[SOLVED] ssh

yangyiin · 11-14-2020, 02:30 AM

hi,
i see that when i login with ssh:
ssh y@remote
In remote:

Code:

 ps -ef|grep y
root      20448   1292  0 09:19 ?        00:00:00 sshd: y [priv]
y   20483  20448  0 09:19 ?        00:00:00 sshd: y@pts/12
y   20484  20483  0 09:19 pts/12   00:00:00 -bash
y   21708  20484  0 09:26 pts/12   00:00:00 ps -ef

why this ssh connection start as root user and then as y user?

Turbocapitalist · 11-14-2020, 02:37 AM

The idea is to separate the privileges as much as possible and give each one the least amount of privilege necessary to accomplish its task.

The root-level access is necessary to bind to a low port, and to launch child processes as other accounts. Since port 22 is needed for incoming connections the daemon is launched as root. Then an unprivileged account, sshd, is used to deal with the initial parts of an incoming connection, and that too needs root. Once you are authenticated, a process is launched for your account, again by root. Thereafter you are only dealing with your own processes.

tldr; privilege separation.