It is not practical to run sshd
as non-root. sshd
needs root
privileges for
- password authentication (only
root
can access/etc/shadow
) - binding to a port that is below 1024
- calling
setuid()
in order to obtain the privileges of the user that has connected
If you use an unprivileged port and key-based only auth, you may be able to make it work, but you'll be restricted to connections with the user that is running sshd
.
There is a relevant discussion here: http://seclists.org/basics/2003/Aug/564