Hi, I've just committed a change to start the process of splitting the monolithic sshd binary into pieces. This change splits sshd into a listener and a session binary. The listener binary does what it says on the tin: listens for incoming connections. It will also do configuration validation, hostkey loading and other housekeeping like enforcing MaxStartups. The new sshd-session binary is executed for each connection. It handles everything relating to a single connection, including understanding the SSH protocol, user authentication, shell/command execution, etc. Further splitting of the sshd-session binary is planned. Ultimately we'd like to get to a place where all the privileged code is in a completely separate binary to all the unprivileged code. This change should be almost completely invisible to users. The most apparent change should be that you will see "sshd-session" in your process list when a connection is active: [djm@djm ~]$ ps ax | grep sshd 30745 ?? S 0:00.00 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups 64369 ?? S 0:00.03 sshd-session: djm [priv] (sshd-session) 70295 ?? S 0:00.00 sshd-session: djm@ttyp0 (sshd-session) If you like killing specific ssh sessions via process name then you might need to adjust your fingers/scripts. Distributors of OpenSSH will need to package the new binary. By default this goes to LIBEXECDIR as supplied to configure. We'd appreciate testing of this change by the community. Please report any problems resulting from this change either to this list or to https://bugzilla.mindrot.org/ Thanks! _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
