[SOLVED] ssh group

szeoguprer · Jul 7, 2020

I wanted to create a new group with the name "ssh" where I put all users that are allowed to connect via SSH.
Then I noticed that this group does already exist.

Now I'm not sure if this group does serve a specific purpose or can I safely use it for the intended use?
Does this group come from Debian, SSH or Proxmox?

I couldn't find any useful information neither online or in the ssh manpage.

To be clear: I'm talking about groups on the Debian OS itself, not PVE GUI or something.

matrix · Jul 8, 2020

szeoguprer said:
Now I'm not sure if this group does serve a specific purpose or can I safely use it for the intended use?
Does this group come from Debian, SSH or Proxmox?

SSH user or group is used with privilege separation in openSSH, try to create a group with different name

szeoguprer · Jul 8, 2020

matrix said:
SSH user or group is used with privilege separation in openSSH

So does the group get created when I install OpenSSH? Or is it related to Proxmox?

matrix said:
try to create a group with different name

Yes I'll do that. Thank you.

Where do you have this information from?
I really couldn't find anything in the SSH manpage.

LnxBil · Jul 9, 2020

szeoguprer said:
So does the group get created when I install OpenSSH? Or is it related to Proxmox?

It's the Debian package:

Code:

$ docker run -it --rm debian:10
root@9b60a33c5d0d:/# grep -ci ssh /etc/group
0

root@9b60a33c5d0d:/# apt-get update -qq
root@9b60a33c5d0d:/# apt-get install -qq openssh-server
[...]

root@9b60a33c5d0d:/# grep -ci ssh /etc/group
1

szeoguprer said:
Where do you have this information from?

Good question!

szeoguprer · Jul 9, 2020

So when this group come with the OpenSSH package, why is there no documentation about what is group is used for?
Anyway, it doesn't matter.

I've created a new group named "ssh-user" for the intended purpose. Just to be safe.

fabian · Jul 10, 2020

the 'ssh' group is actually used by the ssh agent, and thus created when you install openssh-client:

Code:

$ stat /usr/bin/ssh-agent
  File: /usr/bin/ssh-agent
  Size: 321672          Blocks: 418        IO Block: 131072 regular file
Device: 19h/25d Inode: 1321548     Links: 1
Access: (2755/-rwxr-sr-x)  Uid: (    0/    root)   Gid: (  109/     ssh)
[...]

the server part uses the 'sshd' user for privilege separation. in either case, you should not re-use that group/user for other purposes.

Search

Search

[SOLVED] ssh group

szeoguprer

New Member

matrix

Active Member

szeoguprer

New Member

LnxBil

Distinguished Member

szeoguprer

New Member

fabian

Proxmox Staff Member