ETOOBUSY 🚀 minimal blogging for the impatient
Run an OpenSSH server as a regular, unprivileged user
It’s easy to run
sshdas a regular user.
It’s not wonder I’m looking at Gitolite and I’m using the SSH part of it. It seems the most straightforward to set up, at least for me, involving no other software/configuration.
As it relies on SSH, it relies upon the presence of a SSH server, which for me means relying upon OpenSSH.
It usually runs with
root privileges, mostly because it needs to bind
to port 22 (which is below 1024, which means it’s privileged). As I
don’t like it, I’ve looked around to see how to avoid doing this.
Well, maybe the SSH alternative does involve other software/configuration in the end 🙄
I’d like to give credits to SOLVED: Run SSHD as non-root user (without sudo) in Linux for giving me the right hints. The suggestions work well, as it is demonstrated by the fact that gitolite-dibs produces a container that is run as an unprivileged user without any specific tweaking. Yay!
You’re encouraged to read the tutorial, of course, as I want to give due credits for the help I received. Anyway, the TL;DR is more or less the following:
- arrange your own configuration file (e.g.
- make sure to bind to an unprivileged port (e.g. I use port
- generate the appropriate host keys with
ssh-keygenend point them from the configuration file
- set everything readable/writeable/possibly executable only by the owner and exclude everything else for anybody else (including group).
I hope it helps!