Linux/Unix Command: sshd

The SSH daemon supports secure remote sessions

woman at computer

Morsa Images / DigitalVision / Getty Images

Sshd—the SSH daemon—replaces rlogin and rsh, providing secure encrypted communications between two untrusted hosts over an insecure network. The programs are intended to be as easy to install and use as possible.

The sshd daemon listens for connections from clients. It is normally started at boot-up. It forks a new daemon for each incoming connection. The forked daemons handle key exchange, encryption, authentication, command execution and data exchange. This implementation of sshd supports both SSH protocol version 1 and 2 simultaneously.

Unless you're opening your own computer to external connections, you have no need to configure or run sshd. You'll use ssh to remotely log into servers that run sshd for you.

Command Execution and Data Forwarding

If the client successfully authenticates itself, a dialog for preparing the session is entered. At this time the client may request things like allocating a pseudo-tty, forwarding X11 connections, forwarding TCP/IP connections, or forwarding the authentication agent connection over the secure channel.

Finally, the client either requests a shell or execution of a command. The sides then enter session mode. In this mode, either side may send data at any time, and such data is forwarded to/from the shell or command on the server side, and the user terminal on the client side.

When the user program terminates and all forwarded X11 and other connections have been closed, the server sends command exit status to the client and both sides exit.

Login Process

When a user successfully logs in, sshd does the following:

  1. If the login is on a tty, and no command has been specified, it prints the last login time and /etc/motd.
  2. If the login is on a tty, it records the login time.
  3. Checks /etc/nologin if it exists, prints contents and quits (unless root).
  4. Changes to run with normal user privileges.
  5. Sets up basic environment.
  6. Reads $HOME/.ssh/environment if it exists and users are allowed to change their environment.
  7. Changes to user's home directory.
  8. If $HOME/.ssh/rc exists, runs it; else if /etc/ssh/sshrc exists, runs it; otherwise runs xauth.
  9. Runs user's shell or command.

Check the man pages for sshd for important information about configuring the daemon on your own computer.