Discussion:
monitor-slave model
(too old to reply)
mu dongliang
2016-01-27 14:39:23 UTC
Permalink
Hello everyone,
I am a newbie about openssh. I have seen privilege separation mechanism in openssh.
I did some small experiment in my Debian Jessie. I observed that this privilege separation use monitor-slave model (1:1). I am curious why openssh implements this with monitors-slaves(1:n)!
I doubt whether the former is suitable. And I think the latter is more like real world.
What's your opinion about this thought?

- mudongliang
Ángel González
2016-01-27 22:27:08 UTC
Permalink
Post by mu dongliang
Hello everyone,
I am a newbie about openssh. I have seen privilege separation mechanism in openssh.
I did some small experiment in my Debian Jessie. I observed that this privilege separation use monitor-slave model (1:1). I am curious why openssh implements this with monitors-slaves(1:n)!
I doubt whether the former is suitable. And I think the latter is more like real world.
What's your opinion about this thought?
- mudongliang
Hello Mudongliang

Have you already read http://www.citi.umich.edu/u/provos/ssh/privsep.html ?

I'm not able to answer you though, as I have trouble understanding you.
You seem to contradict yourself mentioning 1:1 and 1:n, so in the end
it's not clear what you are asking. :(
Maybe try to clarify it and make a more concrete question? Also, it
would be benefitial if you expanded a bit on why you consider the
current implementation would be unsuitable.

Regards

Continue reading on narkive:
Loading...