Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 11 Mar 2006 02:36:15 +0200 (EET)
From:      Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
To:        Michael Proto <mike@jellydonut.org>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: RELENG_4 on flash disk and swap
Message-ID:  <20060311022231.K25921@atlantis.atlantis.dp.ua>
In-Reply-To: <2838070.1142015777207.JavaMail.root@mswamui-thinleaf.atl.sa.earthlink.net>
References:  <2838070.1142015777207.JavaMail.root@mswamui-thinleaf.atl.sa.earthlink.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

Hello!

On Fri, 10 Mar 2006, Michael Proto wrote:
>> dmitry@test$ ps axu |grep ssh
>> root   20213  0.0  1.3 54724  3356  ??  Is    4:00PM   0:00.10 sshd: dmitry
>> 								[priv]
>> dmitry 20216  0.0  1.3 54724  3356  ??  I     4:00PM   0:00.03 sshd:
>> 								dmitry@tty
>> root   20229  0.0  1.3 54724  3356  ??  Ss    4:00PM   0:00.10 sshd: dmitry
>> 								[priv]
>> dmitry 20232  0.0  1.3 54724  3356  ??  S     4:00PM   0:00.03 sshd:
>> 								dmitry@tty
>>
>> It's the result of 2 incoming OpenSSH sessions: 2 processes per session,
>
> You're correct, I could have sworn that sshd ran as the sshd user with the 
> (somewhat) new privsep settings but it appears that I'm mistaken. My only

  One of OpenSSH's sshd processes actually runs under 'sshd' user, but only 
during authentication phase. That's how it looks at this point in up-to-date
6.1-PRERELEASE:

root     953  1.5  0.5  4420  2616  ??  Ss    2:11AM   0:00.04 sshd: dmitry
 							[priv] (sshd)
root     637  0.0  0.5  2880  2332  ??  Ss    2:05AM   0:00.00 /usr/sbin/sshd
sshd     954  0.0  0.5  4284  2464  ??  S     2:11AM   0:00.02 sshd: dmitry
 							[net] (sshd)
root     959  0.0  0.5  4424  2620  ??  S     2:11AM   0:00.00 sshd: dmitry
 							[pam] (sshd)

(pid=637 is the main dispatcher process). 3 processes per connection, 2 of 
them running as root! Looks as an ideal model for DoSers ;) I still prefer 
good old SSH.COM's sshd: single (although root's) and slimer (VSZ-wise) 
process per connection:

root     574  0.0  0.4  2556  1948  ??  Ss    2:16AM   0:00.02
 					/usr/local/sbin/sshd2 -p 22
root    2033  0.0  0.4  2704  2156  ??  S     2:29AM   0:00.08
 					/usr/local/sbin/sshd2 -p 22

(again, pid=574 is the dispatcher).

Sincerely, Dmitry
-- 
Atlantis ISP, System Administrator
e-mail:  dmitry@atlantis.dp.ua
nic-hdl: LYNX-RIPE

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060311022231.K25921>