Re: How sshd spawns and reuses pids

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On Mon, 28 Jul 2025, Zakaria via openssh-unix-dev wrote:

[snip]

> Lastly, here is my most relevant question, Does and How sshd spawns
> and reuses ssh session with previous pids? and how it spawns each
> session processes and allocate its PID?

sshd just starts processes via fork(2), it can't really decide the PIDs
those processes are assigned - that's up to the kernels. Different
kernels use different PID assignment policies; some assign randomly,
some use (basically) last_pid++, some use mininum free PID.

As a general comment, your application should be prepared for PIDs being
reused. It will always happen eventually. If you are using PIDs to
identify processes without detecting when a process exits (e.g. using
eBPF on Linux), then you're setting yourself up for confusion.

> Could it be something like other services which runs sudo commands
> actually yields enumeration through sshd pid range continously until
> it hits previous recent terminated session which activates for as long
> as it runs, and thus produce almost like to my tracking of ssh pids,
> pid collision effect?

Brute-forcing fork(2) until you get the PID you want is basically the
only way for a user-space process to "select" a PID. I'd expect this to
be pretty noisy as, to be effective, a process doing this would need to
create a lot of processes and ideally hold them open until they hit the
PID they wanted.

> I really doubted every conclusion I reached, and I hope if anyone can
> help me on reaching a resolve and understand what is happening and
> help me deliver my dream email application soon to the world, any
> suggestion of place to investigate in sshd configs, service, process
> or anywhere else in Linux e.g. log any attempt to start ssh session
> before it gets started and the code execution which started? Any
> recommendation to do this as part of sshd binary? E.g. I can apply
> some code tweaks on source before compiling?

I don't know what you mean by "log any attempt to start ssh session
before it gets started" - sshd logs pretty much everything it does. You
could try turning on verbose or debug logging to see more of what it is
doing.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux