Why does sshd(openssh) create two processes per connection?
before login:
$ ps -elf | grep sshd
5 S root 26135 1 0 80 0 - 13115 ? 17:26 ? 00:00:00 /usr/sbin/sshd
0 S test 26480 21337 0 80 0 - 4154 - 18:41 pts/27 00:00:00 grep --colour=auto sshd
after login:
$ ps -elf | grep sshd
5 S root 26135 1 0 80 0 - 13115 ? 17:26 ? 00:00:00 /usr/sbin/sshd
4 S root 26577 26135 0 80 0 - 24204 ? 18:42 ? 00:00:00 sshd: test [priv]
5 S test 26582 26577 0 80 0 - 24204 ? 18:42 ? 00:00:00 sshd: test@pts/30
0 S test 26653 21337 0 80 0 - 4155 - 18:42 pts/27 00:00:00 grep --colour=auto sshd
What are the two processes for?
4 S root 26577 26135 0 80 0 - 24204 ? 18:42 ? 00:00:00 sshd: test [priv]
5 S test 26582 26577 0 80 0 - 24204 ? 18:42 ? 00:00:00 sshd: test@pts/30
Thanks,
Privilege separation - one process that retains root privileges to do things that only root can do, and another that does everything else.
At the time this question was asked, privilege separation was controlled by an option in sshd_config, and the sshd_config man page explained what it was for. Privilege separation became mandatory in version 7.5, so that option and its documentation are gone. I no longer know where to find the canonical documentation of the privilege separation feature, if any such documentation exists.
The last version of the man page item before removal said:
UsePrivilegeSeparation– Specifies whether sshd(8) separates privileges by creating an unprivileged child process to deal with incoming network traffic. After successful authentication, another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by containing any corruption within the unprivileged processes. The argument must beyes,no, orsandbox. IfUsePrivilegeSeparationis set tosandboxthen the pre-authentication unprivileged process is subject to additional restrictions. The default issandbox.