Hello, I see that incase of command execution: :fork()" is called twice, in sshd. Once to spin off child sshd from parenat and second from child sshd, to execute command. Due to this I see 3 processes being created for each connection viz: 16398 0.0 0.3 1284 892 ?? S 4:33PM 0:00.05 sshd:child 16399 0.0 0.1 320 232 p4 Is+ 4:33PM 0:00.06 -sh -c foo_command 16401 0.0 0.3 2076 840 p4 S+ 4:33PM 0:00.01 foo_command I may be missing something, but I was wondering to why second fork() is required to execute a command on server. To execute a command, the child sshd could execve(..). thus eliminate the need for second fork() and possibly simpler code path. Thank you.
On Wed, 28 Feb 2001, Sunil K. Vallamkonda wrote:> Hello, > > I see that incase of command execution: > :fork()" is called twice, in sshd. > Once to spin off child sshd from parenat and > second from child sshd, to execute command. > Due to this I see 3 processes being created > for each connection viz: > > 16398 0.0 0.3 1284 892 ?? S 4:33PM 0:00.05 sshd:child > 16399 0.0 0.1 320 232 p4 Is+ 4:33PM 0:00.06 -sh -c foo_command > 16401 0.0 0.3 2076 840 p4 S+ 4:33PM 0:00.01 foo_command > > I may be missing something, but > I was wondering to why second > fork() is required to execute a command > on server. > To execute a command, the child sshd could execve(..). > thus eliminate the need for second fork() and possibly > simpler code path.The first fork is because the long-term sshd process is acting much like inetd. If you don't want it, then you can run sshd in inetd mode. -d -- | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's | http://www.mindrot.org / distributed filesystem'' - Dan Geer
On Wed, 28 Feb 2001, Sunil K. Vallamkonda wrote:> Hello, > > I see that incase of command execution: > :fork()" is called twice, in sshd. > Once to spin off child sshd from parenat and > second from child sshd, to execute command. > Due to this I see 3 processes being created > for each connection viz: > > 16398 0.0 0.3 1284 892 ?? S 4:33PM 0:00.05 sshd:child > 16399 0.0 0.1 320 232 p4 Is+ 4:33PM 0:00.06 -sh -c foo_command > 16401 0.0 0.3 2076 840 p4 S+ 4:33PM 0:00.01 foo_command > > I may be missing something, but > I was wondering to why second > fork() is required to execute a command > on server. > To execute a command, the child sshd could execve(..). > thus eliminate the need for second fork() and possibly > simpler code path. >I don't follow. do_exec_pty() forks.. and the child calls do_child() which goes through a bunch of security and environmental hoops then execve(...). Which runs 'sh -c ..' then sh itself forks to run the -c command. I don't see how it's sshd fault that sh forks() on -c stead of doing a exec*(). - Ben