I realize that the splitting of the sshd binaries is a work in progress. Nonetheless I am trying to make a diagram of the situation as of 9.8. How close have I gotten? Is it correct that currently for a basic session, binaries are run four ways? 1. A privileged binary to listen for incoming connections (66717 below) 2. A privileged session monitor to track the session, for the duration of the session (1095 below) 3. A temporary, unprivileged binary to negotiate the key exchange and the authentication with the privileged monitor (6801 below) 4. An unprivileged binary running as the main account for the duration of the session (95350 below) Here is what I am seeing with ps: $ ps -ax -o user,pid,ppid,args | grep [s]shd root 66717 1 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd) $ ps -ax -o user,pid,ppid,args | grep [s]shd root 66717 1 sshd: /usr/sbin/sshd [listener] 1 of 10-100 startups (sshd) root 1095 66717 sshd-session: lars [priv] (sshd-session) sshd 6801 1095 sshd-session: lars [net] (sshd-session) $ ps -ax -o user,pid,ppid,args | grep [s]shd root 66717 1 sshd: /usr/sbin/sshd [listener] 0 of 10-100 startups (sshd) root 1095 66717 sshd-session: lars [priv] (sshd-session) lars 95350 1095 sshd-session: lars@ttyp1 (sshd-session) And here is an ASCII art interpretation sequence, partially based on Niels Provos' privilege separation diagram from 2003: +----------+ | priv | <========================================= New Connection | listener | | (root) | | | | | +---------+ | +--+ priv | | | | session | | | | monitor | | | | (root) | +--------+ | | | +------------------+ unpriv | | | | | | net | ==> Key Exchange | | | | | (sshd) | <== | | | | | | | | | | | | ==> Authentication | | | | | | <== | | | | <== Req Auth === | | | | | | = Auth Result => | | | | | | +--------+ | | | | | | | | +---------+ | | | +------------------+ unpriv | | | | | | session | | | | | <== Req PTY ==== | (lars) | | | | | === Pass PTY ==> | | | | | | | | ==> Net traffic | | | | | | <== +----------+ +---------+ +---------+ Have I missed or misinterpreted anything? Thanks. /Lars _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev