Robie, There are several options moving forward: 1) We need the /run/sshd file (see Ubuntu's man sshd page) to be configurable. The problem with locating the privilege separation directory in a fixed location, the systemd does not do well in multiple sshd instance assignments. The systemd will delete the processes RuntimeDirectory upon completion of the process. 2) The original OpenSSH 7.6p1 source code assigns the privilege separation directory to /var/empty (see OpenSSH man sshd page). If we assign it to /var/empty, then we get into a philosophical argument about making the /var/empty directory in an Ubuntu system. The frustration I have with both the OpenSSH teams and the Ubuntu teams is neither want to take ownership. I am trying to provide a solution to both teams and I am getting complete rejection. As far as the upstream support, we have 2 options, specifically: 1) Implement a command line option; I propose [-s separation_directory_name]. This would required editing only 1 file (i.e. sshd.c), so upstream modifications would be minimal. 2) Implement a sshd_config option; I propose "PrivSepDir separation_directory_name". This has less of a chance of conflicting with any upstream change. I cannot imagine a conflict but someone always has a better mouse-trap. So how can we come to consensus on this?
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1832110 Title: Resource Sharing with multiple sshd services To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1832110/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
