monitor-slave model

Ángel González keisial at gmail.com
Thu Jan 28 09:27:08 AEDT 2016


On 27/01/16 15:39, mu dongliang wrote:
> Hello everyone,
>      I am a newbie about openssh. I have seen privilege separation mechanism in openssh.
>      I did some small experiment in my Debian Jessie. I observed that this privilege separation use monitor-slave model (1:1). I am curious why openssh implements this with monitors-slaves(1:n)!
>      I doubt whether the former is suitable. And I think the latter is more like real world.
>      What's your opinion about this thought?
>
>      - mudongliang

Hello Mudongliang

Have you already read http://www.citi.umich.edu/u/provos/ssh/privsep.html ?

I'm not able to answer you though, as I have trouble understanding you. 
You seem to contradict yourself mentioning 1:1 and 1:n, so in the end 
it's not clear what you are asking. :(
Maybe try to clarify it and make a more concrete question? Also, it 
would be benefitial if you expanded a bit on why you consider the 
current implementation would be unsuitable.

Regards




More information about the openssh-unix-dev mailing list