On 27/01/16 15:39, mu dongliang wrote:
Hello everyone,
I am a newbie about openssh. I have seen privilege separation mechanism in openssh.
I did some small experiment in my Debian Jessie. I observed that this privilege separation use monitor-slave model (1:1). I am curious why openssh implements this with monitors-slaves(1:n)!
I doubt whether the former is suitable. And I think the latter is more like real world.
What's your opinion about this thought?
- mudongliang
Hello Mudongliang
Have you already read http://www.citi.umich.edu/u/provos/ssh/privsep.html ?
I'm not able to answer you though, as I have trouble understanding you.
You seem to contradict yourself mentioning 1:1 and 1:n, so in the end
it's not clear what you are asking. :(
Maybe try to clarify it and make a more concrete question? Also, it
would be benefitial if you expanded a bit on why you consider the
current implementation would be unsuitable.
Regards
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev