[Hcoop-discuss] Port forwarding and sshd option UsePrivilegeSeparation
Adam Chlipala
adamc at hcoop.net
Tue Nov 1 10:13:17 EST 2005
Much to my dismay, no resident Linux security experts rushed to answer
this one. :-P
From the default sshd config file from the Debian package, it looks
like this option is viewed as increasing security, so I decided to turn
it on. I believe this should fix Anil's problem. If anyone finds that
this causes any problems that counterbalance the security benefits it
seems to give us, let me know.
Anil K. Narayanan wrote:
>I am trying to get port forwarding working with my account on
>fyodor. The firewall rule and socket permissions are in place for
>irc.freenode.net:6667 (for my login) but ssh complains saying 'channel
>2: open failed: connect failed: Connection refused'. I am however
>able to get hcoop.net:80 forwarded. This makes it look like the reason
>might be the sshd process running as root instead of my own login
>(considering the per user firewall rules that might be setup). So
>wanted to know if turning on the UsePrivilegeSeparation option in sshd
>configuration would affect us. And other ways I can get the
>forwarding working.
>
>
More information about the HCoop-Discuss
mailing list