Re: Unix socket support for sshd

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu 2016-02-04 10:57:21 -0500, Ron Frederick wrote:
>> On Feb 4, 2016, at 7:46 AM, Daniel Kahn Gillmor <dkg@xxxxxxxxxxxxxxxxx> wrote:
>> fwiw, i think this is a good idea, but i wouldn't implement it as an
>> explicit ListenAddress option: i'd rather have sshd be able to listen on
>> an inherited file descriptor.  This would allow generic socket
>> activation, regardless of socket type.
>
> Can’t this already be done with “sshd -i”, by passing in the socket
> via stdin/stdout? A simple wrapper which listened on the UNIX domain
> socket could fork & exec “sshd -i” as new UNIX domain socket
> connections arrived, similar to inetd.

I've done this before (and even had ssh running over the serial console
with it), but forking and exec'ing a new sshd instance for each
connection is rather different from having a running sshd that can make
overall decisions about the state of the machine (e.g. MaxStartups in
sshd_config(5)), and it also requires a bunch of initial setup work each
time a connection comes in.

socket activation handed off to a single running master daemon addresses
both of these legit engineering concerns better than an inetd-spawned
"sshd -i" would.

        --dkg
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux