> Every few months, I do an analysis of the remote services on my systems
> to figure out what I don't trust so that I can refine my compromise
> mitigation measures (running daemons as a non-root user, in chrooted
> environments, firewalled to restricted IPs, etc). The OpenSSH daemon
> has been high on my list of nasties for the last half year or so.

you don't need to run openssh as root if it does
not need to switch uids / allocate ptys.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]