On Wed, Mar 09, 2005 at 05:46:55PM +0000, James Wilkinson wrote:
Jeff Kinz wrote:
Any IT dept that equates sshd to a server is either not up to snuff technically (and in a really bad way.), or they are being duplicitous. (Thats another word for lying)
If it's open to the outside world? Yes, I'd call that a server. There
ssh = "Secure Shell" So this is basically a terminal session thats being encrypted (A good thing, TM) for security reasons. (yes - you can do VNC or X over an ssh link too, that was not it major purpose and even in those cases it is still a terminal session)
So being able to access the command line of any machine remotely means its a server - by this definition every windows machine is also a server. That does not match up with the apparent behavior of that local It dept.
I think you'll find that the definition of a server _machine_ is a machine that, as its _primary_ function, provides various services to clients. Its primary purpose is NOT to provide interactive sessions such as a desktop environment. Remote management of such a machine (e.g. ssh or webmin) does not count.
Server _processes_, on the other hand, are processes that wait for clients to connect, performs some task for that client, and then eventually terminates the session.
Can desktop machines run server processes? Sure. Can server machines run client processes? Of course. The important bit is "what is the primary purpose of the machine?" Server _machines_ PRIMARILY run server _processes_, but may do other things as well. Desktop (client) _machines_ typically run client _processes_, but may run the occasional server process as well (e.g. running sshd so you can get to your desktop machine from the internet).
Perhaps the term "service" and "server" are being used interchangeably
by that local IT dept
If that's the case, they should be trained better. For example, X uses a classic client-server model, but it's reversed from what people think. The X server is the machine with the keyboard, mouse and display. The X clients are the programs (such as Gnome, Mozilla, etc.) that make use of the X server's resources.
For example, if you were to run, say, xclock on a remote machine, the display shows up on your local machine. Your local machine is the X server, xclock is the X client. So, does the fact that you are running Gnome or KDE on your desktop (and hence an X server) make your machine a server? I don't think any rational IT person would think so, but there's a hell of a lot of so-called IT people that have absolutely no business being in the industry.
I do major amounts of work via ssh and I do consider it a service but I don't consider the ssh daemon to be a "server" any more than I consider a machines ability to receive email to be a "server" rather than a "service"
Well, ssh is a service, but "service" is more of an overall description and includes client and server processes and their transactions. sshd
itself IS a server. "daemon" simply means that it runs as a detached
process (one without a parent process other than "init") that typically
also does not have its stdin, stdout or stderr connected to a terminal.
sshd can be run in "non-daemon" mode by starting it with a "-D" option: "sshd -D". It still accepts incoming connections and such so it's a server, but since it doesn't detatch from the parent process, it's not a daemon.
have been remote security vulnerabilities in both OpenSSH and SSH.com's offerings. And I'd want to be sure that the box was being looked after, had sensible passwords, and was being patched promptly.
Sure. As with all boxes.
Amen. ---------------------------------------------------------------------- - Rick Stevens, Senior Systems Engineer rstevens@xxxxxxxxxxxxxxx - - VitalStream, Inc. http://www.vitalstream.com - - - - "How does that damned three seashell thing work?" - - - Sylvester Stallone, "Demolition Man" - ----------------------------------------------------------------------
