Is it possible to run sshd as a normal user?
Solution 1:
After a bit of digging around I figured it out.
Start the process with sshd -f ~/.ssh/sshd_config
where /.ssh/sshd_config
is a new file you created. Among other options (such as a different host key, different port, etc) you need to add the line UsePrivilegeSeparation no
. This will prevent the sshd
process from trying to do any setuid
or setgid
calls and allow it to continue running as your user and accept connections as your user.
EDIT: A few moments after figuring it out somebody else tweeted this link to me which confirms this is the correct way to do this: http://cygwin.com/ml/cygwin/2008-04/msg00363.html
Solution 2:
As an update to this thread, OpenSSH in version 7.5 deprecated the UsePrivilegeSeparation option, making it impossible to disable privilege separation. It appears that running SSHD as a user is now impossible.
See https://www.openssh.com/releasenotes.html
Solution 3:
Here is a userland bash sript based on the Bo Jeanes answer that :
- Create working dir in home
- generate server keys in the working dir
- generate basic config file with pid file located in the working dir
- launch SSH daemon
mkdir ${HOME}/custom_ssh
ssh-keygen -f ${HOME}/custom_ssh/ssh_host_rsa_key -N '' -t rsa
ssh-keygen -f ${HOME}/custom_ssh/ssh_host_dsa_key -N '' -t dsa
echo "Port 2222
HostKey ${HOME}/custom_ssh/ssh_host_rsa_key
HostKey ${HOME}/custom_ssh/ssh_host_dsa_key
AuthorizedKeysFile .ssh/authorized_keys
ChallengeResponseAuthentication no
UsePAM yes
Subsystem sftp /usr/lib/ssh/sftp-server
PidFile ${HOME}/custom_ssh/sshd.pid" > ${HOME}/custom_ssh/sshd_config
/usr/bin/sshd -f ${HOME}/custom_ssh/sshd_config
echo "
--------
Process ID : ${HOME}/custom_ssh/sshd.pid
-------"
- OpenSSH_7.9p1, OpenSSL 1.1.1a 20 Nov 2018
- pam auth (tested with same local & remote user)
Solution 4:
I have checked in detail the possibility of running sshd service as a normal user. Detail of the version of the program:
sshd version OpenSSH_7.4, OpenSSL 1.0.2k
Finally after solving many errors, I reached to a point that SSHD aborted with the following error:
Attempt to write login records by non-root user (aborting)
I checked the source code to see whether it is possible to solve the issue without changing the source code. See the code here. Some part of the code causing abortion of the program:
#ifndef HAVE_CYGWIN
if (geteuid() != 0) {
logit("Attempt to write login records by non-root user (aborting)");
return (1);
}
#endif
It checks the user privilege by (geteuid() != 0)
and here causes the problem.
Solution 5:
Assuming what @magiclantern noted above and assuming you don't want to patch sshd
will something like Dropbear work for you? It is used in many embedded devices that want an ssh server with smaller footprint (and fewer features/configs).