This is the fourth day of my participation in the November Gwen Challenge. See details: The last Gwen Challenge 2021.
How does SSH work
This article reviews SSH details and principles based on actual cases.
SSH connection
A very simple operation that we as programmers perform many times a day is remotely connecting to a server.
Open a terminal on a laptop or PC and type SSH root@server to SSH to a server.
MB1$ ssh root@server
~ # ps $$
PID TTY STAT TIME COMMAND
28348 pts/0 Ss 0:00 -bash
~ # ps -ef |grep 28348
root 988 28348 0 22:26 pts/0 00:00:00 ps -ef
root 989 28348 0 22:26 pts/0 00:00:00 grep --color=auto 28348
root 28348 28346 0 21:53 pts/0 00:00:00 -bash
~ # ps -ef |grep 28346
root 28346 9709 0 21:53 ? 00:00:00 sshd: root@pts/0
root 28348 28346 0 21:53 pts/0 00:00:00 -bash
Copy the code
As can be seen from the above commands, after the client remotely connects to the server:
ps $$
Of the current terminalBash processTime 0:00 indicates that it has just been connected. Stat Ss indicates that it is a foreground program and is in the sleep state- The PID of the bash process is 28348
ps -ef |grep 28348
The child processes of 28348 are ps -ef and grep –color=auto 28348. The PID of the parent process is28346- Check out the bash process parent information, which is SSHD: root@pts/0
The diagram below:
The SSH server generates a bash process whose tty is Pts-0 after the client connects to the SSH server.
PTS /0 is a virtual TTY, a virtual display concept, emulated by SSHD software. Details are given below.
Connection establishment process
- TCP connection, SSH and SSHD program to establish socket connection channel
- SSHD produces a virtual terminal and a child process, bash
- SSH simulates input and output of the server on the client terminal
The communication process
- Input from the client in the SSH program is sent to the server SSHD
- The server SSHD enters the client commands to the virtual terminal PTS /0
- The standard input for the bash process is Pts-0, bash gets the input and starts working
- The bash process generates a new child based on the input shell command, blocks and waits for the child to complete
- The child process inherits the parent process’s standard INPUT and output, and prints information to the terminal
To clarify the concept of
The basic concepts have been established through the above process analysis, but finding this simple case is very informative because there are many concepts that need to be sorted out.
Although in actual study and work, we may not pay attention to or always confused with these concepts.
Shell and bash
Shell is a shell wrapped around the operating system. Shell is actually a bridge between users and Linux system
Terminal, Console, and Console
All three words are the same, they all mean terminal.
About the tty
- Short for the teletypewriter on tty, as the first input/output type in use was the teletypewriter. It was later replaced by a video display terminal.
- PTS is a terminal emulator generated by a remote connection
You can think of the shell as an interface, and bash is an implementation of the shell. You can run multiple Bash processes on your system.
Standard I/O and terminal
What are external devices in Linux? It’s a file. All devices in Linux are files!
- File descriptors refer to file abstractions on the system
- SHELL programs use file descriptors 0, 1, and 2. 0 fd represents the standard input of the process, 1 fd represents the standard output of the process, and 2 represents the standard error
- Bash’s standard input is a terminal, standard output is a terminal, and standard error is a terminal.
Terminals and processes
The processes that run from the terminal are attached to this terminal, which is called the control terminal for these processes, or TTY on the diagram. Programs running on a terminal can be divided into front-end processes and back-end processes.
- The standard input of the front-end program is also terminal and blocks the bash process.
- The bash process is not blocked if the standard input of the back-end program is not read from the terminal.
If the terminal is down, an HUP signal is sent to the front and back end processes of the terminal. HUP signal is a signal sent by a terminal to its associated process when it is terminated. The process will stop running after receiving this signal.
So you can understand why the terminal is down, and the process associated with the terminal is down.
- Bash was the first front-end program attached to this terminal, and the bash process was shut down when the terminal was shut down
&
Background processes are started, but these background threads also receive HUP messages when the terminal is shut down- Background threads started by nohUP ignore HUP messages initiated by terminal shutdown. So if you don’t want the process to get killed by this signal, you can ignore it.
The Session Session
The control terminal mentioned above actually controls the session.
- Sessions are associated with the shell, and each time a shell process is opened, a new session is created.
- Each login generates a session, which can be a remote or local login
- A session must be logged in with a system-approved identity, and users can be switched during the session
- The bash process is the first process in this Session,
- SID is the same as the PID of the bash process
- Processes are labeled with a SessionID, or SID
conclusion
This paper only describes a simple case and summarizes the concepts in this case. The next chapter will further analyze shell and terminal related principles and applications.