Currently in my operating systems class and connecting to a remote server on my campus. I used the pstree command to list all running processes in a visual tree and the attached screen shot is what I receive. You will notice after the sshd (secures shell daemon) that there are several sshds (other students connecting in class), but more importantly you will see something like sshd—sshd— and so forth. This is where I am confused; why are there multiple sshd linking to each other, my guess is there is an sshd to a proxy then the proxy does an sshd to a server.
Ssh – Why is sshd displayed several times on one branch of a pstree
opensshprocess
Best Answer
The
sshdprocess pairs are part of privilege separation; an unprivileged process handles all network communication and if necessary can ask the privileged process to carry out any actions that do require privileges. This improves security as less code is present in the privileged process; see the linked paper for more details.The tippy-top level
sshdis the main listener; clients connect to this and this process that then spawns off the privileged-and-not pair below it. (Bonus: you can restart that top-levelsshdwithout ruining existing connections.)