Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Markus Friedl (markusopenbsd.org)
Date: Tue Nov 13 2001 - 04:33:16 CST
> Every few months, I do an analysis of the remote services on my systems
> to figure out what I don't trust so that I can refine my compromise
> mitigation measures (running daemons as a non-root user, in chrooted
> environments, firewalled to restricted IPs, etc). The OpenSSH daemon
> has been high on my list of nasties for the last half year or so.
you don't need to run openssh as root if it does
not need to switch uids / allocate ptys.