From 95d7de125ae07a94e5d1137fa3b95a5182c5d448 Mon Sep 17 00:00:00 2001 From: Manoj Ampalam Date: Thu, 4 May 2017 22:32:06 -0700 Subject: [PATCH] Updated About Win32 OpenSSH and Design Details (markdown) --- About-Win32-OpenSSH-and-Design-Details.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/About-Win32-OpenSSH-and-Design-Details.md b/About-Win32-OpenSSH-and-Design-Details.md index e37d74f..71ce0e5 100644 --- a/About-Win32-OpenSSH-and-Design-Details.md +++ b/About-Win32-OpenSSH-and-Design-Details.md @@ -71,7 +71,9 @@ Design summary of POSIX wrapper #### fork() There is no easy fork() equivalent in Windows. fork() is used in OpenSSH in multiple places, of those - 3 are worth mentioning + Session isolation: Each accepted connection in sshd is handed off and processed in a forked child. This will be implemented in Windows using CreateProcess based custom logic - will need #def differentiated code between Unix and Windows -+ Privilege separation: Implemented in OpenSSH by processing and parsing network data in forked and underprivileged child processes that communicate to privileged Monitor process through IPC. Monitor does the core crypto validation and authentication. Privilege downgrading is done by setuid(restricted_user). Security model in Windows will be different, running the SSHD service itself in a low privileged mode. So, the whole Privilege separation relevant code is not needed and will be disabled for Windows. ++ Privilege separation: Implemented in OpenSSH by processing and parsing network data in forked and underprivileged child processes that communicate to privileged Monitor process through IPC. Monitor does the core crypto validation and authentication. Privilege downgrading is done by setuid(restricted_user). +While privilege separation is ideal, it requires adding in complexity and refactoring to accommodate a Windows specific solution along with a Unix based on in a common architecture. +The plan is to have a initial Windows version with no privilege separation. In Windows, ssh daemon will run under the context of [Network Service](https://msdn.microsoft.com/en-us/library/windows/desktop/ms684272(v=vs.85).aspx). + sftp and scp: sftp and scp client side utilities invoke ssh using fork() and exec(). This logic will be substituted with CreateProcess based one. #### AF_UNIX domain sockets