[SOLVED] ssh group

S

szeoguprer

New Member
Jul 5, 2020
15
1
3
I wanted to create a new group with the name "ssh" where I put all users that are allowed to connect via SSH.
Then I noticed that this group does already exist.

Now I'm not sure if this group does serve a specific purpose or can I safely use it for the intended use?
Does this group come from Debian, SSH or Proxmox?

I couldn't find any useful information neither online or in the ssh manpage.

To be clear: I'm talking about groups on the Debian OS itself, not PVE GUI or something.
 
szeoguprer said:
So does the group get created when I install OpenSSH? Or is it related to Proxmox?
Click to expand...

It's the Debian package:

Code: 
$ docker run -it --rm debian:10
root@9b60a33c5d0d:/# grep -ci ssh /etc/group
0

root@9b60a33c5d0d:/# apt-get update -qq
root@9b60a33c5d0d:/# apt-get install -qq openssh-server
[...]

root@9b60a33c5d0d:/# grep -ci ssh /etc/group
1


szeoguprer said:
Where do you have this information from?
Click to expand...

Good question!
 
  • Like
Reactions: szeoguprer
So when this group come with the OpenSSH package, why is there no documentation about what is group is used for?
Anyway, it doesn't matter.

I've created a new group named "ssh-user" for the intended purpose. Just to be safe.
 
the 'ssh' group is actually used by the ssh agent, and thus created when you install openssh-client:
Code: 
$ stat /usr/bin/ssh-agent
  File: /usr/bin/ssh-agent
  Size: 321672          Blocks: 418        IO Block: 131072 regular file
Device: 19h/25d Inode: 1321548     Links: 1
Access: (2755/-rwxr-sr-x)  Uid: (    0/    root)   Gid: (  109/     ssh)
[...]

the server part uses the 'sshd' user for privilege separation. in either case, you should not re-use that group/user for other purposes.
 
  • Like
Reactions: szeoguprer
You must log in or register to reply here.
Top Bottom