New feature discussion: sshd --status

Damien Miller djm at mindrot.org
Mon Sep 15 09:01:57 EST 2014


On Sun, 14 Sep 2014, Loganaden Velvindron wrote:

> Hi All,
>
> I would like to know if there would be any objectionn to having a
> --status flag which would be useful to show logged in users. w and who
> already do that. The output would go further: show list of forwarded
> ports.

Apart from --long_options being frowned upon, there is no single place
that collects all this information. All sshd instances that are handling
connections are completely* independent.

There are arguments for and against making the master listener sshd take
a more active role in the lifecycle of its children.


The main for doing so is that it would allow us to better notice
abnormal termination of sshd processes. E.g. noticing when waitpid()
indicates that child crashed or the connection was closed for too many
authentication attempts. Either of these could be useful signals for
blackholing bad origins.

The main argument against is that it builds more complexity into perhaps
the most critical section of sshd code. If there is a bug in the master
accept loop that causes sshd to crash, then users can no longer log in
via ssh...

-d

* well, after authentication concludes (cf. MaxStartups)


More information about the openssh-unix-dev mailing list