Splitting of sshd binaries in 9.8?

Lars Noodén lars.nooden at gmx.com
Sun Jul 14 17:55:21 AEST 2024 

I realize that the splitting of the sshd binaries is a work in progress.
  Nonetheless I am trying to make a diagram of the situation as of 9.8.
How close have I gotten?

Is it correct that currently for a basic session, binaries are run four
ways?

1. A privileged binary to listen for incoming connections (66717 below)

2. A privileged session monitor to track the session, for the duration
of the session (1095 below)

3. A temporary, unprivileged binary to negotiate the key exchange and
the authentication with the privileged monitor (6801 below)

4. An unprivileged binary running as the main account for the duration
of the session (95350 below)

Here is what I am seeing with ps:

$ ps -ax -o user,pid,ppid,args | grep [s]shd
root     66717     1 sshd: /usr/sbin/sshd [listener] 0 of 10-100
startups (sshd)

$ ps -ax -o user,pid,ppid,args | grep [s]shd
root     66717     1 sshd: /usr/sbin/sshd [listener] 1 of 10-100
startups (sshd)
root      1095 66717 sshd-session: lars [priv] (sshd-session)
sshd      6801  1095 sshd-session: lars [net] (sshd-session)

$ ps -ax -o user,pid,ppid,args | grep [s]shd
root     66717     1 sshd: /usr/sbin/sshd [listener] 0 of 10-100
startups (sshd)
root      1095 66717 sshd-session: lars [priv] (sshd-session)
lars     95350  1095 sshd-session: lars at ttyp1 (sshd-session)

And here is an ASCII art interpretation sequence, partially based on
Niels Provos' privilege separation diagram from 2003:

+----------+
|  priv    | <========================================= New Connection
| listener |
|  (root)  |
|          |
|          |  +---------+
|          +--+  priv   |
|          |  | session |
|          |  | monitor |
|          |  | (root)  |                  +--------+
|          |  |         +------------------+ unpriv |
|          |  |         |                  |   net  | ==> Key Exchange
|          |  |         |                  | (sshd) | <==
|          |  |         |                  |        |
|          |  |         |                  |        | ==> Authentication
|          |  |         |                  |        | <==
|          |  |         | <== Req Auth === |        |
|          |  |         | = Auth Result => |        |
|          |  |         |                  +--------+
|          |  |         |
|          |  |         |                  +---------+
|          |  |         +------------------+ unpriv  |
|          |  |         |                  | session |
|          |  |         | <== Req PTY ==== | (lars)  |
|          |  |         | === Pass PTY ==> |         |
|          |  |         |                  |         | ==> Net traffic
|          |  |         |                  |         | <==
+----------+  +---------+                  +---------+

Have I missed or misinterpreted anything?

Thanks.
/Lars

More information about the openssh-unix-dev mailing list