On ssh Login Mechanics - SSH

This is a discussion on On ssh Login Mechanics - SSH ; (This may be as much a question about Unix login and process spawning mechanics as anything, but I discovered this in the course of doing some ssh work, so ...) I have an account on an internet-facing FreeBSD machine that ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: On ssh Login Mechanics

  1. On ssh Login Mechanics

    (This may be as much a question about Unix login and process spawning
    mechanics as anything, but I discovered this in the course of doing some
    ssh work, so ...)


    I have an account on an internet-facing FreeBSD machine that is setup
    primarily to be used when doing ssh port forwarding. This account
    is setup to NOT permit shell access (the shell is setup to
    /sbin/nologin). Still, when I do this:

    ssh -L port:addressort -N fowarding@freebsdmachine.mydomain.org

    The forwarding works fine. That is, ssh connects to the sshd daemon on
    "freebsdmachine", authenticates using "forwarding"'s credentials, and
    goes off to properly do the port:addressort forwarding *even though*
    "forwarding" has no shell and it exits immediately after any login attempt.

    So ... how in the world is this working at all? I'm guessing that the
    connection to sshd precedes any login attempt. But I am mystified how,
    having presented the credentials for "forwarding", the connection
    between ssh client and sshd remains in place, given that true login
    is not taking place...

  2. Re: On ssh Login Mechanics

    Tim Daneliuk wrote:
    > (This may be as much a question about Unix login and process spawning
    > mechanics as anything, but I discovered this in the course of doing some
    > ssh work, so ...)
    >
    >
    > I have an account on an internet-facing FreeBSD machine that is setup
    > primarily to be used when doing ssh port forwarding. This account
    > is setup to NOT permit shell access (the shell is setup to
    > /sbin/nologin). Still, when I do this:
    >
    > ssh -L port:addressort -N fowarding@freebsdmachine.mydomain.org
    >
    > The forwarding works fine. That is, ssh connects to the sshd daemon on
    > "freebsdmachine", authenticates using "forwarding"'s credentials, and
    > goes off to properly do the port:addressort forwarding *even though*
    > "forwarding" has no shell and it exits immediately after any login attempt.
    >
    > So ... how in the world is this working at all? I'm guessing that the
    > connection to sshd precedes any login attempt. But I am mystified how,
    > having presented the credentials for "forwarding", the connection
    > between ssh client and sshd remains in place, given that true login
    > is not taking place...


    Oh ... nevermind. I see now how -N does this ...

    --
    ------------------------------------------------------------------------------
    Tim Daneliuk
    tundra@tundraware.com
    http://www.tundraware.com/PGP

+ Reply to Thread