Privilege separation user problems

5 posts / 0 new
Last post
chemtamu
Offline
Last seen: 6 years 4 months ago
Joined: 23.08.2012 - 15:53
Privilege separation user problems

I have been using CopSSH for the last few major versions without problem.  I recently discovered the windows user sshd was disabled and belong to no groups.  I thought it was an account left over from previous installations and testing, so I removed it.  Now CopSSH will not authenticate and the service shuts down automatically with the error "Privilege separation user sshd does not exist" in sshd-stderr.log.

I realize that the obvious fix is to re-create the sshd account, but that seems pointless and messy.  Before I just blindly fix it, could some please answer these questions?

1. Is the sshd user account really necessary, especially if I found it completely disabled?  (Apparently, CopSSH works without it being disabled.)
2. How does the sshd user account differ from the SvcCOPSSH account?
3. Does Privilege separation user even work in CopSSH?
4. If so, how can I correctly configure Privilege separation user to work properly?
5. How can I verify Privilege separation user is working?

Thanks

 

itefix
Offline
Last seen: 2 days 2 hours ago
Joined: 01.05.2008 - 21:33
Copssh uses openssh privilege

Copssh uses openssh privilege separation feature which is dependent on the existence of sshd account. It is an integrated part of the setup which is broken in your case. The solution is to uninstall Copssh completely and reinstall it again.

chemtamu
Offline
Last seen: 6 years 4 months ago
Joined: 23.08.2012 - 15:53
Thank you for the link and

Thank you for the link and information.  But this does not answer how to verify it is working.  As I said, CopSSH continues to function even if sshd Windows account is disabled and has absolutely no priveledges.  Doesn't this indicate that privilege separate is not working?  If I enable the sshd account, how would I know that CopSSH is now using the sshd account properly for privilege separation?  I don't trust that CopSSH actually implements privilege separation on Windows.

Lastly, the link you sent tries to be general, but it is still primarily in a "Unix/Linux" context.  That does not explain how CopSSH actually uses the Windows accounts.  I like to understand more details than just "reinstall".

itefix
Offline
Last seen: 2 days 2 hours ago
Joined: 01.05.2008 - 21:33
Privilege separation is an

Privilege separation is an internal feature in the daemon which is divided into two parts - one frontend accepting connections and the other part processing other logic. The idea behind privilege separation is to run the first one by a limited account (sshd) to reduce attack surface. This is achieved by requiring that this limited account should be a disabled one with home directory /var/empty with strict rights.

If you set PrivilegeSeparation to yes (default in Copssh) in the configuration file, the daemon behaves like described above. If PrivilegeSeparation is set no, then all daemon code is run by the service account. You can then remove sshd account.

I have no idea how to monitor privilege separation. Copssh runs OpenSSH on Cygwin, which is a POSIX emulation layer. It uses many of the concepts in the link I sent you.

 

chemtamu
Offline
Last seen: 6 years 4 months ago
Joined: 23.08.2012 - 15:53
This is great information,

This is great information, enough for me to ensure that I have CopSSH configured correctly.  Thank you for the quick reply and useful information.