Splitting sshd

Damien Miller djm at mindrot.org
Fri May 17 14:47:39 AEST 2024


I've just committed a change to start the process of splitting the
monolithic sshd binary into pieces. This change splits sshd into a
listener and a session binary.

The listener binary does what it says on the tin: listens for incoming
connections. It will also do configuration validation, hostkey loading
and other housekeeping like enforcing MaxStartups.

The new sshd-session binary is executed for each connection. It handles
everything relating to a single connection, including understanding the
SSH protocol, user authentication, shell/command execution, etc.

Further splitting of the sshd-session binary is planned. Ultimately
we'd like to get to a place where all the privileged code is in a
completely separate binary to all the unprivileged code.

This change should be almost completely invisible to users. The most
apparent change should be that you will see "sshd-session" in your
process list when a connection is active:

[djm at djm ~]$ ps ax | grep sshd
30745 ??  S  0:00.00 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups
64369 ??  S  0:00.03 sshd-session: djm [priv] (sshd-session)
70295 ??  S  0:00.00 sshd-session: djm at ttyp0 (sshd-session)

If you like killing specific ssh sessions via process name then you
might need to adjust your fingers/scripts.

Distributors of OpenSSH will need to package the new binary. By
default this goes to LIBEXECDIR as supplied to configure.

We'd appreciate testing of this change by the community. Please report
any problems resulting from this change either to this
list or to https://bugzilla.mindrot.org/


More information about the openssh-unix-dev mailing list