3

From https://unix.stackexchange.com/a/489913/674

connecting using SSH counts as logging in.

From How can I run a process as its owner or become its owner without logging in?

connecting with SSH, doesn’t involve login

How does sshd perform logging in activity? Is it not done by invoking the login program?

Although not showing ssh directly, APUE shows a figure for how rlogin works, and also says

We show two calls to exec between the rlogind server and the login shell, because the login program is usually between the two to validate the user.

Does sshd also exec login to perform logging in?

Thanks.

enter image description here

Tim
  • 101,790

2 Answers2

2

The diagram you present is pretty much the same high-level path for rlogin, telnet, ssh and other network-based processes that provide interactive shells to the user.

The daemon accepting the connecting will perform authentication. Upon success it will allocate a pty for the interactive user session, and create the child (user) session to talk to the pty. The daemon process then handles the communication between the pty and the network.

At login time the daemon may also perform other housekeeping functions (eg update lastlogin, utmp, wtmp, audit logs, etc etc). There's a lot of background tasks that are performed.

sshd can be configured in many different ways; there is a UseLogin parameter that can be used to create the user session. It defaults to 'no'

% sudo grep UseLogin /etc/ssh/sshd_config
#UseLogin no

Setting this to yes is not recomemnded (e.g. Uselogin in sshd_config )

Stephen Harris
  • 44,540
1

APUE is a bit outdated, or it doesn't fit very well with the modern Linux userspace(it's still UNIX, not modern Linux Distro).

On modern Linux Distro, SSH server login you by authenticate you through network and create a session (by talking to session manager). A remote session, as shown in part of your picture, works by login manager forwarding your input data from network socket to pty master, so shell can work through pty slave. Pty is totally another topic.

What your pic really showing is the old system in which there's no session manager at all. Like Stephen said in another answer, this just forms totally different type of "session".

On modern system, sessions are usually all created by session manager, which offers a much easier structure for administrator user.

炸鱼薯条德里克
  • 1,375