On ssh Login Mechanics

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
(This may be as much a question about Unix login and process spawning
mechanics as anything, but I discovered this in the course of doing some
ssh work, so ...)

I have an account on an internet-facing FreeBSD machine that is setup
primarily to be used when doing ssh port forwarding.  This account
is setup to NOT permit shell access (the shell is setup to
/sbin/nologin).  Still, when I do this:

ssh -L port:address:port -N fowarding@freebsdmachine.mydomain.org

The forwarding works fine.  That is, ssh connects to the sshd daemon on
"freebsdmachine", authenticates using "forwarding"'s credentials, and
goes off to properly do the port:address:port forwarding *even though*
"forwarding" has no shell and it exits immediately after any login attempt.

So ... how in the world is this working at all?  I'm guessing that the
connection to sshd precedes any login attempt.  But I am mystified how,
having presented the credentials for "forwarding", the connection
between ssh client and sshd remains in place, given that true login
is not taking place...

Re: On ssh Login Mechanics

Tim Daneliuk wrote:
Quoted text here. Click to load it

Oh ... nevermind.  I see now how -N does this ...

Tim Daneliuk

Site Timeline