After the authentication process, an interactive shell is spawned on the system that will carry out the commands at the user’s request. You shouldn’t need much introduction here. It’s launchagent can be seen at /System/Library/LaunchAgents/ where it is loaded at start up with the undocumented -l argument. It is not actually required in order for a user to log in via username and password. In fact, this process is probably running on your system even if SSH is disabled! It’s best known for the management of SSH keys. ![]() There are some use cases where sshd-keygen-wrapper performs some different actions, but on most SSH setups the process does exactly what the name implies.ĭespite its name, ssh-agent is not actually the service listening for SSH connections. It often immediately exec’s into the sshd service. This sshd helper process kicks off on a login attempt. This is probably the most common service that comes to mind when dealing with SSH. When you attempt to log in to a system multiple instances of sshd are kicked off in order to handle the login process and the user session. Over time Apple has moved more responsibility into this daemon. ![]() ![]() The smd binary (or presumably Service Management Daemon) is what actually controls whether or not SSH is enabled or disabled. Here they are, each with a brief summary of their responsibilities. To understand how to best track different SSH behaviors, we first have to familiarize ourselves with the different binaries that play a role in creating an SSH session.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |