What are all these ssh processes all about?
Hello, Trying to understand what these ssh processes are all about. The machine in question is located in my garage. There should only be one ssh connection (me ssh'ing into it from my office). What are the others about? EDIT. Also, why do the number of processes magically change? Thank you
Code:
[Michael@devserver ~]$ ps aux | grep ssh |
ps isn't great for telling what is an actual logged in user, I'd get the output of "w"
Code:
# w |
Thanks r3sistance,
Glad I didn't have a bunch of hackers logged onto my server! |
You can try some different options to ps to see better what is going on:
Code:
# ps axjf | grep [s]shd First you have a privileged process which listens on port 22. This sticks around as long as the SSH server is listening. In my example that would be PID 1114 Then you add another privileged process to monitor a new connection. This sticks around until the login fails or, if the login succeeds, until you end the session. That is 28948 in my example above. During the login, the privileged monitor process spawns an unprivileged process as user "sshd" to handle the authentication. This only sticks around until the login fails or succeeds. That probably would have been PID 28949 in my example, but as you see whatever its number it is gone and the login succeeded. Then, if the login succeeds, the privileged monitor spawns a child process under the login user's id to handle the actual session. That would be 28950 in my example. In addition to the concept of "privilege separation", see also the related concept of "least privilege" |
Thanks for the explanation Turbocapitalist, Note that I have a few more processes going on. Just on a hunch, I stopped samba, and it looks like it was responsible for two of the processes. Still have one more, but at least I know what causes it.
Code:
[Michael@devserver ~]$ ps axjf | grep [s]shd |
All times are GMT -5. The time now is 05:38 PM. |