1_it@pts/0
actv1_it 5638 5629 0 10:27:05 ? 0:00 sshd: actv1_it@notty

I wonder why some "sshd: actv1_it" daemons are owned by "root" while some of them are owned by "actv1_it":
root 19053 732 0 17:19:43 ? 0:00 sshd: actv1_it [priv]
actv1_it 14466 14464 0 10:08:20 ? 0:00 sshd: actv1_it@notty

What does "[priv]" mean ?

Thanks !
0 Kudos
Reply
3 REPLIES 3
Asad Malik
Frequent Advisor

тАО11-25-2004 06:23 AM

тАО11-25-2004 06:23 AM

Re: user of sshd

that is normal ssh behaviour.
0 Kudos
Reply
yyghp
Super Advisor

тАО11-25-2004 06:31 AM

тАО11-25-2004 06:31 AM

Re: user of sshd

Thanks, but could you please tell me some details, like what's the difference between them ?
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО11-25-2004 06:54 AM

тАО11-25-2004 06:54 AM

Solution

Re: user of sshd

When a normal user logs in using ssh the sshd daemon spawns a process for them. To have that users privleges, the process needs to be owned by the user. If root owns the process the ssh session might be able to gain root privileges.


If you have a lot of telnet or ftp users you'd notice the same thing.

Perfectly normal, nothing to worry about unless that user shouldn't be logged in.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.