Re: OpenSSh 3.4p1 PrivilegeSerparation experiment

From: Brian Hatch (vuln-dev@ifokr.org)
Date: 06/29/02 

Date: Fri, 28 Jun 2002 16:58:18 -0700
From: Brian Hatch <vuln-dev@ifokr.org>
To: "HAYDEN  AARON N." <Aaron.Hayden@Colorado.EDU>

> Notice that:
> o sshd is written to re-parse sshd_config and launch and new process
> on receiving SIGHUP.

Yep.

> o you expect disconnection from an ssh'd tty when root sends sshd the
> signal to hangup.

Ummm, no I don't. That's never been the way ssh has worked.

...

> COMMAND PID USER FD DEVICE NODE NAME
> sshd 344 root 3u 479 TCP *:ssh (LISTEN)
> sshd 1158 root 4u 13436 TCP localhost:ssh->remote:52589 (EST)
> sshd 1160 user 4u 13436 TCP localhost:ssh->remote:52589 (EST)
>
> o We have the real daemon listening, and the spinoffs handling my
> connection via a highport and interface:ssh.
>
> This behavior is so far what I expect.
>
> Until:
> You send SIGHUP to the original process; your connection remains.
>
> o The spunoff processes (not listening) continue like nothing
> happened, a la:
> $ `ps aux |grep sshd`
> root 1158 0.0 0.6 5628 1716 ? S 17:56 0:00 /usr/sbin/sshd
> user 1160 0.0 0.6 5648 1772 ? S 17:56 0:00 /usr/sbin/sshd
> root 1184 0.0 0.5 2720 1384 ? S 18:20 0:00 /usr/sbin/sshd

The server ssh process, #344, when it got the HUP forked off and
reread the sshd_config, resulting in process 1184 above. Your
existng two processes, 1158 and 1160 stayed alive. Which is what
should happen, and always has happened. Killing the main ssh
process (the one that does the initial accept on the network socket)
has never killed off active user sessions. Else how could you upgrade
ssh remotely?

This would seem to be expected behaviour. 

--
Brian Hatch                  "Is there a Lawyer
   Systems and               	in the House?"
   Security Engineer          **BLAM!**
http://www.ifokr.org/bri/     "Any more?"

Every message PGP signed

Relevant Pages

  • Re: networking via cross cable
    ... You need GnuPG to verify this message ... >>root from some xterm and fill in your trusted device below ... ssh from pinsk to minsk doesn't work. ... Keep sshd running after reboot: ...
    (comp.os.linux.networking)
  • Re: ssh with tcp_wrappers!! contd/-
    ... Thanks a lot for such a huge response, of course typing mistake, i was using DenyHost not DenyGhost; as suggested by david and others i did this, ... Login, as root, to my Linux system containing the sshd server. ... i am not willing to compile openssh package is there any way out via rpm installation. ... Then try to ssh to localhost. ...
    (RedHat)
  • Re: use ipchains to block all ports > 60,000
    ... else going on here except sshd which allows me to log in and monitor the ... Telnet not running but here's the ouput of ssh -V and sshd -V ... OK, ran that from an external box and it showed open ports 22, 80, plus ... My ISP looked for evidence of massive scans emanating from my ip address ...
    (comp.os.linux.security)
  • only root without password
    ... The ssh works without the password for the "root" user, ... the ssh works and I think there is a wrong config file but I ... let's see the strace of sshd daemon. ...
    (comp.security.ssh)
  • remote administration of upgrades
    ... server that I administer runs FreeBSD 4.8, ... have ssh access to ... don't want to fubar sshd and then not be able to ... kill only the ...
    (freebsd-questions)