Hi. On Fri 2003-01-31 at 23:57:16 -0700, [EMAIL PROTECTED] wrote: > On Sat Feb 01, 2003 at 12:17:05AM -0500, Scott Crumpler wrote: > > > I'm noticing some wierd behavior on the behalf of my OpenSSH daemon... When > > it starts listening, there is only one instance of the process in memory. > > But after I connect to it, there are 3 instances. Now I can understand 2 > > instances (one to handle the connection and another one that forked off to > > wait for the next connection). However, I can't think of why there would be > > 3 instances. When I make 2 simultaneous connections, the number of sshd > > processes becomes 5. > > > > Any ideas? Is something strange happening here? > > One word: privsep. No time to discuss the details, you can find out > about it in the openssh docs. But privsep is the "culprit" here and > it's perfectly normal.
Just some more words. privsep is short for privilege seperation and is a mean to reduce security risks, or in other words: an additional layer for an attacker to overcome. The idea is to run as much as possible with lowered privileges. This is accomplished by running two processes. The privileged parent process monitors the progress of the unprivileged child process. The child is the only process that processes network data. The privileged parent needs few code and therefore there is much less code being executed with privileges. A well defined interface between privileged parent and unprivileged child allows the child to delegate operations that require privileges to the parent. Successful authentication is determined by the parent process. That and more can be found on http://www.citi.umich.edu/u/provos/ssh/privsep.html HTH, Benjamin.
msg65367/pgp00000.pgp
Description: PGP signature
