Yes it is quite comforting this is post-authentication, so in most cases no big ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		antocv on Nov 8, 2013 \| parent \| context \| favorite \| on: OpenSSH security advisory Yes it is quite comforting this is post-authentication, so in most cases no big deal. Just tough luck for shared accounts. I guess most people dont run sshd as root and capabilities either so that minimizes damage too. Another reason to not run ssh on port 22, no root, no special caps needed.

Nick_C on Nov 9, 2013 [–]

All my servers run sshd as root, including the FreeBSD ones. Is that ok? Or do you mean that sshd drops privileges for the child after forking?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact