Bug 1160487
| Summary: | Master dies when using -o ProxyCommand | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Ben Woodard <woodard> | ||||
| Component: | openssh | Assignee: | Petr Lautrbach <plautrba> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Stanislav Zidek <szidek> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | 6.6 | CC: | ffotorel, fkrska, foraker1, howey.vernon, jacob, jherrman, jjelen, jkurik, ksrot, plautrba, pvrabec, szidek, tdhooge, tgummels, tmz, watson6282, woodard | ||||
| Target Milestone: | rc | Keywords: | Regression, ZStream | ||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | openssh-5.3p1-105.el6 | Doc Type: | Bug Fix | ||||
| Doc Text: |
Due to an error in the underlying code, the SSH master process previously in some cases terminated unexpectedly when the "ProxyCommand" parameter was used. This update fixes the code error and the described crash no longer occurs. In addition, this patch fixes the inconsistent behavior of the "ControlPersist=yes" parameter.
|
Story Points: | --- | ||||
| Clone Of: | |||||||
| : | 1161144 (view as bug list) | Environment: | |||||
| Last Closed: | 2015-07-22 06:46:39 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1138860, 1153397, 1159820, 1161144 | ||||||
| Attachments: |
|
||||||
The patch also backports demoting a non-fatal error message to a debug message in clientloop.c. Otherwise, the error below is seen from the master now that the master does not die due to issue 1. # <host> = host running sshd $ ssh -F /dev/null -fNMS s <host> Password: $ sh -c 'ssh -F /dev/null -S s h "sleep 5" & sleep 2; kill %1' client_input_channel_req: unexpected channel -1 The attached patch corrects this bug in clientloop.c. The commands and output below show that ControlPersist=yes does not work as expected. While a master mux connection is created in the background, the initial client connection is not made. Note how there is no output from the "echo Hello" command. # <host> = host running sshd $ ssh -F /dev/null -o ControlMaster=auto -S Test_Master_Socket -o ControlPersist=yes <host> echo Hello $ ps -fu `whoami` | grep "[s]sh.*Test_Master_Socket" py 13049 1 0 14:06 ? 00:00:00 /home/py/ssh/build/rpm_building/installed/usr/bin/ssh -F /dev/null -o ControlMaster=auto -S Test_Master_Socket -o ControlPersist=yes oslic echo Hello $ ssh -F /dev/null -S Test_Master_Socket -O exit h Exit request sent. RHEL7 is not affected and the ControlPersists behavior works as expected there. This is a regression WRT to the previous version of OpenSSH in RHEL6. I confirm that the patch applies cleanly and is part of rhel-7 code base. Thanks for that. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-1335.html |
Created attachment 953873 [details] patch to fix the problem. Description of problem: Using ssh 5.3p1-104.el6.x86_64, the backport of the ControlPersist option has at least three related issues with it. In all cases, the attached patch contains code backported from RHEL 7 openssh-6.4p1-8.el7.src.rpm. 1) The commands below show that the ssh master process exits with a fatal error # <gateway_host> = host running sshd # <host> = host running sshd $ ssh -F /dev/null \ -o ProxyCommand="sh -c '[ -e s ] || ssh -F /dev/null -fNMS s <gateway_host>; \ exec ssh -F /dev/null -NS s -W %h:%p h'" \ <host> echo Hello Password: Password: Hello channel_by_id: 2: bad id: channel free Disconnecting: Received ieof for nonexistent channel 2. Version-Release number of selected component (if applicable): 5.3p1-104.el6.x86_64 Customer has provided a patch that backports fixes to the code from RHEL7