Bug 706396 - stale control sockets prevent connection multiplexing.
Summary: stale control sockets prevent connection multiplexing.
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: openssh
Version: 14
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jan F. Chadima
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-05-20 12:23 UTC by David Woodhouse
Modified: 2011-06-16 09:47 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-06-16 09:47:34 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
fix problem by automatically removing stale control sockets (485 bytes, patch)
2011-05-20 12:25 UTC, David Woodhouse 		no flags Details | Diff
View All

Description David Woodhouse 2011-05-20 12:23:28 UTC 
When using 'ControlMaster auto', openssh will automatically create a 'control socket' when one doesn't already exist, and multiplex multiple sessions over a single authenticated connection.

The control socket is a UNIX socket which resides in the file system.

It's supposed to be cleaned up automatically by the 'master' process when it exits, but that isn't always possible. A system crash or reboot, for example, may often leave stale sockets lying around.

OpenSSH does not cope with this situation; the existence of a stale socket will prevent it from using multiplexing for ever more:

 $ ssh mercury whoami
Control socket connect(/home/dwmw2/.ssh/sockets/mercury-22-dwmw2): Connection refused
dwmw2@mercury's password: 
ControlSocket /home/dwmw2/.ssh/sockets/mercury-22-dwmw2 already exists, disabling multiplexing
dwmw2
 $ ssh mercury whoami
Control socket connect(/home/dwmw2/.ssh/sockets/mercury-22-dwmw2): Connection refused
dwmw2@mercury's password: 
ControlSocket /home/dwmw2/.ssh/sockets/mercury-22-dwmw2 already exists, disabling multiplexing
dwmw2
 $ rm /home/dwmw2/.ssh/sockets/mercury-22-dwmw2
 $ ssh mercury whoami
dwmw2@mercury's password: 
dwmw2
 $ ssh mercury whoami
dwmw2
Comment 1 David Woodhouse 2011-05-20 12:24:42 UTC 
This is https://bugzilla.mindrot.org/show_bug.cgi?id=1329
Comment 2 David Woodhouse 2011-05-20 12:25:33 UTC 
Created attachment 500048 [details]
fix problem by automatically removing stale control sockets
Comment 3 Jan F. Chadima 2011-05-23 04:49:13 UTC 
there is still one question:

https://bugzilla.mindrot.org/show_bug.cgi?id=1329#c1


this may harm the openssh's behavior dramatically.
Comment 4 David Woodhouse 2011-05-23 09:40:14 UTC 
No. I replied to that in https://bugzilla.mindrot.org/show_bug.cgi?id=1329#c6

You *only* get -ECONNREFUSED if there really isn't anything listening. If there is an existing socket which is backlogged, you'll eventually get -EAGAIN after a timeout. (On Linux, at least; I haven't checked other systems but see no reason why it should be different).

Besides, if there's an existing socket that isn't responding to connections, surely the best option is to remove it and create a new one? 

I suppose that observation applies best in the 'ControlMaster auto' case, so we could make the unlink happen automatically *only* if it would be automatically recreated? I'll provide an updated patch to do that.
Comment 5 Jan F. Chadima 2011-06-16 09:47:34 UTC 
experimentally added to rawhide
Note You need to log in before you can comment on or make changes to this bug.