Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 577066

Summary: ssh-keyscan should ignore SIGPIPE
Product: Red Hat Enterprise Linux 5 Reporter: Kevin Graham <kgraham>
Component: opensshAssignee: Jan F. Chadima <jchadima>
Status: CLOSED NEXTRELEASE QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: low Docs Contact:
Priority: low    
Version: 5.6CC: pvrabec
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1108836 (view as bug list) Environment:
Last Closed: 2011-08-23 14:49:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1108836    

Description Kevin Graham 2010-03-26 00:29:19 UTC 
Description of problem:

Presently, openssh-4.3p2-36.el5_4.3's ssh-keyscan (as with prior versions) will abort execution on a SIGPIPE, which presumably should just be ignored.

close(140)                              = -1 EBADF (Bad file descriptor)
read(142, "S", 1)                       = 1
read(142, "S", 1)                       = 1
read(142, "H", 1)                       = 1
read(142, "-", 1)                       = 1
read(142, "2", 1)                       = 1
read(142, ".", 1)                       = 1
read(142, "0", 1)                       = 1
read(142, "-", 1)                       = 1
read(142, "c", 1)                       = 1
read(142, "r", 1)                       = 1
read(142, "y", 1)                       = 1
read(142, "p", 1)                       = 1
read(142, "t", 1)                       = 1
read(142, "l", 1)                       = 1
read(142, "i", 1)                       = 1
read(142, "b", 1)                       = 1
read(142, "\r", 1)                      = 1
read(142, "\n", 1)                      = 1
write(2, "debug1: no match: cryptlib\r\n", 28) = 28
write(2, "# 192.168.129.62 SSH-2.0-cryptli"..., 34) = 34
write(142, "SSH-2.0-OpenSSH-keyscan\r\n", 25) = -1 EPIPE (Broken pipe)
--- SIGPIPE (Broken pipe) @ 0 (0) ---
+++ killed by SIGPIPE +++


....we ssh-keyscan over a thousand hosts in a pass for centralized monitoring and maintenance of known-hosts. This update process falls on its face when a bad server (in this case, a broken APC PDU management interface) shows up in the list.
Comment 1 Jan F. Chadima 2010-05-10 07:15:27 UTC 
It seems that is not yet fixed in current release. Can you test the latest version of openssh. If it is not fixed yet report it to bugzilla.mindrot.org and the bz# mention here.
Comment 2 Jan F. Chadima 2010-06-07 09:30:01 UTC 
Reporter, could you please reply to the previous question?
Comment 3 Jan F. Chadima 2011-07-11 08:31:09 UTC 
ping!
Comment 4 Jan F. Chadima 2011-08-23 17:12:21 UTC 
the patch submitted to rawhide