Bug 706396

Summary: stale control sockets prevent connection multiplexing.
Product: [Fedora] Fedora Reporter: David Woodhouse <dwmw2>
Component: opensshAssignee: Jan F. Chadima <jchadima>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 14CC: jchadima, mattias.ellert, mgrepl, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-06-16 05:47:34 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Attachments:
Description Flags
fix problem by automatically removing stale control sockets none

Description David Woodhouse 2011-05-20 08:23:28 EDT
When using 'ControlMaster auto', openssh will automatically create a 'control socket' when one doesn't already exist, and multiplex multiple sessions over a single authenticated connection.

The control socket is a UNIX socket which resides in the file system.

It's supposed to be cleaned up automatically by the 'master' process when it exits, but that isn't always possible. A system crash or reboot, for example, may often leave stale sockets lying around.

OpenSSH does not cope with this situation; the existence of a stale socket will prevent it from using multiplexing for ever more:

 $ ssh mercury whoami
Control socket connect(/home/dwmw2/.ssh/sockets/mercury-22-dwmw2): Connection refused
dwmw2@mercury's password: 
ControlSocket /home/dwmw2/.ssh/sockets/mercury-22-dwmw2 already exists, disabling multiplexing
dwmw2
 $ ssh mercury whoami
Control socket connect(/home/dwmw2/.ssh/sockets/mercury-22-dwmw2): Connection refused
dwmw2@mercury's password: 
ControlSocket /home/dwmw2/.ssh/sockets/mercury-22-dwmw2 already exists, disabling multiplexing
dwmw2
 $ rm /home/dwmw2/.ssh/sockets/mercury-22-dwmw2
 $ ssh mercury whoami
dwmw2@mercury's password: 
dwmw2
 $ ssh mercury whoami
dwmw2
Comment 1 David Woodhouse 2011-05-20 08:24:42 EDT
This is https://bugzilla.mindrot.org/show_bug.cgi?id=1329
Comment 2 David Woodhouse 2011-05-20 08:25:33 EDT
Created attachment 500048 [details]
fix problem by automatically removing stale control sockets
Comment 3 Jan F. Chadima 2011-05-23 00:49:13 EDT
there is still one question:

https://bugzilla.mindrot.org/show_bug.cgi?id=1329#c1


this may harm the openssh's behavior dramatically.
Comment 4 David Woodhouse 2011-05-23 05:40:14 EDT
No. I replied to that in https://bugzilla.mindrot.org/show_bug.cgi?id=1329#c6

You *only* get -ECONNREFUSED if there really isn't anything listening. If there is an existing socket which is backlogged, you'll eventually get -EAGAIN after a timeout. (On Linux, at least; I haven't checked other systems but see no reason why it should be different).

Besides, if there's an existing socket that isn't responding to connections, surely the best option is to remove it and create a new one? 

I suppose that observation applies best in the 'ControlMaster auto' case, so we could make the unlink happen automatically *only* if it would be automatically recreated? I'll provide an updated patch to do that.
Comment 5 Jan F. Chadima 2011-06-16 05:47:34 EDT
experimentally added to rawhide